Tuesday, February 10, 2015

CIP-014 Implementation Update from NERC

On February 9, 2015, NERC posted an email regarding implementation of CIP-014-1, Physical Security.

In its email NERC offered three links to items of interest.  They included:
And, for the reader's reference, here is the link to CIP-014-1.  Also, I wrote a blog about CIP-014 back on July 22, 2014.

CIP-014 Memo to Industry

The memo to the industry is from the NERC Compliance Assurance organization.  The specific focus of the memo is on CIP-14 Risk Assessment and Third-Party Verifications.  Notably the memo's purpose is to highlight acceptable approaches when implementing Requirements 1 and 2 of CIP-014.

Requirements 1 and 2 required Transmission Owners to perform a risk assessment and third-party verification process to identify Transmission stations and Transmission substations that will ultimately be subject to a physical security assessment (Requirement 4) and the implementation of subsequent physical security plan(s) (Requirement 5).

Per the CIP-014 implementation plans, each applicable Transmission Owner must perform its Requirement 1 risk assessment by October 1, 2015.

Then, within 90 days of completing the R1 risk assessment (i.e., by December 30, 2015) the Transmission owner must ensure that the third-party verifier completes the verification.

Within 60 days of completing the verification the Transmission Owner must either 1) modify its risk assessment to be consistent with the recommendations of the verifier, if any, or 2) document the technical basis for not modifying its risk assessment in accordance with any recommendations.

The memo does need to be read in its entirety; however, a key comment at the end that is probably most useful is that applicable Transmission Owners "...are expected to demonstrate effective application for NERC and the Regional Entities to be able to fully understand, for example:

  • Why certain stations or substations are identified to meet the criteria in Requirement 1
  • Similarly, why certain stations or substations were not identified by Requirement 1
  • What are the defining characteristics of stations and substations identified by Requirement 1
  • How the third-party verifying the risk assessment meets the qualifications in Requirement 2 and the mean the third party used to ensure effective verification."

This document was prepared by the North American Transmission Forum (NATF) and issued on January 19, 2015.  The NATF is headquartered in Charlotte, NC and its members include investor-owned, state-authorized, municipal, cooperative, US federal, and Canadian provincial utilities.  The NATF "...promotes the highest levels of reliability in the operation of the electric transmission systems."

The intent of the document issued by NATF is to provide a general guideline for the risk assessment identified in R1 of CIP-014.  

The guideline offers five suggested steps for the Transmission Owner to follow to accomplish Requirement 1.  A high-level summary of the steps include:
  • Step 1:  The Transmission Owner identifies stations to be analyzed based on criteria in CIP-014-1, Section 4.1.1
  • Step 2:  The Transmission Owner identifies cases/system conditions to be analyzed.  Some cases could include -- summer vs winter peak load levels, shoulder peak load levels with system transfers, alternative generation dispatch assumptions or alternative load models.
  • Step 3:  The Transmission Owner defines the nature of the initiating event and how it will be modeled in the transmission assessment
  • Step 4:  The Transmission Owner is responsible for development of criteria/proxies for instability, uncontrolled separation or Cascading.
  • Step 5:  The Transmission Owner performs appropriate steady-state power flow and/or stability analysis.
There are substantially more details provided under each step in the Guideline.

NERC Physical Security Web Page

A third link in the NERC announcement is for their Physical Security web page (a screenshot is shown below).

This page appears to be an excellent resource for those focused in CIP-014 implementation and compliance.


This blog does not offer adequate details on the contents of the referenced documents, therefore, taking time -- and having your power engineers taking time -- to read the CIP-014 requirements and the guidance from NERC and NATF will be worthwhile.