Signs of Life at NERC!

Steve Noess of NERC sent out an email to the SDT Plus List this week that gave me some small encouragement (unfortunately, small is the right word) that NERC may realize they are the only ones that can clear up the many interpretation issues in CIP Version 5. 

The email started by describing a recent meeting of representatives of the six entities in the V5 Transition Study, along with a host of others from NERC and the regions.  It then continued to discuss two areas in CIP-002-5 R1 where clarification is sorely needed, and to provide some interpretation guidance on them.  Since the second clarification – having to do with criterion 2.1 – wasn’t really surprising and didn’t go beyond what I think everyone pretty well understood the criterion to mean, I will focus on the first clarification.

Ironically, the first clarification had already been provided by Tobias Whitney of NERC, as described in my post from June.  This is the issue of “far-end relays”, although I referred to it as the “transfer-trip relay” issue.  Steve’s opinion on this issue didn’t differ from Tobias’ opinion: they agree that a relay located at a Low impact substation, protecting a line from a Medium impact substation (through criterion 2.5), will be Low impact.

However, Steve’s reason differed from Tobias’ reason, or at least was more refined.  Tobias said something to the effect of “Physical location IS a determinant factor for impact classification.”  As I pointed out in the post, this isn’t clearly based on anything that’s written in the standard.  However, Steve used a line of reasoning that is very much like the reasoning an Interested Party had provided me, which I wrote about in a previous post on this topic.  This does, IMHO, justify the opinion based on the wording of the standard.

The upshot is that Steve Noess provided – in written form - something very much like an interpretation of wording in CIP Version 5.  If you haven’t been in the NERC world too long, you can be forgiven for not understanding why this is quite a big deal.  Interpretations of NERC standards are supposed to come through a formal process, in which an entity submits a Request for Interpretation, a NERC team develops the interpretation, it is balloted (sometimes multiple times) by the NERC ballot body, it is approved by the NERC Board, and finally it is approved – hopefully – by FERC. 

This is easily a 2-3 year process, which in the case of CIP-002-5 R1 issues doesn’t do a lot of good.  People need to know how to identify their BES Cyber Systems now, not a year or so after the compliance date.  This is why I have been saying for a while that somebody needs to step outside the normal “legal” process and provide some interpretations of the V5 wording issues (and I finally settled on NERC as the entity that has to do that, after at first hoping that the Regional Entities might take the initiative to do it on their own).

So I wish to say I’m very pleased that Steve Noess has taken it on himself to step outside the bounds of legality and address what has been a very important question for most transmission entities.  Steve, if you get thrown in jail for doing this, I’ll bake you a cake with a file in it (although it will be the first cake I’ve ever baked, so you may want to throw it away once you've retrieved the file).

But you’re not done yet, Steve.  In your email, you go on to say “There are several additional topics being prioritized for similar treatment and collaboration as the two mentioned above, including topics such as virtualization, Interactive Remote Access, EACMS, and others.”  This is great, but I certainly hope you don’t think that all the problems with interpretation of CIP-002-5 have been addressed.  There are still some very serious problems, and unfortunately they won’t be as “easy” (if you want to call it that) to deal with as the far-end relay question was.

Steve, that is because much of the wording of CIP-002-5 R1 and Attachment 1 is confusing and outright contradictory.  You aren’t for the most part going to be able to come up with a direct interpretation of the existing wording that will solve these problems – unless you plan to rewrite CIP-002-5 (which you don’t, of course).  You (or someone of your stature at NERC) will need to simply say, “This is the way NERC entities need to read CIP-002-5 R1….Someone else may read the words differently and come up with a different interpretation.  But I’m speaking for NERC, and this is the way you need to interpret this.”

Steve, I realize this is a pretty harsh thing to have to say, so I’ll give you an out.  I suggest you enlist the help of a third party to make your case.  For instance, many people throughout history – usually called “prophets” – have enlisted God’s support for their statements, and have said they were just revealing what He had told them in a dream, or inscribed on some stone tablets that they’d just found.  You might try that approach.

However, this is a secular age, and that might not work as well now as it did – say – 2500 years ago.  Fortunately, I think you have already hit on an alternative.  In your email, immediately after you provided your well-reasoned opinion why the wording of criterion 2.5 supported your interpretation, you stated “This also conforms to the intent of the Standard Drafting Team..” 

Of course, that’s it!  All you have to do is say you’re simply relaying the intent of the SDT!  And who’s to question you on that, since you worked very closely with the Version 5 SDT for its last – and most crucial – two years of existence (OK, maybe it was just a year and a half.  In any case, you did more than anyone else to drive V5 through to completion in 2012)? 

As I pointed out in this post (the four paragraphs starting with the number 9), it is a fool’s errand to try to objectively determine the SDT’s intentions at this point.  And there’s no way an entity could use the SDT’s “intentions” to support their case if they appealed a violation to FERC or the courts.  But that shouldn’t stop you from stating that your opinions are based on those intentions, Steve - since the alternative is having to dummy up some stone tablets at home and say they just dropped from the sky.

I’m really not kidding about this, either.  There are serious wording problems in CIP-002-5 (and probably in other V5 standards) that aren’t going to be solved by careful reading, like the relay problem was.  I’ve written about these problems in over 25 posts, starting with this post in April, 2013 (I just noticed that post has had over 1300 page views).

And if you’re not sure where to start, here’s what I currently see as the biggest problem in CIP-002-5: It’s the use of the word “Facilities” in criteria 2.3 – 2.8 of Attachment 1.   From what I’ve heard from the regions and from the draft CIP-002-5 RSAW, it seems this word is going to simply be interpreted as meaning “asset” – i.e. these criteria are no different from the others, which all do address assets of some type.  As I discussed in this post (footnote iv), entities will have to identify many more BES Cyber Systems than I believe they should have to identify, if this interpretation isn’t changed.  I realize there is some other wording in CIP-002-5 that supports NERC’s current interpretation, Steve - so you’ll just have to go beyond the words (and if you want to point to a higher authority, I suggest you refer to the quote from Lewis Carroll in footnote v of the post I just referenced). 

That’s why you’ll have to make the transition from lawyer to prophet, Steve.  Hundreds of NERC entities are counting on you.

  

The views and opinions expressed here are my own and don’t necessarily represent the views or opinions of Honeywell.