FERC

FERC Reaches Settlement with SCE on 2011 Blackout - October 21 - FERC announced its approval of a settlement between its Office of Enforcement, NERC, and Southern California Edison (SCE) regarding SCE's role in the September 2011 blackout across Southern California and Arizona.  SCE will pay a $650,000 penalty, with $125,000 paid directly to the US Treasury, $125,000 paid to NERC, and $400,000 used to fund WECC or Peak Reliability employees.  This settlement is the third for the incident, following approvals of settlements with Arizona Public Service and Imperial Irrigation District.

FERC and NERC Conduct Annual FFT Survey - October 21 - As a part of an annual survey to collect data on the effectiveness and efficiency of the Find, Fix, Track, and Report (FFT) program, FERC and NERC have issued data requests to Regional Reliability Entities including FRCC, MRO, SERC, and TRE requesting FFT-related information about a sample of possible violations resolved under the FFT program.

FERC Denies Rehearing of Geomagnetic Disturbance Operations Reliability Standard - October 16 - FERC issued an order denying rehearing of NERC Reliability Standard EOP-010-1, which governs Geomagnetic Disturbance Operations.  FERC rejected the arguments presented by the Foundation for Resilient Societies ("Foundation") on rehearing because many of the Foundation's arguments raised issues to be addressed in the second stage of the development of the Geomagnetic Disturbance Reliability Standards.  FERC acknowledged the Foundation's concerns regarding use of the best possible scientific data and noted the second stage of development will be based on at least "as much information as is currently known and available."

FERC Accepts NERC 2015 Business Plans and Budgets - October 16 - FERC accepted business plans and budgets for NERC and each of the NERC regional entities.  NERC proposed a 25.4% increase over its 2014 budget to enable it to participate in the Cyber Risk Information Sharing Program (CRISP), which aims to improve timely information sharing of cyber threat information to protect critical infrastructure. 

NERC

NERC Issues CIP Version 5 Implementation Study Report - October 29 - NERC has posted its Final Report on the Implementation Study for the CIP Version 5 Transition Program.  The Implementation Study involved six industry participants implementing elements of the Version 5 of the Critical Infrastruture Protection standards (CIP) on an accelerated time frame to help NERC understand the challenges entities may face transitioning from CIP Version 3 to CIP Version 5. NERC has also posted six related draft Lessons Learned and a CIP Version 5 Transition Lessons Learned and FAQ Coordination document on its CIP Version 5 Implementation page.

NERC Petitions for Approval of WECC Data Request Process - October 23 - NERC filed with FERC a petition for approval of WECC's data request process.  If approved, WECC staff would be able to issue mandatory requests for reliability information from owners, operators, and users of the bulk power system.

NERC Posts Risk-Based CMEP Documents for Version 5 of CIP Reliability Standards - October 22 - NERC has posted a guidance document regarding application of risk-based concepts in its Compliance Monitoring and Enforcement Program ("CMEP") to compliance monitoring and enforcement of the version 5 Critical Infrastructure Protection ("CIP") reliability standards.  This guidance document notes that NERC's migration to a risk-based strategy for compliance includes "a significant focus on cybersecurity and the CIP Version 5 Reliability Standards."  In the guidance document, NERC also provides a hypothetical example of application of a risk-based compliance monitoring approach to CIP Version 5.

NERC Submits Peak Reliability, Inc. 2015 Budget Revisions – October 14 – NERC submitted a revised 2015 Business Plan and Budget for Peak Reliability, Inc. (“Peak”) to reflect its October 8 agreement with the British Columbia Hydro and Power Authority resolving a disagreement over payment of assessments for 2014 and 2015.

Cybersecurity and Grid Security

DOE Releases Report on Unclassified Cybersecurity Program - October 22 - The Department of Energy (DOE) released the Office of Inspector General Evaluation Report of DOE’s Unclassified Cybersecurity Program. The report concludes that, while progress was made in correcting deficiencies of previous years, further issues must be addressed to ensure that systems and information are secure.  Among these issues are the exclusion of contractor systems data; deficiencies in the overall security management program; and weaknesses relating to patch management, system integrity of Web applications, logical access controls, and configuration management.  To remedy these issues, the report recommends that DOE develop milestone-based plans of action to identify and track progress on remediation efforts for the identified weaknesses.

NRECA Releases Cybersecurity Risk Mitigation Plan Development Guide - October 10 - The National Rural Electric Cooperative Association's (NRECA) announced the release of a Guide to Developing a Cyber Security and Risk Mitigation Plan, which was developed by NRECA's Cooperative Research Network (CRN) . Accompanying materials include a Cyber Security Risk Mitigation Checklist, a Cyber Security Plan Template, a list of Security Questions for Smart Grid Vendors, and an Interoperability and Cyber Security Plan.

Van Ness Feldman counsels, advises and trains a wide range of clients on reliability matters.  Please email usor call us at 202.298.1817 or 206.829.1814 for additional information.