At its regular meeting held March 21, 2013, the Federal Energy Regulatory Commission (“FERC” or “Commission”) issued four orders addressing proposals by the North American Electric Reliability Corporation (“NERC”), as summarized below.
Agenda Item E-5: Revisions to Reliability Standard for Transmission Vegetation Management, Docket No. RM12-4-000
In this large order, FERC approved NERC’s Reliability Standard FAC-003-2 (Transmission Vegetation Management), which modifies currently-effective Reliability Standard FAC-003-1, expanding the applicability of the standard to include overhead transmission lines that are operated below 200 kV, if they are either an element of an Interconnection Reliability Operating Limit (“IROL”) or an element of a Major Western Electricity Coordinating Council (“WECC”) Transfer Path. Reliability Standard FAC-003-2 also incorporates a new minimum annual inspection requirement and new minimum vegetation clearance distances. The revised standard makes explicit a transmission owner’s obligation to prevent an encroachment into the minimum vegetation clearance distance for a line subject to the standard, regardless of whether that encroachment results in a sustained outage or fault, and requires transmission owners to annually inspect all transmission lines subject to the standard and complete 100 percent of their annual vegetation work plan. The order also approved related definitions, violation severity levels, an implementation plan and effective dates proposed by NERC. FERC also approved the proposed violation risk factors, except that it directed NERC to further revise the violation risk factor corresponding to Requirement R2, which pertains to preventing vegetation encroachments into the minimum vegetation clearance distance of transmission lines operated at 200 kV and above but which are not part of an IROL or Major WECC Transfer Path.
Agenda Item E-6: Revisions to Modeling, Data, and Analysis Reliability Standard, Docket No. RM12-19-000
FERC issued a Notice of Proposed Rulemaking (“NOPR”) proposing to approve NERC Reliability Standard MOD-028-2, which will modify currently effective Reliability Standard MOD-028-1, pertaining to information a transmission service provider must include when calculating Total Transfer Capability using the area interchange methodology for the on-peak and off-peak intra-day and next day time periods. FERC’s NOPR also proposes to approve NERC’s proposed implementation plan and retirement of the currently-effective standard. Comments on the NOPR will be due 45 days from publication in the Federal Register, or by approximately early May.
Agenda Item E-7: North American Electric Reliability Corporation, Docket No. RD12-3-000
FERC’s order in this proceeding remands NERC’s proposed interpretation to Requirement R1.1 of Reliability Standard CIP-006-4. The Commission found that the proposed definition of a communication network underlying NERC’s interpretation of the Requirement in inconsistent with existing Commission-approved interpretation of the Requirement. The stated purpose of Reliability Standard CIP-006-4 is to ensure the implementation of a physical security program for the protection of Critical Cyber Assets. Requirement R1.1 requires that all Cyber Assets within an Electronic Security Perimeter must reside within an identified Physical Security Perimeter and that where a completely enclosed border cannot be established the responsible entity must deploy and document alternative measure to control physical access to such Cyber Assets. NERC’s interpretation was in response to a request as to whether electronic security perimeter wiring external to the physical security perimeter must be protected with a six wall boundary, and NERC found that because the glossary did not explicitly include wiring or communication networks as Cyber Assets, the Requirement R1.1 did not apply to wiring. FERC found that NERC’s interpretation and proposed definition of communication network was not reasonable and remanded to NERC for further determination.
Item E-11: North American Electric Reliability Corporation, Docket No. RD12-5-000
In this order, FERC remanded NERC’s proposed interpretation of Reliability Standard CIP-002 (Cyber Security – Critical Cyber Asset Identification), which was developed by NERC in response to a request for interpretation of Reliability Standard CIP-002-4 submitted by Duke Energy. FERC decided to remand NERC’s proposed interpretation, because although it agreed with NERC’s interpretation addressing the first question raised by Duke Energy, FERC did not agree with the portion of NERC’s interpretation addressing the second question raised in Duke Energy’s request. FERC agreed with NERC’s interpretation addressing the phrase “[e]xamples at control centers and backup control centers include systems and facilities at master and remote sites that provide monitoring and control, automatic generation control, real-time power system modeling, and real-time inter-utility data exchange.” This non-exhaustive list of types of systems that should be assessed by registered entities was consistent with the use of the term “examples” in CIP-002 and the FERC’s understanding. FERC determined that the second portion of NERC’s interpretation misconstrues what is “essential to the operation” of a Critical Asset. This could result in Critical Cyber Assets not being protected by the CIP Reliability Standards to maintain the operation of associated Critical Assets. For example, this proposed interpretation fails to consider that a laptop computer used by utility staff or contractors to control the functions and operations of a Critical Asset is “inherent to or necessary for the operation of a Critical Asset,” and thus should fall within the scope of CIP-002-4.