Nerc 101
Nerc 101
Nerc 101
• History of NERC
• ERO and ERO Enterprise
• Stakeholder Process
• NERC Board of Trustees
• Program Areas
• Section 215 of the FPA (16 U.S.C. § 824(o)) defines the ERO as
“the organization certified by the Commission . . . the purpose
of which is to establish and enforce reliability standards for the
bulk-power system, subject to Commission review”
• Standards
• Compliance & Enforcement
• Reliability Risk Management
• Reliability Assessment and System Analysis
• System Operator Certification and Continuing Education
• Electricity Information Sharing and Analysis Center (E-ISAC)
• Reliability Coordination
• Real-time Operations
• Transmission Planning
• Transmission Operations
• Generation Operations
• System Protection and Maintenance
• Training
• Infrastructure Protection
• Emergency Operations and System Restoration
• Section 215(d) of the Federal Power Act states that FERC may
address a proposed Reliability Standard “by rule or by order”
• FERC staff will assign an “RM” prefix to rulemaking dockets (e.g.,
RM15-11-000)
• FERC staff will assign an “RD” prefix to order dockets (e.g.,
RD15-1-000)
• NERC petitions seeking approval of proposed Reliability
Standards are docketed by FERC staff generally within one week
of filing
• NERC petitions may be re-docketed (e.g., changed from
rulemaking to order) in rare cases
Proceeding Type: RD RM
- Notice of Filing Issued - Notice of Proposed
Adjudication vs. - 30-Day Public Comment
Rulemaking Issued
- Public Comments
Rulemaking -Intervention required Requested (~60-days)
Audit
Audit
Cycle
Cycle
Fieldwork
• Pre-audit:
Regional Entity performs Inherent Risk Assessment (IRA) to determine audit scope
Audit team assembled
• Planning:
90-day notification letter delivered
Team develops understanding of entity and makes data requests
• Fieldwork:
Actual audit starts, interviewing and testing begins
• Reporting:
Reports include Findings, Recommendations, and Areas of Concern
• Performance Assessment:
Regional Entity reviews workpapers, identifies lessons learned, and process
improvement
Safety Check
Peer Check
Application Management
Data Management
Areas of
Focus
Application Support
Stakeholder Engagement
• Support
Over 5,000 users across six applications
• Training
Annual in-person training sessions
• Documentation
Data Reporting Instructions updated annually
• Application web pages
Regional Contacts
Frequently Asked Questions
Dashboards, Analysis, and Summary Data
We work with industry’s best experts in reliability to fulfill our statutory obligations of
independently assessing the BPS through effective and efficient processes with our
Regional partners.
CAGR
100 1.0%
GW
75 0.8%
0.6%
50
0.4%
25 0.2%
0 0.0%
1990-99
1991-00
1992-01
1993-02
1994-03
1995-04
1996-05
1997-06
1998-07
1999-08
2000-09
2001-10
2002-11
2003-12
2004-13
2005-14
2006-15
2007-16
2008-17
2009-18
2010-19
2011-21
2014-23
2015-24
2016-25
2017-26
2018-27
2019-28
2013-22*
10-Year Summer Growth (MW) 10-Year Winter Growth (MW)
83 Summer CAGR (%) WinterRELIABILITY
CAGR (%) | RESILIENCE | SECURITY
2018 Long-Term Reliability
Assessment Key Finding
Tier 1 and 2 New Peak Assessment Areas with More Than 50% Natural
Capacity Additions – 10 Year Gas as a Percent of Total Capacity
Assessment 2022 (MW) 2022 (%)
200,000 Area
180,000
FRCC 42,003 78.1%
160,000
140,000 WECC-CAMX 42,536 68.2%
120,000
Texas RE- 51,867 63.3%
100,000 ERCOT
80,000 NPCC-New 16,308 52.3%
60,000 England
WECC-SRSG 16,774 51.8%
40,000
20,000 WECC-AB 8,514 51.8%
0
2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028
• Synchrophasor technology
• Inverter-based resource performance
• Power plant model verification
• Oscillation analysis
• Power plant modeling and performance
• Load and distributed resource modeling
• Transmission planning expertise
• Frequency and control analytics
• Case quality metrics and model validation
• Event analysis and forensics – simulation of events
• Industry technical leadership – drive initiatives
• Standards support – engineering
86 RELIABILITY | RESILIENCE | SECURITY
1-Model Improvement
Personnel Certification
• “Maintaining the reliability of the Bulk Electric System through
implementation of Reliability Standards requires skilled, trained
and qualified system operators.” (Section 601 Scope of Personnel
Certification)
International in scope
Provides a mechanism
Awards Certification Credentials
• Benefits of LOFT:
Reduced the exam development cycle from three year to real time
Elimination of fixed forms has increased the integrity of the exams
Item Bank currently maintained at a minimum of 3 items per task
Ability to update exams as Standards are created or deactivated
Implemented Q1_2017
o New Content Outlines
o New Cut Scores
• Previous Platform
Multiple Tables of Same Data
Old Technology
System was not user-friendly
Support from existing vendor was inadequate
Improvements to system were costly
• Credential Maintenance Database – New Platform
Deployed December 2017
Current Technology
One Source for Data
Improved Accuracy
At this time, the only proposed changes to the program are one
credential and the required CEHs to maintain this credential.
• One Credential:
NERC Certified System Operator (NCSO)
140 CEHs
Mission
The E-ISAC reduces cyber and physical security risk to the
electricity industry across North America by providing
unique insights, leadership, and collaboration
Vision
To be a world-class, trusted source for quality analysis and rapid
sharing of security information for the electricity industry
World-Class ISAC
• Request an account at
www.eisac.com
Products
• Incident (cyber and physical) bulletins
• Weekly and monthly summary reports
• Issue-specific reports
Services
• Monthly briefing series
• Grid Security Conference (GridSecCon)
• Grid Security Exercise (GridEx)
• Industry Engagement Program (IEP)
Tools
• E-ISAC Portal (www.eisac.com)
• Critical Broadcast Program (CBP)
• Cyber Risk Information Sharing Program (CRISP)
• Cyber Automated Indicator Sharing System (CAISS)
E-ISAC CBP
• Launched rapid information sharing call capability in 2018:
February 7: Need info here
November 29: vendor compromise (524 participants)
December 20: Indictments of Advanced Persistent Threat Actors (1,284 participants – including
Oil and Natural Gas industry)
• All-Points Bulletins
Part of the CBP; used to alert industry on critical, time-sensitive security events
Provide additional context and mitigation on time-sensitive issues beyond a traditional cyber or
physical bulletin without need for a CBP call
Portal Upgrades
• Developing updated Portal governance and security controls will further
safeguard sensitive security information
115 TLP:GREEN RELIABILITY | RESILIENCE | SECURITY
IEP
• Established in 2018
• Formerly known as the Industry Augmentation Program
• Multi-day immersive learning experience at the E-ISAC
• Raise awareness of E-ISAC cyber and physical security analysis
processes
• Enhance information exchange between the E-ISAC and industry
• Increase the opportunities for the E-ISAC to receive specific
feedback from industry on tools and communications protocols
• Strengthen utility programs and staff expertise by providing a
professional development opportunity
• Six IEPs held each year
Preparation Utilities
Executive Tabletop
E-ISAC
Reliability Injects and and
Coordinators info BPSA
Identification sharing
by email
and phone
Support
and Fed/State/Prov
Agencies
Containment Vendors
Operators may participate in Players across the stakeholder Senior decision makers
Cyber Intrusion detection landscape will participate from participate in facilitated
activities their local geographies discussions to review
distributed play and explore
policy triggers
Local,
Vendor Electricity Industry State/Provincial
Support Government
IT, ICS, ISP, Coordinated Operations • Emergency
Anti-virus Management
Organizations
Reliability Coordinators,
• Emergency
Other Critical Balancing Authorities, Asset Operations
Infrastructures Owner Operators Centers / Fusion
Telecommunications Centers
Oil & Gas • Local FBI, PSAs
others • National Guard
• PUCs, PSCs
ExCon
GridEx IV Exercise Control
NERC staff, GEWG, Nat’l Labs, SMEs for Sim-cell, etc.