December 6, 2014: When it became clear that five of the new CIP standards that NERC entities will have to comply with are really going to constitute CIP Version 7, I revised my calculations below to come up with what I think will be the final compliance "version": 6.3940. But I do refer back to this post in the new one, so I don't want to take it down.
I did a post in July, which has proved fairly popular, addressing the timeline for what I called “CIP Version 5.5”; I called it 5.5 because NERC entities will need to comply with a combination of v5 and v6 standards, so you can’t strictly call it one or the other. I will discuss the timeline in my next post, but first I want to address the weighty matter of what to call this new, hybrid (one is tempted to use the word mongrel, but I don’t think that’s in the NERC glossary) version.
I did a post in July, which has proved fairly popular, addressing the timeline for what I called “CIP Version 5.5”; I called it 5.5 because NERC entities will need to comply with a combination of v5 and v6 standards, so you can’t strictly call it one or the other. I will discuss the timeline in my next post, but first I want to address the weighty matter of what to call this new, hybrid (one is tempted to use the word mongrel, but I don’t think that’s in the NERC glossary) version.
To comply with this hybrid CIP version, NERC
entities will have to implement CIP-002, CIP-005 and CIP-008 from Version 5;
these will all bear the “-5” suffix.
From v6, they have to implement CIP-003, CIP-004, CIP-006, CIP-007,
CIP-009, CIP-010 and CIP-011; all of these standards will bear the “-6” suffix,
except for CIP-010 and -011, which will have the suffix “-2”. Got all that?
As I explained in the July
post, the reason for this mixture of two versions is that NERC was deathly afraid
of talking about a new CIP version, right after the industry had been through
the “v5..no wait, v4…no wait, v5!” whiplash; so they called v6 the “CIP v5
Revisions”. However, NERC rules prohibit
any revisions to a standard that has already been approved, so the new
standards are really v6.
I’m not sure how serious a problem this is –
presumably, people will print out a set of copies of the actual implemented
standards and throw everything else away.
But it’s really silly that the industry would have to go through this,
since the two previous times there was a change to the standards (requiring a
new submission to FERC), all of the standards were revised. A good example is CIP v3, where the only
standard that changed from v2 was CIP-006.
But NERC still brought all of the standards to the new version number,
meaning that today we’re not complying with seven v2 standards and one v3
standard, but simply eight v3 standards.
This approach was evidently deemed way too simple and understandable for
NERC this time around, and I guess I have to agree with that. I might have a heart attack if NERC came out
with anything that was simple and
understandable. So instead the industry
has two versions to comply with simultaneously.
But this still leaves the weighty problem of
what to call the hybrid version. I admit
I chose “v5.5” rather hastily in July; but now I want to be more
scientific. The fact is, the hybrid
contains 33 requirements, 7 from v5 standards and 26 from v6 standards. This means v6 is definitely the heavy hitter
on the new team, and it bothers me that I gave both v5 and v6 equal weight when
I split the difference and called them v5.5.
The scientific way to do this is to divide
the difference between 6 and 5 (6-5=1, for those keeping score at home)
proportionally according to the number of requirements from each standard.[i] Since the dividing line is 26/33 of the way
from 5 to 6, this means the correct designation should be 5.7878787878…. I would suggest that, but I don’t think infinitely
repeating decimals will work too well in compliance documentation. So I’ll round it off to 5.7879.
And there you have it. Not hearing any dissent, I hereby declare the
new CIP version to be 5.7879.
The views and opinions expressed here are my
own and don’t necessarily represent the views or opinions of Honeywell.
[i]
Actually, it would be even more scientific to divide it by the number of
sub-requirements, but there are some things that are beneath even moi.
No comments:
Post a Comment