By: Sean Sherman
FERC – Federal Energy Regulatory Commission – released a new order on March 19th, 2009 that changes the scope of the NERC CIP (Critical Infrastructure Protection) rules to include “Facilities regulated by the U.S. Nuclear Regulatory Commission” – i.e. nuclear plants. This seems a straightforward ruling that says generation sources (especially 20% of national production) should not be out of scope of the security controls and compliance rules that the rest of the bulk power system has to abide by. And to that end, perhaps there is no controversy.
However, this is also like someone changing a former one-way street into a two-way street. There will be some trepidation and concern about the rules of the road being known and observed by everyone. The lines on the road must be clear. My point is: the scope of compliance is always a big deal, I suspect there will be more clarification needed for those with responsibility for CIP compliance start to work with those responsible for NERC “structures, systems and components” compliance as well. Who will negotiate disagreements? How can we avoid compliance / security gaps – or – where dual regulations on equipment might occur?