Today’s LiveWire Spotlight examines the Standards Authorization Request (SAR) for Project 2022-05 which looks to deal with metrics showing that there has been no material change in the number of incident reports since CIP-008-6 took effect.  The data suggests that the expansion in type, content, timelines, and recipients of cyber security incident reports directed in FERC Order 848 has not been effective in reporting cyber-attacks even if they caused no harm. 

The initial draft of the Standards Authorization Request for Project 2022-05: Modifications to CIP-008 Reporting Threshold and its unofficial comments form have been posted for a 30-day review.  Your feedback is due back to the project team by December 5, 2022.