Just a couple of weeks back I posted to The State of Security an article titled “Finally Some Good News: NERC Proposes Deferment of 3 CIP standards,” and, as suspected, the Federal Energy Regulatory Commission (FERC) approved the extension officially on April, 17th with this order.

Having approved NERC’s petition submitted on April 6th, FERC officially pushes back the original July 1, 2020 implementation deadline for CIP-005-6, CIP-010-3, and CIP-013-1 until October 1, 2020, giving registered entities an additional 3 months. FERC cited safety and reliability of the grid as the primary reasons for approving the petition, stemming from the impacts of the pandemic.

Cybersecurity Live - Boston

What did FERC state in their order?

In the order, FERC does imply that utilities should have already taken steps to properly implement the new and revised requirements, stating:

“The Reliability Standards that are the subject of this order are important for ensuring the security and reliability of the grid. We recognize that registered entities have likely already taken significant steps to ensure the effective and timely implementation of these Reliability Standards, and we encourage them to continue doing so.”

The order goes on to imply that entities should use this extension to ensure that their efforts to implement the new standards are fully compliant at the time they become enforceable.

Protest filed by the public

The public can file a response to any NERC filing and four responses – three in support and one in protest – were filed.

The one in protest, according to the order, was filed late by an organization called “Protect Our Power,” who according to their website is an organization “[…] comprised of experts from industry, the physical and cyber defense communities as well as finance and government. The nonpartisan advisory panel has (Read more...)