NERC’s new cyber security rules may minimize cost of compliance, but they leave utilities guessing on how to identify risks.
Liam Baker, vice president for regulatory affairs at US Power Generating, questions whether his company’s power plants and control systems in New York and Massachusetts must comply with the electric industry’s new mandatory standards for cyber security. Baker voiced his doubts in written comments he filed in October with FERC.
Before the hearings started, I felt the number of critical cyber assets for a medium size utility would be on the order of several thousand, not 20 as some major utilities are identifying under the CIP standards. This should be a red flag for the industry.
Grid reliability depends on ‘reasonable business judgment’
The word “security” no longer means what it used to mean. Now, “security” means gates, guards and guns. It means protecting critical assets with a multi-layered cyber and physical perimeter. It means exercising vigilance and caution, and accepting inconvenience as a matter of routine.
Production constraints and demand pressures mean high gas prices are here to stay.
Volatility in energy prices is both a scary and wonderful thing. It brings risks that must be managed under uncertain future conditions. It also brings opportunities to profit from price movement and competitive market advantages exploited through strategy, skill and luck. Just how good the outcome of such volatility can be depends on how well each market participant studies the fundamentals, manages uncertainty and remains flexible.
FERC would relax price caps—sending rates skyward—to encourage customers to curtail loads.
About four months ago, at a conference at Stanford University’s Center for International Development, the economist and utility industry expert Frank Wolak turned heads with a not-so-new but very outrageous idea.
Independent system operators and regional transmission organizations recognize the value in having a common IT architecture.
In today’s modern business environment, standards for products and services have become common—and expected—practice. The time is right for creating a common language among the critical software tools needed to deliver a reliable, competitively priced supply of electricity through today’s integrated power grids and wholesale market structures.
NERC’s first critical-infrastructure standard is now enforceable. But cyber rules await approval.
Cyber standards proposed by the North American Electric Reliability Corp. are in limbo this summer, although the Federal Energy Regulatory Commission anticipates taking action on them soon. Once approved, however, how will the two organizations work together to enforce compliance?
Why predictions from the Energy Information Administration may contain systematic errors.
Natural-gas estimates from the Energy Information Administration (EIA) are supposed to be “policy neutral.” Are they? Over the past decade, EIA forecasts for NG differ substantially from actual outcomes—even though overestimations of supply capabilities could lead to underestimating the costs of carbon regulations.
Five effective strategies for managing escalating input costs.
It is time to adapt to new rules of the game, and change procurement tactics. Read these five effective strategies for managing escalating input costs.
How utilities can navigate critical infrastructure protection requirements.
Operations personnel at many energy companies feel the pressure of achieving compliance with the NERC CIP standards. Some worry that they are not aware of the problems and security incidents that have occurred within their critical infrastructures. Some know that they do not have the procedures in place to maintain CIP compliance.