Week Ending June 28, 2019

NERC, Industry Address FERC Questions on Cybersecurity, Gas Supplies, Standards

This Article Appears as Published in Foster Report No 3255
NERC, Industry Address FERC Questions on Cybersecurity, Gas Supplies, Standards

A June 27 technical conference at FERC on power grid reliability featured plenty of talk about the standard-setting process at the North American Electric Reliability Corp. (NERC), with vows to remain vigilant on cybersecurity protections and debate about whether a grid reliability standard is needed for fuel security or natural gas supplies for power plants.

The increased use of gas-fired generation, solar and wind power was touched on throughout the session. The question of whether a NERC standard is needed for gas supplies has been kicked around for some time, including at FERC’s 2018 reliability technical conference, and there were no conclusions reached among the panelists at Thursday’s all-day session. NERC officials said a working group intends to develop a guideline by the end of 2019.

Once a guideline is in place, the effectiveness of it will be monitored and evaluated to determine whether a standard is needed on pipeline and other fuel contingencies, explained Mark Lauby, senior vice president and chief reliability officer at NERC.

The Department of Energy’s proposed rule on grid resilience and fuel security, which was denied by FERC in a 5-0 vote in early 2018, cropped up as a suggested path by Peter Balash, senior economist at DOE’s National Energy Technology Laboratory (NETL). Balash encouraged FERC to “recognize the spirit” of the proposed rule and work on a fuel security framework to address gas supply concerns and the reduced use of coal-fired generation.

NERC CEO Jim Robb touted the enhanced capabilities at the Electricity Information Sharing and Analysis Center (E-ISAC) and improved cooperation with the utility sector, government agencies, and equipment vendors on addressing cyber threats. NERC implemented use of an “All Points Bulletin” system to alert entities on cyber threats in quick fashion, enhancing the critical broadcast program that has been used by the E-ISAC.

The topic of transparency and when to share information is a constant exercise, particularly when cyber threat information is classified by the government, Robb noted. The E-ISAC partners with other industry ISACs and the DOE, Department of Homeland Security and Department of Defense to address threats and develop mitigation strategies. Cyber threats evolve rapidly and are becoming more sophisticated, Robb and others noted.

In response to questions from FERC staff, Robb said NERC and government partners struggle with how much information to share and what should the threshold be for issuing alerts to the utility sector. Feedback from the industry tends to favor wanting more information, even if it is limited due to being classified. That makes NERC and E-ISAC relationships with government agencies and communication with the industry absolutely critical, Robb said.

Nick Brown, president and CEO of Southwest Power Pool, said the pace of developing reliability standards within NERC needs to pick up to be able to address rapidly changing cybersecurity concerns. The standard-development process will never keep pace with cyber threats, but “we need to speed it up,” he said.

Brown also said NERC regional entities have different opinions on compliance with traditional reliability standards, which creates problems for grid operators with assets across multiple regional entities. There have been attempts to harmonize compliance issues across the regional entities for many years but progress in that area remains elusive, he said.

Besides NERC officials, speakers at the technical conference included electric utilities, independent system operators, energy trade groups, state and federal government, regional entities of NERC, and various private sector companies that deal with cybersecurity and supply chain issues.

FERC commissioners expressed thanks for the work done by industry to protect grid reliability in the face of new challenges, including extreme weather and cyber threats from foreign nations. Commissioners Richard Glick and Cheryl LaFleur questioned how much disclosure should take place with violations of critical infrastructure protection (CIP) standards, with LaFleur noting that those anonymous violations are increasingly being subject to Freedom of Information Act requests. It is no secret that utilities had some early struggles complying with CIP standards, but disclosure should continue on a case-by-case basis to avoid revealing too much information, said Jennifer Sterling, vice president of NERC compliance and security at Exelon, speaking on behalf of the Edison Electric Institute.

There has to be a balance between transparency and divulging too much information to allow adversaries a “back channel” to do harm by seeing where a utility or entity has weakened CIP compliance, Sterling said.

Her view was seconded by Robb and Tim Gallagher, president and CEO of regional entity ReliabilityFirst. Releasing names of companies too soon, even after some agreement is signed and protections/mitigations are in place, could be like showing a lion the weak animals in a herd, Gallagher said. Disclosure and transparency are important and appropriate, but NERC and FERC should not be providing too much information that could be used as a blueprint for carrying out a cyber attack, Robb said.

Whether NERC should have regional standards that only apply to certain parts of the U.S. and Canadian grid was touched on several times, including about natural gas supply issues. FERC Chairman Neil Chatterjee commended ISOs that have taken on fuel security and resilience issues in a proactive manner, and he asked Balash if others should do the same.

Natural gas is a fine generation fuel but “it has many masters” and is used to heat homes during the winter, with use as a power generation fuel limited by market rules and high prices when gas demand is at its peak, Balash said. He referred to the intermittent nature of wind and solar resources, including wind generation in SPP that dropped significantly over two days in late January, with battery storage not scaled up yet to improve resilience during such events.

Gas supplies to power plants are not as secure as coal, and they experience price spikes a few times a year if demand is high and home heating needs increase, Balash said.

Glick challenged his comments that FERC should recognize the spirit of the proposed rule from DOE, noting that the NETL report on resilience and fuel security was criticized by PJM Interconnection and others. FERC rejected the proposed rule because there was no evidence of the need for such actions to support fuel-secure power plants, and he asked Balash if there is any subsequent evidence he has come across.

Balash referred to incidents of high gas prices in New York and New England and limitations on gas deliveries. There is plenty of natural gas available, but it cannot be delivered where it is needed during peak periods, he said.

The morning panels at the technical conference examined critical infrastructure protection standards and cloud-based computing for storing and securing information. Panels later in the day were scheduled to focus on communications technologies and issues associated with reliability coordinators and seams issues between the Eastern Interconnection and Western Interconnection. The reliability coordinator functions in the Western Interconnection are being transferred to a collection of different entities.

By Tom Tiernan ttiernan@fosterreport.com

Want to try it out? Sign up for a free trial!
Subscribe Here