On July 21, prompted by cyberattacks highlighting cyber system vulnerabilities that may be exploited to attack the operation and maintenance of interconnected networks, FERC sought comment from industry participants on possible modifications to the CIP Reliability Standards that could address the cybersecurity of control centers used to monitor and control the BES in real time.
The Commission seeks comment on the following:
- The operational impact of forming a separation between the internet and BES control center cyber systems performing transmission operator functions through use of physical (hardware) or logical (software means).
- Whether rules should be implemented concerning “application whitelisting,” computer administration practices that would prevent unauthorized programs from running on a system network. FERC believes that application whitelisting could be a more effective mitigation tool than other mitigation measures because whitelisting allows only software applications and processes that are reviewed and tested before use in the system network.