Steve Noess of NERC sent out an email to the
SDT Plus List this week that gave me some small encouragement (unfortunately,
small is the right word) that NERC may realize they are the only ones that can
clear up the many interpretation issues in CIP Version 5.
The email started by describing a recent
meeting of representatives of the six entities in the V5 Transition Study,
along with a host of others from NERC and the regions. It then continued to discuss two areas in
CIP-002-5 R1 where clarification is sorely needed, and to provide some interpretation
guidance on them. Since the second clarification
– having to do with criterion 2.1 – wasn’t really surprising and didn’t go beyond what I think everyone pretty well understood the criterion to mean, I
will focus on the first clarification.
Ironically, the first clarification had
already been provided by Tobias Whitney of NERC, as described in my post
from June. This is the issue of “far-end
relays”, although I referred to it as the “transfer-trip relay” issue. Steve’s opinion on this issue didn’t differ
from Tobias’ opinion: they agree that a relay located at a Low impact
substation, protecting a line from a Medium impact substation (through
criterion 2.5), will be Low impact.
However, Steve’s reason differed from Tobias’
reason, or at least was more refined.
Tobias said something to the effect of “Physical location IS a
determinant factor for impact classification.”
As I pointed out in the post, this isn’t clearly based on anything that’s
written in the standard. However, Steve
used a line of reasoning that is very much like the reasoning an Interested
Party had provided me, which I wrote about in a previous post
on this topic. This does, IMHO, justify
the opinion based on the wording of the standard.
The upshot is that Steve Noess provided – in written
form - something very much like an interpretation of wording in CIP Version
5. If you haven’t been in the NERC world
too long, you can be forgiven for not understanding why this is quite a big
deal. Interpretations of NERC standards
are supposed to come through a formal process, in which an entity submits a
Request for Interpretation, a NERC team develops the interpretation, it is balloted
(sometimes multiple times) by the NERC ballot body, it is approved by the NERC
Board, and finally it is approved – hopefully – by FERC.
This is easily a 2-3 year process, which in
the case of CIP-002-5 R1 issues doesn’t do a lot of good. People need to know how to identify their BES
Cyber Systems now, not a year or so after the compliance date. This is why I have been saying for a while
that somebody needs to step outside
the normal “legal” process and provide some interpretations of the V5 wording
issues (and I finally settled
on NERC as the entity that has to do that, after at first hoping that the
Regional Entities might take the initiative to do it on their own).
So I wish to say I’m very pleased that Steve
Noess has taken it on himself to step outside the bounds of legality and
address what has been a very important question for most transmission entities. Steve, if you get thrown in jail for doing
this, I’ll bake you a cake with a file in it (although it will be the first
cake I’ve ever baked, so you may want to throw it away once you've retrieved the file).
But you’re not done yet, Steve. In your email, you go on to say “There are
several additional topics being prioritized for similar treatment and
collaboration as the two mentioned above, including topics such as
virtualization, Interactive Remote Access, EACMS, and others.” This is great, but I certainly hope you don’t
think that all the problems with interpretation of CIP-002-5 have been
addressed. There are still some very
serious problems, and unfortunately they won’t be as “easy” (if you want to
call it that) to deal with as the far-end relay question was.
Steve, that is because much of the
wording of CIP-002-5 R1 and Attachment 1 is confusing and outright
contradictory. You aren’t for the most
part going to be able to come up with a direct interpretation of the existing
wording that will solve these problems – unless you plan to rewrite CIP-002-5
(which you don’t, of course). You (or
someone of your stature at NERC) will need to simply say, “This is the way NERC
entities need to read CIP-002-5 R1….Someone else may read the words differently
and come up with a different interpretation.
But I’m speaking for NERC, and this is the way you need to interpret
this.”
Steve, I realize this is a pretty harsh thing
to have to say, so I’ll give you an out.
I suggest you enlist the help of a third party to make your case. For instance, many people throughout history –
usually called “prophets” – have enlisted God’s support for their statements,
and have said they were just revealing what He had told them in a dream, or
inscribed on some stone tablets that they’d just found. You might try that approach.
However, this is a secular age, and that
might not work as well now as it did – say – 2500 years ago. Fortunately, I think you have already hit on
an alternative. In your email,
immediately after you provided your well-reasoned opinion why the wording of
criterion 2.5 supported your interpretation, you stated “This also
conforms to the intent of the Standard Drafting Team..”
Of course,
that’s it! All you have to do is say you’re
simply relaying the intent of the SDT!
And who’s to question you on that, since you worked very closely with
the Version 5 SDT for its last – and most crucial – two years of existence (OK,
maybe it was just a year and a half. In
any case, you did more than anyone else to drive V5 through to completion in
2012)?
As I pointed
out in this
post (the four paragraphs starting with the number 9), it is a fool’s errand to
try to objectively determine the SDT’s intentions at this point. And there’s no way an entity could use the
SDT’s “intentions” to support their case if they appealed a violation to FERC
or the courts. But that shouldn’t stop
you from stating that your opinions are based on those intentions, Steve - since
the alternative is having to dummy up some stone tablets at home and say they
just dropped from the sky.
I’m really
not kidding about this, either. There
are serious wording problems in CIP-002-5 (and probably in other V5 standards)
that aren’t going to be solved by careful reading, like the relay problem was. I’ve written about these problems in over 25
posts, starting with this
post in April, 2013 (I just noticed that post has had over 1300 page views).
And if you’re
not sure where to start, here’s what I currently see as the biggest problem in
CIP-002-5: It’s the use of the word “Facilities” in criteria 2.3 – 2.8 of
Attachment 1. From what I’ve heard from the regions and from
the draft CIP-002-5 RSAW, it seems this word is going to simply be interpreted
as meaning “asset” – i.e. these criteria are no different from the others,
which all do address assets of some type.
As I discussed in this
post (footnote iv), entities will have to identify many more BES Cyber Systems
than I believe they should have to identify, if this interpretation isn’t changed. I realize there is some other wording in
CIP-002-5 that supports NERC’s current interpretation, Steve - so you’ll just have
to go beyond the words (and if you want to point to a higher authority, I suggest you refer to the quote from Lewis Carroll in footnote v of the post I just referenced).
That’s why
you’ll have to make the transition from lawyer to prophet, Steve. Hundreds of NERC entities are counting on
you.
The views and opinions expressed here are my
own and don’t necessarily represent the views or opinions of Honeywell.
No comments:
Post a Comment