The FERC staff NOI was issued on June 18 and asked a number of questions about potential revisions to the NERC cybersecurity standards. The primary and most concerning questions were directed at whether existing requirements for high and medium impact cyber assets should also be applied to low impact cyber assets. Over the years NRECA has worked hard to minimize the requirements that apply to low impact cyber assets to in turn minimize the investments that NERC-registered entity co-ops are required to make. There continues to be pressure from FERC and Congress to expand the scope of the NERC cybersecurity standards to more assets. Our comments
filed on Aug. 24 seek to demonstrate what our NERC-registered entity members have done on cybersecurity and also to explain why it’s unnecessary to expand the cybersecurity standards to low impact cyber assets. (FERC Docket No. RM20-12)
Potential next steps for FERC could be no further action, issuing an order directing NERC or a NOPR proposing to include low impact cyber assets in more requirements or some other related action.