+ All Categories
Home > Documents > Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process...

Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process...

Date post: 12-Aug-2020
Category:
Upload: others
View: 1 times
Download: 0 times
Share this document with a friend
75
Agenda Member Representatives Committee Pre-Meeting Informational Session Conference Call and Webinar April 9, 2014 | 11:00 a.m.–1:00 p.m. Eastern Conference Line: 1-800-920-2968 | Access Code: 9762625 | Broadcast Audio: 690079 Click here for: Webinar Registration Introductions and Chair’s Remarks NERC Antitrust Compliance Guidelines and Public Meeting Notice* Agenda 1. Opening Remarks 2. Schedule of Quarterly NERC Meetings and Conference Calls* 3. Topics for the Board of Trustees, Board Committees and MRC Meetings* May 6-7, 2014 4. Overview of the Items Included in the Policy Input Letter a. Reliability Standard Audit Worksheet (RSAW) Review and Revision Process* b. Risk-Based Registration Assessment Update* c. Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities 5. Informational Items a. Reliability Assurance Initiative (RAI) Progress Report* b. Critical Infrastructure Protection (CIP) Version 5 Implementation Study* c. Physical Security Standard Project* d. 2015 Business Plan and Budget Update and Stakeholder Input Tracking* e. Operating Personnel Communication Protocols Standard Development Update* f. Definition of Bulk Electric System (BES) Update* g. ERO Enterprise Operating Model* *Background materials included.
Transcript
Page 1: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Member Representatives Committee Pre-Meeting Informational Session Conference Call and Webinar April 9, 2014 | 11:00 a.m.–1:00 p.m. Eastern Conference Line: 1-800-920-2968 | Access Code: 9762625 | Broadcast Audio: 690079 Click here for: Webinar Registration Introductions and Chair’s Remarks NERC Antitrust Compliance Guidelines and Public Meeting Notice* Agenda

1. Opening Remarks

2. Schedule of Quarterly NERC Meetings and Conference Calls*

3. Topics for the Board of Trustees, Board Committees and MRC Meetings* ― May 6-7, 2014

4. Overview of the Items Included in the Policy Input Letter

a. Reliability Standard Audit Worksheet (RSAW) Review and Revision Process*

b. Risk-Based Registration Assessment Update*

c. Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities

5. Informational Items

a. Reliability Assurance Initiative (RAI) Progress Report*

b. Critical Infrastructure Protection (CIP) Version 5 Implementation Study*

c. Physical Security Standard Project*

d. 2015 Business Plan and Budget Update and Stakeholder Input Tracking*

e. Operating Personnel Communication Protocols Standard Development Update*

f. Definition of Bulk Electric System (BES) Update*

g. ERO Enterprise Operating Model* *Background materials included.

Page 2: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Antitrust Compliance Guidelines I. General It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant and employee who may in any way affect NERC’s compliance with the antitrust laws to carry out this commitment. Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another. The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC’s antitrust compliance policy is implicated in any situation should consult NERC’s General Counsel immediately. II. Prohibited Activities Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions):

• Discussions involving pricing information, especially margin (profit) and internal cost information and participants’ expectations as to their future prices or internal costs.

• Discussions of a participant’s marketing strategies.

• Discussions regarding how customers and geographical areas are to be divided among competitors.

• Discussions concerning the exclusion of competitors from markets.

• Discussions concerning boycotting or group refusals to deal with competitors, vendors or suppliers.

Page 3: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

NERC Antitrust Compliance Guidelines 2

• Any other matters that do not clearly fall within these guidelines should be reviewed with NERC’s General Counsel before being discussed.

III. Activities That Are Permitted From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition. Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system. If you do not have a legitimate purpose consistent with this objective for discussing a matter, please refrain from discussing the matter during NERC meetings and in other NERC-related communications. You should also ensure that NERC procedures, including those set forth in NERC’s Certificate of Incorporation, Bylaws, and Rules of Procedure are followed in conducting NERC business. In addition, all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup, as well as within the scope of the published agenda for the meeting. No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants. In particular, decisions with respect to setting, revising, or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations. Subject to the foregoing restrictions, participants in NERC activities may discuss:

• Reliability matters relating to the bulk power system, including operation and planning matters such as establishing or revising reliability standards, special operating procedures, operating transfer capabilities, and plans for new facilities.

• Matters relating to the impact of reliability standards for the bulk power system on electricity markets, and the impact of electricity market operations on the reliability of the bulk power system.

• Proposed filings or other communications with state or federal regulatory authorities or other governmental entities.

Matters relating to the internal governance, management and operation of NERC, such as nominations for vacant committee positions, budgeting and assessments, and employment matters; and procedural matters such as planning and scheduling meetings.

Page 4: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

MEETING LOCATION

Hyatt Regency Philadelphia at Penn’s Landing Schedule of Events – Industry

201 S. Columbus Blvd. May 6-7, 2014 — Philadelphia, PA

Philadelphia, PA 19106

215-928-1234

All times are Eastern.

Conference Calls Before the May 2014 Meetings

April 9, 2014 11:00 a.m. - 1:00 p.m.

MRC Informational Session – Conference Call and Webinar

Tuesday, May 6, 2014

8:45 - 9:45 a.m. Room name: TBD

Finance and Audit Committee – OPEN Session

10:00 - 11:00 a.m.

Room name: TBD

Compliance Committee – OPEN Session

11:00 a.m. – 12:00 p.m.

Room name: TBD

Standards Oversight and Technology Committee – OPEN Session

Noon to 1:00 p.m.

Room name: TBD

Lunch

1:00-5:00 p.m. Room name: TBD

Member Representatives Committee – OPEN Session

5:30 p.m.

Location: TBD

Reception

Wednesday, May 7, 2014

8:30 a.m. – 12:00 p.m. Room name: TBD

Board of Trustees Meeting

Page 5: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Member Representatives Committee (MRC)Pre-Meeting and Informational WebinarApril 9, 2014

Page 6: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY2

• Review preliminary agenda topics for May 6 MRC meeting• Review preliminary list of agenda topics for the Board of

Trustees (Board) and associated Board committee meetings (May 6-7, 2014)

• Determine adjustments to the May 6 MRC agenda based on today’s discussion

• Receive updates on emerging and informational issues as part of today’s Informational Webinar

Objectives – Pre-Meeting and Informational Session

Page 7: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY3

• Schedule of Events*• Corporate Governance and Human Resources Committee, May

1 (2:00 p.m., Eastern) Form 990 review 2014 Q1 corporate goals update Staffing and recruiting update

Conference Calls, Prior to Philadelphia

Page 8: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY4

• Review 2013 audited financial statements• Review performance of external auditor• Review first quarter unaudited statement of activities• Review Form 990• Procedures for approval of senior management expenses• Report on capital financing program

Finance and Audit Committee (FAC)8:45 – 9:45 a.m., May 6

Page 9: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY5

• Reliability Assurance Initiative (RAI) update Auditors’ Manual implementation plan RAI compliance design RAI enforcement

• RSAW revision process• Key compliance and enforcement trends

Compliance Committee10:00 a.m. – 11:00 a.m., May 6

Page 10: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY6

• CIP Version 5 Response to FERC directives Implementation update

• Stage 2 GMD standard• Physical security standard project• IT enterprise applications• TOP/IRO response update• Review Standards quarterly status report• Periodic review of NERC ANSI accreditation

Standards Oversight and Technology Committee (SOTC) 11:00 a.m. – 12:00 p.m., May 6

Page 11: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY7

• Recommended slate of members for the RISC• Request for MRC members to serve on Board nominating

committee• Responses to the Board’s request for policy input

RSAW Revision Process Risk-Based Registration Assessment Scope and Future Vision of ES-ISAC Operations

• Policy discussion of key items from the Board committees Issues discussed during FAC, SOTC, and BOTCC

Member Representatives Committee1:00 – 5:00 p.m., May 6

Page 12: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY8

• 2015 business plan and budget• Plan for 2014 long-term reliability assessment and emerging

issues• Whitepaper for Essential Reliability Services Task Force• Five-year performance assessment

Member Representatives Committee1:00 – 5:00 p.m., May 6

Page 13: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY9

• Committee membership and charter changes• Standards items for adoption

MOD-031-1, VAR-002-3, COM-002-4 VRF/VSL Revisions

• Physical Security Standard• Amendments to SERC Bylaws• Review of Summer Assessment and State of Reliability Report• Update on Canadian Affairs• Committee, forum and group reports

Quarterly updates Approval of CCC 2014-2016 work plan and CCCPP-001-2 Accept 2013 audited financial statements Accept first quarter statement of activities

Board of Trustees8:30 a.m., May 7

Page 14: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY10

• Overview of Policy Input Letter items RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support expanded cyber

security information sharing and capabilities

• RAI progress report• CIP V5 implementation study• Physical security standard project• 2015 business plan & budget update and stakeholder input

matrix• COM-002-4 update• Definition of BES update• ERO Enterprise Operating Model

April 9 – MRC Informational Session

Page 15: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY11

Page 16: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 4a MRC Informational Session April 9, 2014

RSAW Review and Revision Process

Action Information Background During the February Member Representatives Committee (MRC) meeting, a concern was raised about changes made to a Reliability Standards Audit Worksheet (RSAW) after a standard has been approved and whether a review and approval process is needed to ensure that a change does not effectuate a material change in the scope or intent of the standard. A small working group was formed with representation from the MRC, NERC staff, and the NERC Board to develop a proposal for a RSAW revision process to be presented at the May meetings. The scope of the working group is for revisions made, after a standard has been approved, to RSAWs that were posted concurrently with the standard. The working group developed the attached proposed process to vet proposed changes to an RSAW that is already in place for an existing standard. At a high level, the process proposes to post any substantive revisions to an RSAW for industry comment. The final revised RSAW would be forwarded, along with any comments not accepted, to the Chair of the Standards and Oversight Technology Committee (SOTC), who will determine whether the revised RSAW goes into effect on its proposed effective date with no further action or if a review is needed by the full SOTC.

Page 17: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Item 4a – Attachment 1 MRC Informational Session April 9, 2014

Reliability Standard Audit Worksheet (RSAW) Review and Revision Process

Objectives There are several key principles that must be balanced in constructing the RSAW review process:

1. The RSAW is intended to be a tool to assist the ERO in conducting its audit field work and to enable a consistent approach throughout the ERO Enterprise.

2. The ERO is committed to making RSAWs publicly available to industry as part of the standards balloting process to provide a level of transparency about the compliance expectations for the standard.

3. The ERO must have the latitude to modify RSAWs as experience is gained in the field over time.

4. The purpose of the RSAW review process is to ensure that any proposed change to an RSAW does not effectuate a material change in the scope or intent of a standard.

Proposed Process A simple process to achieve these objectives would be as follows. The process will be used to vet proposed changes to an RSAW that is already in place for an existing standard.

1. NERC will post any substantive revision to an RSAW for industry comment for a period of at least 15 business days before it becomes effective. The posting will state whether the changes are intended to apply to current open audits or only to audits commencing on or after the effective date. Comments should focus on whether industry believes the proposed changes to the RSAW are a material change in the scope of the standard, a technical error or a concern regarding the effective date.

2. NERC, along with the Regions, will review the comments and may propose additional revisions to the RSAW to address industry comments. If revisions are made, NERC will re-post the RSAW for industry comment for an additional 15 business days.

3. NERC will forward any remaining comments not accepted, along with its rationale, to the Chair of the Standards Oversight and Technology Committee (SOTC). The Chair of the SOTC will decide whether a review by the full SOTC is necessary and will take into consideration the following:

a. Whether a technical error or inaccuracy is identified in the proposed change;

b. the proposed change incorrectly expands what is required by the standard’s requirements; or

c. the effective date for the proposed changes increase compliance requirements retroactively.

Page 18: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

4. The Chair of the SOTC will take one of the following actions:

a. No action required. The RSAW will go into effect on its proposed effective date.

b. Forward the proposed RSAW revisions for review by the full SOTC. The proposed revisions to the RSAW will not go into effect.

5. The SOTC will perform a similar review for any RSAW referred to it. NERC will implement the SOTC’s findings as to whether additional changes to the RSAW are required or if the RSAW may go into effect as drafted.

Page 19: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 4b MRC Informational Session April 9, 2014

Risk-Based Registration Assessment Update

Action Information

Background NERC launched the Risk-Based Registration (RBR) initiative in 2014 to ensure that a common approach to identifying and evaluating risks to reliability is used consistently throughout the ERO Enterprise. NERC has always included risk evaluation as part of its programs, procedures and policies, and over the last seven years, the risk evaluation has become more formalized and mature. This initiative will align industry registration and compliance burden, while supporting NERC and Regional Entities to: 1) identify who should be registered and who should not be registered - according to their risk to reliability; and 2) refine the criteria needed to make decisions to register and a basis to determine the appropriate sub-lists of applicable Reliability Standard requirements. Summary The registration program is the key to what triggers mandatory compliance by an entity with Reliability Standard requirements and associated compliance monitoring and enforcement activities. NERC management believes that the ultimate end-state vision for the registration program should be to ensure the right entities are subject to the right set of applicable Reliability Standards, using a consistent and common approach to risk assessment and registration across the ERO enterprise. Expected Benefits Benefits to effectively employing risk-based methods include:

• aligned industry registration and compliance burden, while sustaining continued reliability;

• identified users, owners and operators of the Bulk Power System responsible for complying with Reliability Standards, ensuring no gaps or duplication of compliance responsibilities;

• improved use of NERC, Regional Entity and registered entity resources;

• improved Reliability Standards development enabling feedback to tailor their applicability; and

• increased consistency with the eight Regional Entities by developing a common and repeatable approach in implementation of the RBR program.

The major goals of the NERC RBR initiative are to:

• develop and deploy a sustainable registration program design that incorporates evaluation of the risks and benefits provided by a given entity to ensure reliability, identifying a corresponding properly tailored set of NERC Reliability Standard requirements; and

Page 20: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

• create an implementation plan that supports a 2016 or sooner launch, along with business practice and IT requirements, with the possibility of early adoption options that can result in high alignment of industry burden, while preserving an adequate level of reliability.

In addition, coordination of this effort will enhance the ability to:

• evaluate risks to reliability for use across the ERO enterprise;

• identify changes to the registration criteria, if any, to align RBR with other NERC activities; and

• incorporate recent implications to registration resulting from the enhanced Bulk Electric System definition.

RBR will necessarily include using consistent terminology, a common approach to criteria application and appropriate oversight. Formation of Advisory Group In 2014, NERC established a RBR Advisory Group (RBRAG) to provide input and advice regarding an RBR design and implementation plan. The RBRAG is comprised of representatives from NERC staff, Regional Entity staff, and Federal Energy Regulatory Commission staff, along with U.S. and Canadian industry representatives. A white paper is being developed by the RBRAG and will be released for public comment as part of the NERC request for policy input in April, 2014. Discussions regarding the registration program redesign and implementation plan will be held at the NERC Board of Trustees’ committee meetings in May, August and November, 2014. Staged Approach Existing flexibility in the application of threshold criteria, the Functional Model categories and scaled sets of applicable Reliability Standards may provide opportunities for accelerated reform within the existing NERC Rules of Procedure (ROP). However, modifications to the ROP will be pursued, as needed. Achieving the end-state vision is expected to occur in two phases. The first stage will focus on the development and refinement of the registration program design. An implementation plan will be developed as a part of this effort. The second stage will address any remaining non-design issues or issues that require a longer lead time.

Page 21: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Risk-Based Registration Assessment Update

Mark Lauby, NERC Vice President and Director of StandardsMRC Informational SessionApril 9, 2014

Page 22: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY2

• Some functions may have minimal impact on reliability• Must follow all Reliability Standard requirements according to

function, regardless of reliability impacts• Conservative criteria and thresholds used to register entities• Flexibility to use entity risk, but limited application to date

Current Registration Challenges

Page 23: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY3

• Manage risk, ensuring right entities doing the right thing

• Differentiate entities exhibiting different levels of risk: Clear thresholds Registration based on thresholds Focused Reliability Standard requirements

• Align with: Bulk Electric System (BES) definition Reliability Assurance Initiative (RAI) Reliability Standard reform Third party audit findings

• Systematic, repeatable and comprehensive process

Risk-Based Registration (RBR) Vision

Page 24: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY4

RBR 2014 Timeline

SeptJuly AugJan Feb Mar Apr May June

Board Adopt Design

and Plan

Draft Whitepaper

MRC Policy Input

Enhanced Draft

Design & Plan

Form Advisory

Group

Launch Risk-Based

Registration

Draft Design & Plan Posted for

Comment

Final Posting

of Design and Plan

Oct NovSept2014

Dec

Page 25: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY5

Threshold Assessment

Tier 1: with Risk, 50

0

20

40

60

80

100

120

Current State Future State

MW

PEA

KDP Thresholds

Not Registered Tier 1: with Risk

Page 26: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY6

0

20

40

60

80

100

120

Current State Future State

MW

PEA

KDP Thresholds

Not Registered Subject to Registration

Threshold Assessment

Page 27: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY7

0

20

40

60

80

100

120

Current State Future State

MW

PEA

KDP Thresholds

Not Registered Subject to Registration

More Requirements

No Requirements

Threshold Assessment

Page 28: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY8

Subject to Registration, 0

New Threshold

0

20

40

60

80

100

120

Current State Future State

MW

PEA

KDP Thresholds

Not Registered Subject to Registration

More Requirements

No Requirements

Threshold Assessment

Page 29: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY9

New Threshold

0

20

40

60

80

100

120

Current State Future State

MW

PEA

KDP Thresholds

Not Registered Subject to Registration

More Requirements

No Requirements

Threshold Assessment

Page 30: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY10

New Threshold

0

20

40

60

80

100

120

Current State Future State

MW

PEA

KDP Thresholds

Not Registered Subject to Registration

More Requirements

No Requirements

Threshold Assessment

Page 31: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY11

• Alignment with risk-based concepts: RAI BES implementation Reliability Standard applicability efforts

• Centralized review process for threshold determinations Establish clear criteria and thresholds Consistent ERO-wide risk-based methods to assess entity’s impact

Tailored Requirements Based on Risk

Page 32: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY12

RBR Organizational Design

NERC-ledPanel

Regional Entity Risk

Determination

Registration Risk

Assessment

Page 33: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY13

RBR Organizational Design

NERC-ledPanel

Regional Entity Risk

Determination

Registration Risk

Assessment

Entity, and/or Regional Technical & Registration

Staff

Page 34: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY14

RBR Organizational Design

NERC-ledPanel

Regional Entity Risk

Determination

Registration Risk

Assessment

Regional Technical & Registration Staff

Entity, and/or Regional Technical & Registration

Staff

Page 35: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY15

RBR Organizational Design

NERC-ledPanel

NERC, Regional Technical & Registration Staff

Regional Entity Risk

Determination

Registration Risk

Assessment

Regional Technical & Registration Staff

Entity, and/or Regional Technical & Registration

Staff

Page 36: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY16

• Met twice to discuss scope and review draft whitepaper• Determined not all functions require thresholds• Identified need to: Review function and linkage to reliability Develop process identifying when entity should or should not register Establish criteria for scoping registration

• Formed three groups for threshold determination Distribution Providers/Load Serving Entities Transmission Owners/ Transmission Operators Generator Owners/Generator Operators

• One group formed to review Purchasing-Selling Entity

Advisory Group Next Steps

Page 37: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY17

Page 38: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 5a MRC Informational Session April 9, 2014

Reliability Assurance Initiative (RAI) Progress Report

Action Information Background The ERO Enterprise is moving from the conceptualization and testing of processes for a risk-based Compliance Monitoring and Enforcement Program (CMEP) to designed practices and approaches that facilitate the implementation of such risk-based programs. The goal of the combined pilots and studies has been to create a single CMEP design that represents an effective and sustainable approach, whereby resources are aligned to the relative risks posed by an entity to the reliability of the Bulk Power System (BPS). Completed compliance activities include the development of a single annual implementation plan, development of the auditor handbook and checklist, and initial training related to the use and application of the handbook. Compliance activities are now focused on converging the activities related to compliance audit pilots and transitioning into a single common ERO Enterprise risk-based approach. Enforcement activities began with enhancements to self-reporting and find, fix and track (FFT) processes (including expanding the use of FFTs to moderate risk issues). As noted below, Regional Entities now triage each instance of noncompliance as it enters the system to increase the efficiency in processing such issues. Two enforcement pilot programs are also underway to (a) allow selected entities to log instances of noncompliance posing a minimal risk to the reliability of the BPS that would be eligible to bypass the enforcement process and (b) allow Regional Entities to exercise enforcement discretion. Status As of April 2014, NERC and the Regional Entities completed the following RAI activities:

1. Distribution and Training of the ERO Auditor Manual and Handbook The workbook and related training were delivered to ERO Enterprise compliance monitoring staff at the March 2014 Compliance Auditor Workshop in Atlanta. During the next six months, auditors will be provided with seven additional training opportunities, each module providing greater detail regarding the use of the handbook. Additional work related to the manual and handbook includes: compliance auditor role expectations, a section introducing compliance auditing, ethics and standards, sampling methodology, supporting diagrams and flow charts, common forms and templates, and other content as needed. The handbook remains on target for public release on the NERC website prior to the end of April 2014.

Page 39: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

2. Draft Pilot Evaluation Criteria for Assessment In mid-January 2014, NERC and the Regional Entities met with the industry focus group and finalized the evaluation criteria for the compliance audit pilots. Efforts remain on target to deliver the recommended single compliance monitoring approach that would be used by NERC and each of the Regional Entities. Some quick highlights from the design include:

a. A program design that considers the disclosure of controls, considers the maturity of controls, and appropriately scopes and determines testing based on disclosure and maturity of controls

b. A program design which focuses on risks to reliability based on organizational, functional, regional and general risks

c. Provides a scoping design which considers the organization being audited, not one-size fits all

d. An approach to assessing controls and risk which assures the proper engagement tools and processes are applied and support the gathering of information to obtain reasonable assurance of compliance and instances of possible noncompliance, provide an understanding of severity

All activities are being managed to drive to the goal of full implementation by the beginning of 2016 and key milestones consisting of:

a. Discussing the common approach at the May 2014 Board meeting

b. Having the common design represented in the 2015 annual implementation plan (published October 2014)

c. Developing program elements as well as deployment of auditor and industry training through 2014 and into 2015

3. Self-Report and Mitigation User Guides NERC and Regional Entity staff prepared self-report and mitigation user guides that, among other things, explain the type and quality of information that should be submitted with a self-report and mitigation plan in order to allow for a prompt evaluation and, as appropriate, prompt disposition of noncompliance (in particular of noncompliance that posed a minimal risk to the reliability of the BPS). In December 2013, an industry focus group reviewed the draft user guide and provided comments to the working group. Among other things, the focus group suggested that the document be submitted in draft form to a broader audience of stakeholders prior to being finalized. In response to the feedback, the draft guide was posted in January 2014 for broader comment. NERC and the Regional Entities are reviewing the comments received.

4. Improved Process Flow (Triage) As of January 1, 2014, all Regional Entities implemented a triage process. As part of the triage, Regional Entities review incoming instances of noncompliance to make an initial

Page 40: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

determination as to whether an issue will proceed through enforcement or additional information is needed. During the pilot phase, when only a limited number of issues are eligible to be resolved outside of enforcement, noncompliance that posed a minimal risk to the BPS but is not eligible for the discretion pilot discussed below may be processed as an FFT. On average, it should take 60 days from discovery of the noncompliance for the Compliance Enforcement Authority (CEA) to make the initial determination and for the CEA to issue a letter confirming that for those issues subject to an enforcement pilot the issue will not be enforced or to issue the Notice of Possible Violation. For minimal risk issues that are not part of the discretion pilot, it is expected that the FFT communication will be distributed soon thereafter.

5. Evaluation of Multi-Region Registered Entity (MRRE) Process The goal of this activity is to establish guidelines to harmonize existing enforcement coordination practices and specify those Regional Entities that would serve as primary contacts for MRREs in connection with self-reports and other aspects of the enforcement process in certain types of cases. NERC and the Regional Entities completed the review of existing practices for coordination of enforcement actions related to MRREs. The working group developed recommendations, which are being discussed by ERO Enterprise management. In coordination with the enforcement efforts, the ERO Enterprise is also assessing current coordination practices to develop a complementary program to align compliance monitoring activities for multi-regional entities. The compliance efforts will be completed mid-2014 to align compliance activities for the 2015 calendar year.

6. Enforcement Pilots Beginning in October 2013, NERC and certain Regional Entities began the first phase of the pilot program for aggregation of minimal risk issues to test selected Registered Entities’ ability to proactively self-assess, identify, and mitigate minimal risk issues. This pilot is focused on allowing Registered Entities with demonstrated effective management practices to self-identify and assess instances of noncompliance to aggregate minimal risk issues which would otherwise be individually self-reported. In November 2013, the ERO Enterprise implemented the first phase of the pilot program for enforcement discretion to identify minimal risk issues, which would be recorded and mitigated without triggering an enforcement action. Only issues with a minimal risk to the reliability of the BPS are eligible for inclusion in this pilot. The inclusion of moderate risk issues will be considered as part of NERC’s annual review of the program. During the month of April, the results of these pilots will be reviewed and NERC and the Regional Entities will determine the next steps regarding these processes. The review will consider the accuracy and completeness of logs as well as the experience of the Regional Entities and Registered Entities with these processes.

Page 41: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Reliability Assurance Initiative (RAI) Progress ReportJerry Hedrick, Associate Director of Compliance Operations and Regional Entity OversightSonia Mendonca, Assistant General Counsel and Director of EnforcementMRC Informational SessionApril 9, 2014

Page 42: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY2

Project Progress Report

• Handbook and training provided to auditors at March workshop.• Handbook on track for publication during April.Auditor Handbook

• A single program design has been presented for evaluation.• The evaluation team is currently reviewing design elements for

final selection.

Prototypes and Pilot Programs

• User guide to support improved self reporting process completed in December 2013.

• Request for broader industry review in January 2014.

Improvements to Self-Reporting

• Triage process implemented across Electric Reliability Organization (ERO) by January 1, 2014 to expedite disposition of minimal risk issues.

• Enforcement pilots to test aggregation and exercise of enforcement discretion under way.

FFT Enhancements

Page 43: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY3

2014 Timeline for Single Compliance Approach

April – Present recommended common compliance design to ERO executive management

May – Provide update to BOTCC on common compliance approachOctober – Finalized compliance audit design approved for training

and deployment in 2015

May June July Aug Sep Oct NovApril Dec

Key Outputs• Defined risk approach that supports two way discussion• Evaluation criteria results in appropriately scoped audits based on

an entities size and risk• Control evaluation is clearly defined and understood

Page 44: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY4

Compliance Project Update

• What has been done All regional pilots have been completed and documented A single recommended compliance design has been presented for evaluation

• What is currently being done Single recommended compliance design is being evaluated Processes are being developed and modified in response to evaluation team

requests ERO enterprise compliance staff is being evaluated for necessary competencies and

capabilities

• What will be done Common compliance approach will be endorsed by ERO executive management Capability and competency gaps will be bridged Enforcement and compliance design will be integrated

Page 45: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY5

Next Steps for Enforcement Activities

Finalize User Guide; MRRE Guidelines

(Q1 2014)

Analyze Results of Enforcement

Pilots (April 2014)

FERC filing, if necessary

(Q3/4 2014)

Page 46: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY6

Self-Report and Mitigation Plan User Guides

The Self-Report and Mitigation Plan User Guides provide valuable information and insight on the process of assessing the risk of

noncompliance and developing mitigation.

Drafts are available at: www.nerc.com/pa/comp/Pages/Reliability-Assurance-Initiative.aspx

Page 47: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY7

Please send any questions or comments to:[email protected]

Page 48: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 5b MRC Informational Session April 9, 2014

Critical Infrastructure Protection (CIP) Version 5 Implementation Study

Action Information Background As part of the ongoing implementation study to support the transition to version 5 of the CIP Reliability Standards (CIP Version 5), NERC selected six Registered Entities to help identify transition issues and address industry concerns in the early phases of the implementation plan for CIP Version 5.1 In summary, the implementation study has three primary goals:

• The implementation study results would inform NERC’s compliance and enforcement direction during the transition period (in particular, assessing an entity’s compliance with CIP Version 3 while it is implementing CIP Version 5).

• The study would help determine which standards and requirements would be the most challenging to implement and anticipate problem areas for the industry in order to ease the transition process.

• Based on the Final Rule2 and resulting directives, NERC would provide guidance to help manage concerns regarding the “Identify, Assess and Correct” (IAC) language and any other changes directed by the Final Rule.

In Order No. 791, the Federal Energy Regulatory Commission (FERC) approved CIP Version 5, but directed NERC to develop modifications to address FERC’s concerns regarding the IAC language within one year of the effective date of the Final Rule.3 A standard drafting team has been convened to address this and other directives from Order No. 791. Currently, NERC is completing efforts to integrate compliance and enforcement processes and concepts relevant to the removal and/or modification of the IAC language through the Reliability Assurance Initiative (RAI). NERC understands that adoption of self-correcting language informed industry’s approval of the CIP Version 5 standards, insofar as IAC allowed for entities to demonstrate internal controls to correct issues effectively and swiftly. NERC’s compliance staff has been working closely with the standard drafting team to advise the team on development regarding RAI and how the RAI concepts will utilize the self-correcting aspects of IAC. In support of the drafting team, NERC has developed several compliance “storyboards” to demonstrate how RAI tools and methods will apply to noncompliance under CIP Version 5.

1 For additional information regarding the Implementation Study, see Informational Filing of the North American Electric Reliability Corporation Regarding the CIP Version 5 Reliability Standards Implementation Study, Dkt. No. RM13-5-000 (Oct. 11, 2013), available at http://www.nerc.com/pa/CI/tpimplementstudy/Informational%20Filing%20CIP%20Implementation%20Study.pdf. 2 Order No. 791, Version 5 Critical Infrastructure Protection Reliability Standards, Dkt. No. RM13-5-000 (Nov. 22, 2013) (“Final Rule” or “Order No. 791”). 3 Final Order at ¶¶ 67-76.

Page 49: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Lastly, staff from NERC and the Regional Entities are working to finalize a set of guidance communications that will guide the industry’s activities during the transition to CIP Version 5. These communications will include specific instructions on the methods that compliance and enforcement will use to provide flexibility to Registered Entities implementing CIP Version 5 during the transition period. Status As of April 2014, NERC, the Regional Entities, implementation study participants, and stakeholder observers have been working on the following activities in support of the stated goals:

1. Outreach and Training CIP Version 5 transition training was provided to industry and CIP auditors at the St. Louis Critical Infrastructure Protection Committee (CIPC) meeting on March 4, 2014. In addition, CIP Version 5 transition training was provided to Regional Entity auditors as part of the Auditor Workshop in Atlanta on March 5, 2014. The implementation study has progressed, and one implementation study participant completed its activities in March 2014. Close-out meetings are scheduled for the remaining five participants in the implementation study in the second quarter of 2014. Several Q&A topics and lessons learned deliverables have been posted to NERC’s website.4 Based on industry feedback, remaining lessons learned documents may include the following topics:

• Determination of Bulk Electric System (BES) Cyber Assets for Generation Facilities;

• Determination of BES Cyber Assets for Substations;

• “High-watermarking” Protected Cyber Assets;

• Remote Interactive Access Controls;

• Configuration Management; or

• The use of Virtualization and Virtual Local Area Networks.

2. Standard Drafting Team Support NERC’s Compliance and Enforcement staffs have engaged the standard drafting team to provide assistance and transparency with regard to the RAI development activities. Example scenarios have been presented to the standard drafting team to illustrate how self-corrective processes can be demonstrated and how Compliance Enforcement Authorities would evaluate noncompliance in the context of internal controls.

3. Transition Guidance NERC’s Compliance staff is developing an updated transition guidance document to address key topics to aid the industry’s transition to CIP Version 5. The core concept for the guidance document to address is how industry will implement CIP Version 5 requirements prior to the effective date so that those activities can be deemed acceptable for CIP Version 3 compliance during the transition period. To accompany this

4 http://www.nerc.com/pa/CI/Pages/Transition-Program-V5-Implementation-Study.aspx.

Page 50: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

guidance, the ERO will prepare a compatibility matrix that will explain in detail the specific CIP Version 5 requirements that will be considered compatible with CIP Version 3. The goal of providing this information is so Registered Entities can begin implementing CIP Version 5 in a timely manner so that they are well-prepared to meet the mandatory enforcement dates for CIP Version 5. In addition, the guidance will provide additional details and clarification to assist Registered Entities during the transition period. Examples include processes for addressing newly-identified BES cyber assets and clarifying the timing for meeting certain CIP Version 5 requirements.

Page 51: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Tobias Whitney, Manager, Critical Infrastructure Protection ComplianceMRC Informational SessionApril 9, 2014

Critical Infrastructure Protection Version 5 Implementation Study

Page 52: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY2

Purpose of the Transition Program

Address V3 to V5 transition issues.

Provide a clear roadmap for V5

steady-state.

Justify budget for V5 implementation and

compliance.

Foster communication and knowledge sharing.

Support all entities in the timely, effective, and efficient transition to CIP Version 5

Page 53: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY3

CIP V5 Transition Program Elements

•A new transition guidance will be provided in Q2

Periodic Guidance

•6 entities with strong compliance cultures•6-8 month implementation of V5 for certain facilities• Lessons learned throughout and after study phase

Implementation Study

• Integration with RAI• Identify means and method to address self-corrective processes and internal

controls

Compliance and Enforcement

•New website created for all Transition Program activity

Outreach and Communications

•Quarterly training opportunities will be provided to industry

Training

Page 54: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY4

V5 Compliance and Enforcement Steady State

• V5/RAI Key Program Elements (based on Evaluation Criteria) Risk Assessmento The Regional Entity will develop a transparent but customized compliance profile

based on the Registered Entity’s impact to the Grid.o The Risk Assessment will be shared with the Registered Entity so that they

understand how they will be monitored as part of the compliance profile.

Internal Controls Relianceo The Registered Entity will develop internal control practices that will be provided

and reviewed by the Regional Entity.o The Regional Entity will evaluate the level of the entities internal control

program to tailor compliance activities in conjunction with the Risk Assessment.

Aggregation of Non-Complianceo Based on the level of controls reliance and the Risk Assessment, Registered

Entities will be able to participate in the aggregation of non-compliance processes.

o Moderate and serious risk non-compliance shall require self-reporting.

Page 55: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY5

Transition Study: Lesson Learned

Substation BES Cyber Assets

Configuration Management

Virtualization Challenges

Generation BES Cyber Assets

Migration of TFE’s

Grouping of BES Cyber Assets

Page 56: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY6

Website Updates

Page 57: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY7

V5 – V3 Compatibility

Based on the results of the Transition Study, the ERO has learned that many entities’ CIP programs are already mostly compatible to Version 5.• Percentage of Version 3 procedures used in Version 5 CIP-003 – 90% CIP-004 – 80 to 90% CIP-005 – 85% CIP-006 – 85% (Review required for new Assets) CIP-007 – 80% CIP-008 – 95% CIP-009 – 90% (Review required for new Assets) CIP-010 – 50% (new to V5) CIP-011 – 50% (new to V5)

Page 58: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY8

Future Transition Guidance (In Progress)

For the Version 5 standards below, an entity can elect to implement the requirements that are mostly compatible (MC) with Version 3. Compliance to those standards will be considered valid Version 3 compliance actions. Requirements listed as N/A are not applicable to Version 3 compliance obligations.

CIP 002

• R1-MC• R2-MC

CIP 003

• R1-N/A• R2-MC• R3-MC• R4-MC

CIP 004

• R1-MC• R2-MC• R3-MC• R4-MC

Page 59: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY9

CIP V5 Revisions and RAI Timeline

Page 60: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY10

Page 61: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 5c MRC Informational Session April 9, 2014

Physical Security Standard Project

Action Information

Background On March 7, 2014, the Federal Energy Regulatory Commission (FERC) issued an order directing NERC to submit for approval, within 90 days of the order, one or more Reliability Standards to address physical security risks and vulnerabilities of critical facilities on the Bulk Power System (BPS).1 Summary In the order, FERC stated that the proposed standard(s) should require entities to take a least the following three steps:

• Perform a risk assessment to identify facilities that, if rendered inoperable or damaged, could result in instability, uncontrolled separation, or cascading failures on the BPS.

• Evaluate the potential threats and vulnerabilities to those identified facilities.

• Develop and implement a security plan designed to protect against physical attacks to those identified facilities based on the assessment of the potential threats and vulnerabilities to their physical security.

Additionally, FERC stated that the proposed standard(s) should also: (1) include a procedure that will ensure confidential treatment of sensitive or confidential information; (2) include a procedure for a third party to verify the list of identified facilities and allow the verifying entity, as well as FERC, to add or remove facilities from the list of critical facilities; and (3) require that the identification of the facilities, the assessment of the potential risks and vulnerabilities, and the security plans be periodically reevaluated and revised to ensure their continued effectiveness. The proposed physical security Reliability Standard(s) must be filed with FERC by June 5, 2014.

To develop proposed Reliability Standard(s) within the 90 days, NERC staff, working with the Standards Committee (SC), requested waivers of certain provisions of the Standard Processes Manual to allow, among other things, shortened comment and ballot periods. The SC approved those waivers on a March 21, 2014 conference call. The anticipated timeline for completing the project, with notations indicating use of waivers, follows:

1. March 21, 2014: Drafting team seated.

2. March 21, 2014: Standard Authorization Request posted for a seven calendar day informal comment period (shortened from 30 days by waiver).

1 Reliability Standards for Physical Security Measures, 146 FERC ¶ 61,166 (2014).

Page 62: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

3. April 1, 2014: NERC-sponsored technical conference in Atlanta for drafting team to present draft standard, and get stakeholder feedback.

4. Early April, 2014: Initial formal comment and ballot period, reduced by waiver from 45 days to 15 calendar days, with a ballot conducted during the last five days of the comment period. Form ballot pool in first 10 days. Also post draft Reliability Standard Audit Worksheet (RSAW).

5. May 5-15, 2014: Additional formal comment and ballot period, if necessary, reduced by waiver from 45 days to 10 calendar days, with ballot conducted during the last five days of the comment period. Also post revised draft RSAW.

6. May 26-30, 2014: Final ballot reduced by waiver from 10 days to five calendar days.

7. June 2, 2014: Adoption by NERC Board of Trustees.

8. June 5, 2014: File with FERC.

Note that dates are tentative and reflect best estimates given the short timeline to respond to the directives. They are subject to change based on the facts and circumstances related to standards development. Additional Information A link to the project history and files is included here for reference:

[Project 2014-04 Physical Security]

Page 63: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Physical Security Standard ProjectSteven Noess, Associate Director of Standards DevelopmentMRC Informational SessionApril 9, 2014

Page 64: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY2

• FERC order on physical security issued on March 7, 2014• Directs NERC to submit Reliability Standard(s) within 90 days to

address physical security risks and vulnerabilities (June 5, 2014) • Proposed Reliability Standard(s) require owners or operators to: Identify critical facilities on the Bulk Power System Evaluate threats on those facilities Implement plans to protect critical facilities against those threats

Summary

Page 65: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY3

• Waivers of the standards process approved by Standards Committee on March 21 Standard Authorization Request (SAR) posting reduced from 30 to 7 days Initial ballot posting reduced from 45 to 15 days Additional ballot postings, if necessary, reduced from 45 to 10 days Final ballot reduced from 10 to 5 days

• Standard drafting team appointed March 21• SAR posted March 21-28, 2014• NERC-led technical conference held on April 1, 2014 in Atlanta• Draft standard posted for comment and ballot

Key recent activities

Page 66: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY4

Action plan and milestones/tentative dates

• April 10-24, 2014: Posting of draft Reliability Standard/Reliability Standard Audit Worksheet (RSAW)

• April 15 and 17, 2014: Industry webinars• Early May 2014: Additional posting (if needed) • Mid/late May 2014: Five-day final ballot• Board of Trustees adoption following final ballot• No later than June 5, 2014: File with FERC

Page 67: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

RELIABILITY | ACCOUNTABILITY5

Page 68: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 5d MRC Informational Session April 9, 2014

2015 Business Plan and Budget Update and Stakeholder Input Tracking

Action Information Background On May 16, 2014, a consolidated posting of the first drafts of the 2015 NERC and Regional Entity Business Plans and Budgets (BP&Bs) will be available for a 45-day comment period. In the upcoming weeks, in advance of the formal posting of the first drafts, stakeholders will receive several updates on the development of NERC’s BP&B, Regional Entity coordination, key priorities and initiatives, as well as preliminary budget estimates. Last year in March 2013, the chair of the NERC Board of Trustees (Board), the president and chief executive officer of NERC, and the chair of the Member Representatives Committee (MRC) issued a joint letter highlighting the need and effort to continue to improve coordination among the Board, its committees, and the MRC, including quarterly updates on activities underway and consideration of stakeholder policy input that fosters informed decision-making. The goals and objectives in the ERO Enterprise Strategic Plan, 2014-2017 have been updated to specifically acknowledge this need and effort. An open conference call of NERC’s Corporate Governance and Human Resources Committee was held on March 20, 2014 and the final ERO Enterprise performance metrics for 2014 were approved. These metrics measure the progress in achieving the goals and objectives set forth in the strategic plan. Stakeholder comments provided during the February 2014 Board and committee meetings were considered in the development of these final metrics. A meeting with the MRC’s BP&B input group, the trade associations and the forums is scheduled for April 22, 2014 followed by a BP&B presentation during the May 6, 2014 MRC meeting in Philadelphia. Additionally, two open Finance and Audit Committee conference calls are planned for May 21, 2014 and July 17, 2014 and will provide an opportunity for public input on the development of the NERC and Regional Entity 2015 BP&Bs. Each of the Regional Entities also has a process to obtain direct stakeholder input on their BP&Bs and stakeholders are encouraged to participate in those forums. Stakeholder Comment Tracking As part of the 2015 BP&B development process and consistent with past practice, NERC will continue to track and consider stakeholder suggestions and recommendations on specific aspects of the BP&B, as well as through ongoing policy input requests from the Board. NERC management will discuss the current process for tracking suggestions and recommendations related to the strategic and business planning efforts of the ERO Enterprise.

Page 69: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

2014 Stakeholder Input Matrix

ERO Enterprise Strategic Plan, 2014-2017 Goal 5: Improve transparency, consistency, quality, and timeliness of results; operate as a collaborative enterprise; and improve efficiencies and cost-effectiveness.

5a - The ERO acts in a coordinated and collaborative manner with stakeholders. • Maintain a list of suggestions and recommendations made by stakeholders (e.g., through policy input) and ERO responses to each.

Strategic and Business Planning Input Entity / Stakeholder (Date)

Stakeholder Comment (Abridged version)

Action/Response and Notes

CEA (Jan 2014)

Goal 4: Determine if there can be a deliverable to identify and develop a suite of tools to address reliability issues (as alternatives to standards).

Under consideration by NERC management and referred to RISC and standing committees for input.

Goal 5: Recognize the obligations to all applicable governmental authorities and modify to indicate “all applicable authorities”.

Agreed. Processes are in place to coordinate with both US and Canadian government authorities.

EEI (Jan 2014)

Include a strategic internal management goal with clear accountability of goals and objectives, deliverables and meaningful metrics.

Already in place with integration of NERC metrics to NERC performance management system.

Map existing program area plans and processes to strategic plan. Specifically, how NERC’s plan complements or conflicts with the standards development work plan or the RISC’s proposal to address reliability issues.

NERC’s priorities for the standards review process are addressed on an ongoing basis and reflected in the Reliability Standards Development Plan developed in collaboration with the Standards Committee. RISC coordination is ongoing in 2014 and will be reflected in plans for 2015.

Align various metrics with goals and deliverables. • Set clear and measurable metrics for regulatory outreach and advocacy.

Regulatory outreach and advocacy are embedded in our normal work processes and aligned with key initiatives. Consideration to specific metrics for this area will be given for future years.

SM-TDUs (Jan 2014)

Define measures by which the Regional Entities and NERC will evaluate entity risk (as part of RAI).

Will be addressed in the ongoing implementation and development of RAI.

NRECA (Jan 2014)

Recommend replacing BPS with BES throughout the plan Adopted. NERC updated the Board approved (Feb 6) Strategic Plan replacing BPS throughout.

Goal 1: Include the SC role and focus on retiring standards and requirements that are not needed to support BES reliability.

The Standards Committee’s role in the standards review process will be addressed as part of developing the long term quality review process.

Goal 2: Include deliverable to add a deregistration process for currently registered entities that have a change. Also add a deliverable that requires development of a single document/resource that describes RAI.

Adopted. NERC updated the Board approved (Feb 6) Strategic Plan adding deregistration.

Goal 4: Add SC responsibilities. Standards Committee’s responsibilities in the standards development process will be addressed on an ongoing basis.

EPSA (Jan 2014)

Combine metric 1 and 2. These metrics seem interrelated as to not represent two different metrics to score and evaluate.

Not adopted. Metric 1 measures the effectiveness of the ERO Enterprise to influence reliability overall as measured by the frequency and severity of events. Metric 2 focuses on conducting analysis of severe events to assess

1 03.2014

Page 70: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

2014 Stakeholder Input Matrix

whether there are gaps in reliability standards as currently in force or compliance monitoring on the part on the ERO. Both metrics are focused on accountability of the ERO Enterprise to influence reliability and reduce the occurrence of severe events.

ELCON (Jan 2014)

Encourage specific metrics to allow the measurement of: • Maintain a list of suggestions made by stakeholders and ERO responses • Engage expertise of stakeholders in reliability initiatives • Implement collaborative governance (ERO and Regions) bound by

consensus

• This list addresses first bullet. • Not appropriate for a “metric”, but we agree conceptually. • Not appropriate for a “metric”, but that governance exists in the

form of the ERO EMG, which is comprised of the CEOs of all nine entities.

Standards Committee, Brian Murphy (Jan 2014)

Goal 1: Revise to align with the RSDP and SC’s work plan (refer to policy input attachment)

Adopted.

NPCC (Jan 2014)

Recommends the implementation of the registration framework and criteria be advanced to 2015 to better align with the implementation of the BES definition.

To be considered during the registration initiative project and will be reflected in the development of the 2015 BP&B if time permits.

SERC (Jan 2014)

Encourages ERO Enterprise to conduct a clean slate review of the strategic plan’s content with a particular focus beyond the current 3 year horizon.

To be discussed with ERO EMG.

MRC BP&B Input Group (Jan 2014)

Add important MRC meeting and conference call dates to BP&B schedule.

NERC staff updated BP&B schedule prior to the Jan 30 Finance and Audit Committee meeting to reflect this input.

EEI (Jan 2014)

Describe/ address budget and cost management, coordination among the core operational areas and duplicative activities among the Regions. • Consider cost-benefit analysis, similar to Standards, to help inform decision-

making and determine priorities for limited resources.

To be considered by NERC management in the development of the 2015 BP&B.

Sector 4 (Jan 2014)

Consider cost impacts to industry. There are mounting pressures to manage costs and minimize rate impacts to customers. NERC must ensure resources are spent appropriately.

To be considered by NERC management in the development of the 2015 BP&B.

ELCON (Jan 2014)

Specific “IT solution” benefits to Registered Entities should be quantified through cost savings in dollars. Strongly encourages restraint in the amount that will be proposed and recommends keeping the amount level if not reduced.

To be considered by NERC management in the development of the 2015 BP&B.

NPCC (Jan 2014)

Identify “benefits” associated with standards to provide more information surrounding standards’ costs vs. benefits.

Efforts are underway to consider cost benefit in the standards development process.

2 03.2014

Page 71: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

2014 Stakeholder Input Matrix

Texas RE (Jan 2014)

Requests there be additional clarity and transparency regarding amounts that the Regional Entities will be expected to expend to support specific enterprise efforts. • If particular ERO-level projects are required the amounts should be

identified and incorporated into the Regional Entities’ budgets.

Addressed through the coordination and development of the NERC and Regional Entities BP&Bs.

SERC (Jan 2014)

Resource needs and budgets should reflect the stable nature of the enterprise. Effectiveness parameters, including cost, should be established for ERO activities.

Addressed through the coordination and development of the NERC and Regional Entities BP&Bs.

RISC (Jan 2014)

Encourages the inclusion of more explicit focus on reliability risk management and RISC’s priority recommendations in the BP&B.

RISC intends to produce its next recommendations in February 2015 for the 2016 BP&B.

Other Input - Related to ERO Enterprise Activities and Priorities Entity / Stakeholder (Date)

Stakeholder Comment (Abridged version)

Action/Response and Notes

CEA (Jan 2014)

Requests that NERC present # of new or modified standards to NERC BOT for approval.

Addressed in the standards development plan.

Examine where efficiencies can be gained and where resources can be better focused on core reliability priorities. • Focus on registration criteria for PSEs.

The registration initiative will address criteria for entities such as PSEs. Efficiency opportunities will be addressed through the coordination and development of the NERC and Regional Entities BP&Bs.

EEI (Jan 2014)

Fully implement the RAI before the implementation date of CIP v5, ensure the completion of regional pilots by mid-2014, and address compliance process issues and expectations for entities operating in multiple regions.

RAI compliance pilots are complete and the enforcement pilots will be complete in April. RAI final compliance design will be complete in Q3 2014. Integration with CIP v5 implementation is being planned.

SM-TDUs (Jan 2014)

Afford RAI as the highest priority since it is relied upon in standards development.

RAI is one of the highest priorities this year.

NRECA (Jan 2014)

Consider the challenges of too many initiatives in play at any one time and focus on doing less, better.

Agree conceptually and will continue to work with stakeholders to pace initiatives.

Develop a revised Statement Compliance Registry Criteria (SCRC) and other needed ROP modifications for BOT approval at its November 2014 meeting. • Develop a project plan with timelines and milestones.

Will be taken under consideration as part of the registration initiative this year.

IRC ISO/RTO (Jan 2014)

Consider developing a structured approach and metrics for exploring and applying alternative approaches to standards • Work with the RISC on an approach that expands on the suite of tools.

Under consideration by NERC management and referred to RISC and standing committees for input.

ELCON (Jan 2014)

Risk-based approach is not fully defined yet and needs to be encoded in priorities such as enforcement principles related to CIP v5 requirements.

RAI implementation will take into consideration, including the CIP v5 implementation.

NPCC (Jan 2014)

Recommends prioritization be given to the development of a secure portal to enable confidential sharing of post-event report.

The portal is in place as is the process for vetting and gaining permission from entities.

3 03.2014

Page 72: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

2014 Stakeholder Input Matrix

Limit any risk project related to resource adequacy assessments of the reliability impacts of planned resource capacity and projected reserve margins.

That is the intent of that RISC identified project. Resource adequacy was not selected as a major 2014 risk project for the ERO Enterprise. Will be considered in future updates to the risk projects.

MRO (Jan 2014)

Continue risk-based work in the RAI and incorporate risk based concepts across all programs. The work being done in the RAI and through the implementation of the BES definition addresses how risk is to be considered in scoping the ERO’s work.

Agreed.

SERC (Jan 2014)

Encourages further coordination of processes and timelines for “feeder” activities which are significant inputs into the business planning processes (RISC, LTRA, etc.).

Will be addressed in ongoing improvement to BP&B process between NERC and the Regional Entities.

4 03.2014

Page 73: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 5e MRC Informational Session April 9, 2014

Operating Personnel Communication Protocols Standard Development Update

Action Information

Background On December 11, 2013, in order to meet the NERC Board of Trustees (Board) requested deadline, the NERC Standards Committee authorized a waiver of the standard development process, in accordance with Section 16 of the Standard Processes Manual, to shorten an additional comment period for COM-002-4 – Operating Personnel Communications Protocols from 45 days to 30 days with a ballot during the last 10 days of the comment period. On January 2, 2014, the Operating Personnel Communication Protocols standard drafting team (OPCP SDT) posted draft 8 of COM-002-4 for a 30-day comment and ballot period. The ballot of COM-002-4, which ended on February 4, 2014, achieved 71.86 percent weighted segment approval. The OPCP SDT considered the comments received during the comment period ending on February 4, 2014. No substantive changes were made between the ballot ending on February 4, 2014 and the final ballot. However, additional language was added to R4.1 in order to more appropriately convey the intent of the drafting team. Additionally, the word “initial” was added to Measure 4 in order to align the language in the measure with the language of the requirement. Next Steps The standard will be posted for final ballot in early April and presented to the Board in May 2014. Additional Information A link to the project history and files is included here for reference:

[Project 2007-02 Project Page]

Page 74: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 5f MRC Informational Session April 9, 2014

Definition of Bulk Electric System Update

Action Information Background On December 13, 2013, NERC filed a petition for approval of revisions to the definition of the Bulk Electric System (BES) resulting from Order Nos. 773 and 773-A, and requested expedited Federal Energy Regulatory Commission (FERC) action to support implementation beginning on July 1, 2014. The revisions to the BES definition encompasses all elements and facilities necessary to the reliable operation and planning of the interconnected transmission network. On March 20, 2014, FERC issued an order approving the revised definition in response to NERC’s petition, which supported the rationale for the revisions, and endorsed the effective date for the revised definition beginning July 1, 2014. In this order, FERC declined to accept certain parties’ comments regarding suggested modifications to certain exclusions for radial systems, to certain inclusions for dispersed power producing resources, and regarding the request for expedited action. Accordingly, this provides the final approval needed to begin the full implementation efforts, including communications, training, and implementation of respective processes. The Electric Reliability Organization (ERO) enterprise implementation of the revised definition involves processes developed by NERC and the Regional Entities to determine inclusions and exclusions to the definition, and an enterprise-wide application to support that process, called the BES Notifications and Exceptions tool (BESnet). The ERO developed processes and the tool to provide a uniform, clear way of determining asset inclusions, exclusions and self-determinations under the revised BES definition. These provide a consistent way to identify assets and manage workflow, which will ultimately enhance the reliability of the Bulk Power System. Reference documents and training continue to be developed and updated to assist industry with the transition. These materials and the schedules for training/webinars can be found on the BES web page. NERC and the Regional Entities strongly encourage Registered Entities to use these resources and the training opportunities, as well as contact their respective Regional Entity or NERC staff for further information.

Page 75: Agenda Member Representatives Committee Pre-Meeting ... highlights nad... · RSAW revision process Risk-Based registration assessment Potential alternative funding mechanism to support

Agenda Item 5g MRC Informational Session April 9, 2014

ERO Enterprise Operating Model

Action Information Background The ERO Enterprise Operating Model was jointly drafted by NERC and the Regional Entities (ERO Enterprise) to outline how the ERO Enterprise can achieve excellence in the oversight and execution of statutory functions by collaborating and working together to achieve the common goal of mitigating reliability risks. The paper identifies key goals that must be met in order to implement effective, coordinated operations across the ERO Enterprise. Additionally, the paper identifies changes that need to occur to achieve a successful end state, including:

• Refining roles and responsibilities

• Coordinating strategic planning

• Coordinating operational decision-making

• Achieving consistency

• Sharing tools and infrastructure for delegated functions

• Coordinating communications

The ERO Executive Management Group will use the actions and principles set forth in the paper to guide the implementation of the more fully integrated ERO Enterprise described in the paper.


Recommended