Norma Krayem of Holland & Knight has provided a very useful introduction to the new Federal Energy Regulatory Commission (FERC) rules that require much more extensive reporting of cybersecurity threats.
The new reporting standards, CIP008-6, which should go into effect on December 1, 2020 highlight the longstanding concern that the U.S. critical infrastructure is vulnerable to cyberattacks, and that the aging equipment and technology creates inviting targets for terrorists and nation states seeking to harm U.S. interests.
Among the important changes to the rule is the requirement that attempted intrusions and efforts to compromise systems must now be reported. This will significantly expand the number of reports filed. The deadlines for filing are tightened, and the information to be reported is spelled out in much greater specificity.
As global tensions continue to mount, and the U.S. is reported to be using cyberattacks against countries like Iran, it is reasonable to assume that the nation’s infrastructure will continue to come under pressure. These reporting requirements are one aspect of the comprehensive upgrade needed in the safety and security of the U.S. infrastructure.