Three-Step Approach
The FERC did not impose a “one size fits all” approach to protecting physical security, but directed NERC to include in the Reliability Standards a three-step approach to addressing physical security risks.
Step One: Risk Assessment and Identification of “Critical Facilities”
First, the FERC directed that the Reliability Standards “should require owners or operators of the Bulk-Power System to perform a risk assessment” to identify their “critical facilities,” i.e., those which, “if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation or cascading failures.” The FERC did not require a specific type of risk assessment, but stated that the methodologies used to determine “critical facilities” should be “based on objective analysis, technical expertise, and experienced judgment.” In addition, the Reliability Standards “should allow owners or operators to consider resilience of the grid in the risk assessment when identifying critical facilities, and the elements that make up those facilities, such as transformers that typically require significant time to repair or replace.”
Step Two: Threat and Vulnerability Evaluation
Second, the FERC directed that the Reliability Standards should require owners or operators of “critical facilities” to evaluate potential threats and vulnerabilities to those facilities based on factors such as location, size, function, existing protections, and “attractiveness as a target.” Thus, the FERC stated, the Reliability Standards should require owners or operators to tailor their threat and vulnerability evaluation “to the unique characteristics of the identified critical facilities and the type of attacks that can be realistically contemplated.”
Step Three: Security Plans
Third, the FERC directed that the Reliability Standards should require owners or operators of critical facilities to develop, validate, and implement security plans “designed to protect against attacks to those . . . facilities based on the assessment of the potential threats and vulnerabilities to their physical security.” The Reliability Standards “need not dictate specific steps an entity must take to protect against attacks,” but must require owners and operators of critical facilities to have plan that provides “an adequate level of protection against the potential physical threats and vulnerabilities they face.”
Confidentiality, Independent and Periodic Review, and Implementation
Because of the sensitive nature of the information related to all three steps, the FERC also required NERC to include in the proposed Reliability Standards a procedure to “ensure confidential treatment of sensitive or confidential information but still allow for the [FERC], NERC and the Regional Entities to review and inspect any information that is needed to ensure compliance with the Reliability Standards.”
In addition, the FERC noted that the risk assessments, threat and vulnerability evaluations, and security plans should be independently reviewed by an entity other than the owner or operator, such as the FERC, NERC, a Regional Entity, Reliability Coordinator, or other entity with appropriate expertise, and that the proposed Reliability Standards should require that all three “be periodically reevaluated and revised to ensure their continued effectiveness.”
The FERC did not impose an implementation timeline for the Reliability Standards, but required NERC to “develop an implementation plan that requires owners or operators of the Bulk-Power System to implement the Reliability Standards in a timely fashion, balancing the importance of protecting the Bulk-Power System from harm while giving the owners or operators adequate time to meaningfully implement the requirements.”
Commissioner Norris’s Concurrence and Concerns
In a separate statement, Commissioner Norris expressed support for the order, but noted several areas of concern. First, Commissioner Norris noted that the procedural approach the FERC selected, which, due to the its ex parte rules, will limit communication and engagement between industry and the FERC, as well as the “uniquely expedited nature” of the standards development process, could weaken that process. To mitigate these issues, Commissioner Norris encouraged broad participation in the NERC standards development process and the forthcoming FERC rulemaking proceeding. Commissioner Norris also cautioned parties to “be mindful of the Commission’s expectation that the number of critical facilities identified will be relatively small compared to the number of facilities that comprise the Bulk-Power System and [to] strive for balance between the measures related to physical security and the costs for consumers.”
Second, Commissioner Norris expressed his concern regarding the sensitivity of information regarding the physical vulnerabilities of the power grid and urged Congress to expeditiously create a clearly-defined Freedom of Information Act exemption to facilitate the exchange of information important to the Reliability Standards development process among industry, the FERC, and NERC without fear of disclosure.
Third, Commissioner Norris expressed his concern that recent efforts to protect reliability have focused too narrowly on physical security. Instead, Commissioner Norris argued, equal focus on and dedication of resources to other threats, including cyber-attacks, geomagnetic disturbances, electromagnetic pulses, and natural disasters, are necessary.
Finally, Commissioner Norris cautioned against overreaction to the widely-reported April 2013 attack on PG&E’s Metcalf Substation, which has received significant attention in recent months from legislators and regulators (as we discussed in prior posts available here, here, and here). Specifically, Commissioner Norris noted that he remains concerned that “recent momentum will result in the electricity sector potentially spending billions of dollars erecting physical barriers to protect our grid infrastructure,” with “most if not all of those costs . . . passed through to ratepayers.” Instead, Commissioner Norris believes that “the more prudent approach is to focus on building a smarter and more agile grid, incorporating better communication and coordination, to mitigate against the multiple forms of risks that we face,” as well as to “more readily integrate intermittent resources, increase demand-side management capabilities, enhance the competitiveness of the wholesale energy market and more.”
Potential Implications
Ultimately, the effect of the FERC’s order will depend on the outcomes of the NERC standards development process and FERC rulemaking proceeding. For owners and operators of facilities that are part of the Bulk-Power System that already have assessed the risks to and vulnerabilities of their critical facilities and implemented protective measures, the Reliability Standards, as ultimately adopted, might not require significant further action or costs. For other entities, the costs of compliance with the new Reliability Standards could be significant. Either way, because of the expedited timeline for NERC to develop and propose the standards, NERC-registered entities should be sure to voice their concerns in the NERC and FERC proceedings.