New Reliability Standards will require physical protections for critical electric system facilities, including substations and control centers.
Following well-publicized threats to the physical security of electric system assets, on March 7, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to develop mandatory Reliability Standards to protect against physical risks to “critical” electric facilities.1 Due in 90 days, the Reliability Standards must provide the following:
- A methodology for identifying the critical facilities to be protected
- A requirement to identify the critical facilities’ vulnerabilities
- A requirement that facility owners and operators develop and implement a plan to protect against those vulnerabilities
This order will initiate a NERC Reliability Standards development project addressing comprehensive physical security requirements that must also produce results in a highly compressed timeframe.
FERC did not provide a detailed analysis of its justification for ordering NERC to develop Reliability Standards and instead noted only that the physical attacks on electric system facilities could have significant adverse consequences on electric reliability and that the existing Reliability Standards do not protect against that risk. FERC therefore used its authority under section 215(d)(5) of the Federal Power Act to direct NERC to develop appropriate Standards. Although Reliability Standard directives are typically addressed using informal rulemaking procedures, FERC also has the authority to issue such directives on its own initiative and did so in this case. However, FERC noted that, when NERC’s proposed Reliability Standards are filed, FERC will conduct an informal notice-and-comment rulemaking to consider possible approval of those Standards.
Under the FERC directive, NERC’s proposal must contain the three components discussed below.
- Critical Facility Identification Methodology
First, the Reliability Standards must require owners and operators of bulk-power system assets to conduct a risk assessment for their facilities to identify which facilities are critical. “Critical” facilities are those facilities that “if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation or cascading failures.” FERC explained that critical substations and control centers should be captured by the methodology, but it did not direct NERC to adopt a particular type of risk assessment. Instead, the risk assessment results should be subject to external review by another entity, such as NERC, the applicable Regional Entity for the geographic area, the relevant Reliability Coordinator, or another appropriate entity. That third party would have the authority to add or remove facilities from the list of facilities the owner or operator has concluded are critical.
FERC noted that it anticipates that a relatively small number of facilities will be identified as critical and that some bulk-power system owners and operators will not have any critical facilities. However, FERC did not quantify these expectations.
- Vulnerability Identification
The second aspect of the physical security Reliability Standards is a requirement for owners and operators to evaluate the threats to and vulnerabilities of the facilities identified as critical. This evaluation must consider the unique characteristics of each facility as well as what FERC described as physical attacks that “can be realistically contemplated.” According to FERC, this threat and vulnerability identification should also be subject to third-party review.
- Physical Security Plan
The third and final component of the FERC directive is that the Reliability Standards should require owners and operators with critical facilities to develop and implement a security plan to protect against the physical threats and vulnerabilities that they identify. Although the Reliability Standards themselves should not contain specific physical security steps to protect against those risks, FERC expects that the plans should provide an “adequate level of protection” against physical risks. These plans would also be subject to review by specified third parties.
Recognizing that these Reliability Standards will likely result in identifying and documenting highly sensitive security information that could be used to exploit physical vulnerabilities, FERC also directed NERC to treat such information in the Reliability Standards confidentially. FERC explained that the Reliability Standards should ensure that the information will receive sufficient protections, while also enabling FERC, NERC, and the Regional Entities to access it as necessary for compliance monitoring purposes.
NERC’s Reliability Standards development procedure uses an open, stakeholder-based process that includes stakeholder voting. The NERC stakeholder ballot body and NERC’s Board of Trustees must approve the Standards before they are filed with FERC. Interested parties, including the electric utilities likely to be subject to these physical security requirements, may participate in that process. Additional information is available on NERC’s website.