Related Files
Status
The 8-day final ballot for CIP-008-6 - Cyber Security — Incident Reporting and Response Planning concluded 8 p.m. Eastern, Tuesday, January 22, 2019. The voting results can be accessed via the link below. The standard will be submitted to the Board of Trustees for adoption and then filed with the appropriate regulatory authorities.
Background
The purpose of this project is to address the directives issued by FERC in Order No. 848 in order to augment mandatory reporting of Cyber Security Incidents, including attempts that might facilitate subsequent efforts to harm the reliable operation of the Bulk Electric System (BES). FERC directed NERC to develop and submit modifications that would “require the reporting of Cyber Security Incidents that compromise, or attempt to compromise, a responsible entity's Electronic Security Perimeter (ESP) or associated Electronic Access Control or Monitoring Systems (EACMs)."
Standard(s) Affected – CIP-008-5
Project Scope
The Reliability Standard(s) developed or revised will include the 4 elements outlined by FERC:
1. Responsible entities must report Cyber Security Incidents that compromise, or attempt to compromise, a responsible entity's ESP or associated EACMS;
2. Required information in Cyber Security Incident reports should include certain minimum information to improve the quality of reporting and allow for ease of comparison by ensuring that each report includes specified fields of information;
3. Establish deadlines for filing Cyber Security Incidents that are commensurate with incident severity; and
4. Cyber Security Incident reports should be sent
to the Electricity Information Sharing and Analysis Center (E-ISAC) and the
Department of Homeland Security (DHS) Industrial Control Systems Cyber
Emergency Response Team (ICS-CERT).