NERC FFT Reports: Reliability Standard CIP-002-5.1
Unidentified Registered Entity 1 (Texas RE_URE1), FERC Docket No. NP19-18-000 (September 26, 2019)
NERC Violation ID: TRE2016016184
Reliability Standard: CIP-002-5.1
Violation Risk Factor: High
Violation Severity Level: Lower
Region: Texas Reliability Entity, Inc. (Texas RE)
Issue: An unidentified entity submitted a Self-Certification that it was in noncompliance with CIP-002-5.1 R.1. Specifically, the entity noted that it did not have or implement a certain process, and as a result, the entity did not identify each asset that contained a Bulk Electric System (BES) Cyber System. The root cause of this violation was that the entity did not have any process for complying with the reliability standard before or after the reliability standard was implemented.
Finding: Texas RE found the violation constituted a moderate risk and did not pose a serious or substantial risk to bulk power system reliability. By failing to properly identify and classify a BES Cyber System, Texas RE exposed the BES Cyber System to inadequate cyber security protections. The duration of the violation began on July 1, 2016 when the reliability standard became enforceable and is currently ongoing. Texas RE considered the entity’s compliance history and determined there were no relevant instances of noncompliance. To mitigate the violation, the entity created a draft process for reliability standard compliance, approved a documented internal compliance program, established a compliance committee, and conducted training. Additionally, the entity stated in its mitigation plan that by November 7, 2019, it will have finalized and have the Critical Infrastructure Procedures Senior Manager approve of the draft identifications.
Penalty: No penalty
FERC Order: September 26, 2019 (no further review)