Compliance

CMEP Technology Project Reaches Milestone with ERO-wide Software

Agreement

Updates to Compliance Guidance Documents

ERO Enterprise Program Alignment Process Resources Updated

2018 ERO Effectiveness Survey Launches

Reliability Risk Management

Lessons Learned Posted

Supporting Materials for Level 2 NERC Alert Posted

Standards

Webinar Resources Posted

Resources from Supply Chain Small Group Advisory Sessions Posted

Nomination Period Open for Standards Committee Special

Election Segment 2

Upcoming Events

Regional Entity Events

Filings | Careers

Executive Management Spotlight – Tim Roxey Registration Open for GridSecCon 2018 Registration for NERC’s eighth annual grid security conference is now open. The Electricity Information Sharing and Analysis Center (E-ISAC) and the Western Electricity Coordinating Council are hosting the event October 16–19 in Las Vegas. GridSecCon brings together cyber and physical security experts from industry and government to share emerging security trends, policy advancements and lessons learned related to the electricity industry. NERC held its first GridSecCon in New Orleans in October 2011, and the event has rotated through the NERC Regional Entities across North America. This year’s conference will provide another focal point in the industry–government partnership to develop the tools and training that continually strengthen grid security across North America. GridSecCon is one way that NERC’s E-ISAC collaborates with industry and government partners to protect our shared critical infrastructure.

Success in the dynamic risk environment requires the E-ISAC, industry and government to share information — including actionable intelligence —effectively and take all available opportunities to educate the public about the reality of the cyber and physical security of the grid. GridSecCon is a great example of NERC’s comprehensive risk-based approach to grid security for addressing constantly changing risks. For questions about GridSecCon 2018, please contact events@eisac.com. Tim Roxey is vice president, chief E-ISAC

operations officer and interim chief security officer. ■■■

Headlines ERO Enterprise Leaders Address Reliability, Resiliency at FERC Technical Conference Statement on the July FERC Open Meeting WECC Board Names Melanie M. Frye as New President and CEO Cummings Named to DOE Advisory Committee

NERC News July 2018

Inside This Issue

NERC News | July 2018 2

Headlines ERO Enterprise Leaders Address Reliability, Resiliency at FERC Technical Conference The Federal Energy Regulatory Commission hosted its annual technical conference on policy issues related to the reliability of the bulk power system on Tuesday, July 31. The conference, which was open to the public, began at 9 a.m. Eastern at FERC's headquarters.

The daylong conference was organized into four panels: The Changing ERO Enterprise, Standards, and Reliability; Advancing Reliability and Resilience of the Grid; Managing the New Grid; and Addressing the Evolving Cybersecurity Threat.

ERO Enterprise panelists included:

Jim Robb, president and chief executive officer, NERC – Panel I

Tim Gallagher, president and chief executive officer, ReliabilityFirst – Panel I

Mark Lauby, senior vice president and chief reliability officer, NERC – Panel II

John Moura, director of Reliability Assessment and System Analysis, NERC – Panel III

Bill Lawrence, director of the Electricity Information Sharing and Analysis Center, NERC – Panel IV

Statement on the July FERC Open Meeting FERC took action on several key reliability items at its July 19 opening meeting, including issuing a final rule on Critical Infrastructure Protection (CIP) Reliability Standards and an order on Rules of Procedure revisions.

FERC issued a final rule directing modifications to the CIP Reliability Standards to improve mandatory reporting of cyber security incidents, including attempts that might facilitate subsequent efforts to harm reliable operation of the nation's bulk power system. FERC directed NERC to submit the modifications within six months of the effective date of the final rule.

FERC also issued an order approving, in part, and denying, in part, proposed revisions to NERC's Rules of Procedure Sections 600 (Personnel Certification) and 900

(Training and Education). Specifically, the order directs NERC to restore sections 603, 604, and 605 that NERC proposed for deletion. These provisions pertain to (1) procedures for suspension of an operator's certification (section 603); (2) dispute resolution process (section 604); and (3) disciplinary action (section 605). The order determines that these provisions are not "programmatic detail" that can be transferred to NERC manuals but, rather, are substantive provisions that should remain in the NERC Rules of Procedure.

NERC appreciates FERC's action and will continue working with FERC and stakeholders toward assuring the reliability of the North American bulk power system.

FERC Press Release | Statement from Commissioner Chatterjee

WECC Board Names Melanie M. Frye as New President and CEO The Western Electricity Coordinating Council (WECC) Board of Directors announced the selection of Melanie M. Frye as WECC’s new president and chief executive officer, effective July 16. Frye joined WECC in 2007 and most recently served as WECC’s vice president of Reliability Planning and Performance Analysis. The CEO vacancy was a result of past President and CEO Jim Robb stepping down to assume the role of president and CEO for the North American Electric Reliability Corporation. WECC Announcement

Cummings Named to DOE Advisory Committee Bob Cummings, NERC’s senior director of Engineering and Reliability Initiatives, was appointed to the Department of Energy’s Electricity Advisory Committee and joined its Energy Storage and Smart Grid subcommittees. The mission of the Electricity Advisory Committee is to provide advice to DOE for implementing the Energy Policy Act of 2005, executing the Energy Independence and Security Act of 2007, and modernizing the nation’s electricity delivery infrastructure.

The goals of the Electricity Advisory Committee are to advise DOE on:

Coordination with states and industry on electric reliability;

NERC News | July 2018 3

Coordination with federal agencies, state governments and industry for responding to emergencies affecting the reliability of the bulk power system and distribution system;

Future regional and national generation, transmission and distribution issues related to the capacity of the grid; and

Electricity policy issues.

In addition, the Electricity Advisory Committee reviews and makes recommendations to DOE on its electricity programs and initiatives. Electricity Advisory Committee meetings are public and take place regularly at DOE. Meetings are noticed in the Federal Register and then posted to DOE’s website. DOE Electricity Advisory

Committee webpage ■■■

Compliance

CMEP Technology Project Reaches Milestone with ERO-wide Software Agreement The CMEP Technology Project team reached a major milestone in June with the signing of an ERO Enterprise-wide, eight-year software licensing agreement with Nasdaq/BWise. The BWise Governance, Risk and Compliance (GRC) product was selected in February 2018 after a months-long extensive request for proposal process that included input from NERC business leaders and Information Technology staff, the CMEP Technology Steering Committee and the ERO Technology Leadership Team. This agreement provides unlimited licensing for NERC, the Regions and registered entities and aligns with the financial forecast outlined in the Board-approved business case. Since signing the agreement, a detailed project schedule for 2018 that outlines major milestones and activities, including software design, development, and testing resources has been created. The first release, scheduled for 2019, will include functionality for self-reports and self-logging, enforcement and mitigation. Future releases will take place in 2020 to deploy functionality in other CMEP areas. The project team includes a large number of regional subject matter experts working with NERC to formulate

the detailed requirements and design elements for each release and ensure that common processes are implemented for regional consistency. As these elements are documented, the project team will collect input and feedback from the CMEP Steering Committee and the Compliance and Certification Committee’s Alignment Working Group (AWG). Additional stakeholder feedback is welcome, and can be submitted via the regional steering committee members or the AWG. The next meeting of the AWG is September 18, at which time the project team will facilitate a review of design elements that impact the registered entities. In addition to timeline progress, a Communications and Change Management team was formed to begin extensive outreach through many outlets, including NERC News and the regional fall compliance workshops. The communications team consists of membership from the NERC and regional communications resources. Additional information about the project can be found on the CMEP Technology Project page on NERC.com.

Updates to Compliance Guidance Documents A key factor in the success of compliance monitoring and enforcement of mandatory standards rests on a common understanding among industry and ERO Enterprise CMEP staff of how compliance can be achieved and demonstrated. For many standards, this is straightforward. For others, a variety of approaches may achieve the same objective. Implementation Guidance provides examples for implementing a standard. CMEP Practice Guides provide direction to ERO Enterprise CMEP staff on approaches to carry out compliance monitoring and enforcement activities. New and updated implementation guidance documents and a new practice guide have been posted on the Compliance Guidance web page. The Implementation Guidance Under Consideration or Development Tracking spreadsheet has been updated, with the cooperation of the Pre-Qualified Organizations, to reflect Implementation Guidance that is currently under development or being considered for future development. The purpose of this spreadsheet is to provide pre-qualified organizations a means to share information on Implementation Guidance development

NERC News | July 2018 4

in order to prevent duplicative work and to foster collaboration, as appropriate. One new proposed Implementation Guidance document has been posted:

CIP-013-1, R1, R2 – Supply Chain Management One new CMEP Practice Guide was also posted. This CMEP Practice Guide addresses how ERO Enterprise CMEP staff will assess a registered entity’s “redundant and diversely routed data exchange infrastructure” and “redundant functionality” with TOP-001-4 and IRO-002-5.

ERO Enterprise Program Alignment Process Resources Updated The ERO Enterprise Program Alignment Process is intended to enhance efforts to identify, prioritize and resolve alignment issues across the ERO Enterprise. This is a repeatable, transparent process that registered entities (or other relevant industry stakeholders) may use to report any perceived inconsistency in the approach, methods or practices implemented and executed by the Regional Entities. Using this process, NERC captures identified issues from the various resources in a centralized repository. NERC classifies the issues through an initial screening process to ensure the appropriateness for this process, and then works with Regional Entities and stakeholders to analyze the issues and determine the scope and material impact. The ERO Enterprise develops recommendations and determines the priority of the activities taking into consideration all ERO Enterprise efforts. Finally, NERC posts the issue along with the recommendations/results in the Issues and Recommendations Tracking document and provides status updates on its activities. On July 20, 2018, the Issues and Recommendations Tracking spreadsheet was updated.

2018 ERO Effectiveness Survey Launches Primary compliance contacts, registered users of the E-ISAC and NERC contacts should have received an email from TalentQuest inviting them to participate in the 2018 ERO Enterprise Effectiveness Survey.

The ERO Enterprise Effectiveness Survey was issued to help measure the effectiveness of NERC and the Regional Entities (collectively, the ERO Enterprise) in executing program activities. The email also included a link to a summary of the actions taken in response to the May 2016 survey results, as well as a link to a Word version of the survey for internal coordination. All responses must be submitted through the online survey provided in the TalentQuest email. If you have any questions or if you did not receive the email from TalentQuest (please check your spam/junk folders),

please contact surveyadmin@talentquest.com. ■■■

Reliability Risk Management Lessons Learned Posted NERC published two new Lessons Learned under the Event Analysis – Lessons Learned tab on NERC.com. The Risk of Internet Accessible Cyber Assets Lessons Learned addresses an incident in which an electronic access point connected to the internet from a low-impact facility for remotely accessing a capacitor bank was compromised by unauthorized internet users for seven months prior to discovery. This lesson is of primary interest to transmission owners, transmission operators, generator owners, generator operators and distribution providers. The Preparing Circuit Breakers for Operation in Cold Weather Lessons Learned addresses an incident in which, after two sequential line faults, an entire substation and a 1,150 MW nuclear plant tripped off-line due to consecutive breaker failures during cold weather (4°F). This lesson is of primary interest to transmission owners, transmission operators, generator owners and generator operators. A successful Lessons Learned document clearly identifies the lesson, contains sufficient information to understand the issues, visibly identifies the difference between the actual outcome and the desired outcome and includes an accurate sequence of events, when it provides clarity.

NERC News | July 2018 5

Supporting Materials for Level 2 NERC Alert Posted NERC issued a Level 2 Alert titled “Loss of Solar Resources during Transmission Disturbances due to Inverter Settings – II” on May 1, 2018. Some of the recommendations in that alert address modeling of existing and proposed settings of solar photovoltaic resources connected to the bulk power system. The U.S. Department of Energy Solar Energy Technologies Office, working with Sandia National Laboratory and NERC, developed supporting materials related to dynamic modeling of bulk power system-connected inverter-based resources. The presentation includes educational material focused on model aspects, particularly around modeling momentary cessation for representing existing settings and for representing proposed changes where momentary cessation cannot be eliminated. The streaming webinar includes audio on each slide to help the user maneuver through the presentation. This material is intended to help generator owners and generator operators in their model development to capture existing and updated inverter-based resource controls. The recommendations focus on accurately modeling the existing performance (which, in most cases, includes momentary cessation) and then improving performance by eliminating momentary cessation. Click here for Supporting Material – Modeling Notification and here for Canyon 2 Fire Disturbance Report. ■■■

Standards Webinar Resources Posted NERC posted the slide presentation and streaming webinar for the June 29, 2018 Virtualization, Technology Innovation and the NERC CIP Standards webinar.

Resources from Supply Chain Small Group Advisory Sessions Posted NERC hosted small group advisory meetings with

registered entities, standards developers and Regional

Entities to assess the implementation of the CIP Supply

Chain Standards:

CIP-013-1 (Cyber Security – Supply Chain Risk Management)

CIP-005-6 (Cyber Security – Electronic Security Perimeter(s))

CIP-010-3 (Cyber Security – Configuration Change Management and Vulnerability Assessments)

The event consisted of two parts:

General Sessions and Live Webinar: On March

14, 2018 from 1:00–3:00 p.m. a general interest

session, including industry speakers and NERC

staff, was held to discuss supply chain issues and

solutions.

One-on-One Sessions: Closed one-on-one

discussions were held between registered

entities’ supply chain security experts and ERO

Enterprise staff about concerns pertinent to

each entity’s implementation of the Supply

Chain Standards.

NERC posted responses to frequently asked questions

from registered entities as they prepare for

implementation of the proposed CIP Supply Chain

Standards.

Nomination Period Open for Standards Committee Special Election Segment 2 Segment 2, Regional Transmission Organizations (RTOs) and Independent System Operators (ISOs), currently has a vacancy for the Standards Committee (SC) 2018–2019 term. Nominations are being accepted through August 13, 2018 in preparation for a special election for Segment 2 to fill the remainder of the term. Registered Ballot Body members and others interested in NERC Reliability Standards are encouraged to submit nominations for industry segment representatives on the SC. Reliability Standards are mandatory for all bulk power system owners, operators and users in North America, and the SC’s oversight role is therefore increasingly important. The SC consists of two members from each of the ten Industry Segments that make up the Registered Ballot Body. In addition, Appendix 3B of the Rules of Procedure contains special provisions to be used to achieve a balance of representation between the

NERC News | July 2018 6

United States and Canada. The SC is elected by industry stakeholders and reports directly to the NERC Board of Trustees. The SC meets up to twelve times each year, with four face-to-face meetings and the remainder by conference call. The Standards Committee Charter provides a description of the SC’s responsibilities. To be eligible for nomination, a nominee shall be an employee or agent of an entity registered in the applicable Segment. To allow verification of affiliation, a nominee must be a registered user in the NERC Registered Ballot Body. It is not required that the nominee be the same person as the entity’s Registered Ballot Body representative for that Segment. Instructions are provided in the Election of Members of the NERC Standards Committee Procedure and nomination forms are posted on the Standards Committee Election web page. First, submit the nominee’s name and requested fields using the nomination form. Next, email the completed Word version of the SC nomination form to Linda Jenkins no later than August 13, 2018. Once received, nominations will be posted on the SC’s Nominations and Election web page. The special election will be conducted August 20 to August 30, 2018. Election results will be announced shortly after the election closes. ■■■

Regional Entity Events

Midwest Reliability Organization (MRO)

Operating Committee Meeting, August 7 Register

Planning Committee Meeting, August 7 Register

Joint Compliance Committee and Standards Committee Meeting, August 30 | Register

MRO Security Conference, September 26 Register

MRO Qtr. 3 Security Advisory Council Meeting, September 27 | Register

MRO Board of Directors Meeting, October 4 Register

MRO Compliance Committee Meeting – Webex, October 17 | Register

MRO Standards Committee Meeting – Webex, October 18 | Register

MRO Planning Committee Meeting, October 23 Register

MRO Fall Reliability Conference, October 24 Register

MRO Operating Committee Meeting, October 25 | Register

ReliabilityFirst (RF)

Protection System Workshop – Protection System Drawings – “The Big Picture” August 14–15, Cleveland, Ohio | Register

Human Performance Workshop August 15–16, Cleveland, Ohio | Register

Texas RE

Talk with Texas RE, August 16| Register

EROCT and Texas RE Generator Winter Weatherization Workshop, September 6 Register

Talk with Texas RE, September 20 | Register Western Electricity Coordinating Council (WECC)

Reliability Assurance Workshop, September 5-6, Salt Lake City, Utah | Register ■■■

Upcoming Events

Board of Trustees Committees, Members Representatives Committee, and Board of Trustees Meetings – August 15–16, Calgary, Canada | Meeting Registration and Hotel Information

Monitoring and Situational Awareness Technical Conference – October 2–3, Carmel, Indiana | Register | Hotel Registration |

Presentations from Previous Conferences

GridSecCon 2018 – October 15–19, Las Vegas, Nevada | Register ■■■

NERC News | July 2018 7

Filings NERC Filings to FERC

June 23, 2018 Comments of NERC in Response to Notice of Proposed Rulemaking | NERC submits comments on the Notice of Proposed Rulemaking regarding proposed Reliability Standard TPL-007-2 (Transmission System Planned Performance for Geomagnetic Disturbance Events) issued by FERC on May 17, 2018. Petition for Approval of PER-003-2 and Retirement of Reliability Standard PER-004-2 | FERC submits a petition for approval of proposed Reliability Standard PER-003-2 (Operating Personnel Credentials) and retirement of currently-effective Reliability Standards PER-003-1 and PER-004-2.

NERC Filings in Canada

June 27, 2018 Notice of Filing of NERC for Proposed Reliability Standard PER-003-2 and Retirement of PER-004-2 (Alberta) | Attachments to PER-003-2

Filing ■■■

Careers at NERC Analyst Physical Security Location: Atlanta Details Cyber Analyst-Network Analyst Location: Washington, DC Details E-ISAC Policy and Coordination Manager Location: Washington, DC Details E-ISAC Junior Analyst Physical Security Location: Washington, DC Details E-ISAC Watch Officer – Open Source Intelligence Location: Washington, DC Details

Engineer Performance Analysis Location: Atlanta Details Web Content Manager Location: Washington, DC Details ■■■