View recent news coverage highlighting interviews and quotes from LPPC.
July 31, 2018
By Michael Kuser, Rory D. Sweeney, Amanda Durish Cook and Rich Heidorn Jr.
WASHINGTON — FERC Commissioner Cheryl LaFleur, who has been attending the commission’s annual reliability technical conference since her appointment in 2014, always opens the meeting by citing something special about each year’s gathering.
At Tuesday’s conference, LaFleur noted it has been 50 years since NERC was formed following the 1965 Northeast blackout. “I was practicing piano when the lights went out in Boston,” she recalled.
Issues cited in past years — including cybersecurity and improving NERC’s efficiency — were joined in this year’s hearing by concerns over inverter-based resources, the wind-down of Peak Reliability and the impact of gas shortages on resiliency. Commissioner Neil Chatterjee chaired the session for Chairman Kevin McIntyre, who was unable to attend. Chatterjee was joined by LaFleur and Commissioners Robert Powelson and Richard Glick (AD18-11).
NERC CEO Debuts
It was the FERC debut for new NERC CEO Jim Robb, who joined the organization four months ago from the Western Electricity Coordinating Council. Robb said his initial focus has been implementing the risk-based philosophy that NERC and the Regional Entities (REs) established over the last several years “and really embedding that in all the activities we undertake.”
A second priority, he said, is “consistent implementation” of NERC’s programs across the regions. “It’s clearly a challenge. It’s clearly an issue that industry wants to see us get better at.” He vowed to focus on the big issues and “try not to be distracted by the trivial.”
Time for a Gas Standard?
Robb also described his organization’s work on fuel assurance, the subject of a NERC technical conference in early July. Robb said it is time to shift from recognizing the challenges caused by the increasing reliance on natural gas and identify actions that can “synch” the operating practices of the gas and electric industries to make them “compatible and harmonious.”
NERC’s reports, such as its November 2017 special reliability assessment on risks to the grid from severe gas disruptions, are one tool, he said. (See NERC: Natural Gas Dependence Alters Reliability Planning.)
“We’re not close-minded to the possibility of a suite of standards, if indeed they’re required. I think at this point in time we haven’t made that leap that we think we need to go to the step of creating a fuel-specific standard — that we can address this through some of the existing processes that we have,” Robb said. “But it’s clear that industry wants more guidance around what they should be studying and what sort of corrective actions they should be contemplating.”
That was exactly the ask of Peter Brandien, ISO-NE’svice president of system operations. “It would be helpful for us if there was some sort of guideline or something agreed upon by the industry on how to look at energy security and what are the attributes or the pass/fail criteria you should be looking at,” he said.
Cybersecurity Rules for Pipelines?
Glick asked witnesses whether there are sufficient cybersecurity rules for gas pipelines. In June, Glick and Chatterjee penned a joint op-ed calling for mandatory reliability standards for natural gas pipelines like those FERC and NERC enforce on the grid. They noted that Transportation Security Administration has only a half-dozen employees overseeing pipeline security and relies on voluntary cybersecurity standards.
Berkshire Hathaway Energy CEO William Fehrman, who testified for the Edison Electric Institute (EEI), said NERC’s Critical Infrastructure Protection (CIP) standards “were very effective in developing a culture of security” in the industry.
“I do think that similar approaches should be made on gas pipelines. Whether or not there needs to be a standard I think is debatable, but I certainly believe that a similar focus on security and a culture of defensive postures on gas pipelines is appropriate.”
He added, “When we look through our assessments of pipelines, I would say that the vast majority of operators are already well beyond what would be a similar CIP standard. But, nonetheless, there is a good opportunity for further discussion on that matter.”
“I don’t have nearly as much visibility into the mechanics of how the pipeline systems actually operate,” said Robb.
“I’m not in a position to say whether or not the TSA … approach is adequate or not.”
Testifying later, independent consultant Alison Silverstein pointed out that no one from the gas industry was invited to appear on any of the four panels.
Silverstein also challenged the focus on fuel security, saying fuel shortages account for only a tiny portion of outage events. “We have a grid that some of the pieces on it are 70, 100 years old,” Silverstein said. “Today we’re built for Ozzy and Harriet weather, and we’re facing Mad Max in terms of the magnitude of threats from extreme weather.”
She also urged a focus on reliability measures with proven benefits, “like tree-trimming, the gift that keeps on giving, every season.”
When to Press
LaFleur asked when FERC should press NERC and the industry on new standards, citing a “conservatism” built into NERC’s industry voting mechanism. “Part of our job is to be annoying and push when there’s something” that needs to be addressed, she said citing FERC’s directives on physical security and geomagnetic disturbances.
“That’s a great question,” Robb responded. “I wish I had a crisp answer to it, but I don’t …. I think there’s a little bit of ‘you’ll know it when you see it’ embedded in here.”
Tim Gallagher, CEO of RE ReliabilityFirst, said the answer depends on the pervasiveness and imminence of the threat. “Standards are not in my mind the ideal way to respond to emerging or potential threats. Sometimes the threat or the risk can be addressed quite well outside of the standards process,” he said.
Gallagher cited NERC’s response to the widespread generation failures during the 2014 polar vortex. Afterward, NERC made site visits to willing generators and suggested corrective measures.
“If we had gone down the standards path in that case,” he said, “we would not have been prepared for the next winter. Taking this more aggressive, non-standards approach, we were able to elevate performance — along with working with our RTOs and improvements they made — and the voluntary cooperation of the industry to have much better performance.”
Steven Naumann, Exelon’s vice president of transmission and NERC policy, said the time-consuming standards process is especially ill-suited for responding to cyber threats. “The threat is going to change. We’re dealing with intelligent adversaries … so if we close one door they’re going to look for another.”
RC Function in West
LaFleur asked what FERC should be concerned about regarding Peak Reliability’s plan to cede its role as the Western Interconnection’s reliability coordinator to CAISO and perhaps others.
“The thing to remember about the Western Interconnection is it really works as one integrated machine,” said Robb, noting that radially-connected Alberta is an exception. “Having a unified reliability coordinator overseeing that system was very beneficial. One of the issues we deal with in the West is that a problem in the Northwest can manifest itself in New Mexico very, very quickly. So, I think the most important thing, as we shift to a multi-reliability coordinator system in the West, is that the seams agreements and operating protocols between them really recreate that wide area view for the entire interconnection. The most important thing that can happen right now is for the TOPs [transmission operators] and BAs [balancing authorities] in the West to declare where they are going to go so that we know where the seams are.”
Commissioner Glick asked how CAISO was going to address concerns he’s heard from some entities in the West that CAISO’s role in operating the markets and being the RC could lead to conflicts of interest — an issue that dogged SPP in the past.
“RC services are driven by compliance standards. They’re operational and engineering in nature,” responded Eric Schmitt, CAISO’s vice president of operations. He said CAISO asked potential customers to help it create the framework for the new function.
“We think it honors independence and separation between our … BA reliability function and markets and RC services. Organizationally and process-wise, we’re creating the kind of separation that the customers would like to see. Yes, there’s more discussion to be had around that as we go forward, but we think that was a good start.”
Standardizing Inverter Configurations
CAISO’s Schmitt also called for standardization of the configuration of inverters on renewable generation, citing the ISO’s problem with utility-scale solar tripping offline. (See Solar Inverter Problem Leads CAISO to Boost Reserves.)
“Nobody ever told the inverter owners how to program them,” said Robb. “The good news is industry has been very responsive. I think we’ve solved the problems that we know of. We may find others.”
Robb said NERC expects to begin work in August on two Standard Authorization Requests (SARs) on inverters.
Don’t Attempt to Control the Future
Panelists in the conference’s third session looked to the future and urged the commission not to attempt to control what it looks like.
“I think the way we’ve been thinking about essential reliability services is right on point,” said John Moura, NERC’s director of reliability assessment and system analysis. He cited several examples of recent grid-level issues, such as frequency response, that have been addressed with interaction between NERC and FERC.
Quanta Technology President Damir Novosel, who appeared on behalf of the IEEE Power & Energy Society, said the key is “knowing what we want to accomplish through [performance] standards, then [having] the market that will value what [we] want to accomplish.”
Speaking for the Large Public Power Council, ElectriCities of North Carolina CEO Roy Jones urged the commission to ensure that any resource that can provide the necessary services has access to the market to do so. He called for driving the standardization of storage resources further upstream to manufacturers, where “it’s more efficient to work on it there once so that everything coming down the assembly line has that standard.”
Wabash Valley Power Association CEO Jay Bartlett, who appeared on behalf of the National Rural Electric Cooperative Association, said regulators should first determine the right information to know about new equipment on the system so “that we can effectively model it and ensure that we don’t’ spend good money after bad, trying to cover parameters that we can’t model with reserves.”
Nicholas Miller, a principal at HickoryLedge LLC, called for standards and market signals that are “outcome-based, not enabling-based,” because “there’s a lot more knobs that can be turned with inverted-based resources than with synchronous machines.”
Peter Gregg, CEO of Ontario’s Independent Electricity System Operator, said managing data is essential for the future.
“If we think about how our systems are becoming more complex, they are only going to become more complex,” he said. “I think our challenge is, how do we better leverage the data that we’re creating … how to actually access, interpret, analyze and use that data.”
On the final panel, which focused on cybersecurity, NERC Senior Director Bill Lawrence discussed NERC’s plan to expand its Cybersecurity Risk Information Sharing Program (CRISP) to improve information sharing.
“Right now, CRISP covers well over 75% of the meters in the United States …. We have a very good sample set of what’s going in and out of IT networks,” Lawrence said.
But information sharing methods are still limited, he said.
“Whenever we start talking about … automated information sharing, I like to throw ‘HV’ in front of that ― human verified. Right now, we don’t have the trust on any information shared to be able to apply directly to production systems without awareness of the consequences it might have. So, we don’t have machine-to-machine yet,” said Lawrence, adding that the Department of Energy National Laboratories and federal research and development programs are working on trust models “to separate the wheat from the chaff.”
DOE’s Carol Hawk said the National Laboratories are also looking into “containerizing” power system applications so that each is isolated with a decreased chance of being compromised.
Hawk said cybersecurity staff could use the operational nature of the industry itself to protect against attacks. “Here’s an example: Each component in [a] system is designed to perform a very specific, limited function. We have developed technology that will allow the system to deny by default any unexpected cyber activity …. If it’s not expected, don’t allow it,” she explained. Hawk said with the system effectively locked down by only allowing its intended function, it “shrinks the cyber attack surface.” She added that protective relays could use modeling to analyze within four milliseconds whether a command sent by an adversary would destabilize the grid.
“So I see a bright future … because we can use characteristics of that operational environment to protect itself, to automate a response that makes sense,” Hawk said.
Trinity Cyber President Marie O’Neill “Neill” Sciarrone said addressing cybersecurity issues has changed little from her time at the Department of Commerce’s Critical Infrastructure Assurance Office in the early 2000s.
“We were coming out of Y2K and addressing the Code Red [virus], and you realize we’re talking about the same thing today we were talking about in 2000, and that’s sad. And that’s basically where we are,” Sciarrone said. She urged the sharing of more “actionable information.”
“You can share … IP addresses for someone to block, but you’re not giving the context of why or how the threat is evolving or how the threats to their IT systems are making their way to their [operation technology] systems,” she said, adding that it’s “absurd” to prepare for an unnamed adversary.
“When it comes down to it, we all need to admit adversaries have more motivation, more funding, more resources than any of us, and we need to bind together and be very transparent and open about what we’re seeing, how we’re acting, how we’re solving problems, and be as willing as they are to adopt modern technology and to be flexible and to move if we’re going to combat that. Otherwise, we’re fighting with both arms behind our back,” Microsoft’s Matt Rathburn said.
NERC CIP Standards
LaFleur asked whether the NERC CIP standards are sufficient or excessive.
“We hear the standards were just a baseline ― any self-respecting company has gone well beyond that. In other parts, we hear that we are way too restrictive and should be cut back …. [Edison Electric Institute] said we should have a moratorium on standards; there are too many,” she said.
Lincoln Electric System’s Paul Crist said utilities must balance compliance with emerging security threats. He said situations can arise where software vendors become compromised, but removing their software would lead to noncompliance. Crist admitted CIP standards “are probably a struggle for all” and said his company tries to balance the risk of violating compliance with having sufficient incident response capabilities. He noted that some vendors deliberately refuse to offer CIP compliance.
Rathburn said CIP guidance is not clear enough to issue any guarantees an entity will pass an audit.
“I have 78 certifications. CIP is not one of them,” he said.
Dragos’ Ben Miller said the industry’s understanding of threats is limited: “We have anecdotes. We don’t have large data sets. So I think it’s hard from a standards process … to chase the threat.”
After Hawk suggested asset owners may not be able to afford to cover the costs of sophisticated cybersecurity programs, La Fleur said she’s never spoken to a transmission owner who doesn’t have the opportunity to recover cyber security costs in rates.
Hawk said the issue of cost may emerge with research and development programs for new technologies.
“If a company is wanting to do something on their system, buy a new package to make it more secure, and they are not able to fund that, we would like to know about that,” LaFleur said. “There are so many things we can’t control, that are not within FERC’s authority. Utility rates are one of the things we actually do.”
July 30, 2018
By Rod Kuckro, E&E News Reporter
The Federal Energy Regulatory Commission this week will host a technical conference on grid reliability. Ellen M. Gilmer/E&E News
Federal regulators are set to hear from a roster of electricity industry leaders tomorrow on the challenges to maintaining reliable electricity service in the face of resilience concerns, cybersecurity threats, physical disruptions to the grid and increasing amounts of distributed energy resources such as solar.
The all-day technical conference at the headquarters of the Federal Energy Regulatory Commission in Washington is a ritual in response to the annual "State of Reliability" report published by the North American Electric Reliability Corp. (NERC).
NERC develops reliability standards for the nation's bulk power system, which is made up of generation and high-voltage transmission facilities and their control systems.
The annual conference is a chance for the industry to suggest changes or enhancements in the standards, especially against the experience of lessons learned following major events such as blackouts in 2003, 2008 and 2011.
The conference will feature four panels with 30 witnesses, the first of which will lead off with Jim Robb, the new CEO of NERC. Panelists will include representatives of the Canadian Electricity Association and Mexico's Energy Regulatory Commission, the Edison Electric Institute, Berkshire Hathaway Energy, the California Independent System Operator, Exelon Corp. and the American Public Power Association.
The most topical panel will look at resilience, a term whose definition defies universal agreement and which has become the underpinning of the Trump administration's argument that the loss of coal-fired and nuclear plants, with their on-site fuel supplies, threatens national security.
"A bulk power system that provides an adequate level of reliability is a resilient one," according to prepared remarks from Mark Lauby, NERC's senior vice president and chief reliability officer.
"Resilience is a performance characteristic of reliability. Therefore, improved reliability is completed through improvements to robustness, reliability degradation management, and system rebound and return" to normal operation after a disruption, he said.
NERC, Lauby said, will "continue to assess whether further activities are appropriate to support a resilient grid."
Wesley Yeomans, vice president for operations at the New York Independent System Operator, also will testify.
The New York ISO "does not currently face imminent resilience concerns that require immediate action," he said.
However, the grid operator "fully recognizes that technological developments, economic and environmental consideration, and public policies are transforming the electric grid," Yeomans said.
Therefore, "the NYISO takes no position, at this time, regarding whether incremental resilience-specific standards should be developed and implemented," he said.
Peter Brandien, vice president of system operations for ISO New England, will say that "the most pressing challenges to the resilience of the power system do not relate to transmission, but to the possibility that the region's generating fleet will not have, or be able to maintain the fuel they need to produce the power to meet system demand and maintain required reserves."
Brandien believes it would be helpful "to have NERC and industry standardization or guidance on the meaning of fuel security and for conducting fuel-security analysis."
The reliability report issued in June said U.S. power grid companies should expect dangerous cybersecurity intrusions to keep increasing, with adversaries seeking to break through defenses by infecting utilities' trusted suppliers (Energywire, June 22).
That conclusion undoubtedly will be explored at an afternoon panel on the evolving cybersecurity threat that will feature Patricia Hoffman, deputy assistant secretary at the Department of Energy, as well as officials from NERC's Electricity Information Sharing and Analysis Center, the Department of Homeland Security, FBI and Microsoft.
The fourth panel will explore challenges to managing the "new grid" brought about by changes in the mix of electric generation resources and power plant retirements.
Roy Jones, CEO of ElectriCities of North Carolina, will appear on behalf of the Large Public Power Council — the 26 largest state and municipal utilities.
In his testimony, Jones says that instead of developing new reliability standards, "LPPC members agree that FERC and NERC are better advised to focus on securing the necessary reliability attributes of generation than they are to focus on fuel type (e.g., coal, gas, nuclear, hydro, wind or solar)."
The event will be webcast.
Power Magazine: Grid Reliability and Resilience Pricing: FERC’s Rulemaking and How Our Energy Markets Are Responding
June 27, 2018
By Kenneth W. Irvin and Christopher Polito
What is “resilience,” and do we need it?
As anyone who has not been on Mars knows, last year, U.S. Secretary of Energy Rick Perry petitioned the Federal Energy Regulatory Commission (FERC) to craft policies to provide for “resilience” in our generation resource mix. Putting it in critical, national security terms, Secretary Perry wrote:
America’s greatness depends on a reliable, resilient electric grid powered by an “all of the above” mix of generation resources [that] must include traditional baseload generation with on-site fuel storage that can withstand major fuel supply disruptions caused by natural and man-made disasters. … Our economy, government and national defense all depend on electricity. Therefore, ensuring a reliable and resilient electric supply and corresponding supply chain are vital to national security.2
Framing the issue as “national security” is exactly what’s happening now, with a “leaked” memo from the White House National Security Council arguing for the administration to use the Defense Production Act and authority under Federal Power Act section 202(c) to “temporarily delay retirements of fuel-secure electric generation resources.”3
A few months before Secretary Perry’s letter to FERC, U.S. Environmental Protection Agency (EPA) chief Scott Pruitt and President Trump appeared on national television to warn that if coal power continues to decline, the lights could go out.4 Administrator Pruitt went so far as to say that if the share of coal use falls below 30 percent nationally, it could expose the United States to terrorist attacks. “When we’re at less than 30 percent or right at 30 percent today, that creates vulnerabilities to attacks on infrastructure,” Pruitt said.5
Pretty potent rhetoric. Nevertheless, as one of his first acts as FERC Chairman, Kevin McIntyre led the Commission in a 5-0 decision rejecting the Department of Energy’s Notice of Proposed Rulemaking (DOE NOPR).6 In so doing, FERC reiterated its faith in the organized wholesale markets.7
FERC did, however, simultaneously commence a proceeding to examine the overarching question: What exactly is “resilience,” and do we need it?8 That proceeding is now underway before the Commission in docket AD18-7-000.
In starting its inquiry into “resilience,” FERC said:
The Commission places a priority on resilience, and today issued an order initiating a new proceeding (Docket No. AD18-7-000) to holistically examine the resilience of the bulk power system. The Commission recognizes that it must remain vigilant with respect to resilience challenges, because affordable and reliable electricity is vital to the country’s economic and national security.9
FERC’s action directed the regional transmission organizations (RTOs) and independent system operators (ISOs) to provide information as to whether FERC and the markets need to take additional steps to affirm the resilience of the bulk power system. FERC said its goals are to “develop a common understanding among the Commission, industry and others of what resilience of the bulk power system means and requires; to understand how each regional transmission organization and independent system operator assesses resilience in its geographic footprint; and to use this information to evaluate whether additional Commission action regarding resilience is appropriate.”10
Yet, “resilience” remains a rather elusive concept. The comments from the RTOs and ISOs explain “resilience” as another, perhaps expanded, value of reliability.11 Their comments in response to FERC indicate that all is well with each of their respective systems; but, at the same time, market events show that we do not have a clear view of what resilience is, how to measure it, or how to ensure it.12
Responding to FERC’s directive, PJM Interconnection (PJM) took one of the bolder approaches — seeking to establish a set of principles that would (intentionally) act as a lightning rod or spark action. PJM, for example, asked FERC to adopt a slightly different core definition of resilience and apply it (essentially) nationwide.
FERC’s order in January came with this definition: “The ability to withstand and reduce the magnitude and/or duration of disruptive events, which includes the capability to anticipate, absorb, adapt to, and/or rapidly recover from such an event.”13
PJM recommended an alternative formulation: “The ability to withstand or reduce the magnitude and/or duration of disruptive events, which includes the capability to identify and mitigate vulnerabilities and threats, and plan for, prepare for, absorb, adapt to, and/or recover from such an event.”14 Note the omission of the word “rapidly,” and the addition of the phrase “identify and mitigate vulnerabilities and threats.”
Additionally, PJM’s description of resilience — a term that is still in flux — as an extension of reliability is notable. Reliability is a well-defined set of ISO/RTO functions overseen by FERC, from capacity markets to secure resources years in advance, to split-second frequency regulation and “black-start” capacity to respond to emergencies.15
In its filing, the Midcontinent Independent System Operator (MISO) also acknowledged that “resilience is an element of overall grid reliability.”16 MISO said that “resilience” and the threats to resilience within its footprint comprise a concept embedded within reliability.17
Other commenters worry that this is nothing more than an excuse for the federal regulator to trample traditional stakeholder processes and the role of the states and their public utility commissions. The Pennsylvania Public Utility Commission (PAPUC) asked FERC to “clearly articulate” its jurisdiction regarding resilience, saying it disagrees with PJM’s assertion that resilience is “‘within the Commission’s existing authority with respect to the establishment of just and reasonable rates under the Federal Power Act.’ Therefore, clear and precise justification of FERC’s authority on this matter will be beneficial prior to any initial steps in regulating resilience,” the PAPUC stated.19
Echoing the state’s rights theme, the Large Public Power Council (LPPC) agreed with the Commission’s proposed definition of resilience. However, the LPPC urged that: “To the extent further rules or standards are considered, FERC must be mindful of the statutory limits on its authority,” saying the Federal Power Act does not provide the agency a general grant of authority “to take action on reliability or resilience outside its specific statutory role in the approval and enforcement of standards.”20 The LPPC also contended that there is “no basis” for applying any rule governing resilience to non-RTO areas, as had been recommended by MISO and PJM. “This is not an issue within FERC’s domain in non-RTO regions, where states and localities maintain authority over generation investment decisions and cost recovery,” the group said.21
And still other perspectives abound among those in the renewable energy sectors who worry (for obvious reasons) that resilience is merely a trumped up contrivance aimed at undermining the steady progress renewable energy is making toward supplying the lion’s share of our energy needs.22
The Electricity Consumers Resource Council and industrial energy users warned against using resilience as a pretext for a bailout of coal and nuclear plants, adding: “No action to advance resilience can be considered ‘just and reasonable’ if it has not considered the impact to consumers and how to minimize that impact.”23 Americans for a Clean Energy Grid, a coalition supporting a “fully electrified” society, noted that this winter’s “bomb cyclone” forced Northeast grid operators to rely on more expensive generation, such as coal, oil and dual-fuel units, even while wind output — stranded by transmission constraints — was higher than normal during the weather event.24 “Thus, while wind power can be more reliable than other resources during extreme winter weather, it is limited by interregional transmission constraints,” the group said.25 Indeed, PG&E warned: “Climate science and lived experience show that historical conditions are no longer a reliable predictor of future conditions. As issues arise in the future, PG&E encourages the Commission to consider the risks of climate change when making decisions that could affect stakeholders’ ability to make climate-smart investments, or to make other decisions to address climate resilience for the future.”26
The voices form a cacophony, not a chorus
FERC’s AD18-7-000 docket is teeming with very thoughtful, deeply concerned visions — albeit with literally hundreds of suggested forward paths. It is an understatement to say FERC’s call to action has been fully engaged.
Where we go from here is not clear. What is clear, however, is that action is needed.27 The Commission must act quickly and substantively, because the underlying concerns around resilience have surfaced in a multitude of proceedings. For example, the Electric Power Supply Association (EPSA) says resilience “must be a priority in all regions of the country, not only those served by independent system operators or regional transmission organizations.”28 According to the EPSA: “It is important for [FERC] to extend its inquiry on the holistic examination of resilience to all jurisdictional entities, particularly transmission owners and systems outside of ISOs/RTOs.”29
The challenge for FERC is ever mounting — New Jersey’s recently enacted Zero Emissions Credit Market is one example.30 Indeed, President Trump has reportedly pressed Secretary Perry to figure out a way to save coal and nuclear plants, which have struggled to compete in power markets against the rise of natural gas-fired generation and renewables, but the DOE has yet to land on a viable strategy.31
Commentators of all stripes and interests are offering their views about the effectiveness of our organized wholesale energy markets. One perspective says we are experiencing a severe problem in which baseload generation is threatened and verges on extinction. This view holds that: “[t]he baseload exit problem in organized electricity markets” is evidenced by “the bankruptcy or closure, or threat of bankruptcy and closure, of power plants. From there, a second, follow-on phase ensues involving emergency state action to preserve the baseload capacity, with significant associated costs, political and otherwise.”32 As these advocates see it: “[i]f gas-fired generation is indeed entering the bankruptcy or threat of bankruptcy phase of this problem, the next question is when does the second phase begin? Said another way, the waiting game is on [to] see if: (1) an ‘around market’ solution is developed to preserve gas-fired generation in organized electricity markets or (2) whether the threat of gas exits triggers a re-regulation push in any state.”33
It’s certainly true that we are seeing baseload resources exit the market.34 And, for nuclear and coal, new developments continue to challenge their forward path. As renewable energy, demand response and energy efficiency push higher and higher in respect of the total market share, the threat to baseload generation is acute and perhaps dire. Some say California remains at the forefront of the gas problem in organized electricity markets, with Texas following close behind.35
The Rocky Mountain Institute (RMI) offered a more positive assessment. In a recent report, RMI observed that U.S. utilities and independent power plant developers have announced plans to spend $110 billion to build new natural gas-fired plants, but then cautioned that many of those could become stranded assets not long after completion.36
RMI’s report compares the costs of new natural gas plants in four U.S. regions with those of “clean energy portfolios” that include distributed renewable resources, energy efficiency and demand response programs. RMI found that in three of those cases, the capital costs of clean energy were between 8 percent and 60 percent below those of the gas plants.37 The same applies to operating costs: at $5.00/MMBtu, the costs of clean energy portfolios will fall below the per-MWh cost of gas-fired plants in 2026 or shortly thereafter, the study found.38 At $3.00/MMBtu, clean energy will become cheaper around 2040.39
RMI’s analysis determines that low-cost clean energy portfolios threaten to strand investments in natural gas-fired power plants. In addition to competing with proposed gas-fired power plants on a levelized cost basis, clean energy portfolios will also increasingly threaten the profitability of existing power plants. Comparing the future operating costs of the two proposed combined cycle gas turbines (CCGTs) in this study against new-build clean energy portfolios, RMI finds that, depending on gas price forecasts, the clean energy portfolio’s levelized, all-in costs will fall below marginal operating costs of the CCGTs well within the planned operating lifetime of the proposed plants.40 In other words, the same technological innovations and price declines in renewable energy that have already contributed to early coal-plant retirement are now threatening to stall investments in natural gas.41
In unison with those who advocate that the organized wholesale markets are failing us, RMI urges that, in order to mitigate stranded asset risk and minimize ratepayer costs, investors and regulators should carefully re-examine planned natural gas infrastructure investment. RMI’s analysis reveals that across a range of case studies, regionally specific clean energy portfolios already outcompete proposed gas-fired generators and/or threaten to erode their revenue within the next 10 years.42
Thus, RMI concludes, the $112 billion of gas-fired power plants currently proposed or under construction, along with $32 billion of proposed gas pipelines to serve these power plants, are already at risk of becoming stranded assets.43 This has significant implications for investors in gas projects (both utilities and independent power producers) as well as regulators responsible for approving investments in vertically integrated territories.
Are we well-supplied, or do we need resilience?
As FERC staff recently reported, the U.S. power grid appears well prepared to handle the summer demand, especially in the Mid-Atlantic region that has drawn the DOE’s scrutiny.44
“Staff’s analysis of energy reliability and market conditions and trends going into this summer indicate that most regions appear prepared for the expected summer demand,” FERC’s 2018 summer assessment says.45
Power generation capacity reportedly stands well above minimum reserves considered necessary to keep the lights on through a predicted hot summer. That includes the 13 Mid-Atlantic and Midwestern states managed by PJM, which has a reserve margin this summer of over 25 percent, more than 10 percentage points above its benchmark reserve. The Eastern U.S. will add 25 GW of new capacity this summer.46
Some reporters wryly note that this ample reserve on the PJM system stands in stark contrast to contention from Secretary Perry, who has argued that the pending shutdown of some power plants threatens to undermine the resilience of the power grid and amounts to a national security threat, a critical justification for declaring a power emergency.47
Yet, FERC Chairman Kevin McIntyre (among others) has repeatedly said he sees no grid emergency.48 That’s a view many share.
“They’re scrounging around for a way to keep some of these nuclear plants and coal plants viable and they’re using that particular argument. . . . To me, it’s not persuasive, but I understand what they’re trying to do,” said Congressman Joe Barton (R-TX). On the other side of the political aisle, Sen. Martin Heinrich (D-N.M.) said “It’s about abuse of power. You can’t just start claiming a national security justification that clearly has nothing to do with national security, and that’s a very dangerous road to go down.”49
FERC staff’s state of market summer report does highlight some risks in Texas, which has reserve margins below its benchmark, and Southern California, which has restricted gas storage at the Aliso Canyon facility, and which faces limited hydropower capacity due to drought.50
Broad concerns about the loss of baseload generation persist. Cynics will see a political, not a practical, motivation at play, but “leaked” memos and reports tell us that the National Security Council (NSC) is studying the security risk from coal and nuclear power plant shutdowns. The NSC is set to take the lead on determining whether the federal government should bail out struggling coal and nuclear power plants.51
As evidenced by the “leaked” memo, the NSC will spend time studying whether the retirement of coal and nuclear power plants poses a national security risk that merits the aggressive use of federal authorities under the Federal Power Act or the Defense Production Act — moves that Secretary Perry has been examining.52
The initiative has faced a storm of opposition from the natural gas, wind and solar industries, as well as conservatives who have decried the need for federal interference in the markets.53
Indeed, there is a substantive pushback against arguments in the NSC memo that tries to contend natural gas pipelines that supply the power plants present a vulnerable target that could be disrupted by hackers and cause widespread blackouts.54
So far, Secretary Perry has had no success in implementing President Trump’s orders. His previous request to FERC to consider a rule that would reward plants that kept 90 days of fuel on-site was rejected by the independent agency unanimously in January.55 Moreover, the DOE has demurred from using emergency authority under the Federal Power Act, as bankrupt merchant generator FirstEnergy Solutions had requested, although the Act still requires operators to get cost-of-service contracts approved by FERC.56
In his latest attempt to protect coal-fired and nuclear power plants, Secretary Perry invoked the 1950 Defense Production Act to keep money-losing power plants running by designating them as crucial for national security. 52 While the Act would allow the DOE to nationalize coal and nuclear plants, it would stretch the definition of the law, and would likely require a significant appropriation from Congress to bail out all 85 plants in the Mid-Atlantic and Rust Belt regions, experts say.58 The DOE is also examining a recent highway bill, called the FAST Act, for options such as designating the power plants as critical infrastructure provisions — or, it may ask the Department of Defense to contract for electricity from those power plants.59
Where do we go from here?
Against all this background noise, investors continue to press for renewable energy and decarbonization. At least 66 climate change-related resolutions were filed for the 2018 proxy season, according to The WallStreet Journal,after support for those measures climbed last year.60
Environmentalists and green-minded investors have increasingly sought to compel fossil fuel companies to recognize and plan for climate change when making decisions about future work. Such resolutions passed last year at utility group PPL Corp., and shareholders earlier this month voted to have pipeline company Kinder Morgan issue an annual sustainability report, disregarding the board’s complaints that such a report would not provide any new meaningful information.61
In the AD18-7 docket, FERC has amassed a robust record that should lead to action. What type of action that will be, however, is not clear. FERC’s options include using this record to justify that everything is fine and join with Nero playing the proverbial fiddle while Rome (i.e., our wholesale energy markets) burns. That choice seems unlikely given Chairman McIntyre’s seriousness of purpose and the record developed in the docket. It seems more probable that FERC will affirm the various individual RTO/ISO plans to advance resilience in their respective regions. If FERC sets forth a universal definition of “resilience,” the RTOs/ISOs can pursue meaningful steps to achieving said resilience in their markets.
Another possible forward action for FERC (albeit highly unlikely) is to declare the organized markets a complete failure and to disband them in favor of reinstituting the vertically integrated market. According to the advocates of this view: “This would take extraordinary courage from FERC, but the only functioning regulatory constructs for electricity are vertically integrated markets or markets like SPP and MISO with planned utilities underneath and residual energy markets, both of which allow for rate-based, joint dispatch approaches.”62 Not everyone agrees with that view — indeed, the dysfunction in MISO, for example, has been cited as an existential threat to the continued participation of merchant generation.63 And, of course, FERC Commission Powelson has been clear he’s not presiding over the deconstruction of our organized markets.
So, between the bookends lies an array of choices for FERC. What FERC will choose to do is hard to discern, but the general sentiment of commenters is that FERC must take action—and soon—to ensure the resilience of the bulk power system.
—Kenneth W. Irvin is a partner in the firm of Sidley Austin LLP’s Washington, D.C. office. He specializes in energy, mergers and acquisitions, and securities and derivatives enforcement and regulatory actions. Christopher Polito is an associate with Sidley Austin LLP in the Washington, D.C. office. He specializes in energy.
This article has been prepared for informational purposes only and does not constitute legal advice. This information is not intended to create, and the receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers. The content therein does not reflect the views of the firm.
* * *
- The authors wish to express our gratitude for invaluable assistance of our colleague Radhika Kannan, a summer associate with Sidley DC this year.
- Letter from Rick Perry, U.S. Secretary of Energy, to Chairman & Commissioners of FERC, at 1 (Sept. 28, 2017) (“Secretary NOPR Letter”).
- Darius Dixon, POLITICO Pro Q&A: Deputy Energy Secretary Dan Brouillette,Politico(June 22, 2018), https://subscriber.politicopro.com/energy/article/2018/06/politico-pro-q-a-deputy-energy-secretary-dan-brouillette-638326.
- Emily Holden, Pruitt says coal losses make the grid vulnerable. Not really.,E&E News(June 7, 2017), https://www.eenews.net/stories/1060055661/
- Grid Reliability and Resilience Pricing, 162 FERC ¶ 61,012 (2018).
- Press Release, Federal Energy Regulatory Commission, FERC Initiates New Proceeding on Grid Resilience, Terminates DOE NOPR Proceeding (Jan. 8, 2018).
- See, e.g., Comments and Responses of PJM Interconnection, L.L.C. at 4, Grid Resilience in Regional Transmission Organizations and Independent System Operators, FERC Docket No. AD18-7-000 (Mar. 9, 2018) (“To be clear, the PJM [Bulk Electric System (“BES”)] is safe and reliable today — it has been designed and is operated to meet all applicable reliability standards. However, improvements can and should be made to make the BES more resilient against known and potential vulnerabilities and threats. In many cases, resilience actions are anchored in, but go beyond what is strictly required for compliance with, the existing reliability standards.”) (“PJM Comments”); Initial Comments of PJM Interconnection, L.L.C. on the United States Department of Energy Proposed Rule at 25, Grid Reliability and Resilience Pricing, FERC Docket No. RM18-1-000 (Oct. 23, 2017) (“[T]he performance of the PJM system in response to incredibly taxing events like the 2014 Polar Vortex demonstrate the reliability and resilience of the system created by effective transmission planning and development and the energy and capacity markets.”) (“Initial Comments PJM”). See also Response of the New York Independent System Operator, Inc. at 1, Grid Resilience in Regional Transmission Organizations and Independent System Operators, FERC Docket No. AD18-7-000 (Mar. 9, 2018) (referring to “efforts already underway (or being considered) to ensure continued reliable operation and bolster resiliency in response to the evolving nature of the bulk power system in New York”).
- Petition Re: Request for Emergency Order Pursuant to Federal Power Act Section 202(c) from Rick C. Giannantonio, General Counsel, First Energy Solutions Corp., to Secretary Rick Perry, U.S. Secretary of Energy at 2 (Mar. 29, 2018).
- See supranote 6.
- Comments and Responses of PJM Interconnection, supranote 11, at 10.
- Jeff St. John, Grid Operators Report to FERC on Grid Resilience, Green Tech. Media(Mar. 9, 2018), https://www.greentechmedia.com/articles/read/grid-operators-report-ferc-resilience#gs.wxZ8MSs.
- Comments of the Midcontinent Independent System Operator, Inc. at 1 n.2, Grid Reliability and Resilience Pricing, FERC Docket No. RM18-1-000 (Oct. 23, 2017) (“MISO Comments”).
- See, e.g., Comments of the Pennsylvania Public Utility Commission at 1, Grid Reliability and Resilience Pricing, FERC Docket No. AD18-7-000 (May 9, 2018) (“The PAPUC generally supports the efforts taken thus far by PJM to improve the resilience of the PJM grid and further recommends adoption of some, but not all, of PJM’s recommendations to FERC for moving forward on this important endeavor. However, the PAPUC is concerned that some of PJM’s proposed design, operational and market modifications, offered in the name of resilience, may shortchange or even bypass normal PJM stakeholder deliberative processes.”).
- Id. at 7.
- Comments of the Large Public Power Council, Grid Reliability and Resilience Pricing, FERC Docket No. AD18-7-000 (May 9, 2018).
- See, e.g., Reply Comments of the American Wind Industry and the American Council on Renewable Energy at 2, Grid Reliability and Resilience Pricing, FERC Docket No. AD18-7-000 (May 9, 2018)(“The Commission should not impose a generic (e., one-size-fits-all) solution to address reliability and resilience, especially without a record to support such an action, and should resist any calls for undertaking remedies to address perceived reliability and resilience concerns, without an evidence-based determination of the need for such measures and the benefits to consumers. If not, the Commission will merely succeed in hurting jurisdictional markets and raising costs for consumers.”).
- Reply Comments of the Electricity Consumers Resource Council at 4, Grid Reliability and Resilience Pricing, FERC Docket No. AD18-7-000 (May 9, 2018).
- Comments of Americans for a Clean Energy Grid at 4, Grid Reliability and Resilience Pricing, FERC Docket No. AD18-7-000 (May 9, 2018).
- Reply Comments of Pacific Gas & Elec. Co. at 6, Grid Reliability and Resilience Pricing, FERC Docket No. AD18-7-000 (May 9, 2018).
- See, e.g., Reply Comments of Eversource Energy Serv. Co. at 3, Grid Reliability and Resilience Pricing, FERC Docket No. AD18-7-000 (May 9, 2018) (ISO-NE’s fuel security study “may understate the magnitude and scope of the challenges. This could lead one to falsely conclude that only minor changes are required, and that Commission action may be unneeded at this time. To the contrary, time is not on New England’s side.”).
- Comments of the Electric Power Supply Assoc. at 18, Grid Reliability and Resilience Pricing, FERC Docket No. AD18-7-000 (May 9, 2018).
- Peter Maloney, New Jersey Gov. Murphy signs bills creating zero emission credits for nuclear, Utility Dive(May 24, 2018), https://www.utilitydive.com/news/new-jersey-gov-murphy-signs-bills-creating-zero-emission-credits-for-nucle/524238/.
- Eric Wolff, Pressed by Trump, Perry says he aims to help coal plants, Politico(Apr. 12, 2018), https://subscriber.politicopro.com/energy/article/2018/04/pressed-by-trump-perry-says-he-aims-to-help-coal-plants-478268.
- Raymond L. Gifford & Matthew S. Larson,‘Around Market,’ ‘In Market,’ and FERC at a Crossroads10 (Wilkinson Barker Knauer, 2018).
- Raymond L. Gifford & Matthew S. Larson,State Actions in Organized Markets 1 (Wilkinson Barker Knauer, 2016).
- Gifford & Larson, supranote 32.
- Mark Dyson, Jamil Farbes & Alexander Engel,The Economics of Clean Energy Portfolios: How Renewable and Distributed Energy Resources Are Outcompeting and Can Strand Investment in Natural Gas-Fired Generation 6-10 (Rocky Mountain Institute, 2018).
- Id. at 33.
- Id. at 49.
- Id. at 9.
- Id. at 51.
- Id. at 10.
- Federal Energy Regulatory Commission, Item A-3 Summer 2018 Energy Market and Reliability Assessment (2018), https://www.ferc.gov/market-oversight/reports-analyses/mkt-views/2018/05-17-18.pdf.
- Josh Siegel, Power grid operator bashes utility’s plea for Rick Perry to save coal, nuclear plants, Examiner(Mar. 29, 2018), https://www.washingtonexaminer.com/policy/energy/power-grid-operator-bas...See alsoInitial Comments PJM, supranote 11.
- Transcript: The Energy 202 Live, Post Live(May 10, 2018), https://www.washingtonpost.com/blogs/post-live/wp/2018/05/10/transcript-....
- Darius Dixon, Perry’s ‘national security’ push for grid draws skepticism on the Hill,Politico(June 19, 2018), https://subscriber.politicopro.com/energy/article/2018/06/perrys-national-security-push-for-grid-draws-skepticism-on-the-hill-629634.
- Summer Report, supra note 44
- Eric Wolff, Sources: NSC to study security risk from coal, nuclear power plant shutdowns, Politico(May 25, 2018), https://subscriber.politicopro.com/energy/article/2018/05/sources-nsc-to-study-security-risk-from-coal-nuclear-power-plant-shutdowns-573763.
- Eric Wolff, Trump calls for coal, nuclear power plant bailout, Politico(June 1, 2018), https://www.politico.com/story/2018/06/01/donald-trump-rick-perry-coal-plants-617112.
- See supranote 51.
- See supranote 6.
- 16 U.S.C. §824a(c).
- Eric Wolff, Perry’s latest bid to help coal faces uphill battle, Politico(Apr. 25, 2018), https://subscriber.politicopro.com/energy/article/2018/04/perrys-latest-bid-to-help-coal-faces-uphill-battle-501371.
- Seesupranote 53.
- Mara Lemos Stein, More Shareholder Proposals Spotlight Climate Change, Wall St. J(Feb. 8, 2018), https://blogs.wsj.com/riskandcompliance/2018/02/08/more-shareholder-proposals-spotlight-climate-change/; Meaghan Kilroy, Shareholder support for climate-change proposals grows in the second half of 2017, Pension & Investments Online(Mar. 14, 2018), http://www.pionline.com/article/20180314/ONLINE/180319927/shareholder-support-for-climate-change-proposals-grows-in-the-second-half-of-2017-8211-report.
- Robert Walton, PPL shareholders pass resolution for climate strategy assessment, Utility Dive(May 23, 2017), https://www.utilitydive.com/news/ppl-shareholders-pass-resolution-for-climate-strategy-assessment/443319/; Meaghan Kilroy, Shareholders support proposals for Kinder Morgan to create climate change, sustainability reports,Pensions & Investments Online(May 10, 2018), http://www.pionline.com/article/20180510/ONLINE/180519971/shareholders-s....
- Gifford & Larson, supranote 32
- Audio Recording: Vistra Energy Corp. Q1 2018 Energy Earnings Conference Call, held by Vistra Energy Corp. (May 4, 2018), https://investor.vistraenergy.com/investor-relations/events-and-presentations/event-details/2018/Q1-2018-Vistra-Energy-Earnings-Conference-Call/default.aspx(starting at time index 58:10 through time index 61:50) (Vistra made clear that if the company continues to lose money on its MISO assets, it will not continue to operate those assets. Vistra’s CEO reports to analysts: “[I]f the reality is that we have the same capacity clears that we just saw in MISO, we have got to do some things with our business … once we get through all that … if we’re losing money on assets, we’re not going to run them… I do think though at the end, when we get all that done, the retail business and what’s left of the assets … I think you’ll see probably a smaller, more focused business in MISO at the end of the day”); See also, Request for Rehearing of the MISO Independent Market Monitor at 7, Midcontinent Indep. Sys. Operator, Inc., FERC Docket No. ER18-462-001 (Mar. 30, 2018) (warning of plant closures and loss of reserve margin if resource adequacy construct is not changed).
June 25, 2018
By Michael Brooks
WASHINGTON — A decade of mandatory standards has improved the grid’s reliability, but it’s time for regulators to prune unnecessary rules, speakers told FERC on Thursday.
At its annual technical conference on reliability, the commission delved into the weeds on compliance enforcement, gas-electric coordination and cybersecurity (AD17-8).
NERC received accolades from many who spoke at the conference for its continual improvement of the grid’s reliability; its transparency and coordination with other stakeholders; and its Reliability Assurance Initiative, a risk-based approach to compliance enforcement approved in 2015 that allows facilities to self-log minor violations — and NERC to focus on the most serious issues. The initiative also included the creation of Inherent Risk Assessment (IRA) profiles for facilities, which help NERC decide what standards to focus on.
FERC’s conference came days after the 10th anniversary of the first mandatory reliability standards under FERC Order 693 and a week after NERC released its State of Reliability report, from which CEO Gerry Cauley recounted some key statistics in his opening remarks. (See NERC: Despite Solid 2016, Grid Threats Remain.)
“Bulk Power System reliability remains very high and continues to show year-over-year improvement,” Cauley said. “Industry has been very responsive to our risk-based approach and has been shifting resources to fix the most critical challenges to reliability. … These standards have had a major impact on reducing risk. Over time, we’ve seen a dramatic decline in the number and severity of compliance violations.”
But Cauley and many other panelists said it was time for another “Paragraph 81” process, referring to a provision in the commission’s March 2012 approval of NERC’s Find, Fix, Track and Report process that directed the organization to identify requirements that do little to protect reliability and could be removed. FERC ended up approving the retirement of 34 such requirements (RC11-6, et al.).
“It may be time to focus again on streamlining the requirements to ensure the investment in compliance is commensurate with the reliability gains,” Cauley said.
Speaking on behalf of the Large Public Power Council, Steven Wright, general manager of the Chelan Public Utility District in Washington state, wanted to go a step further. The risk-based approach hasn’t reduced Chelan’s documentation requirements: Of the 1,236 requirements and sub-requirements applicable to the utility, only four qualify for self-logging, Wright said.
He suggested that entities be granted waivers from certain standards if the IRA indicates their implementation of them doesn’t affect the grid.
Cauley disagreed with that idea, calling it an “optional menu.” NERC’s Regional Entities “legally have the discretion today to monitor and enforce whichever standards we feel suit an individual entity. And that’s really the purpose of the Inherent Risk Assessment. … I think the regions could do a better job of explaining that and explaining what could be looked at.
“But I don’t think it makes sense to take a North American set of standards and create sort of a little checklist matrix for each entity. The standards are the standards.”
Wright also suggested that there be more incentives for entities’ standard compliance, which Commissioner Colette Honorable pushed back on.
“I have a 16-year-old daughter, and she gets good grades. But I think she could get better grades,” she said. “So do I reward her for … getting the grades she should be getting anyway?”
Wright did not directly respond to the question of carrot vs. stick, but he made clear he felt LPPC’s members haven’t gotten enough “bang for our buck.”
“We are spending a lot of money” on IRAs and Internal Controls Evaluation, another RAI component, he said. “And I think it’s a good thing because we’re improving reliability, but if we can find efficiencies we should get them.”
‘Special Assessment’ on Gas Dependence
Acting FERC Chair Cheryl LaFleur asked what the commission or NERC should be doing to account for the increasing reliance on natural gas pipelines for baseload power. She pointed out that FERC has no jurisdiction over the reliability of natural gas pipelines (which belongs to the Transportation Department’s Pipeline and Hazardous Materials Safety Administration), but it does have jurisdiction over those who burn the gas.
“Should we be changing our planning standards in some way to take that potential loss of the pipeline into account or the gas storage” site? she asked. “Aliso Canyon brings that into the front of the discussion.”
Cauley responded that NERC is working on a special assessment report on the issue. The organization has been analyzing key pipelines and storage facilities and the potential impact of losing them on the grid.
“It will be clear from this report, I believe, that you should be planning for the loss of a most critical, most impactful facility, including if it’s on a gas system,” he said. “I am concerned that you have certain reliability standards and expectations on an electric system and what I consider a foundational piece — the fuel deliverability piece — doesn’t have an equivalent.”
Patricia Hoffman, acting assistant secretary of the Energy Department’s Office of Electric Delivery and Energy Reliability, suggested that grid operators do assessments to determine how dependent regions are on one fuel source.
The threat of cyberattacks took up a sizeable portion of the daylong conference.
NERC Chief Security Officer Marcus Sachs revealed that the organization had only learned about the most serious threat to date — malware known as CrashOverride — days before it was made public by two cybersecurity firms earlier this month. The program, which can control circuit breakers via supervisory control and data acquisition (SCADA) systems, was used last December to briefly cut power to about one-fifth of Kiev, Ukraine. (See Experts ID New Cyber Threat to SCADA Systems.)
Sachs recounted that NERC learned of CrashOverride on the afternoon of Friday, June 9. ESET, a Slovakian antivirus software provider, had contacted Maryland-based Dragos, asking it to review its findings before it publicized them on Monday. Dragos then contacted NERC, which worked over the weekend reviewing ESET’s work and producing a report. Dragos also produced its own report over the weekend.
“If we didn’t have those public-private partnerships already existing, we would have failed that weekend, and you would have had a huge media splash on Monday morning that none of us would have been ready for,” Sachs said.
Many experts believe hackers based in Russia are behind the attacks on Ukraine, which Sachs said has been under “relentless assault” for the past couple years: Banking, railroads and Internet service providers have all experienced disruptions.
But while everything points to Russia, it is also possible individuals posing as Russians are behind the attacks, Sachs said.
Speaking to RTO Insider, Sachs pointed to the Solar Sunrise incident in 1998, in which two teenagers from California attacked Defense Department systems and led the military to believe they were from Iraq. “Just because it looks like a duck, smells like a duck, quacks like a duck — it may be a moose,” he said.
There was considerable discussion about understaffing at the entities responsible for protecting against cyber threats. Many agreed that the supply of qualified cybersecurity workers is too small to meet the very high demand.
“At the state level, we’re generally not staffed for this type of thing,” New Hampshire Public Utilities Commissioner Robert Scott said. “We don’t have the expertise.”
“The electric utility, 30 years ago, was the place to go to out of college,” said Greg Ford, CEO of Georgia System Operations, a cooperative that provides power to half the households in the state. “Today it’s harder and harder to lure those college students.”
“It’s easier to find individuals who are familiar with cybersecurity when it comes to traditional [information technology] and Windows-based infrastructure,” said David Ball, director of AEP Transmission Dispatching. “The more difficult skill set to find today is … a power-based background” and familiarity with SCADA.
“People with these type of skills are very marketable and they’re very mobile,” Scott agreed. “At the state level, we can’t hope to attract those type of people.”
Sachs pointed out, however, that middle and high schools are increasingly sponsoring competitive cybersecurity exercises and students are competing in “hack-a-thons.”
“This is good news,” he said. “And it’s something we need to leverage. … Getting into cybersecurity is absolutely what we want these young kids to do.”
“All I can say to that is ‘Amen,’” Honorable replied.
May 9, 2018
By Kevin Randolph
A new program aims to increase involvement and enhance collaboration and information sharing between member utilities of The North American Electric Reliability Corporation (NERC) Electricity Information Sharing and Analysis Center (E-ISAC).
E-ISAC, in partnership with the Large Public Power Council, began an initiative in January called the Industry Augmentation Program, which invites utility staff for multi-day visits to work with E-ISAC personnel.
The Industry Augmentation Program aims to raise awareness of E-ISAC cyber and physical security analysis processes, data protection and the separation from NERC’s compliance functions, provide an avenue for the E-ISAC to receive feedback from industry on tools and communications protocols and strengthen utility security programs and staff expertise.
NERC also said it aims to conduct an exchange program each quarter to E-ISAC members from investor- and publicly owned utilities as well as electric cooperatives and invited interested members to contact E-ISAC for more information.
“This program highlights the benefit of multi-directional information sharing between the E-ISAC and industry,” Bill Lawrence, director of the E-ISAC, said. “Having industry members work closely with E-ISAC personnel improves both organizations’ information sharing processes and gives each organization insight into the needs of the other, which strengthens security efforts across North America. It also builds trust in the safeguards the E-ISAC has in place to protect information shared from members.”
Eight utilities have so far participated in the augmentation program, NERC said in a press release.
To date, participants have included cybersecurity experts from publicly owned utilities and investor-owned utilities. JEA, the Los Angeles Department of Water & Power, the Nebraska Public Power District, the New York Power Authority, the Sacramento Municipal Utility District and Salt River Project are participants from the Large Public Power Council. Consolidated Edison, Inc. and Southern Company are the first two investor-owned utilities to participate in the program.
May 9, 2018
FERC should let RTO stakeholder processes work and not issue broad and costly new mandates, most commenters told the commission in its proceeding on grid resilience (AD18-7).
RTO Insider’s review of more than 60 of the dozens of comments filed ahead of the May 9 deadline indicated widespread support for RTOs’ requests in their initial filings in March for time to discuss the issues with stakeholders, more coordination with natural gas operators and more information on cyber threats. (See RTO Resilience Filings Seek Time, More Gas Coordination.)
But many commenters criticized PJM’s call for setting firm deadlines for rule changes, saying the RTO’s proposals would increase costs without necessarily improving resilience. Several commenters, including Edison Electric Institute and the National Rural Electric Cooperative Association (NRECA), suggested FERC schedule one or more technical conferences on the issue. Numerous commenters called for cost-benefit analyses of any new requirements.
In a joint filing, CAISO, MISO, NYISO, SPP and ISO-NE asked FERC not to impose PJM’s proposals in their regions.
“The record in this proceeding does not support any universal resilience standard or tariff changes requirements to be applied to all RTOs/ISOs. To the contrary, the record demonstrates that RTOs/ISOs have different resilience issues and priorities, and requiring all RTOs/ISOs to follow PJM’s proposed schedule on the issues pertinent to PJM will undermine each RTO/ISO’s efforts to address the specific challenges within its region,” they said. “Thus, the commission should reject PJM’s requests and allow individual RTOs/ISOs to pursue the resilience-related issues and initiatives they have identified in their region through collaborative efforts with their stakeholders and pursuant to the time frames they have established.”
Others, including the Advanced Energy Management Alliance, agreed that RTOs should continue their existing efforts to address their unique challenges. “PJM’s explanation of the need for changes to certain energy and ancillary market rules is helpful to inform the commission as to areas PJM is working on, but PJM cannot ask FERC to require rule changes to be filed in pre-emption of the stakeholder process or development of an evidentiary record that change is necessary.”
After rejecting the Department of Energy’s call for price supports for coal and nuclear generators in January, the commission asked its six jurisdictional RTOs and ISOs to respond to two dozen questions on resilience. This week’s deadline was for responses to the RTOs’ comments.
The comments touched on topics including FERC’s jurisdiction, fuel security, cyber threats and climate change, as well as individual regional issues.
Several commenters raised jurisdictional issues, noting that states, not FERC, have authority over distribution systems where most outages occur. Arizona Public Service said NERC’s reliability standards already address resilience.
“Before taking any additional steps to address resilience, the commission [should] consider the … comprehensive federal, state and industry efforts [that] address all levels of the electric grid and significantly contribute to ensuring” resilience, APS said. The utility criticized proposals it said “are clearly focused upon expanding the role of ISOs and RTOs and are, without understanding efforts at the state level and among utilities commercially, premature.”
The Pennsylvania Public Utility Commission asked FERC to “clearly articulate” its jurisdiction regarding resilience, saying it disagrees with PJM’s assertion that resilience is “‘within the commission’s existing authority with respect to the establishment of just and reasonable rates under the Federal Power Act.’ Therefore, clear and precise justification of FERC’s authority on this matter will be beneficial prior to any initial steps in regulating resilience,” the PUC said.
Entergy also disagreed with PJM’s “overly broad” interpretation of the commission’s jurisdiction.
The Large Public Power Council (LPPC) agreed with commission’s proposed definition of resilience but urged that “to the extent further rules or standards are considered, FERC must be mindful of the statutory limits on its authority,” saying the Federal Power Act does not provide the agency a general grant of authority “to take action on reliability or resilience outside its specific statutory role in the approval and enforcement of standards.”
The LPPC also contended there is “no basis” for applying any rule governing resilience to non-RTO areas, as had been recommended by MISO and PJM. “This is not an issue within FERC’s domain in non-RTO regions, where states and localities maintain authority over generation investment decisions and cost recovery,” the group said.
The Electric Power Supply Association sees it differently. “Resilience must be a priority in all regions of the country, not only those served by independent system operators or regional transmission organizations,” EPSA said. “Therefore, it is important for the commission to extend its inquiry on the holistic examination of resilience to all jurisdictional entities, particularly transmission owners and systems outside of ISOs/RTOs.”
The American Petroleum Institute said PJM’s proposals regarding gas-electric coordination — such as requiring interstate pipelines to offer new transportation services and build new infrastructure — are unnecessary and may be beyond FERC’s jurisdiction under the Natural Gas Act.
LG&E and KU Energy warned FERC against undermining existing state processes, saying its resource planning and transmission and distribution operations are working well, and noting that it is not part of an RTO. In 2017, the utilities said, they attained their lowest forced outage rate since 2004 at 3.46% of its baseload generation.
The Transmission Access Policy Study Group, which represents transmission-dependent utilities, said FERC should give RTO stakeholders time to build consensus on issues within their purview and leave distribution systems to state and local regulators.
PJM’s Transmission Owners Agreement-Administrative Committee said their members need more information from the government on potential cyber threats. “The threat data that resides at, for example, the Department of Energy, Department of Homeland Security, National Security Council and Department of Defense is vital for the RTO/ISOs to have access to for developing and implementing effective protection mechanisms,” they said.
“Therefore, it is essential that the commission develop a process by which PJM may receive verification concerning the reasonableness of vulnerability and threat assessments based on internal government data that has not been made available to RTOs on national security grounds.”
Exelon said FERC, DOE and DHS should participate in the development of modeling scenarios and create a “design-basis threat” to provide a baseline against which RTOs can measure their resilience efforts.
Climate Change’s Role
The Center for Climate and Energy Solutions said that FERC’s scope of grid resilience lacks an acknowledgment of climate change and how it could hinder resilience.
The environmental nonprofit said that although it would prefer FERC order “an economy-wide pricing mechanism” to absorb the economic impacts and even prevent some physical impacts of climate change, it said the commission should at least ensure that wholesale power markets are “internalizing the costs of carbon emissions” through carbon pricing.
Energy Price Formation Resilience PJM Fuel Security
Mobile substation | AEP Texas
The center added that increasing regularity of droughts threatens cooling systems for generating stations and rising temperatures will impede the capacity of bulk transmission lines to transport power. The nonprofit called on FERC to convene a technical conference to explore best practices for an industry coping with global warming.
“Climate science and lived experience show that historical conditions are no longer a reliable predictor of future conditions,” Pacific Gas and Electric said. “As issues arise in the future, PG&E encourages the commission to consider the risks of climate change when making decisions that could affect stakeholders’ ability to make climate-smart investments, or to make other decisions to address climate resilience for the future.”
Numerous commenters cited the certainty of fuel supplies as an essential element of resilience.
NERC said FERC should consider encouraging firm transportation, multiple pipeline connections and dual-fuel capability for gas generators. “Further, the commission could consider requiring that resource adequacy assessments account for potential reliability ramifications associated with the ‘just-in-time’ natural gas fuel delivery model.”
“Fuel security risk is the most important factor to include in the commission’s definition of resilience and in its evaluation of grid resilience generally,” the American Coalition for Clean Coal Electricity said. The American Coal Council said coal generation retirements are a threat because intermittent resources can’t always be counted on.
Basin Electric Power Cooperative said its fossil generating units continue to be affected by markets “that fail to adequately compensate resources” for providing “essential electric service” in the wholesale markets.
The North Dakota co-op called for “equity across all fuel types,” saying the RTOs’ comments did not address the “preferential treatment” wind generation receives. It said a new ramp product, “if structured appropriately,” could reflect the value of stand-by products and provide “sufficient mitigation for assets that must stay online and incur losses” to backfill wind.
The Electricity Consumers Resource Council and industrial energy users warned against using resilience as a pretext for a “bailout” of coal and nuclear plants, adding, “No action to advance resilience can be considered ‘just and reasonable’ if it has not considered the impact to consumers and how to minimize that impact.”
Americans for a Clean Energy Grid, a coalition supporting a “fully electrified” society, noted that this winter’s “bomb cyclone” forced Northeast grid operators to rely on more expensive generation such as coal, oil and dual-fuel units, even while wind output — stranded by transmission constraints — was higher than normal during the weather event. “Thus, while wind power can be more reliable than other resources during extreme winter weather, it is limited by interregional transmission constraints,” the group said.
Role of Capacity Markets
While many commenters, including EPSA and the Natural Gas Supply Association, called for market-based responses to resilience needs, the American Public Power Association and NRECA said mandatory capacity markets are not producing the resource mix needed to provide required resilience attributes. “Rather than relying on the markets, appropriately accommodating state resource policy choices in the mandatory capacity markets likely would help alleviate some of these [resilience] concerns.”
API, in contrast, warned that some of PJM’s proposals “seem to be regressing back toward an integrated resource planning world where picking winners and losers takes precedence over markets and competition.”
Role of Transmission
Many commenters noted that most outages occur on the transmission and distribution system.
ITC Holdings said the bulk power system’s resilience faces “a substantial threat from the ongoing lack of any effective, regular interregional transmission planning processes between many RTOs/ISOs,” citing MISO’s seams with PJM and SPP. “Despite the highly interconnected nature of [the MISO-PJM] seam, and despite a long history of commission exhortation to ensure sufficient coordination between the two regions, no interregional transmission project has ever been planned for or built between these two RTOs. As such, each region is unnecessarily limited in its ability to call on generating resources from the neighboring region to respond to grid emergencies.”
Although the vast majority of customer disruptions occur because of failures of the distribution system and are beyond FERC’s jurisdiction, the commission could aid resilience by integrating distributed energy resources into wholesale markets and revising Order 1000 to increase the use of non-wires solutions to transmission constraints, said a group of environmental and public interest organizations, including the Natural Resources Defense Council and Environmental Defense Fund.
Trade group WIRES said FERC should update Order 890’s transmission planning principles to include resilience as a distinct planning driver for RTOs. “Generation and fuel supply policies offer only a limited hedge against potential disruption. Moreover, while distributed resources are important for rapid recovery, they are of limited long-term capability without the grid’s transfer capabilities,” the association said.
The Energy Storage Association said FERC could enhance resilience through greater storage use, embedding the resource type into transmission planning and encouraging wholesale market participation of distribution-level storage. “Storage decouples the element of time from supply and demand,” the ESA said. “It makes non-dispatchable generators dispatchable; it makes inflexible generators flexible; and it makes inefficient cycling generators more efficient.”
The WATT Coalition, a group of companies that offer technologies to increase the delivery capability of the existing grid, urged FERC to focus on how advanced transmission technologies can improve resilience. “During times of system stress, network topology optimization, dynamic line ratings, and power flow control can help ensure reliable operation,” the group said.
It noted that ISO-NE’s relaxation of transfer limits during this winter’s bomb cyclone allowed it to import an additional 200 MW of generation from NYISO. “When it is cold, cloudy, or windy, lines are cooled, so they can physically deliver more energy without sagging or over-heating,” the coalition said.
Tesla warned against a definition of resilience that focuses on generator availability or transmission. “Distributed energy resources that are co-located with load can continue to provide electric service to customers even in the face of a complete failure of the bulk power system and are best-placed to provide resilience in a wide variety of contingencies impacting the grid,” it said.
PJM Comments Under Scrutiny
PJM’s March filing was the subject of numerous commenters.
“In its zeal to address resilience in its own market, PJM has inappropriately laid out directives and requirements for every other market to follow, according to PJM’s proposed time frames,” EPSA said.
EEI agreed, saying “it may be premature to require all RTOs/ISOs to make specific filings as requested in PJM’s comments.”
David Patton, whose company Potomac Economics provides market monitoring services to MISO, ISO-NE, NYISO and ERCOT, said adopting PJM’s proposal to allow inflexible generators to set clearing prices would have boosted MISO’s system marginal prices by 30%, based on analysis of the 12 months ending in October 2017. (See Critics Slam PJM’s NOPR Alternative as ‘Windfall’.)
“This plan is a fundamental departure from the efficient locational marginal pricing framework that has been the foundation of all successful wholesale markets in the U.S.,” Patton said. “It would, for the first time, introduce fixed costs into real-time pricing that are clearly not marginal in the real-time dispatch horizon. In effect, PJM would be requiring that the average costs of all resources needed to service load be reflected in every five-minute interval.”
Energy Price Formation Resilience PJM Fuel Security
PECO Audubon substation | © RTO Insider
The Pennsylvania PUC said it supported some of PJM’s proposals but feared that some “offered in the name of resilience may shortchange or even bypass normal PJM stakeholder deliberative processes” and warned against giving RTOs “a license to ‘gold-plate’ the generation, transmission and cyber assets of its members to achieve standards of resiliency that are disproportionate to a particular vulnerability or threat assessment.
The regulators said they were concerned over the potential scope and costs of PJM’s proposals. “Some of PJM’s recommendations, especially in the market design arena, appear to utilize the grid resilience docket as another forum to advocate for specific market modifications, such as energy price formation, that are not immediately germane to the resilience discussion,” the PUC said.
It agreed with PJM that FERC may need to “revisit” NERC reliability standards. “However, revision of NERC standards is a complex, time-consuming process that should be allowed to proceed on its own timeline without an accelerated impetus from this docket.”
The PJM Power Providers Group (P3), on the other hand, praised the RTO’s “thoughtful recommendations” for addressing “antiquated energy price formation structures.”
“However, the stakeholder deliberations regarding this issue have been unproductive to date. Commission direction may be required for energy price formation goals to come to fruition as a means to support the commission’s resilience aims,” it said. P3 expressed concern over PJM’s proposal to permit non-market operations during emergencies, saying the commission should require the RTO to submit Tariff revisions to allow the change.
PJM also received support from American Electric Power, Dayton Power and Light and East Kentucky Power Cooperative, which made a joint filing as the PJM Utilities Coalition.
The coalition said it agrees with PJM’s recommendation that all RTOs be required to submit proposed Tariff changes to implement resilience planning criteria and develop processes for the identification of vulnerabilities.
“No meaningful steps towards a resilient system can begin without appropriate direction given by the commission that explicitly grants power to the RTO to establish resilience planning criteria and other aspects of the process,” it said. It also questioned whether the stakeholder process could address the issues. “If PJM reverts to a stakeholder process to determine resilience criteria, the process may get mired in political debates and cost allocation, and not focus on the necessary task of determining objective resilience criteria. For this reason, clear direction from FERC to guide that process is requested.”
PJM also filed reply comments, saying it wanted to provide additional information on its fuel security initiative announced April 30, clarify its proposals regarding gas-electric coordination and “provide context for its approach to this docket relative to the approach taken by certain other RTOs and ISOs.” (See PJM Seeks to Have Market Value Fuel Security.)
The Organization of PJM States Inc. (OPSI) said PJM’s filing did “not address the prudency and affordability of measures that may be implemented as a result of” the RTO’s recommendations, which it said indicate “extensions of its current mandate.”
“While not the stated intent, a future PJM could be positioned to drive transmission planning and craft new market structures in its mandate to address perceived low-probability, high-impact threats,” OPSI said. “The prospect of this expanded authority, with planning and decision-making impacting billions of dollars in investments with cost recovery from end users, may require a re-examination of PJM’s scope, governance and oversight.”
Graph on the left shows how baseload resources recover their fixed commitment costs under current LMP rules. During the peak hours, prices are typically above the resource’s marginal costs; the excess revenues in area B will exceed the amount by which the revenues fail to cover average costs in area A. Under the PJM proposal (right), LMPs would cover the average cost of all baseload resources needed to serve load. | Potomac Economics
Industrial energy users, consumer advocates for Delaware, New Jersey and D.C., and American Municipal Power, filing jointly as PJM Consumer Representatives, said the inconsistencies between the positions of PJM and those of other RTOs indicate the need for regional flexibility.
“Unlike the comments of the other RTOs/ISOs, PJM’s comments embark on an aggressively activist course, advocating positions that could result in substantial changes to PJM energy and capacity market rules, in addition to whatever changes may be necessary in transmission planning and system operations rules,” they said.
They called for a cost-benefit analysis or “prudence assessment” of any new resilience rules and said neither the 2014 polar vortex nor the 2017-2018 cold snap “justify subsidizing uneconomic coal and nuclear units … in the name of resilience.”
FirstEnergy’s regulated utilities called for urgent action, noting they sought voluntary load curtailments during the polar vortex to prevent load shedding for 142,000 customers. FERC should “immediately implement stopgap measures to preserve the operation of generators that contribute to grid resilience until a full evaluation of resilience needs is complete,” the utilities said.
FirstEnergy Solutions, the company’s merchant generation unit, said it “disagrees with the overall thrust of PJM’s comments.” It called for FERC to adopt mandatory resilience standards for RTOs and ISOs and ensure the continued operation of “critical” nuclear and coal-fired generators in the interim.
The Natural Gas Supply Association said PJM’s fuel security initiative “appears to reflect an unsupported bias against natural gas.”
“PJM states that the process of examining fuel risk will be done in a fuel-neutral manner. However, its document describing its process only refers to risks associated with greater reliance on natural gas and the language suggests that PJM has already made an unsupported predetermination that natural gas is a weak link in their ability to be reliable and resilient.”
ISO-NE’s response to FERC’s identified fuel security as its resilience risk. It said potential responses include additional gas pipeline or LNG capacity, relaxing rules on dual-fuel resources and additional investments in renewables and transmission.
The New England Power Pool Participants Committee stressed that resilience solutions be worked out in the stakeholder process, calling it “a prerequisite to yield the solutions that work best for New England.”
The New England States Committee on Electricity shared ISO-NE’s perspective that fuel security presents the primary challenge to the resilience of the region’s power system. NESCOE recommended additional analysis of potential risks and cautioned “against prescriptive actions or further processes” that could impede regional or state efforts to mitigate fuel security challenges.
The New England Power Generators Association said ISO-NE’s Operational Fuel Security Analysis (OFSA) “neither captures market participant behavior in response to price signals nor the probability of any particular outcome … and therefore should not be the basis for the market solutions to be developed and later filed for acceptance with the commission.” (See Report: Fuel Security Key Risk for New England Grid.)
Eversource Energy said ISO-NE’s fuel security study “may understate the magnitude and scope of the challenges.”
“This could lead one to falsely conclude that only minor changes are required, and that commission action may be unneeded at this time. To the contrary, time is not on New England’s side,” the company said.
The company urged the commission to convene a New England-specific technical conference to determine state and federal actions to improve the region’s infrastructure, citing additional gas pipeline capacity from the Marcellus shale deposit and electric transmission to carry Canadian hydropower and on- and offshore wind.
The attorneys general of Massachusetts, Rhode Island and Vermont also cautioned against overreliance on the OFSA, which they said “relies on underlying assumptions that do not present a realistic or complete view of either the present or the future bulk power system.”
“The OFSA presents a deterministic (as opposed to probabilistic) analysis that provides no context about whether modelled events are likely to occur,” they said.
They also said the study’s approach to resilience is overly narrow, failing to consider “cyber and physical adversarial threats, technological accidents, and extreme heat and other weather events.”
The region’s local gas distribution companies recommended FERC “consider expedited review of and decisions on new natural gas pipeline certificate applications in critical fuel security regions.”
NYISO told FERC in March that it does not face “imminent resilience concerns that require immediate action.”
The New York Public Service Commission said it agreed that ISO and stakeholder efforts to address bulk system resilience “are comprehensive and continuous,” asking for no other FERC measures beyond its “continued attention.” The PSC also agreed with the ISO’s suggestion for the commission to host a technical conference on bulk system resilience.
The Independent Power Producers of New York also supported the ISO’s approach and said FERC should not force it to abide by PJM’s suggested deadlines. “Efforts to ensure resilience should not be rushed to meet some arbitrarily short time frame unless they are justified by the evaluation of the ISO/RTO,” the group said.
The New York Transmission Owners also called on the commission to respect regional differences. “Any requirement to change course could impede resilience efforts already underway in the stakeholder process,” they said.
The Organization of MISO States said NERC standards, combined with initiatives from RTOs, state regulators, utilities, municipalities and others were enough to ensure long-term resilience. No additional rules or standards are necessary, the group said, especially those that might impede on state jurisdiction. “It is clear to the OMS that the appropriate processes are already in place to identify and adapt to the evolution of the industry and perceived threats to resilience,” the group said.
The MISO Transmission Owners emphasized that RTOs have only part of the answer to resilience, noting the role of distribution systems.
“MISO and its utility members have developed an integrated electric system that is currently sufficiently resilient, and MISO has identified no imminent resilience crises requiring commission action,” they said. “Notwithstanding MISO’s and its members’ regional efforts, enhancements to interregional coordination will promote greater resilience. Thus, while seams issues are broader than the concept of resilience, MISO is correct that the commission should not ignore the benefits of greater, more effective and efficient interregional cooperation in this proceeding.”
Entergy said it saw no need for a federal role in determining the proper long-term resource mix — “at least in MISO.”
The company called for resource adequacy to “continue to be a shared responsibility in MISO,” with state and local regulators determining the fuel mix.
“In this way, state and local regulators ensure diversity of fuel resources consistent with each area’s needs and those regulated utilities’ customers bear the cost burden and the reliability and resiliency benefits of those local regulators’ decisions,” Entergy said. “Direct federal action to regulate the long-term resource mix also could jeopardize utilities’ continued participation in MISO.”
In a joint filing, the Coalition of MISO Transmission Customers and Illinois Industrial Energy Consumers said that resilience is already central to the RTO’s reliability assessments. “The commission should not carve out resilience and treat it as a discrete characteristic of wholesale electricity markets,” they said, adding that any resilience requirements should be subject to cost-benefit analyses.
Northern Indiana Public Service Co. said that most grid innovation is happening with customer-owned technologies that connect at distribution level, urging FERC to work with state regulators to address resilience “across the entire electric value chain.” The company said that a “top-down, nationally-focused approach could overemphasize one or two parts of the overall electric system” and fail to account for the adoption of storage devices, electric vehicles, microgrids and DERs.
Alliant Energy used its comments to call for modernizing the Public Utility Regulatory Policies Act and criticize qualifying facilities “that haphazardly site themselves on the grid, causing distribution system and system planning issues.” Alliant said PURPA must be reworked to incent QF developers to concentrate on “system reliability and long-term grid stability.”
SPP’s Market Monitoring Unit emphasized the importance of creating standards and metrics to quantify and measure resilience.
“We recommend that in addition to defining resiliency, the commission and the parties should also engage in discussions to measure resiliency in order to assess whether an area has or has not attained resiliency. This measurement may also contribute in creating new market mechanisms to promote resiliency,” the Monitor said.
It pointed to SPP’s 30 to 36% capacity margins over peak needs but said that those high levels do not necessarily equate to resilience.
The MMU also said the resilience discussion should not be used “as a venue to promote certain price formation proposals.”
The California Public Utilities Commission said the state “has made substantial efforts to ensure grid reliability and resiliency by ensuring redundancy and coordination in its energy planning efforts,” citing the deployment of distributed energy resources and smart inverters.
It also noted the state “continues to aggressively plan for a changing climate to ensure Californians have safe, affordable and reliable access to electricity.”
Nevada Hydro, which develops pump storage projects, said CAISO’s transmission planning process has fallen short in properly valuing hydropower. CAISO’s “transmission economic assessment method (TEAM) has not fully applied the method to storage projects and has not quantified the grid reliability and resiliency benefits of the projects it has examined,” the company said. It said FERC should direct RTOs to include pumped storage hydro in transmission studies and resource adequacy planning.
Southern California Edison said FERC should consider regional differences and costs. It said it shares CAISO’s view that FERC’s proposed definition of resilience is lacking.
It said the use of the term “‘disruptive events” is indistinguishable from “‘contingencies,’ which, per NERC reliability standards, refers to unexpected failures or outages of a [Bulk Electric System] component.”
May 9, 2018
By Tim Starks
HILL GETS BUSY — Three separate committees are taking action on cybersecurity-related legislation today across both sides of the Hill. Perhaps the most significant among the bunch is a House Foreign Affairs markup of legislation that would establish a bug bounty program at the State Department, following the widely regarded success of similar initiatives across the Pentagon and at the IRS. The legislation (H.R. 5433) also mirrors efforts in Congress to expand such programs, like the push to create one at DHS (S. 1281) that passed the Senate last month.
The House Energy and Commerce Committee, meanwhile, is scheduled to consider a handful of cybersecurity bills. One (H.R. 5175) would direct the Energy Department to initiate a program to protect the physical security and cybersecurity of pipelines and liquefied natural gas facilities. A second (H.R. 5239) would create a voluntary DOE program to test the cybersecurity of products intended for use in the bulk-power system. A third (H.R. 5240) would seek to strengthen public-private partnerships on cyber. And the fourth (H.R. 5174) would make explicit that Energy Department leaders are responsible for cyber and other emergency response functions.
Later in the day, a House Appropriations subcommittee will mark up draft legislation that would provide fiscal 2019 funding for agencies including Commerce and Justice. The Commerce Department, home of the technical standards agency NIST, has a big cybersecurity role, while the Justice Department houses operations devoted to prosecuting cybercrime.
HAPPY WEDNESDAY and welcome to Morning Cybersecurity! Sure, because what the world needs is a new generation of super-spiders, jumping all over the place at the command of evil dictators wielding them as a spooky army. Send your thoughts, feedback and especially tips to firstname.lastname@example.org, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
TODAY: SOFTWARE, POWER INDUSTRY OFFICIALS VISIT CONGRESS — BSA | The Software Alliance is flying representatives of member companies such as Microsoft, IBM and Trend Micro into Washington to discuss cybersecurity and other items on its agenda. The cybersecurity component includes advocating for bolstering the workforce and explaining how artificial intelligence can defend computer networks. BSA has set up meetings with a range of cyber-savvy lawmaker offices, like Reps. Will Hurd and Adam Schiff and Sen. Cory Gardner, as well as House Minority Leader Nancy Pelosi.
Members of the Large Public Power Council, a utility group, will also visit lawmakers today. Representatives will meet to discuss cybersecurity with members and staffers of the House and Senate Homeland Security panels as well as the House Intelligence and Energy and Commerce committees. In addition to the group’s president, John Di Stasio, and regional power authority representatives, the council is bringing in technical cyber experts.
WAITING FOR THE NEXT SHOE TO DROP — Iran must stop hacking the U.S. and its allies, the administration said Tuesday after President Donald Trump announced a withdrawal from the Iran nuclear deal. A White House statement said Trump was “making clear that, in addition to never developing a nuclear weapon, the Iranian regime must … end its cyberattacks against the United States and our allies, including Israel.” In recent years, Tehran has deployed its hackers to disrupt the oil giant Saudi Aramco as well as to steal trade secrets and research from universities in the U.S., Israel and many other countries. Senate Majority Leader Mitch McConnell voiced support Tuesday for Trump’s holistic approach to the Iranian threat, saying in a statement that Tehran’s “malign behavior across the broader Middle East,” including its “use of cyberattacks,” should be “addressed in a wider regional effort.”
Cyber experts will be watching to see if Iranian hackers step up their attacks on U.S. targets. As Eric reported recently, threat intelligence researchers are concerned this will happen. Priscilla Moriuchi, director of strategic threat development at Recorded Future and former head of the NSA’s East Asia and Pacific cyber threats office, said her company expects U.S. financial and energy sector firms to face aggressive attacks from Iran “within months, if not sooner.”
FRESH STATS — Cyber crime cost Americans approximately $1.42 billion in 2017, according to a report from the FBI’s Internet Crime Complaint Center published Tuesday. The FBI center receives nearly 300,000 complaints each year, according to the report. Payment scams, data breaches and phishing attacks topped the list of crimes, with identity theft and business email compromises also making the top 10. Ultimately, business email compromise schemes led to the most losses, with $676 million, compared with romantic scams and other trickery coming in second and payment scams ranking third. Data breaches came in fifth, accounting for $77 million in losses. The states with the most reported victims and the highest losses are also among the largest: California, Texas, Florida, New York and Pennsylvania.
PAYING THE PRICE — DHS Secretary Kirstjen Nielsen told senators Tuesday that her department was pretty far along in ensuring that federal agency contractors are removing Moscow-based Kaspersky Lab software from their systems. DHS issued the directive, which Kaspersky is fighting in court, amid security fears last year.
“For many of the third party providers, they weren't even aware they had Kaspersky on their systems and within their products,” Nielsen told the Senate Appropriations Homeland Security Subcommittee. She said DHS was looking at ways to establish consequences for anyone who doesn’t pull the products. For its part, DHS is also looking at ways it can, under existing powers, “pause and turn off contracts” when there’s a concern like Kaspersky software or a data breach.
At the same hearing, Nielsen said DHS plans to host an election security briefing to talk about what it’s doing to safeguard state and local election administrators via voluntary assistance. When Sen. Jon Tester asked what happens when states resist DHS’ voluntary aid, Nielsen said that one of the goals of the briefing was getting lawmakers to “help us message to the state and local officials what they need to do to secure the elections.”
FROM INDEPENDENCE AVENUE TO MAIN STREET — The House approved legislation Tuesday meant to improve cybersecurity assistance offered through small-business development centers, which are Small Business Administration-backed centers that provide technical support. Under the bill (H.R. 3170), the Small Business Administration would be required to develop a cyber counseling certification program to help center employees provide advice to small business owners. The measure passed by voice vote.
RECENTLY ON PRO CYBERSECURITY — The Senate Intelligence Committee finalized its election security report with new findings and recommendations. … Georgia’s governor vetoed a hacking bill that cybersecurity experts warned would cause more digital threats. … Russia hackers waged a campaign of digital threats under the guise of the Islamic State. … Facebook unveiled another effort to combat Russian methods of election interference. … House Republicans believe Trump will override the Justice Department's refusal to turn over documents.
TWEET OF THE DAY — I think the pasta is hacking back, probably?
— Nearly 75 percent of organizations were probably or definitely hacked or experienced a data breach within the last year due to a compromised application, according to a new report from Arxan. The company surveyed around 1,400 IT firms across the U.S., EU and Asia.
PEOPLE ON THE MOVE
— New Jersey’s former chief technology officer and first cybersecurity adviser, Dave Weinstein, has joined cybersecurity firm Claroty as its vice president of threat research, the company announced Tuesday.
— The New York Times looks at how West Virginia is trying to protect its elections from hackers.
— House Intelligence Chairman Devin Nunes is feuding with the Justice Department over information involving a source who aided special counsel Robert Mueller’s Russia probe. The Washington Post
— “No, Apple is not making it harder for cops to hack iPhones.” CyberScoop
— The Trump administration’s rescission package would pull back funding for two technology loan programs. Nextgov
— A popular Android app left user information exposed. Motherboard
— A look at the new NSA/Cyber Command cyber warfare center from CyberScoop.
— “Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K”
— The former WikiLeaks fan who made public some unflattering internal messages explained why. Daily Beast
— Joy Reid's cybersecurity expert once wasted the FBI's time with an investigation that went nowhere, a source told Buzzfeed.
— Iran's cyber police warned about terrorist groups plotting in cyberspace. Fars News Agency
— Alaska officials say hackers broke into the state’s election system a little in 2016, but didn’t do any damage. Anchorage Daily News
— Twitter might be testing encrypted direct messages. Gizmodo
— Federal agency IT specialists are getting older. Nextgov
That’s all for today. Although maybe jumping spiders aren’t that scary if they can get shooed away just by holding your arms out.
May 5, 2018
By Marianne Levine and Theordoric Meyer
FLY-IN: Members of the Large Public Power Council are hitting up the Hill today to talk about cybersecurity issues. Among the lawmakers they will meet with are Reps. Joaquín Castro (D-Texas), Markwayne Mullin (R-Okla.) and Will Hurd (R-Texas).
FLY-IN: Members of the American Public Health Association held a fly-in Tuesday to call for more public health funding. The offices they met with included those of Reps. Bob Brady (D-Pa.), Dwight Evans (D-Pa.), Lamar Smith (R-Texas), Andy Barr (R-Ky.) and Sens. Bob Casey (D-Pa.), John Cornyn (R-Texas), Ted Cruz (R-Texas), Mitch McConnell (R-Ky.), Joe Donnelly (D-Ind.), Todd Young (R-Ind.), Elizabeth Warren (D-Mass.) and Marco Rubio (R-Fla.).
SPOTTED: At the Nelson Mullins Annual Rooftop Gala atop its offices last night, according to a PI tipster: Sens. Ed Markey (D-Mass.), Tim Scott (R-S.C.), Sheldon Whitehouse (D-R.I.), Chris Coons (D-Del.) and Chris Murphy (D-Conn.); and Reps. Trey Gowdy (R-S.C.), Mark Sanford (R-S.C.), Tom Rice (R-S.C.), Jim Clyburn (D-S.C.), Mike Capuano (D-Mass.), Joe Kennedy (D-Mass.), Virginia Foxx (R-N.C.), Richard Neal (D-Mass.), Stephen Lynch (D-Mass.) and Joe Wilson (R-S.C.).
SPOTTED: At the Games For Impact event hosted by the Entertainment Software Association on Capitol Hill last night, according to a PI tipster: Reps. Ryan Costello (R-Pa.), Doug Collins (R-Ga.), Bradley Byrne (R-Ala.), Jim Costa (D-Calif.), David Cicilline (D-R.I.), Bill Foster (D-Ill.), Will Hurd (R-Texas) and Hank Johnson (D-Ga.).
SPOTTED: At the Rivers of Recovery seventh annual congressional reception last night, according to a PI tipster: Reps. Martha Roby (R-Ala.), Jeff Duncan (R.S.C.), Duncan Hunter (R-Calif.), Sam Graves (R-Mo.) and Steven Palazzo (R-Miss.); Gen. George Joulwan; Liz Williams of Williams & Company; Sam Whitfield of the Consumers Bankers Association; Jeff Hogg of RAI Services; Zach Hartman of Anheuser-Busch; Hayden Rogers and Scott Eckart of Emergent Strategies; and others.
March 29, 2018
By Gino Harel and Catherine Varge of Survey
In December 2015, some 225,000 households were deprived of electricity in Ukraine. A year later, it was the turn of a part of the capital, Kiev, to be plunged into darkness. These two failures are far from trivial: they were caused by acts of hacking.
"In Ukraine, I think it was a clear signal in the industry," says Johanne Duhaime, Vice President of Information Technologies and Communications at Hydro-Québec.
For several years now, Hydro-Québec has been relying on a team to provide a cybersecurity watch. Events in Ukraine prompted the company to raise its defense measures.
"We have started to put plans in place to increase our monitoring center, to 24/7 [...] accelerate the modernization of our infrastructure to protect us more," said Ms. Duhaime.
Behind the 2015 operation in Ukraine, cybersecurity experts have identified a family of malware called BlackEnergy, unable to trace the perpetrators. The 2016 attack was also researched by computer security experts. ESET has determined that this attack was carried out using a new software called Industroyer able to remotely control industrial control systems of electrical infrastructure.
Hydro-Québec's experts have to deal with hundreds of incidents related to computer security every year. Attempts to intrude by sending malicious emails, for example, occur regularly
Hydro-Québec also conducts tests with its employees, using trapped messages. People are caught, admits Johanne Duhaime, but their number is decreasing.
"We do a lot of work on human behavior and education [...] People tend to call and say," I got an email, he's suspicious, is that okay? " ", she says.
It could also happen that an employee inserts a personal USB key into a company computer, which can also pose a risk.
Hydro-Québec assures that it has not experienced cyberintrusion in its systems.
Johanne Duhaime said that her team pays particular attention to Internet traffic from certain countries, such as Ukraine, Russia or Korea. "When there are elements where we see that there are IP addresses that come from these countries, we tend to be more vigilant [...] We will rather be more proactive and perhaps block the source of these requests at source, "she says.
It happens less than 10 times a year, she says.
One billion threats
During a testimony before the Standing Committee on Public Safety and National Security, on March 22, in Ottawa, the head of the Communications Security Establishment Canada (CSE) revealed the extent of cybersecurity challenges that her agency faces.
"We are now blocking more than a billion malicious attacks aimed at compromising government systems, on average every day," said Greta Bossenmaier, head of the CST.
These numerous incidents target Government of Canada networks and range from a simple reconnaissance exercise to check for vulnerabilities in systems to actual attempts to exploit vulnerabilities, or to install malware.
The last federal budget provides $ 507 million for dedicated measures over the next five years, including the creation of a Canadian Cyber Security Center. Ottawa is also scheduled to announce its new national cyber security strategy in the near future.
Last fall, the cybersecurity company Symantec revealed the presence of other malicious software in computers of power companies in the United States. The group identified behind these intrusions is called Dragonfly.
The FBI and the US Department of Homeland Security confirm they have identified victims of cyberintrusions in the energy field, including the nuclear sector. Hackers have also been able to penetrate aviation, water and other manufacturing networks.
According to Symantec, Dragonfly's phishing emails were also spotted at three organizations in Canada, but it was not possible to confirm any intrusions.
In the United States, the operation would have allowed the attackers to break through networks of small commercial facilities, including targeted infected emails. Their long-term goal would be to use these smaller networks to reach larger targets. They have already managed to position themselves to carry out sabotage activities, believe the experts.
"For the past two years, we have seen our opponents become more interested in the ways of harming [our] systems. Their techniques have developed, "says the head of cybersecurity at the Department of Homeland Security, Jeanette Manfra.
Ms. Manfra manages a team located in an office building in downtown Arlington, Virginia. It has an operational center at the heart of computer security throughout the United States: the National Center for Cyber Security and Communications Integration.
"The operations center is analyzing cyber incidents that are reported daily by various government agencies and private sector companies in the United States," she says.
Ms. Manfra estimates that the number of incidents reported to her center is 10,000 in the last three months alone.
There is an exponential growth in the number of devices and organizations whose networks are connected to the Internet. It creates a lot of vulnerability that criminals seek to exploit.
On March 15, the United States announced a new series of sanctions against Russia, accusing the country of having taken two forms of cyber-interference in the United States. Attempts to destabilize the electoral process in 2016 ... and computer attacks on critical infrastructures. According to Russian news agencies, Moscow considers these accusations unfounded and is now preparing its own retaliatory measures in response to the sanctions.
Hydro-Québec is reassuring
Even though Internet-connected devices are constantly growing in number, Hydro-Québec recalls that it has a peculiarity that other electric companies do not have to prevent hacker attacks on these systems: it has its own own telecommunications network to support its electrical mission.
The risks of intrusion are lower, are almost zero, because it's just us who are on the network [...] We control our entire environment.
Johanne Duhaime, Vice President of Information Technologies and Communications, Hydro-Québec
"We are in a good position," adds Ms. Duhaime. That does not mean that we are safe and that there is zero risk [...] In cybersecurity, we must never say that we are at zero risk. "
While the energy sector in the United States is clearly in the spotlight of hackers, industry representatives point out that power grid operators have standards to meet, even in terms of cybersecurity. They are established by the North American Electric Reliability Corporation (NERC). Hydro-Québec is subject to it.
The US electricity sector is made up of a multitude of private companies, but also more than 2000 utilities that produce or distribute electricity in markets of small or large size.
John Di Stasio is the president of an organization that brings together the 26 largest public utilities in the United States. According to him, the standards in place would probably have prevented the kind of breakdowns that occurred following the cyberattacks in Ukraine in 2015 and 2016.
"Our standards require us to provide multiple layers of protection that did not exist in Ukraine," he says.
In this game of cat and mouse between cyberassailers and cyberdefenders of power grids, Mr. Di Stasio believes that the industry has made some progress.
I think we have gained ground. However, we can not predict what lies ahead or what the nature of the threats will be or what they will target.
"These threats are evolving and all we can do is remain vigilant and continue to do the things that work to defend us from known threats," concludes Di Stasio.
POWER MARKETS: Groups Unite to Lobby FERC on Reforms
March 7, 2018
By Rod Kuckro
A broad coalition of 10 organizations not usually on the same page when it comes to electricity policy are asking federal regulators to apply five principles to any changes in the rules governing wholesale power markets.
Their common concerns were spelled out in a March 5 letter to the Federal Energy Regulatory Commission.
The letter said this is the time for FERC "to provide a clear vision for how it can best support, rather than interfere with, market-based mechanisms and healthy competition."
The letter from the 10 groups is intended to address the FERC inquiry into resilience as well as a FERC docket opened last year on the intersection of markets and state policies.
"The kettle is getting closer to boiling in terms of FERC taking another raft of actions involving issues around state policies and federal market design," said John Moore, senior attorney with the Natural Resources Defense Council (NRDC) who also signed the letter.
"So we wanted to put together a set of principles well before the pot actually boils and make sure everyone's aware of the new reality," Moore said in an interview. The group is concerned, he said, that "RTOs are not catching up to the new reality of the transforming grid."
The letter was signed by the American Council on Renewable Energy, American Public Power Association (APPA), American Wind Energy Association, Electricity Consumers Resource Council, Large Public Power Council, National Association of State Utility Consumer Advocates, NRECA, NRDC, Solar Energy Industries Association and Transmission Access Policy Study Group.