Slide 1

Download Report

Transcript Slide 1 

Reliable Power
AESO Reliability Committee
(ARC)
March 27, 2009
Reliable Markets
Reliable People
Agenda
• Action items – last meeting
– Status of Reliability Standards in BC
– Update of NERC’s BES definition / WECC interpretation
– AESO position on NERC ALERTS
• Standards Recommendations
• Compliance Workgroup report
• Discussion, Future Meeting Dates
2
Activities in British Columbia re
Reliability Standards
• BC’s 2007 Energy Plan expressed Province’s commitment to implementing
industry wide RS
• BCTC has consulted with stakeholders regarding such implementation
• Utilities Commission Act amended in 2008
– BCTC to review NERC/WECC mandatory RS and provide the BCUC with a report
assessing the suitability of those standards for adoption in BC, any potential adverse
impacts to reliability arising from such adoption, and cost of implementing those RS
in BC
• BCTC preparing an Assessment Report covering 103 NERC/WECC RS as
adopted by FERC as of December 31/08
– BCUC must publish the report for comment
• Unless BCUC makes a determination that a RS is not in the public interest,
BCUC must adopt the RS addressed in the Assessment Report if the
Commission considers the RSs are required to maintain or achieve consistency
in BC with other jurisdictions that have adopted RS
– BCUC would hold a hearing in order to reject a RS, but not for approval
• BCUC is discussing with WECC the potential to engage WECC to assist the
BCUC in carrying out various compliance activities. No such agreement has yet
been reached.
3
Update to WECC interpretation of
NERC BES Definition
• NERC BES Definition - As defined by the Regional Reliability
Organization, the electrical generation resources, transmission lines,
interconnections with neighboring systems, and associated equipment,
generally operated at voltages of 100 kV or higher. Radial transmission
facilities serving only load with one transmission source are generally not
included in this definition.
• May 9, 2007 - WECC response to NERC request for a WECC Regional
definition includes 9 criteria to clarify the word “generally” and awaits
further direction.
• The 9 WECC criteria is intended to clarify facilities which are:
– (i) above 100 kV but and should not be considered part of the bulk electric
system,
– (ii) below 100 kV and should be considered part of the bulk electric system,
and
– (iii) radial transmission facilities serving only load that should be considered
part of the bulk electric system.
• August 2008- WECC BOD directed the RPIC to re-examine WECC
clarification
4
Update to WECC interpretation of
NERC BES Definition
• Jan 29, 2009 – WECC update to NERC advises WECC BOD has not approved
the WECC clarification, WECC compliance is not using WECC clarification,
WECC does not use the clarification in execution of its duties.
• March 2009 – NERC files the WECC information with FERC and WECC initiates
a BESDTF to develop language to clarify the NERC definition of BES using
WECC the “Process for Developing and Approving WECC Standards” to the
extent possible to ensure that the final work product undergoes sufficient due
process.
• AESO intends to participate on the BESDTF and will inform ARC members
• Potential impact in Alberta
– Protection and Control standards – RAS, requirements to analyze misoperations,
AGC systems
– Emergency Operating Procedures – application on 138kV / 144kV non-radial
systems
– Personnel – operator training requirements for TFOs
– Transmission Planning Standards – potential to increase performance requirements
5
Reliable Power
AESO Reliability Committee
(ARC)
Security Workgroup (SWG) Update
Garry Spicer – Director, Security
2009 03 27
Reliable Markets
Reliable People
Agenda
• Security Work Group (SWG)
– SWG Status
– Security Work Group Terms of Reference – Updates
– Technical Feasibility Exceptions
– NERC Alerts
– Questions
7
SWG Status
• Past
– Have met once every month since Sept. 2008, except for:
• Dec. 2008 (did not meet); and
• Nov. 2008 (met twice).
– Have completed a draft of AB-CIP-001-1 (Sabotage Reporting)
• Have a definition for sabotage
• NERC doesn’t have this yet – has caused much confusion in U.S.
• Have included concepts from NERC’s rework of CIP-002 to 009
• E.g., must implement procedures, not just write them
• Have included links to Alberta specific items
• Provincial ASSIST
• AESO OPP 808
• Has been reviewed by AESO Compliance
8
SWG Status
• Present
– Draft of AB-CIP-001-1 has been sent to AESO Legal for review
– Have initiated review of NERC-CIP-002-1, Critical Cyber Asset
Identification
• Working through approach to identifying critical assets
• Planned
– Aiming for AB-CIP-001-1 to be submitted for October 2009 AUC
rules cycle (pending ARC approval)
– Aiming for AB-CIP-002-1 to be submitted for October 2009 AUC
rules cycle (pending ARC approval)
9
SWG Terms of Reference
Updates
• Version 1.0.a
– Security Work Group Key Parameters:
• The SWG will be assembled to review reliability standards pertaining to
the security requirements of the Alberta Interconnected Electric System
facilities and cyber assets and will be comprised of representation as
required from: AESO, TFOs, GFOs, Wire Owners, PPA Owners, and
Buyers.
•
Needed to include Wire Owners, as some standards may apply to them
– Terms of Engagement:
• A member or a representative of any work group will not be precluded from
participating in the AESO’s Rules process or ultimately participating in any
related AUC proceeding.
•
Item 7 – Error correction. AEUB had to be updated to AUC.
10
SWG Terms of Reference
Updates (cont’d)
– Appendix ‘A’ – ARC Work Groups – Security Work Group
• Included Jack Kelly as additional SWG alternate chair
– Appendix ‘A’ – ARC Work Groups – Compliance Monitoring Work
Group
• Updated detail regarding Compliance Monitoring Work Group
11
Technical Feasibility Exceptions
• A ‘release valve’ for standards
– Not valid in all cases: only where explicitly permitted
– Requests reviewed against criteria
• Not technically possible
• Cannot be achieved in time to be compliant
• Safety risks or issues that outweigh the reliability benefits
• Conflict with statutory or regulatory requirements
• Costs that far exceed the benefits
– Does not relieve obligation to comply!
• Authorizes departure from strict compliance
• Requires an alternate approach
• Limited duration
– Plan to implement as a separate Alberta Reliability Standard
12
NERC Alerts
• Background
– “Aurora Vulnerability”
• Staged experimental cyber attack against an electric generator
• March 2007 at U.S. DoE Idaho Lab
• Some conclusions controversial
• Nonetheless – demonstrated that cyber security issues are real
• Concern expressed by U.S. government
• Industry awareness and response not well coordinated
– Response by NERC Board of Trustees
• Approve five year strategic plan (November 2007)
• One of the ten goals for 2008: Critical Infrastructure Protection
• Improve the overall resiliency of the bulk power system to threats
and vulnerabilities
13
NERC Alerts
• Actions taken by NERC as part of CIP Programme
– Hire a Chief Security Officer (Michael Assante)
– Ensure Rules of Procedure support CI Protection
– Coordinate with governmental agencies
– Assess preparedness of users, owners, and operators
– Partnership for Critical Infrastructure Security
– Improve tools and other support services
– Implement NERC Alerts Programme
14
NERC Alerts
• Ensure Rules of Procedure support CI Protection
– Section 810 – Information Exchange and Issuance of NERC
Advisories, Recommendations, and Essential Actions
• Members of NERC and BPS owners, operators and users provide
NERC with operating experience information and data
• NERC disseminates results of analysis, lessons learned, etc.
• NERC notifies industry through notice, analyses and recommendations
• NERC will notify FERC and governmental authorities
– Tools used to support Rule 810
• Emailed notices that alert users, owners, and operators of the bulk
power system to potential reliability threats
• Eventually will move to email notification only – details will be retrieved
from a secured website
15
NERC Alerts
• Implement NERC Alerts Programme
– Must register with NERC to receive alerts
• Must provide appropriate contact information
– May register as one of:
• Primary Send
• Must have daily coverage of the email address
• Must “respond” to alerts (sometimes within 24 hours)
• Informational Send
• Must have a Primary Send registered to get on this list
• Courtesy Copy
• Does not carry additional implications (e.g. coverage, response, etc.)
16
NERC Alerts
• Purpose
– Event Analysis
• Single Events – findings
• Multiple Events – trends
• Generic Findings – equipment business practice problems
• Technical Findings – Potential for repeat problems discovered through
technical analysis
– Support Critical Infrastructure Protection
• Examples:
– US CERT Vulnerability Disclosure (e.g. Boreas and ABB alerts)
– Public Vulnerability Disclosure (e.g. RealWinSCADA advisory)
– The release of exploitation code or tools (e.g. GE Fanuc advisory)
– Release of malicious code
17
NERC Alerts
• There are three types / levels of NERC Alerts:
– Level 1: Advisory
• Informational
• No Response required
• Provide findings and lessons learned
– Level 2: Recommendations to Industry
• Specific to actions NERC is recommending to be taken
• Requires response with acknowledgement and response time
– Level 3: Essential Actions
• Specific actions that must be taken by specific registered entities
• Requires response on actions taken and progress to resolve issues
18
NERC Alerts
• There are four confidentiality levels for alerts:
– 1 – Green
• Public
• No restrictions on distribution
– 2 – Yellow
• Private
• Internal use and necessary consultants, third party providers
– 3 – Red
• Sensitive
• No external distribution
– 4 – Black
• Confidential
• Limited internal distribution
19
NERC Alerts
• AESO Position
– Registration for NERC Alerts is not mandatory for Alberta entities
• Entities includes owners, operators, and users
– Registration for NERC Alerts is suggested for Alberta entities
• Register under the courtesy copy option
• Avoid potential violations, conflicts, and confusion associated with
reporting requirements under other options
• AESO has registered under the Courtesy Copy option
– Caution is warranted regarding reporting requirements
• Reporting security matters to authorities outside of Alberta / Canada
• May conflict with legislation and other agreements
• AESO is seeking guidance from Alberta DoE; PSCan; CEA; and ASSIST
20
Questions, Feedback, Re-direction?
• Additional questions or concerns, please contact:
– Garry Spicer, Director Security, AESO
• [email protected]
• (403-539-2633)
21
Standards Recommendations
• 36 in total for this ISO Rules cycle (July)
• 3 are applicable to Market Participants
– INT-001-3 – Pool Participants who arrange interchange transactions on
interties
– FAC-501-WECC-1 - TFOs who maintain WECC Major Paths
– PRC-021-1 – TFOs, WOs, transmission end use connected customers and
owners of industrial systems that own UVLS
• 13 are applicable to the AESO
• 24 are recommended to be rejected for application in Alberta
– not applicable to an Alberta entity, or
– INT-004-2 – applies to Pool Participants however, dynamic scheduling is
not available in Alberta at this time.
22
Reliable Power
AESO Reliability Committee
(ARC)
Reliable Markets
Compliance Work Group (CWG) Update
Pavel Bardos – Manager, Compliance
March 27, 2009
Reliable People
CWG – Update
•
CWG has completed the work assigned to the group
– held 10 meetings in 2008 and delivered a program; identified problem
areas; and resolved or referred issues
– Workgroup has not met in 2009, but will reconvene as issues are brought
forward; plan is for quarterly meetings
•
CWG worked to complete…
– Compliance Monitoring Program (CMP)” document
•
Posted publicly – AESO website in Feb 6, 2009
•
Provided to ARC for information here
– Finalized “Registration Guideline”
•
AESO will hold a future ‘workshop’ to introduce this process to industry, before
registration begins
•
Target - posting of document on AESO web page and workshop late Q2
24
CMP Document Highlights
The CMP document describes the tools and processes which will be
utilized in monitoring of market participants compliance with reliability
standards:
1.Compliance Monitoring Audit
a.
Table Top Audit (with on site visit option)
b.
Spot Check Audits
2.Self-Certification
3.Self-Reporting
4.Exception Reporting
5.Periodic Reporting
25
Registration Guideline Highlights
• The Registration guideline is not a ISO rule
• In order for the AESO to carry out its compliance monitoring function it is important identify
market participants with material impact on reliability of the AIES.
• Additionally it is important for market participants to understand which reliability standards
are applicable them.
• The relationship between reliability standards and market participants is derived through
registration of market participants for functional entities as defined in Alberta Functional
Model. Currently there is no existing process that captures this relationship. The following
pictogram shows graphically how registration will accommodate identification of this
relationship.
Alberta Functional
Model
Reliability Standard
- Applicability Section
- Functional Entities
Functional
Entities
Market
Participants
Registration
26
Registration Guideline Highlights
• The AESO will maintain functional definitions in Alberta Functional Model
• The AESO will assign Applicability of a Reliability Standard to appropriate
Functional Entities
• Registration of a Market Participant to a Functional Entity
a) Initial (roll-out) registration stage: The AESO will create on best-effort basis a list of market
participants with their affiliation to the functional entities and communicate this list to the
participants. In return will ask participants to confirm or dispute assigned affiliation and
provide compliance contacts.
b) Post-Initial registration stage
• Reliability Standards Exemption Registration Process
• Based on assigned applicability the AESO will describe eligibility conditions for granting an
exemption.
• Dispute Resolution Process will be used to decide any disputes related to
registration or exemption
• The AESO will maintain the Reliability Standards Registry on its web page.
27
Next Steps
We will schedule CWG quarterly meetings to discuss key
issues related to compliance and the implementation of the
programs. In the coming months will be focused on
establishing and operationalizing compliance monitoring
processes
Registration of Market Participants:
•
Stakeholder communications rollout at end of 2Q.
•
Should start the registration process by June 2009.
•
All entities registered by end of 3Q09.
28