September 30, 2024 at 06:32PM
Recent attacks on SolarWinds and MOVEit have brought attention to cybersecurity supply chain risks. In response to incidents at utilities, the US Federal Energy Regulatory Commission requested industry consortium NERC to develop a stronger supply chain security standard for power plants. FERC also addressed the need for internal network security monitoring for critical infrastructure protection.
Summary:
– The recent cyber attacks on SolarWinds and MOVEit have highlighted the supply chain risks in cybersecurity, leading to a call for updating supply chain safety standards by the US Federal Energy Regulatory Commission (FERC).
– In response, FERC asked the North American Electric Reliability Corporation (NERC) to improve supply chain security standards for power plants. This would involve identifying, assessing, validating, and responding to supply chain risks for electrical grid-related cybersecurity systems.
– FERC also directed NERC to add protected cyber assets (PCAs) to the systems subject to supply chain scrutiny.
– FERC addressed a new reliability standard for critical infrastructure protection, focusing on internal network security monitoring (INSM) within an electronic security perimeter. The proposed standard aims to monitor communication between devices to detect and respond to malicious activity within the network.
– FERC proposed approval of Reliability Standard CIP-015-1 and asked NERC to extend INSM to systems outside of the electronic security perimeter, such as physical and electronic access control systems.