FERC approves NERC CIP Version 4 Standards
SUBNET Solutions Inc | Friday, April 20, 2012
The Federal Energy Regulatory Commission (FERC) announced on April 19, 2012, that it had approved the NERC CIP 4 Standards, a move that came as a surprise to many utilities and smart grid technology vendors.
Because extensive work had been done on the NERC CIP Version 5 Standard, industry leaders expected V4 would be skipped altogether. However, after several delays kept FERC from approving V5, it is believed the agency proceeded to approve Version 4.
"This final rule approves the Version 4 CIP Reliability Standards submitted by the North American Electric Reliability Corp (NERC) and retires the currently-effective Version 3 CIP Reliability Standards." FERC said in a release. "The CIP Reliability Standards provide a cyber-security framework for the identification and protection of 'Critical Cyber Assets' associated with 'Critical Assets' that support the reliable operation of the Bulk-Power System."
The approval will bring about a number of changes in the way utilities manage substations and intelligent electronic devices, compared to previous Version 3 Standards. The largest change will be in the way utilities identify critical assets, and the measures that are adopted to protect them.
Specifically, Version 4 includes consistent "bright line" criteria for the identification of critical assets, which replaces the "risk-based assessment methodology." Under Version 3, the system was developed and applied by individual responsible entities.
Under the new standards, the manner in which utilities decide which of their IEDs are considered Critical Assets and Critical Cyber Assets (CCAs) will change. While the IED Access Control and IED Password Management requirements remain unchanged in the Version 4 Standard, many of the CCAs that must have IED Access Controlled and Password Managed systems will change because of the new methods of identification.
The changes in V4 could lead utilities to identify a higher number of CCA IEDs, however, the exact number remains uncertain as there were many inconsistencies in the way utilities identified CCAs in V3.
While installing IED-based substations can greatly increase a utility's operating efficiency, such a system must comply with NERC CIP standards - a costly and time-consuming process if not done correctly. SUBNET works with utilities who are committed to maintaining strong cyber security standards, and offers solutions that help generation, transmission and distribution companies meet NERC CIP standards.
Unlike a number of vendors that require companies to replace or upgrade equipment, SUBNET leverages a utility's existing assets and uses current corporate IT policies to meet government requirements.
Substation Automation & Remote Access