This bill would amend the Federal Power Act to expand the official definition of what electrical infrastructure would be covered by cyber security rules. A new §224 would define the term ‘critical electric infrastructure’ that would include physical and virtual assets involved in the ‘generation, transmission, or distribution of electric energy’. The critical factor determining coverage would be the requirement that the incapacitation or destruction of the assets would “have a debilitating impact on national security, national economic security, or national public health or safety” {§224(a)(1)}.
The bill would have the Federal Energy Regulatory Commission (FERC) determine if current §215 reliability standards are adequate to protect the critical electric infrastructure from cyber security vulnerabilities. Those vulnerabilities are defined as “a weakness or flaw in the design or operation of any programmable electronic device or communication network that exposes critical electric infrastructure to a cyber security threat” {§224(a)(5)}. Unless FERC specifically determines that the current standards are adequate, they will be required to order the Electric Reliability Organization (ERO) to update those standards within 180 days.
There are no specific requirements for security for control systems in this bill; it leaves the establishment of those requirements to the ERO.
BTW: It would help spell checkers everywhere if Congress would decide if ‘cyber security’ was one word or two. I vote for a single word – cybersecurity.
Posts
No comments:
Post a Comment