Electric grid reliability (NERC CIP)
Technology, AI, and competition-facing companies with grid-connected infrastructure or operational technology dependencies are squarely in scope for North American Electric Reliability Corporation Critical Infrastructure Protection standards, even when their primary regulator sits outside the energy sector. The Federal Energy Regulatory Commission enforces NERC CIP compliance for bulk electric system assets, and the U.S. Department of Energy has layered supply chain security expectations on top through its ongoing grid security emergency orders. Compliance teams in this sector are currently auditing whether AI compute infrastructure, data center interconnections, and third-party software vendors trigger CIP-002 asset categorization thresholds.
Watch
- NERC CIP-013 supply chain risk management: vendor software update controls under active audit cycles
- FERC Order 887 internal network security monitoring deadlines for medium and high-impact BES assets
- CIP-002-5.1a asset categorization: whether hyperscale data centers qualify as BES Cyber Systems
- DOE grid security emergency authority: potential invocation affecting AI infrastructure procurement
- NERC's 2024-2025 Compliance Monitoring and Enforcement Program priorities targeting virtualized environments
Recent material activity in Technology, AI & Competition
-
NIST releases updated AI Risk Management Framework companion guide for critical infrastructure
NIST published AI RMF 1.1 companion guidance specifically addressing AI deployment in critical infrastructure sectors including energy, financial services, and healthcare. The guide introduces mandatory risk assessment c…
Read a full sample brief →