State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
NERC's Reliability Standards: The Good, the Bad, and the Fill-in-the-Blanks
How to prepare for mandatory enforcement.
transfer capability (ATC).
• “Fill-in-the-Blank” Standards. In its petition, NERC identified “fill-in-the-blank” standards as those standards that do not contain a specific requirement that is enforceable for users, owners and operators of the grid, but rather provides only broad direction to the regional reliability organizations to adopt a particular program standard and to develop the specifics of the standard through a regional stakeholder process. Staff expressed a concern that “fill-in-the-blank” standards may not be enforceable under Federal Power Act (FPA) § 215 if they apply only to a regional entity.
• Applicability. FPA § 215 requires that “all users, owners, and operators” comply with mandatory reliability standards approved by the commission. Staff expressed a concern that NERC’s proposed reliability standards do not define or list the “users, owners, and operators” that are required to follow the standard. Staff recommends clarification of the applicability of each standard.
In its Preliminary Assessment, FERC staff also divided the reliability standards into three groups:
• Fifty-one reliability standards are, for the most part, complete but may need some improvement. FERC may consider proposed changes and improvements to these reliability standards as part of any rulemaking proceeding.
• Twenty-six reliability standards are referred to as “fill-in-the-blank” standards. These reliability standards provide no clear enforceable standard as currently drafted. Rather, the NERC reliability standard provides broad direction to a regional entity so that the regional entity may develop a standard for its region. Staff expressed concern that these types of standards are not enforceable against users, owners, and operators of the grid, but rather only provide broad direction to regional reliability organizations. Furthermore, such standards have not undergone an approval process under FPA § 215 and thus cannot be enforced by FERC or the ERO.
• Twenty-five reliability standards do not contain measures for determining whether an entity is complying with the standard or levels of non-compliance necessary to gauge the severity of non-compliance. Without these elements, such reliability standards are much more susceptible to multiple interpretations and inconsistent enforcement across regions.
To deal with the various levels of development, NERC proposed that FERC approve the 51 reliability standards in the first group for enforcement. NERC also proposed that FERC conditionally approve the reliability standards in the other two groups. While the reliability standards in the second and third groups would be enforceable, consideration would be given to the developing nature of such reliability standards and enforcement would be adjusted accordingly.
NERC also proposed to file with FERC, no later than Nov. 8, 2006, measures and levels of non-compliance for the 25 reliability standards that are missing those elements, as well as a work plan to address issues associated with the 26 “fill-in-the-blank” reliability standards. The work plan would provide a detailed schedule for addressing all of the conditionally approved regional “fill-in-the-blank” standards either by developing uniform North American standards to replace the regional standards, developing regional reliability standards through approved procedures, or not including the regional criteria within reliability standards.
Implications for Reliability Rules
Chairman Kelliher has stated publicly that FERC vigorously will enforce the reliability standards.