Under the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) version 5/6, a transmission energy management system (EMS or TMS) is typically categorized as a high-impact bulk electric system (BES) cyber system. A distribution management system (DMS) is not. However, in many utilities the DMS is combined with the EMS. In this case, depending on the functions and type of connection between the systems, the DMS and associated human machine interface (HMI) may fall under NERC CIPv5/6 compliance requirements. The additional cost to make the DMS ecosystems compliant, in addition to the EMS, can be very expensive. How did utilities get into this situation? What options do they have to mitigate the additional expense?
An EMS supervisory control and data acquisition (SCADA) system gathers information and controls devices from remote terminal units (RTUs) and other smart devices located in transmission and some distribution substations. Many of these substations also include step-down transformers that represent the beginning of the distribution network in the same substation. It was a logical extension of the EMS and RTUs to use the SCADA system to expand visibility and control into the distribution network. In addition, utilities put in adjacent or separate distribution control centers for distribution operators to monitor and control the distribution network. The result is the DMS, withmany functions of the larger EMS, is being managed by both technical and operations personnel at the control centers.
Under NERC CIPv5/6 standards, high-impact BES cyber systems, such as EMS, must be contained within an electronic security perimeter (ESP) and physical security perimeter (PSP). The DMS, HMI and distribution as well as storm center personnel are not normally considered a high-impact BES cyber system. However, because they are directly connected to a high-impact BES cyber system, the DMS and its HMI may become part of the NERC CIPv5/6 compliance scope. Technical personnel and operators on all systems connected to the DMS must also undergo security clearance and maintain annual NERC CIP training.
In addition, NERC CIPv5/6 standards impact all control center and substation equipment connected by routable protocols to the DMS. This results in a much larger amount of equipment and personnel now subject to NERC CIPv5/6 compliance requirements and significant overhead costs for utilities.
Michael H. Schrameyer, PE, PMP, is Principal Consultant at BRIDGE Energy Group, and has more than 45 years’ experience in SCADA and energy management systems, advanced metering infrastructure and smart grid demand response.