116-390 Village Blvd. Princeton, NJ 08540
609.452.8060 | www.nerc.com
1
Minutes Member Representatives Committee July 29, 2008 | 1:30–5:30 p.m. Hyatt Regency 1255 Jeanne-Mance Street Montréal, Québec 514-982-1234
Member Representatives Committee Chairman Steve Hickok called to order a duly noticed meeting of the North American Electric Reliability Corporation Member Representatives Committee on July 29, 2008 at 1:30 p.m., local time, and a quorum was declared present. The meeting announcement, agenda, and list of attendees are attached as Exhibits A, B, and C, respectively. NERC Antitrust Compliance Guidelines David Cook, vice president, general counsel, and director of regulatory services, called attention to the NERC Antitrust Compliance Guidelines distributed with the agenda. Minutes The Member Representatives Committee approved the draft minutes of the May 6, 2008 meeting and the June 30, 2008 conference call (Exhibits D and E, respectively).
Future Meetings The Member Representatives Committee approved August 4, 2009 in Winnipeg, Manitoba, Canada as a future meeting date and location. Introductions and Chairman’s Remarks Steve Hickok welcomed all to the meeting and introduced the proxies. He opened by stating the members of the MRC wanted time in this session to respond to the July 7, 2008 letter by Rick Sergel on cyber security and critical infrastructure protection (CIP). To make time for this discussion, the time slotted for Agenda Item 7, the 2009 NERC Business Plan and Budget, would be used. Mr. Hickok noted that ample opportunity had been given for discussion of the budget during prior workshops and meetings of both the Finance and Audit Committee and the MRC, but that he would briefly accommodate any last budget comments before moving on to discuss the cyber letter and its related issues. Mr. Hickok also announced that the two parts of Agenda Item 6 — Reliability Assessments and the Adequacy of Resources, and NERC-FERC-Provinces Relationships
MRC Meeting Minutes July 29, 2008
2
— would be appended to Agenda Items 4 and 5, respectively, to provide for a smoother discussion. Amendments to NERC Bylaws Chairman Hickok called on David Cook to discuss the proposed amendments to the NERC Bylaws (Exhibit F) to be considered at the Board of Trustees meeting on July 30, 2008. Mr. Cook explained the proposed amendments to the NERC Bylaws contain two substantive provisions and several technical and conforming amendments, and that the bylaws require that amendments to the bylaws be approved by a majority vote of both the Board of Trustees and the Member Representatives Committee in respective meetings at which a quorum is present. In the first provision, NERC proposes to provide a newly elected trustee a short period of time after being elected to resolve any conflicts of interest. The proposed amendment to the bylaws would provide 10 days to resign from any conflicting employment or director positions and 60 days to resolve any financial conflicts. In the meantime, the newly elected trustee would recuse himself or herself from any particular matter involving the source of the conflict. Mr. Cook noted that he has discussed the issue informally with FERC staff, and they do not see this as a problem, so long as the period is short and the trustee recuses in the meantime. The second substantive amendment addresses the method for selecting one or more additional Canadians for the Member Representatives Committee should that become necessary. Mr. Cook explained that certain members of the MRC have expressed a concern that the current method of selecting the additional Canadian may not prove satisfactory in the future. The proposed amendment would level the playing field between large and small sectors by substituting “highest fraction of the sector vote” for “highest vote total” in Article VIII, Section 4. The technical amendments included the proposal to delete the definition of “regional reliability organization” from the bylaws as well as the many references to “regional reliability organization,” leaving “regional entity” as the term of reference, and to insert the word “original” in the second sentence of subparagraph b. of Section 3 and change the verb tense to match in order to make the sentence accurate for historical purposes.
On motion by Mr. Ed Tymofichuk, the committee approved the amendments to the bylaws. 2008 Long-Term Reliability Assessment
William Bojorquez, Chair of the Reliability Assessment Subcommittee (RAS), gave a presentation on the schedule for the Long-Term Reliability Assessment (LTRA) (Exhibit G) and called attention to the 2nd annual workshop, scheduled the next day, for the purpose of sharing the initial findings and emerging issues covered in the report as well as asking for feedback regarding the 2008 rollout of the report or future LTRAs.
MRC Meeting Minutes July 29, 2008
3
Chairman Hickok then led a related discussion of the desired future state of NERC’s assessments of resource adequacy and operational reliability – the first part of Agenda Item 6 (Follow Up to February 11, 2008 Discussion of NERC Priorities and Emphasis). Status of Efforts in Canada David Cook began his report on the status of efforts in Canada by introducing Ric Cameron, Canadian affairs representative. Mr. Cameron joined NERC in 2007 with 35 years experience in the Public Service of Canada. He was the senior vice president of the Canadian International Development Agency supporting the federal and Canadian interests in international development in a variety of domestic and international fora. Ric was also the assistant deputy minister of the energy sector for Natural Resources Canada. Mr. Cook read an overview of the jurisdiction of the provinces and Canadian government, and then proceeded to give a presentation on the Canadian efforts (Exhibit H). Chairman Hickok then led a discussion of the desired future state of the NERC-FERC-Provincial Relationships in reliability standard setting, compliance monitoring and enforcement (the second part of Agenda Item 6 — Follow Up to February 11, 2008 Discussion of NERC Priorities and Emphasis). Discussion included the reality of current cross-border events as well as the potential for future events and the need for protocols and mechanisms being put in place for the purpose of information sharing. 2009 NERC Business Plan and Budget Bruce Walenczyk, chief financial officer, reported very briefly on the 2009 NERC Business Plan and Budget stating only that the next step is to commence with filing of the budget along with the Regional Entities budgets, on August 22, 2008. He closed by adding the Finance and Audit Committee and the BOT have been asked to approve the final version. Chairman Hickok then moved the discussion to the subject of NERC Critical Infrastructure Protection Strategic Direction and Capability, referencing the background material for the trustees’ scheduled discussion the next day of their BOT agenda item 11. He called on the MRC members for comments, observations, or concerns in relation to the cyber security and CIP initiatives outlined in Rick Sergel’s letter dated July 7, 2008 (Exhibit I). Discussion followed regarding the timing of the letter in relation to the formation of the Electricity Sector Steering Group, the role of the chief security officer position, NERC’s relationship with Congress, and FERC’s request for additional authority in wake of the Aurora demonstration. Proposed Changes to NERC Rules of Procedure Section 500 Lucius Burris, Chair of the Organization Certification and Registration Subcommittee (OCRS), presented a summary of the subcommittee’s work and revisions to the NERC Rules of Procedure currently posted for comment (Exhibit J).
MRC Meeting Minutes July 29, 2008
4
Events Analysis & Information Exchange Chairman Hickok requested that this item be moved to the Board of Trustees meeting agenda the next day. Structure of MRC-BOT Interaction Chairman Hickok reported that he, Vice-Chairman Naumann, BOT Chairman Richard Drouin, NERC CEO Rick Sergel, and NERC EVP David Whiteley met in Chicago on June 25th, 2008 to discuss the way in which the BOT and MRC interact and possible ways to improve that interaction by restructuring meetings of the two groups and the Board’s committees. Suggested possible improvements include moving more routine business to conference-call meetings, and reserving more face-to-face time for discussions that are best served by that interaction. One possible structure for the quarterly meetings is as follows:
Beginning at noon on the first day, present information-only items with attendance of MRC members and trustees being optional.
In the early afternoon of the first day, the MRC meets with the BOT in attendance for:
1. Action items (where a vote is required) 2. Discussion of matters that will be before the BOT eventually and that they
will vote on 3. MRC advice to the trustees on NERC policy and operations
Late afternoon of first day, hold BOT committee meetings that need MRC attendance and participation
On the morning of the second day, regular meeting of the BOT with the MRC in attendance; taking action in areas where extensive discussion is required.
Update on Regulatory Matters Chairman Hickok noted this as information only (Exhibit K). Upcoming Issues for Member Representatives Committee Chairman Hickok forecast some of the items to be handled in the next quarterly meeting, including:
MRC officer elections will occur at the October 28, 2008 meeting in Arlington, Virginia. The nominating period will open and close between now and then.
Sector Elections of Representatives to the MRC for one of two seats from each sector will occur after the October 28 meeting. The nominating period will open prior to that meeting and will close shortly after that meeting which includes the MRC officer elections.
Other Business Tom Abrams, Chairman of the Compliance and Certification Committee (CCC) reported that the CCC has been working on several program documents which serve as the platform for the CCC’s monitoring program and address the CCC charter mission
MRC Meeting Minutes July 29, 2008
5
statement. In addition, they have developed program documents outlining processes related to the Rules of Procedure. Ed Tymofichuk extended his personal invitation to the trustees, staff and the MRC for their visit to Winnipeg, the site of the August 2009 quarterly meetings, and showed a video of Winnipeg’s attractions. Comments by Observers Chairman Hickok introduced and welcomed new Observer, Pierre Guimont of the Canadian Electricity Association, and then opened the floor to comments by other Observers. Jim Fama (Edison Electric Institute), regarding Rick Sergel’s letter on cyber security and CIP, stated that NERC is going in the right direction and asked the BOT to look at the two pieces of legislation currently before the House and Senate as underscoring the importance of NERC leadership in cyber security and CIP and the importance of the ESSG. David Mohre (National Rural Electric Cooperatives Association) supported Jim Fama’s observation. Adjournment There being no further business, Chairman Hickok adjourned the meeting at 5:30 p.m. Submitted by,
David Whiteley Secretary
116-390 Village Blvd. Princeton, NJ 08540
609.452.8060 | www.nerc.com
1
Antitrust Compliance Guidelines
I. General
It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant and employee who may in any way affect NERC’s compliance with the antitrust laws to carry out this commitment. Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another. The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC’s antitrust compliance policy is implicated in any situation should consult NERC’s General Counsel immediately.
II. Prohibited Activities
Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions):
• Discussions involving pricing information, especially margin (profit) and internal cost information and participants’ expectations as to their future prices or internal costs.
• Discussions of a participant’s marketing strategies.
• Discussions regarding how customers and geographical areas are to be divided among competitors.
Antitrust Compliance Guidelines 2
• Discussions concerning the exclusion of competitors from markets.
• Discussions concerning boycotting or group refusals to deal with competitors, vendors or suppliers.
• Any other matters that do not clearly fall within these guidelines should be reviewed with NERC’s General Counsel before being discussed.
III. Activities That Are Permitted
From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition. Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system. If you do not have a legitimate purpose consistent with this objective for discussing a matter, please refrain from discussing the matter during NERC meetings and in other NERC-related communications. You should also ensure that NERC procedures, including those set forth in NERC’s Certificate of Incorporation, Bylaws, and Rules of Procedure are followed in conducting NERC business. In addition, all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup, as well as within the scope of the published agenda for the meeting. No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants. In particular, decisions with respect to setting, revising, or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations. Subject to the foregoing restrictions, participants in NERC activities may discuss:
• Reliability matters relating to the bulk power system, including operation and planning matters such as establishing or revising reliability standards, special operating procedures, operating transfer capabilities, and plans for new facilities.
• Matters relating to the impact of reliability standards for the bulk power system on electricity markets, and the impact of electricity market operations on the reliability of the bulk power system.
• Proposed filings or other communications with state or federal regulatory authorities or other governmental entities.
• Matters relating to the internal governance, management and operation of NERC, such as nominations for vacant committee positions, budgeting and assessments, and employment matters; and procedural matters such as planning and scheduling meetings.
Please respond by July 7, 2008 to Lori Chances
[email protected]; 609-452-9550 (F)
116-390 Village Blvd. Princeton, NJ 08540 609.452.8060 | www.nerc.com
June 9, 2008
TO: MEMBER REPRESENTATIVES COMMITTEE
Ladies and Gentlemen:
Member Representatives Committee and Board of Trustees Meetings Announcement and Registration
July 29–30, 2008 Montréal, Québec, Canada
The next NERC Member Representatives Committee and Board of Trustees meetings will be held on July 29–30, 2008 at the Hyatt Regency, 1255 Jeanne-Mance Street, Montréal, Québec, Canada (514-982-1234). The hotel is approximately 30 minutes from the Elliott Trudeau International Airport. Taxis cost a flat rate of $35 CAD.
To make your room reservation, call the hotel directly 514-982-1234. The room block is listed under NERC, and the rate is $195 CAD single/double occupancy. The hotel has set Monday, July 7, 2008 as the cut-off for room reservations. To register for the meetings, fill out the form below and e-mail or fax the completed form to Lori Chances ([email protected] or 609-452-9550).
July 29, 2008 Yes No Board of Trustees Committee Meetings 7:30 a.m.1 p.m. Buffet Lunch 1–1:30 p.m. Member Representatives Committee Meeting 1:305:30 p.m. Group Reception and Dinner 6–9 p.m.
July 30, 2008 Board of Trustees Meeting 8 a.m.–1 p.m.
Dinner Selections Beef Filet mignon with demi glace, mushroom compote, and pommes dauphinoise Fish Seared Salmon on roasted asparagus with saffron cream and mashed potatoes
Self: Beef Fish Guest: Beef Fish
Dress is business casual for all meetings and the reception and dinner.
Name:
Title:
Company:
Email:
Telephone:
Name of Guest:
cc: NERC Roster Meeting Guests
Exhibit A
116-390 Village Blvd. Princeton, NJ 08540
609.452.8060 | www.nerc.com
Agenda Member Representatives Committee July 29, 2008 | 12:30–5 p.m. Hyatt Regency 1255 Jeanne-Mance Street Montréal, Québec 514-982-1234
Introductions and Chairman’s Remarks Antitrust Compliance Guidelines 1. Minutes
May 6, 2008 MeetingJune 30, 2008 Conference Call
*2. Future Meetings
Regular Agenda
*3. Amendments to NERC Bylaws — Approve *4. 2008 Long-Term Reliability Assessment — Discussion
*5. Status of Efforts in Canada — Discussion *6. Follow Up to February 11, 2008 Discussion of NERC Priorities and Emphasis
— Discussion 7. 2009 NERC Business Plan and Budget — Discussion *8. Proposed Changes to NERC Rules of Procedure Section 500 and Appendix 5
— Discussion *9. Events Analysis & Information Exchange — Discussion 10. Structure of MRC-BOT Interaction — Discussion
Exhibit B
MRC Meeting Agenda July 29, 2008
2
*11. Update on Regulatory Matters — Information 12. Upcoming Issues for MRC — Information a. MRC Officer Elections b. Sector Elections of Representatives to the MRC 13. Other Business 14. Comments by Observers Information Only — No Meeting Time Intended
*15. Situational Awareness and Infrastructure Security *16. Training, Education, and Personnel Certification
*17. Reliability Readiness and Benchmarking
*Background material included
List of Attendees
Member Representatives Committee Meeting July 29, 2008
Member Representatives Committee
Chairman Steve Hickok Vice Chairman Steven Naumann Investor-owned Scott Moore State/Municipal Timothy Arlt Cooperative Utility Michael H. Core Cooperative Utility Michael L. Smith Federal/Provincial Ed Tymofichuk Transmission Dependent William Gallagher Merchant Electricity William J. Taylor Merchant Electricity Scott Helyer Electricity Marketer Murray Margolis Large End-use Electricity Customer John Anderson Large End-use Electricity Customer Irwin Kowenski Independent System Operator/Regional Transmission Organization William Bojorquez Independent System Operator/Regional Transmission Organization Paul Murphy Regional Reliability Organization Jim Keller Regional Reliability Organization Terry Bundy Regional Reliability Organization Dave Goulding Regional Reliability Organization Terry Blackwell Regional Reliability Organization Michael Desselle Canadian Provincial Jean-Paul Theoret Canadian Federal Tab Gangopadhyay U.S. Federal Joseph McClelland PROXY for Maureen Borkowski
Board of Trustees
Chairman Richard Drouin
John Q. Anderson
Paul Barber
Tom Berry
Janice Case
Fred Gorbet
Exhibit C
1
List of Attendees 2 Member Representatives Committee Meeting May 2008
Board of Trustees
James M. Goodrich
Ken Peterson
Bruce A. Scherr
Rick Sergel
Regional Managers
ERCOT Larry Grim
FRCC Sarah Rogers
MRO Daniel P. Skaar
NPCC Edward A. Schwerdt
ReliabilityFirst Tim Gallagher
SERC Gerry Cauley
WECC Louise McCarren
Guests
Xcel Energy Alice Druffel
SPP Alison Hayes
ICF International/NASPI Alison Silverstein
APPA Allen Mosher
EPRI Arshad Mansoor
NRECA Barry Lawson
Southern Company Bill Ivez
NERC Bob Cummings
NERC Bruce Walenczyk
NASUCA Charles A. Acquard
NARUC Charles D. Gray
Georgia System Operations Clay Smith
NERC Dave Nevius
EEI David Dworzak
NERC David Hilt
NRECA David L. Mohre
NERC David N. Cook
NERC David Whiteley
Entergy Services Ed Davis
Canadian Electricity Association Eli Turk
Regie De L’Energie Francois Wong
OC Chairman Gayle Mayo
List of Attendees 3 Member Representatives Committee Meeting May 2008
NERC Gerry Adamski
Regie De L’Energie Gilbert Neveu
SERC Reliability Corp Herb Schrayshuen
Regie De L’Energie Isabelle Lariviere
EPSA Jack Cashin
PCGC Vice Chairman Jacob Burger
CEATI International Jacob Roiz
Northwest Utilities James Muntz
PCGC Chairman James W. Ford
Midwest ISO Jason Marshall
NPCC Jennifer Mattiello
EEI Jim Fama
ICF International/NASPI Jimmy Glotfelty
OC Vice Chairman John S. Holeman
American Transmission Company Jose Delgado
NERC Julie Morgan
NERC Karen Spolar
ReliabilityFirst Corp. Larry Bugh
Xcel Energy Leo Ganser
FRCC Linda Campbell
NERC Lori Chances
Dominion Lou Oberski
Southern Company Lucius Burris
Competitive Power Ventures Mark Bennett
NERC Mark Lauby
ISO New England Matthew Goldberg
ICF International/NASPI Paul Schomburg
Canadian Electricity Association Pierre Guimond
NERC Ric Cameron
Pepco Holdings, Inc. Richard Kafka
CIPC Vice Chairman Robert Canada
FERC Roger Morie
National Grid Sarah Steitz
Duke Energy Scott Henry
EPRI Stephen Lee
WECC Steve McCoy
Hydro Quebec TransEnergie Sylvain Clermont
List of Attendees 4 Member Representatives Committee Meeting May 2008
CCC Chairman Ted Hobson
PC Vice Chairman Thomas Burgess
SCPSA Tom Abrams
PJM Tom Bowe
116-390 Village Blvd. Princeton, NJ 08540
609.452.8060 | www.nerc.com
1
Minutes Member Representatives Committee May 6, 2008 | 1–5 p.m. JW Marriott Orlando Grande Lakes 4040 Central Florida Parkway Orlando, Florida 407-206-2300
Member Representatives Committee Chair Steve Hickok called to order a duly noticed meeting of the North American Electric Reliability Corporation Member Representatives Committee on May 6, 2008 at 1 p.m., local time, and a quorum was declared present. The meeting announcement, agenda, and list of attendees are attached as Exhibits A, B, and C, respectively. NERC Antitrust Compliance Guidelines David Cook, vice president and general counsel, called attention to the NERC Antitrust Compliance Guidelines distributed with the agenda. Minutes The Member Representatives Committee approved the draft minutes of the February 11, 2008 meeting (Exhibit D).
Future Meetings The Member Representatives Committee approved May 5, 2009 in Washington, D.C. as a future meeting date and location, and changed the February 9, 2009 meeting location from San Diego, California to Phoenix, Arizona. Introductions and Chairman’s Remarks Steve Hickok welcomed and introduced the new members on the MRC:
Sector 2: State/Municipal — Timothy Arlt — Nebraska Public Power District Sector 4: Federal/Provincial — Julius Pataky — British Columbia Transmission
Corporation Sector 12: State Government — Steve Oxley — Wyoming Public Service
Commission
MRC Meeting Minutes May 6, 2008
2
Elections Chairman Hickok noted the certification of election of members of the MRC in the agenda packet. Further, he noted vacancies still exist in sector 7 of the MRC. NERC will conduct a special election to fill the vacancies between now and the July meeting in Montreal. Situation Awareness and Infrastructure Security David Whiteley, executive vice president, gave an update on the ESISAC Task Force Report (Exhibit E). The task force discussed the core principles, purposes, and functions of ESISAC and the Electricity Sector Coordinating Council (ESCC), as well as the resources required to fulfill their functions and their capabilities and roles going forward. The task force determined NERC should continue its existing role, as it fits the core of the principles and functions. The task force also determined it is appropriate for NERC’s role in the ESISAC to be subject to a periodic review as the scope of operations may need to change. The task force recommended that, while the existing role of the ESCC is appropriate for directing the operation of the ESISAC, there would be a benefit to adding an executive level group to provide additional guidance. That executive level group would be the Electricity Sector Steering Group (ESSG), comprised of the following seven members: one member from the NERC Board of Trustees, the NERC CEO, and five CEO-level executives named by the NERC MRC. Cyber Security Industry Notification System Stan Johnson, manager of situation awareness and infrastructure security, provided an update on the Cyber Security Industry Notification System (Exhibit F). He explained the ESISAC alert list will be built from the compliance registry and will be augmented as the industry sends NERC the names of people they want notified in the event of an ESISAC alert. Rick Sergel emphasized that the alerts will be developed using the approved alert process , be very clearly marked as an alert, and are not reliability standards. Phasor Project Stan Johnson also presented a report on the Phasor Project (Exhibit G). The Phasor Project, now known as North American SychroPhasor Initiative (NASPI), is in a transition phase for its leadership and funding. During its two-year development, technology has been funded jointly by the electricity sector and the government, primarily the United States Department of Energy. Now the project is moving into an initial operations phase and will require a different funding mechanism. The initial draft NERC 2009 Budget includes funding for this initial operations phase.
MRC Meeting Minutes May 6, 2008
3
Revisions to Amended and Restated Regional Delegation Agreements David Cook, vice president, general counsel, and director of regulatory services, gave an update on the Amended Regional Delegation Agreements (Exhibit H). On March 21, 2008 FERC approved the amended and restated regional delegation agreements and a revised Compliance Monitoring and Enforcement Program that NERC and the eight regional entities had filed in October 2007. That filing was in compliance with FERC’s April 19, 2007 order conditionally approving the original delegation agreements (122 FERC ¶ 61,245 (2008), the “March 21 Order”). NERC’s further compliance filing from the March 21 order is due July 21, 2008. Update on Regulatory Matters David Cook gave an update on Regulatory Matters (Exhibit I). 2009 NERC Business Plan and Budget Bruce Walenczyk, chief financial officer, presented a report on the 2009 NERC Business Plan and Budget . He noted that NERC would hold a workshop on the budget immediately following the board meeting the following day. In response to a question, Mr. Walenczyk explained the draft budget was prepared through a “bottom-up” process. Each program area was instructed to ask for the staff and monies needed in order to accomplish their goals for 2009. After getting the first level of input there was an extensive scrub down of the number of full-time employees but NERC is still struggling with the level of expenses, particularly for travel and meetings. He also pointed out that one-time expenses not withstanding, the increase is closer to 30 percent. The MRC discussed the draft budget and provided input for use in developing the next version. Chairman Hickok concluded by saying there is opportunity to provide additional input between now and the last look at this issue which will be the July 29–30, 2008 meeting in Montreal. Wind Generation Integration Warren Frost, Vice President Operations and Reliability, AESO and Jim McIntosh, Director Grid Operations, CAISO, presented a report on Wind Generation Integration and task force activity (Exhibit J). Summer Assessment Dave Nevius, senior vice president and director of reliability assessment and performance analysis, presented the 2008 Summer Assessment and plans to issue it on or about May 15. This report can be found at the following Web site: ftp://ftp.nerc.com/pub/sys/all_updl/docs/pubs/summer2008.pdf. The report covers the four summer months (June–September) and identifies any adequacy or reliability issues identified in the regions. This summer’s report reflects
MRC Meeting Minutes May 6, 2008
4
some improvements including increased granularity in reporting on the status of available capacity resources and greater attention to the impacts of demand response and wind capacity. 2008 Long-term Reliability Assessment Chairman Hickok asked Dave Nevius to open the discussion on the 2008 Long-term Reliability Assessment. Mr. Nevius reviewed the following two areas which the assessment will highlight:
1. Emerging Issues The NERC Reliability Assessment Subcommittee (RAS), in conjunction with NERC’s staff, developed seven emerging issues for emphasis in the 2008 Long-Term Reliability Assessment (LTRA). These were approved by the NERC Planning Committee (PC), which asked RAS to place particular emphasis in this year’s report on the following two issues:
Greenhouse gas reductions
Fuel storage and transportation
2. Assessment Improvement Initiatives NERC has launched several initiatives to improve its Reliability Assessment Program, led by Mark Lauby, manager of reliability assessments. The PC, which is the program support committee for this program, has established several new subgroups in support of these initiatives:
Reliability Assessment Subcommittee Reliability Assessment Improvement Task Force Demand Response Data Task Force Integration of Variable Generation Task Force Load Forecasting Working Group Data Coordination Working Group
The MRC discussed these areas as well as a letter from Scott Helyer, Chairman of the Planning Committee (Exhibit K). Follow Up to February 11 Discussion of NERC Priorities and Emphasis Chairman Hickok led the discussion on the priorities and emphasis for NERC in 2008, following up two of the five subject areas introduced in the February 11 MRC meeting: Reliability Standards Development and Compliance Monitoring and Enforcement. Scott Henry, Chairman of the Standards Committee, and Ted Hobson, Chairman of the Compliance and Certification Committee, presented updates on the progress of the programs (Exhibits L and M, respectively).
MRC Meeting Minutes May 6, 2008
5
Reliability Metrics and Leading Reliability Indicators. Chairman Hickok stated that the material on reliability metrics and leading reliability indicators was included in the meeting background material for information. Event Analysis and Information Exchange Bob Cummings, director of event analysis and information exchange, led the discussion, highlighting some of the lessons learned and trends from the analyses completed since the inception of the program (Exhibit N). The Event Analysis and Information Exchange program continues to work with the regions in analyzing blackouts, disturbances, off-normal events, and system performance and sharing the results of these analyses to help improve bulk power system reliability. A number of the analyses are in the final review stages. Lessons learned from these analyses are being documented for the NERC “Alert” system and trends are being recorded for metrics and benchmarking. Board of Trustees Nominating Committee Process Chairman Hickok deferred discussion on this item to the July meeting. Upcoming Issues for Member Representatives Committee Chairman Hickok forecast some of the items that are expected for the July 29, 2008 MRC meeting agenda, including the status of efforts in Canada, revision to bylaws, an update on the Long Term Reliability Assessment, Events Analysis, and review of the business plan and budget for 2009. He will schedule a conference call in late June to preview the July 29 agenda. Adjournment There being no further business, Chairman Hickok adjourned the meeting at 5:30 p.m. Submitted by,
David Whiteley Secretary
116-390 Village Blvd. Princeton, NJ 08540
609.452.8060 | www.nerc.com
1
Conference Call Minutes Member Representatives Committee June 30, 2008 | 11 a.m. EDT Dial-In: 866-503-3045 Code: 51070842
Member Representatives Committee Chair Steve Hickok called to order a duly noticed meeting of the North American Electric Reliability Corporation Member Representatives Committee on June 30, 2008 at 11 a.m., EDT, and a quorum was declared present. The meeting announcement, agenda, and list of attendees are attached as Exhibits A, B, and C, respectively. NERC Antitrust Compliance Guidelines David Whiteley, executive vice president, called attention to the NERC Antitrust Compliance Guidelines distributed with the agenda. Agenda Review Chairman Hickok informed the committee the main purpose of the call was to preview the preliminary agendas for the next regular MRC and Board of Trustees (BOT) meetings on July 29 and 30 in Montreal, as well as addressing a number of business items including the election of the nominated slate of CEO-level executives to the Electricity Sector Steering Group (ESSG). ESSG Charter Comments David Whiteley, executive vice president, presented the ESSG Draft Charter (Exhibit D) and opened the discussion by explaining in May the BOT approved a joint BOT/MRC task force report recommendation to establish the ESSG including its membership structure. The board asked that developing the charter be accomplished expeditiously, along with identifying the members of the ESSG in order that they might give input and guidance on CIP and cyber issues coming up over the next few months. NERC staff and MRC leadership worked on the development of the draft charter while naming members to the ESSG simultaneously. The BOT will be asked to approve the draft charter at its July 30, 2008 meeting, with comments and suggested changes discussed today. Chairman Hickok underscored the purpose of the steering group by emphasizing the ESSG is to guide the Electricity Sector Coordinating Council and operation of the ESISAC in the areas of physical and cyber protection. The charter calls for CEO-level
MRC Conference Call Minutes June 30, 2008
2
executives with operating experience in physical and cyber protection in their background. He explained the ESSG had been narrowly focused on owners and operators of T&D systems who have this experience rather than broadly on sector representation. Chairman Hickok then opened the item for comment, but hearing none, went onto the next agenda item. Election of Slate of CEO-level Executives to the ESSG Chairman Hickok opened this item by explaining that, in response to the letter that went out from David Whiteley to the MRC soliciting nominations for the ESSG, he received 10 nominations (Exhibit E). All nominees were highly qualified by virtue of their utility-operations experience and Chairman Hickok thanked the nominators for their hard work. The five-CEO slate was produced according to the specific diversity called for in the ESSG Draft Charter. Chairman Hickok stated it is his and Vice-Chairman Steve Nauman’s recommendation that the MRC vote to approve the slate, comprised of Paul Murphy, CEO, Ontario IESO; Jim Torgerson, CEO, UIL Holdings; Ken Ksionek, CEO, Orlando Utilities; Gary Fulks, General Manager, Sho-Me Power; and Paul Bonavia, Utilities Group President, Xcel Energy. Chairman Hickok noted the additional five individuals nominated: Terry Boston, PJM Interconnection; Greg Ford, Georgia System Operations Corp.; Bill Fehrman, MidAmerican Energy; Eric Baker, Wolverine Power Supply Co-op; Tom Standish, CenterPoint Energy. Chairman Hickok reiterated, all ten were excellent nominations from the standpoint of their experience and developing the proposed slate was difficult. Chairman Hickok then opened the nomination to comment. After some discussion, the motion to elect was made by Scott Henry, and seconded by Ed Timofychuk. In closing Chairman Hickok explained that the terms are staggered with two year terms upon election for three of the members, and two of the members up for renewal at end of one year. With no further discussion a vote was taken and the slate elected unanimously. Discussion of Nominating Committee Process and MRC Participant Determination Chairman Hickok began the discussion of the nominating process (Exhibit F) by explaining the nominating committee is a board appointed committee which will assemble a slate of candidates to fill the three seats of the Board of Trustees that have terms expiring at the end of this year. The committee consists of the trustees whose terms are not expiring at the end of this year, plus a number of MRC members as determined by the board. In response to the MRC chairman’s solicitation, seven members of the MRC expressed interest in serving with Chairman Hickok and Vice Chairman Naumann this year on the nominating committee. After some discussion, and with the expectation that the committee may work largely from a candidate list that last year’s committee generated, Chairman Hickok indicated that he would submit a list to BOT Chairman Drouin that is sequenced so as to preserve much of last year’s experience and build diversity of the MRC participation as one advances through the list. The board will determine the size of the committee and thereby the number of MRC participants.
MRC Conference Call Minutes June 30, 2008
3
The priority ordered list is as follows: Steve Hickok, Steve Naumann, Bill Gallagher, Jean-Paul Theoret, John Anderson, Michael Desselle, Mike Smith, Stewart Ramsay, and Julius Pataky.
Revised Transmission Owners and Operators Forum Charter David Whiteley presented the Transmission Owners and Operators Forum revised charter (Exhibit G) for input and comment. The revised charter will be presented to the board for approval at their July 30 meeting. After a brief explanation of the term “reliability operator,” the MRC discussed the proposed revised charter.
Comment on Topics for 2nd Annual Review of NERC Activities David Nevius, senior vice president and director of reliability assessment and performance analysis, presented the draft Compliance Filing of NERC of Reliability Enhancement Programs (Exhibit H) and opened discussion for comment by explaining that this is the second filing NERC has made on their reliability enhancement program. The MRC discussed the draft. Mr. Nevius stated that any further comments on this draft must be sent to David Cook and Rebecca Michael no later than July 7th. Overview of Preliminary Agendas for July 29 and 30 — Board of Trustees and the Member Representatives Meetings David Whiteley gave an overview of the preliminary agenda for the July 30, 2008 Board of Trustees meeting (Exhibit I). The MRC discussed the agenda and NERC staff provided input on the material that would be covered as part of each item.
Member Representatives Committee Chairman Hickok provided an overview of the Member Representatives Committee agenda (Exhibit J) and briefly touched on each agenda item. In closing he added that the committee will be discussing possible ideas for amending and improving the existing structure of the MRC and BOT meetings. Adjournment There being no further business, Chairman Hickok adjourned the meeting at 12:07 p.m. Submitted by,
David Whiteley Secretary
Amendments to NERC Bylaws MRC Action Required Approve proposed amendments to NERC Bylaws. These amendments must also be approved by the Board of Trustees, which will consider them at its July 30, 2008 meeting. Background These proposed amendments to the NERC Bylaws contain two substantive provisions and several technical and conforming amendments. The complete text of the bylaws, redlined to indicate the changes, is attached (Attachment 1). Article XIV, Section 1 of the bylaws requires that amendments to the bylaws be approved by a majority vote of both the Board of Trustees and the Member Representatives Committee in respective meetings at which a quorum is present. Substantive Provisions (1) NERC proposes to provide a short period of time after being elected for a newly elected trustee to resolve any conflicts of interest (10 days for any employee, officer, or director positions and 60 days for financial interests). The member would be required to recuse himself or herself from any particular matter involving the source of the conflict in the meantime. The amendment occurs in Article III, Section 3, and reads as follows:
Provided, that upon initial election to the board, an independent trustee shall within ten (10) days terminate any employee, officer, or director position that conflicts with this subparagraph and shall within sixty (60) days terminate any financial interest or other relationship that conflicts with this subparagraph, and prior to such termination shall not participate in discussion of or voting on any matter involving the entity of which the trustee is an employee, officer or director or in which the trustee has the financial interest or other relationship giving rise to the conflict.
During last year’s nominating process, members of the Board of Trustees Nominating Committee were concerned that the current NERC Bylaws require a new nominee to resolve any conflicts (employee, officer, or director positions or financial interests) prior to the time the new nominee knows whether he or she will be elected by the Member Representatives Committee. The board’s Corporate Governance and Human Resources Committee discussed the matter and agreed that a new nominee should have a short period of time after the election to resolve such conflicts. The proposed amendment to the bylaws would provide for such a short period of time: 10 days to resign from any conflicting positions and 60 days to resolve any financial conflicts. In the meantime, the newly elected trustee would recuse himself or herself from any particular matter involving the source of the conflict. David Cook, NERC General Counsel, discussed the issue informally with FERC staff, and they do not see this as a problem, so long as the period is short and the trustee recuses in the meantime. (2) The second substantive amendment addresses the method for selecting one or more additional Canadians for the Member Representatives Committee should that become necessary. At present, the bylaws direct that the additional Canadian is “the candidate who received the
Agenda Item 3 MRC Meeting July 29, 2008
Exhibit F
highest vote total among those candidates who would have qualified as Canadian voting representatives but were not elected.” Certain members of the MRC have expressed a concern that the current method of selecting the additional Canadian may not prove satisfactory in the future. The following hypothetical illustrates the point: Suppose there is an unelected Canadian in a large (100-entity) sector who finished a distant fourth (and last) place in that sector with just eight votes, and there is an unelected Canadian in a “small” (15-entity) sector who finished a close second place in that sector with seven votes (almost half the sector). Which one gets the additional seat on the MRC? The bylaws say “the candidate who received the highest vote total”. If “highest vote total” means the candidate with the highest raw number of votes, then the candidate who finished dead last with just 8 percent of the votes in the large sector will get the seat. Whereas, if “highest vote total” means the candidate with the highest fraction of the vote, then the candidate who finished second by a hair's breadth (47 percent of the vote) in the small sector will get the seat. The latter outcome seems fairer. To ensure the latter outcome obtains in some future election of Member Representatives, the proposed amendment would substitute “highest fraction of the sector vote” for “highest vote total” in Article VIII, Section 4. Technical Amendments (1) We propose to delete the definition of “regional reliability organization” from the bylaws as well as the many references to “regional reliability organization.” As events have unfolded, we do not need that term, and some report confusion over the role of regional reliability organization to regional entity by continuing to maintain the term in the bylaws. “Regional Entity” remains as a defined term. The deletions occur throughout the bylaws. (2) The statement in Article III, Section 3 regarding the identity of the independent trustees at NERC’s start-up is no longer accurate, with the election of new trustees and subsequent effective dates for revised bylaws. To make the sentence accurate for historical purposes, we propose to insert the word “original” in the second sentence of subparagraph b. of Section 3 and change the verb tense to match, as follows:
As of the original effective date of these Bylaws, the independent trustees of the Corporation and the date the term of each independent trustee expires were as follows:
2008 Long2008 Long--Term Reliability AssessmentTerm Reliability Assessment2008 2008 -- 20172017
Member Representatives Committee Meeting
July 29, 2008
2008 LTRA Schedule2008 LTRA Schedule
Drafting LTRA
Open Workshop
• Goals:1. Increase Transparency
2. Review Emerging Issues
3. Identify Enhancements
Finalize Draft
PC Review
Board Review/Approval
Release
Ongoing
July 30-31
August 31
Sept. 10-11
Sept. 26
October 1
2008 Preliminary Findings2008 Preliminary Findings
WECC’s Desert Southwest subregion requires more resources
Resources also tight in:• New York for the 2017 Summer peak
• WECC-Canada and Québec for the 2017 Winter peak
19,500 miles of new transmission (> 230 kV); 3,000 more than last year
Grid being worked harder; less flexibility to deal with unplanned events
Sample 2008 LTRA Capacity Margin ChartSample 2008 LTRA Capacity Margin Chart
0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
Cap
aci
ty M
arg
in (
%)
All Existing, Planned and Proposed Resources
All Existing, Planned and Most Probable Proposed Resources
All Existing and Planned Resources
Target Capacity Margin
All Existing ResourcesExisting Certain Resources
7 Issues Identified by NERC Staff & RAS, prioritized:
1. Climate change initiatives (greenhouse gas reductions)
2. Fuel storage & transportation
3. Rising global demand for energy & equipment, increased off-shore manufacturing of raw & finished materials
4. Increasing adoption of demand-side & distributed generation resources
5. Replacing and upgrading transmission infrastructure for the 21stcentury, including improved cyber security protection
6. Water usage
7. Mercury emissions
RAS will expand on a number of these in the 2008 LTRA
2008 LTRA Emerging Issues2008 LTRA Emerging Issues
Priority
2008 Emerging Issues & Scenario Analysis2008 Emerging Issues & Scenario Analysis
Scenario study outline peer reviewed by RAS & PC
NERCStaff
PC assigns RIS, RAS & TIS to develop list of
emerging issues
PC agrees to scenarios for the following year, based on risk
assessment of emerging issues.
Regions develop Scenario Study Outline
RAS assigns scenarios. Sends with LTRA Data Request.
Regions perform Scenario Reliability Assessment
RAS Peer Review Scenario
Year 1 Year 2
LTRA Published
Questions and SuggestionsQuestions and Suggestions
Any emerging issues not being addressed?
Scenarios that need to be considered?
Other suggestions?
Status of Reliability Matters in Status of Reliability Matters in CanadaCanada
Member Representatives Committee Meeting
July 29, 2008
Exhibit H
Overview of Jurisdiction in CanadaOverview of Jurisdiction in Canada
Under the Canadian Constitution (Article VI), regulation of electricity is generally assigned to each province.
92 “In each Province the Legislature may exclusively make Laws in relation to Matters coming within the Classes of Subjects next hereinafter enumerated• (10) Local Works and Undertakings other than
[those] connecting the Province with any other or others of the Provinces, or extending beyond the Limits of the Province.”
92A (1) “In each province, the legislature may exclusively make laws in relation to . . .• (c) development, conservation and management of sites and
facilities in the province for the generation and production of electrical energy.”
NEB has jurisdiction over International Power Lines
Alberta Minister of Energy has recognized NERC as the “electric reliability organization” under the Alberta Transmission Regulation
NERC and WECC standards become enforceable at the initiation of the Alberta Electric System Operator
AESO proposes to Alberta Utilities Commission those NERC and WECC standards it believes should be mandatory in the province, with recommendation to approve or reject
AESO expects to file first standards by end of 2008
AESO working with AUC and Market Surveillance Authority to develop compliance monitoring and enforcement program
AESO has negotiated an implementing agreement with WECC
AlbertaAlberta
British ColumbiaBritish Columbia
Under 2008 amendment to BC Utilities Commission Act, NERC and WECC recognized as standards setting bodies
NERC and WECC standards become enforceable upon adoption by the BCUC
Standards to be proposed by the BC Transmission Corporation for adoption by the BCUC
None yet mandatory under that new law
WECC will be involved in compliance monitoring and enforcement program
ManitobaManitoba
No current legislative authority to make standards mandatory in the province
NERC, MRO and Manitoba Hydro have signed an interim agreement making NERC and MRO standards binding on Manitoba Hydro only
Manitoba Public Utilities Board to determine violations and impose sanctions, on recommendation of NERC or MRO
Appeals heard by Manitoba Court of Appeals
Legislation being discussed to cover others within province
New BrunswickNew Brunswick
NERC standards currently mandatory as a part of the New Brunswick System Operator market rules
NBSO has authority to impose sanctions for violations
NERC, New Brunswick Department of Energy and NBSO have negotiated an MOU – expect signing in near future
NERC, NPCC and NBSO have negotiated an implementing MOU – expect signing in near future
NBSO will be sole entity monitored by NERC and NPCC
NBSO will monitor remaining entities within province
Nova ScotiaNova Scotia
NERC and Nova Scotia Utilities and Review Board signed MOU in December 2006
NSUARB has authority to adopt reliability standards for the province – none yet adopted
NSUARB has authority to make compliance determinations and impose sanctions
NSUARB expects to do so after proceedings before NSUARB, upon recommendation of NERC or NPCC
Nova Scotia Power is a member of NPCC and is bound by NERC and NPCC rules
OntarioOntario
Ontario Minister of Energy recognized NERC as electric reliability organization in November 2006
NERC standards mandatory as part of Ontario Independent Electric System Operator rules
NERC has signed MOU with Ontario Energy Board
NERC, NPCC and IESO have signed implementing MOU
Under 2008 legislative amendments, standards become mandatory after notice to OEB, which has authority to remand
NERC and NPCC monitor IESO for compliance
IESO monitors and enforces compliance for other entities within the province
MOUs to be amended to reflect the new legislation
QuQuéébecbec
Régie has authority to set reliability standards
Standards are to be proposed to the Régie by the reliability coordinator (TransEnérgie) – no standards yet mandatory
Régie has authority to make compliance determinations and impose sanctions
NERC, NPCC and Régie have negotiated an agreement for NERC and NPCC to provide compliance monitoring and enforcement services to the Régie
NERC and NPCC will make recommendations to Régie
SaskatchewanSaskatchewan
Saskatchewan has no separate regulator
By law, Saskatchewan Power has authority and responsibility to set and enforce reliability standards for the province
A distinct reliability oversight authority is being established within Sask Power
NERC, MRO and Sask Power have negotiated a memorandum of agreement that recognizes NERC as the ERO and will use NERC and MRO for compliance monitoring – to be signed shortly
The Crown retains all formal authorities
No financial penalties are contemplated at this point
Sask Power has recently achieved NERC certification as a Reliability Coordinator
National Energy BoardNational Energy Board
Jurisdiction over International Power Lines (IPLs)
September 2006 – MOU with NERC
April 2008 – NEB announced intention to require compliance with reliability standards as a condition to IPL license
Will be extended process to change the Federal regulation
NERC discussing a plan with regions to provide compliance and event information on IPLs to NEB
Standards Mandatory SummaryStandards Mandatory Summary
Alberta When adopted by AUC
British Columbia When adopted by BCUC
Manitoba Now, as to Manitoba Hydro
New Brunswick Now
Nova Scotia When adopted by NSUARB
Ontario Now
Québec When adopted by Régie
Saskatchewan When adopted by Sask Power
NEB After amendment of regulation
116-390 Village Blvd. Princeton, NJ 08540 609.452.8060 | www.nerc.com
July 7, 2008 TO: NERC BOARD OF TRUSTEES NERC STAKEHOLDERS Ladies and Gentlemen, NERC has recently come under scrutiny with respect to our response to certain specific cyber security vulnerabilities identified by the Department of Homeland Security (Aurora) as well as the effectiveness of our overall critical infrastructure protection program. It is absolutely essential that NERC responds swiftly and effectively to such criticisms and that the industry continues to address cyber vulnerabilities that could impact the reliability of the bulk power system (BPS). NERC, as the international electric reliability organization (ERO), must be at the forefront with respect to cyber security. NERC needs to do a better job of communicating industry efforts to mitigate threats to cyber security and must do more, in a coordinated manner, to help policy makers address the critical infrastructure protection concerns faced by the industry. NERC and the industry share a mutual goal to ensure that threats to the reliability of the BPS, especially cyber security threats, are clearly understood and are sufficiently mitigated. NERC in collaboration with the industry must address the following questions:
• What will it take to reasonably ensure the reliability of the BPS from a cyber security threat?
• What should NERC do to ensure its efforts are complementary to the efforts of the government and industry with regard to cyber security protection?
• What should NERC do to ensure that there are no “gaps” and no “confusion” with respect to responsibilities for and execution of cyber security protection initiatives?
Overall, NERC is addressing cyber security within each of our major program areas consistent with each program’s scope, unique authority, policies, procedures, and protocols. However, what NERC is currently able to do in each of its programs is limited by a lack of thorough threat analysis and risk assessment. NERC must elevate the importance and sense of urgency associated with cyber security threats, especially as it relates to this shortcoming. While NERC can and will seek to improve in this area, it must also ask “Is it sufficient to continue to treat critical infrastructure protection in the same manner as the remainder of its activities?”
Agenda Item 11Attachment 1
Exhibit I
-2-
NERC Board of Trustees and Stakeholders July 7, 2008 Page Two NERC, the industry, and the agencies of the respective governments that oversee our reliability activities understand that cyber security threats are not the same as the traditional threats to BPS reliability. NERC cannot be successful going forward without explicitly identifying and addressing the unique challenges that cyber security threats pose to the reliability of the bulk power system. Security Threats are Jurisdictionally Unbounded NERC’s charter and delegated authority under Section 215 of the Federal Power Act (in the United States) focus on the reliability of the BPS. When Congress drafted Section 215 it intentionally excluded distribution facilities. As a consequence, NERC has no jurisdiction with respect to distribution facilities and it does not require any additional authority over distribution facilities in order to ensure the reliability of the BPS through its reliability standards development and compliance and enforcement program. (Threats of a national security concern could arise from distribution facilities as demonstrated by Aurora but these are outside the charter and delegated authority of NERC.) Similarly, NERC has no jurisdiction to set or enforce mandatory standards applicable to the providers of telecommunication services and equipment, which also serve as a potential “attack vector” for cyber security threats. (NERC, in its capacity as the Electric Sector Information Sharing and Analysis Center (ESISAC), also has some related responsibilities for cyber and physical security issues associated with all electric facilities operated in the United States.) Critical Infrastructure Protection is Ever-changing with Technology NERC’s standards development process is structured to leverage industry subject matter expertise against well defined problems with long histories and defined data; incremental improvement over time can be accepted, rather than quick, significant change without operating experience as a basis and in short timeframes. While the vast majority of our standards apply to the former, cyber security at times requires the latter. Since the technology changes frequently, potential threats arise quickly. SCADA (Supervisory Control and Data Acquisition) and communications technologies continue to evolve at a rapid pace. Standards relating to critical infrastructure in general and cyber-security in particular will need to continue to evolve driving some future change on the industry. Critical Infrastructure Threats can be Intentional
NERC standards development is designed to respond to defined, measurable risks that can be identified from operating experience, event analysis, compliance audits, system and equipment performance analysis, and benchmarking programs. Consequently the necessity for standards is transparent.
-3-
NERC Board of Trustees and Stakeholders July 7, 2008 Page Three The intentional nature of cyber and physical security threats means the protection of the BPS is dependent in large measure on the quality and timeliness of threat analysis and risk assessments developed by others. Worldwide circumstances rather than operating conditions of the BPS can raise the threat level. Critical Infrastructure Threats Require Confidential Assessment NERC draws its technical expertise from the collective wisdom of others who volunteer their time for the good of the cause. When we are successful it is because we assemble these industry subject matter experts into drafting teams, develop and post our proposed standards for broad industry stakeholder comment, and gain approval by supermajority vote. Unfortunately much of the valuable information on critical infrastructure threats resides within government agencies and confidential treatment of that information is essential. In non-emergency situations coordination with the respective agencies is possible and the limitations associated with confidential information can be mitigated. Nevertheless these are special challenges not required when developing NERC’s other reliability standards. Response (or lack thereof) to Critical Infrastructure Threats can do Harm As a standard setting and enforcement organization, NERC must do no harm to the reliability of the BPS. Critical Infrastructure responses to threats are different. Every survey result, every instruction on how to mitigate risks, every documented compliance action comes with some risk of harm because it could provide a road map of actions taken and not taken with respect to protecting the BPS from such threats. Failure to act quickly may cause even greater harm because of the pace of technological change noted above. Summary Because cyber security threats are different, NERC must address these threats differently, but consistent with its mission as an international ERO. This is the most compelling reason for change going forward. Recommendations on immediate actions items are outlined below. Recommendations
1. Establish a Chief Security Officer (CSO)
Recognizing the critical differences associated with cyber security threats to bulk power system reliability, NERC will consolidate responsibility for coordination of cyber security matters across all NERC activities into a single responsibility area. NERC will staff a senior executive to be the “Chief Security Officer” who will serve as a single point of contact for the industry, the Electricity Sector Steering Group (ESSG), and government stakeholders seeking to communicate with NERC on cyber and infrastructure security matters.
-4-
NERC Board of Trustees and Stakeholders July 7, 2008 Page Four
2. Critical Infrastructure Protection as a NERC Program Critical Infrastructure Protection must become a higher priority within NERC. To do so we will formally establish a Critical Infrastructure Protection program as one of NERC’s statutory functions. The program will be led by the NERC CSO reporting to the NERC CEO with guidance from the ESSG. (The current ESISAC and situation awareness activities may also report to the CSO depending on the successful candidate’s qualifications.) The CSO will have responsibility for assuring the Rules of Procedure for all NERC programs are implemented in a timely and effectively manner with respect to Critical Infrastructure Protection. The CSO will be responsible for evaluating and recommending any changes to the rules of procedure necessary to achieve the objectives of the Critical Infrastructure Protection program. The CSO will be responsible for assuring coordination between NERC and the respective government agencies with respect to all critical infrastructure protection matters, especially where confidentiality is an issue. As a first step, the CSO, with the assistance of the regional entities, will perform an assessment, with metrics and recommendations, of the preparedness of the users, owners, and operators on the NERC compliance registry to address cyber security threats. The assessment and recommendations will address preventing intrusions as well as assessing the capability for isolating and limiting attacks so they remain within our abilities to withstand any subsequent equipment losses and restore the system quickly. The CSO should also represent NERC in the Partnership for Critical Infrastructure Security. 3. Alternative Standard Setting Process for Cyber Security Standards
As a part of the mandate to the board committee on standards, NERC will establish a task force to review, and where appropriate recommend, a standard setting process for Cyber Security that will include an emergency/crisis standards setting process. This process must provide a level of due process and technical review, but also provide the speed necessary to establish standards quickly and work seamlessly with any new authority granted in the United States to the FERC. NERC will investigate and review standards development models from other industries. NERC requests the Standards Committee consider the most effective approach for accelerating the review of the existing critical infrastructure protection standards to incorporate the comments from FERC, and specifically consider the extent to which elements of the NIST standards should be included in the NERC cyber security standards. 4. Improve Depth of Expertise
NERC will request the Regional Entities who have not already done so to establish a working group of industry experts. Under the direction of the CSO and in consultation with CIPC leadership, NERC will re-examine the charter and scope of the Critical Infrastructure Protection Committee to maximize its contribution to NERC and the industry with respect to cyber security protection. Under the direction of the CSO and director of compliance NERC will increase its IT professional expertise. Regional Entities will be requested to conduct CIP workshops to enhance the development and training of CIP auditors.
-5-
NERC Board of Trustees and Stakeholders July 7, 2008 Page Five
NERC will add Critical Infrastructure Protection experience to the search criteria for the next NERC trustee. 5. Closer Coordination with Government NERC, with the guidance of the ESSG, will establish a protocol with DHS, DOE, FERC, and their Canadian counterparts to ensure comprehensive cyber security threat analysis and risk assessment is available to NERC from a consolidated government voice, with industry users, owners, operators able to participate directly.
To ensure NERC is making decisions and setting priorities on the most current information, NERC will, in consultation with FERC, organize a briefing for the ESSG, the NERC CEO, and senior level utility executives across all stakeholder groups on cyber security threats. In particular, NERC will determine the need for, and implement any actions such as, alerts, remedial actions, or urgent and emergency action standards that stem from the briefing.
NERC will work with the ESSG, FERC, and applicable Canadian authorities to identify the most effective and secure method of assessing cyber security preparedness and performance. 6. Communications Under the direction of the CSO, NERC will establish communication protocols for responding to public and media questions on matters associated with Critical Infrastructure Protection, especially with regard to cyber security. 7. Completion Date
Completion of these activities in a timely manner is essential. NERC management will report at each board meeting on progress toward these goals with completion of all goals targeted for no later than year end.
Summary We share a mutual goal — to ensure the reliability of the BPS with respect to cyber security. The recommendations are designed to be complementary to the government as well as users, owners, and operators of the BPS, while making NERC a more effective and responsive organization in regard to security threats to the reliability of the BPS. I welcome your comments and suggestions. Sincerely,
MRC Update on Proposed Changes to MRC Update on Proposed Changes to RoPRoP 500 500 07/29/200807/29/2008
Lucius BurrisORCS Subcommittee Chairman
Exhibit J
Items of DiscussionItems of Discussion
Brief History of Certification
Substantive Changes
Provisional Certification
Project Timeline
Brief History of Certification Brief History of Certification
•Requirements–Agreements–Procedures–Processes–Tools
To perform as identified in Standard XXX-XXX
RC, BA, TOP Organization Certification
•Administrative Elements–Application–Schedule–Review Team–On-Site Visit–Written Recommendation–Time Extension–Dispute Resolution
ProcessRules of Procedure Section 500 and Appendix 5
RC, BA, TOP Organization Certification
Standards
RC, BA, TOP Organization Certification Questionnaires
Substantive ChangesSubstantive Changes
Removal of Transitional Certification
• Applied to existing operating RC’s, BA’s, and TOP’s
• Required self certification, table-top, or on-site audits
• 305 registered RC’s, BA’s, and TOP’s
Created Provisional Certification Document
ROP 500 and Appendix 5 applies to new entities
• Incorporated questionnaires that contain concepts of original certification standards
Provisional CertificationProvisional Certification
Applies
• NERC Control Area Certified
• Listed in NERC Compliance Registry and operating as RC, BA, or TOP
Requirements
• NERC Readiness Evaluation
On site activities completed by the evaluation team
• Regional Entity or NERC CMEP Audit
On site activities completed by the audit team
Project TimelineProject Timeline
June 10, 2008 Presentation to CCC
June 23, 2008 Post for 45 day public comment periodJuly 29, 2008 Present update to MRCAugust 8, 2008 End of the 45 day public comment periodAugust 19-21, 2008 ORCS incorporate industry feedback
September, 2008 Present update to MRC, as neededSeptember 17, 2008 Presentation to CCC to gain final CCC
concurrenceOctober 1, 2008 ORCS present to NERC counselOctober 15, 2008 Package to BOT
October 29, 2008 Final document presented to the Board of Trusteesfor approval (have FERC approval by 1/1/09).
Update on Regulatory Matters
MRC Action Required None FERC Orders Issued Since the Update for the May 5–6, 2008 Meetings 1. May 15, 2008 — Notice of Proposed Rulemaking — Ex Parte Contacts and
Separation of Functions. The Commission proposed to revise its regulations to clarify its rules governing ex parte contacts and separation of functions as they apply to proceedings arising out of investigations initiated under Part 1b of the Commission's regulations. Docket No. RM08-8-000
2. May 15, 2008 — Interpretative Order Modifying No-Action Letter Process and
Reviewing Other Mechanisms for Obtaining Guidance. The Commission expands the scope of the “no-action” letter process through which entities subject to the Commission’s authority may seeks a determination on whether staff would recommend enforcement action against the requestor if particular transactions, practices or situations were pursued. Docket No. PL08-2-000
3. May 15, 2008 — Submission to the Commission upon Staff Intention to Seek an
Order to Show Cause — Order No. 711. The Commission amends its regulations to expand and clarify the right of an entity to submit a written request to the Commission in the event staff intends to recommend that the Commission initiate a proceeding governed by 18 CFR Part 385, or make the entity a defendant in a civil action to be brought by the Commission. Docket No. RM08-10-000
4. May 15, 2008 — Revised Policy Statement on Enforcement. The Commission
issues revised policy statement to the regulated community as to the Commission's enforcement policies concerning the governing statutes, regulations and orders. Docket No. PL08-3-000
5. May 16, 2008 — Order Denying Rehearing and Granting Clarification — Order
No. 706-A, approving eight Critical Infrastructure Protection (CIP) Standards. Docket No. RM06-22-001
6. May 16, 2008 — Order Denying Appeal of Electric Reliability Organization
Compliance Registry Determination by Harquahala. The Commission denies an appeal by New Harquahala Generating Company, LLC. Docket No. RC08-4-000
7. May 16, 2008 — Supplemental NOPR - Modification of Interchange and
Transmission Loading Relief Reliability Standards; and ERO Interpretation of Specific Requirements of Four Reliability Standards. The Commission proposes to approve NERC’s proposed modified interpretation of Reliability Standard BAL-005-0. Docket No. RM08-7-000
8. June 2, 2008 — Order on Rehearing and Clarification. The Commission grants
ISO/RTO Council’s request for clarification and denies the alternative request for
Exhibit K
rehearing of Order No. 705 regarding observance of SOLs and IROLs. Docket No. RR06-1-0014, et al.
9. June 17, 2008 — Order on Rehearing. The Commission grants NERC’s request
for rehearing regarding deletion of requirement of the March 21, 2008 Order to follow FOIA and also requires that the Delegation Agreement entered into between NERC and ReliabilityFirst Corporation be revised in a compliance filing. Docket No. RR06-1-014, et al.
10. June 19, 2008 — Order on Violation Severity Levels Proposed by the Electric
Reliability Organization. The Commission approves the VSL assignments filed by NERC for the 83 Commission-approved Reliability Standards. The Commission also directs NERC to file modifications to VSLs relevant to five Reliability Standards. Docket No. RR08-4-000
11. June 19, 2008 — Order Conditionally Accepting Compliance Filing. The
Commission conditionally accepts NERC’s compliance filings on April 1, 2008. The filing included a true-up of actual 2007 costs incurred by NERC and the Regional Entities, and responses to other compliance directives in the 2008 Budget Order. Docket No. RR07-16-003
12. June 23, 2008 — Order on Rehearing and Clarification. The Commission affirms
its basic determinations in Order Nos. 890 and 890-A, granting rehearing and clarification regarding certain revisions to its regulations and the pro forma open-access transmission tariff, or OATT, adopted in Order Nos. 888 and 889 to ensure that transmission services are provided on a basis that is just, reasonable, and not unduly discriminatory. The reforms affirmed in this order are designed to: (1) strengthen the pro forma OATT to ensure that it achieves its original purpose of remedying undue discrimination; (2) provide greater specificity to reduce opportunities for undue discrimination and facilitate the Commission’s enforcement; and (3) increase transparency in the rules applicable to planning and use of the transmission system. Docket Nos. RM05-17-003 and RM05-25-003; Order 890-B
13. June 27, 2008 — Order Granting Request for Clarification. The Commission
grants Harquahala’s request for clarification regarding one aspect of the Commission-directed negotiations. Docket No. RC08-4-001
NERC Filings Since the Update for the May 5–6, 2008 Meetings 1. April 21, 2008 — Request for rehearing and/or clarification of FERC’s March 21,
2008 Order regarding requirement to follow FOIA. Docket Nos. RR06-1-012, et al.
2. May 1, 2008 — NERC submits the Quarterly report due in response to January
18, 2007 Order regarding Analysis of Reliability Standards Voting Results January–March 2008. Docket No. RR06-1-003
3. May 5, 2008 — NERC submits as an informational filing the definition of “adequate level of reliability.” Docket No. RR06-1-000
4. May 13, 2008 — Comments of the North American Electric Reliability
Corporation on the Notice of Proposed Rulemaking for Mandatory Reliability Standards for Nuclear Plant Interface Coordination. Docket No. RM08-3-000.
5. May 14, 2008 — Status Report of the North American Electric Reliability
Corporation in response to the December 20, 2007 Order and April 4, 2008 Order regarding revisions to the registration criteria for LSEs. Docket Nos. RC07-4-000, RC07-6-000, and RC07-7-000
6. May 16, 2008 — NERC submits a compliance filing to address (1) Rule 1604 to
require Regional Entity to submit procedure for requesting data or information to NERC (P 17), (2) what NERC intends to do if it requires certain data or information more quickly than its proposed rules currently allowed (P 16), and (3) work with BPA and other federal agencies on the compliance registry to develop procedures that would allow the review of requested information without risking waiver of FOIA protection (P 18). Docket Nos. RM06-16-000 and RR08-1-000
7. May 19, 2008 — Compliance Filing of the North American Electric Reliability
Corporation and Northeast Power Coordinating Council and the North American Electric Reliability Corporation and Florida Reliability Coordinating Council in response to paragraphs 174 and 252 of the Commission’s March 21, 2008 Order. Docket Nos. RR06-1-012, RR07-8-002, and RR07-3-002
8. May 23, 2008 — NERC submits the 2008 Summer Reliability Assessment
Report. Docket No. RC08-6-000 9. May 28, 2008 — Comments of the North American Electric Reliability
Corporation on the Notice of Proposed Rulemaking for Standards for Business Practices and Communication Protocols for Public Utilities. Docket No. RM05-5-005
10. June 4–9, 2008 — NERC submits the first round of the Notices of Penalty.
Docket Nos. NP08-1-000 through NP08-37-000 11. June 12, 2008 — Comments of the North American Electric Reliability
Corporation on the Notice of Proposed Rulemaking on Modification of Interchange and Transmission Loading Relief Reliability Standards; and Electric Reliability Organization Interpretation of Specific Requirements of Four Reliability Standards. Docket No. RM08-7-000
12. June 12, 2008 — Motion to Intervene and Comments of the North American
Electric Reliability Corporation in response to U.S. Department of Energy/Portsmouth Paducah Project Office’s appeal of compliance registry determination. Docket No. RC08-5-000
13. June 20, 2008 — NERC submits a revised registration determination regarding Southeastern Power Administration. Docket No. RC08-1-000.
14. June 27, 2008 — Compliance Filing of the North American Electric Reliability
Corporation of Revised Violation Risk Factors in response to the Paragraph 757 of Order No. 706 - Mandatory Reliability Standards for Critical Infrastructure Protection Submission. Docket No. RM06-22-000
15. June 30, 2008 — Petition of the North American Electric Reliability Corporation
for approval of three Reliability Standards (FAC-010-2, FAC-011-2, and FAC-014-2). Docket No. RM07-3-000
Anticipated NERC Filings 1. July 15, 2008 — Compliance Filing due in response to the Commission’s May 16
Order Denying appeal of Harquahala Generating Company, LLC. NERC must submit list of TO/TOP requirements that apply to Harquahala. Docket No. RC08-4-000.
2. July 19, 2008 — NERC is directed to file the modified Violation Severity Levels
as identified in the Appendix of the June 19, 2008 Order. Docket No. RR08-4-000 3. July 21, 2008 — Compliance filing due in response to the November 2, 2007
Order on Filing of Reliability Enhancement Programs. Docket No. RR07-14-000 4. July 21, 2008 — Compliance filing regarding modifications to pro forma
delegation agreement, the eight individual delegation agreements, and CMEP (including hearing procedures) in response to FERC’s March 21, 2008 Order. Docket Nos. RR06-1-012, et al.
5. July 21, 2008 — NERC must submit a filing regarding revisions to WECC bylaws. Due date established in FERC’s March 21, 2008 Order. Docket Nos. RR06-1-012, et al.
6. July 30, 2008 — NERC must submit a supplemental compliance filing of revised
Violation Risk Factors in response to paragraphs 751 and 757 of Order No. 706 – Mandatory Reliability Standards for Critical Infrastructure Protection Submission. Docket No. RM06-22-000
7. July 31, 2008 — Quarterly report due in response to January 18, 2007 Order
regarding Analysis of Reliability Standards Voting Results April–June 2008. Docket No. RR06-1-003
8. August 14, 2008 — NERC is directed to submit a compliance filing of its work
with Bonneville and other federal agencies listed on NERC’s compliance registry to develop procedures that would allow the review of the requested information without risking waiver of FOIA protection.
9. August 22, 2008 — NERC will file the 2009 business plans and budgets for
NERC and the eight Regional Entities in response to the Commission’s June 19,
2008 Order. NERC is directed to submit modified document retention policies of MRO and NPCC with the 2009 budget filing. Docket No. RR07-16-003
10. August 29, 2008 — Revised deadline for NERC to submit five revised reliability
standards (MOD-001, -008, -028, -029 and -030) regarding ATC calculations. Docket Nos. RM05-17-000 and RM05-25-000
11. September 21, 2008 — NERC must submit a status report regarding NERC and
WECC addressing WECC’s monitoring and enforcement responsibilities regarding its reliability coordinators (status report due every six months thereafter). Due date established in FERC’s March 21, 2008 Order. Docket Nos. RR06-1-012, et al.
12. September 30, 2008 — Compliance filing in response to Paragraph 951 of Order
No. 693, directing NERC to conduct a survey on IROL practices: 13. October 31, 2008 — Quarterly report due in response to January 18, 2007 Order
regarding Analysis of Reliability Standards Voting Results July–September 2007. Docket No. RR06-1-003
14. November 21, 2008 — Revised deadline to submit one or more standards related
to Capacity Benefit Margin as required by paragraph 223 of Order No. 890. Docket Nos. RM05-17-000 and RM05-25-000
15. December 19, 2008 — NERC is directed to (1) submit a report to the Commission
within six months documenting whether the Violation Severity Level assignments allow for a level of compliance lower than the historical performance; (2) file a compliance filing within six months either justifying the inconsistency in the single Violation Severity Level assigned to binary requirements, or revising those assignments to reflect a consistent approach; (3) review all Violation Severity Level assignments, with the exception of those for which the Commission directs modification in this order, for compliance with Guidelines 2b, 3, and 4 and submit a compliance filing either validating the current Violation Severity Level assignments or proposing revision within six months; and (4) submit a compliance filing submitting Violation Severity Levels for NUC-001-1 Reliability Standard. This is in response to the June 19, 2008 Order on Violation Severity Levels. Docket No. RR08-4-000