FERC Approves NERC Physical Security Standard

In Order No. 802, the Federal Energy Regulatory Commission (FERC) approved the Physical Security Standard proposed by the North American Electric Reliability Corporation (NERC) in Reliability Standard CIP-014-01 to enhance the physical security of the most critical facilities of the bulk electric system (BES), and thereby reduce the vulnerability of the grid to physical attacks. Other administrative programs affecting critical infrastructure, such as those in the chemical and transportation industries, can help Transmission Owners (TOs) and Transmission Operators (TOPs) implement and comply with the Physical Security Standard.

The Physical Security Standard requires certain NERC-registered TOs to perform risk assessments to determine whether their transmission facilities and related control centers, if rendered inoperable or damaged, could adversely impact reliable BES operation, resulting in instability, uncontrolled separation or cascading failures. If a TO owns such a facility, it (and any associated TOP) must develop and implement a security plan to protect that facility from physical attacks based on the potential threats to and vulnerabilities of the facility from a physical attack. The risk assessments and security plans must be reviewed by an unaffiliated physical security expert.

Considerations

The Physical Security Standard was fast-tracked by FERC and NERC in response to concerns raised by Congress following the 2013 shooting incident at a California substation. The Standard is intended to apply only to the most critical BES facilities, while allowing TOs and TOPs sufficient latitude to develop and implement individual security plans that meet the Physical Security Standard.

Because the Physical Security Standard is new, TOs and TOPs face significant uncertainty as to implementation. Lessons may be taken from other NERC reliability standards and from other administrative programs affecting critical infrastructure, including the Chemical Facility Anti-Terrorism Standards (CFATS) and the Coast Guard Maritime Transportation Security Act (MTSA), which impose similar requirements on owners and operators of critical infrastructure to conduct security vulnerability assessments and develop site security plans. 

Compliance activities associated with CFATS and MTSA (as well as compliance activities associated with other NERC reliability standards) can inform an affected TO/TOP in implementing the Physical Security Standard, and provide guidance for working with counsel and technical consultants in developing vulnerability assessments and physical security plans, managing sensitive security information and developing and maintaining sufficient evidence to demonstrate compliance. Crowell & Moring attorneys have substantial experience in all of these areas.