TOP for Transmission Operators

Similar documents
Modifications to TOP and IRO Standards

primary Control Center, for the exchange of Real-time data with its Balancing

Standard TOP Transmission Operations

TOP-001 v3 and v4 Monitoring Non-BES and Data Exchange Requirements. FRCC Spring RE Workshop April 17-18, 2018

Modifications to TOP and IRO Standards

A. Introduction. B. Requirements and Measures

Project Consideration of Commission Directives in Order No. 693

TOP/IRO Standards. RC Users Group January 21, Vic Howell Manager, Operations Engineering Support

NERC and Regional Coordination Update

Standards Authorization Request Form

Concept White Paper. Concepts for Proposed Content of Eventual Standard(s) for Project : Real-Time Monitoring and Analysis Capabilities

Implementation Plan for COM-001-2

TOP-010-1(i) Real-time Reliability Monitoring and Analysis Capabilities

5. Effective Date: The first day of the first calendar quarter after applicable regulatory approval.

Standard Authorization Request Form

Standard Development Timeline

Standard CIP Cyber Security Critical Cyber As s et Identification

Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan

Procedure For NPCC Bulk Electric System Asset Database

Standard CIP Cyber Security Critical Cyber As s et Identification

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

CIP V5 Updates Midwest Energy Association Electrical Operations Conference

Unofficial Comment Form Project Protection System Maintenance and Testing Phase 3 (Sudden Pressure Relays)

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards

NB Appendix CIP NB-0 - Cyber Security Personnel & Training

Draft CIP Standards Version 5

CIP Cyber Security Critical Cyber Asset Identification. Rationale and Implementation Reference Document

Standard Development Timeline

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1

November 9, Revisions to the Violation Risk Factors for Reliability Standards IRO and TOP

COM Operating Personnel Communications Protocols. October 31, 2013

Standard Authorization Request Form

ERO Enterprise Registration Practice Guide: Distribution Provider directly connected Determinations Version 2: July 5, 2018

4.1.1 Generator Owner Transmission Owner that owns synchronous condenser(s)

Project Protection System Misoperations

Peak Reliability. Reliability Coordinator Data Request and Specifications for Data Provision

Standard CIP Cyber Security Security Management Controls

NB Appendix CIP NB-0 - Cyber Security Recovery Plans for BES Cyber Systems

Standard Development Timeline

4.1.1 Generator Owner Transmission Owner that owns synchronous condenser(s)

Reliability Coordinator Procedure

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Implementation Plan for Version 5 CIP Cyber Security Standards

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

DRAFT Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1

Critical Asset Identification Methodology. William E. McEvoy Northeast Utilities

Low Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

Standard Development Timeline

Project Posting 8 Frequently Asked Questions Guide

CIP Cyber Security Systems Security Management

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Path Operations post WECC TOP 007 Rob Witham, WAPA RMR TSS Supervisor

CIP Cyber Security Personnel & Training

NERC Management Response to the Questions of the NERC Board of Trustees on Reliability Standard COM September 6, 2013

Standard Development Timeline

Standard INT Dynamic Transfers

Standard CIP-006-3c Cyber Security Physical Security

Unofficial Comment Form Project Operating Personnel Communications Protocols COM-002-4

Unofficial Comment Form Project Real-time Monitoring and Analysis Capabilities IRO and TOP-010-1

Standards Authorization Request Justification

CIP Cyber Security Recovery Plans for BES Cyber Systems

Bulk Electric System Definition Changes and Reporting

PRC Coordination of Protection Systems for Performance During Faults

Critical Cyber Asset Identification Security Management Controls

Standard CIP Cyber Security Incident Reporting and Response Planning

Standard INT Dynamic Transfers

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

CIP Cyber Security Configuration Management and Vulnerability Assessments

Disclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...

requirements in a NERC or Regional Reliability Standard.

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems

Categorizing Cyber Systems

Standard CIP Cyber Security Physical Security

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

Standard CIP Cyber Security Critical Cyber Asset Identification

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Physical Security of BES Cyber Systems

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Standard CIP Cyber Security Critical Cyber Asset Identification

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

New Brunswick 2018 Annual Implementation Plan Version 1

Purpose. ERO Enterprise-Endorsed Implementation Guidance

COM Interpersonal Communications Capabilities

Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Reliability Standard Audit Worksheet 1

Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Standard CIP-006-4c Cyber Security Physical Security

Project , COM Operating Personnel Communications Protocols Rationale and Technical Justification

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Standard Development Timeline

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Electric Transmission Reliability

Standard CIP Cyber Security Electronic Security Perimeter(s)

Transcription:

Meeting Title Date TOP-001-4 for Transmission Operators Compliance Team Lead, Keith Smith

Background Effective July 1, 2018 Replaces currently effective TOP-001-3 Modified to address reliability concerns identified by FERC in Order 817 Monitoring non-bulk Electric System facilities Redundancy and diverse routing of data exchange capabilities Testing of the alternate or less frequently used data exchange capability 2

TOP-001-4 Changes Monitoring non-bulk Electric System Facilities R10. Each Transmission Operator shall perform the following for determining System Operating Limit (SOL) exceedances within its Transmission Operator Area: Part 10.3. Monitor non-bes facilities within its Transmission Operator Area identified as necessary by the Transmission Operator. Part 10.6. Obtain and utilize status, voltages, and flow data for non-bes facilities outside its Transmission Operator Area identified as necessary by the Transmission Operator. Transmission Operator Area - The collection of Transmission assets over which the Transmission Operator is responsible for operating. 3

TOP-001-4 Changes Rationale for R10: As used in TOP and IRO Reliability Standards, monitoring involves observing operating status and operating values in Real-time for awareness of system conditions. Non-BES facilities that TOP is required to monitor are only those necessary for TOP to determine SOL exceedances within its Transmission Operator Area. TOP-003-3 R1 specifies that the TOP shall develop a data specification which includes data and information needed by the TOP to support its OPAs, Real-time monitoring, and RTAs. This includes non-bes data and external network data as deemed necessary by the TOP. 4

Non-BES Facilities Non-BES Facilities include, but not limited to: Radial systems (including Load) 69 kv Transmission Facilities Generation Facilities connected at 69 kv Generation resources connected at 69 kv or higher with: Gross individual nameplate rating less than 20 MVA; and Gross plant/facility aggregate nameplate rating less than 75 MVA 5

Audit Approach TOP-001-4 Part 10.3, Part 10.6 What are the non-bes Facilities and data identified as necessary for determining SOL exceedances? How did the TOP determine the non-bes Facilities and data identified as necessary for determining SOL exceedances? Is there evidence to demonstrate the entity is monitoring and obtaining data for these non-bes Facilities? 6

Audit Evidence: TOP-001-4 Part 10.3, Part 10.6 Including, but not limited to: Process, analysis, or explanation for how the TOP identified the necessary non-bes Facilities and data. Identification of non-bes Facilities for which monitoring or data is necessary to determine SOL exceedances within TOP Area. Identification may be general or Facility specific Identification should occur prior to July 1, 2018 Evidence the TOP is monitoring and obtaining data for the identified non-bes Facilities. Data and alarm configurations EMS one-line diagrams Demonstration during System Operator interviews 7

TOP-001-4 Changes Redundancy and Diverse Routing of Data Exchange Capabilities R20. Each Transmission Operator shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Transmission Operator's primary Control Center, for the exchange of Realtime data with its Reliability Coordinator, Balancing Authority, and the entities it has identified it needs data from in order for it to perform its Real-time monitoring and Real-time Assessments. 8

TOP-001-4 Changes Rationale for R20: Redundant and diversely routed data exchange capabilities preclude single points of failure in primary Control Center data exchange infrastructure from halting the flow of Real-time data. For periods of planned or unplanned outages of individual data exchange components, the proposed requirements do not require additional redundant data exchange infrastructure components solely to provide for redundancy. Infrastructure that is not within the TOP's primary Control Center is not addressed by the proposed requirement. Note: Per NERC definition of Control Center, associated data centers are considered part of the primary Control Center. 9

TOP-001-4 Changes Redundancy and Diverse Routing of Data Exchange Capabilities Control Center One or more facilities hosting operating personnel that monitor and control the Bulk Electric System (BES) in real-time to perform the reliability tasks, including their associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations. SDT Comments The proposed requirement cannot be circumvented by moving data exchange infrastructure to a data center because the definition of Control Center includes associated data centers. 10

TOP-001-4 Changes Redundancy and Diverse Routing of Data Exchange Capabilities SDT Comments The requirements provide entities with flexibility in designing an architecture that precludes single points of failure in the primary Control Center from halting the flow of real-time data to the operator. SDT Comments requirements for redundant and diversely routed data exchange capabilities apply to infrastructure within the primary Control Center such as switches, routers, servers, power supplies, and network cabling and communication paths between these components in the primary Control Center for the exchange of system operating data. 11

Diverse Routing and Redundancy Avoid Single Points of Failure Cables in a shared conduit or cable tray Conduits or cable trays in close proximity Shared components within communication paths Components within the same rack 12

Audit Approach TOP-001-4 R20 Who are the entities the TOP has identified it needs data from in order to perform Real-time monitoring and Real-time Assessments? What data exchange capabilities does the TOP use to exchange data with the Reliability Coordinator, Balancing Authority, and other entities from which the TOP needs data? How did the entity determine the data exchange capabilities have redundant and diversely routed infrastructure within the primary Control Center? 13

Audit Evidence: TOP-001-4 R20 Including, but not limited to: Identification of the entities from which Real-time data is needed to perform Real-time monitoring and Real-time Assessments. Detailed TOP-003-3 data specification may identify these entities Identification of data exchange capabilities with: Reliability Coordinator Balancing Authority Other entities from which the TOP needs data in order to perform Real-time monitoring and Real-time assessments Evidence to demonstrate each identified data exchange capability has redundant and diversely routed infrastructure within the primary Control Center. Evidence should demonstrate compliance as of July 1, 2018 Network/topology diagrams Single point of failure analysis Control Center and associated data center walkthroughs 14

TOP-001-4 Changes Testing of the Alternate or Less Frequently Used Data Exchange Capability R21. Each Transmission Operator shall test its primary Control Center data exchange capabilities specified in Requirement R20 for redundant functionality at least once every 90 calendar days. If the test is unsuccessful, the Transmission Operator shall initiate action within two hours to restore redundant functionality. 15

TOP-001-4 Changes Rationale for Requirement R21: A test for redundant functionality demonstrates that data exchange capabilities will continue to operate despite the malfunction or failure of an individual component (e.g., switches, routers, servers, power supplies, and network cabling and communication paths between these components in the primary Control Center for the exchange of system operating data). An entity's testing practices should, over time, examine the various failure modes of its data exchange capabilities. When an actual event successfully exercises the redundant functionality, it can be considered a test for the purposes of the proposed requirement. 16

Audit Approach TOP-001-4 R21 What data exchange capabilities does the TOP use to exchange data with the entities it has identified it needs data from in order to perform its Real-time monitoring and Real-time Assessment? Has the TOP performed a test of each primary Control Center data exchange capability for redundant functionality at least once every 90 calendar days? How do the tests exercise redundant functionality of the data exchange capabilities? Do the tests, over time, examine various failure modes of the data exchange capabilities? Were any of the tests performed unsuccessful? If yes, did the TOP initiate action within two hours to restore redundant functionality? 17

Audit Evidence: TOP-001-4 R21 Including, but not limited to: Identification of data exchange capabilities with: Reliability Coordinator Balancing Authority Other entities from which the entity needs data in order to perform Real-time monitoring and Real-time Assessments Dated test records for each data exchange capability Test records should identify results of each test Logs should be available to support test records Entities should be prepared to explain how each test exercises the redundant functionality of the data exchange capabilities Evidence of corrective action taken for any failed tests Time identification required due to two-hour specification in R21 18

Questions? 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback