The Federal Energy Regulatory Commission on Oct. 18 approved reliability standards to address supply chain risks in industrial control system hardware, software, and computing and networking services. The rule, developed by the North American Electric Reliability Corporation builds on existing critical infrastructure protection standards to allay cyber security risks associated with the supply chain for grid-related cyber systems. The standards will be implemented over an 18-month period to provide adequate time for capital budgets and planning cycles needed for technical upgrades to comply with the standards. The commission set a 24-month timeline for NERC to develop modifications to include electronic access control and monitoring systems such as firewalls, authentication servers, and systems that monitor security events and detect intrusions. The rules take effect 60 days after publication in the federal register.