Today’s LiveWire Spotlight examines FERC Order 848, which requires a four-pronged expansion in the scope of NERC’s cyber security incident reporting process. The most material update calls for the reporting of cyber-attacks even if they caused no harm. At present, only those that impair a reliability task must be reported.
FERC has allotted six-months to the delivery of a modified cyber incident notification process. NERC has until the end of January, 2019 to develop a Standards Authorization Request, convene a project team, and gain industry concurrence – a very aggressive schedule.