FERC Action: New Reliability Safeguards for American Power Grid

Item E-2, Docket No. RM24-8-000 | E-3, Docket No. RM25-8-000 | E-4, Docket No. RD25-8-000

FERC today unanimously approved a sweeping set of actions to strengthen and safeguard reliability of the nation's bulk-power system, bolstering all Americans access to a dependable power supply.

"Our electric grid faces persistent reliability challenges from cybersecurity threats, extreme weather and rising demand. The actions we approved today are centered on modernizing and securing grid reliability, with a special emphasis on cybersecurity, so every American can count on the grid and get power when they need it," FERC Chairman Laura V. Swett said.

FERC approved two final rules:

• Final Rule on Virtualization Reliability Standards, Docket No. RM24-8-000. The final rule approves 11 updated Critical Infrastructure Protection (CIP) Reliability Standards that enable secure use of virtualization technologies. These enhancements give entities greater flexibility to adopt efficient, modern tools that reduce hardware needs and strengthen cyber defenses across the bulk power system. The final rule also reduces administrative burden for entities that require alternative mitigation measures, while still meeting security objectives. Additionally, the final rule directs the North American Electric Reliability Corporation (NERC) to maintain appropriate oversight and consistency when entities implement such alternative mitigation measures.

• Final Rule on CIP Reliability Standard CIP-003-11, Docket No. RM25-8-000. The final rule approves modifications to a CIP Reliability Standard to improve baseline cybersecurity for low impact bulk electric system (BES) Cyber Systems, i.e., digital or computer systems that support the electric grid but do not meet the criteria for medium or high impact under the tiered approach of the CIP Standards. The modified CIP Standard requires new password protocols for remote users (including safeguards for passwords) and the detection of intrusions to low impact BES Cyber Systems. The final rule represents significant progress in grid security as NERC continues to strengthen its overall security strategy, helping keep the grid resilient to both existing and new threats. By introducing new baseline security controls alongside current protections for grid operators, the final rule improves reliability by reducing the risk of potential system disruptions stemming from coordinated cyberattacks on low impact BES Cyber Systems.

Finally, FERC approved Reliability Standard CIP-002-8 (Docket No. RD25-8-000) to include an updated definition of "control center" in NERC's Glossary. The revised definition improves reliability by helping entities better identify risks and protect high-risk assets.