The North American Electric Reliability Corporation (NERC) has recommended a $10 million fine on an unidentified utility for repeated violations of critical infrastructure protection (CIP) reliability standards.
Energywire and The Wall Street Journal reported that the unnamed utility was Duke Energy, one of the largest in the US, with 7.6 million retail electric customers in six states.
In a Notice of Penalty filed Jan. 25, NERC cited 127 violations between 2015 and 2018.
“The 127 violations collectively posed a serious risk to the security and reliability of the [bulk power system]. The companies’ violations of the CIP reliability standards posed a higher risk to the reliability of the BPS because many of the violations involved long durations, multiple instances of noncompliance, and repeated failures to implement physical and cybersecurity protections,” NERC said. “As an example, the companies’ failure to accurately document and track changes that deviate from existing baseline configurations increased the risk that the companies would not identify unauthorized changes, which could adversely impact BES [bulk electric system] cyber systems.”
[Source: RTO Insider]