The Federal Energy Regulatory Commission (FERC) has approved Version 4 of the Critical Infrastructure Protection (CIP) Reliability Standards submitted by the North American Electric Reliability Corporation (NERC). The currently-effective Version 3 CIP Reliability Standards. NERC had sent the CIP 4 standards over to FERC for approval back in February 2011, and FERC’s rulemaking on the same was initiated in September.
NERC CIP 4 presents significant changes in the way utilities identify critical assets and the means used to protect them. The main difference between Version 3 and Version 4 is a change in definition for “Critical Assets” (found in CIP-002-4). Specifically, Version 4 includes uniform “bright line” criteria for the identification of “Critical Assets,” which replace the “risk-based assessment methodology” developed and applied by individual responsible entities under Version 3.
NERC now has till March 31, 2013 to submit the next version of the CIP Reliability Standards, and Version 5 is still waiting approval by NERC. Discussions on NERC CIP 5 suggest that it is intended to finally address all of Order 706.

Integration of smart grid devices, and other new and emerging technologies reliant on communications to control operations of the device pose a threat to the reliability of the electric grid, according to a new report released by the North American Electric Reliability Corporation (NERC). Providing a 10-year outlook on the North American electric industry, the new '2011 Long Term Reliability Assessment' report released by NERC evaluates key reliability indicators and dives into the impact of regulations and other issues on bulk power system reliability. The key issues discussed in the report were: the decrease in projected generation resources; the growing dependence on natural gas as a primary fuel source of on-peak capacity; the increased demand for integrating and delivering new resources and the subsequent growth of transmission; and the cumulative effect from environmental regulations may reduce reserve margins in ways that could affect bulk power system reliability, depending on the scope and timing of final regulation implementation. Read more »

In a recent announcement, the North American Electric Reliability Corporation (NERC) has published ten CIP standards (CIP-002-5 through CIP-009-5, CIP-010-1, and CIP-011-1), a set of new and revised NERC Glossary definitions, and a proposed implementation plan. The documents have been posted on the NERC website for a formal 60-day comment period through Friday, January 6, 2012, which will be accepted via an electronic form. The implementation plan, also called the mapping document, identifies each requirement in the already-approved Version 4 CIP standards and identifies how the requirement has been treated in the Version 5 CIP standards. For more information, click here.

The Department of Defense (DoD) is working closely with the Department of Homeland Security (DHS) to tighten cybersecurity of privately-owned critical infrastructure, said Lt. Gen. Robert Schmidle, the Defense Cyber Command's deputy commander. Schmidle said that "one of the things that keeps me up at night is the nation's critical infrastructure". At the same event, Schmidle announced that one of DoD’s projects to improve their cybersecurity efforts is the creation of a shared database that provides a "common operational picture" examining "data feeds" from all of DoD's networks, the Department of Homeland Security, other federal agencies, and "anybody else that wants to participate." Schmidle noted that he did not expect this idea to be implemented right away and also anticipated possible policy hurdles surrounding “individual freedom” and privacy.

Among the leaked diplomatic cables and documents released by WikiLeaks is a secret list of infrastructure-related facilities and topics whose loss or attack by terrorists could "critically impact" U.S. security in the view of the State Department. According to CNN, the list mentions dams close to the U.S. border and a telecommunications hub whose destruction might seriously disrupt global communications. Read more »