On April 10, NERC posted for industry comment CIP-014-1, a draft Physical Security standard developed in response to FERC's March 7, 2014 order directing NERC to prepare a standard addressing physical security issues facing the grid.
FERC's directive responds to intense political and media pressure brought to bear on the agency following last year's attack on Pacific Gas & Electric's Metcalf Substation. The draft standard reflects the work done by NERC and the industry drafting team under a tight 90-day timeframe imposed by the Commission.
The draft standard calls for entities registered with NERC as Transmission Owners or Operators that meet specified criteria to:
- Perform risk assessments identifying critical transmission stations, substations and associated primary control centers;
- Evaluate physical attack vulnerabilities of those facilities; and
- Develop and implement plans to protect against attacks.
Risk assessments and security plans will be subject to third-party verification. The draft standard provides registered entities with much of the discretion contemplated by the Commission, though subject to third-party oversight.
Entities that must perform the initial assessment are those that operate at over 200 kV at a single station or substation, and where the station or substation is connected at voltages of 200 kV or higher, while meeting specified aggregated weighted values.
Given the highly charged political environment in which the industry will vote on the draft standard under NERC's Rules of Procedure, NERC and the industry will undoubtedly be under intense scrutiny in the event the draft standard is voted down.
A formal comment period for the standard remains open through April 24. A concurrent five-day initial ballot and non-binding poll will run from April 20 through April 24, with ballot pool formation remaining open through April 19.