NERC CIP Risk Assessment Methodology

NERC CIP-002 Critical Asset Identification Methodology



NERC CIP Critical Asset Identification Methodology

To outline the risk assessment methodology followed in Electrical Transmission Systems and list the critical assets identified via a risk assessment methodology in accordance with NERC Critical Infrastructure Protection (CIP) Standards:

  • NERC CIP-002, Critical Cyber Assets
    • NERC CIP 002 R1, Critical Asset (CA) Identification Methodology
    • NERC CIP-002 R2, Critical Asset (CA) Identification

NERC CIP Risk Assessment Methodology

NERC defines Critical Assets as “Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System.” The Bulk Electric System (BES) is planned in a way to maintain a reliable mode of operation under normal conditions (with all Bulk Electric System   elements in service) as well as following the loss of single or double Bulk Electric System   elements as outlined in NERC Standards TPL-001 through TPL-003. Risks are also evaluated for extreme contingencies per NERC Reliability Standard TPL-004. Risk assessment as part of identifying the Critical Assets can be considered as part of the TPL-004 Standard.

The Electrical Transmission System identifies Critical Assets, per NERC definition, as those which, if rendered unavailable for some reason, would degrade the reliability and operability of the Bulk Electric System  . The following high-level risk assessment methodology is used for NERC CIP Critical Asset identification:

  • Contingency analysis is performed across the Electrical Transmission System, 115 kV and above, to simulate electrical power outages involving the loss of entire Electrical Transmission Substations.
  • Criticality is measured in terms of adverse impact on that part of the Bulk Electric System   operated by the Electrical Transmission System as a whole in the event of complete operational loss of an entire single Electrical Transmission Substation; it is not based upon loss of individual equipment in use at said Electrical Transmission Substation, or operational loss of multiple Electrical Transmission Substations simultaneously.
  • Transmission elements are identified that are overloaded by more than 150%.
  • Electrical Transmission Substations are identified as critical if there are more than three such overloaded elements identified and if their tripping will result in the loss of more than 150 MW.

The last step gives an idea whether the resulting problems after the loss of the Electrical Transmission Substation are cascading in nature and whether they are local or not.

Assumptions behind Selection and Execution of the NERC CIP Risk Assessment Methodology

The methodology described in the previous Section was applied with the assumptions described below.

  • Since Critical Asset identification is an annual process, the study was performed on the 2011 planning model representing peak summer electrical loading conditions. Most of the cascading electrical transmission overload problems are worse under peak loading conditions.
  • Loss of electrical transmission load less than 150 MW is considered local in nature, thereby, not affecting the integrity of the Bulk Electric System.
  • Three or more lines overloading more than 150% indicates the severity of a contingency involving loss of a Electrical Transmission Substation as also the potential of cascading electrical power outages.
  • Scenarios where the electrical transmission loadflow solution did not converge following the loss of an Electrical Transmission Substation were analyzed separately to see if they caused local or wide area problems. If the Electrical Transmission Substation loss resulted in power service disruption to less than 150 MW load, the problem was considered local in nature.
  • Firm transfers are modeled in the electrical transmission load flow case. Any non-firm transfers were not considered.
  • Managing and Utilizing System Transmission software by Siemens PTI is used for the risk assessment methodology analysis for the NERC Critical Infrastructure Protection (CIP) Standards.

Summary of NERC CIP Critical Asset Findings

Following the risk assessment methodology and Electrical Transmission Systems assumptions described in the previous Sections, the list of Critical Assets were identified  in accordance with NERC Critical Infrastructure Protection (CIP) Standards NERC CIP-002, Critical Cyber Assets, NERC CIP 002 R1, Critical Asset (CA) Identification Methodology, NERC CIP-002 R2, Critical Asset (CA) Identification:

(1)        115 kV

(2)        138 kV

(3)        161 kV

(4)        230 kV

(5)        345 kV

(6)        500 kV

These Electrical Transmission Substations are distributed across the Electrical Transmission System and range from 115 to 500 kV voltage levels.

Similar analysis will be made in subsequent years to identify the Critical Assets in the electrical transmission Bulk Electric System.


NERC CIP CRITICAL CYBER ASSET CCA IDENTIFICATION PROCESS
SCADANET CYBER INCEDENT RESPONSE CYBER SECURITY STATUS REPORT
NERC CIP & FERC CRITICAL CYBER ASSET LIST CYBER SECURITY COMPLIANCE CHECKLIST
NERC CYBER SECURITY CYBER SECURITY PROPOSAL CRITICAL ASSET IDENTIFICATION METHODOLOGY