On January 19, 2023, the U.S. Federal Energy Regulatory Commission (FERC) issued a final rule (RM22-3) (the Rule) directing the North American Electric Reliability Corporation (NERC) to develop and submit for approval reliability standards that require internal network security monitoring (INSM) within a trusted Critical Infrastructure Protection (CIP) networked environment for all high-impact bulk electric system (BES) cyber systems and medium-impact BES cyber systems with external routable connectivity. FERC also directed NERC to study all low-impact BES cyber systems and medium-impact BES cyber systems without external routable connectivity (Other BES). NERC has 15 months to submit its proposed reliability standards for approval and 12 months to submit a report on its study of the Other BES.

(more…)