{
  "id": "R45135",
  "type": "CRS Report",
  "typeId": "REPORTS",
  "number": "R45135",
  "active": true,
  "source": "EveryCRSReport.com",
  "versions": [
    {
      "source": "EveryCRSReport.com",
      "id": 585409,
      "date": "2018-03-19",
      "retrieved": "2019-12-20T21:42:22.622672",
      "title": "NERC Standards for Bulk Power Physical Security: Is the Grid More Secure? ",
      "summary": "A 2013 rifle attack on a critical electric power substation in Metcalf, CA, marked a turning point for the U.S. electric power sector. The attack prompted utilities across the country to reevaluate and restructure their physical security programs. It also set in motion proceedings in Congress and at the Federal Energy Regulatory Commission (FERC) which resulted in a new mandatory Physical Security Reliability Standard (CIP-014) for bulk power asset owners promulgated by the North American Electric Reliability Corporation (NERC) in 2015. In the three years since FERC approved this new standard, security risks to the power grid have become an even greater concern in the electric utility industry. Reflecting these ongoing security concerns, legislative proposals in the 115th Congress include provisions directed at power grid physical security. Congress also continues its oversight of grid security and implementation of NERC\u2019s security standards.\nThree entities play key roles in standards oversight and support of implementation for bulk power physical security. NERC and FERC oversee implementation of the CIP-014 standards, while the Department of Energy plays a supporting role in helping bulk power asset owners to protect their critical infrastructure. The detailed findings of NERC\u2019s compliance activities are not publicly disclosed due to their confidential nature. However, NERC has stated that the utility industry is making progress towards effective implementation of the CIP-014 standard and NERC has been \u201cencouraged\u201d by grid security measures put in place so far. NERC compliance audits as of February 2018 have uncovered no major failures to date. \nIn addition to compliance with NERC\u2019s standards, there have been other observable changes within the electricity sector reflecting greater emphasis on bulk power physical security. These changes include realignment in corporate structure to support physical security, incorporating physical security in transmission planning, new security products and services, utility capital investment in physical security, and utility participation in voluntary security programs. While public information about such changes is limited, it suggests they may be significant and widespread.\nAlthough the electric power sector seems to be moving in the overall direction of greater physical security for critical assets, many measures have yet to be implemented and the process of corporate realignment around physical security is still underway. NERC\u2019s CIP-014 standards have been promulgated recently, and bulk power asset owners have largely begun enhancing physical security under the standard over the last two years. Therefore, although it is probably accurate to conclude that, based on the objectives of the CIP-014 standards, the U.S. electric grid is more physically secure than it was five years ago, it has not necessarily reached the level of physical security needed based on the sector\u2019s own assessments of risk. Bulk power security remains a work in progress.\nCongress continues to be concerned about the current state of electric grid physical security. Among many specific issues of potential interest, Congress may focus on several with policy significance: security implementation oversight, cost recovery, hardening vs. resilience, and the quality of threat information. As CIP-014 implementation and other physical security initiatives proceed, Congress also may seek to maintain its focus on the power sector\u2019s overall progress, not only on short term compliance with NERC\u2019s security standards, but also on structural changes supporting physical security as a priority far into the future.",
      "type": "CRS Report",
      "typeId": "REPORTS",
      "active": true,
      "formats": [
        {
          "format": "HTML",
          "encoding": "utf-8",
          "url": "https://www.crs.gov/Reports/R45135",
          "sha1": "b7ce106085bac1b93519d334665f1e2ecf53a903",
          "filename": "files/20180319_R45135_b7ce106085bac1b93519d334665f1e2ecf53a903.html",
          "images": {}
        },
        {
          "format": "PDF",
          "encoding": null,
          "url": "https://www.crs.gov/Reports/pdf/R45135",
          "sha1": "987651a499e0be0dd21b281b9f6f0aa16d724757",
          "filename": "files/20180319_R45135_987651a499e0be0dd21b281b9f6f0aa16d724757.pdf",
          "images": {}
        }
      ],
      "topics": [
        {
          "source": "IBCList",
          "id": 4840,
          "name": "Electricity"
        },
        {
          "source": "IBCList",
          "id": 4884,
          "name": "Critical Infrastructure"
        }
      ]
    }
  ],
  "topics": [
    "Energy Policy",
    "Intelligence and National Security"
  ]
}