FERC Order to Impose Stricter Physical Security Standards on Electric Utilities
On March 7th, FERC released a new order (Docket No. RD14-6-000) directing the North American Electric Reliability Corporation (NERC) to develop new reliability standards for the NERC registered entities, the owners and operators of the Bulk-Power System, to address the risks due to physical security threats and vulnerabilities.
“Because the grid is so critical to all aspects of our society and economy, protecting its reliability and resilience is a core responsibility of everyone who works in the electric industry.” FERC Acting Chairman Cheryl LaFleur said. “Today’s order enhances the grid’s resilience by requiring physical security for the facilities most critical to the reliable operation of the Bulk-Power System. It will complement the ongoing efforts of FERC and facility owners and operators to ensure the physical security of the grid.”
In the Commission’s release, the order directed the owners and operators of the Bulk-Power System to take at least three steps to protect physical security.
Gerry Cauley, NERC President, and CEO released a statement on NERC’s website:
“On Friday evening, March 7th, FERC issued a directive to NERC to develop reliability standards to address risks due to physical security threats and vulnerabilities. As you know, FERC Acting Chairman Cheryl LaFleur asked NERC to work with her staff to determine the need for a mandatory standard for physical security. I believe we identified a path forward that focuses on the most critical assets, incorporates risk assessment and further affirms foundational physical security efforts, while providing enough flexibility to avoid prescriptive, lock-step regulation. Any security standard must be dynamic and adaptable to the constantly changing threat environment. As we review the order, I take seriously the comments made by all the Commissioners to ensure that a standard achieves the goals identified in a cost-effective manner.”
As mentioned in a previous AssurX blog, NERC and Industry Move in the Right Direction for Greater Reliability, security vulnerabilities of the electric grid has been a focus for the regulators and registered entities since the attack by gunmen at a California (Metcalf) substation.
Commissioner John Norris, writing a separate opinion, wants Congress to act on protecting sensitive security information “I believe that our success in developing a comprehensive approach to addressing physical vulnerabilities relies at least in part on Congress taking steps to ensure the confidentiality of sensitive security information regarding the physical vulnerabilities of our grid. Currently, the industry remains concerned that confidential security information submitted to the Commission would be subject to disclosure through Freedom of Information Act requests. These concerns have understandably left industry reluctant to provide the Commission with its most sensitive security information related to potential physical threats or vulnerabilities to our power grid. A reliability standard will likely have limited impact if industry, NERC, and the Commission remain unable to safely and securely exchange such information. Thus, I urge Congress to act expeditiously by creating a clearly-defined exemption to the Freedom of Information Act to allow for such exchange of information without fear of disclosure.”