Standards - NERC highlights and Mintues 2013/Board... · Adopt TOP-001-4 Transmission Operations....

Standards

Howard Gugel, Senior Director of Standards and EducationBoard of Trustees MeetingFebruary 9, 2017

RELIABILITY | ACCOUNTABILITY2

• Reliability Benefits Requirements for Transmission Operators to monitor facilities Requires redundant and diversely routed data exchange capabilities Addresses FERC Order No. 817 directives

• Action Adopt IRO-002-5 Reliability Coordination - Monitoring and Analysis Adopt TOP-001-4 Transmission Operations

Modifications to TOP and IRO Standards


• Reliability Benefits Updated performance criteria for Power System Stabilizers Implements recommendations from FERC-NERC-Regional Entity Joint

Review of Restoration and Recovery Plans Aligns reporting requirements between EOP-004-3 and DOE OE-417 Addresses FERC Directive Implements Periodic Review Team recommendations

• Action Adopt EOP-004-4, EOP-005-3, EOP-006-3, and EOP-008-2

Project 2015-08 Emergency Operations


• Background Order No. 822 directiveso Modify Low Impact External Routable Connectivity (LERC) o Protect transient devices at Low Impact BES Cyber Systems

Reliability Benefitso Revises electronic access controls for Low Impact BES Cyber Systemso Incorporates the concepts of LERC into CIP-003-7o Addresses malware propagation in Low Impact BES Cyber Systems

• Action Adopt CIP-003-7 and its Implementation Plan Adopt definitions of Transient Cyber Asset and Removable Media

CIP-003-7- Cyber Security – Security Management Controls


• Background Alignment with Texas RE Bylaws Replace Standards Committee with Member Representatives Committee Minor revisions to clarify and update language

• Action Approve Texas RE Standards Development Process

Texas RE Standards Development Process


• Reliability Benefits Specify circumstances Power System Stabilizer (PSS) will not provide an

active signal to the Automatic Voltage Regulator PSS in service while synchronized, except during specified circumstances Tune PSS to specific criteria Install and complete start-up testing of a PSS Repair or replace PSS within 24 months failing tuning specifications

• Action Adopt VAR-501-WECC-3

VAR-501-WECC-3


• Background Alignment with Texas RE Bylaws Replace Standards Committee with Member Representatives Committee

• Action Information only

BAL-001-TRE-1 Attachment 2 Revision

Efficiency and Effectiveness MetricMike Walker, Senior Vice President and Chief Financial and Administrative OfficerBoard of Trustees MeetingFebruary 9, 2017


• Approve NERC’s Efficiency and Effectiveness Metric• Includes four measures for 2017: Execution of business plan and budget Implementation of ERO Enterprise technology solutions Implementation of Regional Entity oversight plans and NERC adherence to

the Rules of Procedure Implementation of action plans in response to ERO Enterprise Effectiveness

Survey results

Approve

Distributed Energy Resources Task Force (DERTF) Final ReportRich Hydzik, Avista, NERC DERTF ChairBoard of TrusteesFebruary 9, 2017


• Formed December 2015 • Reports to the Essential Reliability Services Working Group• Membership: representatives from Transmission planning and operations Renewable developers Regulatory organizations Distribution utility Researchers

• Final report to NERC Technical Committees in December 2016 Identify current state Recommendations to NERC, industry, and regulators

DERTF Background


• Operational impacts in areas with high penetration of distributed energy resources

• Recommendation for consistent modeling and assessing Distributed Energy Resources (DER)

• Review existing NERC Reliability Standards and coordinate with IEEE 1547 standard related efforts

• Review the NERC Functional Model, registration categories• Evaluate the need for Reliability Guidelines and/or Standard

Authorization Requests (SAR)

DERTF Scope Tasks


• How should DER be included in planning and operating models?• What level of control is needed for reliable system operations?• What level of visibility do system operators require?• How can DER contribute to the reliability of the bulk power

system? • What does the Electric Reliability Organization (ERO) need to

consider?

DERTF Report – Key Areas of Focus


• DER penetration is rapidly increasing and altering the load mix • Technical and engineering challenges of integrating DERs on

distribution system are well understood, but the reliability implications on the Bulk Electric System are less so

• DERs will increasingly have capabilities for active power control and reliability services

• Fundamental changes to modeling, planning and operations and conventional assumptions

Key Findings


• Reliability Guidelines Technical committee actions for load modeling, operations

• Data Sharing Potential enhancement to NERC Reliability Standards Continue to monitor in Long-Term Reliability Assessment

• System Modeling Consistency and best practices Annual assessment

• DER Models• Definitions• Industry Collaboration IEEE, national laboratories, inverter manufacturers, software vendors

Recommendations for Next Steps


• Submitted for approval to the NERC Board of Trustees

Next Steps for the Report

FERC Data Access – UpdateSharing GADS, TADS, and Misoperations data

James Merlo, Vice President, Reliability Risk Management Board of Trustees MeetingFebruary 9, 2017


• FERC order No. 824 directed NERC to give FERC access to certain NERC databases Generator Availability Data System (GADS) Transmission Availability Data System (TADS) Misoperations database (MISOPS)

• Mandatory data fields• US entities only

FERC Order 824


• FERC will treat information downloaded from NERC databases as non-public

• FERC clarified that downloaded data would be treated as CEII• Further evaluation from FERC as to whether data should be

designated as CEII in response to a request for information or FERC determination to disclose

FERC Order 833


• NERC is establishing a temporary secure site for FERC access • FERC is developing a Structured Query Language (SQL) server for

data exchange• Future access will be secure SQL server to SQL server providing

the required data to FERC staff

Process underway

U.S. Government Relations - New Administration Appointments

Janet Sena, Senior Vice President, Director of Policy and External AffairsBoard of Trustees MeetingFebruary 9, 2017


Transition Update

• Overview of transition team • Key positions of interest• Outreach and tracking


Transition Team

• Chairman Vice President-Elect Mike Pence• Executive Director Rick Dearborn• Sector Team Leads


4,000 Plus Jobs to Fill

• 4,013 Total number of appointments 1,242 presidential appointees who need Senate approval 472 presidential appointees who don’t need Senate approval 761 non-career Senior Executive Service positions 1,538 Schedule C appointments

• Energy Department 138 positions 22 appointees who need Senate approval 83 non-career Senior Executive Service positions 33 Schedule C appointment

• Independent Agencies, including FERC – 1,153 positions


Key Energy Positions

• Rick Perry – Secretary of Energy• Chairman of FERC• Commissioner of FERC• Commissioner of FERC


Other Key Positions of Interest

• General John Kelly – Secretary of Homeland Security• General James Mattis – Secretary of Defense• Rep. Mike Pompeo – Director, Central Intelligence Agency• Rex Tillerson – Secretary of State• Scott Pruitt – EPA Administrator• Mick Mulvaney – Director of the Office of Management and

Budget


Key White House Staff and Advisors

• White House Chief of Staff Reince Priebus• Chief Strategist Steve Bannon• Counselor to the President Kellyanne Conway• Press Secretary Sean Spicer• Cyber czar• Special Advisor to the President on Regulatory Reform Carl Icahn• Cyber Security Advisor Rudy Giuliani


NERC Outreach

• President and CEO Cauley presentation to ESCC – Energy transition lead in attendance

• President and CEO Cauley request for meeting to transition team

• Meeting with Energy transition team • Ongoing Policy & External Affairs outreach with

transition team

[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO]

Reliability Assurance Project of the Western Interconnection Assurance Activity Briefing

February 9, 2017

Ken McIntyre, VP Standards and ComplianceMelanie Frye, VP Reliability Planning and Performance AnalysisBoard of Trustees Meeting

Agenda Item 5fBoard of Trustees MeetingFebruary 9, 2017


Assurance Project

• Evaluate reliability in the Western Interconnection Follow-up activity from September 8, 2011 event

• Confidential effort focused on understanding practices Joint effort Voluntary participation Visited 15 entities (Reliability Coordinator and Transmission Operators) Discussions with frontline personnel

• Findings provided to senior management Public report posted December 2, 2016* Follow up discussion with entities

* https://www.wecc.biz/_layouts/15/WopiFrame.aspx?sourcedoc=/Reliability/Reliability Assurance Project of the Western Interconnection Findings.pdf&action=default


Assess Key Operational Areas

• Data sharing and communications• Situational Awareness• Operator authority


Areas for Improvement

• Reactive versus Proactive approach• Real Time Contingency Analysis• Next-Day Studies• Path Operator Authority• Outage Coordination• System Visualization


Next Steps

Joint Assurance Project

Public Report

WECC RPPA Reliability Assurance Activities

Gather Information

• Interviews• Entity Visits

Analyze Data• Performance

Data• Surveys

Conduct Outreach

• Workshops• Entity Feedback

Partner with Stakeholders

• Expertise • Public Reports

WECC Compliance and Enforcement Activities

Conduct Outreach

• Compliance Workshops

• WICF• New Standards

Implementation

Risk Assessment Process

• Inherent Risk Assessment

• CMEP Tools


Reliability Workshop

• March 22, 2017• Stakeholder conversation on 3 issues: Next-day studies Approaches to identifying elements to include in system studies Control room design


Real Time Contingency Analysis

• Q1-Q2: conduct outreach on new TOP-001-3 R13 WECC committee meetings Webinars WECC Compliance Workshop

• Q2-Q3: visit 5 to 7 entities to discuss RTCA

1

E-ISAC Update

Marcus Sachs, Senior VP & Chief Security OfficerBoard of TrusteesFebruary 9, 2017

2

• Sharing and reporting 265 E-ISAC staff posts to the portal (+29% from Q3)

57 member posts to the portal (+20%)

35 calls to the E-ISAC hotline (-17%)

275 new portal accounts (+30%)

• Engagement (monthly average during the quarter) 296 webinar attendees (+12%)

416 downloads of the daily report (+0.4%)

Summary of Q4 2016

3

Sharing by Region – Q4 2016

4

• GridSecCon 2016 (October) Quebec City Over 400 participants

• NERC Level 2 Alert on the Internet of Things (October)• GridEx IV Initial Planning Meeting (November) First opportunity to provide input into scenario development Exercise scheduled for November 15-16, 2017

• Portal improvements (November)• Launched CAISS – the STIX/TAXII pilot (December)• Two cyber events (December) Second Ukraine incident Vermont incident

Significant Activities

5

• Explosive growth of “smart devices” in the past two years Things that can communicate over the Internet Security cameras, digital video recorders, alarms, light switches, coffee

pots, refrigerators

• Most are not designed to be secure against unauthorized access Can be hijacked by malicious actors Are being used to attack other systems

• Three attacks on October 21, 2016, against an Internet service provider Caused hundreds of popular websites to be unavailable

• E-ISAC issued TLP-AMBER, TLP-GREEN, and TLP-WHITE advisories at the end of October

Internet of Things Issue

6

• “Internet of Things (IoT) Used For High Bandwidth Distributed Denial of Service (DDoS) Attacks” Issued on October 11, 2016 with responses due in 90 days

• Seven recommendations and four questions1. Have you used a tool to identify Internet-facing devices within your entity’s

network and performed a risk assessment of discovered devices?2. Have you reviewed the use of default passwords for these types of

devices? 3. Do you implement the Principle of Least Privilege in your Internet-facing

networks to include devices, such as security cameras, DVRs, video monitors, printers, etc.?

4. Do you have a vulnerability management process to ensure a strong security posture is maintained for Internet-facing networks and devices?

NERC Level 2 Recommendation

7

• CAISS is a technology proof-of-concept project Based on STIX/TAXII technology Requested in 2015 ESCC recommendations Results of the pilot will be integrated into future platform Ten initial participants—more have joined since the beginning of 2017

• NERC pays for back-end services Participants pay for any hardware or software needed at users’ sites

• Two complimentary technologies: ThreatConnect – Front-end GUI for analysis and STIX package creation Soltra Edge – Back-end, machine-to-machine communications TAXII server

(Soltra Edge was sold to NC4 in November 2016)

Cyber Automated Information Sharing System (CAISS)

STIX = Structured Threat Information eXpressionTAXII = Trusted Automated Exchange of Indicator Information

8

• All CRISP data currently flows to PNNL CRISP participants use Information Sharing Devices to collect and send

data PNNL provides system to “write up” to classified networks for analysis E-ISAC currently relies on PNNL for analysis of CRISP data and reports

• New capability gives E-ISAC analysts the ability to store and analyze unclassified data locally Up to 200 TB storage array installed at the E-ISAC Three stand-alone analyst workstations in place Currently evaluating new analytical tools Initial operating capability reached in January 2017

• At maturity, the E-ISAC will be able to query and analyze unclassified CRISP data with minimal PNNL involvement

CRISP Unclassified Data Center

Standards - NERC highlights and Mintues 2013/Board... · Adopt TOP-001-4 Transmission Operations....

Documents

Transcript of Standards - NERC highlights and Mintues 2013/Board... · Adopt TOP-001-4 Transmission Operations....