Cybersecurity Reporting Grows with mandates through FERC and NERC

Norma Krayem of Holland & Knight has provided a very useful introduction to the new Federal Energy Regulatory Commission (FERC) rules that require much more extensive reporting of cybersecurity threats.

The new reporting standards, CIP008-6, which should go into effect on December 1, 2020 highlight the longstanding concern that the U.S. critical infrastructure is vulnerable to cyberattacks, and that the aging equipment and technology creates inviting targets for terrorists and nation states seeking to harm U.S. interests.

Among the important changes to the rule is the requirement that attempted intrusions and efforts to compromise systems must now be reported. This will significantly expand the number of reports filed. The deadlines for filing are tightened, and the information to be reported is spelled out in much greater specificity.

As global tensions continue to mount, and the U.S. is reported to be using cyberattacks against countries like Iran, it is reasonable to assume that the nation’s infrastructure will continue to come under pressure. These reporting requirements are one aspect of the comprehensive upgrade needed in the safety and security of the U.S. infrastructure.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.