Today’s LiveWire Spotlight looks a NERC study closing out a FERC directive calling for the assessment of the kinds and effectiveness of BES Cyber System (BCS) access controls that entities have chosen to deploy in accordance with CIP-003-8.  In it, the ERO confirms that the standard’s security intent is met by a requirement allowing only “necessary inbound and outbound traffic” to be exchanged with a low-impact BCS.

None of the NERC study findings demand an urgent response, so FERC will likely wait for the conclusion of two related ongoing initiatives – Projects 2016-02 (Virtualization) and 2020-03 (Supply Chain Management) – before calling for updates based on their review.