skip to Main Content

FERC Approves New Supply Chain Reliability Standards to Address Cyber Security Risks

On October 18, 2018, FERC issued a final rule approving NERC CIP Standards on supply chain risk management for high and medium impact BES Cyber Systems. This includes new CIP-013-1 requiring applicable entities to develop and implement a supply chain cyber security risk management plan, and new security controls under CIP-005-6 and CIP-010-3. The implementation period set by FERC is 18 months due to the time needed to implement a plan and controls under the new requirements.

GridSME has prepared a short summary of the final rule and these new requirements, which you can read here. GridSME can help you understand the new standards and develop a roadmap to meet the upcoming compliance requirements.

NERC Webinar on Inverter Disturbances

On February 15, NERC hosted the first in a series of webinars titled “Inverter-Based Resource Disturbance Analysis Key Findings and Recommendations” which highlights the work of NERC’s Inverter Based Resource Performance Task Force (IRPTF). The webinar focused on the IRPTF’s analysis of two recent system events in Southern California.

GridSME has prepared a short summary of the webinar and report, which you can read here.

CAISO’s RIMS5 Changeover

Does your organization interact with CAISO?

If so, you may be aware that CAISO is updating its interconnection process and making the Resource Interconnection Management System v5 (“RIMS5”) the sole location for the transmittal of information pertaining to interconnection applications, interconnection studies, meter installation and maintenance projects (that are not Scheduling Quality Meter Data (SQMD) or Distributed Energy Resource Provider (DERP) projects), and New Resource Implementation (NRI) projects.

What does this mean to you?

You will no longer be able to email, mail, or physically deliver to CAISO documents or information related to the project types noted above. The transmittal of those documents will need to be done through RIMS.

When is this change effective?

December 31, 2017

If you aren’t ready for this change, don’t panic. GridSME can help.

Read the full write-up here

Kaspersky NERC Alert: Free Verification Tool

In response to the recent NERC Alert, GridSME compiled a tool that functions as a relatively quick way of identifying if Kaspersky software is on a system or verifying that Kaspersky is no longer installed after using their product removal tools. The tool recursively hashes the contents of the directory you tell it to, and compares each file hash to the NIST NSRL database of known Kaspersky file hashes , which is included in the zip archive available for download below. It can also be used “offline” by using a txt hash input list that is then compared to the NSRL database.

DISCLAIMER: By downloading this tool, user agrees and accepts that GridSME grants no express or implied warranty or guarantee of any kind, including, but not limited to, warranty of quality, merchantability, or fitness for a particular use or purpose. GridSME makes no representations as to the effectiveness of the tool. GridSME is not liable for any damage this tool may cause to your systems. While GridSME tested and verified the usage of this tool on its own systems, scanned with anti-virus tools, and provided integrity verification methods, GridSME strongly recommends that users take the appropriate precautions before introducing into any critical or production environment to ensure both security and compliance requirements are upheld.

If you have any questions about the NERC Alert, mitigation strategies, or need help using the tool, don’t hesitate to reach out to security@gridsme.com

Instructions

Tool download

Signature verification

Back To Top