Is Your Energy Facility NERC Compliant?


Why Power Plant Security is More Important Now than Ever

Over the past decade, the electric industry has been held to North American Electric Reliability Corporation (NERC) standards, including NERC Critical Infrastructure Protection (CIP) standards. In recent years, however, the penalty for failing compliance has climbed up to staggering six-figure amounts. There’s a reason for the severity of this penalty, however.

The Cost of Noncompliance

Did you know that the NERC settled with a noncompliant Unidentified Registered Entity (URE) for $1.1 million in 2016? This isn’t without reason; critical failures to meet NERC compliance could result in disastrous results, such as a cyber breach of a national electric grid. The penalty from losing a load to such a breach would be far higher than $1.1 million. An energy facility’s security is, after all, a matter of public safety.

A combination of physical and cyber risk factors contributed to the above violation. Of the settlement, the NERC said, “…[the] violation could have allowed a malicious individual to enter the substation without a key, badge, or authorization and take unauthorized action.” In other words, there was no clear access control.

One of the other underlying causes of the violation was a clear lack of accountability for construction personnel to ensure their facilities were NERC compliant. This, combined with failure to control access to the facility, was an immediate physical security risk.

Complying with NERC Regulations

Assistance is available from NERC and its regional entities to help meet its standards, as well as from lawyers and consultants. It can be overwhelming to know where to begin in your own facility, though.

At Traka, we’re experts at customizing key and asset management solutions. From the above example, we can pinpoint a few questions to ask yourself to get started.

1)     Could any individual access the sensitive areas of your facility without authorization?

Most of your personnel need access to sensitive areas at only clear, specific times. In that case, you’ll want your access control to reflect your day-to-day needs. Your safety plan should account each user as an individual, instead of “one key works for all.”

Intelligent keys, such as the Medeco XT key, can be remotely programmed to open only specific locks during a designated schedule. This ensures the user is only allowed access to areas when strictly necessary. The flexible nature of electronic scheduling allows you to quickly respond to security threats, lost keys or changes in personnel without expensive rekeying or delays.

As another security measure, look for keys with attack-resistant design and tamper-proof features. XT keys are designed with this in mind, making them well protected against forced entry. They also cannot be copied in the same manner as traditional mechanical keys due to their unusual, cylindrical shape.

The Medeco XT Receptor Strip from Traka gives an added and necessary layer of security. These strips secure, charge and audit the use of XT keys using the Traka iFob each time they’re stored in a key cabinet.

Locking receptor strips provide a high level of control over who can access your keys in the first place and can restrict access to authorized personnel down to the specific, individual key. Plus, they ensure your keys are always charged and ready for use.

2)     Do you have accountability measures to monitor your personnel and ensure they’re taking compliance seriously?

After a security risk is discovered, it can be difficult to pinpoint who or what caused it to take place. That’s why having an auditing and monitoring system in place is crucial for your facility’s physical security. When you hold your personnel accountable for security, they take more measures to keep the facility safe and compliant.

Auditing key use and monitoring it remotely is a useful way of doing just that. Manually tracking, after all, can be prone to human error. Using a built-in, 24/7 audit trail for tracking each key gives you an immediate digital record of your key’s use. This includes when each key was accessed, for what purpose, and at what exact time. With Traka and Medeco’s continuous tracking and auditing software, you can also track any unauthorized access attempts and be alerted of them in real-time.

Having all this information centralized, always up-to-date, and immediately accessible to those monitoring access control is as much a way of simplifying operations for your facility as it is a way of improving your security.

3)     Are you prepared for any unexpected accidents or hazards?

Hazards and accidents can happen in your energy facility, so it’s important to reduce risk. This can be done by implementing process control procedures. For example, lockout/tagout procedures can neutralize any potentially hazardous system by controlling deactivation and restoration of power as needed. Automating these procedures can reduce human error as well as significantly reduce downtime while minimizing risk for your facility.

NERC compliance will demand more from your facility than simply answering the above questions. Considering them, though, is a step in the right direction. Consult with your regional NERC entities and lawyers to determine where your facility’s security needs improvement to reach NERC compliance.

Looking for key and asset management solutions customized to your needs?

Contact us at Traka to see what solutions we can offer your energy facility.

Key icon

Read Traka's West Coast Utilities Case Study:

Learn how Traka enhanced key and vehicle management for this utility company in our case study.

Read More

Energy icon

Explore Our Power & Energy Solutions:

Discover more about how Traka delivers reliability and security to energy markets worldwide.

Read More 

Flyer Icon

Download Our Medeco XT Receptor Strip Flyer:

See how Traka’s Medeco XT Receptor Strip integrates with XT keys to give your facility enhanced security.

Read More