After the Notice of Proposed Rulemaking (NOPR) by the Federal Energy Regulatory Commission’s (FERC’s) physical security Reliability Standard, CIP-014-1, consulting firm Homeland Security Solutions (HSS) released its CIP-014-1 Physical Security Program (PSP).
The PSP is designed to ensure that publicly and privately owned electric transmission companies have the best physical security policies, plans, training and assets to address their expectations while meeting or exceeding the requirements proposed by the new standard. The company is already in talks with several utilities that want to comply with the new standard that was developed at FERC’s request by the North American Electric Reliability Corp (NERC).
Under CIP-014-01, electric transmission owners and operators are required to demonstrate they have assessed and addressed their physical security risks and vulnerabilities.
“We applaud FERC’s additional, going forward step in facilitating the enhanced physical security of the nation’s most critical bulk-power facilities and toward the adoption of this new standard intended to help electric companies mitigate the risks to their physical assets,” said Bradley C. Schreiber, president of HSS. “Threats to our nation’s infrastructure remain a critical challenge to our security, and we are encouraged by today’s actions. As our firm’s primary focus is to help identify and mitigate gaps in our nation’s security, we look forward to working closely with electric transmission company owners and operators to help them comply with the new standard. Our Physical Security Program was specifically designed by law enforcement and homeland security experts to help them increase their resiliency to the many threat vectors they face in this ever changing security landscape.”
Part of HSS’ Resiliency and Disaster Management Services’ Facility Security Review Program, the PSP uses a proprietary gap analysis tool, the PSP Matrix, which is applied by the firm’s team of experienced physical security, critical infrastructure, law enforcement and homeland security staff. During the evaluation, HSS: identifies and assesses critical sites; evaluates potential threats and vulnerabilities; reviews current processes, procedures, operational guidance and physical security plans; and interviews relevant staff to gain additional insights into a company’s physical security posture. Once the gap analysis has been completed, the firm develops a physical security plan and, if requested, provides support in the plan’s implementation.
Schreiber, a former senior advisor with the Department of Homeland Security, said the program can be completed in approximately 30 days depending on the scope of the service requested.
In its NOPR, FERC proposed its approval of CIP-014-1 submitted by NERC and directed NERC to develop two modifications: one that would allow governmental authorities to add or subtract facilities from an entity’s list of critical facilities; and a second modification that would revise wording that could narrow the scope and number of identified critical facilities. FERC was concerned that NERC’s use of the phrase “widespread instability” rather than “instability” could result in ambiguity. After FERC’s issuance of the NOPR, comments CIP-014-1 are due 45 days after publication in the Federal Register, R-14-29.