2020 Spring Compliance Seminar

Spring Compliance Seminar Agenda Brochure

March 10 - 11, 2020 Charlotte, NC / WebEx

Agenda SERC is committed to providing training and non-binding guidance to industry stakeholders regarding emerging and revised Reliability Standards. However, compliance depends on a number of factors including the precise language of the Standard, the specific facts and circumstances, and the quality of evidence. Purpose : Provide all SERC registered entities with an update on Compliance Monitoring and Enforcement Program (CMEP) developments, lessons learned, and key messages. Note: Please be advised that photographs will be taken at the Spring Compliance Seminar for use on the SERC website, SERC marketing materials, and/or other SERC publications. By attending the Spring Compliance Seminar, you consent to SERC’s photographing and/or using your image and likeness as described.

Agenda WebEx Logon 2020 Outreach

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

The agenda allows time for Q&A after each presentation. Therefore, times listed may vary. WebEx begins at 9:30 a.m. (Eastern). Those who attend the entire seminar will receive a participation certificate. The certificate does not satisfy educational requirements such as NERC continuing education hours .

Tuesday, March 10, 2020

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

7:30 a.m.

Continental Breakfast Visit with Registered Entity Forum Steering Committee Members in VACAR Conference Room.

Welcome

Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring

8:00 a.m.

8:15 a.m.

Registered Entity Forum (REF) REF Steering Committee Members Whether attending the seminar or not, registered entities may submit questions prior to the seminar to REF Steering Committee members at the email links below for discussion during the REF session. Please submit questions by noon on March 9. Brandon Cain pbcain@southernco.com Southern Company Eric Jebsen eric.jebsen@exeloncorp.com Exelon Generation Sarah Snow ssnow@cooperativeenergy.com Cooperative Energy

2

Agenda

* * * WebEx Begins * * *

Agenda WebEx Logon 2020 Outreach

9:15 a.m.

Break

9:30 a.m.

Welcome WebEx Attendees

Todd Curl - SERC

and REF Recap

Senior Manager of Compliance Monitoring

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Jason Blake - SERC President & CEO

9:45 a.m.

SERC Update

10:30 a.m.

Break

10:40 a.m.

CMEP Processes

Todd Curl - SERC

- Inherent Risk Assessment (IRA) - Audit Notification Letter (ANL - Audit Process - Feedback Loop to IRA after Audit

Senior Manager of Compliance Monitoring

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Scott Knewasser - SERC

Senior Manager, Risk Assessment & Mitigation

11:30 a.m.

New and Revised Standards Update SERC Staff - CIP-003-8 Security Management Controls Justin Kelly, Senior CIP Auditor / Presentation - CIP-005-6 Electronic Security Perimeter(s) - CIP-010-3 Configuration Change Management & Vulnerability Assessments Vijay Naik, CIP Auditor / Presentation - PRC-002-2 Disturbance Monitoring & Reporting Requirements - PER-006-1 Specific Training for Personnel - PRC-027-1 Coordination of Protection Systems for Performance During Faults Harry Spiess, O&P Auditor / Presentation

3

Agenda

12:00 p.m.

Lunch

Agenda WebEx Logon 2020 Outreach

1:00 p.m.

O&P Evidence Submittal Expectations SERC O&P Audit Staff

- Jin Chen, Associate O&P Auditor - Derek Lepresti, Compliance Auditor - Alex Shestopal, Associate O&P Auditor - Greg Tenley, Senior Compliance Auditor

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

1:30 p.m.

Building Internal Controls for NERC Andrew Ledoux, PE - Lafayette Utilities System Compliance Electrical Engineer III

2:00 p.m.

Break

2:15 p.m.

CIP-004-6

Justin Kelly - SERC Senior CIP Auditor

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

- Failure Modes

- Auditing

3:15 p.m.

Break

FAC-008 Audit Experience

James Vermillion - Associated Electric Cooperative Senior Transmission Planning Engineer

3:30 p.m.

FAC-008

Steve Rose - SERC O&P Auditor

4:00 p.m.

NAGF Overview & Activities

Brett Koelsch - Duke Energy Lead Compliance Analyst

4:15 p.m.

4

Agenda

4:30 p.m.

Patch Management

Bill Peterson - SERC Manager, Outreach & Training

Agenda WebEx Logon 2020 Outreach

Wrap-up

Todd Curl - SERC Senior Manager of Compliance Monitoring

4:55 p.m.

5:00 p.m.

Adjourn

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Wednesday, March 11, 2020

7:30 a.m.

Continental Breakfast Visit with Registered Entity Forum Steering Committee Members in VACAR Conference Room

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

* * * WebEx Begins * * *

Welcome: Day 2

Todd Curl – SERC Senior Manager of Compliance Monitoring Gaurav Karandikar - SERC Manager, RAPA & Technical Service

8:00 a.m.

Risk Management & Communication

8:05 a.m.

Using Internal Controls to Stephen Brown - SERC Prepare & Sustain CIP Audit Program Manager, CIP Monitoring

8:30 a.m.

8:45 a.m.

Lifecycle of a Violation

Drew Slabaugh - SERC Legal Counsel

9:05 a.m.

Break

5

Agenda

9:20 a.m.

Supply Chain Update

Brian Allen - NERC Senior O&P Auditor

Agenda WebEx Logon 2020 Outreach

SCS NERC Internal Controls

Randall Hubbard - Southern Company NERC Internal Controls Project Manager

9:50 a.m.

10:20 a.m.

Break

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

10:30 a.m.

CORES

Kevin Koloini - NERC Engineer & Project Manager, Registration Peter Heidrich - SERC Senior Coordinator, Certification & Registration

Align

Andrew Williamson - SERC Director, Reliability Assurance

11:25 a.m.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Wrap-up

Todd Curl - SERC Senior Manager of Compliance Monitoring

11:55 a.m.

12:00 p.m.

Adjourn

6

WebEx Logon

The WebEx session will be recorded. The recording will be posted to the SERC website and will, therefore, become public.

Agenda WebEx Logon 2020 Outreach

Tuesday, March 10, 2020

WebEx Begins at 9:30 a.m. (Eastern)

Join Webex meeting Meeting number (access code): 719 168 932 Meeting password: SERC Join by phone 1-408-792-6300 Call-in toll number (US/Canada) Wednesday, March 11, 2020 Join Webex meeting Meeting number (access code): 715 630 831 Meeting password: SERC Join by phone 1-408-792-6300 Call-in toll number (US/Canada)

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

WebEx Begins at 8:00 a.m. (Eastern)

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Participants will be muted upon entry to eliminate background noise. Please send questions through the Chat feature. If your question is too lengthy to type, send a request through the Chat feature to be un-muted. Can't join the meeting? IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.

7

2020 Outreach & Training Events

Compliance Seminars: Charlotte, NC / WebEx Event details and registration are available on the SERC website under Outreach / Upcoming Events.

March 11 Small Entity Seminar October 6 - 7 CIP Compliance Seminar November 10 - 11 Fall Compliance Seminar

MORE

8

2020 Outreach & Training Events

Webinar Series Event details are available on the SERC website under Outreach / Upcoming Events. No registration required.

May 11 July 27

Q2 2020 Open Forum Q3 2020 Open Forum

MORE

9

2020 Outreach & Training Events

System Operator Conferences Event details and registration are available on the SERC website under Outreach / Upcoming Events.

April 7 - 9

Greenville, SC

April 28 - 30 Greenville, SC August 25 - 27 Franklin, TN Sep 29 - Oct 1 Franklin, TN

MORE

10

2020 Technical Committee Meetings

Event details and registration are available on the SERC website under Outreach / Upcoming Events.

Technical Committee Meetings : Charlotte, NC / WebEx • Spring March 16 - 18 • Fall September 21 - 23 (Registration not yet open.)

Summer Regional Meeting / Pig Roast To Be Announced

11

Antitrust

• It is SERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or which might appear to violate, the antitrust laws. • It is the responsibility of every SERC member, every SERC member employee who participates in SERC activities, and SERC staff personnel who may in any way affect SERC’s compliance with the antitrust laws to carry out this commitment . • Participants in SERC activities should refrain from the following prohibited discussions when acting in their capacity as participants in SERC activities: – Discussions involving pricing information, especially margin (profit) and internal cost – Discussions of a participant’s marketing strategies – Discussions regarding how customers and geographical areas are to be divided among competitors – Discussions concerning the exclusion of competitors from markets – Discussions concerning boycotting or group refusals to deal with competitors, vendors, or suppliers • Any other matters that do not clearly fall within these guidelines should be brought to the attention of the SERC office.

Agenda WebEx Logon 2020 Outreach

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

12

Confidentiality Policy

• Members of SERC committees may, in performing SERC functions, have to use information of a sensitive and commercial nature, including but not limited to that provided by SERC members and designated as “Confidential”, that SERC members customarily hold confidential and do not disclose publicly. • The SERC Confidentiality Agreement prohibits (i) the use of Confidential Information by Member Employees for other than SERC purposes and (ii) the disclosure of that information to any third party, unless disclosed to NERC pursuant to delegation agreement, or to a third party that has signed a Confidentiality Agreement with SERC. • If either you or your employer has not signed such an Agreement and/or your employer has not designated you as a Member Employee authorized to receive Confidential Information then you will not be given access to Confidential Information and you will be required to leave the meeting before any such information is disclosed, used, or discussed.

Agenda WebEx Logon 2020 Outreach

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

13

Standards of Conduct

• The Federal Energy Regulatory Commission’s Standards of Conduct for transmission providers forbid a transmission provider from providing an undue preference or advantage to any person and require transmission providers to treat all customers in a not unduly discriminatory manner. • All participants in the SERC Identified Reliability Risk Team are expected to abide by the restrictions in the Standards of Conduct. • During any meetings, discussions, or other activities of the SERC Identified Reliability Risk Team, all participants should: – Refrain from disclosing non-public transmission function information, which includes any information related to day-to-day transmission operations and planning, such as transmission outages and constraints. – Refrain from discussing any non-public transmission customer-specific information. – If any non-public transmission function information or non-public customer information is disclosed during a SERC Identified Reliability Risk Team activity, the participants receiving that disclosure should not further disclose that information to any marketing function employees within their organizations or use any other person as a conduit to disclose such information.

Agenda WebEx Logon 2020 Outreach

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

14

Acronyms

The master Acronym Reference Index is on the FAQ & Lessons Learned page of the SERC website under Outreach. It is updated following each outreach event.

Agenda WebEx Logon 2020 Outreach

ACC

Alternate Compliance Contact

AECI

Associated Electric Cooperative, Inc.

ATL

Audit Team Lead

BA

Balancing Authority

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

BCSI

BES Cyber System Information

BES

Bulk Electric System

BOTCC

(NERC) Board of Trustees Compliance Committee

BPS

Bulk Power System

CBT

Computer-based Training

CCC

Compliance and Certification Committee (NERC Committee)

CE

Compliance Exception

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

CEA

Compliance Enforcement Authority

CFR

Coordinated Functional Registration (formerly Type 2 Joint Registration Organization “JRO”)

CIP

Critical Infrastructure Protection (Family in NERC Reliability Standards)

CMAT

Controls Monitoring and Testing (Southern Company acronym)

CMEP

Compliance Monitoring and Enforcement Program

CMEP IP

Compliance Monitoring and Enforcement Program Implementation Plan

CORES

Centralized Organization Registration ERO System

COSO

Committee of Sponsoring Organizations (Treadway Commission)

CPC

Compliance Program Coordinators

DB

Design Basis

DP

Distribution Provider (Function)

DR

Data Request

EA

Enforcement Action

EACMS

Electronic Access Control and/or Monitoring Systems

EEI

Edison Electric Institute

15

Acronyms

EMP

Electromagnetic Pulses

EMS

Energy Management System

Agenda WebEx Logon 2020 Outreach

EOC

Extent of Condition

EPRI

Electric Power Research Institute

ERO

Electric Reliability Organization

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

FAC

Facilities, Design, Connections, and Maintenance (Family in NERC Reliability Standards)

FERC

Federal Energy Regulatory Commission

FFT

Find, Fix, Track (and Report process)

GAO

Government Accountability Office - audit

GO

Generator Owners

GOP

Generator Operators

GSC

Guided Self Certification

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

GSU

Generator Step-Up

G&T

Generation & Transmission

HV

High Volt

IDS

Intrusion Detection System

IRA

Inherent Risk Assessment

ISO

Independent System Operator

JRO

Joint Registration Organization

kV

Kilovolts (1000 volts)

LAFA

Lafayette Utilities System

LIBCS

Low Impact BES Cyber Systems (BES = Bulk Electric System)

LUS

Lafayette Utilities System

MANTIS

Modeling and Network Transmission Information System (AECI acronym)

MFA

Multifactor Authentication

MIDAS

Misoperation Information Data Analysis System

16

Acronyms

MLE

Motor Lead Extension

MRO

Midwest Reliability Organization (Region within the ERO Enterprise)

Agenda WebEx Logon 2020 Outreach

MRRE

Multi-Regional Registered Entity

MSA

Master Service Agreement

MVA

Mega Volt Amps

MW

Megawatt

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

NAGF

North American Generator Forum

NATF

North American Transmission Forum

NAVAPS

Notice of Alleged Violation(s) and Penalty or Sanction

NCSO

NERC Certified System Operator

NERC

North American Electric Reliability Corporation

NIST

National Institute of Standards and Technology

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

NOCV

Notice of Confirmed Violation

NOP

Notice of Penalty

O&P

Operations & Planning

PA

Planning Authority (Function)

PACS

Physical Access Control System

PCC

Primary Compliance Contact

PCO

Primary Compliance Officer

PEI

Protected Entity Information

PER

Personnel Performance, Training, and Qualifications (Family in NERC Reliability Standards)

PNC

Possible Noncompliance

PRA

Personnel Risk Assessment

PRC

Protection and Control (Family in NERC Reliability Standards)

Pre-NAV

Pre-Notice of Alleged Violation

PSP

Physical Security Perimeter

17

Acronyms

RAM

Risk Assessment & Mitigation

RAPA

Reliability Assessment and Performance Analysis

Agenda WebEx Logon 2020 Outreach

Regional Advanced Techniques Staff-Statistical (Audit tool used by US Dept. of Health & Human Services)

RAT-STATS

Reliability Coordinator (Function)

RC

REF

Registered Entity Forum

RFI

Request for Information

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

RSAW

Reliability Standards Audit Worksheet

RTCA

Real-Time Contingency Analysis

RTO

Regional Transmission Organization

SAGAS

Small Group Advisory Sessions

SAR

Standard Authorization Request

SC

Self Certification

SCADA

Supervisory Control and Data Acquisition

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

SCS

Southern Company Services

SCWG

Supply Chain Working Group

SFTP

Secure File Transfer Protocol

SME

Subject Matter Expert

SNOP

Spreadsheet Notice of Penalty

Security Operations Center or System Operator Conference

SOC

SPOC

Single Point of Contact

Transmission Owner (Function)

TO

Transmission Operator (Function) or Transmission Operations (Family in NERC Reliability Standards)

TOP

Transmission Planner (Function)

TP

TTP

Tactics, Techniques, and Procedures

UMR

User Management and Records

VPN

Virtual Private Network

Western Electricity Coordinating Council (Region within the ERO Enterprise)

WECC

18

Questions for SERC

FAQ Process

Entity Assistance

Agenda WebEx Logon 2020 Outreach

Topic

Email

• General inquiries / FAQ

Support@serc1.org

• Seminar & Webinar Topic Suggestions • Media inquiries

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

• SERC Membership • SERC Committees • SERC Compliance & Committee Portal/Committee related issues • Registration and Certification Issues

SERCregistration@serc1.org SERCComply@serc1.org

• Compliance monitoring methods:

o Self-Certification o Self-Report submittals o Compliance data submittals

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

• Enforcement and Mitigation

o Mitigation Plan submittals • SERC Compliance & Committee Portal-Compliance related issues • Reliability Assessment data reporting

RAStaff@serc1.org

• Reliability Assessment forms • Annual Voting Rights • Reliability Data Reporting Portal • Industry Subject Matter Expert (ISME) Program

ISME@serc1.org

• Submitting an ISME application • Event Reporting

Reporting_Line_Sit@list-serc1.org

• Situational Awareness • Events Analysis

SAEA@serc1.org

19

Registered Entity Forum

If you have a question you would like to submit anonymously, you may do so by contacting one of the Registered Entity Forum Steering Committee members. Registered Entity Forum (REF) sessions are generally held during SERC seminars. However, REF Steering Committee members are gracious enough to assist registered entities within the SERC Region throughout the year. For your information, the REF is open to participation by all entities registered in the SERC Compliance Registry, regardless of membership status in SERC. The purpose of the REF is to promote compliance excellence, elevate the collective compliance culture, and strengthen reliability among all SERC Region registered entities. The REF is a self-directed forum that provides a safe harbor for registered entities to (1) exchange information, (2) share lessons learned, (3) discuss compliance issues of interest and importance, and (4) generate concerns and questions to be provided to SERC staff regarding compliance with SERC and NERC reliability rules, standards, and regulations. The REF Steering Committee is comprised of representatives from registered entities, and members are elected by the registered entities. Positions include representatives with both CIP and Operations & Planning expertise. If you would like to be on the committee, elections are held each fall. REF Steering Committee members are prohibited from disclosing to SERC the names of registered entities whose concerns or questions are discussed with SERC staff members. Should you have questions or topics that you would like to discuss with them, please feel free to contact the committee members listed on the CIP or Operations & Planning links above. Responses to previously submitted questions are available on the SERC website. From the SERC home page, select Outreach / Q&A and Lessons Learned. The REF Charter is posted to the SERC website. From the SERC home page, select Outreach / Registered Entity Forum. Elections are held each November, and committee members serve a two-year term.

Agenda WebEx Logon 2020 Outreach

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

20

REF Steering Committee

O&P Committee Member

CIP Committee Member Jennifer Blair, Compliance Specialist LG&E and KU Energy, LLC jennifer.blair@lge-ku.com

Agenda WebEx Logon 2020 Outreach

Brad Arnold, Manager, Policy & Compliance Ameren Missouri barnold@Ameren.com John Babik, Director Electric Compliance JEA babijj@jea.com Greg Davis, Regulatory Compliance Manager Georgia Transmission Corporation Greg.davis@gatrans.com Sarah Snow, Manager of Reliability Compliance Cooperative Energy ssnow@cooperativeenergy.com Bill Thigpen, Supervisor of Compliance Support PowerSouth Energy Cooperative bill.thigpen@powersouth.com Ryan Ziegler, Reliability Compliance Specialist Associated Electric Cooperative, Inc. rziegler@aeci.org

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Brandon Cain, CIP Compliance Assurance Manager Southern Company pbcain@southernco.com Eric Jebsen, PE, Senior Regulatory Engineer Exelon Generation eric.jebsen@exeloncorp.com

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

21

Brian Allen

NERC CIP Assurance Advisor

Agenda WebEx Logon 2020 Outreach

Brian serves as a CIP Assurance Advisor in the NERC Grid Assurance group. In this position, Brian works with the Assurance Team to provide oversight, guidance, and coordination in managing programs and processes to monitor, review, and evaluate program effectiveness of the Electric Reliability Organization (ERO) Enterprise implementation of risk-based compliance monitoring and adherence to the NERC Rules of Procedure, Compliance Monitoring and Enforcement Program, and approved delegation agreements. Brian joined the NERC CIP Assurance team in January 2019. Prior to NERC, Brian served as a Cyber Security Specialist at Georgia Systems Operation Corporation. In this role, Brian worked within Security Operations focusing on governance, risk, and compliance of the CIP Program.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.

22

Jason Blake

SERC Reliability Corporation President and Chief Executive Officer

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Mr. Blake is President and CEO for SERC and is passionate about SERC’s mission, which is to reduce risks and ensure a reliable, resilient, and secure electric grid across 16 central and southeastern states. He leads with a commitment to operational excellence, innovation, continuous improvement, and deploying resources in an effective and efficient manner that adds value. Prior to joining SERC, Mr. Blake spent almost nine years serving as the Vice President and General Counsel for SERC’s northern neighbor and sister region, ReliabilityFirst. During that time, he helped lead RF through its start-up phase and into a sustainable risk-based organization focused on ensuring a reliable, resilient, and secure electric grid across the Mid-Atlantic and Great Lakes regions of the U.S. Prior to this, Mr. Blake developed broad business and regulatory experience through his private practice with large, corporate law firms located in Pittsburgh, Pennsylvania and then in Cleveland, Ohio. Mr. Blake is a graduate of the Ohio State University and the University of Pittsburgh School of Law. He also served on the Board of Directors for the American Heart Association for the Cleveland Metropolitan Area and enjoys volunteering to coach his children’s sports teams.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

23

Stephen Brown, MBA, CISM

SERC Reliability Corporation Manager, CIP Monitoring

Agenda WebEx Logon 2020 Outreach

Stephen joined the CIP Compliance audit team at SERC Reliability Corporation in September 2018. Previously, Stephen joined the NERC ERO at Georgia System Operations (GSOC) in 2006. While at GSOC, he managed and coordinated all Critical Infrastructure Protection (CIP) changes to ensure that stakeholders were aware of the change(s) and risks. He also ensured security controls were identified prior to changes and confirmed all documentation was complete. Stephen has over 15 years of information and operation technology experience with detailed knowledge in asset management, business continuity, disaster recover planning, incident response, policy administration, process improvement, and risk assessment. He has led a security and network operations center and managed multiple security and compliance projects. Stephen is a Certified Information Security Manager (CISM) and has been a Subject Matter Expert on standards CIP-006, CIP-007, and CIP-010 for multiple Critical Infrastructure Protection (CIP) audits. He is a new resident to North Carolina and holds a Masters of Business Administration (MBA) in Information Systems from Argosy University.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.

24

Brandon Cain, MBA, CISSP, CCM

Southern Company CIP Compliance Assurance Manager

Agenda WebEx Logon 2020 Outreach

Brandon Cain joined SCS Operations Compliance in 2011 as a CIP Compliance Coordinator and was later promoted to CIP Cyber Compliance Assurance Manager. In this role, he provides strategic management of the Company’s CIP Compliance Program and oversees the implementation of cyber security initiatives intended to meet and maintain compliance with regulatory reliability standards impacting Transmission and Generation. His team provides crucial support to Company business unit management engaged in cyber compliance activities, prepares for audits and self-certifications, and handles routine regulatory compliance filings for the Company. Prior to joining Southern Company, Brandon served as Branch Chief, Tactical Exploitation Branch of the Counterterrorism Task Force, Defense Intelligence Agency. There, he managed multiple regional teams providing direct overseas intelligence support to agency and military operations and led the production of critical intelligence reports and assessments developed for government officials and senior military leaders. Brandon holds a B.S. in Information Systems Security Management and an M.B.A. from the University of Alabama in Birmingham. He has also obtained professional certifications as a Certified Information Systems Security Professional (CISSP), and a Certified Continuity Manager (CCM).

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

25

Jin Chen, MS

SERC Reliability Corporation Associated Operations & Planning Auditor

Agenda WebEx Logon 2020 Outreach

Jin Chen joined the SERC Reliability Corporation Operation & Planning Compliance Audit team in August 2019. Mr. Chen joined SERC in March of 2014 as an employee in the Engineer Rotation Program. After the 18 month rotation, Mr. Chen worked in the Risk Assessment & Mitigation team. His duties included Inherent Risk Assessments, Violation Processing, and Process Improvement and Tool development. In 2017 Mr. Chen transitioned to the SERC Analytics team where he led the development of multiple compliance application tools used for internal analysis of the SERC member companies. Mr. Chen has a Master of Science in Electrical Engineering from University of North Carolina at Charlotte and a Bachelor of Science in Electrical Engineering from University of North Carolina at Charlotte.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

26

Todd Curl, NCSO

SERC Reliability Corporation Senior Manager of Compliance Monitoring

Agenda WebEx Logon 2020 Outreach

Todd is currently responsible for managing all areas of Compliance Monitoring (in both Operations & Planning and Critical Infrastructure Protection areas). Previously he was Manager of Compliance Programs, which included Registration & Certification, Compliance Investigations, and Compliance Outreach. Todd joined SERC as an O&P Compliance Auditor in 2010, with about 29 years in the electric utility industry. Before joining SERC, Todd was a Senior System Operator at Southern Company’s Power Coordination Center in Birmingham, Alabama. Primary responsibilities included providing real-time monitoring and control decisions and direction for the 24/7 operation of the Southern Company bulk power system balancing area. He also was responsible for various aspects of reliably operating the bulk power system in a coordinated manner with the four Operating Company transmission control centers, generation operations, and neighboring utilities. He worked with a team of NERC certified operators balancing generation with load, keeping the transmission system reliable, and ensuring correct interchange power flows with neighbors. Todd also spent 10 years on Southern Company’s energy trading floor as an Energy Coordinator, providing economic evaluation and negotiation of next-hour power sales and purchases, and arranged for scheduling of transactions in a real time 24/7 operation. Todd also spent 17 years with Georgia Power Company as a Transmission Operator in Atlanta, and a Substation Maintenance electrician.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.

Todd has a Bachelor of Science degree in Business Administration, and an Executive Certificate in Organizational Leadership from the University of Notre Dame. Todd is a NERC Certified System Operator with the Reliability Coordinator certification since 1999. Todd has also completed NERC Audit/Certification Team Leader training, and Compliance Investigations training.

27

Peter Heidrich, NCSO

SERC Reliability Corporation Senior Certification and Registration Coordinator

Agenda WebEx Logon 2020 Outreach

Peter joined the SERC Reliability Corporation in July 2019 as the Senior Coordinator of Certification and Registration. Peter is responsible for the administration of the SERC Functional Entity Registration and Certification processes, and is also responsible for the implementation and continued maintenance associated with the NERC Glossary of Terms definition of Bulk Electric System (BES) and administration of the Rules of Procedure (ROP) BES Exception Process. Previously Peter was with the Florida Reliability Coordinating Council, Inc. (FRCC) from August, 2008 to June 2019. As the FRCC Director of Reliability Performance & Registration, Peter was responsible for leading the Programs within the FRCC Region to enable the assessment and improvement in reliability performance of the FRCC BES. Responsibilities included Registration and Certification, Events Analysis and Situation Awareness, Reliability Standards Development, and System Operator Training. Within this capacity, Peter was responsible for the administration of the FRCC Functional Entity Registration and Certification processes, and was also responsible for the implementation and continued maintenance associated with the NERC Glossary of Terms definition of BES and administration of the ROP BES Exception Process.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.

Peter served over eight years in the United States Navy in the Nuclear Power Program. Following his military service, he joined DTE Energy (Detroit Edison) in 1992 as a Nuclear Power Plant Operator at the Enrico Fermi II Power Plant (Newport, MI). In 1995, Peter transferred to the System Operations Department where he qualified as a System Operator, and obtained his NERC System Operator Certification. Peter also served in the position of Control Room Supervisor. From 2004 to 2008, Peter served as Manager-Protection Authority with the responsibilities of managing the Hazardous Energy Controls (Red Tag Protection) programs for the corporation. Peter holds a Bachelor of Science Degree in Business Administration, graduating with Honors, from the University of Phoenix. Peter has been a NERC Certified Reliability Coordinator since 2000.

28

Randall Hubbard

Southern Company NERC Internal Controls Project Manager

Agenda WebEx Logon 2020 Outreach

Randall Hubbard serves as the NERC Internal Controls Project Manager for Operations & Planning and CIP Internal Controls for Southern Company. Prior to his current role, he worked in Compliance Assurance for O&P Standards supporting compliance oversight programs. Randall has also spent time in the Sarbanes-Oxley (SOX) Internal Controls group and Internal Audit at Southern Company. He has extensive knowledge in COSO 2013 and Institute of Internal Audit Standards.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.

29

Eric Jebsen, PE

Exelon Generation Senior Regulatory Engineer

Agenda WebEx Logon 2020 Outreach

Mr. Eric Jebsen has almost 40 years of experience in the nuclear industry at utilities, equipment suppliers, and consultants. Mr. Jebsen’s experience includes:

• Backup Compliance Contact for RF and SERC for Exelon Generation since 2010 • SERC Industry Subject Matter Expert (ISME) at GSOC CIP audit September 2017 • CIP Lead for SERC CIP audit of Exelon 2014 • Internal SME for CIP-NRC73.54 cyber security interface

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

• Group lead for BES Definition roll-out 2014 • Mock 693 audit of Calvert Cliffs station 2012 • SERC Data Collection Task Force contributor • Exelon Generation 2008-2010 Business Continuity Planning/Pandemic Planning Nuclear lead, including response to 2009 Swine Flu • Exelon Generation 2005-2008 Business Operations - responsible for annual business plans and monitoring generation fleet performance • Exelon Generation 1999-2005 Probabilistic Risk Analysis (PRA) Engineer at Quad Cities Station responsible for all manner of risk analysis to support operations, maintenance, and incident response; and served as Chair of the industry risk-informed maintenance committee • Duke Engineering 1998-1999 PRA and Fire Risk analysis for clients both national and international, including one month PRA training assignment in Saudi Arabia • PPL Corporation 1983-1998 various positions in Nuclear Fuels analysis, reactor core physics monitoring, PRA and Fire Risk analysis, including NRC Individual Plant Evaluation (IPE) and IPE for External Events, supporting the Susquehanna Station. • Babcock and Wilcox 1980-1983 field service engineer providing reactor startup and plant event analysis services to clients, generally in the Southeastern U.S. Mr. Jebsen received a BS in Nuclear Engineering at Purdue University, 1980, Cum Laude. He is a registered Professional Engineer in Pennsylvania. 30

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Gaurav Karandikar, MS

SERC Reliability Corporation Manager, RAPA & TS

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Gaurav Karandikar is the Manager, Reliability Assessment, Performance Analysis, and Technical Services with SERC Reliability Corporation. Mr. Karandikar has been with SERC for more than four years. The reliability assessment, performance analysis, and technical services group is responsible for providing value-added services to the SERC entities by engaging in a collaborative environment through various technical committees and their subgroups. Mr. Karandikar has over twenty years of industry experience with Siemens PTI, Ameren Services, and Alstom. Mr. Karandikar has a Master’s of Science in Electrical Engineering with a concentration in Power Systems from Missouri University of Science and Technology, Rolla, Missouri. Mr. Karandikar has a Bachelor of Science degree in Electrical Engineering from Malviya National Institute of Technology, India. In addition, Gaurav is a senior member of IEEE and has a Leadership Certificate from Cornell University.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

31

Justin Kelly, PE, MS, CISSP

SERC Reliability Corporation Senior CIP Auditor

Agenda WebEx Logon 2020 Outreach

Justin joined the CIP Compliance audit team at SERC Reliability Corporation in September 2019. Previously, Justin Kelly was an Electrical Engineer with the Federal Energy Regulatory Commission in Washington, DC. He was a sub-team lead for both CIP Version 5 and CIP-014 FERC-led audits. Justin has also been involved in monitoring Standard Drafting Teams, drafting FERC Orders, reviewing CIP related sanctions filed or posted by NERC, and observing regional entity audits. He primarily focused on CIP Reliability Standards during his time at FERC, but also was a technical team lead for Geomagnetic Disturbance and Electromagnetic Pulse research and standards projects. Justin received a Master of Science in Electrical Engineering degree from Virginia Polytechnic and State University in 2009. He is a licensed Professional Engineer (PE) in the state of Maryland and is a Certified Information System Security Professional (CISSP).

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.

32

Scott Knewasser, NCSO

SERC Reliability Corporation Senior Manager, Risk Assessment and Mitigation

Agenda WebEx Logon 2020 Outreach

Scott joined SERC Reliability Corporation with the integration of the Florida Reliability Coordinating Council (FRCC) Region in July 2019 as the Senior Manager, Risk Assessment and Mitigation. Previously, Scott was the Manager of O&P Monitoring at FRCC, where he was also a Senior O&P Compliance Engineer. Scott’s past utility industry experience includes Substation Engineering, Transmission Planning, Field Operations, Transmission Operations, and Operations Engineering. He graduated from Clarkson University with a Bachelor of Science in Electrical Engineering, and is a certified NERC System Operator at the Reliability Coordinator level.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.

33

Andrew Ledoux, PE

Lafayette Utilities Systems Electrical Engineer III

Agenda WebEx Logon 2020 Outreach

Andrew Ledoux, P.E. is a Louisiana Licensed Electrical Engineer with nearly 16 years of engineering and management experience, which includes technical, administrative, and design implementation of SCADA Energy Control Systems, NERC CIP and NERC O&P Compliance Programs. Andrew graduated from the University of Louisiana in 2004 with a Bachelor of Science in Electrical Engineering, and is currently employed as a SCADA/Compliance Engineer with the Lafayette Utilities System (LUS) in Lafayette, Louisiana.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

34

Derek Lepresti, NCSO

SERC Reliability Corporation Compliance Auditor

Agenda WebEx Logon 2020 Outreach

Derek Lepresti joined the O&P Compliance audit team at SERC Reliability Corporation in August 2019. Previously, Derek was a Senior System Operator with Duke Energy working the real time Transmission desk in the Charlotte ECC for past 4 plus years. He has also worked as a transmission system operator for 12 years (With Duke Energy and Allegheny Power / First Energy):

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

• Generation Dispatcher with Allegheny Power for 1 year. • Substation Electrician with Allegheny Power for 3 years • Power Plant Operator with Allegheny Power/ West Penn Power for 10 plus years Derek holds the following degrees/certifications: • ASB in Computer Information Management from Computer Tech in Pittsburgh, PA • NERC Certified System Operator (RC level) • PJM Transmission and Generation Certified • Completed PJM’s Initial Training Program • Completed Allegheny Power’s Substation Electrician Apprentice Program

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

35

Vijay Naik, CCNA

SERC Reliability Corporation CIP Auditor

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Vijay joined the CIP Compliance audit team at SERC Reliability Corporation in January 2019. Previously, Vijay worked for Georgia System Operations Corporation (GSOC) since 2014. During that time, he served as Principal Engineer - Security & Compliance. While at GSOC, he worked in the areas of Cyber Security, Audit and Compliance, and System Administration. Vijay has more than 18 years of information technology experience in system/threat intelligence, network infrastructure monitoring and compliance. He holds CCNA (Cisco Certified Network Associate) certification. Vijay holds a Bachelor of Computer Science degree.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

36

Bill Peterson, MBA, CRISC, CISM, CISSP

SERC Reliability Corporation Manager, Outreach and Training

Agenda WebEx Logon 2020 Outreach

Bill Peterson is the Manager, Outreach and Training with SERC Reliability Corporation, a corporation responsible for promoting and improving the reliability, adequacy, and critical infrastructure protection of the bulk power system in all or portions of 16 Southeastern and Central states. Previously, Mr. Peterson was the SERC Manager of Entity Assistance and IT focused on building strong security programs for our stakeholders and internally at SERC. Prior to that he manages the SERC CIPC as the Program Manager, Cyber Security in the Technical Resources department. When first hired, Mr. Peterson was a Senior CIP Engineer in the Compliance group supporting many compliance and risk mitigation efforts. Prior to joining SERC, he was a CIP Lead with Duke Energy working on various CIP projects, audit preparations, Mitigation Plans, Self-Reports, etc. Prior to that, Bill was a CIP Analyst and System Administrator with the New York Power Authority working on CIP audit preparations, system administration, network security, network operations, and IT project management. Mr. Peterson has a Master’s in Business Administration with a concentration on Information Technology Management from the State University of New York at Utica/Rome. Mr. Peterson has a Bachelor’s of Science degree with a dual major in Computer Engineering and Electrical Engineering Technology from

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.

the State University of New York at Utica/Rome. In addition, Bill is Certified in Risk and Information System Control (CRISC), a Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and has a Leadership Certificate from Cornell University.

37

Steve Rose

SERC Reliability Corporation Senior CIP Auditor Steve joined the SERC in July 2019.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Before joining SERC, Steve worked at City Water Light & Power (CWLP) in Springfield, Illinois, where he spent over 17 year in various roles. He participated in all aspects of O&P and CIP Audits for assessment of Reliability Standards. Steve began his career at CWLP as a Planning Engineer in the CWLP Planning Department. He was responsible for the daily, near term, and long term planning models, MISO Generator Interconnection LGIA, and assessments. Steve also participated in an engineering orientation rotation which included training in each of the following departments in one year increments: Distribution, Substation, and Relay Departments. Later, Steve supervised the CWLP Planning Department. Most recently, Steve was the Superintendent of Compliance where he developed, implemented, and monitored the CWLP Internal Compliance Program. Steve was also the CIP Senior Manager from 2013- 2017 and participated in the transition from NERC Cyber Security Standards Version 3 to Version 5. Prior to CWLP, he held the position of General Engineer at the NERC Region Mid America Interconnected Network (MAIN) now Reliability First. For two years Steve was responsible for performing daily ATC, CBM, and TRM studies for the member control areas for real-time situational awareness and ATC. He also served

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

as lead engineer for the MAIN Multi-Regional Modeling Working Group. Prior to beginning his career in the electric industry, Steve was in the United States Marine Corps for five years where he was an I-Level avionics technician on the F/A 18 Hornet. Steve has a B.S. in Electrical Engineering from Southern Illinois University. Steve is a NERC Certified Reliability Coordinator since 2012. Recently he completed the COSO Internal Control Certificate – IIA 2019 and COSO Enterprise Risk Management Certificate – IIA 2020. Steve is also a member of the Institute of Electrical and Electronic Engineers since 1997.

38

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42 Page 43 Page 44 Page 45

www.serc1.org

Made with FlippingBook - Online magazine maker