With Chairman Kevin McIntyre still ill, absent, and not voting, the Federal Energy Regulatory Commission today adopted a new reliability standards to get a handle on cyber security risks associated with supply chains that supply the U.S. bulk electric system. The new FERC final rule largely follows a notice of proposed rulemaking issued in January.
Commissioner Neil Chatterjee, chairing the meeting in McIntyre’s absence, said the new standards “continue key work to withstand fast-evlving cyber security risks and is rightly focused on the highest-risk targets.” McIntyre has now missed two consecutive monthly open FERC meetings.
The North American Electric Reliability Corp. proposed the standards under direction from FERC’s Order No. 829. FERC and NERC have noted that the industry’s global supply chain provides opportunities to infiltrate cyber threats. But the global supply chain, said FERC, “provides opportunity for significant benefits to customers….”
The standards require bulk electric system operators to come up with a plan that includes security controls for supply chains for industrial control system hardware, software, and services. The rule provides for an 18-month implementation period. But the order notes that “a significant cyber security risk remains because the standards exclude Electronic Access Control and Monitoring Systems (EACMS), which includes firewalls, authentication servers, security event monitoring, intrusion detection systems, and alerting systems.”
So FERC gave NERC 24 months to include EACMS “associated with medium and high-impact” bulk electric cyber systems “within the scope of the supply chain risk management reliability standards.”
Today’s meeting also included a staff presentation on the potential impact of the coming winter on the energy markets that FERC follows. The analysis concluded that the 2019 winter is likely to be warmer than average, based on NOAA data. But the staff cautions that a “warmer than average winter may still have prolonged periods of cold temperatures that can stress natural gas and electricity markets despite reserve margins exceeding reference levels.”
The FERC analysis said that gas pipeline constraints in Boston, New York City, and Los Angeles “increase the risk of price volatility.” That comes as no surprise, as Boston and New York have well-known winter gas supply constraints and California is still coping with the Aliso Canyon gas storage leak, now three years old.
The FERC staff analysis also pointed to Energy Information Administration data showing natural gas storage at 1,354 billion cubic feet, “well below the five-year average.” FERC noted, “The Energy Information Administration (EIA) projects natural gas storage inventories to start the withdrawal season with 3,308 Bcf. This would be the lowest inventory level since 2005 and a 12.7 percent decrease from last year’s level.”
— Kennedy Maize