FERC Proposes to Close Gap in Bulk Electric System Cybersecurity

Feb 2, 2022

Reading Time : 3 min

Under the current NERC CIP Reliability Standards, network security monitoring requirements focus on “defending the electronic security perimeter”—such as through access point controls and monitoring for malicious communications—rather than on “potential vulnerabilities of the internal network.” Adding INSM requirements is “designed to address situations where perimeter network defenses are breached by providing the earliest possible alerting and detection of intrusions and malicious activity within a trust zone.” Early detection and response could, in turn, “reduce[] the likelihood that an attacker can gain a strong foothold and potential command and control, including operational control, on the target system.” INSM can also enable “collection of data and analysis required to implement a defense strategy, improves an entity’s incident investigation capabilities, and increases the likelihood that an entity can better protect itself from a future cyberattack and address any security gaps the attacker was able to exploit.”

FERC provides several objectives for NERC to address, noting that any new or modified CIP Reliability Standards should require covered entities to:

  1. “[D]evelop a baseline for their network traffic by analyzing expected network traffic and data flows for security purposes.”
  2. “[M]onitor for and detect unauthorized activity, connections, devices, and software inside the CIP networked environment (i.e., trust zone).”
  3. “[L]og and packet capture network traffic; . . . maintain sufficient records to support incident investigation . . . ; and . . . implement measures to minimize the likelihood of an attacker removing evidence of their Tactics, Techniques, and Procedures . . . from compromised devices.”

FERC seeks comment on “all aspects of the proposed directive,” including on: “(1) what are the potential challenges to implementing INSM (e.g., cost, availability of specialized resources, and documenting compliance); (2) what capabilities (e.g., software, hardware, staff, and services) are appropriate for INSM to meet [FERC’s] security objectives . . . ; (3) [whether FERC’s security objectives] for INSM [are] necessary and sufficient and, if not sufficient, what are other pertinent objectives that would support the goal of a having responsible entities successfully implement INSM; and (4) what is a reasonable timeframe for expeditiously developing and implementing Reliability Standards for INSM given the importance of addressing [the] reliability gap?” Finally, FERC welcomes comments on “the usefulness and practicality of implementing INSM to detect malicious activity in networks with low impact BES Cyber Systems, including any potential benefits, technical barriers and associated costs.”

The proposal shows that BES reliability and cybersecurity continue to be high priorities for FERC. Indeed, Chairman Richard Glick noted during FERC’s January meeting that it must continue to be vigilant against cyber threats. Commissioner James Danly highlighted FERC’s keen awareness of the risk and his appreciation for the unanimous vote to approve the proposal. Commissioner Allison Clements described the proposal as a “step in the right direction” and expressed her hope that NERC will move quickly to develop the Reliability Standards for FERC’s consideration. Commissioner Mark C. Christie voted for, but did not comment on, the proposal. Finally, new Commissioner Willie L. Phillips recognized that several steps remain before realization of the proposal’s purpose—including reviewing, analyzing and acting on any comments—and shared his hope that NERC will find a way to “expedite” its process to enable implementation of INSM standards as soon as possible.

FERC’s next action in this matter could come as soon as April or May 2022, but could take longer. It also is uncertain how long FERC will give NERC to file its proposed Reliability Standards if FERC ultimately directs it to do so in a Final Rule. Accordingly, any mandatory, enforceable rules likely are at least months away.


1 NERC’s CIP Reliability Standards currently in effect set forth criteria “to categorize BES Cyber Systems as high, medium, or low depending on the adverse impact that loss, compromise, or misuse of those BES Cyber Systems could have on the reliable operation of the BES.” The designated impact level then “determines the applicability of security controls for BES Cyber Systems that are contained in the remaining CIP Reliability Standards” as they currently exist.

Share This Insight

Previous Entries

Speaking Energy

August 15, 2025

On August 8, 2025, the Federal Energy Regulatory Commission (FERC) issued an enforcement order in Skye MS, LLC (Skye) and levied a $45,000 civil penalty on an intrastate pipeline operator in Mississippi, resolving an investigation into the operator’s violations of section 311 (Section 311) of the Natural Gas Policy Act (NGPA). FERC faulted the operator for providing a Section 311 transportation service without timely filing a Statement of Operating Conditions (SOC) and obtaining FERC’s approval for the transportation rates. Section 311 permits intrastate pipelines to transport interstate gas “on behalf of” interstate pipelines without becoming subject to FERC’s more extensive Natural Gas Act (NGA) jurisdiction, but requires the intrastate pipeline to have an SOC stating the rates and terms and conditions of service on file with FERC within 30 days of providing the interstate service. Under the NGPA, Section 311 rates must be “fair and equitable” and approved by FERC. In Skye, FERC stated that the operator began providing Section 311 service on certain pipeline segments in Mississippi in May 2023, following their acquisition from another Section 311 operator, but did not file an SOC with FERC until April 2025. The order ties the penalty to the approximately two-year delay between commencement of the Section 311 service and the SOC filing date. The pipeline operator was also ordered to provide an annual compliance report and to abide by additional verification requirements related to the filing of its FERC Form No. 549D, the Quarterly Transportation & Storage Report for Intrastate Natural Gas and Hinshaw Pipelines.

...

Read More

Speaking Energy

August 6, 2025

In Sierra Club v. FERC, No. 24-1199 (D.C. Cir. Aug. 1, 2025), the U.S. Court of Appeals for the District of Columbia Circuit (D.C. Circuit) upheld the Federal Energy Regulatory Commission’s (FERC) approval of a 1,000-foot natural gas pipeline segment crossing the United States-Mexico border (the Border Pipeline) under section 3 of the Natural Gas Act (NGA), rejecting environmental groups’ challenges that FERC improperly limited its analysis under both the NGA and the National Environmental Policy Act (NEPA), as related to a 155-mile intrastate “Connector Pipeline” constructed upstream of the Border Pipeline in Texas.

...

Read More

Speaking Energy

July 17, 2025

On July 15, 2025, the Federal Energy Regulatory Commission (FERC or Commission) issued an order1 proposing to eliminate the soft price cap of $1,000 per megawatt-hour (MWh) for bilateral spot sales in the Western Electricity Coordinating Council (WECC) that was implemented following the California energy crisis. If adopted, the Commission’s proposal would eliminate the requirement that sellers make a filing with FERC cost justifying spot market sales in excess of the soft price cap, which have become increasingly common in recent years as market conditions have continued to tighten throughout the West. Eliminating the WECC soft price cap would provide sellers that make sales during periods when prices exceed the cap greater certainty that their sales will not be second guessed after the fact.

...

Read More

Speaking Energy

June 25, 2025

On June 4–5, 2025, the Federal Energy Regulatory Commission (FERC or Commission) hosted a commissioner-led technical conference to discuss resource adequacy challenges facing regional transmission organizations and independent system operators (RTO). The conference is a response to the growing concern that multiple RTO regions across the country may not have sufficient supply available in the coming years to meet demand due to resource retirements, the pace of new generation entry and higher load growth arising from the construction of data centers and reindustrialization.

...

Read More

Speaking Energy

June 12, 2025

We are pleased to share the presentation slide deck and a recording of Akin’s recently presented webinar, “Navigating U.S. Policy Shifts in the Critical Minerals Sector.”

...

Read More

Speaking Energy

June 10, 2025

On June 4, 2025, the U.S. Department of Transportation’s (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) announced revisions to its procedures for pipeline safety enforcement actions. The changes, outlined in two new policy memoranda from PHMSA’s Office of the Chief Counsel (PHC), aim to enhance due process protections for pipeline operators by clarifying how civil penalties are calculated and expanding the disclosure of agency records in enforcement proceedings.

...

Read More

Speaking Energy

May 22, 2025

On May 19, 2025, the Department of Energy (DOE) finalized its 2024 LNG Export Study: Energy, Economic and Environmental Assessment of U.S. LNG Exports (the 2024 Study) through the release of a Response to Comments on the 2024 Study. The Response to Comments concludes that the 2024 Study, as augmented through public comments submitted on or before March 20, 2025, supporting a finding that liquefied natural gas (LNG) exports serve the public interest. With the comment process complete, DOE will move forward with final orders on pending applications to export LNG to non-free trade agreement (non-FTA) countries.

...

Read More

Speaking Energy

May 20, 2025

On Thursday, May 15, the Senate Commerce, Science & Transportation Subcommittee on Surface Transportation, Freight, Pipelines and Safety held a hearing titled, “Pipeline Safety Reauthorization: Ensuring the Safe and Efficient Movement of American Energy.” The hearing examined legislative priorities for reauthorizing the Pipeline and Hazardous Materials Safety Administration (PHMSA).

...

Read More

© 2025 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.