Inside the NERC-CIP-014 Standard

Nov. 11, 2016
How utilities end-users are tasked with implementation

NERC-CIP-014 — largely created as a guideline for the protection of North American electric power substations from physical attack — is intended as a best practices blueprint for the guidance of not only bulk electric power providers/utilities, but also for physical security professionals and integrators to provide the most effective protection of vital outdoor-located electrical transmission and distribution assets.

NERC-CIP-14 describes a “systems approach” for providing physical security protection of mission-critical substation facilities and other key assets within a utility, and six specific actions have been identified by NERC: Deter, detect, delay, assess, communicate and respond.

NERC also recommends a “defense in depth” concept to “prevent the advance of an attacker.” This concept entails the creation of several zones of protection over a wide area, so that the utility may respond to an event over a wider time interval, instead of using a “single, strong defensive line.” These zones or layers of protection would typically initiate with the fencing surrounding the facility, as well as controlled access points for authorized personnel, and ultimately terminate at some very critical location, such as the shelter containing the control and metering equipment at the substation.

As part of the NERC-CIP-014 implementation process, each utility must identify their most mission-critical facilities — defined as installations that in the event they were damaged or taken offline, would “result in widespread instability, uncontrolled separation or cascading within an interconnection.”

To demonstrate compliance, a utility is required to perform a complete security audit and review to identify any potential threats to the substations and other mission-critical assets, confirm the risk assessment with an independent third party, and finally implement the physical security protection necessary to maintain protection of those assets.

The utility is then required to submit to another independent third-party analysis to review and evaluate their intended means of providing compliance against the identified threats. These requirements are time-phased, allowing the utility the opportunity to install and integrate the required physical security detection and protection hardware within their facilities.

As the threat potential by terrorist activity to disrupt the delivery of electric power will most likely remain for the foreseeable future, other issues such the theft of valuable equipment assets and vandalism are perhaps more well-known, and must also be considered from a security standpoint. With the price of copper at record levels, and as the use of copper is so prevalent within electrical substations, it has become a very attractive target for theft, often with lethal consequences for the thieves. Maintenance personnel have been injured, and in some cases killed when servicing facilities where electrical components where removed by theft, thereby compromising the safety of the installation when the theft was not detected previously by the utility.

Bruce Berman is VP of new business development for ComNet. Request more information about the company at This article is excerpted from Mr. Berman’s full whitepaper, available at