The Federal Energy Regulatory Commission has proposed to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high- and medium-impact bulk electric system cyber systems.
Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric Reliability Corporation to develop and submit new or modified reliability standards to address a gap in the current standards.
Under existing CIP reliability standards, network security monitoring is focused on defending the electronic security perimeter of networks. FERC is seeking to address concerns that the existing standards do not address potential vulnerabilities of the internal network to cyber threats
INSM addresses situations where vendors or individuals with authorized access that are considered trustworthy might still introduce a cybersecurity risk. For example, the SolarWinds attack in 2020 demonstrated how an attacker can bypass network perimeter-based security controls used to identify and thwart attacks. This supply chain attack leveraged a trusted vendor to compromise the networks of public and private organizations.
Incorporating INSM requirements into the CIP Reliability Standards would help to ensure that utilities maintain visibility over communications in their protected networks, FERC said. Doing so can help detect an attacker’s presence and movements and give the utility time to take action before an attacker can fully compromise the network. INSM also helps to improve vulnerability assessments and can speed recovery from an attack.
The NOPR seeks comment on all aspects of the proposed directive to develop and submit new or modified Reliability Standards for INSM for high- and medium-impact cyber systems. Comments on the NOPR are due 60 days after publication in the Federal Register.