Standards Development Update Steven Noess, Director of Standards Development FRCC Reliability Performance Industry Outreach Workshop September 20, 2017 Supply Chain Risk Management 1
Cyber Security Supply Chain Standard Background FERC issued Order No. 829 on July 21, 2016 Standard must be filed by September 2017 Status Final ballot ended July 20, 2017 o CIP 013 1 84.2% o CIP 005 6 88.8% o CIP 010 3 81.4% NERC Board of Trustees o Solicited Policy Input July 2017 o Adopted by Board of Trustees at August 2017 meeting o Concurrently adopted six supporting and related resolutions FERC filing deadline of September 27, 2017 3 Focus High and medium impact BES Cyber Systems No requirements for low impact BES Cyber Systems NERC committed to addressing risks appropriately Identify best practices Develop guidance resources Support common understanding of compliance obligations 4 2
Policy Input How should NERC support effective implementation? How should NERC evaluate effectiveness of the standards going forward? What risks and related issues should NERC study, including risks related to low impact BES Cyber Systems not covered by the standards? Are there actions NERC should take to address additional potential supply chain risks? 5 Policy Input Themes Additional implementation guidance and time for implementation Communication through webinars and post lessons Vendors must be included Consistent audit guidelines Establish expert group for feedback on success Engage Critical Infrastructure Protection Committee (CIPC) Allow implementation time prior to evaluation Use E ISAC to track incidents Participate in cross industry forums 6 3
Board Resolution 1 Support Effective and Efficient Implementation: NERC to commence preparations for implementation of the Supply Chain Standards using similar methods during the CIP V5 transition, and regularly report to the Board on those activities. 7 Board Resolution 2 Cyber Security Supply Chain Risk Study: Study the nature and complexity of cyber security supply chain risks, including risks associated with low impact assets not currently subject to the Supply Chain Standards, and develop recommendations for follow up actions that will best address any issues identified. (Interim report 12 months after adoption of the resolutions and a follow up final report 18 months after adoption). 8 4
Board Resolution 3 Communicate Supply Chain Risks to Industry: Communicate supply chain risk developments and risks to industry and in connection with the Cyber Security Supply Chain Risk Study. 9 Board Resolutions 4 and 5 Forum White Papers: The Board requests the North American Transmission Forum and the North American Generation Forum (the Forums ) to develop (and distribute, as permissible) white papers to address best and leading practices in supply chain management, as described in the resolution. Association White Papers: The Board requests the National Rural Electric Cooperative Association and the American Public Power Association (the Associations ) to develop (and distribute, as permissible) white papers to address best and leading practices in supply chain management, as described in the resolution. 10 5
Board Resolution 6 Evaluate Effectiveness: Collaborating with NERC technical committees and other experts, evaluate the effectiveness of the Supply Chain Standards, as described in the resolution, and report to the Board. 11 Activities in Support Industry advisory group to support deployment ERO Enterprise auditor training Industry webinars and workshops Vendor outreach on controls Engage CIPC Form vendor/industry working groups on supply chain risks Review supply chain risk practices in other industries and communicate effective strategies Ensure BES supply chain risks are addressed by product manufacturing standards Provide latest government intelligence to industry Enlist national laboratories to test legacy systems 12 6
13 Technical Rationale Guidelines and Technical Basis 7
Background of Guidelines and Technical Basis Initially designed to support results based standards Contained an information only disclaimer Incorporated into standard development template Disclaimer paragraph was omitted Initiatives since inception Reliability Standard Audit Worksheets (RSAW) Risk based Compliance Monitoring and Enforcement Program (CMEP) Compliance Guidance Confusion around application and status, in conjunction with new initiatives 15 Purpose Provides drafting teams a mechanism to: Explain the technical basis for Reliability Standard Provide technical guidance to help support effective application To further clarify Guidelines and Technical Basis NERC staff and Standards Committee (SC) leadership coordinate Captured in Task 3 in SC Strategic Plan 16 8
Summary of Technical Rationale Transition existing Guidelines and Technical Basis to Technical Rationale A separate document to explain technical basis Focus on understanding technology and technical requirements No embedded compliance approaches or compliance guidance Appropriate use of NERC Compliance Guidance Policy NERC staff review for conformance 17 Work Plan Develop Technical Rationale document complete SC endorsement complete Presentation to Board of Trustees and Member Representatives Committee complete Implementation Develop ERO guidance on existing Guidelines and Technical Basis and future Technical Rationale (e.g. CMEP Practice Guide) Q3 Review existing Guidelines and Technical Basis for possible Compliance Guidance language Q4 Transition existing Guidelines and Technical Basis to Technical Rationale 2017 Q4 to 2018 Q3 18 9
Webinar NERC staff and SC members collaborating on initial implementation Planning additional webinar on Technical Rationale implementation in Q4 2017 19 Relevant Documents Mandatory and enforceable components of Reliability Standards Applicability Requirements Effective dates Regulatory documents (mandatory and enforceable) ERO filing for approval Regulatory order in applicable jurisdiction Technical information (not mandatory and enforceable) Technical rationale (Guidelines and Technical basis) Whitepapers Reliability guidelines 20 10
Relevant Documents Audit and compliance (not mandatory and enforceable) RSAW Compliance Guidance o Implementation Guidance o CMEP Practice Guides 21 22 11
Current Standards Development Activities Project 2013-03 Geomagnetic Disturbance Purpose: Modifying TPL 007 1 to address directives from Order No. 830 including: Modify the benchmark GMD event definition used for GMD Vulnerability Assessments; Make related modifications to requirements pertaining to transformer thermal impact assessments; Require collection of GMD related data. NERC is directed to make data available; and Require deadlines for Corrective Action Plans (CAPs) and GMD mitigating actions Status: Passed initial ballot; will be posting for final ballot in October Developer contact information: Scott Barfield McGinnis, Scott.Barfield@nerc.net 24 12
Project 2015-09 Establish and Communicate System Operating Limits Purpose: Make changes to address recommendations from Project 2015 03 Periodic Review of System Operating Limits: IROLs are now being studied by the technical committees through the Method for Interpreting IROLs Task Force (MEITF) Replacing FAC 010 3 with a new FAC 015 1 to address SOL methodology process and coordination Updating FAC 011 and FAC 014 Balloting a new definition for System Voltage Limit Seeking informal comment on revised System Operating Limit and new SOL Exceedance definitions Status: Posting for initial ballot at the end of September Developer contact information: Darrel Richardson, darrel.richardson@nerc.net 25 Project 2015-10 Single Points of Failure Purpose: Make changes to TPL 001 5 to address recommendations from System Protection and Control Subcommittee and System Analysis and Modeling Subcommittee assessment of single points of failure; update references to the MOD standards, and address Order No. 786 directives: Address six month threshold for planned outages Address spare equipment strategy for stability analyses Status: Posted for initial ballot September 8, 2017 Developer contact information: Latrice Harkness, latrice.harkness@nerc.net 26 13
Issue Area Source Status LERC definition Transient Devices for Low Impact (TCA) Shared BES Cyber Systems in CIP 002 5.1a Communication between BES Control Centers Transmission Owner (TO) Control Centers performing the function of a Transmission Operator (TOP) Project 2016-02 Modifications to CIP Standards Order 822 Order 822 Energy Sec RFI Order 822 V5TAG Completed Completed Completed CIP 012 2 Formal Comment and Initial Ballot concluded on 9/11/2017. SDT preparing for Additional Ballot CIP 002 6 currently posted for Formal Comment and Initial Ballot, closing 10/30/17 Virtualization in the CIP Environment V5TAG Informal Posting ended 4/11/2017; second Informal Posting anticipated fall 2017 CIP Exceptional Circumstances SAR Informal Posting ended 3/13/2017, Comments under consideration Definitions and Concepts V5TAG Being addressed in other project areas 27 Project 2016-02 Modifications to CIP Standards Meeting/Call Schedule Reserved call times Fridays 11:00 a.m. 1:00 p.m. Eastern Refer to the NERC Calendar of Events for other calls and in person meetings Contact Information NERC Standards Development staff, Katherine Street and Mat Bunch Email: katherine.street@nerc.net Telephone: 404 446 9702 Email: mat.bunch@nerc.net Telephone: 404 446 9785 28 14
Project 2016-04 Modifications to PRC-025-1 Purpose: Address issues on Generator Relay Loadability including: Provide alternative loadability Options for Table 1 specific to dispersed power producing resources; Address the inclusion or exclusion of the 50 element (i.e., instantaneous); Review Table 1 for proper application where there is more than one application for the available Option(s), Provide alternative or additional Options for Table 1 specific to relay applications that are directional toward the Transmission system where the interconnecting transmission line impedance may be a factor in determining the maximum Reactive Power output of the generators and associated relay settings; Provide an alternative to the term pickup setting in Table 1 the will better align with the intent of the standard for relays to not trip Status: Passed initial ballot Developer contact information: Scott Barfield McGinnis, Scott.Barfield@nerc.net 29 Purpose: Revise existing BAL 003 1 to address: Project 2017-01 Modifications to BAL-003-1.1 Inconsistencies in calculation of IFROs due to interconnection Frequency Response performance changes of Point C and/or Value B; Eastern Interconnection Resource Contingency Protection Criteria; Frequency nadir point limitations (currently limited to t0 to t+12), Clarification of language in Attachment A, i.e. related to Frequency Response Reserve Sharing Groups (FRSG) and the timeline for Frequency Response and Frequency Bias Setting activities; BAL 003 1 FRS Forms enhancements that include, but may not be limited to, the ability to collect and submit FRSG performance data. Status: SAR teams being formed Developer contact information: Darrel Richardson, darrel.richardson@nerc.net 30 15
Project 2017-04 Periodic Review of INT Standards The purpose of this project is to conduct a periodic review of a subset of the Interchange (INT) Reliability Standards: INT 004 3.1; INT 006 4; INT 009 2.1; and INT 010 2.1. Provide a comprehensive review that results in a recommendation that the Reliability Standard should be: Reaffirmed; Revised; or Withdrawn. 31 Project 2017-04 Periodic Review of INT Standards First public meeting was conducted August 23 24, 2017 at NERC offices in Atlanta, GA Second public meeting will be conducted September 26 27, 2017 at Xcel Energy in Golden, CO Contact Laura Anderson, Standards Developer Email: laura.anderson@nerc.net Telephone: 404 446 9671 32 16
Project 2017-05 NUC-001-3 Periodic Review Purpose Conduct a periodic review of one Nuclear Plant Interface Coordination (NUC) Reliability Standard NUC 001 3 Provide a comprehensive review that results in a recommendation that the Reliability Standard should be: o Reaffirmed; o Revised; or o Withdrawn. 33 Project 2017-05 NUC-001-3 Periodic Review First public meeting was conducted September 12 13, 2017 at NERC offices in Washington, DC Conference call scheduled for October 17 to continue working on initial recommendations Contact Mat Bunch, Standards Developer Email: mat.bunch@nerc.net Telephone: 404 446 9785 34 17
Project 2017-06 Modifications to BAL-002-2 Purpose: Address FERC directives to modify BAL 002 2, Requirement R1, to require Balancing Authorities and Reserve Sharing Groups: To notify the reliability coordinator of the conditions set forth in Requirement R1, Part 1.3.1 preventing it from complying with the 15 minute ACE recovery period; and To provide the reliability coordinator with its ACE recovery plan, including a target recovery time Status: SAR teams being formed Developer contact information: Darrel Richardson, darrel.richardson@nerc.net 35 Project 2017-07 Standards Alignment with Registration Aligns standards with retirement of Purchasing Selling Entity (PSE), Interchange Authority (IA), and Load Serving Entity (LSE) functions. Includes three categories: Modifications to existing standards where the removal of the retired function may need replacement by another function o Reliability Standard MOD 032 1 specifies certain data from LSEs that may need to be provided by other functional entities going forward Modifications where the applicable entity and references may be removed: o Standards are redlined and posted for industry comment and ballot o Edits to remove deregistered functional entities and their applicable requirements/references PRC 005 will be updated to replace DP with Underfrequency Load Shedding (UFLS) DP Addressing alignment through the periodic review process: o INT 004 and NUC 001 36 18
Project 2017-07 Standards Alignment with Registration SAR Drafting Team Recommendation to be presented to the Standards Committee (SC) at its October 2017 meeting SAR for Standards Alignment with Registration posted for comment 08/01/2017 08/30/2017 SAR for MOD 032 1 posted for comment 08/01/2017 08/30/2017 Contact Laura Anderson, Standards Developer Email: laura.anderson@nerc.net Telephone: 404 446 9671 37 Project 2017-02 Modifications to Personnel Performance, Training, and Qualifications Purpose: Make modifications to the PER standards based on the Project 2016 EPR 01 PER team recommendations: PER 003 1 requires a clarifying footnote to 1) understand connection between the Standard and Program Manual and 2) certifications references under PER 003 1 are from NERC System Operator Certification program; and Retire PER 004 2 Status: Meeting to finalize SAR at the end of September Developer contact information: Darrel Richardson, darrel.richardson@nerc.net 38 19
39 20