Reliability of the bulk power system may not be as sexy as news of “got-rich-quick” energy traders and alleged insidious market manipulation. But for those on the ground balancing the practicalities of ensuring electricity arrives when and where it is needed with a carousal of mandatory regulations, it can be every bit as interesting.
Cue one of the North American Electric Reliability Corp.’s (NERC’s) newly effective Reliability Standards. CIP-014-1 sets forth six requirements (and several sub-requirements) designed to guard against physical attacks to the grid. It is commonly understood that this nascent standard is the progeny of two significant events that occurred in early 2013.
First, then-Chairman of the Federal Energy Regulatory Commission (FERC) Jon Wellinghoff directed his staff to conduct a power-flow analysis to assess grid vulnerability to physical attacks. The analysis suggested that coordinated attacks on as few as nine critical transmission facilities could cripple the grid, causing nationwide blackouts that could last months. Shortly thereafter, on April 16, an actual attack occurred on the Metcalf substation in San Jose, Calif. The Metcalf incident did not result in outages, and neither it nor the FERC analysis gained widespread attention until early 2014, after the former chairman had stepped down from FERC, entered private practice, and spoke with the media.
Politicians in the throes of an important election year were confronted with national headlines asserting that the U.S. was at risk of a national blackout from a small-scale attack. The results of FERC’s power-flow analysis were publicized, and the Metcalf incident was cast as a sophisticated terrorist attack.
The response was decisive. A congressional inquiry was sent to FERC and NERC by a quartet of senators, including the former majority leader. Leaders of the U.S. Senate Committee on Energy and Natural Resources called for the Department of Energy’s Office of the Inspector General (OIG) to conduct an investigation. Allegations were made that the power-flow study was classified, impermissibly leaked, and provided a “road-map” for saboteurs. Against this backdrop, FERC directed NERC to develop a Reliability Standard to address the physical security of the grid.
NERC, as the designated Electric Reliability Organization under the Federal Power Act, is the only entity that can actually create Reliability Standards; FERC can only approve them or, as here, order NERC to create a standard that fits enumerated requirements. FERC has wielded that latter authority only one other time in recent years, when it directed the creation of a standard to address the risk of geomagnetic disturbances. NERC then commenced the compulsory stakeholder process required to develop a Reliability Standard per its Standard Processes Manual and presented FERC with CIP-014-1. FERC approved the standard in Order No. 802 on Nov. 11, 2014, with certain revisions that are due this summer.
CIP-014-1 is crafted in the modern, results-oriented NERC style and attempts to maximize compliance flexibility. It requires that transmission operators and some transmission owners conduct a risk-based assessment to determine transmission stations and substations with a “critical impact” on the grid, consider the “potential threats and vulnerabilities of a physical attack” on each asset, and then develop and implement a program to mitigate the hypothetical threats and vulnerabilities.
Compliance flexibility can be bittersweet. The standard allows entities to tailor obligations to the reality of their operations. Nevertheless, the standard is a formal requirement mandated by a government entity with $1 million/day/penalty enforcement authority, and thus it may inadvertently incentivize entities to mitigate compliance risks by designating the fewest possible implicated assets and adopt the least amount of reasonable protective measures.
Moreover, the standard is based on conceivable threats and will thus necessarily lag behind the unimaginable threats of tomorrow. Despite the dubious value of the standard, significant government and stakeholder resources have been consumed to develop the standard and substantially more will be necessary to comply with, monitor, and enforce its requirements.
It is unlikely NERC would have proposed CIP-014-1 of its own volition. In recent years, NERC has opted to provide informal industry guidance following reliability events rather than adopt incident-specific Reliability Standards. For example, NERC has issued reactive guidance following multiple severe weather incidents.
In fact, NERC has maintained guidelines on physical security protection since 2002 that include measures for evaluating and protecting transmission infrastructure. Even more telling is NERC President Gerry W. Cauley’s initial response to the 2014 congressional inquiry, in which he stated he was “concerned that a rule-based approach for physical security would not provide the flexibility needed to deal with the widely varying risk profiles and circumstances across the North American grid and would instead create unnecessary and inefficient regulatory burdens and compliance obligations.”
Political vs. Practical Industry Operations
Fast-forward to a Sept. 9, 2014, industry conference. An FBI agent investigating the Metcalf incident told conference participants that the attack was not, in fact, terrorism—nor was it particularly sophisticated. The agent explained that many incidents of grid sabotage reported to the FBI are carried out by disgruntled utility employees seeking to get back at the utility, not to “terrorize the population.” Advance further to Jan. 30, 2015, the date the OIG published the results of its investigation. That report concluded that the “loss of the critical substations identified in the [FERC power-flow] analysis would not result in the consequence described in the analysis or any other consequence that could be reasonably expected to result in damage to national security.”
Regardless of its pedigree, compliance with a FERC-approved NERC Reliability Standard is mandatory and extremely important. So is common sense and an ongoing real-time analysis of the security of all bulk power system facilities and adoption of measures to enhance the resiliency of the grid by those who understand the system best. ■
– Caileen Gamache (firstname.lastname@example.org) is counsel in Davis Wright Tremaine’s Energy practice group in Washington, D.C.