AESO Reliability Committee ARC

1
AESO Reliability Committee (ARC)

• March 27, 2009

2
Agenda

• Action items last meeting
• Status of Reliability Standards in BC
• Update of NERCs BES definition / WECC
  interpretation
• AESO position on NERC ALERTS
• Standards Recommendations
• Compliance Workgroup report
• Discussion, Future Meeting Dates

3
Activities in British Columbia re Reliability
Standards

• BCs 2007 Energy Plan expressed Provinces
  commitment to implementing industry wide RS
• BCTC has consulted with stakeholders regarding
  such implementation
• Utilities Commission Act amended in 2008
• BCTC to review NERC/WECC mandatory RS and provide
  the BCUC with a report assessing the suitability
  of those standards for adoption in BC, any
  potential adverse impacts to reliability arising
  from such adoption, and cost of implementing
  those RS in BC
• BCTC preparing an Assessment Report covering 103
  NERC/WECC RS as adopted by FERC as of December
  31/08
• BCUC must publish the report for comment
• Unless BCUC makes a determination that a RS is
  not in the public interest, BCUC must adopt the
  RS addressed in the Assessment Report if the
  Commission considers the RSs are required to
  maintain or achieve consistency in BC with other
  jurisdictions that have adopted RS
• BCUC would hold a hearing in order to reject a
  RS, but not for approval
• BCUC is discussing with WECC the potential to
  engage WECC to assist the BCUC in carrying out
  various compliance activities. No such agreement
  has yet been reached.

4
Update to WECC interpretation of NERC BES
Definition

• NERC BES Definition - As defined by the Regional
  Reliability Organization, the electrical
  generation resources, transmission lines,
  interconnections with neighboring systems, and
  associated equipment, generally operated at
  voltages of 100 kV or higher. Radial transmission
  facilities serving only load with one
  transmission source are generally not included in
  this definition.
• May 9, 2007 - WECC response to NERC request for
  a WECC Regional definition includes 9 criteria to
  clarify the word generally and awaits further
  direction.
• The 9 WECC criteria is intended to clarify
  facilities which are
• (i) above 100 kV but and should not be considered
  part of the bulk electric system,
• (ii) below 100 kV and should be considered part
  of the bulk electric system, and
• (iii) radial transmission facilities serving only
  load that should be considered part of the bulk
  electric system.
• August 2008- WECC BOD directed the RPIC to
  re-examine WECC clarification

5
Update to WECC interpretation of NERC BES
Definition

• Jan 29, 2009 WECC update to NERC advises WECC
  BOD has not approved the WECC clarification, WECC
  compliance is not using WECC clarification, WECC
  does not use the clarification in execution of
  its duties.
• March 2009 NERC files the WECC information with
  FERC and WECC initiates a BESDTF to develop
  language to clarify the NERC definition of BES
  using WECC the Process for Developing and
  Approving WECC Standards to the extent possible
  to ensure that the final work product undergoes
  sufficient due process.
• AESO intends to participate on the BESDTF and
  will inform ARC members
• Potential impact in Alberta
• Protection and Control standards RAS,
  requirements to analyze misoperations, AGC
  systems
• Emergency Operating Procedures application on
  138kV / 144kV non-radial systems
• Personnel operator training requirements for
  TFOs
• Transmission Planning Standards potential to
  increase performance requirements

6
AESO Reliability Committee (ARC)

• Security Workgroup (SWG) Update
• Garry Spicer Director, Security
• 2009 03 27

7
Agenda

• Security Work Group (SWG)
• SWG Status
• Security Work Group Terms of Reference Updates
• Technical Feasibility Exceptions
• NERC Alerts
• Questions

8
SWG Status

• Past
• Have met once every month since Sept. 2008,
  except for
• Dec. 2008 (did not meet) and
• Nov. 2008 (met twice).
• Have completed a draft of AB-CIP-001-1 (Sabotage
  Reporting)
• Have a definition for sabotage
• NERC doesnt have this yet has caused much
  confusion in U.S.
• Have included concepts from NERCs rework of
  CIP-002 to 009
• E.g., must implement procedures, not just write
  them
• Have included links to Alberta specific items
• Provincial ASSIST
• AESO OPP 808
• Has been reviewed by AESO Compliance

9
SWG Status

• Present
• Draft of AB-CIP-001-1 has been sent to AESO Legal
  for review
• Have initiated review of NERC-CIP-002-1, Critical
  Cyber Asset Identification
• Working through approach to identifying critical
  assets
• Planned
• Aiming for AB-CIP-001-1 to be submitted for
  October 2009 AUC rules cycle (pending ARC
  approval)
• Aiming for AB-CIP-002-1 to be submitted for
  October 2009 AUC rules cycle (pending ARC
  approval)

10
SWG Terms of ReferenceUpdates

• Version 1.0.a
• Security Work Group Key Parameters
• The SWG will be assembled to review reliability
  standards pertaining to the security requirements
  of the Alberta Interconnected Electric System
  facilities and cyber assets and will be comprised
  of representation as required from AESO, TFOs,
  GFOs, Wire Owners, PPA Owners, and Buyers.
• Needed to include Wire Owners, as some standards
  may apply to them
• Terms of Engagement
• A member or a representative of any work group
  will not be precluded from participating in the
  AESOs Rules process or ultimately participating
  in any related AUC proceeding.
• Item 7 Error correction. AEUB had to be
  updated to AUC.

11
SWG Terms of ReferenceUpdates (contd)

• Appendix A ARC Work Groups Security Work
  Group
• Included Jack Kelly as additional SWG alternate
  chair
• Appendix A ARC Work Groups Compliance
  Monitoring Work Group
• Updated detail regarding Compliance Monitoring
  Work Group

12
Technical Feasibility Exceptions

• A release valve for standards
• Not valid in all cases only where explicitly
  permitted
• Requests reviewed against criteria
• Not technically possible
• Cannot be achieved in time to be compliant
• Safety risks or issues that outweigh the
  reliability benefits
• Conflict with statutory or regulatory
  requirements
• Costs that far exceed the benefits
• Does not relieve obligation to comply!
• Authorizes departure from strict compliance
• Requires an alternate approach
• Limited duration
• Plan to implement as a separate Alberta
  Reliability Standard

13
NERC Alerts

• Background
• Aurora Vulnerability
• Staged experimental cyber attack against an
  electric generator
• March 2007 at U.S. DoE Idaho Lab
• Some conclusions controversial
• Nonetheless demonstrated that cyber security
  issues are real
• Concern expressed by U.S. government
• Industry awareness and response not well
  coordinated
• Response by NERC Board of Trustees
• Approve five year strategic plan (November 2007)
• One of the ten goals for 2008 Critical
  Infrastructure Protection
• Improve the overall resiliency of the bulk power
  system to threats and vulnerabilities

14
NERC Alerts

• Actions taken by NERC as part of CIP Programme
• Hire a Chief Security Officer (Michael Assante)
• Ensure Rules of Procedure support CI Protection
• Coordinate with governmental agencies
• Assess preparedness of users, owners, and
  operators
• Partnership for Critical Infrastructure Security
• Improve tools and other support services
• Implement NERC Alerts Programme

15
NERC Alerts

• Ensure Rules of Procedure support CI Protection
• Section 810 Information Exchange and Issuance
  of NERC Advisories, Recommendations, and
  Essential Actions
• Members of NERC and BPS owners, operators and
  users provide NERC with operating experience
  information and data
• NERC disseminates results of analysis, lessons
  learned, etc.
• NERC notifies industry through notice, analyses
  and recommendations
• NERC will notify FERC and governmental
  authorities
• Tools used to support Rule 810
• Emailed notices that alert users, owners, and
  operators of the bulk power system to potential
  reliability threats
• Eventually will move to email notification only
  details will be retrieved from a secured website

16
NERC Alerts

• Implement NERC Alerts Programme
• Must register with NERC to receive alerts
• Must provide appropriate contact information
• May register as one of
• Primary Send
• Must have daily coverage of the email address
• Must respond to alerts (sometimes within 24
  hours)
• Informational Send
• Must have a Primary Send registered to get on
  this list
• Courtesy Copy
• Does not carry additional implications (e.g.
  coverage, response, etc.)

17
NERC Alerts

• Purpose
• Event Analysis
• Single Events findings
• Multiple Events trends
• Generic Findings equipment business practice
  problems
• Technical Findings Potential for repeat
  problems discovered through technical analysis
• Support Critical Infrastructure Protection
• Examples
• US CERT Vulnerability Disclosure (e.g. Boreas and
  ABB alerts)
• Public Vulnerability Disclosure (e.g.
  RealWinSCADA advisory)
• The release of exploitation code or tools (e.g.
  GE Fanuc advisory)
• Release of malicious code

18
NERC Alerts

• There are three types / levels of NERC Alerts
• Level 1 Advisory
• Informational
• No Response required
• Provide findings and lessons learned
• Level 2 Recommendations to Industry
• Specific to actions NERC is recommending to be
  taken
• Requires response with acknowledgement and
  response time
• Level 3 Essential Actions
• Specific actions that must be taken by specific
  registered entities
• Requires response on actions taken and progress
  to resolve issues

19
NERC Alerts

• There are four confidentiality levels for alerts
• 1 Green
• Public
• No restrictions on distribution
• 2 Yellow
• Private
• Internal use and necessary consultants, third
  party providers
• 3 Red
• Sensitive
• No external distribution
• 4 Black
• Confidential
• Limited internal distribution

20
NERC Alerts

• AESO Position
• Registration for NERC Alerts is not mandatory for
  Alberta entities
• Entities includes owners, operators, and users
• Registration for NERC Alerts is suggested for
  Alberta entities
• Register under the courtesy copy option
• Avoid potential violations, conflicts, and
  confusion associated with reporting requirements
  under other options
• AESO has registered under the Courtesy Copy
  option
• Caution is warranted regarding reporting
  requirements
• Reporting security matters to authorities outside
  of Alberta / Canada
• May conflict with legislation and other
  agreements
• AESO is seeking guidance from Alberta DoE PSCan
  CEA and ASSIST

21
Questions, Feedback, Re-direction?

• Additional questions or concerns, please contact
• Garry Spicer, Director Security, AESO
• Garry.Spicer_at_aeso.ca
• (403-539-2633)

22
Standards Recommendations

• 36 in total for this ISO Rules cycle (July)
• 3 are applicable to Market Participants
• INT-001-3 Pool Participants who arrange
  interchange transactions on interties
• FAC-501-WECC-1 - TFOs who maintain WECC Major
  Paths
• PRC-021-1 TFOs, WOs, transmission end use
  connected customers and owners of industrial
  systems that own UVLS
• 13 are applicable to the AESO
• 24 are recommended to be rejected for application
  in Alberta
• not applicable to an Alberta entity, or
• INT-004-2 applies to Pool Participants however,
  dynamic scheduling is not available in Alberta at
  this time.

23
AESO Reliability Committee (ARC)

• Compliance Work Group (CWG) Update
• Pavel Bardos Manager, Compliance
• March 27, 2009

24
CWG Update

• CWG has completed the work assigned to the group
• held 10 meetings in 2008 and delivered a program
  identified problem areas and resolved or
  referred issues
• Workgroup has not met in 2009, but will reconvene
  as issues are brought forward plan is for
  quarterly meetings
• CWG worked to complete
• Compliance Monitoring Program (CMP) document
• Posted publicly AESO website in Feb 6, 2009
• Provided to ARC for information here
• Finalized Registration Guideline
• AESO will hold a future workshop to introduce
  this process to industry, before registration
  begins
• Target - posting of document on AESO web page and
  workshop late Q2

25
CMP Document Highlights

• The CMP document describes the tools and
  processes which will be utilized in monitoring of
  market participants compliance with reliability
  standards
• Compliance Monitoring Audit
• Table Top Audit (with on site visit option)
• Spot Check Audits
• Self-Certification
• Self-Reporting
• Exception Reporting
• Periodic Reporting

26
Registration Guideline Highlights

• The Registration guideline is not a ISO rule
• In order for the AESO to carry out its compliance
  monitoring function it is important identify
  market participants with material impact on
  reliability of the AIES.
• Additionally it is important for market
  participants to understand which reliability
  standards are applicable them.
• The relationship between reliability standards
  and market participants is derived through
  registration of market participants for
  functional entities as defined in Alberta
  Functional Model. Currently there is no existing
  process that captures this relationship. The
  following pictogram shows graphically how
  registration will accommodate identification of
  this relationship.

27
Registration Guideline Highlights

• The AESO will maintain functional definitions in
  Alberta Functional Model
• The AESO will assign Applicability of a
  Reliability Standard to appropriate Functional
  Entities
• Registration of a Market Participant to a
  Functional Entity
• a) Initial (roll-out) registration stage The
  AESO will create on best-effort basis a list of
  market participants with their affiliation to the
  functional entities and communicate this list to
  the participants. In return will ask participants
  to confirm or dispute assigned affiliation and
  provide compliance contacts.
• b) Post-Initial registration stage
• Reliability Standards Exemption Registration
  Process
• Based on assigned applicability the AESO will
  describe eligibility conditions for granting an
  exemption.
• Dispute Resolution Process will be used to decide
  any disputes related to registration or exemption
• The AESO will maintain the Reliability Standards
  Registry on its web page.

28
Next Steps

• We will schedule CWG quarterly meetings to
  discuss key issues related to compliance and the
  implementation of the programs. In the coming
  months will be focused on establishing and
  operationalizing compliance monitoring processes
• Registration of Market Participants
• Stakeholder communications rollout at end of 2Q. 
  
• Should start the registration process by June
  2009. 
• All entities registered by end of 3Q09.