- The North American Electric Reliability Corp. and the six regional reliability entities have published a white paper introducing a “” to help integrate cybersecurity efforts into bulk power system, or BPS, planning activities.
- The “relative newness” of the cyber threat largely means the concept of a coordinated attack on the BPS is not modeled in today’s transmission planning practices, according to the May 8 white paper. The framework is designed to drive investments in cybersecurity and be used by stakeholders, regulators and others to perform reliability studies.
- The white paper also aims to “potentially reduce the number of critical facilities and their attack exposure.” Minimum physical security standards do not need to be expanded to cover more grid assets, said NERC, but stakeholders need to “evaluate additional reliability, resiliency, and security measures designed to mitigate the risks.”
Dive Insight:Transmission planners are “strongly encouraged” to consider the framework and adopt the concepts into their business practices, according to the white paper. The paper provides a “roadmap for integrating cyber security into transmission planning activities.” The white paper is focused on how the framework can be “established to map cyber security risks to BPS reliability studies,” among other questions.
“The concept of a coordinated cyber attack and its impact on BPS reliability is not currently or generally studied as
part of standard industry practice,” NERC said.
The white paper is part of a series of explorations into grid risks and challenges. In November, NERC published a Distributed Energy Resource Strategy꧙ examining approaches to reliably integrate tens of thousands of aggregated megawatts to the bulk power system. A white paper on the security impacts of DERs is expected in the second half of 2023.
Last year, following attacks on substations and other energy infrastructure, the Federal Energy Regulatory Commission asked NERC to determine 🔜whether physical security grid reliability standards should be strengthened. NERC concluded current infrastructure protocols for critical substations “appropriately focuses limited industry resources” and should not be expanded.In its white paper, however, NERC said while it is not recommending an expansion of the CIP-014 applicability criteria, an increase in physical security attacks on BPS substations means there is a need to evaluate additional reliability, resiliency and security measures. NERC recommended holding a technical conference in coordination with FERC to further explore the topic.