Ensuring Grid Security and Reliability

520 views

Published on

In 2008, FERC gave NERC the power to establish mandatory Bulk Power System requirements for security and reliability, audit compliance and levy fines. Since then, NERC standards and requirements have grown, and are growing, especially Critical Infrastructure Protection (CIP) standards. How can cooperatives make sure their organizations meet these evolving demands and secure the grid while continuing to deliver reliable power?

This ScottMadden insight is the third in a series on “Five Strategic Priorities for Generation and Transmission Cooperatives.” The report summary can be found here: http://www.scottmadden.com/insight/516/five-strategic-priorities-for-generation-and-transmission-cooperatives.html.

For more information, please visit www.scottmadden.com.

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
520
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ensuring Grid Security and Reliability

  1. 1. Copyright © 2012 by ScottMadden. All rights reserved. Ensuring Grid Security and Reliability A Generation and Transmission Cooperative Strategic Priority October 2012 Contact: Brad Kitchens (sbkitchens@scottmadden.com) Marc Miller (mdmiller@scottmadden.com) Zach Milner (zachmilner@scottmadden.com)
  2. 2. Copyright © 2012 by ScottMadden. All rights reserved. Introduction This ScottMadden insight is the third in a series on “Five Strategic Priorities for Generation and Transmission Cooperatives.” Contents  Overview  Evolution of Rulemaking and Enforcement  Multiple Dimensions of Reliability  Effective Compliance Program Elements  Thinking Strategically  Contact Us 1 Managing Generation Assets Ensuring Grid Security and Reliability Gaining Access to Capital Markets Improving the Effectiveness of Stakeholder Management Fostering Economic Development
  3. 3. Copyright © 2012 by ScottMadden. All rights reserved. Overview In 2008, FERC gave NERC the power to establish mandatory bulk power system requirements for security and reliability and to audit compliance and levy fines. Since then, NERC standards and requirements have grown and are growing with Critical Infrastructure Protection (CIP) standards making up a significant part of that growth. 2 NERC Compliance Maturity Model Ongoing Compliance  Continuous cycle (as standards evolve, procedures are updated and personnel are trained)  Demonstrated culture of compliance  Active regulatory relationships Integration and Automation  Requirements coordinated by all business units  Documents managed electronically  Workflow and metrics automated Accountability  Dedicated compliance organization established  Individual standard owners assigned Defined Processes  Compliance requirements defined  Mitigation activities established HighLow Maturity Level CIP violations were eight of the top 10 from March 2010 to March 2011  Top companies are working to ensure that their organizations can evolve to meet changing NERC and FERC priorities  In 2012 and beyond, NERC will employ a risk- based approach to managing and improving reliability — This risk-based approach will include a heavy focus on CIP standards  In addition to managing key reliability metrics, companies should also build a mature and effective compliance program  Compliance programs are most effective when they impact multiple dimensions of an organization, including: — Standards Development — Employee Training — Risk Management — Organizational Structure — Compliance Processes — Program Management — Use of Technology — Culture of Compliance Rulemaking and Enforcement is Evolving
  4. 4. Copyright © 2012 by ScottMadden. All rights reserved. Ensuring Grid Security and Reliability Evolution of Rulemaking and Enforcement Since 2008, the number of violations has increased, especially the number and proportion of violations related to CIP. 3 Rulemaking and Enforcement is Evolving: Cooperatives must work to ensure their organizations can meet evolving demands An effective compliance program is a natural outcome of the process of increasing security and reliability  The CIP program coordinates NERC’s efforts to improve physical and cyber security for the bulk power system of North America — Since 2007, CIP violations have increased in total number and as a percentage of total violations — Non-CIP violations have also increased Focus on Cooperatives  Since the beginning of mandatory enforcement, 47 reliability standards had possible violations by cooperatives, yet 47% of the total number of violations are concentrated in only four standards: — PRC-005: System Protection Maintenance and Testing — CIP-001: Sabotage Reporting — CIP-007: Systems Security Management — CIP-005: Electronic Security Perimeters  Cooperatives can prioritize activities by focusing resources on these standards 0 10 20 30 40 50 60 70 80 90 100 Top 10 Violations by Cooperatives Sources: NERC
  5. 5. Copyright © 2012 by ScottMadden. All rights reserved. Ensuring Grid Security and Reliability Multiple Dimensions of Reliability Cooperatives must work to ensure the reliability of the overall bulk power system along multiple dimensions, including regulatory and environmental uncertainties and the adequacy of generation resources to meet projected demand. 4  Increasing dependence on digital technology to reduce costs, increase efficiency, and maintain reliability means that the networks and computer environments which support this technology must be adequately protected from attacks — The constant vigilance that is required to ensure security in this environment is challenging for cooperatives due to the costs and specialized expertise associated with attaining it Security for an increasingly “smart” grid Generation Reliability  The results of NERC’s recent analysis of generation reliability showed upward trends in forced outage hours, maintenance events and planned outage events — Forced outage hours jumped from 266 to 310 hours per unit from 2009 to 2010 — Maintenance events increased by 24 hours per unit from 2009 to 2010 — Planned outage events increased slightly from 2008 to 2010  Further investigation is required, but an aging generating fleet may be a primary driver of degrading generation reliability Transmission Reliability  From 2008 to 2011, nearly 20% of automatic sustained outages were initiated by either failed AC substation equipment or failed AC circuit equipment  These equipment failures should be considered significant focus points in reducing outages and maintaining reliability Other areas of reliability to consider* *Sources: NERC, 2011 Risk Assessment of Reliability Performance
  6. 6. Copyright © 2012 by ScottMadden. All rights reserved. Ensuring Grid Security and Reliability Effective Compliance Program Elements An organization can support increased security and reliability and their ability to respond to evolving rulemaking by working to ensure that eight compliance elements, described below, are incorporated into their compliance programs. 5 Organizational Structure • Dedicated compliance organization; supervised by the “compliance officer” • Identified compliance leaders and structure in each applicable organization Employee Training • Staff at all levels are trained; communications clear • Methodology to ensure alignment between documentation compliance and training Culture of Compliance • Recognition of the importance of reliability/compliance • Employees are encouraged to identify and self-report violations through the corporate process • Key compliance indicators identified and monitored; “dashboard” status reporting Standards Development • Proactive involvement in standards development • Process in place for rollout of new standards Compliance Processes • Established corporate-wide standards • Ongoing audit readiness process to prepare for self-certification, self- reporting, compliance audits, spot checks, and readiness evaluations Program Management • A master schedule exists for all compliance-related activities; activities are managed as a program • The compliance group assists the business units Risk Management • Enterprise-wide risk management assessment conducted to evaluate compliance risk • Formal reviews of company reliability “incidents” and “near misses” are held in a timely manner Use of Technology • Computer-based tracking systems • Central repository for auditable documents • Appropriate tools selected to support NERC
  7. 7. Copyright © 2012 by ScottMadden. All rights reserved. Ensuring Grid Security and Reliability Effective Compliance Program Elements (Cont’d) Some key questions to consider under each of the eight compliance elements are listed below. 6 The degree to which an organization has addressed these questions is indicative of program maturity and effectiveness Organizational Structure • Who is the NERC chief compliance officer? Why? • Do they have access to the COO/CEO? • To whom does the compliance manager report? • How are responsibilities divided between compliance and the SMEs? Employee Training • Once procedures are complete, how are staff trained? • How frequently are procedures reviewed? • Who signs off on staff knowledge? Culture of Compliance • Does senior management consider NERC compliance a primary responsibility? • What communications have been made to the staff and board regarding NERC compliance? Are these messages reinforced? • How is performance managed? Standards Development • How does the enterprise stay apprised of standards under development? • What is the internal process to comment and vote on standards? • Who are the representatives on the RRO and NERC standards development committees? Compliance Processes • How are procedures vetted internally? • How does the signing officer know they are correct and have been implemented? • Are the procedures for self-certification, self-reporting, audit preparation, etc. followed? • Who is responsible for compliance with those procedures? Program Management • Is there a master plan of compliance- related activities? How is it managed? • Who is responsible for tracking activities and ensuring completion? • How are procedures integrated within and across departments? Risk Management • Is NERC compliance included in the ERM process? • How is potential compliance exposure communicated to management? • Are compliance resources allocated consistent with potential risks? Use of Technology • Which tools are used for project management? Work management? • How is procedure version control managed? • How are tasks tracked and communicated?
  8. 8. Copyright © 2012 by ScottMadden. All rights reserved. Ensuring Grid Security and Reliability Thinking Strategically In today’s dynamic and challenging environment, it is more important than ever to ask the right questions and understand the implication of the answers. 7  With which violations are we most at risk for non-compliance?  What components of an effective compliance program are priorities for my organization right now?  How do our compliance activities compare to other organizations?  What systems, tools, and training are available to help facilitate a culture of compliance?  Do we have well-defined processes that will keep us in compliance while improving security and reliability over time?  Does our organization structure support clear and undiluted accountabilities? Practical Questions for Management Possible Goals for the Organization  Identify standards where the organization may be at risk and perform an internal assessment  Review the most violated standards and largest penalties in the industry to identify those which could present the most risk  Assess the NERC compliance governance structure to ensure roles and responsibilities support the goal of corporate compliance  Ensure processes that touch CIP standards efficiently meet current and likely future business requirements  Develop a governance model that clarifies key accountabilities associated with ensuring grid security and reliability
  9. 9. Copyright © 2012 by ScottMadden. All rights reserved. Contact Us ScottMadden has undertaken numerous consulting projects for cooperatives across the country. If you are interested in learning more about ensuring grid security and reliability, please contact us. Zach Milner Senior Associate ScottMadden, Inc. 3495 Piedmont Rd, Bldg 10 Suite 805 Atlanta, GA 30305 Phone: 404-814-0020 zachmilner@scottmadden.com Marc Miller Director ScottMadden, Inc. 3495 Piedmont Rd, Bldg 10 Suite 805 Atlanta, GA 30305 Phone: 404-814-0020 mdmiller@scottmadden.com Brad Kitchens President and CEO ScottMadden, Inc. 3495 Piedmont Rd, Bldg 10 Suite 805 Atlanta, GA 30305 Phone: 404-814-0020 sbkitchens@scottmadden.com 8

×