FERC orders new standards to enhance grid security

Source: Hannah Northey, E&E reporter • Posted: Tuesday, March 11, 2014

The Federal Energy Regulatory Commission ordered grid overseers Friday to develop new rules to guard against physical threats, responding to growing calls on Capitol Hill for stepped-up action following an attack by gunmen on a California power substation last year.FERC’s acting chairwoman and three commissioners unanimously ordered the North American Electric Reliability Corp. (NERC), an industry group that oversees the grid, to craft one or more new security standards that electric utilities must implement to protect major substations and other critical infrastructure from physical threats.Commissioner John Norris reiterated his call for all stakeholders to weigh in and consider the burden on industry — potentially billions of dollars in new equipment — while pushing for a smarter, more flexible and secure grid.

In a statement, Norris also urged Congress to allow the agency to collect “sensitive security information” regarding physical vulnerabilities to the grid but said it not be forced to make those data public.

“Currently, industry remains concerned that confidential security information submitted to the commission would be subject to disclosure through Freedom of Information Act requests,” Norris said. “These concerns have understandably left industry reluctant to provide the commission with its most sensitive security information related to potential physical threats or vulnerabilities to our power grid.”

FERC’s order arrives on the heels of growing calls among lawmakers alarmed by a Feb. 16 Wall Street Journal story that outlined a high-profile — and still unsolved — attack on a substation in California last April. Former FERC Chairman Jon Wellinghoff called the attack “the most significant incident of domestic terrorism involving the grid that has ever occurred” (Greenwire, Feb. 20).

FERC’s order directs NERC to craft the new standards through a stakeholder process within 90 days. FERC will have the final say on whether the standards move forward.

The commission said the standards should require utilities to identify infrastructure critical to the system’s overall reliability and develop plans for protecting that equipment.

But FERC, which is required to follow the NERC stakeholder process, stopped short of issuing across-the-board requirements for all utilities.

“The commission appreciates that many owners and operators of critical facilities already have separately taken steps to enhance the physical security of their facilities,” the agency said. “We also recognize that there is not a ‘one size fits all’ response to protect against physical security threats, and we do not seek to impose one by this order.”

The industry welcomed the agency’s flexible approach.

“We appreciate that FERC recognized that the industry takes ongoing actions to protect critical assets to the electric grid and that a standard is not a one-size-fits-all solution,” said James Fama, the Edison Electric Institute’s vice president of energy delivery, in a statement. “Standards are static, while threats to the grid are dynamic. That is why close coordination between government and industry is critical.”

Energy and Commerce Chairman Fred Upton (R-Mich.) in a statement said the rule is encouraging. “Ensuring the security and reliability of the electric grid remains a priority for this committee, and we will continue our oversight of all emerging threats, including cyber attacks, acts of terrorism, electromagnetic pulses, and strict government mandates and regulations that threaten reliability,” Upton said.

Allison Clements, director of the Sustainable FERC Project housed within the Natural Resources Defense Council, praised the rule and said she hopes FERC will push forward with addressing cybersecurity concerns that Norris mentioned.

“The rule is great, but we hope the commission doesn’t stop there,” she said.