NERC and several electric industry trade groups asked FERC this week to reject a petition to change how assets are classified under the Critical Infrastructure Protection (CIP) standard, saying it duplicates an ongoing initiative (EL23-69).
The Secure-the-Grid Coalition last month asked FERC to order NERC to propose an “enhanced standard” for identifying critical infrastructure using the “most recently updated engineering models used in operations.” The group, which describes itself as “policy, energy and national security experts, legislators and industry insiders who are dedicated to strengthening the resilience” of the grid, said NERC should be required to submit the proposed standard within 90 days.
In its response, NERC noted that it already plans to review reliability standard CIP-014-3 (physical security) in a joint technical conference with FERC on Aug. 10 (RD23-2) and through a separate reliability standards development project. CIP-014 requires transmission owners to identify which of their transmission stations and substations are critical to bulk power system reliability and implement a physical security plan for protecting them. The standard requires similar protection for primary control centers controlling critical assets.
“The petition does not allege any significant new circumstances, nor does it raise factual issues that are not ripe for consideration through the current NERC initiatives addressing the physical security of the BPS. Since appropriate forums for considering the petitioner’s ideas have already been or are in the process of being established, development of a new rulemaking to address similar physical security issues is not necessary at this time,” NERC said.
In a separate filing, the American Public Power Association, Edison Electric Institute, Large Public Power Council, National Rural Electric Cooperative Association and Transmission Access Policy Study Group protested the petition, calling it duplicative, unsupported and procedurally deficient.
The groups said the Secure-the-Grid Coalition failed to make its case that CIP-014 requirements for conducting threat assessments are deficient.
“The petition’s support for this request is the bare assertion that ‘[b]ased on the increasing frequency and sophistication of attacks against electric grid infrastructure, and the growing evidence that there is a persistent intent to conduct such attacks from domestic anarchist and extremist groups and foreign adversaries, a more prudent new metric is now required for these “Risk Assessments.”’”
Citing their comments in docket RD23-2-001, the trade groups said their members “are acutely aware of the physical threats posed to the grid, and of the importance of effective protective measures. Notwithstanding an uptick in physical security events in recent years, however, simply pointing to a number of recent events does not establish the need for the commission to direct changes to the threat assessment requirements of CIP-014.”
The trade associations also said FERC should reject Secure-the-Grid’s petition for failing to follow commission rules requiring petitioners to first ask NERC to initiate a new reliability standard. The groups also said the petition should have been filed as a complaint.
Responding to an increase in reports of physical attacks on substations, FERC in December ordered NERC to evaluate the effectiveness of CIP-014. NERC responded with a report in April concluding that the existing criteria are still appropriate to “focus limited industry resources” on the most critical grid facilities and that expanding the criteria would not identify additional critical substations. (See NERC Says Changes Coming to Physical Security Standards.)
However, NERC agreed to conduct a technical conference with FERC to identify the type of substation configurations that should be studied to determine whether any additional substations should be included in the applicability criteria and to establish data needs for conducting those studies.
NERC also said Requirement R1 of CIP-014 should be refined, acknowledging inconsistencies in how entities perform the risk assessment, with some failing to provide sufficient technical studies or justification for study decisions.
NERC’s report recommended a reliability standards development project to clarify the risk assessment methods for studying instability, uncontrolled separation and cascading.
NERC told FERC this week that the project “will be commencing in the near future.”
“Petitioner has not demonstrated a significant change in circumstances or that there is a sufficient problem to merit a generic solution that would necessitate a rulemaking prior to and without the benefit of the public stakeholder processes,” it said.
In a second FERC filing June 13, Secure-the-Grid said it was acting on behalf of the “American public … whose security interests are grossly underrepresented by NERC.”
The group rejected the position that “the costs are too high to invest in widespread and mandatory physical protection of the electric grid.”
“We think the costs are far too high NOT to invest in this protection, and we believe that the public will be willing to pay more for their electricity to see this protection realized,” it said.