U.S. utility regulators have asked for public comment on the potential benefits and risks associated with the use of virtualization and cloud computing services in the operation of the
nation’s bulk electric system.
On February 20, 2020, the Federal Energy Regulatory Commission issued a Notice of Inquiry asking whether the Commission’s Critical Infrastructure Protection (CIP) Reliability Standards allow for deployment of virtualization and cloud computing services and
balance the innovations with security requirements.
As described by the Commission, "Virtualization is the process of creating virtual versions of computer
hardware to minimize the amount of physical computer hardware resources
needed to perform various functions. It is considered necessary if the functions of grid cyber systems are to be moved to a cloud computing environment. While some entities might use the cloud simply for data storage, others
may rely on virtualization and cloud storage in tandem to operate
systems that control one or more core functions of the power grid."
In the Notice of Inquiry, the Commission asked questions regarding four broad topics: where virtualization or cloud computing could be used in connection with the bulk electric system; benefits and risks associated with virtualization or cloud computing; barriers within the CIP reliability standards that block their implementation; and potential new and emerging technologies that regulated entities might adopt.
The Commission docketed the inquiry proceeding as RM20-8-000. Comments are due 60 days after publication of the NOI in the Federal Register.
In a related proceeding, the Commission issued an order directing electric reliability organization NERC to make an informational filing describing work on two draft CIP standards addressing virtualization and cloud computing, labeled by NERC as Project 2016-02 (Modifications to CIP Standards) and Project 2019-02 (BES Cyber System Information Access Management). NERC's initial filing in Docket RD20-2-000 is due within 30 days, to be followed by quarterly updates.
No comments:
Post a Comment