In many electrical systems, process sensors—such as those measuring temperature, pressure, flow, and other physical variables—play a vital role in controller input, operator displays, and overall situational awareness. Yet, these sensors typically lack cybersecurity safeguards, authentication mechanisms, and digital forensics capabilities, even though they are often trusted implicitly and accessible remotely. Their inputs may be assumed accurate and uncompromised, but that assumption creates a dangerous vulnerability. Without monitoring at the device level, utilities cannot detect malicious or faulty sensor data that could skew system understanding or lead to unsafe operational decisions.

To address this critical gap, FERC and NERC are considering including process sensors within the scope of NERC CIP cyber assets. During a March 20, 2025 workshop focused on supply chain risk management, regulators acknowledged that, although these sensors use non-routable communication protocols and fall outside traditional Electronic Security Perimeter (ESP) boundaries, their compromise can still have significant operational consequences—potentially affecting grid stability within just 15 minutes. Recognizing that sensor-driven data could influence dispatcher decisions, the proposal suggests these sensors should meet the definition of cyber assets and thus fall under the protection of NERC CIP standards.

‍

Source: https://www.controlglobal.com/blogs/unfettered/blog/55284986/ferc-and-nerc-discussions-to-include-process-sensors-as-nerc-cip-cyber-assets