FERC seeks comment on use of cloud computing and virtualization in energy sector

FERC seeks comment on use of cloud computing and virtualization in energy sector

The United States Federal Energy Regulatory Commission recently posted a notice of inquiry to the Federal Registry about cloud computing and virtualization in the energy sector.

The FERC is seeking comment on the potential benefits and risks associated with the use of virtualization and cloud computing services in association with bulk electric system operations. As with the adoption of many technologies, operations may see increased cybersecurity risk, but many organizations see benefits as well.

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

“Leveraging cloud computing services in technology and business processes provides entities the opportunity to realize benefits in their IT operations, including greater scalability, greater flexibility and lower capital investment,” the notice says. “Cloud computing services provide computing power and storage at a lower cost than maintaining in-house IT infrastructure while providing the capability for almost instantaneous expansion of services. Other potential benefits from the adoption of cloud computing services include enhanced access to data and applications due to the inherent redundancy and multiple pathways used to access cloud computing services.”

The commission is interested in whether barriers exist in the Critical Infrastructure Protection Reliability Standards that impede the voluntary adoption of virtualization or cloud computing services.

The North American Electric Reliability Corporation’s CIP standards are designed to secure the assets required for operating North America’s bulk electric system. The nine standards and 45 requirements cover the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning.

Industry leaders have been discussing the CIP standards and the use of virtualization and cloud computing in the energy sector at conferences over the past few years.

The Southwest Power Pool voiced concerns about the lack of flexibility regarding the use of cloud computing services at the the Commission/DOE Security Investments for Energy Infrastructure Technical Conference on March 28, 2019. SPP oversees the bulk electric grid and wholesale power market in the central United States. According to the organization the CIP Reliability Standards do not allow cloud-based technologies despite the fact that the vast majority of new products from many of its vendors are cloud-based.

Similarly, at the FERC’s Reliability Technical Conference utility service provider Midcontinent Independent System Operator recommended that the FERC work with industry and cloud service providers to move forward with changes to the CIP Reliability Standards specifically to accommodate the use of cloud computing services. At the June 27, 2019 conference MISO also explained the benefits of virtualization, including enhanced system recovery.

“Virtualization can be used on a stand-alone basis in a bulk electric system control center environment to reduce capital and operating costs, increase the efficiency of existing computing assets, and improve incident recovery, among other reasons,” the FERC notice says. “Virtualization offers the potential for cost savings in asset management, including minimizing the need for physical assets, which require building space and procuring and maintaining physical computer hardware. A virtualized system can also be more quickly recovered than physical systems in the event of a malfunction or compromise.”

Those who wish to offer feedback must submit their comments by April 27. The FERC plans to use this feedback to determine whether it would be appropriate to direct that NERC develop modifications to the CIP Reliability Standards to facilitate the voluntary adoption of virtualization and cloud computing services by registered entities.

Malware, vulnerabilities targeting OT systems surge

Increasing threats of vulnerabilities are steadily rising, particularly in sensitive areas such as OT systems and network devices, putting vital infrastructure at risk, according to data released by Skybox Research

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp


Join over 5,000 Industrial OT & Cyber professionals

Weekly Newsletter direct to your inbox