In May 2, 2006, the NERC board of trustees adopted the Critical Infrastructure Protection Cyber Security Standard. This article provides some answers to questions in the form of security program...
The Rush to Reliability
FERC races to impose NERC’s new rules, raising howls of protest in the process.
After pleading with Congress for so many years, and then at last winning the requisite legislative authority to impose mandatory and enforceable standards for electric reliability, to replace its legacy system of voluntary compliance, the North American Electric Reliability Council (NERC) finds itself at a curious juncture.
It wants to slow the transition.
Of course, NERC still urges federal regulators to stay on track as expected to approve a new set of electric reliability standards by June 1—in time to go live for this year’s summer peaking season. However, when it comes to assessing fines and penalties on those violating the new rules, NERC wants to put on the brakes. It wants the Federal Energy Regulatory Commission (FERC) to agree to a grace period of at least six months without general enforcement of monetary penalties—what some have called a “shakedown cruise.” That would allow the industry to gain familiarity with the thousand and more requirements contained in the 100-plus standards that NERC proposed last April. During the transition, extending to Jan. 1, 2008, NERC would evaluate reliability performance and calculate any penalties otherwise owed, which could run to a million dollars a day, per violation. But NERC would not collect any fines, except for violations seen as especially egregious.
Moreover, as was pointed out by the Edison Electric Institute, NERC did not even file its proposed “compliance monitoring and enforcement program” until Nov. 29. Thus, CMEP approval likely would occur very near the projected June 1 startup for compliance, leaving little time for regional reliability entities to tailor their enforcement plans to the CMEP template.
Thus, a delay in enforcement could help NERC put its house in order, but could expose FERC to embarrassment.
Consider, for example, a conversation that transpired at a technical conference held in Washington, D.C., to explore options for reviewing and approving reliability standards not yet flushed out. On that occasion, FERC heard testimony from Kellan Fluckiger, executive director of the electricity division of the Alberta Department of Energy, as he recounted how the Western Interconnection had dealt with unfinished standards in adopting its contractually binding Reliability Management System (RMS):
“One of the things we did in the West with some standards,” he noted, was “to shadow enforce them, meaning violations were noted and publicized, but there was no monetary penalty … for some period of time—six months, a year, or some time to allow the further development of the precise enforcement mechanism.”
Echoing that idea was Charles Yeung, executive director for interregional affairs at the Southwest Power Pool, who testified on behalf of the ISO/RTO Council. He suggested a sort of triage, with regulators moving quickly to fix and approve the high-risk standards that “fall into a financial sanctions category,” but leaving others for voluntary compliance, as per the old regime.
“You’re not really taking anything away from the reliability,” he ventured, “by continuing to enforce them through that method.”