PSE has now released four Technical Bulletins on securing our nation’s substations and reducing risk. Numerous incidents have led to this coordinated effort among electric transmission operators.
The requirements of CIP-014-1 were instituted based on a filing by the United States of America Federal Energy Regulatory Commission (FERC) in regard to 18 CFR Part 40 related to a Physical Security Reliability Standard. The purpose of the Reliability Standard is to enhance physical security measures for the most critical Bulk Power System facilities, excluding generation and power plants, to lessen the overall vulnerability of Bulk Power Systems against physical attacks. The Commission directed NERC to develop Reliability Standard CIP-014-1 as an informational filing. The intent is to follow the rule based on its effective date. An empanelled delegation is receiving votes from members as this is being published.
The Reliability Standards being ordered apply only to critical facilities that, if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation, or cascading failures. These requirements are based on physical security measures to mitigate the effects of direct ballistic attack, explosives, force-on-asset attacks, and even unusual situations including, but not limited to, mischievous drone interaction. The requirements of the CIP directive institute specific unaffiliated review or simultaneous preparation of risk mitigation strategies and physical security specifications and plans by a third party consultant. The requirements are specific in that the qualifications of the third party reviewer have electrical power, physical security, and related experience on a high level with critical asset protection and significant demonstrated experience with law enforcement, and government or military physical security expertise.
The vulnerability assessment and implementation require completion during the Transmission Operators (TOP) communication and threat evaluationspanning a time period of 120 days to conform a satisfactory security plan and 60 days for third party review. Non-compliance means instituting of a Violation Severity Level (VSL) and fines.
With thousands of critical high voltage transformers at possible sites throughout the United States, the identification and classification of those sites in close cooperation with a third party at the threat assessment and vulnerability level stage is required in most cases to meet the total requirement of 180 days through third party review.
The series of Technical Bulletins listed below address eight necessary steps to reduction of risk.