Companies will now have to report attempted cyber-attacks, even if they were unsuccessful
US electric companies will be subject to tighter rules when it comes to reporting cybersecurity incidents, as critical infrastructure continues to be targeted by criminals.
The Federal Energy Regulatory Commission (FERC) said it will be introducing updated reporting standards that will require utilities firms to report any attempt by cybercriminals to attack their systems.
Previously, it was only mandatory for companies to report incidents which had caused a compromise or disruption.
The FERC hopes that by logging all attempted cyber-attacks, it will make it harder for malicious actors to harm electrical systems across the country.
A statement by FERC chairman Kevin McIntyre read: “Cyber threats to the bulk power system are ever changing, and they are a matter that commands constant vigilance.
“Industry must be alert to developing and emerging threats, and a modified standard will improve awareness of existing and future cybersecurity threats.”
Electrical systems remain a vulnerable target for hackers, with a number of malicious attempts on US systems over the past year.
Just yesterday, the Wall Street Journal reported that Russian hackers were successful in targeting the control rooms of some unknown US electric utilities last year, stealing credentials for future access.
This latest move comes after the US passed a bill to greater protect the nation against cyber-attacks within critical infrastructure.
The DHS Industrial Control Systems Capabilities Enhancement Act was approved by Homeland Security earlier this month.
It was introduced in May and includes added measures to reduce the risk of an attack on US systems.
The bill requires the National Cybersecurity and Communications Integration Center (NCCIC) to “identify threats to industrial control systems” and address vulnerabilities in automated technology used in infrastructure.
It also requires the NCIC to step up its reaction to cybersecurity incidents and maintain a robust cross-sector industry response.