NERC’s new cyber security rules may minimize cost of compliance, but they leave utilities guessing on how to identify risks.
Bruce W. Radford is publisher of Public Utilities Fortnightly.
Liam Baker, vice president for regulatory affairs at US Power Generating, questions whether his company’s power plants and control systems in New York and Massachusetts must comply with the electric industry’s new mandatory standards for cyber security.
Baker voiced his doubts in written comments he filed in October with the Federal Energy Regulatory Commission (FERC). It all starts with ISO New England (ISO-NE), which runs the market dispatch for the power plants that US Gen owns through its indirect subsidiary, Boston Generating, LLC.
“ISO-NE’s dispatch philosophy,” Baker explains, “is the system can always withstand the sudden loss of the largest generator in the region.” And New England’s capacity market,” he adds, with its built-in reserve margin, “further ensures that, even on the hottest peak-load days, there is sufficient operable capacity to securely cover load with multiple large generators out of service.”