UNITED STATES OF AMERICA
BEFORE THE
FEDERAL ENERGY REGULATORY COMMISSION

Critical Infrastructure Protection Reliability       )
Standard CIP-015-10 – Cybersecurity –           )
Internal Network Security Monitoring                )                                           Docket No. RM24-7-000

COMMENTS OF THE
NEW ENGLAND STATES COMMITTEE ON ELECTRICITY  

Pursuant to the Notice of Proposed Rulemaking issued by the Federal Energy Regulatory Commission (“Commission” or “FERC”) on September 19, 2024,[1] the New England States Committee on Electricity (“NESCOE”) files comments on the Commission’s proposal to approve proposed Critical Infrastructure Protection (“CIP”) Reliability Standard CIP-015-1 (Cyber Security – Internal Network Security Monitoring) as well as the Commission’s proposal to direct that the North American Electric Reliability Corporation (“NERC”) develop further modifications to reliability standard CIP-015-1 to extend Internal Network Security Monitoring (“INSM”) to include electronic access control or monitoring systems (“EACMS”) and physical access control systems (“PACS”) outside of the electronic security perimeter.[2]

I.  DESCRIPTION OF COMMENTER

NESCOE is the Regional State Committee (“RSC”) for New England.  It is governed by a board of managers appointed by the Governors of Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, and Vermont and is funded through a regional tariff that ISO New England Inc. (“ISO-NE”) administers.[3]  NESCOE’s mission is to represent the interests of the citizens of the New England region by advancing policies that will provide electricity at the lowest possible price over the long term, consistent with maintaining reliable service and environmental quality.[4]  These comments represent the collective view of the six New England States.

II.  COMMENTS

NESCOE strongly supports efforts to ensure cybersecurity reliability[5] and appreciates the Commission’s efforts to improve the cybersecurity posture of the Bulk-Power System.

Cybersecurity is a critical facet of the Bulk-Power System’s reliability and resilience.[6]  In New England and across the country, grid transformation is expanding the potential for cyberattacks due to the use of emerging technologies, additional communications, and industrial controls as well as remote control capabilities.[7]  While these technologies can offer a wide range of benefits, they can also pose emerging cybersecurity challenges for the electric grid. [8]  For example, software and hardware used across the electric industry[9] can be targeted by hackers via direct network attacks or supply chain breaches.[10]  Accordingly, it is more important than ever that the Commission take all necessary steps to make sure that malicious actors cannot threaten the security of our electric grid.  This, in turn, will help enable the adoption of new grid technologies in a way that bolsters both performance and reliability.

The Commission’s proposals are aimed at closing a reliability and security gap that would otherwise potentially allow malicious actors to target the electric grid.[11]  Accordingly, NESCOE supports the NOPR proposals and encourages the continued efforts of the Commission to ensure the cybersecurity of the bulk-power system.

III. CONCLUSION

NESCOE thanks the Commission for its consideration of these Comments.

Respectfully Submitted,

/s/ Shannon Beale                          

Shannon Beale
Assistant General Counsel
New England States Committee on Electricity
P.O. Box 322
Osterville, MA 02655
Tel: (781) 400-9000
Email:  shannonbeale@nescoe.com

Dated: November 26, 2024