As NERC’s CIP standards advance, utilities move ahead, haltingly, with implementation.
Christian Hamaker is managing editor of Public Utilities Fortnightly.
Price and supply issues dominate the discussion in the electric industry in the summer of 2006, but it wasn’t long ago that another issue—security—captured the industry’s attention. Now, it’s back again.
In the aftermath of Sept. 11, 2001, physical security issues came to the fore. How could plants be protected against terrorist attacks? After the 2003 Northeast Blackout, cyber-security concerns, never far from the front burner, began to predominate.
“[Security is] a major issue with our members,” says Edison Electric Institute spokesman Jim Owen. “Security, both physical and cyber, very much remains on the radar screen of our senior management.”
While the North American Electric Reliability Council (NERC) has put together standards addressing both areas of security—physical and cyber (see sidebar “Fox, Deer, and Pranksters”)—it’s the organization’s proposed cyber-security efforts that passed another milestone in June, with the passage of Critical Infrastructure Protection (CIP) standards.
Refinements to the standard are still to come. At press time, the newly passed standards had been assessed by the Federal Energy Regulatory Commission (FERC), and the comment period had just closed for utility-industry participants affected by the standards. The commission would not officially comment about ongoing proceedings.