Subscribe to Email Updates

Order 843 and CIP-003-7: How They Will Impact Low Sites

Order 843 and CIP-003-7: How They Will Impact Low Sites

On April 25, 2018, the Federal Energy Regulatory Commission (FERC) published Order 843, effectively approving CIP-003-7 standards. An issued effective date of Jan. 1, 2020, has been released. So you might be wondering, “How do the new standards affect my current low sites?”

The first thing to point out is that the enforcement date for the CIP-003-6 (critical infrastructure protection) Requirements for Electronic Access Controls (Attachment 1, Section 3) and Physical Security Control’s (Attachment 1, Section 2), which previously was Sept. 1, 2018, has been delayed until Jan. 1, 2020, to coincide with the CIP-003-7 standards.

The language for Electronic Access Controls has been modified and no longer includes any refences to the terms Low Impact External Routable Connectivity (LERC) and Low Impact Bulk Electric System (BES) Cyber System Electronic Access Point (LEAP). The new language now includes the statement “Permit only necessary inbound and outbound electronic access as determined by the Responsible Entity.” Additionally, entities will still need to document the access that is deemed necessary.

CIP-003-7 also introduces Transient Cyber Asset and Removable Media Malicious Code Risk Mitigation (found in Attachment 1, Section 5). Entities will be required to “mitigate the risk of the introduction of malicious code to low-impact BES Cyber Systems (BCS) through the use of Transient Cyber Assets or Removable Media.” All transient cyber assets will be required to have updated anti-virus software, application whitelisting or other methods in place to mitigate the introduction of malicious code. Additionally, these mitigating measures are required on all removable media and a process must be in place to ensure malicious code is detected and mitigated prior to connection to a low-impact BCS.

Leave a comment

Jeffrey Macre
Written by Jeffrey Macre
Jeffrey Macre is a senior cybersecurity specialist for Burns & McDonnell. As an experienced leader specializing in information technology security, compliance implementation, infrastructure management, and systems administration, he helps clients design and implement standards, procedures and processes that improve their business efficiency.

Related posts

Securing Grant Funding for the Green Omni Terminal Project
Securing Grant Funding for the Green Omni Terminal Project

Pasha Stevedoring & Terminals, the third-largest independent West Coast terminal operator, had something specific in mind for...