State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
Too Much Reliability
NERC confronts a case backlog now numbering in the thousands.
to FERC a new version 7 of its ANSI-accredited process manual for developing reliability standards, thus complying with a FERC directive issued in September. The new manual should allow drafting teams to collect informal feedback from industry stakeholders in the early stages of standards development, thus taking the process “off line,” as NERC CEO Cauley has described it, with no need to conduct a formal written comment-and-reply procedure akin to a federal rulemaking ( See, Compliance Filing of NERC, Dkt. RR10-12, Dec. 1, 2010 ).
This last reform should prove welcome, as it now takes NERC an average of 21 months to initiate and complete a new standard. At the July summit, Wellinghoff cited that lag as especially problematic in the case of smart grid development (for which NIST is developing commercial standards for technological applications, interoperability, and so forth), if FERC should find that some NIST standards might intrude on reliability: “NIST has already taken over a year and a half … I would not want another 21 months to elapse.”
Many want NERC to embrace an “80/20” model: focus on the 20 percent of standards that produce 80 percent of the benefits in improved reliability. Yet that still leaves the problem of ambiguous terms buried in the text of reliability standards. California Independent System Operator, for example, recently documented how often certain ambiguous adverbs and adjectives crop up in NERC standards: “significant” (19 times); “sufficient” (72); “appropriate” (198).
APPA’s Mosher told this story at the July summit:
“When I first … started attending NERC operating committee meetings, I went running from the room screaming at one point, saying, `Can’t you get an English major into the room here?’
“They were writing things that told nobody what they had to do. They were completely ambiguous.”
A National Conversation
At the July summit, FERC commissioner Moeller posed a thought experiment:
“One of the things I’d like to do is ask people to think about where do we want to be … in 10 years on reliability, because we’ve been so focused on the now, that it’s been difficult to think out.”
When FERC approved NERC in 2006 as the official reliability czar, with powers of enforcement subject to commission oversight (which most experts felt was absolutely required after FERC began introducing market elements into the bulk power sector), it naturally approved the customs, procedures, and protocols that made up the reliability structure as of that moment. Yet, the simple act of transforming a voluntary process to a mandatory one might well lead inexorably to a new archetype; could it be that a market-based bulk power industry also demands a market-based reliability regime?
Consider the FERC’s stated intention in Turlock—that it will consider the effects of loss of load when it reviews the penalties that NERC proposes to assess for violations of reliability standards.
At the July summit, the consensus seemed to be that a cascading outage marks the real line in the sand. To follow up, FERC staffer Joseph McClelland at one point led a long discussion of what makes a