Professional Documents
Culture Documents
Headlines DL - NERC 2013 Annual Report - Final - Web
Headlines DL - NERC 2013 Annual Report - Final - Web
Headlines DL - NERC 2013 Annual Report - Final - Web
Annual Report
February 2014
RELIABILITY | ACCOUNTABILITY
Table of Contents
Letter from the President and Chief Executive Officer............................................................ 3
NERC Overview..................................................................................................................... 5
Board of Trustees................................................................................................................ 30
Gerry W. Cauley
President and CEO
• Standards – The ERO improved the tools for developing reliability standards and focused on
continued execution and delivery of high-quality, results-based standards.
• Risk Initiatives – The ERO has the capability to analyze system events using multiple sources to
determine root causes and define mitigation actions. This year, the ERO matured risk work by
structuring solutions around increased accountability.
• Compliance – The ERO worked closely with stakeholders to construct a new risk-based model for
compliance that is coherent and manageable.
These three strategic efforts are based on NERC’s four pillars for success, which emphasize:
• R eliability – to address events and identifiable risks, ensuring the reliability of the bulk power system
through proper mitigation and remediation.
• Assurance – to provide accountability to the public, industry, and government for the reliable
performance of the bulk power system.
• Learning – to promote learning and continuous improvement of operations and adapt to lessons
learned for bulk power system reliability.
• Risk-based approach – to focus attention, resources and actions
on issues most important to bulk power system reliability.
As part of its mission to promote reliability excellence and demonstrate leadership in evaluating emerging
trends that potentially impact the reliability of the bulk power system, NERC annually develops assessments
to inform industry and policymakers on trends and challenges. Below are highlights of reports from 2013.
State of Reliability
The NERC 2013 State of Reliability report represents one of the premier evaluations of bulk power system
reliability performance in North America and serves as a key vehicle to gather insights and identify trends
grounded in solid technical performance data. This report is an analysis of bulk power system reliability
that industry can use to improve efficiency and accountability. The 2013 report identified the following key
findings:
These findings align with the Reliability Issues Steering Committee’s endorsement of protection system
misoperations as a major focus for reliability risk. Reliability Standard PRC-005-2 – Protection System
Maintenance, which was filed with FERC, established minimum maintenance intervals for specified system
protection equipment, including verification that protection settings are as specified. In addition, the PRC-
004-3 – Protection System Misoperation Identification and Corrections project continues with high priority.
The Planning Committee formed the AC Substation Equipment Task Force to analyze failed ac substation
equipment data in event analysis data and relevant reports; research root causes, including equipment
configuration and bus design; and identify the key factors that exacerbate the impact of ac substation
equipment failure. This research will provide solid technical foundation to identify specific items, actions and
recommendations to directly improve reliability performance.
The overall strength of the performance analysis, solid technical foundation, sophisticated statistical
analyses, and integrated validation with actual system events are considered one of the strengths of a risk-
informed approach to ensuring and enhancing bulk power system reliability.
Long-Term Reliability
NERC’s annual ten-year reliability assessments provide an independent view of the industry by examining key
bulk power system reliability indicators, including peak demand and energy forecasts, resource adequacy,
transmission developments, changes in overall system characteristics and operating behavior.
As part of NERC’s efforts to continually assess potential impacts to reliability, the 2013 Long-Term Reliability
Assessment identified a number of significant emerging reliability issues the industry will be challenged with
over the next decade. These challenges stem from a changing resource mix comprised of significant increases
in variable energy resources to meet renewable portfolio standards, increased reliance on natural gas-fired
generation and demand-side management primarily driven by economics, and the retirement of nearly 10
percent of North America’s generation capacity.
While NERC’s annual Long-Term Reliability Assessment generally focused on resource adequacy, the changing
resource mix projections signal to NERC that more attention and focus is needed to address the straining
of essential reliability services. This requires new operational tools and procedures that, in order to be
implemented without adverse impacts to system reliability, call for careful consideration, preparation and
planning. The development and successful integration of the changing resource mix will require the industry
to break down traditional boundaries and take a holistic view of the system, focusing on reliability.
During the past four years, the NERC Integration of Variable Generation
Task Force developed a number of recommendations that support the
reliability considerations for accommodating large amounts of variable
generation, which spurred significant action across the industry, including
the identification of potential gaps and enhancements to NERC Reliability
Standards. The recommendations provided industry with guidance on
developing new operating procedures and planning considerations,
including specifics on unique regional challenges, differing market
structures and regulatory policies.
In 2013, NERC published its second phase report Accommodating an Increased Dependence on Natural
Gas for Electric Power. The report determined the different risks that can affect reliability and identified
approaches to minimize vulnerabilities and areas where coordinated inter-industry efforts could provide
enhanced system reliability.
The report presents a new resource planning framework that incorporates the risk of natural gas
unavailability. It advocates a layered approach for transmission and resource planners to consider in
the context of larger, multi-area vulnerability and infrastructure assessments. As a result of the report’s
recommendations, several regional study groups, including the Western Interstate Energy Board, the Eastern
Interconnection Planning Collaborative and the Midcontinent Independent System Operator, have focused
their attention on these issues and use NERC’s recommendations as a foundation for further analysis.
As part of its ongoing weather activities, NERC offered industry a winter weather preparation webinar in
October. More than 350 stakeholders participated in the webinar, which provided reports and training
material in preparation for the upcoming winter weather forecasts and entity cold weather preparedness.
During the webinar, the impacts from the February 2011 Southwest cold weather event were reviewed,
as well as impacts from previous cold weather events. The webinar encouraged generator owners and
operators to focus on areas that were observed in past events, such as inspecting and maintaining heat trace
equipment and thermal insulation, erecting adequate wind breaks and enclosures, and taking measures to
protect instrument lines and equipment prior to the onset of winter weather.
NERC also reviewed the Assessment of Previous Severe Winter Weather Reports 1983-2011 during the
webinar. This report provides a review and comparison of the previous winter events cited in the FERC and
NERC staff report on Outages and Curtailments During the Southwest Cold Weather Event of February 1-5,
2011. This was to remind industry that generators experienced weather-related outages and rolling blackouts
in previous events, and lessons learned from these events could have prevented outages in more recent
winter events.
NERC also highlighted the Reliability Guideline Generating Unit Winter Weather Readiness – Current Industry
Practices that was developed by the Operating Committee. These guidelines provide a general framework for
developing an effective winter weather readiness program for generating units throughout North America.
Event Analysis
The industry’s voluntary event analysis process provides valuable information for the ERO and industry
to address threats to the reliability of the bulk power system. Since its initial implementation in 2010, the
process has yielded more than 388 qualified events reported to the ERO, and more than 77 lessons learned,
including 14 published this year. The NERC Event Analysis program is based on robust data gathering, data
validation, root and contributing cause analysis, trend identification and risk assessment. Voluntary event
analysis reporting by the industry has been successful.
NERC assesses every event to identify and share the possible threats to reliability with industry. This year, the
NERC cause code assignment process provided valuable information to the industry, including greater ability
for historical trending and predictive analysis. Industry actively participated in the assignment of cause codes
as events are closed to trending. This provides greater transparency on how NERC trends events and provides
a venue for active collaboration and sharing.
These analyses resulted in NERC issuing a Level 1 advisory alert after the identification of a trend in 345 kV
SF6 puffer-type circuit breaker failure and the potential risk this poses to the reliability of the bulk power
system. The alert made industry aware of the recent failures and the published maintenance advisories so
appropriate action could be taken by entities with this type of equipment.
While the alert was advisory in nature and did not require specific action, there was close collaboration with
the North American Generator Forum and North American Transmission Forum, as well as trade associations
with members who have this type of 345 kV equipment. This advisory provided an excellent opportunity for
NERC to work directly with the forums and trades to determine the extent of the condition and address the
potential risk to the bulk power system.
NERC Event Analysis published the Assessment of Previous Severe Winter Weather Reports 1983-2011 to
provide a review and comparison of previous winter weather events, which were provided to the industry in
the previously mentioned October webinar.
The event analysis process continues to establish the appropriate balance of data reporting for analysis and
use by the industry. NERC is creating incentives to sustain positive efforts and to improve the process.
Through its Event Analysis group, NERC assesses every event report to identify and then share, industry-wide,
the apparent threats to reliability that may be emerging. The NERC Cause Code Assignment Process manual
was updated in February 2013.
The Energy Management Systems (EMS), which encompass supervisory control and data acquisition (SCADA),
communications and real-time tools, are vital for maintaining situational awareness and making operating
decisions at both the individual and the organizational level. EMS are reliable and typically redundant. While
an outage of the EMS increases the risk to the reliability of the bulk power system, to date, there has been
no loss of load as a result of an EMS outage. The NERC Event Analysis program received 30 Category 2b event
reports in 2013 that detailed a complete loss of SCADA, monitoring or control lasting more than 30 minutes.
The voluntary reporting by the industry in this area has been exceptional. The NERC Event Analysis program
is based on robust data gathering, data validation, root and contributing cause analysis, trend identification
and risk assessment. NERC’s commitment to active collaboration and sharing allows more information to
be adequately reviewed and shared about these events in conjunction with NERC Regions and the affected
entities.
NERC hosted its first Monitoring and Situational Awareness conference focused on improving EMS reliability
in September. The conference brought together more than 90 operations and EMS experts from more than
55 registered entities from across North America, as well as a variety of vendors and consultants.
NERC published four lessons learned specifically about EMS outages in 2013 and worked to build and support
an industry-led EMS Task Force. The work and active information sharing of this group has reduced residual
risk associated with this potential loss of situation awareness and monitoring capability and continues to
provide valuable information to industry. A second workshop is being planned for this year.
Human Performance
Ineffective vegetation management was identified as a major cause of the August 14, 2003 blackout and
has been a factor in other large-scale North American outages. In response, NERC developed the FAC-003
vegetation management standard, which formalized transmission vegetation management program and
reporting requirements. As a result, vegetation-related transmission outages continue to improve due to
industry’s improved management programs.
Each quarter, NERC develops and posts a vegetation-related transmission outage report summarizing
outages. During the 2004-2010 period, there were 63 reported grow-in outages. In the past three years, only
one grow-in outage has occurred.
10
Due to improved industry
8 vegetation management
6 programs, the quarterly
4
vegetation-related
transmission outages
2
continue to decrease.
0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
Also, for the first time, this standard requires transmission owners to annually inspect all transmission lines
subject to the standard and to complete 100 percent of their annual vegetation work plan. Version 3 also
incorporates the minimum vegetation clearance distances into the text of the standard and does not rely on
clearance distances from an outside reference, as was the case in Version 1.
Recent performance in minimizing and eliminating vegetation-related transmission outages, coupled with
enhanced requirements of the recently approved version 3 FAC-003 standard, should continue to promote
a more reliable grid through the achievement of successful vegetation management programs and eliminate
vegetation-related adverse impacts.
Facility Ratings
An associated issue with vegetation management is the facility rating requirement for registered entities.
In late 2010, discrepancies between the design and actual field conditions of transmission facilities was
discovered, including transmission conductors. NERC issued a Recommendation to Industry in October 2010
that detailed the reliability risk and required data submittals over a three-year period. Reporting for this is
nearing completion.
Entities developed their list of “high,” “medium” and “low” priorities to assess their facilities, develop
remediation plans and report every six months on the status of remediation efforts. To date, more than 96
percent of the transmission facilities classified as high-priority by their owners have as-built field conditions
consistent with their design. Of the 941 high-priority transmission lines with discrepancies, 828 lines (88
percent) have been fully remediated. For medium-priority facilities, more than 88 percent have as-built field
conditions consistent with their design. Of the 2,268 medium-priority transmission lines with discrepancies,
1,524 lines (67 percent) have been fully remediated. While remediation is ongoing, the risk to the bulk power
system has been substantially reduced due to these efforts.
NERC made significant strides in 2013 in integrating risk management principles in development of its overall
strategy for maintaining and improving reliability. The Reliability Issues Steering Committee (RISC), which was
created in 2012, provided a broad, executive-level platform to assist the ERO in setting priorities for reliability
issues of greatest importance.
The RISC’s initial work led to a set of recommended ERO priorities for NERC’s Board in February 2013.
The broad priorities were critical in formulating the overall risk-informed ERO strategic approach and
encompassed cyber attack, workforce capability and human error, protection systems, monitoring, and
situational awareness. The emphasis is to clearly identify the most important reliability risks so relevant
projects can be formulated to best address these in a prioritized, disciplined approach. These baseline
priority reliability risks and associated programs or projects – called the Reliability Risk Management Process
– can be used in the development of the Business Plan and Budget.
NERC hosted a Reliability Leadership Summit in Washington, D.C., for key industry executives and business
leaders to provide insights about reliability of the bulk power system. Topics included planning, modeling
and analysis, operations, infrastructure protection and general discussions of reliability risk. As a result, a
composite set of top priority reliability risks were identified for focus and strategic attention to lessen these
potential risks for 2014-2017. As the Reliability Risk Management Process matures, it will produce periodic
updates, broad input and staged evaluation of the effectiveness of ongoing risk management projects. This
information will serve as input to the Business Plan and Budget. In rank order, the top-priority reliability
risks identified are: changing resource mix, resource planning, protection system reliability, uncoordinated
protection systems, extreme physical events, availability of real-time tools and monitoring, protection system
misoperations, cold weather preparedness, right-of-way clearances, and 345 kV breaker failures. Through
these structured approaches, NERC is better able to identify priority reliability risks and adopt effective
measures and projects to ensure these risks are actively monitored and effectively lessened.
The ERO began the Reliability Assurance Initiative (RAI) in 2012 as a strategic initiative to transform the
current compliance and enforcement program into one that is forward looking, focuses on high reliability risk
areas and reduces the administrative burden on registered entities.
The initiative builds upon the success of Find, Fix, and Track initiative and develops enforcement incentives
to distinguish between poor performance that must to be discouraged and positive behaviors that contribute
to higher accountability and improved performance. RAI recognizes an entity’s risk to reliability, along with
its management controls and corrective-action programs to meet the reliability standards, and reduces the
administrative burdens of the compliance and enforcement program on industry while gaining efficiencies.
• Sponsored, organized and initiated project teams for four focus areas for 2013 with implementation
rollouts planned for 2014-2015. Projects included:
Compliance Auditor Manual and Handbook: defining audit activities and providing a structured
audit approach.
Compliance Prototypes and Pilot Programs: testing approaches to risk assessment, audit
scoping, and controls assessment to serve as input to the development of an ERO-wide, risk-
based auditing approach.
Improvements to Self-Reporting: strengthening processes for self-report submittals by
registered entities, as well as improving NERC and Regional Entity intake processes for self-
reports.
FFT Enhancements: enhancing current FFT program by having NERC and the Regional Entities
spending less time processing minimal- and moderate-risk issues while continuing to reserve
the current enforcement process for the Possible Violations that constitute “serious and
substantial” risk to the bulk power system.
• Published two key change state element papers to further discussion with stakeholders:
Refine Compliance and Enforcement Information Flow (Change State Element No. 3)
Redesign the Enforcement Strategy (Change State Element No. 5)
• Collaborated with industry to draft and publish RAI documents for:
Internal Controls Working Guide to help define and further the understanding of internal
control programs and activities.
RAI Question and Answer document to provide an overview of the various components of RAI.
Created an RAI web page for industry to find all RAI-related information.
• Drafted ERO Enterprise Mitigation Plan Guide and Self-Report User Guide with comments from
industry due in February.
The ERO will continue training and communication on RAI activities through workshops, webinars, and
published documents, and will work with industry to implement key compliance and enforcement activities.
In 2013, NERC made significant progress in transitioning its body of standards to steady state – sustainable
requirements that meet certain quality and content criteria – by developing and beginning to apply
recommendations from independent industry experts and by efficient execution of five-year review projects
and informal development projects.
Taking a holistic look at its standards, NERC retained a team of five industry experts to independently review
all standard requirements, setting the foundation to transition to a clear, concise and sustainable body of
standards. The experts assessed the content and quality of the standards, including identification of potential
risks that were not adequately mitigated, and developed recommendations for each requirement. The
initial assessment determined whether a requirement should be retired and the remaining requirements
were given a content and quality grade. The experts then assigned each requirement a reliability risk level
and recommended prioritization of future work based on the assigned grades and risk. To date, 70 of the
147 requirements recommended for retirement by the independent experts have been addressed by the
assigned drafting team, revisions balloted and approved by stakeholders and the revised standards adopted
by the Board and filed with regulatory authorities. The team’s final report and a spreadsheet that provides
scores by requirement are posted on the Reliability Standards Development Plan web page.
Also supporting the progress toward steady state standards were four, five-year review projects that
addressed NERC’s obligation to conduct periodic reviews of standards that have not yet been revised through
other standards development projects. The projects considered whether a standard is results-based, clear,
technically sound or associated with regulatory directives or the independent experts’ recommendations,
and resulted in recommendations to affirm, revise or retire the standards in question. In October 2013, the
Standards Committee accepted all of the recommendations of the five-year review teams. Several standards
from among those four projects were moved into standard development phases, as some base consensus
around the scope and/or changes had already been developed.
To maintain this momentum in the transformation to steady state, the Standards Committee and NERC staff
used the experts’ report and work completed in 2013 when developing the 2014-2016 Reliability Standards
Development Plan. Going forward, standard drafting teams, ad hoc groups and periodic review teams will be
asked to consider the experts’ recommendations alongside other input such as FERC directives, Paragraph 81
criteria, compliance input, and stakeholder feedback.
Paragraph 81 Retirements
NERC also made headway in the application of Paragraph 81 criteria. Paragraph 81 criteria identifies for
retirement those requirements that have little to no impact on the reliability of the bulk power system per
a March 15, 2012, FERC order on NERC’s Find, Fix, and Track process. In November 2013, FERC approved
the retirement of 34 requirements under the first formal phase of the Paragraph 81 project. In addition,
throughout the year, drafting teams continued to apply Paragraph 81 criteria in other formal development
projects – Phase 2 of the Paragraph 81 project. Through the first quarter of 2014, 158 of the 217
requirements recommended by stakeholders as Phase 2 Paragraph 81 candidates will be addressed by the
assigned drafting team, revisions balloted and approved by stakeholders, and the revised standards adopted
by the Board and filed with regulatory authorities.
In 2014, NERC will continue to work toward addressing its FERC obligations, focusing on reduction of the
remaining 107 FERC directives and application of Paragraph 81 criteria in all formal development projects.
In February 2013, the Board adopted BAL-003-1 – Frequency Response and Frequency Bias Setting. The
standard sets a minimum Frequency Response obligation for each Balancing Authority, provides a uniform
calculation of Frequency Response and Frequency Bias Settings that transition to values closer to natural
frequency response, and encourages coordinated automatic generation control operation. The standard
addresses two FERC Order 693 directives on BAL-003.
In August 2013, the Board adopted PRC-025-1 – Generator Relay Loadability under Project 2010-13.2 – Phase
2 Relay Loadability. In three phases, Project 2010-13.2 addressed directives from FERC Order 733, which
directed NERC to address three areas of relay loadability that include modifications to the approved PRC-
023-1, development of a new standard to address generator protective relay loadability, and development of
another standard to address the operation of protective relays due to power swings. Phase 2 was focused on
the second directive, which called for the development of a new standard (PRC-025-1) to address generator
protective relay loadability. Completing Phase 2 required additional modifications to PRC-023-2, originally
developed under Phase 1 of the project. The Board adopted these changes in November 2013, resulting in
PRC-023-3 – Transmission Relay Loadability. Phase 3 will investigate the need to develop requirements that
address protective relay operations due to stable power swings.
In November 2013, the Board adopted Phase 2 of the project to revise the definition of Bulk Electric System
(BES). The definition is used to define assets that are material to the reliability of the interconnected
transmission network. The users, owners and operators of these assets are registered as entities responsible
for compliance with mandatory standards. The objective of revising the definition was to create a continent-
wide “bright-line” definition to replace the predecessor framework of regionally determined criteria for
determining which assets were in the scope of the BES. In Orders No. 773 and 773-A, issued on December
20, 2012, and April 18, 2013, FERC approved Phase 1 of the BES definition revisions and directed certain
modifications to the Phase 1 definition. The Board adoption and subsequent FERC filing of Phase 2 ensures
that FERC has adequate time to act on the Phase 2 definition prior to the July 1, 2014 effective date for the
Phase 1 definition.
Canada Collaboration
NERC enhanced outreach initiatives with Canada in 2013 in an effort to better communicate and collaborate
with Canadian stakeholders and regulators. An important step expanded the number of Canadian
stakeholders on NERC standard drafting teams. Associated with this effort, the Canadian Electric Association
conducted a workshop that gave an overview of province-specific frameworks that govern the adoption of
standards in the country to NERC Standards staff, which is important for the appropriate development of
effective reliability standards.
Throughout the year, NERC continued policy discussions with Canadian stakeholders at the utilities and the
provinces through forums including the Canadian Association of Members of Public Utility Tribunals and the
Federal-Provincial-Territorial Electricity Working Group. NERC also expanded its liaison with Canadian utilities
working with the Canadian Electric Association’s Working Regulatory Task Group.
Similarly, NERC’s Board has increased outreach to all Canadian regulators, who make an important
contribution to NERC’s overall mission. Going forward, NERC will continue to focus on outreach and
collaboration with Canadian regulators and stakeholders.
More than 230 organizations participated in NERC’s second grid security exercise, GridEx II, in November.
The biennial event, which began in 2011, brought together industry and government from the United
States, Canada and Mexico to work together on the response to a scenario that simulated a physical and
cybersecurity attack. The 2013 exercise incorporated recommendations detailed in the 2011 GridEx report,
and added an executive discussion after completion of the simulated scenario. The exercise allows industry
to:
• Exercise the current readiness of the electricity industry to respond to a security incident,
incorporating lessons learned.
• Review existing command, control and communication plans and tools for NERC and industry
stakeholders.
• Identify potential improvements in cybersecurity and physical security plans, programs and responder
skills.
• Explore senior leadership policy decisions and triggers in response to a coordinated cyber and physical
event of national significance with long-term grid reliability issues.
A report detailing lessons learned and recommendations from the 2013 exercise will be published in the first
quarter of 2014.
More than 325 industry and government stakeholders attended NERC’s annual grid security conference,
GridSecCon, in October 2013, which focused on physical and cybersecurity issues. Speakers at NERC’s third
conference focused on transformational, strategic and tactical approaches to securing systems. Specifically,
participants considered different information-sharing techniques; determined whether their organizations
were resilient through self-assessments; tested response activities through exercises; worked to ensure
that security is considered when building operations; and developed ways to enhance the workforce by
recruiting, training and retaining individuals who can address these and other issues. Additionally, almost 200
stakeholders attended credentialed training sessions in cyber and physical security. Each year the conference
strives to:
• Build on NERC’s mission to ensure the reliability of the North American bulk power system through
education and training.
• Discuss and provide solutions to emerging industrial control system security issues.
• Deliver expert analysis on social engineering and phishing attacks.
• Focus strategically on public-private partnerships.
• Provide an update on Electricity Sector-Information and Analysis Center and issue a call for increased
industry participation and communication.
In 2013, FERC approved CIP Version 5 (CIP-002-5 through CIP-011-1), which now categorizes cyber assets as
low-, medium- or high-impact assets, providing all bulk power system cyber assets with a level of protection
based on the impact the cyber assets have on the grid. As a result, utilities may transition from CIP Version 3
to CIP Version 5 without having to comply with CIP Version 4.
In response to FERC’s proposal to approve the implementation plan for CIP Version 5, NERC issued transition
guidance to assist utilities in the transition from CIP Version 3 to CIP Version 5. In addition to developing
transition guidance, NERC developed an Implementation Study to collect and evaluate relevant data utilities
regarding their experiences implementing CIP Version 5. The results of the Implementation Study will be
shared with industry in the form of guidance.
NERC selected a diverse mix of utilities for the Implementation Study based in part on willingness to
participate, past performance on the CIP Reliability Standards and expected relevance to the Implementation
Study’s goal. NERC and the Regional Entity do not conduct compliance monitoring activities or pursue
enforcement actions related to CIP Version 3 with respect to utilities participating in the Implementation
Study; however, NERC and the Regional Entity have ongoing oversight and review of implementation
activities over the course of the study period.
Once the Implementation Study is completed, NERC develops a report focused on the effectiveness of
meeting the CIP Version 5 requirements and the methods employed during implementation. These are the
primary goals:
• Identify potential challenges to implementing CIP Version 5 and help anticipate specific problem areas
and potential solutions to ease the transition process.
• Identify instances in which entities may not be able to maintain compliance with both CIP Version 3
and CIP Version 5 standards and inform NERC’s compliance and enforcement during the transition
period.
• Refine the compliance and enforcement mechanisms based on the final order approving Version
5 and resulting directives to be used in place of the “identify, access, correct” language, as well as
implementing any other changes the order directs.
• Incorporate the Reliability Assurance Initiative design, such as internal controls and risk assessment,
as it relates to CIP.
NERC will post the results of the Implementation Study throughout the transition period; however, NERC will
complete an interim report in 2014.
The ES-ISAC customer base grew substantially in 2013, more reporting from organizations and significantly
more information shared with industry. The ES-ISAC continued its strategic plan to enhance information
sharing and analysis capabilities. The ISAC participated in NERC’s grid security exercise, GridEx II, by staffing
the operations room during the simulated cyber and physical exercise.
The ES-ISAC also supported the NERC Crisis Action Plan, federal sector incident response coordination plan
and industry response plan, and the Department of Energy’s incident response survey project development.
These activities support greater coordination across industry and with the federal government for responding
to significant cybersecurity events.
ES-ISAC Portal
For much of the industry, the portal is the first and often primary interface with the ES-ISAC. It allows the
ES-ISAC to reach thousands of customers and hundreds of organizations across the industry and is the
mechanism to reach out to ES-ISAC staff with questions, concerns and security-related information. Last year
was the first full year the ES-ISAC maintained the web-based portal in support of information sharing. Much
effort has been focused on increasing the user base of the portal. Participation on the portal continues to
increase, which is attributed to industry’s increasing recognition of the value of the information supplied to
the portal and the ES-ISAC’s efforts to provide more information in a timely manner. As the ES-ISAC moves
into 2014, portal capability improvements consistent with NERC Critical Infrastructure Protection Committee
Information Sharing Task Force recommendations are underway, which will enhance the user experience and
provide a cross-sector information-sharing solution for improved analytic collaboration.
Briefings
In 2013, the ES-ISAC, the Department of Homeland Security, DOE and the FBI collaborated to host a series
of briefings focused on tactics and tools of emerging cyber threat actors. This campaign included a multi-city
tour across the United States and was developed following a NERC alert that detailed how common tools can
be used to infiltrate critical infrastructure networks and gain access to control system networks. The briefings
were designed to raise awareness within the control systems community to better protect the bulk power
system.
In the wake of the April 16, 2013 Metcalf substation incident in California, the ES-ISAC, FERC, DHS, DOE,
National Labs and selected major trade organizations began a physical security briefing series. The purpose is
to raise awareness of physical attack threats; increase local, regional and federal security partnerships; and
support mitigation efforts. The series kicked off in December 2013 and runs through the first quarter of 2014
in 13 locations across the United States and Canada.
In addition, the ES-ISAC, under direction from the Electricity Sub-sector Coordinating Council, is partnering
with Pacific Northwest National Laboratory to transition the Cybersecurity Risk Information Sharing Program
from a DOE pilot effort to an industry-driven effort in 2014. The partnership is working to deploy the
capability across 20 companies in 2014. This effort will not only support the cybersecurity programs of the
participating organizations, but also, through the ES-ISAC, enhance the industry’s cybersecurity efforts by
sharing CRISP information more broadly through portal posts and analytic products.
Efforts in 2014
As the ES-ISAC moves into 2014, focus continues on improving the quantity, quality and timeliness of
information provided to industry. Working with DOE, DHS and other government partners, the ES-ISAC
will maintain awareness of the security landscape, both cyber and physical, providing tactical and strategic
information to industry to better secure facilities and networks and ensure reliable delivery of electricity
across North America.
In August 2013, the NERC Board of Trustees approved a new Electricity Sub‐sector Coordinating Council
charter. This charter created a new ESCC, including new membership and bylaws.
The ESCC fosters and facilitates the development of policy-related initiatives to improve the reliability and
resilience of the electricity sector, including physical security and cybersecurity.
The new ESCC charter provides for a total of 30 chief executive officer‐level representatives, including
members of the ESCC Steering Committee. NERC’s CEO serves on the ESCC and its Steering Committee.
Originally, the ESCC was chaired by NERC’s CEO and consisted of a NERC Board member, five CEO-
level executives appointed by the Member Representatives Committee, the chair of the NERC Critical
Infrastructure Protection Committee and NERC’s director of Critical Infrastructure Protection.
The reasons for transitioning the ESCC were to:
• Formally recognize the significant increased CEO interest and participation on cybersecurity issues.
• Avoid having two CEO-level groups working in a common area.
• Focus industry association activities through an existing channel recognized by government agencies.
• Provide a unified industry framework upon which to build in response to president-issued orders and
directives, such as EO-13636 and PPD-21.
The new ESCC charter provides for continued collaboration of the ESCC with the ES-ISAC and DOE in
communicating with the electricity sector and enhancing the industry’s ability to prepare for and respond to
cyber and physical threats, vulnerabilities and incidents.
On February 13, 2013, the White House issued an Executive Order regarding critical infrastructure (EO
13636) cybersecurity and a corresponding Presidential Policy Directive on critical infrastructure security and
resilience (PPD-21).
The Department of Homeland Security led implementation activities and established eight working groups
to address different components of the Order and Policy. The working group activities all focused on
enhancing public-private partnerships, developing tools and best practices for sectors to use, and ultimately,
reducing risk to critical infrastructure sectors. For all of these efforts, NERC worked closely with industry
representatives and government partners to build new and improve upon existing cybersecurity-focused
ideas, processes and products.
FRCC
Florida Reliability Coordinating Council operates in peninsular Florida east of the Apalachicola River - within
the Eastern Interconnection.
Stacy Dochoda, president and chief executive officer
MRO
Midwest Reliability Organization covers roughly one million square miles spanning the Canadian provinces
of Saskatchewan and Manitoba, the states of Iowa, North Dakota, Minnesota and Nebraska, the majority of
the states of South Dakota and Wisconsin and portions of Illinois, Michigan and Montana. This cross-border
region includes a diverse set of organizations that are involved in the production and delivery of power to
more than 20 million people.
Daniel Skaar, president and chief executive officer
NPCC
Northeast Power Coordinating Council, Inc. includes New York and the six New England states, as well as
the Canadian provinces of Ontario, Québec and the Maritime provinces of New Brunswick and Nova Scotia.
Overall, NPCC covers an area of nearly 1.2 million square miles, populated by more than 55 million people.
Edward Schwerdt, president and chief executive officer
RF
ReliabilityFirst operates across 13 states and the District of Columbia – New Jersey, Delaware, Pennsylvania,
Maryland, West Virginia, Ohio, Indiana, lower Michigan and portions of upper Michigan, Wisconsin, Illinois,
Kentucky, Tennessee and Virginia.
Timothy Gallagher, president and chief executive officer
SERC
The SERC Reliability Corporation is a nonprofit corporation responsible for promoting and improving the
reliability, adequacy and critical infrastructure of the bulk power supply systems in all or portions of 16
central and southeastern states. Owners, operators and users in these states cover an area of approximately
560,000 square miles.
Scott Henry, president and chief executive officer
Texas RE
Texas Reliability Entity, Inc. is a non-profit corporation responsible for ensuring reliability of the bulk power
system in the Electric Reliability Council of Texas (ERCOT) region. The ERCOT region is located exclusively
within Texas and represents 85 percent of the state’s electricity load and 75 percent of the Texas land area.
W. Lane Lanford, president and chief executive officer
WECC
Western Electricity Coordinating Council’s territory extends from Canada to Mexico. It includes the
provinces of Alberta and British Columbia, the northern portion of Baja California, Mexico, and all or portions
of the 14 Western states between, which totals approximately 1.8 million square miles.
James B. Robb, chief executive officer
Over the past year, we worked with the leadership of the Member
Representatives Committee to redesign the structure of our meetings
to make them more efficient and to facilitate greater dialogue between
stakeholders and trustees. This new approach is working well and the Board
is committed to continuing to enhance the approach to work even better. We
value the input and participation of the MRC and the advice they offer to us.
Our increased focus on the international aspects of the ERO took a major
step forward in 2013 with the participation of Mexican and Canadian
stakeholders in our Board meetings, committee processes and grid security
exercise. Increased outreach to our Canadian regulators also has been
productive and will continue on an annual basis. Through this engagement,
NERC has increased the knowledge and awareness of what it means to be an
international ERO.
I also want to thank, on behalf of the trustees, the many volunteers who
serve on the Standing Committees that support the work of the organization,
particularly the Planning Committee, Operating Committee, Standards
Committee, Critical Infrastructure Protection Committee and Compliance and
Certification Committee, the Personnel Certification Governance Committee,
the Reliability Issues Steering Committee. The trustees appreciate the
important contributions that you make and thank you for the time, effort and
expertise you bring to our goal of assuring reliability.
Frederick W. Gorbet
Board of Trustees Chair