凯莱布·斯基斯| Inside Energy & Environment | Covington & Burling律师事务所 //www.ludikid.com/author/cskeath/ 能源、商品和环境法律和政策的发展 周四,2023年1月26日20:28:02 +0000 en - us 每小时 1 https://wordpress.org/?v=6.1.1&lxb_maple_bar_source=lxb_maple_bar_source https://insideenvironmentredesign.covingtonburlingblogs.com/wp-content/uploads/sites/47/2021/06/cropped-cropped-cropped-favicon-3-32x32.png 凯莱布·斯基斯| Inside Energy & Environment | Covington & Burling律师事务所 //www.ludikid.com/author/cskeath/ 32 32 FERC下令制定新的内部网络安全监控标准 //www.ludikid.com/2023/01/ferc-orders-development-of-new-internal-network-security-monitoring-standards/ Ashden Fein, Caleb Skeath, Web Leslie和Shayan Karbassi 2023年1月26日星期四20:24:42 +0000 电网 网络安全 联邦能源管理委员会 电网现代化 网格安全 //www.ludikid.com/?p=8422 联邦能源监管委员会(“FERC”)发布了一项最终规则(第887号命令),指导北美电力可靠性公司(“NERC”)制定新的或修改的可靠性标准,要求在关键基础设施保护(“CIP”)网络环境中进行内部网络安全监测(“INSM”)。本命令可能与开发、实施或维护…的实体有关。继续阅读

The Federal Energy Regulatory Commission (“FERC”) issued a final rule (Order No. 887) directing the North American Electric Reliability Corporation (“NERC”) to develop new or modified Reliability Standards that require internal network security monitoring (“INSM”) within Critical Infrastructure Protection (“CIP”) networked environments.  This Order may be of interest to entities that develop, implement, or maintain hardware or software for operational technologies associated with bulk electric systems (“BES”).

The forthcoming standards will only apply to certain high- and medium-impact BES Cyber Systems.  The final rule also requires NERC to conduct a feasibility study for implementing similar standards across all other types of BES Cyber Systems.  NERC must propose the new or modified standards within 15 months of the effective date of the final rule, which is 60 days after the date of publication in the Federal Register.  

Background

According to the FERC news release, the 2020 global supply chain attack involving the SolarWinds Orion software demonstrated how attackers can “bypass all network perimeter-based security controls traditionally used to identify malicious activity and compromise the networks of public and private organizations.”  Thus, FERC determined that current CIP Reliability Standards focus on prevention of unauthorized access at the electronic security perimeter and that CIP-networked environments are thus vulnerable to attacks that bypass perimeter-based security controls.  The new or modified Reliability Standards (“INSM Standards”) are intended to address this gap by requiring responsible entities to employ INSM in certain BES Cyber Systems.  INSM is a subset of network security monitoring that enables continuing visibility over communications between networked devices that are in the so-called “trust zone,” a term which generally describes a discrete and secure computing environment.  For purposes of the rule, the trust zone is any CIP-networked environment.  In addition to continuous visibility, INSM facilitates the detection of malicious and anomalous network activity to identify and prevent attacks in progress.  Examples provided by FERC of tools that may support INSM include anti-malware, intrusion detection systems, intrusion prevention systems, and firewalls.   

New or Modified Reliability Standards

The INSM Standards will apply to all high-impact BES Cyber Systems and medium-impact BES Cyber Systems with external routable connectivity, defined as the ability to access a BES Cyber System from outside of its associated electronic security perimeter.  FERC declined to set an implementation timeframe for the forthcoming standards and instead directed NERC to recommend an implementation period when it submits its proposal.  Accordingly, the deadline for responsible entities to implement INSM could be years in the future.

Under the rule, the INSM Standards must:

  • (1) Address the need for responsible entities to develop baselines of their network traffic inside their CIP-networked environment; 
  • (2) Address the need for responsible entities to monitor for and detect unauthorized activity, connections, devices, and software inside the CIP-networked environment; and
  • (3) Require responsible entities to identify anomalous activity to a high level of confidence by:
    • (a) Logging network traffic;
    • (b) Maintaining logs and other data collected regarding network traffic; and
    • (c) Implementing measures to minimize the likelihood of an attacker removing evidence of their tactics, techniques, and procedures from compromised devices.

Feasibility Study

Within 12 months of the final rule, NERC must also submit a report that studies the feasibility of implementing INSM within medium-impact BES Cyber Systems without external routable connectivity and all low-impact BES Cyber Systems, which are not subject to the INSM Standards.

FERC has emphasized that the commissioned feasibility study should include a determination of:

(1) The ongoing risk to the reliability and security of the Bulk-Power System posed by low and medium-impact BES Cyber Systems that will not be subject to the INSM Standards; and

(2) The potential technological or other challenges involved in extending INSM to additional BES Cyber Systems, as well as possible alternative mitigating actions to address the risks posed.

Baidu
map