Staff with the Federal Energy Regulatory Commission have detailed the depth of its continuing efforts to address cybersecurity challenges facing the nation’s energy infrastructure, including hydropower facilities.
The presentation detailed several organizational changes meant to better focus the agency’s resources on quickly evolving cyber challenges, including creation of a new security-focused group within the Office of Energy Projects’ Division of Dam Safety and Inspections. The group will address cyber and physical security concerns at jurisdictional hydropower facilities, FERC staff said.
Chairman Neil Chatterjee also announced that the commission’s Office of Electric Reliability would be realigning its functions to establish one division focused exclusively on cybersecurity.
“At FERC, we are charged with overseeing the development and enforcement of cybersecurity standards for the nation’s high-voltage transmission system and jurisdictional hydroelectric facilities,” Chatterjee said. “These two developments will help FERC staff more efficiently focus its efforts on cyber security. This new security group in OEP and the realignment in OER will consolidate the cybersecurity staff into a division that focuses solely on cyber.”
FERC identified five areas where staff will strategically and collectively focus efforts to address critical cybersecurity challenges. They are:
• Supply chain/insider threat/third-party authorized access;
• Industry access to timely information on threats and vulnerabilities;
• Cloud/managed security service providers;
• Adequacy of security controls; and
• Internal network monitoring and detection.
Staff also described outreach activities and other initiatives they intend to prioritize throughout FY2020. In particular, staff will closely monitor supply chain security implementation and the industry’s adoption of new technologies and services to address cyber infrastructure implementation, maintenance and/or management. In addition, the Office of Energy Infrastructure Security continues to build on its existing outreach initiatives, including offering voluntary network architecture assessments, and the OER will continue to conduct and participate in audits.