The Federal Energy Regulatory Commission (FERC) approved a new Physical Security Reliability Standard (CIP-014-1) on November 20, 2014, thereby putting into effect measures to enhance the physical security of the nation’s Bulk-Power System and lessen the overall vulnerability of the grid to physical attacks.1   With some minor modifications, FERC largely approved the proposed Reliability Standard submitted by the North American Electric Reliability Corporation (NERC). FERC expects the standard to be in effect by 2016.

Background

In March 2014, FERC directed NERC to propose a rule whereby owners and operators of the Bulk-Power System would (1) identify infrastructure critical to the system, (2) evaluate all vulnerabilities and threats to those facilities and (3) institute a security plan to protect those facilities from attack.2   NERC filed its proposed plan on May 23, 2014.

On July 17, 2014, FERC issued a Notice of Proposed Rulemaking (NOPR) that sought comments on FERC’s proposed changes to the plan NERC submitted, including broadening the criteria for designating a facility as critical, allowing government authorities, including FERC and other entities to add or subtract facilities from the critical list, and requiring two informational filings by NERC, one regarding expanding the reach of the Reliability Standard and the other on grid resiliency efforts.3

The New Standard

Removal of the term “widespread” required

The proposal submitted by NERC required owners and operators to identify facilities that are critical, meaning that if interrupted, there would be “widespread instability” to the electric grid. In the NOPR,  FERC sought to broaden the scope of this provision by removing the term “widespread.” NERC and others expressed concern that including on the list any facility that could lead to any amount of instability was too broad. FERC, however, stated “widespread” was unclear and undefined. Therefore, the final rule requires NERC to amend its original proposal to either remove “widespread” or propose an amendment to address NERC’s concerns.4 This change must be made within six months following the effective date of the rule.

FERC backtracks on delegating authority to add/subtract facilities from the list of critical facilities

In the final rule, FERC backtracks on its own proposed addition to the Reliability Standard that would have allowed FERC and other federal and state authorities to add or remove facilities from the list of those that are deemed critical. This proposed addition sparked sharp pushback from interested parties claiming that FERC does not have the authority under Section 215 of the Federal Power Act to delegate this task and, further, that the proposal would cause confidentiality concerns and bypass NERC’s stakeholder process, giving FERC too large of a role in decision making. In considering these comments, FERC agreed that the proposal would present the commission “with a number of substantial policy issues.”5 In addition, FERC concluded that the proposal would require NERC and FERC “to expend resources that could be better applied elsewhere.”6 Instead, FERC intends to focus its resources on compliance and enforcement activities to ensure that critical facilities are appropriately identified.

Informational filing on High Impact control centers is required, but not on resiliency

The rule requires NERC to submit an informational report on the need for consistent treatment of “High Impact” control centers, suggesting that all such facilities should be protected under CIP-014-1.7 Specifically, NERC is directed to explain why not all “High Impact” control centers may be critical for purposes of CIP-014-1. FERC will allow NERC two years to submit the report, to give NERC the ability to assess the interaction of other reliability standards on the protection of such control centers.

FERC had initially proposed to direct NERC to submit an informational filing to address resiliency of the Bulk Power System when confronted with a loss of critical facilities, including the steps that could be  taken to maintain reliability. Rather than requiring an additional report, FERC decided it was sufficient that NERC propose to address the resiliency issues in its implementation report regarding CIP-014-1. FERC indicated that it may in the future require additional reports or hold technical conferences to address specific areas of concern, such as spare parts, fuel security and advanced technologies.

Third-party verification and review required

FERC accepted NERC’s proposal to include two sets of third-party verification and review: (1) transmission owners must have their risk assessments verified by a third party and (2) transmission owners and operators must have their vulnerability threat assessments and their security plans reviewed by a third party. FERC noted that third party review brings “an important, independent layer of expertise [to] the identification, assessment and protection of critical facilities.”8

In approving the requirement, FERC disagreed with commenters that use of third-party verifiers and reviewers is inconsistent with FERC’s enforcement authority under Section 215 of the Federal Power Act. According to FERC, such third-party verifiers and reviewers will have no enforcement authority and an applicable entity could in some cases be found to be in violation of the standard even if the applicable entity’s actions were verified by a third party. In addition, FERC disagreed that there were not enough qualified third-party verifiers or that entities should be required to use their planning coordinators or transmission planners for the third-party role. Finally, FERC agreed that there would be value in NERC’s developing a list of qualified third-party verifiers, but stopped short of requiring NERC to do so.

Not applicable to generators

FERC accepted NERC’s proposal not to extend the requirements of CIP-014-1 to generators. FERC agreed that generation facilities are not as critical to the Bulk-Power System as transmission facilities due to the limited size of some generating plants, the availability of alternative generation capacity on the grid and the planned resilience of the transmission system to react to the loss of a generation facility.9

Confidentiality is adequately safeguarded

FERC found that the confidentiality measures in NERC’s original proposal are adequate to protect sensitive information that will likely be required to meet the third-party verification and review provisions, and thus approved the provisions in NERC’s original proposal. In the final rule, FERC noted that “all evidence will be retained at the Transmission Owner’s and Transmission Operator’s facilities” and the use of nondisclosure agreements is a way to safeguard such information.10 FERC declined to address in this rule what steps it would take to further safeguard the information but stated, “[t]he Commission will take all necessary and appropriate steps, as provided for in our governing statutes and regulations.”11

Implementation & Moving Forward

FERC approved the implementation timeline included in NERC’s original proposal. The Reliability Standard will be effective the first day of the first calendar quarter that is six months beyond the date that FERC’s final rule takes effect.12 Initial risk assessments required by R1 of the standard are due on or before the effective date of the Reliability Standard, and compliance with all other requirements will be due following this date. Given that the effective date of FERC’s final rule is expected to be in late January, the standard will become effective October 1, 2015, and initial risk assessments will be due prior to that date.