NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility Analyst Iowa Utilities Board November 10, 2010
OVERVIEW OF NERC The North American Electric Reliability Corporation s (NERC) mission is to ensure the reliability of the North American bulk power system. Reliability - A reliable bulk power system is able to meet the electricity needs of end-use customers even when unexpected equipment failures or other factors reduce the amount of available electricity. Bulk Power System NERC defines the bulk power system as electric power generation facilities combined with the high-voltage transmission system. 2
NERC HISTORY A voluntary organization of operating personnel in US and Canada. 1980s began addressing both reliability and planning. Electric utility industry s primary point of contact with US government for national security and critical infrastructure protection issues. 3
NERC ACTIVITIES Work with industry to develop reliability standards. Assess future bulk power system reliability forecasts. Analyze system events. Monitor status of bulk power system. Coordinate physical and cyber security needs. Train, education and certify system operators. Enforce compliance with reliability standards including assessing monetary and non-monetary penalties. 4
IMPLEMENTATION OF EPACT 2005 August 2005 Energy Policy Act of 2005 is enacted authorizing the creation of a Electric Reliability Organization (ERO) to develop mandatory and enforceable reliability standards April 2006 NERC files application with FERC to become ERO in US NERC files with FERC 102 reliability standards. July 2006 FERC certifies NERC as the ERO for the US March 2007 FERC approves 83 NERC Reliability Standards Standards are legally enforceable for US bulk power system, effective June 4, 2007 April 2007 FERC approves eight delegation agreements NERC will delegate authority to monitor and enforce compliance to eight Regional Entities NERC will continue in oversight role June 2008 NERC files first violation notices 5
FRCC - Florida Reliability Coordinating Council MRO - Midwest Reliability Organization NPCC - Northeast Power Coordinating Council RFC - Reliability First Corporation SERC - SERC Reliability Corporation SPP - Southwest Power Pool, RE TRE - Texas Regional Entity WECC - Western Electricity Coordinating Council 6
NERC REGISTERED ENTITIES All bulk power system owners, operators, and users are required to register with NERC and comply with NERC Reliability Standards. Categories of registration type are based on the entity s functional type. 7
NERC AND FERC NERC ROLE FERC ROLE Must comply with FERC directives. Sole entity to draft Reliability Standards. Investigates violations and files with FERC Notice of Penalty. Cannot dictate specific content of Reliability Standards. Reviews and approves Reliability Standards. May or may not act on Notice of Penalty. 8
NERC STANDARDS Define the reliability requirements for planning and operating the North American bulk power system. Standards are developed by industry using a balanced, open, and inclusive process managed by NERC Standards Committee. The NERC reliability standards are classified within 14 specific categories. Each category contains multiple standards and each standard consists of multiple requirements. Proposed standards are submitted to FERC. Once approved by FERC, standards are mandatory and enforceable. 9
CRITICAL INFRASTRUCTURE PROTECTION (CIP) Standard CIP-002-1 CIP-003-1 CIP-004-1 CIP-005-1 CIP-006-1 CIP-007-1 CIP-008-1 CIP-009-1 Summary Requires a responsible entity to identify critical assets and critical cyber assets using a risk-based assessment methodology. Requires a responsible entity to develop and implement security management controls to protect identified critical cyber assets. Requires personnel with access to critical cyber assets to have identity verification and a criminal check. Also requires employee training. Requires the identification and protection of an electronic security perimeter and access points. Requires a responsible entity to create and maintain a physical security plan that ensures that all cyber assets within an electronic security perimeter are kept in an identified physical security perimeter. Requires a responsible entity to define methods, processes, and procedures for securing the systems identified as critical cyber assets, as well as the non-critical cyber assets within an electronic security perimeter. Requires a responsible entity to identify, classify, respond to, and report cyber security incidents related to critical cyber assets. Requires the establishment of recovery plans for critical cyber assets using established business continuity and disaster recovery techniques and practices. 10
NERC TODAY Currently 95 Reliability Standards. 1,800 Registered Entities, including entities in Canada. Over 500 Notices of Penalty have been issued. Range of penalties assessed from $0 to $250,000. Ongoing review of standards and development of new standards. 11
QUESTIONS? Janet Amick Iowa Utilities Board janet.amick@iowa.gov NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board 12