FERC Directs Mandatory Physical Security Standards

Client Alert | 1 min read | 03.14.14

On March 7, 2014, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to develop and file for approval reliability standards addressing threats and vulnerabilities to the physical security of critical facilities on the Bulk-Power System (BPS). The reliability standards must require owners or operators of BPS facilities ("registered entities") to take at least three steps to address risks posed by physical security attacks.

First, registered entities must identify their BPS facilities that "if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation or cascading failures on the Bulk-Power System." Second, registered entities that own or operate such critical facilities must evaluate potential physical threats and vulnerabilities to those facilities. Since potential threats and vulnerabilities will vary depending on the critical facility at issue, registered entities must tailor their evaluations to the unique characteristics of their critical facilities. Third, registered entities must develop and implement a security plan based on this evaluation.

NERC must file the proposed reliability standards by June 5, 2014. This very short time frame reflects the importance of having mandatory rules in place to address these physical security threats to BPS facilities. According to FERC, although many registered entities may already have taken voluntary steps to enhance their BPS facilities' physical security, the new reliability standards will require them to identify risks and have a plan that results in an adequate level of protection against the potential physical threats and vulnerabilities faced at their critical facilities.

Given the short time frame for developing these standards and to avoid problems that could arise from standards developed in haste, registered entities should actively participate to ensure that (1) the standards for determining whether a given BPS facility is critical are not so broad as to include facilities that FERC might not have intended to be covered or that reasonably should not be covered by the new standards, and (2) the standards relating to the threat and vulnerability assessment and security plans are not inappropriately prescriptive.

Contacts

Deborah A. Carpentier
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2857
ZGNhcnBlbnRpZXJAY3Jvd2VsbC5jb20=

Insights

Client Alert | 4 min read | 03.25.26

NAIC Intensifies AI Regulatory Focus: What Health Insurance Payors Need to Know

The National Association of Insurance Commissioners (NAIC) is intensifying its oversight of how insurers use AI — and the pace of regulatory activity shows no signs of slowing. Over the past several months, the NAIC has published a formal Issue Brief staking out its position on federal AI legislation, launched a multistate AI Evaluation Tool pilot aimed at examining insurers’ AI governance programs, and continued to expand adoption of its AI Model Bulletin across state lines. These developments continue a trend towards enhancing regulation; the NAIC adopted AI Principles in 2020 and a Model Bulletin in 2023 clarifying that existing insurance laws apply to AI systems and establishing expectations for governance, documentation, testing, and third-party oversight. That Model Bulletin has now been adopted in approximately 24 states....

Client Alert | 11 min read | 03.25.26
White House National AI Policy Framework Calls for Preempting State Laws, Protecting Children
Client Alert | 3 min read | 03.24.26
California Considering A Massive Expansion of Its Antitrust Laws
Client Alert | 2 min read | 03.23.26
ACTS Survey Compliance Deadline Temporarily Extended: What Higher Education Institutions Need to Know

View All Insights