FERC recently approved proposed Reliability Standard CIP-008-6, which expands the mandatory reporting requirements for Cyber Security Incidents that attempt to compromise the operation of the bulk power system. Under the new standard, electric utilities will need to implement more comprehensive internal controls for identifying, reviewing, and reporting cyber incidents and attempted cyber intrusions than are currently required. The new standard goes into effect on January 1, 2021.
As we reported, NERC developed the revised standard in response to the Commission’s directive to broaden the scope of mandatory reporting of Cyber Security Incidents. In particular, the Commission was concerned with the risk posed by malicious intrusion attempts that might facilitate subsequent efforts to harm the reliable operation of the bulk power system.