AICPA SOC Service Organizations - Certrec

The Evolution of NERC Compliance: What’s New in 2024?

The Evolution of NERC Compliance What’s New in 2024 - Featured Image - Certrec Blog

Over the years, North American Electric Reliability Corporation (NERC) compliance has evolved to address the changing landscape of cybersecurity threats, technological advancements, and other regulatory risks. As we step into 2024, several new developments have emerged in NERC compliance, reflecting the ongoing commitment to safeguarding the power grid against emerging threats and vulnerabilities. This article discusses the latest updates in NERC compliance for 2024, highlighting key areas of focus and their implications for utilities and power system operators.

Related blog: Is Your Grid Operation Ready for the 2024 NERC Standard Revisions?

Strengthening Incident Response and Recovery

A critical aspect of NERC compliance in 2024 is the strengthened focus on incident response and recovery frameworks. Recognizing the inevitability of security incidents in today’s complex cyber and physical threat landscape, NERC has updated its standards to require more robust and comprehensive incident response plans. These plans must detail procedures for detecting and mitigating threats and outline clear pathways for system recovery and continuity of post-incident operations. These exercises are designed to test the effectiveness of incident response strategies and identify areas for improvement. This approach ensures that the entire sector can learn from incidents and adapt more effectively to emerging threats, thereby enhancing the overall resilience of the power grid.

Enhanced Cybersecurity Measures

In 2024, NERC placed a significant emphasis on enhancing cybersecurity measures to overcome the increasing risk of cyber threats. Such an update includes the introduction of more rigorous standards for Critical Infrastructure Protection (CIP). The updated NERC CIP standards now encompass broader requirements for incident reporting, necessitating utilities to report attempted breaches that could impact the power grid’s reliability. Additionally, with the revised NERC CIP requirements, there is an increased emphasis on managing supply chain risks, necessitating the implementation of security controls to safeguard critical infrastructure sectors.

The Evolution of NERC Compliance What’s New in 2024 - Internal Image - Certrec Blog

Emphasis on Physical Security

Physical security remains a focal point of NERC compliance, with new regulations in 2024 reinforcing the importance of protecting critical infrastructure from physical threats. The updated standards extend beyond traditional perimeter security, advocating for a layered defense strategy that includes monitoring, surveillance, and access control measures. Utilities are now required to conduct comprehensive vulnerability and cyber security threat assessments to identify potential physical as well as cyber weaknesses. The main aim of these new regulations is to implement corrective actions to mitigate these risks. This approach to physical security ensures that critical facilities are safeguarded against both internal and external threats. 

Advanced Grid Resilience Practices

In the face of Disturbance Events such as the Blue Cut Fire, Canyon 2 Fire, and Odessa Disturbances, NERC has highlighted the need for disturbance monitoring for inverter-based resources (IBRs). The recently adopted PRC-028 standard aims to ensure that adequate data is available from IBRs to facilitate analysis of Bulk Electric System Disturbances. This standard aims to improve grid resilience by providing a standardized approach to capture and analyze disturbance data related to IBRs. The emphasis is on ensuring that the power system can maintain operational integrity through informed decision-making enabled by accurate and detailed disturbance reporting.

Final Words

In 2024, the approach to NERC compliance has evolved to become both proactive and adaptable, effectively tackling the complex challenges confronting the bulk power system. By introducing enhanced cybersecurity measures, accommodating the integration of renewable energy and distributed energy resources (DERs), reinforcing physical security, and advancing grid resilience practices, NERC compliance aims to strengthen the reliability and security of the North American power grid.

Disclaimer: Any opinions expressed in this blog do not necessarily reflect the opinions of Certrec. This content is meant for informational purposes only.