NERC submits report to Federal Energy Regulatory Commission on security of bulk power system
The North American Electric Reliability Corp. (NERC) has filed a report with the Federal Energy Regulatory Commission (FERC) on whether a minimum level of physical security protections should be established for all bulk power system transmission stations, substations, and primary control centers.
In December, FERC directed NERC to evaluate whether the physical security protection requirements adequately address the risks associated with physical attacks on bulk power system (BPS) facilities. Specifically, the evaluation would look at the adequacy of the applicability criteria outlined in the Physical Security Reliability Standard, the adequacy of the required risk assessment outlined in the Physical Security Reliability Standard, and whether a minimum level of physical security protections should be required for all BPS substations and their associated primary control centers.
Broadly, the purpose of the reliability standard is to “identify and protect Transmission stations and Transmission substations, and their associated primary control centers, that if rendered inoperable or damaged as a result of a physical attack could result in instability, uncontrolled separation, or Cascading within an Interconnection.”
The NERC report does not recommend expansion of the applicability criteria or a common minimum level of physical security protections. In addition, NERC found no evidence that expanding the criteria would identify additional substations as critical.
“This evaluation was important given the heightened physical security threat environment and the high-profile attacks which occurred in the fourth quarter of 2022. Our study outlines actions to strengthen the physical security standard and foster robust stakeholder engagement to consider additional risk-based enhancements,” NERC President and CEO Jim Robb said. “Following recent events, industry, and the E-ISAC developed and shared a physical security resource guide that detailed broader considerations in developing a physical security approach for all assets beyond those identified as critical by CIP-014. The actions outlined in our report will help further secure critical bulk power system assets and ensure the foundational protections of CIP-014 are keeping pace with a dynamic risk environment.”
Moreover, the NERC report finds that the objective of the risk assessment requirement is appropriate but should be refined to help ensure the assessments are consistent. To promote consistency, NERC will initiate a standards development project to clarify risk assessment expectations, including for dynamic studies.
However, NERC said there is a need to evaluate additional reliability, resiliency, and security measures, given the increase in physical security attacks on bulk power system substations. Toward that end, NERC will work with FERC staff to hold a technical conference to study appropriate levels of physical protection further.
NERC advocates taking a risk-based approach to determine the necessary level of investment based on local risk factors, regional system configuration, and the asset’s mean time to recover. The conference will gather additional data on protection, response, and resiliency measures and discuss how they could be incorporated into reliability standards or guidelines. Further, it will identify which substations should be studied and establish data needs periodically to determine whether they should be included in the applicability criteria.
