Embed Size (px)
Citation preview
Reliable Power
Reliable Markets
Reliable People
Reliable Power
Reliable Markets
Reliable People
AESO Reliability Committee (ARC)
March 27, 2009
2
Agenda
• Action items – last meeting
– Status of Reliability Standards in BC
– Update of NERC’s BES definition / WECC interpretation
– AESO position on NERC ALERTS
• Standards Recommendations
• Compliance Workgroup report
• Discussion, Future Meeting Dates
3
Activities in British Columbia re Reliability Standards
• BC’s 2007 Energy Plan expressed Province’s commitment to implementing industry wide RS
• BCTC has consulted with stakeholders regarding such implementation
• Utilities Commission Act amended in 2008– BCTC to review NERC/WECC mandatory RS and provide the BCUC with a report
assessing the suitability of those standards for adoption in BC, any potential adverse impacts to reliability arising from such adoption, and cost of implementing those RS in BC
• BCTC preparing an Assessment Report covering 103 NERC/WECC RS as adopted by FERC as of December 31/08
– BCUC must publish the report for comment
• Unless BCUC makes a determination that a RS is not in the public interest, BCUC must adopt the RS addressed in the Assessment Report if the Commission considers the RSs are required to maintain or achieve consistency in BC with other jurisdictions that have adopted RS
– BCUC would hold a hearing in order to reject a RS, but not for approval
• BCUC is discussing with WECC the potential to engage WECC to assist the BCUC in carrying out various compliance activities. No such agreement has yet been reached.
4
Update to WECC interpretation of NERC BES Definition
• NERC BES Definition - As defined by the Regional Reliability Organization, the electrical generation resources, transmission lines, interconnections with neighboring systems, and associated equipment, generally operated at voltages of 100 kV or higher. Radial transmission facilities serving only load with one transmission source are generally not included in this definition.
• May 9, 2007 - WECC response to NERC request for a WECC Regional definition includes 9 criteria to clarify the word “generally” and awaits further direction.
• The 9 WECC criteria is intended to clarify facilities which are: – (i) above 100 kV but and should not be considered part of the bulk electric
system,
– (ii) below 100 kV and should be considered part of the bulk electric system, and
– (iii) radial transmission facilities serving only load that should be considered part of the bulk electric system.
• August 2008- WECC BOD directed the RPIC to re-examine WECC clarification
5
Update to WECC interpretation of NERC BES Definition
• Jan 29, 2009 – WECC update to NERC advises WECC BOD has not approved the WECC clarification, WECC compliance is not using WECC clarification, WECC does not use the clarification in execution of its duties.
• March 2009 – NERC files the WECC information with FERC and WECC initiates a BESDTF to develop language to clarify the NERC definition of BES using WECC the “Process for Developing and Approving WECC Standards” to the extent possible to ensure that the final work product undergoes sufficient due process.
• AESO intends to participate on the BESDTF and will inform ARC members
• Potential impact in Alberta – Protection and Control standards – RAS, requirements to analyze misoperations,
AGC systems
– Emergency Operating Procedures – application on 138kV / 144kV non-radial systems
– Personnel – operator training requirements for TFOs
– Transmission Planning Standards – potential to increase performance requirements
Reliable Power
Reliable Markets
Reliable People
Reliable Power
Reliable Markets
Reliable People
AESO Reliability Committee (ARC)
Security Workgroup (SWG) Update
Garry Spicer – Director, Security
2009 03 27
7
Agenda
• Security Work Group (SWG)
– SWG Status
– Security Work Group Terms of Reference – Updates
– Technical Feasibility Exceptions
– NERC Alerts
– Questions
8
SWG Status
• Past
– Have met once every month since Sept. 2008, except for:
• Dec. 2008 (did not meet); and
• Nov. 2008 (met twice).
– Have completed a draft of AB-CIP-001-1 (Sabotage Reporting)
• Have a definition for sabotage
• NERC doesn’t have this yet – has caused much confusion in U.S.
• Have included concepts from NERC’s rework of CIP-002 to 009
• E.g., must implement procedures, not just write them
• Have included links to Alberta specific items
• Provincial ASSIST
• AESO OPP 808
• Has been reviewed by AESO Compliance
9
SWG Status
• Present
– Draft of AB-CIP-001-1 has been sent to AESO Legal for review
– Have initiated review of NERC-CIP-002-1, Critical Cyber Asset Identification
• Working through approach to identifying critical assets
• Planned
– Aiming for AB-CIP-001-1 to be submitted for October 2009 AUC rules cycle (pending ARC approval)
– Aiming for AB-CIP-002-1 to be submitted for October 2009 AUC rules cycle (pending ARC approval)
10
SWG Terms of ReferenceUpdates
• Version 1.0.a– Security Work Group Key Parameters:
• The SWG will be assembled to review reliability standards pertaining to the security requirements of the Alberta Interconnected Electric System facilities and cyber assets and will be comprised of representation as required from: AESO, TFOs, GFOs, Wire Owners, PPA Owners, and Buyers.
• Needed to include Wire Owners, as some standards may apply to them
– Terms of Engagement:• A member or a representative of any work group will not be precluded from
participating in the AESO’s Rules process or ultimately participating in any related AUC proceeding.
• Item 7 – Error correction. AEUB had to be updated to AUC.
11
SWG Terms of ReferenceUpdates (cont’d)
– Appendix ‘A’ – ARC Work Groups – Security Work Group
• Included Jack Kelly as additional SWG alternate chair
– Appendix ‘A’ – ARC Work Groups – Compliance Monitoring Work Group
• Updated detail regarding Compliance Monitoring Work Group
12
Technical Feasibility Exceptions
• A ‘release valve’ for standards– Not valid in all cases: only where explicitly permitted
– Requests reviewed against criteria
• Not technically possible
• Cannot be achieved in time to be compliant
• Safety risks or issues that outweigh the reliability benefits
• Conflict with statutory or regulatory requirements
• Costs that far exceed the benefits
– Does not relieve obligation to comply!
• Authorizes departure from strict compliance
• Requires an alternate approach
• Limited duration
– Plan to implement as a separate Alberta Reliability Standard
13
NERC Alerts
• Background– “Aurora Vulnerability”
• Staged experimental cyber attack against an electric generator• March 2007 at U.S. DoE Idaho Lab
• Some conclusions controversial• Nonetheless – demonstrated that cyber security issues are real
• Concern expressed by U.S. government• Industry awareness and response not well coordinated
– Response by NERC Board of Trustees
• Approve five year strategic plan (November 2007)
• One of the ten goals for 2008: Critical Infrastructure Protection
• Improve the overall resiliency of the bulk power system to threats and vulnerabilities
14
NERC Alerts
• Actions taken by NERC as part of CIP Programme
– Hire a Chief Security Officer (Michael Assante)
– Ensure Rules of Procedure support CI Protection
– Coordinate with governmental agencies
– Assess preparedness of users, owners, and operators
– Partnership for Critical Infrastructure Security
– Improve tools and other support services
– Implement NERC Alerts Programme
15
NERC Alerts
• Ensure Rules of Procedure support CI Protection
– Section 810 – Information Exchange and Issuance of NERC Advisories, Recommendations, and Essential Actions
• Members of NERC and BPS owners, operators and users provide NERC with operating experience information and data
• NERC disseminates results of analysis, lessons learned, etc.
• NERC notifies industry through notice, analyses and recommendations
• NERC will notify FERC and governmental authorities
– Tools used to support Rule 810
• Emailed notices that alert users, owners, and operators of the bulk power system to potential reliability threats
• Eventually will move to email notification only – details will be retrieved from a secured website
16
NERC Alerts
• Implement NERC Alerts Programme
– Must register with NERC to receive alerts
• Must provide appropriate contact information
– May register as one of:
• Primary Send
• Must have daily coverage of the email address
• Must “respond” to alerts (sometimes within 24 hours)
• Informational Send
• Must have a Primary Send registered to get on this list
• Courtesy Copy
• Does not carry additional implications (e.g. coverage, response, etc.)
17
NERC Alerts
• Purpose– Event Analysis
• Single Events – findings
• Multiple Events – trends
• Generic Findings – equipment business practice problems
• Technical Findings – Potential for repeat problems discovered through technical analysis
– Support Critical Infrastructure Protection
• Examples:– US CERT Vulnerability Disclosure (e.g. Boreas and ABB alerts)
– Public Vulnerability Disclosure (e.g. RealWinSCADA advisory)
– The release of exploitation code or tools (e.g. GE Fanuc advisory)
– Release of malicious code
18
NERC Alerts
• There are three types / levels of NERC Alerts:
– Level 1: Advisory• Informational
• No Response required
• Provide findings and lessons learned
– Level 2: Recommendations to Industry• Specific to actions NERC is recommending to be taken
• Requires response with acknowledgement and response time
– Level 3: Essential Actions• Specific actions that must be taken by specific registered entities
• Requires response on actions taken and progress to resolve issues
19
NERC Alerts
• There are four confidentiality levels for alerts:– 1 – Green
• Public
• No restrictions on distribution
– 2 – Yellow
• Private
• Internal use and necessary consultants, third party providers
– 3 – Red
• Sensitive
• No external distribution
– 4 – Black
• Confidential
• Limited internal distribution
20
NERC Alerts
• AESO Position
– Registration for NERC Alerts is not mandatory for Alberta entities
• Entities includes owners, operators, and users
– Registration for NERC Alerts is suggested for Alberta entities
• Register under the courtesy copy option
• Avoid potential violations, conflicts, and confusion associated with reporting requirements under other options
• AESO has registered under the Courtesy Copy option
– Caution is warranted regarding reporting requirements
• Reporting security matters to authorities outside of Alberta / Canada
• May conflict with legislation and other agreements
• AESO is seeking guidance from Alberta DoE; PSCan; CEA; and ASSIST
21
Questions, Feedback, Re-direction?
• Additional questions or concerns, please contact:
– Garry Spicer, Director Security, AESO
• (403-539-2633)
22
Standards Recommendations
• 36 in total for this ISO Rules cycle (July)
• 3 are applicable to Market Participants
– INT-001-3 – Pool Participants who arrange interchange transactions on interties
– FAC-501-WECC-1 - TFOs who maintain WECC Major Paths
– PRC-021-1 – TFOs, WOs, transmission end use connected customers and owners of industrial systems that own UVLS
• 13 are applicable to the AESO
• 24 are recommended to be rejected for application in Alberta
– not applicable to an Alberta entity, or
– INT-004-2 – applies to Pool Participants however, dynamic scheduling is not available in Alberta at this time.
Reliable Power
Reliable Markets
Reliable People
Reliable Power
Reliable Markets
Reliable People
AESO Reliability Committee (ARC)
Compliance Work Group (CWG) Update
Pavel Bardos – Manager, Compliance
March 27, 2009
24
CWG – Update
• CWG has completed the work assigned to the group
– held 10 meetings in 2008 and delivered a program; identified problem areas; and resolved or referred issues
– Workgroup has not met in 2009, but will reconvene as issues are brought forward; plan is for quarterly meetings
• CWG worked to complete…
– Compliance Monitoring Program (CMP)” document
• Posted publicly – AESO website in Feb 6, 2009
• Provided to ARC for information here
– Finalized “Registration Guideline”
• AESO will hold a future ‘workshop’ to introduce this process to industry, before registration begins
• Target - posting of document on AESO web page and workshop late Q2
25
CMP Document Highlights
The CMP document describes the tools and processes which will be utilized in monitoring of market participants compliance with reliability
standards: 1.Compliance Monitoring Audit
a. Table Top Audit (with on site visit option)
b. Spot Check Audits
2.Self-Certification
3.Self-Reporting
4.Exception Reporting
5.Periodic Reporting
26
Registration Guideline Highlights
• The Registration guideline is not a ISO rule
• In order for the AESO to carry out its compliance monitoring function it is important identify market participants with material impact on reliability of the AIES.
• Additionally it is important for market participants to understand which reliability standards are applicable them.
• The relationship between reliability standards and market participants is derived through registration of market participants for functional entities as defined in Alberta Functional Model. Currently there is no existing process that captures this relationship. The following pictogram shows graphically how registration will accommodate identification of this relationship.
Reliability Standard - Applicability Section
- Functional Entities
Alberta Functional Model
Functional Entities
Market Participants
Registration
27
Registration Guideline Highlights
• The AESO will maintain functional definitions in Alberta Functional Model
• The AESO will assign Applicability of a Reliability Standard to appropriate Functional Entities
• Registration of a Market Participant to a Functional Entity a) Initial (roll-out) registration stage: The AESO will create on best-effort basis a list of market
participants with their affiliation to the functional entities and communicate this list to the participants. In return will ask participants to confirm or dispute assigned affiliation and provide compliance contacts.
b) Post-Initial registration stage
• Reliability Standards Exemption Registration Process• Based on assigned applicability the AESO will describe eligibility conditions for granting an
exemption.
• Dispute Resolution Process will be used to decide any disputes related to registration or exemption
• The AESO will maintain the Reliability Standards Registry on its web page.
28
Next Steps
We will schedule CWG quarterly meetings to discuss key issues related to compliance and the implementation of the programs. In the coming months will be focused on establishing and operationalizing compliance monitoring processes
Registration of Market Participants:
• Stakeholder communications rollout at end of 2Q.
• Should start the registration process by June 2009.
• All entities registered by end of 3Q09.
