The federal entity responsible for regulating the energy sector on Thursday proposed new rules to enhance the cybersecurity of the U.S. electric grid, including those aimed at addressing risks posed by malware.
The Federal Energy Regulatory Commission (FERC) outlined new proposed security management controls for operators of electric grid systems aimed at enhancing “the reliability and resilience of the nation’s bulk electric systems,” according to a release.
“These include mandatory controls to address the risks posed by malware from transient electronic devices like laptop computers, thumb drives and other devices used at low-impact bulk electric system cyber systems,” the commission said.
There have been increased concerns about cyber threats to the U.S. electric grid in the wake of successful attacks that took down portions of Ukraine’s in 2015 and 2016. Russian hackers are widely suspected to have been behind the attacks. Earlier this year, researchers identified the malware used to take out power in Kiev in 2016.
A leading cybersecurity company also recently identified a sophisticated hacking campaign targeting the U.S. energy sector as well as those of certain European countries.
Among the proposals, the commission floated approving a new critical infrastructure protection standard in order to mitigate cybersecurity threats to the operations of the U.S. bulk power system.
The federal regulator also proposed directing the North American Electric Reliability Corporation, a nonprofit corporation that helps regulate North America’s electric utility industry, to develop modifications to criteria for electronic access controls of low-impact cyber systems.
“These modifications will address potential gaps and improve the cyber security posture of entities that must comply with the [Critical Infrastructure Protection] standards," the release said.