2018 MRO Regional Risk Assessment

Transcription

1 MIDWEST RELIABILITY ORGANIZATION 2018 MRO Regional Risk Assessment Ben Lewiski, Risk Assessment and Mitigation Engineer November 28, 2017 Improving RELIABILITY and mitigating RISKS to the Bulk Power System

2 Regional Risk Assessment (RRA) Risk Assessments to Support CMEP Activities Purpose of the RRA Shared Understanding of Risk 2018 RRA Results Future Plans 2

3 Risk Assessments to Support CMEP Activities Continentwide Risk Regional Risk Assessment Inherent Risk Assessment Compliance Oversight Plan Key risks identified by ERO called Risk Elements Include Associated Standards and Requirements Unique Regional Characteristics Operational, Planning, Security, and Compliance Trends MRO Stakeholder Input Specific Entity Considerations Facility ownership, Configuration, Location, etc. Focused, risk-based oversight Most impactful standards and requirements for individual entity Timing, frequency, and oversight tools 3

4 Purpose of the RRA Comprehensive review of risk specific to the MRO footprint Each Region performs an RRA in support of the CMEP IP Allows for consideration and application of EROidentified risk at the regional level Opportunity to provide feedback to ERO for risks identified in MRO 4

5 RRA Development History Analysis of current and future enforceable Reliability Standards Grouped related Requirements into Performance Areas Additional qualitative considerations of risk RRA written in report format, revised Performance Areas Continue to expand qualitative considerations and update Performance Areas MRO Stakeholder Involvement 5

6 Shared Understanding of Risk Qualitative Risk Report Jointly developed by MRO Staff with Stakeholder Involvement Identification and discussion of regional risk, independent of NERC Standards/Requirements MRO Performance Areas Developed by MRO Staff Organized groups of Standards/Requirements to most efficiently monitor identified risks 6

7 2018 ERO Risk Elements Critical Infrastructure Protection Extreme Physical Events Maintenance and Management of BPS Assets Monitoring and Situational Awareness Protection System Failures Event Response/Recovery Planning and System Analysis Human Performance 2018 ERO Risk Elements 7

8 2018 RRA Results What was reviewed? Regional Data and Trends Geography and Topology Events, Lessons Learned, and NERC Alerts Misoperations, PRS Whitepaper NERC State of Reliability, RISC Reliability Risk Priorities ERO Risk Elements and Associated Standards / Req s Reliability Standard Violations New High-Risk Reliability Standards and Requirements Other Regionally Identified Risks 8

9 2018 RRA Results Remedial Action Schemes Cyber, Physical, and EMS/SCADA MRO Security Advisory Council Vegetation Management Trends Accurate Models MOD and TPL Added complexity from joint ownership/operations and interconnections 9

10 Changing Resource Mix 2018 RRA Results Generation mix, essential reliability services, recent events, lessons learned, DERs Geographic Risk Weather, GMD New TOP/FAC/IRO standards System Operating Limit / IROL Uncertainties 2018 MRO Performance Areas 10

11 Qualitative Risk Report Midwest ReliabilityMatters Articles Reliability Conference Topics MRO Committee Action Items Feedback to NERC Standards Development Other Outreach Activities Impact to Registered Entities MRO Performance Areas Input/Starting Point for Inherent Risk Assessments (IRA) IRA output used to develop risk-based Compliance Oversight Plan (COP) 11

12 Inherent Risk Assessments (IRAs) 476 NERC Requirements (Includes Currently Enforceable Requirements) 249 Requirements (Identified for Monitoring) 227 Requirements (Excluded from Monitoring) Of the 249 Requirements: 61 only applicable to RCs, PCs, BAs, and RSGs 13 are system event driven 175 requirements for DPs, TOs, TOPs, GOs, GOPs, and TPs Performance Areas 12

13 Inherent Risk Assessments (IRAs) The RRA Performance Areas are the starting point for IRAs Review/refresh data MRO has available on Registered Entity Request data as needed to perform IRA Risk factors and detailed analysis determine a Registered Entity s risk IRA output is the entity-specific risk level for each included requirement based on the entity s unique characteristics Determines which requirements should be monitored for the registered entity Compliance Oversight Plan establishes monitoring frequency and oversight tools (self-cert, audit, etc.) 13

14 Questions? For questions, contact: 14