UNITED STATES OF AMERICA

FEDERAL ENERGY REGULATORY COMMISSION

 

)

Version 4 Critical Infrastructure)Docket No. RM11-11-000

Protection Reliability Standards)

)

 

ISO-RTO COUNCIL MOTION FOR CLARIFICATION

 

I.Introduction

 

On April 19, 2012, the Federal Energy Regulatory Commission (“FERC” or

“Commission”) issued its Final Rule approving the Version 4 - Critical Infrastructure Protection Reliability Standards (“Final Rule” or “Order 761”) submitted by the North American Electric Reliability Corporation (“NERC”).  Pursuant to § 385.212 of the Commission’s Rules of
Procedure, the ISO-RTO Council (“IRC”)1 respectfully moves for clarification with respect to particular aspects of the Final Rule.

The IRC recognizes the importance of cyber security and fully supports the efforts by
NERC and the Commission to ensure the Critical Infrastructure Protection (“CIP”) Reliability
Standards facilitates a secure electric system.  In accomplishing this goal, it is important to focus
on those aspects of the grid that are critical to reliability and the cyber-systems that support such
equipment.

Given the experience that FERC, NERC and the industry now have on this matter, the
CIP standards should provide objective metrics that define the universe of equipment for which
registered entities must be compliant.  An objective approach enhances the expertise of the

 

1 The IRC is comprised of the Alberta Electric System Operator (“AESO”), the California Independent System

Operator Corporation (“California ISO”), Electric Reliability Council of Texas (“ERCOT”), the Independent

Electricity System Operator of Ontario, Inc. (“IESO”), ISO New England, Inc. (“ISO-NE”), Midwest Independent
Transmission System Operator, Inc. (“MISO”), New York Independent System Operator, Inc. (“NYISO”), PJM
Interconnection, L.L.C. (“PJM”), Southwest Power Pool, Inc. (“SPP”), and New Brunswick System Operator
(“NBSO”).  Because they are not subject to the Commission’s jurisdiction, AESO and NBSO do not join in these
comments.  Further, these comments do not constitute agreement or acknowledgement by IESO or that IESO can be
subject to the Commission’s jurisdiction.  The IRC’s mission is to work collaboratively to develop effective
processes, tools, and standard methods for improving the competitive electricity markets across North America.  In
fulfilling this mission, it is the IRC’s goal to provide a perspective that balances Reliability Standards with market
practices so that each complements the other, thereby resulting in efficient, robust markets that provide competitive
and reliable service to customers.

 

 

1


 

 

 

industry, as developed and reflected through the Standard Development Process. This approach will help ensure all pertinent equipment receives the protection benefits afforded by the CIP
rules.  It is also consistent with the principle, as reaffirmed in Order 761, that entities responsible for Critical Asset identification are the owners of the equipment. Version 4 Critical
Infrastructure Protection Reliability Standards, 139 FERC ¶ 61,058 at PP 39-41 (2012) (holding that “the burden for identifying Critical Assets is with the Responsible Entity that is the asset
owner” and that “under CIP-002-4 the responsible entity is required, and thus bears the
compliance obligation, to apply the bright line criteria….”).2  The clearer the direction provided in the Standard Development Process, the lesser the need for third-party involvement, either
directly or indirectly, in Critical Asset identification.

Version 4 of the CIP standards improves the standards by evolving from an approach

where individual entities developed the risk-based methodologies for assessing the criticality of
their control center, transmission, and generation facilities with bright line criteria.  In approving
Version 4, the Commission found that the bright-line criteria provide relative benefits compared
with Version 3, because: (1) they eliminate the use of risk-based assessment methodologies,
which the Commission found inadequate in identifying Critical Assets, and (2) they enhance
consistency and provide greater clarity with respect to identifying Critical Assets.3

Nevertheless, FERC’s order approving Version 4 - particularly its reliance on non-

Reliability Standard documents to define the requirements of the Standard - warrants

clarification in order to avoid unnecessary confusion about the relationship between information developed by third-parties that may be pertinent to responsible entities and to avoid confusion in future administration of the Standard Development Process.

 

 

 

 

 

2 The Commission has consistently found that equipment owners/operators are responsible for Critical Asset

identification.  Mandatory Reliability Standards for Critical Infrastructure Protection, 123 FERC ¶ 61,174 at P 53
(2008) (stating that “[t]he responsibility for properly identifying all of a responsible entity’s critical assets and
critical cyber assets and adequately protecting those assets rests firmly with the responsible entity”); Mandatory
Reliability Standards for Critical Infrastructure Protection, 122 FERC ¶ 61,040 at PP 253, 319 (2008) (finding
that "[a] responsible entity … remains responsible to identify the critical assets on its system” and that
“responsibility for identifying critical assets should not be shifted to the Regional Entity or another organization
instead of the applicable responsible entities identified in the current CIP Reliability Standards”).

3 See Final Rule at P 20.

 

 

2


 

 

 

 

 

II.Communications

 

Correspondence and communications regarding this filing should be addressed to the

undersigned as follows:

Nancy SaracinoMatthew Morais*

General CounselAssistant General Counsel

Roger CollantonElectric Reliability Council of

Assistant General Counsel-Litigation andTexas, Inc.

Mandatory Standards2705 West Lake Drive

Anna McKenna*Taylor, Texas 76574

Senior Counselmmorais@ercot.com

California Independent System Operator

CorporationCraig Glazer*

151 Blue Ravine RoadVice President - Federal Government

Folsom, California 95630Policy

amckenna@caiso.comRobert Eckenrod*

PJM Interconnection, L.L.C.

Suite 600

1200 G Street, N.W.

Washington, D.C. 20005

glazec@pjm.com

eckenr@pjm.com

 

Raymond W. HepperStephen G. Kozey*

Vice President, General Counsel, andVice President, General Counsel, and

SecretarySecretary

Theodore J. Paradise*Midwest Independent

Assistant General Counsel, Operations andTransmission

PlanningSystem Operator, Inc.

ISO New England Inc.P.O. Box 4202

One Sullivan RoadCarmel, Indiana 46082-4202

Holyoke, Massachusetts 01040skozey@midwestiso.org

tparadise@iso-ne.com

Carl F. Patka*Brian Rivard*

Assistant General CounselManager - Regulatory Affairs &

Raymond A. StalterSector Policy

Director of Regulatory AffairsAnalysis

New York Independent System Operator, Inc.Ontario’s Independent Electricity

10 Krey BlvdSystem

Rensselaer, New York 12144Operator

cpatka@nyiso.com655 Bay Street, Suite 410

Toronto, Ontario M5G 2K4

brian.rivard@ieso.ca

 

 

3


 

 

 

 

 

Paul Suskie*

Senior Vice President, Regulatory Policy and General Counsel

Southwest Power Pool, Inc.

415 North McKinley, Suite 140
Little Rock, Arkansas 72205

psuskie@spp.org

 

* = persons designated to receive service

 

III.Background

 

A.   The  Commission  confirmed  that  CIP-002-4  applies  only  to  Responsible
Entities, i.e., the Asset Owners, as being responsible for designating their
Assets as “Critical”.

In response to the Version 4 NOPR, the IRC and MISO filed comments that, in essence,
stated that Criteria 1.3, 1.8 and 1.9 might be read to implicate third parties in Critical Asset
identification and, therefore, introduce ambiguity with respect to what information produced by
third party functions would be relevant to Critical Asset identification by responsible entities.
The comments stated that this ambiguity could introduce discretion in criticality determinations,
which could undermine the uniformity benefits intended by the use of bright line criteria.

The Commission addressed the IRC and MISO concerns by stating that third party

functions (e.g. Planning Coordinator) are not implicated in Critical Asset identification under

CIP-002-4.4  Rather, responsible entities would  merely use the information related to the

independent actions of the relevant functions (i.e. Planning Authority/Coordinator, Transmission
Planner and Reliability Coordinator) in determining the criticality of the responsible entities’
assets under the relevant bright line criteria - see, e.g., criteria 1.3, 1.8 and 1.9.  The Commission
stated that the relevant functions are unrelated to Critical Asset review or identification, and that
CIP-002-4 merely directs responsible entities to use the information produced by by the relevant
functional entities in the independent performance of their distinct functional obligations. In
essence, the Commission explicitly stated that third parties/functions are not implicated in
responsible entities’ Critical Asset review or identification.    The Commission also stated that

 

 

 

 

4 See Final Rule at PP 36-41.

 

4


 

 

 

Planning Authorities and Transmission Planners cannot be implicated because they are not within the scope of the Applicability section of the standard.

 

B.    The Commission Made Clear its Understanding that CIP-002-4 Does Not Rely
on Third Parties - like Planning Coordinators - Performing Any Tasks that
They Do Not Already Perform Pursuant to Other Standards

With respect to the issue of whether the use of information resulting from the execution of duties related to other functions imposes any undue burden on the third party functions in terms of developing incremental information to be used by responsible entities in identifying their Critical Assets, the Commission stated that the information was based on the performance of existing functional obligations, and, therefore, was not discretionary and/or incremental to the tasks such entities were already required to perform.5

To support its conclusion, the Commission specifically references the Standard Drafting
Team’s Rationale and Implementation Reference Document (“RIRD”), and a Standard Drafting
Team response to a comment.  The RIRD refers to information related to actions under other
standards applicable to independent relevant functions that may be germane to Critical Asset
identification.  Regarding Criterion 1.3, the Standards Drafting Team (“SDT”) stated that third
parties are not involved in Critical Asset identification and that Critical Asset identification

responsibility lies solely with the responsible entity.  The SDT further stated that the relevant

third party functions are only determining the unit to be necessary to avoid “Adverse Reliability Impacts” based on other NERC reliability standards - that independent information would be used by the asset owner in identifying its critical assets.

The IRC appreciates the Commission’s responses to its comments, and believes the

discussion in the Final Rule makes it clear that relevant third party functions are not implicated
in Critical Asset review or identifications made by the responsible entity under Criteria 1.3, 1.8
or 1.9, and that compliance obligations lie solely with such responsible entities.  The Final Rule
also makes it clear that third party information relevant for Critical Asset identification under
those criteria is related to the performance of existing independent functional obligations, and
does not require any incremental actions by the relevant functions.  However, because the Final

 

 

 

 

5 Id.

 

5


 

 

 

Rule is not entirely clear with respect to the use of NERC defined terms and standards in identifying Critical Assets, the IRC seeks clarification of the two points below.

 

 

IV. DISCUSSION - REQUEST FOR CLARIFICATION

The Commission agreed that additional clarity could be provided to ensure uniformity in
implementation of Criterion 1.3.6  The IRC believes that additional clarity would provide similar
benefits to Criteria 1.8 and 1.9 as well.  Accordingly, the IRC requests clarification on the
following matters, which will facilitate achievement of the intended uniformity benefits.

 

A.   In order to avoid confusion that may be caused by discrepancies between the
RIRD and the Standard Drafting Team’s comments, the Commission should
Clarify  that  it  Intends  that  NERC  will  explicitly  refer  to  the  defined
terminology that is relevant to Criteria 1.3.

For Criterion 1.3, the third party functions implicated are the Planning Coordinator and
Transmission Planner.  The criterion states that a generation asset is critical if the Planning
Coordinator or Transmission Planner “designates and informs” the responsible entity that its
asset is necessary to “avoid BES Adverse Reliability Impacts in the long-term planning horizon”.

As noted, in discussing the type of information relevant for criterion 1.3 determinations, the Commission focused on the related RIRD and the SDT response.  The RIRD references
system planning generally.  In that context, the RIRD relates criticality to whether a unit is
needed to, “preserve the reliability of the BES” but this phrase is not defined.  The RIRD does reference TPL-003 and TPL-004 as relevant to criterion 1.3 criticality determinations.  However, the RIRD neither explicitly defines the universe of information relevant to TPL-003/004 nor states that TPL-003/004 are the only relevant standards.

The SDT response, as cited by the Commission, states that relevant information will be
determinations by the Planning Coordinator or Transmission Planner that a unit is “necessary to
avoid Adverse Reliability Impacts based on other NERC reliability standards”.  The SDT
response links criticality to the defined term Adverse Reliability Impacts (“ARI”), which is
different than the general, undefined phrase used in the RIRD - i.e. to preserve the reliability of

 

 

 

6 Final Rule at P 41.

 

6


 

 

 

the BES.  Unlike the RIRD, the SDT response does not relate that to performance under any specific standards.

The FERC approved and pending definitions of ARI are, respectively:

The impact of an event that results in frequency-related instability; unplanned tripping of load or generation; or uncontrolled separation or cascading outages that affects a widespread area of the Interconnection.

 

The impact of an event that results in Bulk Electric System instability or Cascading.

 

Linking criticality to ARI, per the SDT’s response - is more appropriate than the

language in the RIRD, because Criterion 1.3 explicitly refers to avoiding adverse reliability

impacts.  In addition, the ARI definitions are related to specific system conditions.  These

conditions can then be related to specific planning actions under specific standards.  This linkage is necessary to achieve the intended uniformity benefits from implementing bright line criteria under Version 4 of the CIP standards.  The Commission’s use of the RIRD introduces the more general concept of BES reliability, which, unlike ARI, is not defined nor linked to any specific system conditions.  Accordingly, The Commission should clarify that ARI is the relevant
standard for criticality determinations under Criterion 1.3.

Assuming the Commission provides the requested clarification, it should also clarify
which standards applicable to the Planning Coordinator and Transmission Planner functions
implicate ARI.  Planning Coordinators and Transmission Planners are subject to numerous
standards, and the two external documents referenced by the Commission to describe the scope
of third party functional information for use in Criterion 1.3 criticality determinations arguably
conflict with respect to the standards that are relevant for this purpose.  One references two
standards, but in a non-exclusive manner, and the other provides no boundaries, but rather links
relevance to the term ARI, which is defined in terms of system conditions/occurrences, but not in
terms of specific standards.  In order to facilitate achievement of the uniformity benefits intended
from the use of bright line criteria, the Commission should clarify which standards are
specifically related to preventing ARI under Criterion 1.3 from a planning perspective.

In addition, the IRC notes that performance under the relevant planning standards will
differ between regions and functional entities.  Therefore, the specific information used by

 

7


 

 

 

responsible entities under 1.3 will not always be the same, but the standards used to obtain the information and the general types/categories of information categories will be consistently applied by responsible entities in critical asset identification.

 

B.    In Order to Avoid Confusion in the Application of the Criteria 1.8 and 1.9, the
Criteria Should Explicitly Refer to FAC-014-2.

The third party functions implicated under Criteria 1.8 and 1.9 include the Reliability

Coordinator, the Planning Authority and the Transmission Planner.7  The standard for

determining relevance to criticality in the criteria is “as critical to the derivation of

Interconnection Reliability Operating Limits (“IROL”) and their associated contingencies.”  The
implicated third party functions are subject to numerous standards and requirements.  It is not
clear which ones are related to this general standard.  In the Final Rule, the Commission
references the RIRD, which references FAC-014-2.  However, it is not clear that the
Commission intended its discussion of FAC-014-2 in the context of a document (external to the
standard) to define the scope of standards relevant for Criteria 1.8 and 1.9 criticality
determinations.

In order to facilitate uniformity and to remove discretion and subjectivity, the

Commission should clarify what standards are relevant to 1.8 and 1.9 criticality determinations, and direct NERC to include references to FAC-014-2.

 

 

V.CONCLUSION

 

By specifically describing the Standards and types of information applicable to asset

owners’ criticality determinations under CIP-002 Criteria 1.3, 1.8 and 1.9, the Commission will facilitate uniform criticality determinations based on objective metrics, which, in turn, will
support efficient and effective application of CIP-002.  Accordingly, the IRC respectfully
requests that the Commission give due consideration to the comments herein and provide the
requested clarifications.

 

 

 

 

7 The term Planning Coordinator replaced the term Planning Authority.  Criterion 1.3 uses Planning Coordinator, but

1.8 and 1.9 use Planning Authority.  The Commission may want to require NERC to revise the criteria for consistency with respect to the use of the appropriate term for this function.

 

8


 

 

 

 

 

Respectfully submitted,

 

/s/ Nancy Saracino/s/ Matthew Morais

Nancy SaracinoMatthew Morais

General CounselAssistant General Counsel

Roger CollantonElectric Reliability Council of

Assistant General Counsel-Litigation andTexas, Inc.

Mandatory Standards2705 West Lake Drive

Anna McKennaTaylor, Texas 76574

Senior Counsel

California Independent System Operator/s/ Craig Glazer

CorporationCraig Glazer*

151 Blue Ravine RoadVice President - Federal Government

Folsom, California 95630Policy

Robert Eckenrod*

PJM Interconnection, L.L.C.

Suite 600

1200 G Street, N.W.

Washington, D.C. 20005

 

/s/ Raymond W. Hepper/s/ Stephen G. Kozey

Raymond W. HepperStephen G. Kozey

Vice President, General Counsel, andVice President, General Counsel, and

SecretarySecretary

Theodore J. ParadiseMidwest Independent

Assistant General Counsel, Operations andTransmission

PlanningSystem Operator, Inc.

ISO New England Inc.P.O. Box 4202

One Sullivan RoadCarmel, Indiana 46082-4202

Holyoke, Massachusetts 01040

 

/s/ Carl F. Patka__/s/ Brian Rivard_____

Carl F. PatkaBrian Rivard

Assistant General CounselManager - Regulatory Affairs &

Raymond A. StalterSector Policy

Director of Regulatory AffairsAnalysis

New York Independent System Operator, Inc.Ontario’s Independent Electricity

10 Krey BlvdSystem

Rensselaer, New York 12144Operator

655 Bay Street, Suite 410
Toronto, Ontario M5G 2K4

 

 

 

 

 

 

 

9


 

 

 

 

 

/s/ Paul Suskie

Paul Suskie

Senior Vice President, Regulatory Policy and General Counsel

Southwest Power Pool, Inc.

415 North McKinley, Suite 140
Little Rock, Arkansas 72205

 

Dated:  June 5, 2012

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

10


 

 

 

 

 

CERTIFICATE OF SERVICE

I hereby certify that I have this day served the foregoing document upon each person

designated on the official service list compiled by the Secretary in this proceeding in accordance with the requirements of Rule 2010 of the Rules of Practice and Procedure, 18 C.F.R. §385.2010.
Dated at Rensselaer, NY this 5th day of June, 2012.

 

/s/ Joy A. Zimberlin

Joy A. Zimberlin

New York Independent System Operator, Inc

10 Krey Blvd.

Rensselaer, NY 12144 (518) 356-6207