Standards. Howard Gugel, Senior Director of Standards and Education Board of Trustees Meeting November 9, 2017

Transcription

1 Standards Howard Gugel, Senior Director of Standards and Education Board of Trustees Meeting November 9, 2017

2 Reliability Standards Development Plan Status Posted for industry comment June 26 July 25, 2017 NERC Standards Committee endorsed on October 18, 2017 Presented to Standards Oversight and Technology Committee Action Approve Reliability Standards Development Plan 2

3 Project Geomagnetic Disturbance Mitigation Reliability Benefit Perform GMD vulnerability assessments using an enhanced GMD event Require collection of GMD-related data Require deadlines for Corrective Action Plans (CAPs) and mitigation Improved transformer thermal assessment criteria Action Adopt TPL

4 4

5 Special Assessment: Potential Bulk Power System Impacts Due to Severe Disruptions on the Natural Gas System Preliminary Findings Thomas Coleman, Director, Reliability Assessment Board of Trustees Meeting November 9, 2017

6 Special Assessment Scope and Drivers Aliso Canyon storage facility outage underscored risks to electric generation and potential reliability issues Evaluate impacts to bulk power system (BPS) reliability as a result of potential disruptions and the loss of major natural gas infrastructure facilities: Key pipeline segment outages Disruption of LNG transport operations Natural gas storage disruptions Collaborative effort with Argonne National Laboratory analysis on critical facilities Advisory group established with electric and gas research organizations 2

7 Analysis Approach and Assessment Structure Step I: Review of Existing Studies Gain better understanding of existing planning approaches Highlight and promote best practices Step II: Evaluation of Gas Storage Facilities Step III: Identification of Generation Clusters Evaluate large storage facilities that are tightly coupled to electric generation (>2GW) Measure BPS reliability implications when storage facilities are not available Identify areas with a high density of natural gas generation Determine vulnerabilities and risk factors to consider in resiliency planning 3

8 Step 1: Review of Studies 4

9 Step 1: Review of Studies Key Findings Variety of concerns and region-specific challenges Wide-area transmission impacts (voltage and thermal constraints) due to loss of natural gas infrastructure are typically not studied; focus is generally on resource adequacy and resource availability Many respondents indicated that there were no natural gas storage facilities within their systems to evaluate Opportunity to learn from those with comprehensive resilience plans 5

10 Step II: Storage Facilities 12 storage facilities have been identified that can impact > 2GW of generation 6

11 Step III: Identifying Generation Risk Clusters Northwest: 25 GW GW Planned Southeast 55 GW GW Planned New England 11 GW GW Planned South CA-AZ: 60 GW GW -- Planned East TX-OK-LA 85 GW GW Planned Mid-Atlantic 95 GW GW Planned Florida 38 GW GW Planned 7 * All values are approximates, various sources: EIPC, EIA-860, NERC LTRA

12 Key Findings Aliso Canyon and has unique characteristics than most natural gas storage facilities Natural gas facility disruptions have varying impacts dependent on location and infrastructure density NERC s transmission simulations demonstrates operational challenges in the event of natural gas disruptions Demand for natural gas has altered storage dynamics Mitigation strategies (e.g., dual fuel) can reduce potential impacts Natural gas supply sources have become more diversified Recent FERC Orders continue to promote coordination Comprehensive planning by Planning Coordinators can significantly increase resilience 8

13 Recommendations Regulators and Policy Makers Regulators should consider fuel assurance mechanisms as they establish energy policy objectives In the event of an emergency, planning processes should include provisions for, and be prepared to, secure necessary air permit waivers Cyber and physical security needs should be diligently considered by regulators DOE should consider collecting data that quantifies dual fuel storage and seasonal on-site inventory 9

14 Recommendations Industry NERC registered entities should consider the loss of key natural gas infrastructure in their planning studies Owners and operators of dual fuel generators must ensure operability Wholesale electric markets should continue to incentivize performance of natural gas fired generation Natural gas and electric industries should continue to advance operational coordination 10

15 Recommendations NERC NERC should consider enhancing its Reliability Guidelines and/or Reliability Standards related to transmission planning and extreme event assessments NERC should enhance its Generator Availability Data System (GADS) database for better granularity in generator outage causes 11

16 Next Steps Seeking Board of Trustees acceptance of the report, endorsement of the recommendations, and approval to publish 12

17 13

18 Geomagnetic Disturbance Research Phase III Update John Moura, Director, Reliability Assessment and System Analysis Board of Trustees Meeting November 9, 2017

19 Research Plan Development Initial scoping with the Geomagnetic Disturbance Task Force (GMDTF) in February NERC s Preliminary GMD Research Work Plan filed with FERC in May 2017 Developed by NERC, Electric Power Research Institute (EPRI), and the GMDTF to meet Order No. 830 objectives Reviewed by NERC Planning Committee (PC) On October 19, 2017, FERC issued an order accepting NERC s preliminary plan and directing NERC to file a final plan within six months EPRI project management of the research work plan capitalizes on EPRI s EMP research 2

20 GMD Task Force Update Held face-to-face meeting in September to seek partnership with industry/researchers and provide plan update Developed Section 1600 draft data request with NERC Task Force is a collaboration of researchers, agencies, and utilities North American Transmission Forum NASA, Canadian Space Agency U.S. Geological Survey, Natural Resources Canada U.S. Space Weather Prediction Center U.S. National Labs Utilities from all regions in North America EPRI 3

21 Research Update NERC and EPRI partnership successful in obtaining technical support from researchers Research project begins in November 2017 and project runs through early 2020 Research has begun on the following two tasks: Development of a Transformer Thermal Assessment Tool (Dec 2017) o Develop an open-source tool for modeling transformer heating o Develop tool to conduct thermal analysis for transformers Improve Harmonics Analysis Capability (Dec 2019) o Develop guidelines and tools for use in performing system-wide assessment of GMD-related harmonics 4

22 Section 1600 Data Request Order No. 830 includes directives for collecting data to improve our collective understanding of GMD risk Includes GIC and magnetometer data NERC is to make data available to the public Developed draft data request with input from GMDTF and NERC PC will be asked to approve data request for 45-day industry comment at December 2017 PC meeting The final data request will be submitted to the PC and NERC Board of Trustees for approval in

23 6

24 Inverter Resource Performance Task Force and Level 2 Industry Recommendation Update James Merlo Vice President, Reliability Risk Management November 9, 2017

25 NERC Level 2 Alert issued 6/20/2017 Focused on inverterbased photovoltaic resources Frequency and voltage performance during recent system events Requested information on status of controls for these resources 2

26 Alert Responses Responses account for 99% of BES registered utility grade solar Manufacturers MW Responses Inverter units 1 6, , , , , Total 16, ,378 MW 7,000 6,000 5,000 4,000 3,000 2,000 1, Manufacturer 3

27 Erroneous Frequency Calculation 37% or 6,244 MW were calculating frequency incorrectly Positive response to remediation recommendations Implemented Manufacturer Recommendations? MW Responses Inverter units Yes 4, ,591 No 1, ,557 Total 6, ,148 1,986, 32% Yes 4,258, 68% No 4

28 Momentary Cessation during Abnormal Voltage 84% or 14,113 MW cease output during abnormal voltage Positive response to remediation recommendations More work needed in this area Inverter cease output during abnormal voltages? MW Responses Inverter units Yes 14, ,821 No 2, ,557 Total 16, ,378 2,657, 16% 14,113, 84% Yes No 5

29 Way Ahead Inverter Based Resource Performance Task Force (IRPTF) Reliability Guideline: Inverter-Based Resource Performance Resource-Performance-Task-Force.aspx Induced-Solar-Photovoltaic-Resource-Interruption-Disturbance- Report.aspx 6

30 7

31 Supply Chain Activity Update Ken McIntyre, Vice President and Director of Standards and Compliance Board of Trustees Meeting November 9, 2017

32 Background Board approved Supply Chain Standard in August Board issued supply chain resolution to support implementation and further analysis of supply chain risk Petition for approval filed with FERC, September 26 2

33 Board Supply Chain Resolution Support effective and efficient standard implementation (e.g., CIP V5 transition) Study supply chain risks and provide recommendations Communicate supply chain risks to industry Forum and Association white papers Plan to evaluate effectiveness of supply chain standards 3

34 Effective and Efficient Standard Implementation Critical Infrastructure Protection Committee (CIPC) will establish standard implementation advisory group in December 2017 NERC created a supply chain standard webpage for standard implementation information and references NERC to provide initial workshop on supply chain standard in 2018 Q1, with workshops to follow on key topic areas NERC and Regions to provide readiness evaluations in 2018 Q3- Q4 NERC and Regions to conduct small entity advisory sessions in 2018 Q1-Q3 4

35 Supply Chain Risk Study and Actions Engage CIPC in study design during Q Finalize design and approach for supply chain risk study (Q1 2018) Recruit industry experts and vendors to participate in supply chain risk study (Q1 2018) First interim deliverable due August 2018 Final report due February 2019 Supply chain risk identification and actions CIPC to develop security guidelines to address known risks Partner with National Laboratory to identify vulnerabilities in legacy equipment and recommend mitigation practices NERC s E-ISAC to engage Departments of Energy and Homeland Security to explore information sharing and supply chain risk assessments 5

36 Communicate supply chain risks NERC Alerts to communicate supply chain risks Recently issued a level 2 NERC Alert in September 2017 Utilize E-ISAC communication systems and protocols to disseminate information E-ISAC including supply chain risk topic in GridEx IV 6

37 Forums and Associations Forums and Associations developing white papers First drafts completed Q Final review and publish Q NERC to post white papers on supply chain standard webpage NERC, Forums, and Associations to present papers to industry CIPC open meetings NERC and Regional workshops 7

38 Plan to Evaluate Standard Effectiveness ERO Enterprise will: Develop standard effectiveness evaluation plan in Q o Consider standard effective date and implementation timeline Continue small group advisory sessions throughout implementation Assemble auditor observations and feedback to support effectiveness determination CIPC advisory group to gather and provide feedback to ERO Enterprise on standard effectiveness 8

39 Immediate Next Steps Incorporate supply chain activities in CIPC s work plan Executive Committee discussed at August meeting Finalize work plan at December meeting Stand-up supply chain advisory group in December Present work plan to NERC Board Of Trustees in February 2018 Finalize supply chain risk study design and resource requirements in 2018 Q1 Update webpage Provide quarterly updates to Board of Trustees 9

40 10

41 E-ISAC Update Marcus Sachs, Senior VP & Chief Security Officer, NERC Bill Lawrence, Senior Director, E-ISAC Board of Trustees Meeting November 9, 2017 TLP:WHITE 1

42 Summary of Q Sharing and reporting 221 E-ISAC staff posts to the portal (+3% above the quarterly average over the past year) 60 member posts to the portal (+9%) o 36 unique organizations shared (+21%) o 10 of those 36 organizations had never shared before 421 new portal accounts (+10%) Engagement (monthly average during the quarter) 186 webinar attendees (-20%) 562 downloads of the daily report (+35%) CAISS Pilot 19 companies participating (+1 participant) 2 TLP: White

43 CRISP Statistics 2015 Total 2016 Total 2017 Q1 Total 2017 Q2 Total 2017 Q3 Total Cases Opened 788 1, Reports Generated Site Annexes CASA Automated Reports 71, ,852 46,293 42,689 37,769 3 TLP:WHITE

44 CRISP for NERC and Regions NERC and the Regional Entities are joining CRISP in 2018 Will use same type of Information Sharing Device as currently used by existing CRISP members Sensors will be distributed across several locations, feeding Pacific Northwest National Laboratories as a single CRISP member Provides additional protection for sensitive data held and managed by the ERO No CRISP information will be shared with NERC and Regional Entity CMEP functional staffs As with other CRISP members, site annexes and CASA automated reporting will go to the information technology teams for action E-ISAC analysts will assist with interpreting and developing response plans 4 TLP:WHITE

45 Cyber Incidents and Reports Modular Malware (Defense Use Case #6) August 2, 2017 Dragonfly 2.0 September 6, 2017 Kaspersky security software (Government report and a NERC Alert) September 13, TLP:WHITE

46 Kaspersky Issue E-ISAC tracked the Kaspersky issue for several years Most information was classified, limiting what could be released DHS Binding Operational Directive 17-01, September 13, 2017 declassified the most significant facts and directed all US federal agencies to: o Identify any use or presence of Kaspersky products on their information systems within 30 days o Develop detailed plans to remove and discontinue present and future use of the products within 60 days o Begin to implement the agency plans to discontinue use and remove the products from information systems 90 days from the date of the directive E-ISAC alerted members immediately after the BOD release Published a TLP GREEN bulletin with guidance on September 15, 2017 Published a non-public Level 2 NERC Alert on October 5, TLP:WHITE

47 Kaspersky Threat Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on systems using their products Can be exploited by malicious cyber actors to compromise those systems Russian law allows Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks Russian government could use access provided by Kaspersky products to compromise foreign information systems Directly implicates national security Kaspersky confirmed that classified NSA information was sent to Russia Sources: TLP:WHITE

48 Kaspersky Products Kaspersky-branded products that are a potential threat: Kaspersky AntiVirus Kaspersky Internet Security Kaspersky Total Security Kaspersky Small Office Security Kaspersky Anti Targeted Attack Kaspersky Endpoint Security Kaspersky Cloud Security (Enterprise) Kaspersky Cybersecurity Services Kaspersky Private Security Network Kaspersky Embedded Systems Security Several private sector businesses are offering free removal and replacement of Kaspersky software 8

49 New Portal Platform Initiative to overhaul existing website started in 2015 New look and feel launched in October 2016 Significant improvements to old portal Fixed numerous bugs and technical issues Set up conditions for successful transition to a new platform New contractor hired in early 2017 Developed new layout and functionality with input from MEC and other stakeholders New site go live date set for November 30, 2017 Updates and additional new features will begin in January TLP:WHITE

50 CHIRP Initiative The E-ISAC s Cyber Hygiene and Internet Risk Program leverages two initiatives at the Department of Homeland Security (DHS) Cyber Hygiene program (CyHy) Risk and Vulnerability Assessment program (RVA) These initiatives are federally funded and are available AT NO COST to private sector entities in the US Reduces industry risk by identifying cyber vulnerabilities Provides E-ISAC with meaningful security metrics Identifies areas that need improvement NERC and E-ISAC enrolled in CyHy in June, 2017 All Regional Entities enrolled in CyHy in July/August, TLP:WHITE

51 Grid Security Conference Grid Security Conference (GridSecCon) 2017 October 17-20, 2017 in Saint Paul, Minnesota Technical training Speakers, panels, and threat briefings Security vendors Over 500 attendees GridSecCon 2018 will be in the WECC Region 11 TLP:WHITE

52 Grid Security Exercise November 15-16, 2017 GridEx IV is: An unclassified industry/government exercise designed to simulate a coordinated cyber/physical attack with operational impacts on electric and other critical infrastructures across North America to improve security, resiliency, and reliability 12 TLP:WHITE

53 13 TLP:WHITE