Source: FERC Press Release dated September 15, 2011

"In a long awaited regulatory action, the Federal Energy Regulatory Commission (FERC) took steps to support continued transmission system reliability by proposing revisions to eight critical infrastructure protection (CIP)reliability standards that include a new method of identifying cyber assets that are critical to the nation’s bulk power grid.

The North American Electric Reliability Corp. (NERC) voted to approve the newest version of the CIP standards some time ago, and the industry has been waiting for FERC's decision on whether the standards should be enacted.

If enacted, NERC CIP 4 would present significant changes in the way utilities identify critical assets and the means used to protect them. Utility security professionals should review the draft standards and begin considering changes needed to their procedures to comply with the new methodologies.

The notice of proposed rulemaking (NOPR) stressed that NERC has not addressed all the modifications directed by the Commission’s Order No. 706, which approved the original CIP standards in January 2008. The NOPR would require NERC to make a filing to fully comply with Order No. 706 by the end of the third quarter of 2012. Comments on the proposed rule (RM11-11) are due 60 days after publication in the Federal Register.

The proposed “Version 4” CIP standards are an interim step, FERC said in directing the electric industry and the North American Electric reliability Corp. (NERC) to continue developing a comprehensive approach to assure the grid can withstand a cyber security incident. NERC is the Commission-certified electric reliability organization responsible for developing and enforcing mandatory reliability standards."