• Solutions
    • FERC XBRL Reporting
    • FDTA Financial Reporting
    • SEC Compliance
    • Windows Clipboard Management
    • Legato Scripting
  • Products
    • GoFiler Suite
    • XBRLworks
    • SEC Exhibit Explorer
    • SEC Extractor
    • Clipboard Scout
    • Legato
  • Education
    • Training
    • SEC and EDGAR Compliance
    • Legato Developers
  • Blog
  • Support
  • Skip to blog entries
  • Skip to archive page
  • Skip to right sidebar

Friday, September 18. 2020

FERC and NERC Outline Cyber Incident Response and Recovery Best Practices

On September 14th, 2020, staff from FERC and the North American Electricity Reliability Corporation (NERC) published a report on cyber planning for response and recovery entitled “Cyber Planning for Response and Recovery Study” (CYPRES), which emphasizes best practices for the electric utility industry.


The combined personnel of FERC and NERC, and the NERC Regional Entities, collaborated to develop the report after interviewing experts on this matter from eight electric utilities of different sizes and functions. Included in the staffs’ report are observations on the organizations’ defensive capabilities and on the effectiveness of their Incident Response and Recovery (IRR) plans.


The report identifies shared elements within the IRR plans. These common elements define their scope, computer security events, staff functions and responsibilities, and levels of empowerment to respond. The shared elements indicate reporting requirements and guidelines for external communications and information sharing, as well as procedures to assess performance.


The report also highlighted best practices, concluding that effective IRR plans must:

  • have well-defined personnel functions, encourage accountability, give personnel the authority to act without unnecessary delays, and use supporting technology and automated tools while recognizing the importance of human performance
  • require well-qualified personnel who continually sharpen their skills and stay mindful of lessons learned from past events or simulated challenges
  • use specific standards so personnel can detect substantial deviations from regular operations
  • eliminate all outside connections when activated and consider the risk that a containment strategy may cause predefined damaging actions by the malware. The plans use evidence gathering and ongoing analysis to determine if an event indicates a greater compromise
  • consider the resource implications of incident responses of unknown length
  • implement lessons learned from prior incidents and simulated events

The teams concluded that effective IRR plans are vital resources for addressing cyber threats. They therefore determined that effective IRR plans should be established, and response teams should be ready to detect, contain, and eliminate cyber threats before they do harm to utility operations.


For inquiries regarding this report, contact Mary O’Driscoll at FERC by phone at (202) 502-8680 or via email at mediadl@ferc.gov, or contact Kimberly Mielcarek at NERC via email at Kimberly.mielcarek@nerc.net.


Sources:

FERC, NERC Staff Outline Cyber Incident Response, Recovery Best Practices (ferc.gov)

2020 FERC, NERC and REs Report: Cyber Planning for Response and Recovery Study (CYPRES) (ferc.gov)


Posted by
The Novaworks Team
in FERC at 18:04
Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)
No comments
The author does not allow comments to this entry

Quicksearch

Categories

  • XML Accounting
  • XML AICPA News
  • XML FASB News
  • XML GASB News
  • XML IASB News
  • XML Development
  • XML Events
  • XML FERC
  • XML eForms News
  • XML FERC Filing Help
  • XML Filing Technology
  • XML Information Technology
  • XML Investor Education
  • XML MSRB
  • XML EMMA News
  • XML FDTA
  • XML MSRB Filing Help
  • XML Novaworks News
  • XML GoFiler Online Updates
  • XML GoFiler Updates
  • XML XBRLworks Updates
  • XML SEC
  • XML Corporation Finance
  • XML DERA
  • XML EDGAR News
  • XML Investment Management
  • XML SEC Filing Help
  • XML XBRL
  • XML Data Quality Committee
  • XML GRIP Taxonomy
  • XML IFRS Taxonomy
  • XML US GAAP Taxonomy

Calendar

Back May '25 Forward
Mo Tu We Th Fr Sa Su
Monday, May 19. 2025
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Feeds

  • XML
Sign Up Now
Get SEC news articles and blog posts delivered monthly to your inbox!
Based on the s9y Bulletproof template framework

Compliance

  • FERC
  • EDGAR
  • EMMA

Software

  • GoFiler Suite
  • SEC Exhibit Explorer
  • SEC Extractor
  • XBRLworks
  • Legato Scripting

Company

  • About Novaworks
  • News
  • Site Map
  • Support

Follow Us:

  • LinkedIn
  • YouTube
  • RSS
  • Newsletter
  • © 2024 Novaworks, LLC
  • Privacy
  • Terms of Use
  • Trademarks and Patents
  • Contact Us