WASHINGTON -- Federal regulators on Thursday approved the first cyber-security standards for the nation's electric industry, following growing concerns about the power grid's vulnerabilities.
The Federal Energy Regulatory Commission approved mandatory reliability standards for protecting physical and electronic access to control systems, training personnel on security matters, reporting incidents and recovery planning from a cyber incident.
The commission approved the rules proposed last July and also directed the North American Electric Reliability Corp., which oversees the grid, to strengthen certain technical and oversight provisions, including removing language that allowed varied implementation of standards based on "reasonable business judgment."
"These modifications will strengthen the reliability standards we approve today, and improve our defenses against cyber threats," Federal Energy Regulatory Commission Chairman Joseph T. Kelliher said in a release.
The Edison Electric Institute, which represents investor-owned utilities that supply about 70 percent of the nation's electric generation had advocated for standards and welcomed the decision. The group, whose members include Duke Energy Corp., Dominion Resources Inc., Constellation Energy Group Inc. and Exelon Corp., would not comment further until it receives the final rules and discusses them with the companies, said spokesman Ed Legge.
FERC last month asked the White House to approve a rule requiring the electric industry to submit detailed reports about progress in addressing potential cyber-security risks. That request came after government scientists last year hacked into a simulated power-plant control system and caused an electric generator to self-destruct.
The power grid, generating plants and refineries face are increasingly threatened from hackers who could cause major disruptions and economic chaos in the U.S., the Government Accountability Office said in October.
Also Thursday, FERC proposed revisions to the financial reporting forms for electric utilities and licensees that seek more details from the companies "to ensure that rates are just and reasonable," Kelliher said.
The notice of proposed rule making would require public utilities to provide additional information on implementing formula rates and affiliate transactions. The proposed effective date is 2009.
