Part of Grid Network »

The Transmission Professionals special interest group covers the distribution of power from generation to final destination. 

14,046 Members

Post

FERC/NERC Issue Paper for Comment on Transparency on Electric Reliability Violations

FERC is seeking public comment on a white paper (FERC notice and paper are attached) jointly prepared by its staff and staff from the North American Electric Reliability Corporation (NERC). The joint staff white paper proposes to provide transparency and public access to information on violations of mandatory reliability standards governing cybersecurity of the bulk electric system while protecting sensitive information that could jeopardize security.   Since 2018, FERC has received an unprecedented number of Freedom of Information Act (FOIA) requests for non-public information in the Notices of Penalty (NOPs) for violations of Critical Infrastructure Protection (CIP) reliability standards. NERC, the designated electric reliability organization, has been submitting CIP NOPs to FERC since 2010; they typically include information regarding the nature of the violations, potential vulnerabilities to cyber systems as a result of noncompliance, and mitigation activities.   The white paper proposes that NERC would submit each notice with a public cover letter that discloses the name of the violator, which reliability standards were violated, and the amount of penalties assessed. Each notice would also contain non-public attachments that detail the nature of the violation, mitigation activity and potential vulnerabilities to cyber systems. These attachments would also contain a request for designation of such information as Critical Energy Infrastructure Information.  As noted in the joint staff white paper, the proposed changes will make distinguishing between public and non-public information straightforward. These revisions should make submission and processing of the notices more efficient while also reducing the risk of inadvertent disclosure of non-public information. While names of violators would be made public, detailed information that could be useful in planning an attack on critical infrastructure, such as details regarding violations, mitigation and vulnerabilities, likely would be considered exempt from FOIA.  FERC is seeking comment on many aspects of the white paper, including: the potential security benefits and, if applicable, risks associated with the proposed NOP format; difficulties with implementation or other concerns that should be considered; and the level of transparency provided by this proposed changed.  Comments are due by September 26, 2019.

 

See the FERC website for more information (www.ferc.gov).  

Paul Dumais's picture

Thank Paul for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

Matt Chester's picture
Matt Chester on Sep 5, 2019 9:42 pm GMT

The joint staff white paper proposes to provide transparency and public access to information on violations of mandatory reliability standards governing cybersecurity of the bulk electric system while protecting sensitive information that could jeopardize security

At a glance, this seems like a common sense solution. What are the arguments against this, Paul, as I'm sure I'm missing some?

Paul Dumais's picture
Paul Dumais on Sep 6, 2019 5:57 pm GMT

The arguments will be that even this compromises security.  Also the transmission owners do not want it ot be public knowledge when they violate relaibility standards and get fined.  

Matt Chester's picture
Matt Chester on Sep 6, 2019 9:54 pm GMT

Well I certainly figured they did not want it to be public when they violate standards! I was more wondering what argument they'd use publicly since "we don't want our customers to know when we mess up" probably wouldn't fly from a PR perspective

Paul Dumais's picture
Paul Dumais on Sep 9, 2019 8:44 pm GMT

I think transmission owners will claim the sharing the information compromises security.  

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »