In wake of the April 2013 attack on PG&E’s Metcalf substation in San Jose, California, the Federal Energy Regulatory Commission (FERC) issued an order directing the North American Electric Reliability Corporation (NERC) to develop standards requiring transmission owners to identify risks posed by physical security threats and vulnerabilities. FERC also will be requiring NERC to implement security measures and draft a security plan to protect the stations and substations from physical attacks.
To comply with the order, NERC filed the proposed CIP-014-1 Physical Security Reliability Standard with FERC on May 23rd, 2014. According to Gerry Cauley, president and chief executive officer of NERC, “The industry has long been engaged in physical security efforts, and FERC’s order outlined an approach that provides for comprehensive integration between existing and new efforts. This approach enhances physical security measures for the most critical facilities and lessens the overall vulnerability of the bulk power system.”
Consistent with the Physical Security Order, the proposed standard requires transmission owners to identify and protect critical transmission stations and substations in addition to their associated primary control centers — simply, if being damaged or rendered inoperable as a result of a physical attack could result in widespread instability, uncontrolled separation, or cascading within an interconnection, those stations must be protected.
The proposed Reliability Standard requires Transmission Owners to take the following steps to address the risks that physical attacks pose to the reliable operation of the Bulk-Power System:
Perform a risk assessment of the critical facilities including transmission stations, transmission substations, and the primary control centers that operationally (i.e., physically) control them.Develop and implement a security plan based upon the evaluation of threats and vulnerabilities, designed to protect against and mitigate the impact of physical attacks that may compromise the operability or recovery of the identified critical facilities.
Conduct a 3rd Party review of the security plan developed for the identified stations and substations. This would include the review of the security measures proposed based on the risk assessment conducted.
Additionally, proposed Reliability Standard CIP-014-1 includes requirements for:
- the protection of sensitive or confidential information from public disclosure;
- the periodic reevaluation of the identification of critical facilities, the evaluation of threats and vulnerabilities, and the security plans to help ensure their continued effectiveness;
This standard will help transmission owners to effectively identify and implement security measures designed to deter, detect, delay, assess, communicate, and respond to potential physical threats and vulnerabilities, making another physical attack on a station or substation essentially impossible.