Last week, the Federal Energy Regulatory Commission (FERC) announced that its Office of Electric Reliability (OER) will be realigning its functions in order to establish one division focused exclusively on cybersecurity.

As part of the announcement, the Commission also reported that it will create a new security-focused group within the Office of Energy Projects’ (OEP) Division of Dam Safety and Inspections. This group will address cyber, as well as physical, security concerns at jurisdictional hydropower facilities.

“At FERC, we are charged with overseeing the development and enforcement of cybersecurity standards for the nation’s high voltage transmission lines and jurisdictional hydropower facilities,” said Neil Chatterjee, chairman of FERC. “These two developments will help FERC staff more efficiently focus its efforts on cybersecurity. This new security group in OEP and the realignment in OER will consolidate the cybersecurity staff into a division that focuses solely on cybersecurity.”

FERC also announced that it has identified five areas where commission staff will strategically and collectively focus its efforts in order to address critical cybersecurity challenges. These are:

• Supply Chain/Insider Threat/Third-Party Authorized Access
• Industry access to timely information on threats and vulnerabilities
• Cloud/Managed Security Service Providers
• Adequacy of security controls
• Internal network monitoring and detection

Commission staff also described a number of outreach activities and other initiatives that it intends to prioritize throughout Fiscal Year 2020. In particular, staff will closely monitor supply chain security implementation and the industry’s adoption of new technologies and services to address cyber infrastructure implementation, maintenance and/or management. In addition, the Office of Energy Infrastructure Security will continue to build on its existing outreach initiatives, including offering voluntary network architecture assessments. Finally, the Office of Electric Reliability will continue to conduct and participate in audits.