Impact of NERC CIP Reliability Standard Version 4 for Generation Facilities
The Critical Asset status of a number of generation facilities and other related BES assets may change based on the recently approved (by FERC) Version 4 of the NERC CIP Reliability Standard. The "Bright Line" criteria resident in CIP-002, Version 4 is intended to clarify what generation facility and transmission assets are indeed Critical Assets. Version 4 of the standard, in terms of defining generation facilities as Critical Assets, states that the following generation facilities shall be designated as Critical Assets:
- "Each group of generating units (including nuclear generation) at a single plant location with an aggregate highest rated net Real Power capability of the preceding 12 months equal to or exceeding 1,500 MW in a single Interconnection."
- "Each generation Facility that the Planning Coordinator or Transmission Planner designates and informs the Generator Owner or Generator Operator as necessary to avoid BES Adverse Reliability Impacts in the long-term planning horizon."
- "Each Blackstart Resource identified in the Transmission Operator's restoration plan."
Additionally, the Facilities comprising the Cranking Paths and meeting the initial switching requirements from the Blackstart Resource to the first interconnection point of the generation unit(s) to be started, or up to the point on the Cranking Path where two or more path options exist, as identified in the Transmission Operator's restoration plan shall also be designated as Critical Assets.
The impact of defining a generation facility or related BES facilities as a Critical Asset is largely based on the presence or absence of Critical Cyber Assets (CCAs). If CCAs are present, all provisions of the CIP Reliability Standard will need to be implemented having a potential impact to the operations of the facility. However, there are strategies to minimize CCAs from some networks depending upon the systems architecture and connectivity requirements. Investigations into viable alternatives are highly recommended. Even if Critical Cyber Assets are not present, we recommend a minimal set of security program provisions be designed and implemented to:
- Prevent the unintentional reconfiguration or changes made in the plant networks altering the connectivity of a cyber asset that results in a reclassification of a cyber asset as a CCA, and
- Provide a prudent level of physical and cyber security commensurate with the operational and business risks of the generation facility.
DYONYX specializes in the proper identification of CCAs, providing recommendations to minimize CCAs, and assisting utilities in achieving compliance for those CCAs present. We provide a rapid development and implementation of security programs using our proven process templates, policies, and documents to allow compliance to be achieved in the shortest possible timeframe. If your generation facility falls within the new classification criteria, give us a call to discuss our efficient and comprehensive approach to mitigate the impact on your operations.
Founded in 1996, DYONYX LP, is a privately held information technology outsource and consulting firm dedicated to helping clients improve their productivity and security and reduce their cost and risk through a proven set of methodologies, extensive experience, deep skills and world class service at reasonable rates. DYONYX provides a comprehensive suite of support services to the electric utility industry that includes security program designs, IT systems architecture designs, secure network designs, physical and cyber security vulnerability assessments, business continuity and disaster recovery planning, and end-to-end project management.
Please contact us at:
Ron Blume, P.E.
Vice President, Professional Services
1235 N. Loop West
Houston, TX 77008
Direct: (972) 369-7932
To learn more, visit www.dyonyx.com