The Federal Energy Regulatory Commission has published a final rule calling for the North American Electric Reliability Corporation to develop standards for internal network cybersecurity monitoring. This rule will be required for all high-impact bulk electric systems and medium-impact bulk electric systems with external roundtable activity and conduct a study of the security of other bulk electric systems.

The forthcoming standards will require covered entities to identify baseline network traffic patterns to enable anomaly detection, implement technologies that can monitor and detect unauthorized behavior and other anomalies within a trusted network, and collect data to analyze potential threats and help prevent attackers from easily covering their tracks.

The final rule signals increased attention to cybersecurity regulation, particularly with respect to critical infrastructure operations, zero trust rollout, and supply chain security that is likely to continue both within and beyond the energy sector.

Click here to read the full Update.