201905 SERC Transmission

SERC Transmission Newsletter Generated Monthly for Stakeholders

May 2019

Volume 6: Issue 5

SERC CONNECTION

HOT TOPICS

A MONTH OF MANY MILESTONES

NOTE THE NEWS TECHNICAL COMMITTEES

By Jason Blake, President and CEO So much has happened in the past 30 days, and we are quite excited to share with you the completion of many key milestones in the efforts to integrate the SERC and FRCC Regions. OnApril 30th, the Federal Energy Regulatory Commission issued an order formally approving the transfer of all registered entities in the FRCC Region to SERC by July 1, 2019. We could not be more pleased about this opportunity to expand SERC’s footprint, and to welcome the addition of so many respected, diverse, and expert organizations into our Region!

FOR YOUR CALENDAR INSIDE SERC

Another important milestone in our transition efforts occurred in lateApril, as well. For the first time, SERC held its spring Board of Directors meeting in the beautiful city of Tampa, Florida. We were thrilled that so many prospective members and registered entities joined us. During this meeting, the Board took significant actions that are effective upon the formal transfer of the FRCC registered entities to SERC: • First, the Board formally approved and welcomed 26 new members from Florida. • Second, the Board of Directors added and elected three senior executives from current FRCC registered entities to join the SERC Board Executive Committee. This expansion of the Board Executive Committee helps ensure Florida representation and demonstrates our commitment at all levels of SERC to be a singular, inclusive, and cohesive region for entities across both the current SERC and FRCC footprints. • Third, the Board of Directors also approved the submission of SERC’s draft 2020 Business Plan and Budget to NERC, and its posting for comment. SERC management and numerous Board committees have worked very hard to ensure that we perform our important work in the most effective and efficient manner, and we believe that this draft budget will prudently enable us to do so.

MORE

HOT TOPICS

NERC Themes Webinar Series NERC and the Regional Entities (the ERO Enterprise) are hosting a series of webinars in 2019 to share information about the cases presenting the greatest risks to reliability and security. The first webinar was conducted in lateApril, and described the principles that guide the comprehensive resolution of those cases and how those principles operated in practice in resolving violations of the Critical Infrastructure Protection (CIP) Reliability Standards. It covered the underlying causes of the CIP violations, as well as what was done to remediate the violations and foster sustainable compliance and security programs. Upcoming webinars in the series will be announced in the For Your Calendar section of the newsletter. Watch for it!

SERC Region Reliability Projected for Summer Season

The summer Seasonal Outlook webpage features SERC’s assessment of the bulk electric system for the upcoming summer season. Based on a review of the Region's demand and capacity, summer peak reserve margin projections have trended ~20% or above consistently for the last three years, which indicates there are sufficient resources to meet the load during the summer peaks. Anticipated Reserve Margins for the 2019 summer season range from 19% to 48%. However, entities continue to perform studies regularly to prepare for operational challenges that may occur in the upcoming season. SERC staff would like to thank the Reliability Review Subcommittee for its assistance in data collection for this project. Self-Report and RFI Processes In an effort to help registered entities navigate the Self-Report and RFI processes, the SERC EntityAssessment and Mitigation team has taken some of the more frequently violated Standards and Requirements and provided the RFI questions asked most often for each. The purpose of these documents is to give registered entities a better understanding of what information SERC is looking for in Self-Reports and RFIs. The goal of this effort is to reduce the time registered entities and SERC spend obtaining needed information, which will shorten the time it takes to process reported noncompliance. The documents are posted in the RFI Tips folder under Documents on the Entity Assessment and Mitigation webpage. This page may also be accessed from the Compliance channel box on the SERC homepage.

<

SERC CONNECTION

HOT TOPICS

NOTE THE NEWS

PAGE 2

TheAlign Project is the end product of strategic efforts that began in 2014. Formerly known as the Compliance Monitoring and Enforcement Program (CMEP) Technology Project, its goal was to improve and standardize processes across the ERO Enterprise. As the ERO Enterprise evolves in using a risk-based approach in regulatory activities, the development of a more comprehensive system to manage and analyze information is crucial. Its goals are to improve documentation, sharing, and analysis of compliance work activities; enable consistent application of the CMEP; and make CMEP activities more efficient and effective across the ERO Enterprise. The project team is finalizing the construction and testing of Release 1, and getting ready to train the ERO Enterprise during the summer of 2019. See Release 1-Functionality andAlign FAQs for additional information. Regional Entity Training Align tool training is scheduled for Regional Entity (RE) staff onAugust 6 and 7, 2019. The RE staff training will be a two- day in-person training class, held in SERC’s offices in Charlotte, North Carolina. For those not able to attend this session, a list of training dates across the ERO Enterprise is posted on the NERC website. Other Regions are offering the same training on different dates, so several options are available. Registration for RE staff should be done through the NERC

Learning Management System. Registered Entity Training

Training sessions will be conducted for registered entities on Tuesday, August 13, 2019, and that same session will be repeated on Tuesday, August 20. Participants will have the option to attend in person at the SERC office in Charlotte or via WebEx. Event Details and a registration link for these events are posted on the Upcoming Events page of the SERC website. (Also see the For Your Calendar section for direct links to each event.)

FOR YOUR CALENDAR

May 2019

>

TECHNICAL COMMITTEES

INSIDE SERC

NOTE THE NEWS

Share good news about your company and send newsletter suggestions to: support@serc1.org. Spotlight your company by submitting photographs for SERC’s use. Subscribe / Unsubscribe by sending an emal to: support@serc1.org

N E W S

Registered Entity Forum Q&As Posted SERC responses to the questions posed during the Registered Entity Forum sessions conducted at the Spring Compliance and Small Entity Seminars have been posted. You may access them under Documents on the Registered Entity Forum webpage.

SERC Situational Awareness/Events Analysis

The March 2019 SAEA Report is posted.

Don’t forget about NERC’s Lessons Learned Program. Akey benefit of the EventsAnalysis program is identification of Lessons Learned from events that stress the electric grid. The creation of the Lessons Learned is a collaborative effort between registered entities, NERC, and the Regions. SERC staff is reaching out to encourage registered entities to work with SERC in developing Lessons Learned. If your company has experienced an operational event and would be interested in sharing what you have learned from the event, please contact the SERC EA department.

<

SERC CONNECTION

HOT TOPICS

NOTE THE NEWS

PAGE 4

Assistance

Assistance Program Overview / 2019 Assistance Catalog Two new eLearning modules have been added to the Assistance Catalog.

Grey Energy GreyEnergy is thought to be the successor to BlackEnergy, the strain of malware responsible for the Ukraine attack that successfully took down a portion of their grid in 2015. These strains are directed at the energy sector and other high-value industrial targets. GreyEnergy attacks ICS workstations running Supervisory Control and Data Acquisition (SCADA) software and servers. The group responsible is also related to Telebots, theAdvanced Persistent Threat (APT) group behind NotPetya, and Crash- Override, the strain of malware associated with the second attack on the Ukraine in 2016. The main focus of the group is reconnaissance and cyber espionage. They are also highly dedicated to being stealthy, employing anti-forensic techniques, and leaving a minimal footprint within a system. One of the ways the malware obfuscates is including a large amount of “junk” code intended to throw off analysts. Considering how initial infection occurs, the most effective preventative measure is cybersecurity awareness and training for employees. Training employees on current cyber threats and techniques used by nefarious agents is key. It is also critical that technical staff keep systems up-to-date with the current security and software patches. The security organization F-Secure has outlined the following GreyEnergy attack stages: Initial Access: GreyEnergy gains initial access using Spear Phishing and infected documents. Execution: Malware execution with scripting, service executions, user executions, and PowerShell. Persistence: By altering Registry Keys/start-up folder, the modification of existing services, and WebShell. Privilege Escalation: The exploitation of already existing accounts, credential dumping, input captures, and credentials in files/registry. Moves laterally using Windows admin shares. Obfuscation: Done with code signing, file deletion, indicators removed from hosts, process injection, and timestomp. Collection & Exfiltration: Collects screen and input captures. Exfiltrates over command and control channels using Tor relay servers. Command & Control: Using connection proxies, multi-hop proxies, standard application protocols and ports.

AccordingtoBarracuda’sMarch 2019 Phishing Report, for the 360,000 emails evaluated, the following are the top 12 subject lines used in phishing attacks: • Request • Follow up Twelve Most Common Phishing Email Subject Lines

• Urgent / Important • Are you available? / • Payment Status • Hello • Purchase • Invoice Due • Re: • Direct Deposit • Expenses • Payroll

Are you at your desk?

To avoid falling victim to phish- ing attacks utilizing DMARC authenticationtoavoidspoofing, the deployment of multifactor authentication, and user training would provide an extra layer of security and awareness.

FOR YOUR CALENDAR

May 2019

>

TECHNICAL COMMITTEES

INSIDE SERC

APRIL

AND LESSONS LEARNED

WEBPAGE

PROCESS

Question: April 3, 2019 Per the Standards for COM-001 and COM-002, the retention period for written documentation is the most recent twelve calendar months and voice recordings for the most recent 90 calendar days unless directed by the CEA to retain specific evidence for a longer period of time as part of an investigation. Does SERC have a retention period for written documentation and call recordings that will require an entity to keep evidence longer than what is specified in the Standard? Response NERC Standard COM-001-3 requires the applicable entity to retain written documentation for the most recent twelve calendar months and voice recordings for the most recent 90 calendar days. NERC Standard COM-002-4 requires the applicable entity to retain data or evidence for each applicable Requirement for the current calendar year and one previous calendar year, with the exception of voice recordings which shall be retained for a minimum of 90 calendar days. SERC is obligated to request the data and evidence based on the retention periods that are stated in the NERC Standards and Requirements. SERC may request the applicable entity to retain specific evidence for a longer period of time as part of an investigation. Question: April 16, 2019 MOD-033 R1 requirement R1.2 has an exception that states “If no dynamic local event occurs within the 24 calendar months, use the next dynamic local event that occurs” Dynamic local event is not a defined term. Dynamic events happen often (e.g. breaker operations), but are not always measurable enough, or have sufficient data recorded to be used for comparison. Is it acceptable for an entity to define criteria for what is an acceptable local event, and can the exception be used if there is no acceptable event in 24 months? Example: For an event to be considered acceptable the following criteria must be met: • Sufficient EMS data is available, and • Event must result in a perturbation of a portion of the system, and • Sufficient event recorder data is available. Response Per MOD-033, for the dynamics validation, the target of validation is those events that the Planning Coordinator (PC) determines are dynamic local events. Adynamic local event could include such things as closing a transmission line near a generating plant. Adynamic local event is a disturbance on the power system that produces some measurable transient response, such as oscillations. It could involve one small area of the system or a generating plant oscillating against the rest of the grid. Therefore, it is the PC that has to identify the dynamic event. If something other than what the PC has identified is determined to be such an event, then the PC would still determine what is to be used. If no dynamic local event occurs within the 24 calendar months, use the next dynamic local event that occurs.

<

SERC CONNECTION

HOT TOPICS

NOTE THE NEWS

PAGE 6

N E W S

N E W S

Links to FERC’s Newsroom - OpenAccess Podcasts 2019 Open Meeting Schedule Energy Infrastructure Update: February 2019 • FERC Chairman Neil Chatterjee appointedAndrew Satten as newAdministrative Law Judge. • Final Environmental Impact Statements were issued for the: • Gulf LNG Liquefaction Project • Eagle LNG Partners Jacksonville, LLC’s Jacksonville Project • Annova LNG Brownsville Project • Rio Grande LNG Project and Rio Bravo Pipeline Project • Grant Lake Hydroelectric Project • Two new liquified natural gas export projects were approved by FERC. • PJM Interconnection and New York Independent SystemOperator (NYISO) were ordered to revise pricing for fast-start resources. (Presentation) • FERC finalized the Expedited Hydro Licensing process. (Presentation) • FERC staff presented the 2018 State of the Markets Report. (Presentation) • Chairman Chatterjee named Maria Farinella to Chief of Staff position.

Quick links to NERC’s Newsroom and Newsletters NERC Postings • New proposed Implementation Guidance on CIP-013-1, R1, R2 • Standards Committee special election for Segment 1 Election Results and 2019 Roster • Slides and recording for the March 21, 2019 Standards Efficiency Review Retirements webinar • Two new Practice Guides: • Clarity on the implementation of terms “Annual” and “Calendar Month(s)” in the Reliability Standards • Guidance on assessing a process to authorize access to designated storage locations for BES Cyber System Information (BCSI) • Standards announcement regarding modifications to PRC-024-2: Ballot pools are forming through May 16, 2019; and the comment period is open through May 31, 2019. • Two new RSAWs for PER-003-2 and TPL-007-3

FOR YOUR CALENDAR

May 2019

>

TECHNICAL COMMITTEES

INSIDE SERC

TECHNICAL COMMITTEES

Technical Committee members are invited to submit information for the newsletter. New committee members and those wishing to update committee rosters should use the Committee Roster Update Request Form located in the About SERC channel box on the SERC website homepage.

2019 SUMMER REGIONAL MEETINGS By: Evan Shuvo NCSO, PMP – Senior Engineer, Reliability

SERC staff would like to welcome the planners and modelers from the Region’s members to the 2019 Summer Regional Meetings and the 48thAnnual Pig Roast. This year’s event will be held at the Crowne Plaza Springfield - Convention Center in Springfield, Illinois fromTuesday, July 16 through Thursday, July 18. Participation is limited to members of the applicable Engineering Committee’s subcommittees, and working groups: Dynamics Working Group (DWG), Long-TermWorking Group (LTWG), Near-TermWorking Group (NTWG), Operations Planning Working Group (OPWG), Planning Coordination Subcommittee (PLCS) and Reliability Review Subcommittee (RRS). SERC would also like to thank the MISO Central sub-region and its member companies - MISO, Ameren, BREC, CWLD, CWLP, and SIPC for hosting theAnnual Pig Roast and reception at this year’s Summer Regional Meetings. If you haven’t made your plans to attend yet, please visit the event details page on the SERC website to register. We are looking forward to seeing you there!

NEW COMMITTEE MEMBERSHIP MODULE

SERC Technical Committees are integral to the success of SERC and its members in maintaining the reliability and security of the Bulk Electric System. The Technical Committees and subgroups present a medium for entities to share issues, concerns, experience, lessons learned, and best practices. All SERC member entities are eligible for membership in Technical Committees, based on the functional registration of the entity.

ASERC Committee Membership course is now available to assist member company participants - and those who may want to become member participants - in understanding aspects of the SERC Technical Committees. The course addresses several topics, such as the objective in using committees to perform certain delegated functions, committee structure, eligibility for membership, and participation. This free online course is available to everyone who wants to learn more about the exciting world of SERC Technical Committees. Take a few minutes and check it out.

<

SERC CONNECTION

HOT TOPICS

NOTE THE NEWS

PAGE 8

A MONTH OF MANY MILESTONES Continued from page 1

Our project team of leaders and subject matter experts across the SERC and FRCC staffs have been hard at work to ensure a smooth and seamless transition. Engagement has ranged from workshops held in Florida and North Carolina as well as webinars, in-person meetings, and conference calls. The participation and engagement across all of the Florida companies has been truly impressive. We hope these engagements have successfully established open lines of communication for continued relationships with the newly expanded SERC Region. While these critical milestones have been achieved, there is much work that remains to be done. We knew the project plan would be back-end loaded, with many deliverables coming due in May and June. We remain on schedule, and we look forward to taking this project across the finish line in the near future. You can continue to track our progress through our dedicated FRCC transition webpage for more details and emerging news.

FOR YOUR CALENDAR

May 2019

>

TECHNICAL COMMITTEES

INSIDE SERC

INSIDE SERC

MOLLY POOLE, ASSOCIATE LEGAL COUNSEL Molly Poole joined SERC as anAssociate Legal Counsel for the Legal team on Monday, April 22, 2019. Molly came to SERC fromThe Public Service Commission of West Virginia where she served as anAttorney. Previously, Molly was a Clerk for the Fredeking & Biser Law Offices.

SERC Board Meeting

The SERC Board of Directors held its 101st Board meeting in Tampa, Florida onApril 24, 2019. This meeting marked a major milestone in the transition of the FRCC Regional Entity into SERC. Many of the topics discussed, as well as the presentation themes and actions requested of the Board, support the efforts to ensure a smooth and seamless transition. In particular, the Board approved the addition of 26 new Florida entities to the SERC membership effective July 1, 2019, as well as the addition of three new Florida representatives to the Board Executive Committee. In addition to the approximate 50 Board directors and alternates in attendance, the SERC Board was pleased to welcome over a dozen entities from Florida as well as President and CEO of FRCC Stacy Dochoda and members of the FRCC leadership team. The Board also welcomed CEO of NERC Jim Robb, NERC Board Vice-Chair Janice Case, FERC Director of Office of Electric ReliabilityAndy Dodge, and NERC Vice President, Chief Technology Officer and Director of Information Technology Stan Hoptroff to the meeting. Board Chair Greg Ford welcomed guests to Tampa, and provided an update of recent discussions from the NERC Board and Members Representatives Committee meetings. Jason Blake delivered his President’s report, expressing his appreciation for all the efforts of the SERC and FRCC staff on the integration efforts. As this was Jason’s first meeting with the full Board, he also laid out his strategic vision for the direction of the organization and how we get there. Board Vice-Chair Todd Hillman presented an overview of SERC’s governance changes that are in progress. Todd explained that these changes will achieve several important things, the most significant of which are to transition the Board Executive Committee into the full Board, transition the full Board into a Members’ Committee, and incorporate at least three independent directors on the Board. The Board also discussed the draft 2020 Business Plan and Budget. While SERC will see a budget increase due to the integration of Florida, assessments are trending stable and should remain more consistent in the future. The Board approved the draft Business Plan and Budget without modification for submission to NERC. Other topics included the approval of several new Board Committee Chairs and members; an overview of the FRCC- SERC integration efforts; and a discussion on SERC’s continuous improvement efforts, of which the goal is to take the best practices from FRCC and SERC and create one exceptional process.

<

SERC CONNECTION

HOT TOPICS

NOTE THE NEWS

PAGE 10

FOR YOUR CALENDAR

Please pre-register on the SERCwebsite. Due to fire code restrictions, onsite registration does not guarantee attendance can be accommodated.

SERC: May 6 SERC: May 7 - 8 SERC: May 7 - 8 SERC: May 8 - 9

Q2 2019 Open Forum ERAGMeeting Near TermWorking Group RRWGMeeting

UPCOMING EVENTS

All Upcoming Events SERC Events July 29

NERC S M A L L G R O U P A D V I S O R Y M E E T I N G S

Q3 Open ForumWebinar Align Tool Training #1 Align Tool Training #2 CIP Compliance Seminar Fall Compliance Seminar

August 13 August 20

NERC will host Small GroupAdvisory Meetings on October 29-31, 2019 with registered entities, Standards Developers, and Regional Entities to assess the implementation of the CIP Cyber Supply Chain Standards: • CIP-013-1 (Supply Chain Risk Management) • CIP-005-6 (Electronic Security Perimeter(s)) • CIP-010-3 (Configuration Change Management and VulnerabilityAssessments)

September 17 - 18 October 8 - 9

System Operator Conferences August 27 - 29

SOC #3 - Chattanooga, TN SOC #4 - Chattanooga, TN

September 24 - 26

NERC Events July 23 - 24

Compliance & Standards Workshop

FERC Technical Conferences June 25 - 27 Increasing Market Efficiency & Enhancing Resiliency Through Impoved Software Notice Event Details June 27 BPS Reliability Notice Event Details

FOR YOUR CALENDAR

May 2019

>

TECHNICAL COMMITTEES

INSIDE SERC

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11

Made with FlippingBook - Online magazine maker