The Federal Energy Regulatory Commission (FERC) is tasked with keeping our electric grid safe and maintaining reliable and secure energy for U.S. consumers. On January 20, FERC issued a Notice of Proposed Rulemaking (NOPR) that proposes to strengthen its Critical Infrastructure Protection Reliability Standards by requiring internal network security monitoring for high and medium impact bulk electric system cyber systems.

According to the NOPR, the current Reliability Standards do not address internal network security monitoring and this omission constitutes a gap. The NOPR proposes to direct the North American Electric Reliability Commission to develop such standards that require internal network security monitoring that would ensure that responsible entities maintain visibility over communications between networked devices, hopefully to increase the probability of early detection of a cyber-attack. The NOPR referred to the need for the internal network security monitoring in light of the highly publicized Solar Winds cyber-attack as the attack “demonstrates how an attacker can bypass all network perimeter-based security controls traditionally used to identify the early phases of an attack.”  Comments to the proposed NOPR will be due 60 days after publication in the Federal Register.

Photo of Deborah George Deborah George

Deborah George is a member of Robinson+Cole’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team. Ms. George advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She…

Deborah George is a member of Robinson+Cole’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team. Ms. George advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters. She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as drafting and reviewing contracts, business associate agreements, and data use agreements. Read her full rc.com bio here.