Today’s LiveWire Spotlight examines FERC Docket RD19-3-000 approving without comment CIP-008-6, which expands the type, content, timelines, and recipients of cyber security incident reports.; including…
…the reporting of cyber-attacks even if they caused no harm. At present, only those that impair a reliability task must be reported.
…the addition of data fields to the reporting template that will improve information quality and help analysts rapidly detect similarities between incidents.
…an update to the standard that specifies deadlines for reports ranging from one hour for high risk threats to one month for those with low risk.
…the addition of the DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) as a recipient of incident notifications.

FERC chose to bypass their normal review process due to their sense of urgency to close the reliability gap – thus, a Notice of Proposed Rulemaking was not issued. As such, Clients should assure they fully comply with CIP-008-6 when it takes effect on January 1, 2021.