Protecting the Nation’s Power Supply – NERC CIP-014 R1
In March of 2014, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC), to develop and implement reliability standards for electric grid perimeter protection of the nation’s bulk power providers. The reliability standards address the risk of physical and cyber attacks to power grid stations and substations.
The outcome of the FERC mandate was the development and adoption in mid-2014 of the NERC Critical Infrastructure Protection (CIP) standard for security known as CIP-014, Version 5. This is the first time in our nation’s history that a federally mandated security standard for the nation’s electric power grid is in place.
The NERC CIP-014 regulation has six subsections, each outlining in significant detail, a different aspect of perimeter and cyber security protection required for an electric power supplier to be in statute compliance.
NERC CIP-014 R1 – Mandatory Risk Assessment and Review
NERC CIP-014 R1 requires that each transmission owner perform an initial risk assessment and subsequent risk assessments of its transmission stations and substations. This includes all existing substations and those planned to be in service within 24 months. The initial and subsequent risk assessments must consist of a transmission analysis or transmission analyses designed to identify any transmission station(s) or substation(s) that if rendered inoperable or damaged, could result in widespread instability, uncontrolled separation, or cascading within an interconnection. The transmission owner must also identify the primary control center that operationally controls each transmission station or substation identified in the risk assessment.
The regulation acknowledges that risk assessment and vulnerability analysis is not a “one-off” static proposition. Threats are always evolving, and measures to counter threat risks must also evolve. To that end, the R1 requirement specifies that risk assessment reviews and revaluations must be done at different intervals, depending on the level of risk represented at each substation:
• At least once every thirty calendar months for a transmission owner that has identified in its previous risk assessment, one or more transmission stations or substations that if rendered inoperable or damaged, could result in widespread instability, uncontrolled separation, or cascading within an interconnection.
• At least once every sixty calendar months for a transmission owner that has not identified in its previous risk assessment any transmission stations or substations that if rendered inoperable or damaged could result in widespread instability, uncontrolled separation, or cascading within an interconnection.
Effective electric substation security has many elements that must be considered. Cyber threats to operating systems are very real as are physical threats to the substations themselves. Physical security begins with the consideration of perimeter protection.
SecureUSA®, a Betafence Group company, will make sure your substation perimeter security needs are met. Partnering with Betafence, SecureUSA® offers fully compliant CIP-014 Total Solutions Package (TSP) of perimeter defense products. SecureUSA® leads the nation in providing product, sales and service for pollution free, all-electric retractable crash bollards and active vehicle barriers, as well as fixed bollards, barriers, access control gates, and intrusion detection systems.