3353 peachtree road ne suite 600, north tower 404 … highlights and mintues 2013/policy... ·...

April 9, 2014 Mr. John A. Anderson, Chair NERC Member Representatives Committee c/o Electricity Consumers Resource Council 1111 19th Street, NW Suite 700 Washington, DC 20036 Re: May 2014 Policy Input to NERC Board of Trustees Dear John: I would like to invite the Member Representatives Committee (MRC) to provide policy input on three issues of particular interest to the Board of Trustees (Board) as it prepares for the meetings on May 6-7, 2014, in Philadelphia, PA. We recognize many of those on the MRC are involved with numerous important NERC activities, including the development of the physical security standard, and would appreciate your thoughts on these additional matters of importance. Enclosed with this request is additional background information to help MRC members solicit inputs from their respective sectors. The three issues are: Item 1: Reliability Standard Audit Worksheet (RSAW) Review and Revision Process At the February MRC meeting, there was a discussion about developing a review and approval process for changes to RSAWs to ensure that a change does not materially change the scope or intent of a standard. A working group was formed with representation from the MRC, NERC staff, and the Board to develop a proposal to be presented at the May meetings. The working group developed a proposed process to vet proposed changes to an RSAW that is already in place for an existing standard (see, Attachment A). The MRC is encouraged to provide feedback on the proposed process and, specifically, whether it addresses the concerns raised during the February meetings. Item 2: Risk-Based Registration Assessment The April 9, 2014 MRC Informational Session agenda materials include an update on the Risk-Based Registration (RBR) Initiative launched in 2014 (see Agenda Item 4b). The RBR Initiative is assessing the current registration criteria and practices to ensure the right entities are subject to the right set of applicable Reliability Standards, using a consistent and common approach to risk assessment and registration across the ERO Enterprise. NERC has established a RBR Advisory Group (RBRAG) to provide input and advice for the RBR design and implementation plan. The RBRAG is comprised of representatives from NERC staff, Regional Entity staff, and Federal Energy Regulatory Commission staff, along with U.S.

Fred W. Gorbet, Chair Board of Trustees

3353 Peachtree Road NE

Suite 600, North Tower Atlanta, GA 30326

404-446-2560 | www.nerc.com

http://www.nerc.com/gov/bot/MRC/Agenda%20Highlights%20nad%20Minutes%202013/MRC_Info_Session_04-09-14a_Complete.pdf

and Canadian industry representatives. A whitepaper has been developed by the RBRAG to identify issues that need to be addressed in the ultimate design. At this formative stage in the project, the MRC is encouraged to provide feedback on the draft whitepaper (see, Attachment B), specifically around the following questions:

1. The whitepaper sets out several objectives for this initiative. Do you agree with these objectives and are there any other considerations you would suggest?

2. Is the use of multiple thresholds, as discussed in the whitepaper, a prudent approach to determining whether an entity should be registered and do you believe this may cause any unintended consequences?

3. Are there any other considerations not identified in the whitepaper that you believe need to be factored into this initiative?

The RBR design and implementation plan are targeted to be posted in late May 2014 for public comment. Further, based on the current plan, the Registration program redesign and implementation plan will be discussed at the MRC and Board committee meetings in May and August 2014, and approved at the Board’s November 2014 meeting. Item 3: Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities The Electricity Sector Information Sharing and Analysis Center (ES-ISAC) was formed in 1998 when the Secretary of Energy requested that NERC serve as the ISAC for the electricity sub-sector. ES-ISAC’s primary function is the rapid and secure sharing of information with the electric industry and governmental entities regarding real and potential cyber-related threats to the electricity sector, as well as methods and tools to avoid or mitigate the potential impact from these threats. During the final stages in the preparation of NERC’s 2014 budget, a new opportunity was identified which would allow ES-ISAC to further improve its information sharing capability by participation alongside industry in a voluntary private sector funded cyber security communication and information sharing network. This project is known as the “Cyber Federated Model” (CFM) and “Cyber Risk Information Sharing Program” (CRISP), the purpose of which is to deliver a highly secure information sharing network utilized to identify, track and deploy fixes to emerging cyber security threats. It was initially funded by the Department of Energy, has been successfully piloted by several large investor owned utilities and is in the process of being transitioned to private-sector funding. NERC deferred a decision to participate in this program pending further investigation of the program structure and costs. Over the past six months NERC conducted further due diligence regarding both the structure and costs and believes there is merit in considering participation as part of NERC’s upcoming draft 2015 business plan and budget. The primary value to NERC stakeholders of having ES-ISAC participation in CFM and CRISP is the ability to share additional timely information on threats and vulnerabilities with a broader segment of industry that is not directly participating in the program and therefore would not have access to this information. Issues and

trends discovered through CFM and CRISP participation would be shared without attribution. However, in light of the costs of participation in the program, which involves investments in hardware, additional secure communications capabilities and increased analytical resources and services, NERC is interested in exploring the potential for obtaining voluntarily direct funding from industry as a special project in order to mitigate assessment impacts from program participation. This would represent a new funding approach to a special reliability project which is designed to benefit the entire sector. The Board requests input on this alternative funding approach. As a reminder, the full agenda packages for the Board, Board committees and MRC meetings will be available on April 21, 2014. I encourage the MRC to review the agenda materials for the May meetings, once available, and offer any additional input that is meaningful and timely to industry and stakeholders. Written comments should be sent to Kristin Iwanechko, MRC Secretary ([email protected]) by April 29, 2014 for the Board to review in advance of the meetings scheduled for Philadelphia. Sincerely,

Fred W. Gorbet, Chair NERC Board of Trustees cc: NERC Board of Trustees Member Representatives Committee

mailto:[email protected]

Attachment A May 2014 Policy Input Letter

Reliability Standard Audit Worksheet (RSAW) Review and Revision Process

Objectives There are several key principles that must be balanced in constructing the RSAW review process:

1. The RSAW is intended to be a tool to assist the ERO in conducting its audit field work and to enable a consistent approach throughout the ERO Enterprise.

2. The ERO is committed to making RSAWs publicly available to industry as part of the standards balloting process to provide a level of transparency about the compliance expectations for the standard.

3. The ERO must have the latitude to modify RSAWs as experience is gained in the field over time.

4. The purpose of the RSAW review process is to ensure that any proposed change to an RSAW does not effectuate a material change in the scope or intent of a standard.

Proposed Process A simple process to achieve these objectives would be as follows. The process will be used to vet proposed changes to an RSAW that is already in place for an existing standard.

1. NERC will post any substantive revision to an RSAW for industry comment for a period of at least 15 business days before it becomes effective. The posting will state whether the changes are intended to apply to current open audits or only to audits commencing on or after the effective date. Comments should focus on whether industry believes the proposed changes to the RSAW are a material change in the scope of the standard, a technical error or a concern regarding the effective date.

2. NERC, along with the Regions, will review the comments and may propose additional revisions to the RSAW to address industry comments. If revisions are made, NERC will re-post the RSAW for industry comment for an additional 15 business days.

3. NERC will forward any remaining comments not accepted, along with its rationale, to the Chair of the Standards Oversight and Technology Committee (SOTC). The Chair of the SOTC will decide whether a review by the full SOTC is necessary and will take into consideration the following:

a. Whether a technical error or inaccuracy is identified in the proposed change;

b. the proposed change incorrectly expands what is required by the standard’s requirements; or

c. the effective date for the proposed changes increase compliance requirements retroactively.

4. The Chair of the SOTC will take one of the following actions:

a. No action required. The RSAW will go into effect on its proposed effective date.

b. Forward the proposed RSAW revisions for review by the full SOTC. The proposed revisions to the RSAW will not go into effect.

5. The SOTC will perform a similar review for any RSAW referred to it. NERC will implement the SOTC’s findings as to whether additional changes to the RSAW are required or if the RSAW may go into effect as drafted.

NERC | DRAFT Risk‐Based Registration White Paper | April 9, 2014 5

Risk-Based Registration

Draft White Paper

April 9, 2014

3353 Peachtree Road NE Suite 600, North Tower

Atlanta, GA 30326 404-446-2560 | www.nerc.com

NERC | Draft Risk‐Based Registration White Paper | April 9, 2014 i

Table of Contents Preface ........................................................................................................................................................................ ii Executive Summary ................................................................................................................................................... 1 Introduction ............................................................................................................................................................... 3 Background ............................................................................................................................................................ 3

Purpose .................................................................................................................................................................. 3

Formation of an advisory group ............................................................................................................................ 4

Recommendations ..................................................................................................................................................... 5 Clarify terms and improve current procedures ..................................................................................................... 5

Materiality .......................................................................................................................................................... 5 BES references .................................................................................................................................................... 5 De‐registration ................................................................................................................................................... 5 NERC oversight and guidance on registration practices .................................................................................... 5 One‐time attestations ........................................................................................................................................ 5 Establish a centralized review process ............................................................................................................... 7

Entity risk assessment in a common registration form ......................................................................................... 7

New BES Definition as model and anchor for risk‐based registration ................................................................... 9

Functional registration category elimination if not material to reliability ............................................................ 9

Synchronize threshold revisions with BES Definition and align with risk .............................................................. 8

Reliability Standards/compliance and monitoring/risk‐based criteria .................................................................. 8

Status quo for other functional registration categories ........................................................................................ 8

Task forces for risk criteria and Reliability Standard applicability classes ............................................................. 8

Issues that require a longer time horizon .............................................................................................................. 9

Appendix A – Risk‐Based Registration Threshold Reviews ................................................................................. A‐A

Purchasing‐Selling Entity (PSE) ........................................................................................................................ A‐A Interchange Authority/Interchange Coordinator (used interchangeably) (IA) ............................................... A‐B Distribution Provider (DP) ............................................................................................................................... A‐4 Load‐Serving Entity (LSE) ................................................................................................................................. A‐9 Transmission Owner (TO) .............................................................................................................................. A‐13 Transmission Operator (TOP) ........................................................................................................................ A‐17 Generator Owner (GO) .................................................................................................................................. A‐19 Generator Operator (GOP) ............................................................................................................................ A‐22

Appendix B – Current State of Registration Program ......................................................................................... B‐1

NERC’s Role ..................................................................................................................................................... B‐1 Regional Entity’s Role ...................................................................................................................................... B‐1 Functional Model ............................................................................................................................................ B‐2 Thresholds ....................................................................................................................................................... B‐2 Reliability Standard Applicability .................................................................................................................... B‐3 Registration Types ........................................................................................................................................... B‐3 Multi‐Regional Registered Entity (MRRE) ....................................................................................................... B‐4

Appendix C – BES Definition ............................................................................................................................... C‐1

NERC | Draft Risk‐Based Registration White Paper | April 9, 2014 ii

Preface This document sets forth recommendations for proposed enhancements to the North American Electric Reliability Corporation (NERC) Registration program for discussion purposes. Proposed changes to the NERC Statement of Registry Criteria1 as outlined herein will not result in an automatic change to such functional categories in the Functional Model.2 Pursuant to the Energy Policy Act of 2005, NERC and the Federal Energy Regulatory Commission (FERC or Commission) have jurisdiction over users, owners and operators of the Bulk Power System (BPS). Section 215 of the Federal Power Act (FPA) defines BPS as the:

A) facilities and control systems necessary for operating an interconnected electric energy transmission network (or any portion thereof); and

B) electric energy from generation facilities needed to maintain transmission system reliability. The term does not include facilities used in the local distribution of electric energy. To date, FERC has not directly defined the limits of its jurisdiction under Section 215 of the FPA. However, FERC has recognized that users, owners and operators of the BPS are users, owners and operators of the Bulk Electric System (BES).3 FERC recently approved NERC’s new BES Definition.4 Users, owners and operators of the BES are subject to compliance with NERC Reliability Standards. NERC’s Registration program identifies specific entities that are responsible for compliance with NERC Reliability Standards. Nothing in this document limits the jurisdictional authority of NERC and FERC pursuant to the Energy Policy Act of 2005 and Section 215 of the FPA.

1 NERC Rules of Procedure at Appendix 5B, NERC Statement of Registry Criteria (Registry Criteria), available at http://www.nerc.com/FilingsOrders/us/RuleOfProcedureDL/Appendix_5B_RegistrationCriteria_20121220.pdf.

2 The Implementation Plan associated with this effort will address issues related to the Functional Model. 3 The term BES does not include facilities used in the local distribution of electric energy. 4 See Appendix C hereto.

NERC | Draft Risk‐Based Registration White Paper | April 9, 2014 1

Executive Summary NERC has launched the Risk‐Based Registration (RBR) Initiative to ensure that the right entities are subject to the right set of applicable Reliability Standards, using a consistent approach to risk assessment and registration across the Electric Reliability Organization (ERO) Enterprise. The goal is to develop enhanced Registry Criteria, including the use of thresholds and specific Reliability Standards applicability, where appropriate, to better align compliance obligations with material risk to the BES reliability. The proposed enhancements reduce unnecessary burdens by all involved, while preserving BES reliability, and avoid causing or exacerbating instability, uncontrolled separation, or cascading failures. All reliability stakeholders should benefit from RBR. NERC has established a Risk‐Based Registration Advisory Group (RBRAG) to provide input and advice for the RBR design and implementation plan. This white paper is a starting point for discussion and includes input from the RBRAG. Conceptually, there appears to be general agreement on the need to have: (i) clearly defined terms, criteria and procedures that are risk‐based and ensure reliability of the BES, (ii) refined thresholds, where warranted, based on sound technical analysis and support, and (iii) reduced Reliability Standard applicability, where warranted, based on sound technical analysis and support. Taking into account experience to date and current practices, the white paper explores possible options for reform of the NERC Registration program. Other options may exist. The instant options would:

eliminate up to two functional categories that may not be material to BES reliability;

revise the thresholds for registration of two functions to better align with risk;

for selected functions, move away from a “one‐size‐fits‐all” approach by using risk‐based criteria to define classes of Registered Entities for application of a properly scoped subset of applicable Reliability Standard requirements;

develop a consistent approach to determining materiality and fine‐tuning registration determinations to include or exclude entities where generally applicable thresholds do not accurately reflect the BES reliability risk posed by a particular entity, along with enhanced ERO‐wide processes and procedures for registration and de‐registration; and

identify associated business practices and IT requirements. There are several possible options, three of which were explored by the RBRAG, to facilitate the implementation of the RBR. These options may be used together or separately. These approaches need more discussion and analysis to consider the most effective and efficient way forward:

1. The Compliance Monitoring and Enforcement Program (CMEP) approach involves establishing that certain requirements do not apply to a Registered Entity, based on uniform characteristics.

2. A Materiality approach involves using the existing thresholds, at their current levels or revised as appropriate, but providing more specificity on the risk‐based criteria an entity would use to demonstrate that it no longer needs to be registered for a given function.

3. Revising Reliability Standards is another option. Under the Reliability Standards approach, Reliability Standard requirement applicability classes refer to applying subsets of Reliability Standard requirements to subcategories of certain functions of Registered Entities, and not developing a custom tailoring of applicability for each individual registered entity.

This white paper also includes several “straw” proposals for RBR reforms to the Registry Criteria and Reliability Standard applicability for consideration and further evaluation. Technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications or gaps resulting from these proposals. The new

Executive Summary


BES Definition also will be central to the analysis to be conducted. Jurisdictional issues are presented by tariff, interconnection agreement and NAESB standard options, and reliance on these is not a substitute for the technical analysis to be conducted. An industry survey will be used to identify issues to be considered as part of the technical analysis. Feedback on the concepts outlined within the white paper will help inform the ultimate RBR design and related implementation plan. The draft RBR design and implementation plan will be posted in May 2014 for public comment. Based on the current plan, the Registration program redesign and implementation plan will be discussed at the Member Representatives Committee’s (MRC’s) and NERC Board of Trustees’ (Board’s) committee meetings in May and August 2014, followed by approval at the Board’s November 2014 meeting. The schedule allows for modifications to the NERC Rules of Procedure, as needed, in the third quarter of 2014. NERC requests that stakeholders consider the following questions as they develop comments on the white paper and provide input on the end‐state Registration program reform and redesign.

Have all RBR design elements been covered? If not, what are the other elements?

Which options should be considered to best facilitate RBR implementation?

Have appropriate modifications to the functions requiring registration and thresholds for Registry Criteria been identified for further examination? How should they be revised to achieve the risk‐based objective while being complete, clear, not unduly complex, and repeatable?

How should classes of Reliability Standard requirement applicability be set to achieve the risk‐based objective, while being complete, clear, not unduly complex, and repeatable? Is the initial identification of Reliability Standard applicability for the lesser risk class appropriate to ensure BES reliability? Please explain.

Are there other registration reforms that should be considered? If so, please elaborate.

Are there additional detailed facts and circumstances that influence risk that support an entity’s risk assessment in determinations that are above or below the thresholds?

What technical studies should be completed to justify the threshold changes objectively?


Introduction

Background NERC launched the RBR Initiative in early 2014, following on the heels of reform in the Reliability Standards program, as well as the Compliance Monitoring and Enforcement programs. The purpose of the Registration program is to identify those entities that are responsible for compliance with the FERC‐approved Reliability Standards. NERC’s Registration program is set forth in Section 500 of the NERC Rules of Procedure,5 as well as Appendices 5A and 5B. Notably, NERC registers entities, not facilities. Approximately 1,9006 entities are registered on NERC’s Compliance Registry (NCR) for approximately 4,800 functions. Pursuant to the NERC Rules of Procedure and its appendices, the Regional Entities identify candidates for registration. In addition, Regional Entities review and evaluate entity registration requests and changes and make recommendations to NERC when a request or change may affect the NCR. Users, owners and operators of the BPS are required to register, and NERC and the Regional Entities may identify additional entities that should be registered. An entity may be registered in one or more appropriate functional categories and is responsible for complying with the Reliability Standards applicable to the functional categories in which it is registered.7 If an entity is not listed on the NCR, it is not legally required to comply with Reliability Standards.8 The significant experience of NERC and the Regional Entities to date in implementing the Registration program will help inform enhancements to the Registration program.9

Purpose NERC has launched the RBR Initiative to ensure that entities are properly registered and subject to the right set of applicable Reliability Standards to ensure reliability of the BPS. The RBR initiative uses a consistent approach to risk assessment and registration across the ERO Enterprise. The goal is to develop revised Registry Criteria and Reliability Standard applicability, where appropriate, to better align compliance obligations with risk to BES reliability. These enhancements are designed to reduce unnecessary burdens on all involved, while preserving BES reliability and avoid causing or exacerbating instability, uncontrolled separation, or cascading failures.

The goals of the NERC RBR Initiative are twofold. The first is to develop and deploy a sustainable Registration program design that incorporates evaluation of the reliability risks and benefits provided by an entity to ensure reliability, and where appropriate, define classes of Registered Entities for application of a properly scoped set of Reliability Standard requirements. The second goal lays a foundation for the first goal by creating an implementation plan that supports a 2016 or sooner launch, along with business practices and IT requirements, with the possibility of early adoption options that can address undue industry burden, while also preserving reliability.

5 See http://www.nerc.com/FilingsOrders/us/RuleOfProcedureDL/NERC_ROP_Effective_20140130.pdf 6 The number of unique Registered Entities is 1,652, and they are responsible for 4,427 registered functions. Because some Registered Entities are in multiple footprints, the total number of Registered Entities is 1,921, and they are responsible for 4,784 registered functions. This white paper will use 1,900 Registered Entities.

7 Mandatory Reliability Standards for the Bulk‐Power System, Order No. 693, FERC Stats. & Regs. ¶ 31,242 at P 96, order on reh’g, Order No. 693‐A, 120 FERC ¶ 61,053 (2007).

8 Order No. 693 at P 97. 9 See Appendix B for additional discussion of the current NERC Registration program, Functions, Functional Model, Regional Entity roles, and Thresholds.

Introduction


The white paper will be released for public comment as part of the NERC request for MRC’s policy input in April 2014. Further, based on the current plan, the Registration program redesign and implementation plan will be discussed at the MRC and Board committee meetings in May and August 2014, and will be approved at the Board’s committee meeting in November 2014. Benefits of deploying an RBR program include:

aligning entity registration and compliance burden to its risks and contributions to BPS reliability;

reducing the industry burden associated with registration, while sustaining continued BPS reliability;

improving use of NERC, Regional Entity , and Registered Entity resources;

providing feedback to Reliability Standards development to enhance the applicability of currently enforceable and future Reliability Standards; and

increasing consistency in registration across the eight Regional Entities by developing a common and repeatable approach, along with improving registration and de‐registration procedures.

In addition, coordination of this effort will enhance the ERO’s ability to:

evaluate risks to reliability for use across the ERO Enterprise; and

align changes to the Registry Criteria with other NERC activities and the BES Definition. RBR will include the use of consistent terminology, a common approach to criteria application, appropriate oversight and improved procedures.

Formation of an advisory group In 2014, NERC established the RBRAG to provide input and advice for the RBR design and implementation plan. The RBRAG is comprised of representatives from NERC staff, Regional Entity staff and FERC staff, along with United States and Canadian industry representatives. This white paper was developed with input from the RBRAG, industry responses to a focused survey, and assessment of information about the current Registration program attributes.


Recommendations

Clarify terms and improve current procedures Materiality The issue of materiality arises in evaluating whether to register an entity that does not meet the criteria or to determine not to register an entity that meets the criteria. Further, materiality assessments can come into play in connection with assigning Registered Entities to appropriate classes of Reliability Standard applicability (discussed in more detail below). Thus, RBR recommends a consistent approach to assessing materiality. The RBR design should take into account risk assessment considerations across the ERO Enterprise. Generally, the ERO risk assessment involves a review of individual and aggregate system‐wide risks and considerations that include the inherent or structural risk to reliability of the BPS, as anchored in the new BES Definition.

BES references The proposed changes include revising references from BPS to BES in specific threshold criteria; however, such changes would not apply when discussing NERC and FERC jurisdiction over the BPS. Moreover, flexibility to register entities that do not meet threshold criteria will be retained in the Registry Criteria, in recognition of the jurisdiction of NERC and FERC over users, owners and operators of the BPS.

General terms As part of the RBR effort, NERC will ensure the terms used in the Registry Criteria are clear and defined.

De-registration An entity seeking to modify its current registration, including de‐registration for a particular function, must inform its applicable Regional Entity. The Regional Entity will evaluate the request and notify NERC of any resulting registration changes. The new BES Definition has raised general questions on the procedures and associated timelines for pursuing de‐registration of a given function. RBR includes better visibility, clarity, instruction and feedback in this process, as well as additional, improved registration and de‐registration procedures and timelines.

NERC oversight and guidance on registration practices NERC retains responsibility and oversight to ensure that a Regional Entity implements the Registration program in a consistent manner. Towards this end, the RBR redesign should ensure that NERC is periodically performing programmatic reviews of the Regional Entities’ registration activities to ensure uniformity in due process and consistency in application. This will include development of controls to ensure consistency.

Possible improvements to the program include, but are not limited to:

sampling and auditing of Regional Entity application of RBR classes and individual entity application;

using surveys to reach out to Registered Entities as a means of identifying that a given entity is registered for the proper functions;

using ongoing outreach to Registered Entities on registration issues; and

mapping entities within each Regional Entity footprint to ensure awareness of entities that may have a material impact on BEPS reliability.

One-time attestations As the CMEP is currently implemented, a Registered Entity may be subject to a requirement that is nominally applicable based on functional entity registration, but inapplicable based on specific facts (e.g., a coordinated functional registration agreement, entity does not own that type of equipment, etc.), must attest (with full documentation and citations), at every contact with ERO compliance, that the requirement is still inapplicable. To

Recommendations


reduce undue administrative burdens on the many entities subject to compliance with particular requirements that are inapplicable to them, two improvements can be implemented in the short‐term. First, with respect to self‐certifications and other compliance monitoring activities, Registered Entities should be permitted to record a one‐time attestation of “Not applicable” to a given Reliability Standard requirement where there is an existing physical or technical limitation, or the requirement is not applicable for another reason, unless circumstances materially change requiring the need for the registered entity to notify the appropriate Regional Entity. For example, if the registered entity does not own or operate underfrequency load shedding (UFLS) or undervoltage load shedding (UVLS) assets, it should simply use the “Not applicable” designation. The Regional Entity will then carry forward this declaration from year‐to‐year, without requiring the registered entity to repeat the attestation each year. NERC or the Regional Entity would have the ability to audit to verify the recordation is correct, on an as needed basis, but this should be infrequent. In addition, NERC and the Regional Entities should allow Multi‐Regional Registered Entities (MRRE) to use a single, one time attestation, updated as needed to reflect material changes, which would apply to all of its registration and compliance monitoring activities across North America, regardless of the Regional Entity footprint in which it operates. In such a case, NERC and the Regional Entities would have the opportunity to audit to verify the single attestation is true and correct.

Figure 1: Flow chart of High‐Level Review

Establish a centralized review process NERC intends to establish a centralized, NERC‐led review process to address questions or issues that arise with respect to threshold application, materiality, or Reliability Standard requirement applicability. This process will include a panel comprised of a NERC lead with Regional Entity participants. The review panel will vet the issues and provide recommendations to NERC. Once a decision is made, it will be shared throughout the ERO Enterprise. The RBRAG expects this to result in consistency across the ERO Enterprise with respect to threshold, materiality, or applicable Reliability Standard class determinations. In addition, improved procedures, with defined timelines, would be established for registration and de‐registration, as well as Reliability Standard applicability class determinations and associated appeals. The flow diagram (Figure 1) provides a high‐level view of some of the steps that might be incorporated into the final RBR design. The goal is to provide a foundation for consistent decision‐making and application of the criteria and thresholds.

Entity risk assessment in a common registration form The Registration and Certification Functional Group is currently developing a common registration form to help drive consistency in registration. The common registration form is pending consideration as part of the ERO Enterprise applications. The RBR provides an opportunity to finalize and implement the common registration form for use by NERC, Regional Entities, and Registered Entities. The use of a common form will facilitate uniformity in the information being collected from registration candidates regardless of where they are located in North America. The common form is intended is to capture, without undue complexity, key factors relevant to an assessment of an entity’s inherent risk. Inherent risk is a function of an entity’s various registrations and other relevant factors like its system design, configuration, size, etc.).

Regional Entity makes a recommendation to NERC to register an entity above or below thresholds

NERC convenes a NERC‐led review panel composed of Regional Entity

experts

Review panel proposes recommendations to NERC

management

NERC management decides whether to register the entity and at what class

NERC issues guidance to the Regional Entity

Recommendations


The RBR redesign must necessarily address potential impacts on business processes and tools needed to support RBR both within the ERO Enterprise and in industry. RBR recommends exploring use of a single, web‐based design. In the interim, changes to the portals and various electronic forms used by NERC and the Regional Entities will need to be adapted to take into account Reliability Standard applicability classes. This will affect compliance monitoring and enforcement activities and will need to be addressed as part of the implementation plan. In addition, entity risk assessments should take into account information from “neighbor” surveys that Regional Entities issue to Reliability Coordinators (RCs) as part of certification and other activities to ensure coordination with adjacent entities. This survey approach also may increase awareness and tracking by NERC, Regional Entities and RCs of entities within each RC’s footprint and help identify needed revisions to an entity’s registration.

New BES Definition as model and anchor for risk-based registration The new BES Definition goes into effect on July 1, 2014 and includes processes for self‐determined exclusions and inclusions, as well as exception requests to add elements to, or remove elements from, the BES on a case‐by‐case basis. The new BES Definition and exception process may resolve, to some extent, the treatment of facilities that are not necessary for the reliable operation of the BPS. However, the revised BES Definition does not eliminate NERC flexibility to decide that registration is not warranted in particular cases, or to restrict the applicability of standards to entities owning or operating limited BES Facilities, where appropriate. The BES Definition is important to the RBR for two reasons. First, the structure of the BES Definition, approved by FERC, may prove to be a useful model for the RBR. It begins with a bright‐line threshold that identifies most facilities that are part of the BES, and then layers on clear exclusions and inclusions that address the most common configurations not adequately captured by the bright‐line threshold. Combined, the bright‐line, exclusions, and inclusions address the vast majority of elements that should be part of the BES, but elements can be included or excluded from the BES through a case‐by‐case exception process. The reformed registration process should similarly include revised thresholds, with a case‐by‐case process to adjust registration (by inclusion or exclusion) where warranted based on a materiality determination that takes into account circumstances not captured by the revised thresholds. Second, the new BES Definition serves as an anchor for Registry Criteria. While the statutory term BPS sets the outer limit of NERC authority, it has not been defined. Now that the BES is clearly defined, the term can be used to determine on a consistent basis the entities that warrant registration and assess material impact on reliability. For this reason, the straw proposals included as Appendix A for revising Registry Criteria incorporate the BES Definition.

Functional registration category elimination if not material to reliability NERC reviewed information from various sources to determine if any of the functional categories could be eliminated as part of the RBR redesign. Three have been identified: 1) Regional Reliability Organizations,10 2) Purchasing‐Selling Entities (PSEs), and 3) Interchange Authorities (IAs). As described in the Appendix A, based on an initial evaluation of risk to BES reliability, elimination of the PSE as a functional registration, which includes some 446 entities, appears promising, although further examination is required. In the event a particular function is determined not to be material to reliability going forward, NERC will evaluate the associated Reliability Standard requirements to determine if accountability for those requirements should be assigned to another function, or

10 Currently, NERC is eliminating references to Regional Reliability Organization in the NERC Reliability Standards. As a result, the RBR redesign will not include this term.

Recommendations


consider elimination of the requirement with assessment with NERC’s Standards Committee, similar to the Paragraph 81 effort.

Synchronize threshold revisions with BES Definition and align with risk Another approach is to modify current registration thresholds for certain functions. Entities have contended that the current thresholds are too low and sweep in a large number of entities that pose little or no risk to reliability. In addition, the current Registry Criteria reference the BPS, rather than the new BES Definition, creating a lack of clarity and potential for inefficiency and confusion that has no place in a risk‐based approach to registration. Appendix A includes several straw proposals to revise the Registry Criteria for Distribution Provider (DP), Load‐Serving Entity (LSE), Transmission Owners and Transmission Operators (TOs and TOPs), and Generator Owners and Generator Operators (GOs and GOPs), to more clearly anchor them in the new BES Definition. In addition, the straw proposals for DP, LSE, and TO/TOP include potential revisions to the registration thresholds to better align with risk. The revised thresholds would be subject to a case‐by‐case process (modeled after the BES exceptions process) to allow for registration of entities that do not meet the threshold criteria or de‐registration of entities that satisfy those thresholds, based on a determination of materiality.

Reliability Standards/compliance and monitoring/risk-based criteria There are several possible options, three of which were explored by the RBRAG, to facilitate the implementation of the RBR. These options may be used together or separately. These approaches need more discussion and analysis to consider the most effective and efficient way forward. One option, a CMEP approach, involves establishing that certain requirements do not apply to a Registered Entity, based on uniform characteristics. A matrix could be added to the CMEP that adopts many of the Reliability Standard applicability classes set forth in Appendix A to this white paper. For example, for TOPs, the matrix would indicate the core requirements that apply no matter the uniform characteristics. In addition, the matrix would indicate that certain other requirements, such as load shedding requirements, only apply if the TOP is connected to load. Another option, a materiality approach, involves using the existing thresholds, at their current levels or revised as appropriate, but providing more specificity on the risk‐based criteria that an entity would use to demonstrate that it no longer needs to be registered for a given function. There are many smaller entities that do not believe they should be registered under the current criteria; however, at present, there are no uniform risk‐based criteria in place for them to justify how and why they should be de‐registered, as well as a timely commitment to address registration concerns. Large TOPs and/or the RC in the region should have an opportunity for input on deregistration decisions. The procedures for submitting a deregistration request also should be part of this RBR effort. Revising Reliability Standards is another option. Under the Reliability Standards approach, Reliability Standard requirement applicability classes refer to applying subsets of Reliability Standard requirements to subcategories of certain functions of Registered Entities, and not developing a custom tailoring of applicability for each individual registered entity. The intent is to restrict the requirements applicable to Registered Entities that satisfy specified risk‐based criteria to ensure the right entities are identified for compliance with appropriate Reliability Standard requirements, and avoid burdening such entities with compliance obligations disproportionate to their risk to BES reliability. Tailoring Reliability Standard obligations has been successfully implemented in both the registration appeal context and Project 2010‐07: Generator Requirements at the Transmission Interface (the GO/TO project). In addition, historically, some Regional Entities have addressed the challenges of Reliability Standard applicability to entities through their compliance monitoring activities, such as adjusting the scope of audits. These experiences will help inform RBR efforts.

Recommendations


All three possible approaches set forth above can be further informed by the initial evaluation in Appendix A and additional technical analysis to be conducted. The straw proposals identify a category of entities that own or operate BES Facilities, but that also warrant application of a more limited set of requirements than the more typical TO/TOP and GO/GOP. The proposals suggest a starting point for evaluating the subset of Reliability Standards to be to applicable entities that fall within that lesser risk category. In addition, Appendix A identifies targeting requirements to entities that fall below the revised DP and LSE thresholds, but that are necessary participants in a BES protection program (e.g., UFLS or UVLS). Particularly under the CMEP and the Reliability Standards approach, described above, once Reliability Standard applicability classes are established and applicable Reliability Standard requirement compliance obligations are aligned with the classes, a number of implementation approaches are available. Under the CMEP approach, a standardized compliance matrix can be maintained to identify which Reliability Standard requirements apply to a given class. Entities registered to the functions with Reliability Standard class applicability will be formally assigned to the appropriate class. Class assignment should be subject to a process that enables the entity to challenge inappropriate application of the criteria, as well as a process (modeled after the BES Exception Process) to assign outliers to the appropriate class, based on an individualized risk assessment and technical justification. Under the Reliability Standards approach, class compliance responsibility may be reflected within the Applicability section of a given Reliability Standard. Alternatively, as in the GO/TO project, a class approach may be implemented through limited changes in the Reliability Standard applicability, along with associated registration modifications. The latter approach may be suitable to DPs with limited BES transmission facilities, eliminating the need to register such entities as TOs or TOPs. Either of these approaches will require modification of Reliability Standards through the Standards Development Process.

Status quo for other functional registration categories As discussed above, recommendations for changes apply to eight of the fifteen functional categories, including PSEs, IAs, DPs, LSEs, GOs, GOPs, TOs and TOPs. At this time, there are no proposed recommendations with respect to the following seven functional categories:

Balancing Authorities (BAs), Planning Authorities (PAs)/Planning Coordinators (PCs), Reliability Coordinators (RCs), Transmission Planners (TPs), Resource Planners (RPs), Reserve Sharing Groups (RSGs) and Transmission Service Provider (TSPs).

Task forces for risk criteria and Reliability Standard applicability classes As part of RBR, NERC plans to form task forces to develop risk criteria to apply to: (i) entities that meet the thresholds but seek to make a case that they should not be registered because they do not have a material impact on reliability; and (ii) entities that do not meet the thresholds but the Regional Entity, NERC or a reliability entity, such as a BA, RC or TOP, asserts such entities need to be registered and subject to some or all of applicable Reliability Standard requirements. In addition, NERC plans to form a task force, modeled on the GOTO Task Force, to identify a common set of Reliability Standards that need to be applied to BES resources owned and operated by certain TO/TOPs and GO/GOPs, as discussed in greater detail in Appendix A. This task force will also assess the merits of alternative approaches to targeting registration, standards applicability, and compliance monitoring and enforcement to entity risk. The resulting analysis can then be used as the basis for establishing appropriate registration categories and making appropriate classes of Reliability Standard applicability.

Recommendations


Issues that require a longer time horizon Possible rule changes have been identified with respect to the NERC Rules of Procedure Section 500, Appendix 5A, and Appendix 5B to implement risk‐based registration. For example, the opportunities for change include modification of the Registry Criteria, and improving procedures, Reliability Standard requirement applicability classes, determinations and associated appeals. Other changes are appropriate to memorialize practices in place today because of FERC orders, and to implement other improvements to these sections. As also noted above, to the extent classes of applicable Reliability Standards are adopted for certain functions, long‐term implementation is best achieved through modification of Reliability Standards through the Standards Development Process. While these efforts can be launched, and interim implementation steps can be taken, as part of Phase 1, completion of these more formalized implementation efforts will likely extend into Phase 2. More details such as scope, outreach, and timing will be addressed in the RBR implementation plan. Another longer‐term related issue is ensuring that Standard Drafting Teams develop standard applicability language for new or revised standards that provides for the most granular applicability language possible.

Appendices

NERC | DRAFT Risk‐Based Registration White Paper | April 9, 2014 A‐1

Appendix A – Risk-Based Registration Threshold Reviews

Purchasing-Selling Entity (PSE) Current Definition and/or Threshold in Statement of Compliance Registry Criteria Definition The entity that purchases, or sells, and takes title to, energy, capacity, and Interconnected Operations Services. The Purchasing‐Selling Entity may be affiliated or unaffiliated merchants and may or may not own generating Facilities.

Threshold N/A

Functional Model Description The PSE arranges for and takes title to energy products (capacity, energy and reliability‐related services) that it secures from a resource for delivery to a Load‐Serving Entity. The Purchasing‐Selling Entity also arranges for transmission service with the Transmission Service Provider that provide transmission service to the Load‐Serving Entity under a tariff or market rule. The Purchasing‐Selling Entity initiates a bilateral Interchange between Balancing Authority Areas by submitting a Request for Interchange to the Interchange Coordinator. Proposed Elimination Recommend that the functional category of PSE be eliminated as part of the RBR effort. For all Reliability Standards that apply to PSEs, this function should be removed through the Standards Development Process. Proposed Revised Threshold N/A‐ Proposed Function for Elimination Proposed Critical Sub‐function(s) Dynamic Transfers could be a critical sub‐function. However, a survey should be conducted to determine how many entities still use Dynamic Transfers. Analysis and Support for Proposed Action There are 447 unique entities registered as a PSE. Five (5) FERC‐approved Reliability Standard Requirements currently apply to PSEs. Those standards and requirements are:

INT‐001‐3, Requirement R1

INT‐004‐2, Requirement R2

IRO‐001‐1.1, Requirement R8

IRO‐005‐3.1a, Requirement R10

TOP‐005‐2a, Requirement R3

With regard to violations, there have only been 40 instances of PSE noncompliance out of 29,545 total instances of noncompliance. The NERC and Regional CMEP efforts have recently begun to utilize more self‐certifications (rather than audits) for entities registered only as PSEs, and only one PSE standard is currently listed on Compliance’s 2014 Actively Monitored List, IRO‐005‐3.1a. In addition, only one requirement listed above has a High Violation Risk Factor (VRF), IRO‐001‐1.1, Requirement R8, which states as follows:

Transmission Operators, Balancing Authorities, Generator Operators, Transmission Service Providers, Load‐Serving Entities, and Purchasing‐Selling

Appendices


Entities shall comply with Reliability Coordinator directives unless such actions would violate safety, equipment, or regulatory or statutory requirements. Under these circumstances, the Transmission Operator, Balancing Authority, Generator Operator, Transmission Service Provider, Load‐Serving Entity, or Purchasing‐Selling Entity shall immediately inform the Reliability Coordinator of the inability to perform the directive so that the Reliability Coordinator may implement alternate remedial actions.

IRO‐001‐1 will eventually be replaced by a new set of IRO standards, together with revised Transmission Operator (TOP) standards.11 The proposed standard IRO‐001‐3, which will replace IRO‐001‐1, has removed applicability for the PSE functions. Further, the Independent Experts Review Panel (IERP) recommended INT‐004 standards for potential retirement reasoning that a NAESB guideline exists in the Electronic Tagging Functional Specification document. The remaining standards have a Lower VRF. In reviewing the remaining standards that still apply to PSEs, the Standards Development Process would need to address removing PSEs from individual requirements and must determine if there is a suitable replacement entity or if a business practice/process can be transferred to North American Energy Standards Board (NAESB). Technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no reliability gaps are created. As a result, this initial assessment of risk could be revised based on further analysis. An industry survey also will be used to identify issues to be considered as part of the technical analysis. Finally, Dynamic Transfers may not apply to organized markets. RTO/ISOs usually only dispatch generation in their operational jurisdiction, but this will need to be confirmed as part of the survey to determine if Dynamic Transfers are a critical sub‐function. In addition, PSEs do not have the authority to initiate a curtailment on a transaction due to a reliability event, and PSEs do not have the authority to reload transactions or the ability to release a limit.

Interchange Authority/Interchange Coordinator (used interchangeably) (IA) Current Definition and/or Threshold in Statement of Compliance Registry Criteria Definition The responsible entity that authorizes implementation of valid and balanced Interchange Schedules between Balancing Authority Areas, and ensures communication of Interchange information for reliability assessment purposes. Threshold N/A Functional Model Description The Interchange Coordinator collects approvals or denials for Arranged Interchange from Balancing Authorities and Transmission Service Providers and verifies the validity of the source and sink. The NERC Tag Authority provides this service assigned to the Sink Balancing Authority. The Interchange Coordinator provides the Balancing Authority with the individual bilateral Arranged Interchange. The Balancing Authority must track the individual Interchange Schedules in case one or more of them are curtailed by the Reliability Coordinator or by the Balancing Authority in those cases where a generator or load is interrupted. 11 However, both sets of proposed standard were subject to a recent FERC NOPR recommending a remand. A standard development project is ongoing to address the NOPR’s proposed remand. FERC did not take issue with the elimination of PSEs in IRO‐001‐1.

Appendices


The Balancing Authority then creates a “net” interchange total for use in its energy management system as well as a “net” interchange for each neighboring Balancing Authority. The net Interchange Schedule for each neighboring Balancing Authority is used by the Receiving Balancing Authority for checkout with the neighboring Balancing Authorities. All bilateral Interchange Transactions that cross a Balancing Authority Area boundary are coordinated through the Interchange Coordinator. While the approval/denial process may utilize tools (such as computer software and communication protocols), the Model envisages that the Interchange function will be assigned to an actual organization. A Balancing Authority may serve as its own Interchange Coordinator or have this service provided by a separate organization. Assessing ramping capability and connectivity. The Balancing Authority approves/denies the capability to ramp the Arranged Interchange in or out and notifies the Interchange Coordinator. The connectivity of adjacent Balancing Authorities is also verified by the Balancing Authorities before responding to the Interchange Coordinator. Ensuring balanced, valid Interchange Transactions. The Interchange Coordinator also ensures that the resulting Confirmed Interchange Transactions is balanced and valid prior to physical delivery. This means:

The source MW must be equal to the sink MW (plus losses if they are “self‐provided”), and

All reliability entities involved in the Arranged Interchange are currently in the NERC registry. Only when it receives approvals from the Transmission Service Providers and Balancing Authorities, does the Interchange Coordinator direct the Balancing Authorities to implement the Transaction. If any of these entities — Transmission Service Providers, or Balancing Authorities — does not approve the Arranged Transaction, then the Interchange Coordinator does not authorize the Transaction to become Confirmed Interchange. Curtailments. The Interchange Coordinator coordinates curtailments of Confirmed Interchange ordered by the Reliability Coordinator by notifying the Balancing Authorities, Transmission Service Providers, and Purchasing‐Selling Entities. The Interchange Coordinators also communicates and coordinates the resulting modified Arranged Interchange that result from the curtailments. Proposed Elimination The functional category of IA has been identified for potential elimination as part of the RBR effort. The industry must be surveyed to determine if a reliability gap will be created by removing the IA function from the Registry Criteria. Most notably, the industry must answer whether the Balancing Authority (BA) function and applicable requirements are sufficient for ensuring reliability. In eliminating the IA, the BA will not take over all of the IA standards and requirements. The industry must provide whether the existing BA function and existing BA requirements are sufficient for maintaining reliability after the IA has been removed. Industry feedback should provide particular attention to how a BA would balance generation, manage load and schedules, avoid unscheduled transfers, and the ability of the BA to implement congestion management. Proposed Revised Threshold N/A Proposed Critical Sub‐function(s) N/A

Appendices


Analysis and Support for Proposed Action There are currently forty‐one (41) uniquely registered IAs. Of those forty‐one entities, only one (1), Peak Reliability, is not also registered as a BA. Currently, the following families of Reliability Standards apply to IAs:

CIP

INT‐005‐3

INT‐007‐1

INT‐008‐3

IRO‐010‐1a However, NERC recently submitted a filing that recommended the retirement of INT‐005‐3, INT‐007‐1, and INT‐008‐3.12 That leaves only one non‐CIP requirement that would apply to IAs: IRO‐010‐1a, Requirement R3. Although the changes have not been adopted, the latest recommendations from the IRO Five‐Year Review Team are to remove IAs from the applicability of IRO‐010‐1a.13 Although the IERP did not recommend deletion of IRO‐010‐1a, Requirement R3 due to this being the only data‐sharing requirement, the IERP did state this requirement could be consolidated with a TOP requirement. With regard to violations, IAs have had 598 instances of noncompliance out of 29,545 total instances of noncompliance since 2007. A large majority of those violations were CIP violations. The IA function itself has evolved greatly since the Registry Criteria was first created. Several aspects of the IA function have become automated over time. Also, because most of the IAs are already registered as BAs, it is recommended that BAs serve as the entity ultimately responsible for the historically‐IA functions in the Registry Criteria. This would not entail transferring all of the applicable IA requirements to BAs. Instead, the recommendation is to first survey the industry in order to determine if a reliability gap is created by removing IAs and have the BAs maintain reliability through their on‐going operations and requirements.

Distribution Provider (DP) Current Definition and/or Threshold in Statement of Compliance Registry Criteria Definition Provides and operates the “wires” between the transmission system and the end‐use customer. For those end‐use customers who are served at transmission voltages, the Transmission Owner also serves as the Distribution Provider. Thus, the Distribution Provider is not defined by a specific voltage, but rather as performing the distribution function at any voltage. Threshold NERC Rules of Procedure (ROP) Appendix 5B at III.b.1 Distribution Provider system serving >25 MW of peak load that is directly connected to the Bulk Power System.

[Exclusion: A Distribution Provider will not be registered based on this criterion if responsibilities for compliance with approved NERC Reliability Standards or associated Requirements including

12 See Petition of the North American Electric Reliability Corporation for Approval of Proposed Reliability Standards for Interchange Scheduling and Coordination, submitted on February 27, 2014 (available at http://www.nerc.com/FilingsOrders/us/NERC%20Filings%20to%20FERC%20DL/Petition%20for%20Approval%20of%20INT%20Reliability%20Standards_.pdf).

13 See http://www.nerc.com/pa/Stand/Project201209IROReview/IRO‐010‐2_redline_2013Oct01.pdf.

Appendices


reporting have been transferred by written agreement to another entity that has registered for the appropriate function for the transferred responsibilities, such as a Load‐Serving Entity, Balancing Authority, Transmission Operator, generation and transmission cooperative, or joint action agency as described in Sections 501 and 507 of the NERC Rules of Procedure.] or;

ROP Appendix 5B at III.b.2 Distribution Provider is the responsible entity that owns, controls, or operates Facilities that are part of any of the following Protection Systems or programs designed, installed, and operated for the protection of the Bulk Power System:

• a required UFLS program.

• a required UVLS program.

• a required Special Protection System [(SPS)].

• a required transmission Protection System [(TPS)]. [Exclusion: A Distribution Provider will not be registered based on these criteria if responsibilities for compliance with approved NERC Reliability Standards or associated Requirements including reporting have been transferred by written agreement to another entity that has registered for the appropriate function for the transferred responsibilities, such as a Load‐Serving Entity, Balancing Authority, Transmission Operator, generation and transmission cooperative, or joint action agency as described in Sections 501 and 507 of the NERC Rules of Procedure.]

Functional Model Description The Distribution Provider provides the physical connection between the end‐use customers and the electric system, including customers served at transmission level voltages. The Distribution Provider is not defined by a specific voltage, but rather as performing the Distribution function at any voltage. One Distribution Provider may be directly connected to another Distribution Provider and not directly connected to the Bulk Electric System. The Distribution Provider maintains “local” safety and reliability. The Distribution Provider provides the switches and reclosers necessary for emergency action. The Distribution Provider may need to demonstrate load‐shedding capability to the Balancing Authority and Transmission Operator. The same organization may serve as the Distribution Provider and Load‐Serving Entity, but they may be separate organizations as well. Unlike the Load‐Serving Entity, the Distribution Provider has the facilities or assets (“wires”) and does not take title to any energy. However, while these functions are distinct, in many cases an organization, such as a vertically integrated utility, bundles these functions together. Proposed Elimination N/A Proposed Revised Threshold Recommend that the peak load threshold in Registry Criteria III.b.1 be increased to 75 MW or 100 MW (or other number as determined based on further analysis) and directly connected to the BES. Replace Registry Criteria III.b.2 with the following two paragraphs. Using the risk‐based criteria, which is to be developed, DPs with peak load between 25 MW and the new peak load threshold and directly connected to the BES generally would not be subject to registration even if they participate in a BES protection program (e.g., UFLS, UVLS, SPS or TPS), unless it has been demonstrated that their participation in such a program is necessary for the reliable operation of the BES. To the extent that they are registered, they should be subject only to a sub‐list class

Appendices


of Reliability Standards, including the relevant protection system Reliability Standards, which is to be determined based on further analysis. Entities with less than 25 MW peak load, or not directly connected to the BES, generally would not be registered, even if they participate in a BES protection program, except in extraordinary circumstances under the risk‐based criteria, which is to be developed. To the extent that they are registered, they should be subject only to a sub‐list class of Reliability Standards, including the relevant protection system Reliability Standards, which is to be determined based on further analysis. Proposed Critical Sub‐function(s) DPs with peak load between 25 MW and the new peak load threshold and directly connected to the BES are subject to registration for participation in a BES protection program if it has been demonstrated that their participation in such a program is necessary for the reliable operation of the BES. Analysis and Support for Proposed Action Increase DP threshold to a peak load of 75‐100 MW and directly connected to the BES Consistent with a risk‐based approach to registration, the general threshold for DP registration should be modified to 75 MW or 100 MW (or other number as determined based on further analysis) and directly connected to the BES. The new threshold should be accompanied by a risk‐based process, like the BES Exception Process, that allows Regional Entities to register entities below the threshold on the basis of a demonstration of material impact on the BES, and allows entities above that threshold to seek relief from registration as a DP where the entity demonstrates lack of a material impact on the BES. Replacing the reference in the threshold with BES (rather than BPS) is consistent with FERC’s determination in the SLECA case14 and a risk‐based approach because it would take into account the results of the application of the new BES Definition, including its exception process. Reliability Standards applicable to DPs fall into the following categories: coordination with higher‐level entities when adding new facilities; nuclear plant service; compliance with reliability directives issued by higher‐level entities; cybersecurity (in limited circumstances); reporting of certain events; operator training (if the DP has field switching personnel identified as performing unique tasks associated with the Transmission Operator’s restoration plan that are outside of their normal tasks); and protection systems (addressed in a separate section below). Except in very unusual cases, imposing all of these requirements on entities with a peak load below 75 MW‐100 MW or not directly connected to the BES may not be necessary from a risk‐based perspective. According to data assembled by NERC, there were only 0.21 DP violations per registered DP per year in 2007‐2014—far less than the rate for other functions, such as TOP and BA. In addition, a preliminary review of Energy Information Administration (EIA) data—which does not present a complete view of Registered Entities—suggests that DPs with peak load under 75 or 100 MW serve a very small proportion of U.S. load, and that including these entities on the NCR may not be needed to accomplish the primary reliability objectives of standards applicable to DPs, particularly when viewed in the context of the purpose of Reliability Standard, which is to avoid BES instability, uncontrolled separation and cascading outages. Further, an initial analysis of applicable Reliability Standards suggests that a risk‐based approach to registration generally would not require registration of small (below 75 MW‐100 MW peak load) DPs, although further analysis is warranted:

FAC‐002‐1 requires DPs “seeking to integrate generation facilities, transmission facilities, and electricity end‐user facilities” to coordinate and cooperate on assessments with their TP and PA. DPs are already required by tariff or interconnection agreement to coordinate with the TO/TOP(s) to which they are

14 S. La. Elec. Coop. Ass’n, 144 FERC ¶ 61,050 (2013).

Appendices


connected before adding another point of interconnection. There may not be a need for a Reliability Standard to ensure that small DPs do not add new facilities without permission. To the extent that any gap in coverage may exist with respect to such small entities, it may not be material.

It would be unusual for a DP under 100 MW to have Nuclear Plant Interface Requirements (NPIR) responsibilities. To the extent that there are any such DPs, they could be retained on the NCR (for compliance with NUC‐001) through the case‐by‐case material impact process.

Other DP requirements focus on compliance with reliability directives. In the unlikely event a small (below 75 MW – 100 MW) DP is issued a reliability directive, it would most likely be to shed load. The Open Access Transmission Tariff (OATT) includes provisions for curtailing transmission service for point to point service (§§ 13.6, 14.7) and network service (§ 33). Furthermore, a small DP’s failure to follow a reliability directive is unlikely to have a material impact on BES reliability, because the entity is too small to have such an impact. If, however, a particular DP under 100 MW could materially impact BES reliability by failing to comply with a reliability directive, the entity can be registered through the material impact process.

As for cybersecurity, CIP‐002‐5 applies to very few DPs with peak load under 100 MW: those with an SPS, Remedial Action Scheme (RAS), or other transmission Protection System (other than UFLS or UVLS) subject to NERC Reliability Standards, and those that own a “Cranking Path and group of Elements meeting the initial switching requirements from a Blackstart Resource up to and including the first interconnection point of the starting station service of the next generation unit(s) to be started.” To the extent a particular small DP’s compliance with cybersecurity standards is demonstrated to be necessary to prevent a material risk to BES reliability, that DP can be registered on a case‐by‐case basis through the risk‐based criteria.

DPs are required to have, and follow, an event reporting plan under EOP‐004‐2; but the events to be reported, for DPs, are only of damage or threats to a Facility (i.e., a BES Element); automatic shedding of at least 100 MW; and the loss of at least 200 MW of firm load. Most if not all small DPs, in their capacity as DPs, do not own Facilities; and by definition, a DP with a peak load under 100 MW will not shed 100 MW or lose 200 MW of firm load. Making EOP‐004‐2 inapplicable to small DPs would not result in increased risk to BES reliability.

Operator training is required by EOP‐005‐2 only where a DP is identified in a TOP’s restoration plan, and the DP has field switching personnel identified as performing unique tasks associated with the TOP’s restoration plan that are outside of their normal tasks. The subset of DPs that meet those criteria and are under 100 MW is not expected to be large. To the extent the participation of any such DP in the TOP’s restoration plan is shown to be material to BES reliability, however, the DP can be registered through the material impact process.

As discussed above, the registration threshold for DPs could be raised from the present 25 MW peak load to 75 MW or 100 MW without a significant impact on risk to BES reliability. While the EIA data suggests that the proportion of load served by DPs with peak loads under 100 MW is de minimis on a continent‐wide basis, that data may not provide a complete picture. Because tariff and interconnection agreements arise under Section 205 of the FPA, technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no reliability gaps are created. As a result, this initial assessment of risk could be revised based on further analysis. An industry survey also will be used to identify issues to be considered as part of the technical analysis. Restrict DP registration of below‐threshold entities based on UFLS/UVLS/SPS/TPS DPs with peak load between 25 MW and the revised threshold and directly connected to the BES—i.e., entities below the revised threshold who were previously registered based on the minimum 25 MW size—would not be registered based on their participation in a BES protection program, unless there is a demonstrated reliability

Appendices


need; to the extent that they are registered, they should be subject only to the relevant protection system reliability standards and such other Reliability Standards as determined to be necessary based on further analysis. Rather, consideration of materiality of risk to BES reliability calls for restricting registration of such entities except where demonstrated necessary in light of unusual circumstances, and in such cases limiting the applicable standards. In unusual situations (i.e., significant portion of load is served by small DPs), the DPs could be registered on a case‐by‐case basis based on their material impact on reliability, and made subject only to the relevant system protection standards and such other Reliability Standards as determined to be necessary based on further analysis. Where the Planning Coordinator PC or Regional Entity demonstrates that the participation of a particular directly‐connected DP between 25 MW and the revised 75MW or 100MW threshold is necessary to protect BES reliability, the DP should be required to comply only with the relevant system protection standards and such other Reliability Standards as determined to be necessary based on further analysis. Removal of small DPs from compliance with other DP requirements would be unlikely to materially increase the risk to BES reliability. Small entities who are no longer subject to DP registration but wish to remain a part of a BES protection program should be permitted to opt in to compliance with such programs and the applicable Reliability Standards, so that small utilities that need to choose which portions of their load to shed can continue to do so. Technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no reliability gaps are created. As a result, this initial assessment of risk could be revised based on further analysis. An industry survey also will be used to identify issues to be considered as part of the technical analysis.

Appendices


Load-Serving Entity (LSE) Current Definition and/or Threshold in Statement of Compliance Registry Criteria

Definition Secures energy and Transmission Service (and related Interconnected Operations Services) to serve the electrical demand and energy requirements of its end‐use customers. Threshold NERC Rules of Procedure (ROP) Appendix 5B at III.a.1 Load‐Serving Entity peak load is > 25 MW and is directly connected to the Bulk Power (>100 kV) System, or; ROP Appendix 5B at III.a.2 Load‐Serving Entity is designated as the responsible entity for Facilities that are part of a required underfrequency load shedding (UFLS) program designed, installed, and operated for the protection of the Bulk Power System, or; ROP Appendix 5B at III.a.3 Load‐Serving Entity is designated as the responsible entity for Facilities that are part of a required undervoltage load shedding (UVLS) program designed, installed, and operated for the protection of the Bulk Power System.

[Exclusion: A Load‐Serving Entity will not be registered based on these criteria if responsibilities for compliance with approved NERC Reliability Standards or associated Requirements including reporting have been transferred by written agreement to another entity that has registered for the appropriate function for the transferred responsibilities, such as a Load‐Serving Entity, Balancing Authority, Transmission Operator, generation and transmission cooperative or joint action agency as described in Sections 501 and 507 of the NERC Rules of Procedure.]

ROP Appendix 5B at III.a.4 Distribution Providers registered under the criteria in III.b.1 or III.b.2 will be registered as a Load Serving Entity for all load directly connected to their distribution facilities.

[Exclusion: A Distribution Provider will not be registered based on this criterion if responsibilities for compliance with approved NERC Reliability Standards or associated Requirements including reporting have been transferred by written agreement to another entity that has registered for the appropriate function for the transferred responsibilities, such as a Load‐Serving Entity, Balancing Authority, Transmission Operator, generation and transmission cooperative, or joint action agency as described in Sections 501 and 507 of the NERC Rules of Procedure.]

Functional Model Description The Load‐Serving Entity arranges for the provision of energy to its end‐use customers, but does not provide distribution services (“wires”). The Load‐Serving Entity defined in the Model is not to be confused with or equated to the Load‐Serving Entity as defined in any tariff or market rule. Today, organizations serving as Load‐Serving Entities may also be Generation Owners and can self‐provide, or have contracts with other Generator Owners for capacity and energy to serve the Load‐Serving Entity’s customers, or purchase capacity and energy from non‐affiliated Generator Owners through a Purchasing‐Selling Entity (or Market Operator), or employ a combination of these three options. The Load‐Serving Entity reports its generation (affiliated and non‐affiliated) arrangements to serve load to the Balancing Authority, which forwards this information to the Reliability Coordinator, for day‐ahead analysis.

Appendices


The Load‐Serving Entity may contract for reliability‐related services through the Market Operator (if the Load‐Serving Entity is part of a market or pool) or directly from Generator Owners or loads. The same organization may serve as the Distribution Provider and Load‐Serving Entity, but they may be separate organizations as well. Unlike the Distribution Provider, the Load‐Serving Entity, does not have Bulk Electric System assets (“wires”) but does take title to energy. However, while these functions are distinct, in many cases an organization, such as a vertically integrated utility, bundles these functions together. The Functional Model assigns to the Load‐Serving Entity the identification of loads for curtailment and the development of load profiles and load forecasts. Please see Section II, 114: Roles in Load Curtailment for more detailed information. The Load‐Serving Entity communicates requests for voluntary curtailment to the appropriate end‐use customer loads, thereby ensuring that these loads will, in fact, be curtailed. Proposed Elimination N/A Proposed Revised Threshold Recommend that the peak load threshold in Registry Criteria III.a.1 be increased to 75 MW or 100 MW (or other number as determined based on further analysis) and directly connected to the BES. Also, revise that section to reflect the following two paragraphs. Using the risk‐based criteria, which is to be developed, LSEs with peak load between 25 MW and the new peak load threshold, and directly connected to the BES, generally would not be subject to registration even if they participate a UVLS program, unless it has been demonstrated that their participation in such a program is necessary for the reliable operation of the BES. To the extent that they are registered, they should be subject only to a sub‐list class of Reliability Standards, including the relevant protection system Reliability Standards, which is to be determined based on further analysis. Entities with less than 25 MW peak load, or not directly connected to the BES, generally would not be registered, even if they participate in a BES protection program, unless there is a demonstrated reliability need. To the extent that they are registered, they should be subject only to a sub‐list class of Reliability Standards, which is to be determined based on further analysis. Proposed Critical Sub‐function(s) LSEs with peak load between 25 MW and the new peak load threshold, and directly connected to the BES, generally would not be registered, even if they participate in a UVLS program, except in extraordinary circumstances under the risk‐based criteria, which is to be developed. To the extent that they are registered, they should be subject only to a sub‐list class of Reliability Standards, including the relevant protection system Reliability Standards, which is to be determined based on further analysis. Analysis and Support for Proposed Action Change the LSE registration threshold to LSEs with peak load of at least 75 MW‐100 MW and directly connected to the BES Consistent with a risk‐based approach to registration, the threshold for registration should be increased to 75 MW or 100 MW (or other number as determined based on further analysis) and directly connected to the BES. The new threshold would be accompanied by a risk‐based process that enables Regional Entities to register entities below the threshold based on a demonstration of material impact on the BES, and allows entities above that threshold to seek relief from registration as an LSE where the entity demonstrates lack of a material impact on

Appendices


the BES. Replacing the reference in the threshold with BES (rather than BPS or above 100 kV) is consistent with FERC’s determination in the SLECA case and a risk‐based approach because it would take into account the results of the application of the new BES Definition, including its exception process. Reliability Standards applicable to LSEs fall into the following categories: coordination with higher‐level entities; nuclear plant service; compliance with reliability directives issued by RCs and TOPs; cybersecurity (under currently‐effective version 3, but not under version 5); procedures during Energy Emergencies; Requests for Interchange for intra‐BA transfers; operate the BES to the most limiting parameter; provide data and information to higher‐level entities; appropriately determining Capacity Benefit Margin (CBM) need, where applicable; coordinate operations with host BA and TSP; and UVLS (addressed in Section B below). Except in very unusual cases, imposing these requirements on entities with peak load below 75 MW or 100 MW or not directly connected to the BES may not be necessary from a risk‐based perspective. According to data assembled by NERC, there were only 0.86 LSE violations per registered LSE per year in 2007‐2014—far less than the rate for other functions, such as TOP and BA. In addition, a preliminary review of EIA data—which does not present a complete view of Registered Entities—suggests that LSEs with peak load under 75 MW or 100 MW likely serve a very small proportion of U.S. load. Including these entities on the Compliance Registry is not needed to accomplish the primary reliability objectives of standards applicable to LSEs. Specifically:

LSEs are subject to FAC‐002‐1, NUC‐001‐2.1, and Reliability Standards requiring compliance with reliability directives. The analysis of these issues in the discussion of DP registration applies to LSEs as well.

LSEs are to be removed from CIP requirements under CIP version 5, which suggests that de‐registering a subset of LSEs will not pose a risk to BES reliability.

Energy‐deficient LSEs must follow certain procedures under EOP‐002‐3.1. However, the amount of energy likely to be needed by an energy‐deficient LSE whose peak load is under 100 MW is unlikely to pose a reliability risk; moreover, such an LSE could voluntarily follow the EOP‐002‐3.1 R1‐R8 procedures to remedy its deficiency. If those procedures were inadequate and firm load needed to be shed to protect reliability, and the unregistered LSE refused to do so, its transmission provider would have the authority and obligation to do so under the OATT and NAESB Wholesale Electric Quadrant Standard WEQ‐008, Transmission Loading Relief (TLR) – Eastern Interconnection.

INT‐011‐1 (which is pending before FERC) requires that “Each Load‐Serving Entity that uses Point to Point Transmission Service for intra‐Balancing Authority Area transfers shall submit a Request for Interchange unless the information about intra‐Balancing Authority transfers is included in congestion management procedure(s) via an alternate method.” The purpose of the standard is “[t]o ensure that transfers within a Balancing Authority Area using Point to Point Transmission Service are communicated and accounted for in congestion management procedures.” Intra‐BA transfers by LSEs with peak load between 25 and 100 MW are subject to tariff, operating agreement, and interconnection agreement requirements and, in any case, are unlikely to be a significant contributor to congestion.

LSEs, among other entities, are required to operate the BES to the most limiting parameter. LSEs, as such, do not operate the BES, IRO‐005‐3.1a should not be applicable to LSEs. Making the requirement inapplicable to LSEs with peak load under 100 MW does not pose a material risk to BES reliability.

Providing data for modeling and planning purposes is the concern often identified with respect to raising the registration threshold for LSEs. Based on the EIA data available, however, it appears that the aggregate load of LSEs under 75 MW or 100 MW is likely within the margin of error in their regions, provides little technical significance to the models, and is accordingly not needed. In the event that data from such entities is needed to avoid an undue risk to BES reliability in a particular region, however, the necessary LSEs can be registered on a case‐by‐case basis through the material impact process.

Appendices


In regions that use CBM, a registered LSE determining the need for transmission capacity to be set aside as CBM must use one of several studies or other methods of determining needed CBM. The TP must then establish a CBM value to use in its Available Transfer Capability (ATC) calculations that reflects consideration of the LSE’s study. Subjecting small LSEs to compliance with the CBM‐related reliability standard may not be needed to prevent material impact on the BES. Either small LSEs seeking a CBM set‐aside will perform the required studies, or their TP will not set aside any CBM for them.

Finally, TOP‐002‐2.1b requires that, to the extent permitted by confidentiality agreements, LSEs coordinate their current‐day, next‐day, and seasonal operations with their BAs and TSPs—i.e., that they provide load forecasts. To a significant degree, such coordination is achieved through tariff provisions or through an LSE’s power supplier. To the extent not covered, such coordination by LSEs under 100 MW is unlikely to be material to BES reliability.

As shown above, the registration threshold for LSEs could be raised from the present 25 MW peak load to 75 MW or 100 MW without a significant impact on risk to BES reliability. While the EIA data suggests that the proportion of load served by LSEs with peak loads under 100 MW is de minimis on a continent‐wide basis, that data may not provide a complete picture. As noted above, because tariff and interconnection agreements arise under Section 205 of the FPA, technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no reliability gaps are created. As a result, this initial assessment of risk could be revised based on further analysis. An industry survey also will be used to identify issues to be considered as part of the technical analysis. Restrict LSE registration of below‐threshold entities based on UFLS/UVLS LSEs with peak load between 25 MW and the revised threshold and directly connected to the BES generally would not be registered, even if they participate in a UVLS program, unless there is a demonstrated reliability need. To the extent that they are registered, they should be subject only to the relevant protection system reliability standard or such other Reliability Standards as determined necessary based on further analysis. No entity should be registered as an LSE based on its participation in a UFLS program, because UFLS standards no longer apply to LSEs. Rather, consideration of materiality of risk to BES reliability calls for restricting registration of such entities except where demonstrated necessary in light of unusual circumstances, and in such cases limit the applicable standards to those directly pertaining to the relevant protection program. In unusual situations (i.e., significant portion of load is served by small LSEs), the LSEs could be registered on a case‐by‐case basis based on their material impact on reliability, and made subject only to the UVLS standard or other Reliability Standards based on further analysis. As a general matter, Registered Entities should be encouraged to avoid requiring small LSEs to own or operate UVLS equipment as a mandatory part of the entities’ UVLS programs, because direct participation of such entities is not likely to significantly affect the effectiveness of those programs except in unusual circumstances. Where the PC or Regional Entity demonstrates that the participation of a particular directly connected LSE between 25 MW and the revised MW threshold in a UVLS program is necessary to protect BES reliability, the LSE should be required to comply only with the Reliability Standards relevant to the UVLS program or other Reliability Standards based on further analysis. Removal of such small entities (or entities not directly connected with the BES) from compliance with other LSE requirements would be unlikely to materially increase the risk to BES reliability. Small entities should be permitted to opt in to compliance with such programs and the applicable Reliability Standards, so that small utilities that need to choose which portions of their load to shed can continue to do so. Technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no reliability gaps are created. As a result, this initial assessment of risk could be revised based on further analysis. An industry survey also will be used to identify issues to be considered as part of the technical analysis.

Appendices


Transmission Owner (TO) Current Definition and/or Threshold in Statement of Compliance Registry Criteria in Statement of Compliance Registry Criteria

Definition The entity that owns and maintains transmission Facilities. Threshold NERC Rules of Procedure (ROP) Appendix 5B at III.d.1 An entity that owns/operates an integrated transmission Element associated with the Bulk Power System 100 kV and above, or lower voltage as defined by the Regional Entity necessary to provide for the Reliable Operation of the interconnected transmission grid; or ROP Appendix 5B at III.d.2 An entity that owns/operates a transmission Element below 100 kV associated with a Facility that is included on a critical Facilities list that is defined by the Regional Entity.

[Exclusion: A Transmission Owner/Operator will not be registered based on these criteria if responsibilities for compliance with approved NERC Reliability Standards or associated Requirements including reporting have been transferred by written agreement to another entity that has registered for the appropriate function for the transferred responsibilities, such as a Load‐Serving Entity, generation and transmission cooperative or joint action agency as described in Sections 501 and 507 of the NERC Rules of Procedure.]

Functional Model Description The Transmission Owner owns its transmission facilities and provides for the maintenance of those facilities. It also specifies equipment operating limits, and supplies this information to the Transmission Operator, Reliability Coordinator, and Transmission Planner and Planning Coordinator. In many cases, the Transmission Owner has contracts or interconnection agreements with generators or other transmission customers that would detail the terms of the interconnection between the owner and customer. Relationship with the Transmission Operator. The organization serving as Transmission Owner may operate its transmission facilities or arrange for another organization (which may or may not be a Transmission Owner) to operate and/or maintain its transmission facilities. Proposed Elimination N/A Proposed Modification of Registration Criteria Recommend that section III(d) of the Statement of Compliance Registry Criteria be revised to read:

Any owner or operator of one or more Bulk Electric System transmission Elements.

Proposed Revised Threshold/Classes of Standards Applicability The detailed registration thresholds located at section III(d) of the Registry Criteria are no longer needed to determine whether the owner or operator of an electric transmission Facility is subject to NERC Reliability Standards. The BES Definition and BES Exception Process set forth in the NERC Rules of Procedure perform the same tests, with greater precision and consistency. However, there is merit to establishing criteria to determine the applicability of Reliability Standards to different classes of TO and TOP entities. The following sub‐threshold is proposed for consideration:

Appendices


An entity that owns/operates only transmission lines operated below 200 kV and/or transformers with low voltage terminals connected at below 200 kV, and whose transmission Facilities do not meet the other criteria in Attachment B to reliability standard PRC‐023‐2, Relay Loadability.

The intent of establishing criteria to differentiate classes of TO/TOPs is not to remove entities owning and operating BES transmission Facilities from the NCR. Rather, such owners and operators would remain registered and subject to compliance with a subset of TO/TOP standards, but those that do not exceed the threshold set in this process would be subject only to the pre‐determined subset of TO/TOP requirements appropriate for entities with limited BES transmission Facilities. The resulting sub‐set of applicable TO/TOP standards could be accomplished by a variety of approaches: Three options are proposed for consideration to implement the revised threshold:

(i) Register the BES Element owner/operator as a DP and where necessary, make corresponding changes to the applicability sections and requirements of Reliability Standards.

(ii) Establish a new Registry function, Local Transmission Owners, with corresponding changes to Reliability Standards.

(iii) Develop and post a standard set of TO and TOP requirements that are determined to be applicable to BES transmission owners that meet the revised Local Transmission Facility threshold described above.

Option (i) is discussed in detail below. Proposed Critical Sub‐function(s) N/A Analysis and Support for Proposed Action Under the revised Statement of Compliance Registry Criteria, an entity is subject to registration as a TO/TOP if it owns/operates “transmission Facilities,” i.e., BES Elements used for transmission. Entities will thus be registered only if they own/operate BES transmission Elements, i.e., if their transmission equipment meets the revised BES Definition or has been added through the exceptions process, and has not been excluded through the exceptions process. However, the simple revisions outlined above will not, without more analysis,15 provide for a rational risk‐based registration of BES transmission owners and operators. The current registration criteria for TOs and TOPs assume that all TOs and all TOPs perform similar BES functions and have similar capabilities. For example, a small DP entity that owns a single 115 kV switching station on a BES 115 kV transmission circuit that is part of an integrated transmission network owned and operated by others will normally be registered a TO and TOP, and be responsible for the same requirements as a large vertically integrated utility. A strict reading of the Registry Criteria has led to the result that an entity that owns one 138‐kV BES loop being subject to the full set of standard requirements that were written to apply to TOs and TOPs with extensive transmission networks and a wide‐area view.

15 Technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no reliability gaps are created. As a result, this initial assessment of risk could be revised based on further analysis. An industry survey also will be used to identify issues to be considered as part of the technical analysis.

Appendices


The results of these processes result in: (i) time consuming reviews of facts and circumstances required for Registered Entities to attest that specific requirements are not applicable; and/or (ii) unduly burdensome efforts to comply with requirements that are inappropriate to an entity with such limited BES facilities and do not significantly contribute to BES reliability. Consistent with a risk‐based approach to registration, entities that own/operate insignificant BES transmission could be registered as DPs instead of TO/TOPs, and any requirements that must apply to such entities be revised to include such entities in the applicability (hereinafter, “DP/TO registration”). This approach to registration was successful in the GO/TO project, which could be emulated here. As in the GO/TO project, some transmission Facilities that fall below the threshold(s) set for DP registration:

[a]re more complex and may therefore require individual assessment. The reliability gaps associated with such Facilities should not be addressed simply through application of all standards applicable to Transmission Owners and Transmission Operators, but instead through an assessment of the impact of such a Facility on neighboring transmission Facilities. Such assessment should then be used to determine exactly which Reliability Standards and requirements should apply to that Facility and whether additional entity registration is warranted. This assessment should, at a minimum, be based upon the output of transmission planning and operating studies used by the Reliability Coordinator, Transmission Operator and Transmission Planner in complying with applicable Reliability Standards (specifically, IRO, TOP and TPL).

Order 785 at P 8.

Threshold for DP/TO Registration The applicability of Requirements R1‐R5 of PRC‐023‐2, which is established by Attachment B to that standard, provides a possible starting point for setting a threshold for DP/TO registration. Based on Attachment B, an entity that owns/operates only transmission lines operated below 200 kV and transformers with low voltage terminals connected at below 200 kV, and whose transmission Facilities do not meet the other criteria in Attachment B, would be registered as a DP. Entities that own other transmission Facilities would be registered as TO/TOP. Separate consideration should be given to operational responsibility for BES transmission Elements operating at below the threshold. Standards Applicability Further analysis is required to determine the TO/TOP standards that should apply to DPs that own/operate only the lower voltage transmission Facilities as defined by PRC‐023‐2 Attachment B. Special Considerations for Load‐Only Manufacturing Facilities Because most large manufacturing facilities are served by multiple feeds, this configuration may result in BES classification and therefore a candidate for registration based on the bright‐line application of the new BES definition. The following Entity Risk Assessment is proposed to assess whether such a facility poses a material risk to the reliability of the BES. It would normally be applied to candidates for registration as TOs/TOPs because the facility did not qualify for the E1/E3 Exclusions. The key concept underlying the Entity Risk Assessment is that, in the case of these retail loads, BES reliability is assured by the real‐time actions of the RC/BA/TOP service providers. Entity Risk Assessment Applicable to Load‐Only Manufacturing Facilities The following criteria could be applied to load‐only manufacturing facilities that become candidates for TO/TOP registration by application of the revised BES Definition, with a rebuttable presumption that the entity should not be so registered if the following criteria are met:

Appendices


1. No BES behind‐the‐meter generation at facility.

2. Utility maintains the element (e.g., the interconnecting substation and/or protection equipment under the terms and conditions of the applicable interconnection agreement or tariff).

3. Not an “integrated transmission Element” necessary to provide for the reliable operation of the interconnected transmission grid. Element is embedded in a retail customer facility and serves only a local distribution function.

4. No third‐party usage of element under terms and conditions of a FERC‐jurisdictional OATT.

5. Wide‐area view is not relevant to the facility (e.g., it is a retail load).

6. The following additional factors may be used in support of the above criteria, which include that the organization is not required to participate in SPS (or RAS), UVLS or UFLS programs.

The application of the above criteria would not preclude the ability of the facility’s Regional Entity, in consultation with the entity’s RC/BA/TOP service providers, to register the facility if the Regional Entity can establish that the facility is material to the reliability of the BES. Such demonstration of materiality shall include a fact‐specific analysis reflecting technical judgment. In the event that such load‐only manufacturing facilities are determined to be subject to registration as TO/TOP under this analysis, they could be addressed as a separate subclass such as "Customer Distribution." Review of the TO/TOP Reliability Standards should be undertaken to determine if a sub‐list of applicable requirements is appropriate from a risk‐based perspective. Moreover, because tariff and interconnection agreements arise under Section 205 of the FPA, technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no reliability gaps are created. The technical analysis should take into the need for coordinating high voltage protection schemes and recognizing dependency by BAs and RPs on reserves, resource adequacy and ancillary services, which are important fundamental aspects needed to support reliability. As a result, this initial assessment of risk could be revised based on further analysis. An industry survey also will be used to identify issues to be considered as part of the technical analysis.

Appendices


Transmission Operator (TOP)

Current Definition and/or Threshold in Statement of Compliance Registry Criteria in Statement of Compliance Registry Criteria Definition The entity responsible for the reliability of its local transmission system and operates or directs the operations of the transmission Facilities. Threshold NERC Rules of Procedure (ROP) Appendix 5B at III.d.1 An entity that owns/operates an integrated transmission Element associated with the Bulk Power System 100 kV and above, or lower voltage as defined by the Regional Entity necessary to provide for the Reliable Operation of the interconnected transmission grid; or ROP Appendix 5B at III.d.2 An entity that owns/operates a transmission Element below 100 kV associated with a Facility that is included on a critical Facilities list that is defined by the Regional Entity.

[Exclusion: A Transmission Owner/Operator will not be registered based on these criteria if responsibilities for compliance with approved NERC Reliability Standards or associated Requirements including reporting have been transferred by written agreement to another entity that has registered for the appropriate function for the transferred responsibilities, such as a Load‐Serving Entity, generation and transmission cooperative or joint action agency as described in Sections 501 and 507 of the NERC Rules of Procedure.]

Functional Model Description The Transmission Operator operates or directs the operation of transmission facilities, and maintains local‐area reliability, that is, the reliability of the system and area for which the Transmission Operator has responsibility. The Transmission Operator achieves this by operating the transmission system within its purview in a manner that maintains proper voltage profiles and System Operating Limits, and honors transmission equipment limits established by the Transmission Owner. The Transmission Operator is under the Reliability Coordinator’s direction respecting wide‐area reliability considerations, that is, considerations beyond those of the system and area for which the Transmission Operator has responsibility and that include the systems and areas of neighboring Reliability Coordinators. The Transmission Operator, in coordination with the Reliability Coordinator, can take action, such as implementing voltage reductions, to help mitigate an Energy Emergency, and can take action in system restoration. Note that the Model does not attempt to define what is and is not a transmission facility, versus a generating facility. As discussed in Section II‐13, this is assumed to be defined elsewhere by NERC or by governmental authorities. Maintenance. The Transmission Owner provides the overall maintenance plans and requirements for its equipment, specifying, for example, maintenance periods for its transformers, breakers, and the like. The Transmission Owner then develops or arranges for the development of the detailed maintenance schedules (dates and times) based on the Transmission Owner’s maintenance plans and requirements, and provides those schedules to the Reliability Coordinator and others as needed. The organization serving as Transmission Operator may also physically provide or arrange for transmission maintenance, but it does this under the direction of the Transmission Owner, which is ultimately responsible for maintaining its owned transmission facilities.

Appendices


Bundled with the Reliability Coordinator or Transmission Owner. A single organization may be the functional entity for multiple Functions. In such a case, the functional entities are said to be “rolled up” or “bundled” into a single organization. An organization may be a Transmission Operator without being a Reliability Coordinator or Transmission Owner. However, in many cases the Transmission Operator is bundled with one of these functional entities. Bundled with Reliability Coordinator. For example, consider a regional transmission organization (RTO) with several members. The RTO registers with NERC as a Reliability Coordinator and Transmission Operator and is NERC‐certified for both. The RTO then delegates/assigns some of the Transmission Operator Tasks to its members. Bundled with the Transmission Owner. In other situations, the RTO registers with NERC as the Reliability Coordinator, and its members register as Transmission Owners and Transmission Operators. In this case, the Model views the RTO as responsible for complying with Reliability Standards associated with the Reliability Coordinator and would be NERC‐certified as such. The RTO members would be responsible for complying with all Reliability Standards associated with the Transmission Operator, and would be NERC‐certified as such. Proposed Elimination N/A Proposed Revised Threshold Yes, see the discussion of registration thresholds, standards applicability and implementation options under Transmission Owner.

Appendices


Generator Owner (GO) Current Definition and/or Threshold in Statement of Compliance Registry Criteria in Statement of Compliance Registry Criteria

Definition Entity that owns and maintains generating units. Threshold NERC Rules of Procedure (ROP) Appendix 5B at III.c.1 Individual generating unit > 20 MVA (gross nameplate rating) and is directly connected to the Bulk Power System, or; ROP Appendix 5B at III.c.2 Generating plant/facility > 75 MVA (gross aggregate nameplate rating) or when the entity has responsibility for any facility consisting of one or more units that are connected to the Bulk Power System at a common bus with total generation above 75 MVA gross nameplate rating, or; ROP Appendix 5B at III.c.3 Any generator, regardless of size, that is a Blackstart Resource material to and designated as part of a Transmission Operator entity’s restoration plan, or; ROP Appendix 5B at III.c.4 Any generator, regardless of size, that is material to the reliability of the Bulk Power System.

[Exclusions: A Generator Owner/Operator will not be registered based on these criteria if responsibilities for compliance with approved NERC Reliability Standards or associated Requirements including reporting have been transferred by written agreement to another entity that has registered for the appropriate function for the transferred responsibilities, such as a Load‐Serving Entity, generation and transmission cooperative or joint action agency as described in Sections 501 and 507 of the NERC Rules of Procedure. As a general matter, a customer‐owned or operated generator/generation that serves all or part of retail load with electric energy on the customer’s side of the retail meter may be excluded as a candidate for Registration based on these criteria if (i) the net capacity provided to the Bulk Power System does not exceed the criteria above or the Regional Entity otherwise determines the generator is not material to the Bulk Power System and (ii) standby, back‐up and maintenance power services are provided to the generator or to the retail load pursuant to a binding obligation with another Generator Owner/Operator or under terms approved by the local regulatory authority or the Federal Energy Regulatory Commission, as applicable.]

Functional Model Description The Generator Owner owns its generation facilities and provides for the maintenance of those facilities. It also provides verified equipment operating limits and supplies this information to the Generator Operator, Reliability Coordinator, Transmission Planner and Planning Coordinator. In many cases, the Generator Owner has contracts or interconnection agreements with Transmission Owners or Distribution Providers that detail the terms of the interconnection between these parties. Relationship with the Generator Operator. The organization serving as Generator Owner may operate generation facilities, or arrange for another organization to do so. In addition, the organization serving as Generator Owner may perform maintenance and facility verification, or may arrange with another organization to do so.

Appendices


Proposed Elimination N/A Proposed Modification of Registration Criteria Recommend section III(c) of the Statement of Compliance Registry Criteria be revised to read:

Any owner or operator of one or more Bulk Electric System generating resources.

Proposed Revised Threshold/Classes of Standards Applicability The proposal is to establish a small GO/GOP MVA threshold for owners and operators of less than 75 MVA of BES generating units and plants (or other amount agreed upon after further technical analysis), including dispersed power generating resources. The applicability of MOD‐026‐1, which is established by the Facilities Applicability section of that standard, could, in conjunction with the risk‐based “Verification Conditions” set out in Attachment A to that standard, provide a possible starting point for setting qualification criteria for Small GO/GOP registration. These could include capacity and connection thresholds, as in the Applicability section, as well as consideration of reactive power control, capacity factor, and other appropriate factors, as in Attachment A. The intent of establishing a small GO/GOP threshold is not to remove any BES generator owners and operators from the registry. Rather, all BES generator owners and operators that meet the BES Definition, as well as the Registry Criteria capacity thresholds (individual units >20 MVA, plant >75 MVA), would remain registered and subject to compliance with applicable GO/GOP standards. For entities that do not exceed the small GO/GOP threshold set in the RBR process, they would be subject only to a defined subset of GO/GOP requirements (discussed below), which is to be determined after further analysis. The following criteria could be applied to behind‐the‐meter generation where discretionary sales to the BES may exceed the “net” 75 MVA threshold applicable to behind‐the‐meter generation under Exclusion E2. These criteria are contingent on the development of a higher risk‐based threshold “[X] MVA” as determined through further study:

1. Sales in excess of 75 MVA are energy only but not to exceed [X] MVA.

2. Capacity sales in excess of 75 MVA as requested and directed by the BA, TOP or RC, but not to exceed [X] MVA.

3. Additional factors in support of the above criteria, include that the entity is not a registered TO or TOP (or not otherwise a TO/TOP by virtue of generator tie lines) and does not otherwise affect SOLs or Interconnection Reliability Operating Limits (IROLs).

Proposed Critical Sub‐function(s) The working assumption is that all BES generating resource owners and operators with more than 75 MVA (or other threshold as determined through further study) are providing material amounts of capacity and energy to the BES and that misoperation of such BES resources could have an adverse reliability impact, and should accordingly remain subject to the full set of applicable reliability standards. Owners and operators of Blackstart Resources would also remain subject to full compliance responsibilities. Analysis and Support for Proposed Action When the revised BES Definition becomes effective, the Registry Criteria could be simplified to refer to an entity that owns/operates “BES generating units.” Entities will thus be registered only if they own/operate BES

Appendices


generation, i.e., if their generation meets the revised BES Definition or has been added through the exceptions process, and has not been excluded through the exceptions process. The current registration criteria for GOs and GOPs, however, do not distinguish between the owners and operators of a 2,000 MW baseload plant and a 30 MW peaking unit that is primarily used to serve local load centers when market prices are high. Consistent with a risk‐based approach to registration, entities that own/operate only insignificant BES generation should be subject only to a subset of GO/GOP standards required to ensure that the interconnection and operation of these resources do not cause or contribute to an adverse reliability impact during normal operations or when contingencies occur on the BES. As the drafting team determined in the MOD‐026 Project, it is possible to draw technically sound distinctions among applicable units for modeling and other purposes. The purpose of drawing such distinctions is to lessen undue regulatory burdens on the owners and operators of limited amounts of generating capacity, and better target use of NERC resources on reducing risks to reliable interconnected operations. As in the GO/TO project, it may be the case that some generators that fall below the threshold(s) set for Small GO/GOP registration are more complex and may therefore require individual assessment.

The reliability gaps associated with such Facilities should not be addressed simply through application of all standards applicable to [Generator] Owners and [Generator] Operators, but instead through an assessment of the impact of such a Facility on [BES reliability]. Such assessment should then be used to determine exactly which Reliability Standards and requirements should apply to that Facility and whether additional entity registration is warranted. This assessment should, at a minimum, be based upon the output of transmission planning and operating studies used by the Reliability Coordinator, Transmission Operator and Transmission Planner in complying with applicable Reliability Standards (specifically, IRO, TOP and TPL).

Order 785 P 8. Allowing energy‐only sales in excess of 75 MVA would encourage entities with discretionary sales not to withhold power sales to the BES in order to stay below the threshold and avoid registration. Such sales would contribute to market liquidity and could be valuable in emergency situations. The variance would be capped at [X] MVA. Similarly, withholding capacity during high‐load or emergency situations (to avoid registration) may have a higher reliability risk profile than exceeding the threshold on a limited basis. Any sales of capacity (such as ancillary services) that exceed the threshold by a behind‐the‐meter generator at the request of the BA, TOP, or RC should not be grounds for registration. The variance would be capped at [X] MVA. Standards Applicability The core standard requirements that need to apply across the board to small GO/GOP generators include those focused on protection systems (PRC) and modeling (MOD). Further analysis is required with respect to other Reliability Standards that should remain applicable, including, but not limited to, EOP‐004‐2, FAC‐008‐3, IRO‐010, and TOP‐006‐2. The task force could identify a common set of Reliability Standards that need to be applied to BES resources owned and operated by small GO/GOPs. This task force could also assess the merits of alternative approaches to targeting registration, standards applicability, and compliance monitoring and enforcement to entity risk. Technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no reliability gaps are created. As a result, this initial assessment of risk could be revised based on further analysis. An industry survey also will be used to identify issues to be considered as part of the technical analysis. The resulting analysis can then be used as the basis for establishing a small GO/GOP registration category and making appropriate revisions to Reliability Standard applicability.

Appendices


Generator Operator (GOP) Current Definition and/or Threshold in Statement of Compliance Registry Criteria

Definition The entity that operates generating unit(s) and performs the functions of supplying energy and Interconnected Operations Services. Threshold NERC Rules of Procedure (ROP) Appendix 5B at III.c.1 Individual generating unit > 20 MVA (gross nameplate rating) and is directly connected to the Bulk Power System, or; ROP Appendix 5B at III.c.2 Generating plant/facility > 75 MVA (gross aggregate nameplate rating) or when the entity has responsibility for any facility consisting of one or more units that are connected to the Bulk Power System at a common bus with total generation above 75 MVA gross nameplate rating, or; ROP Appendix 5B at III.c.3 Any generator, regardless of size, that is a Blackstart Resource material to and designated as part of a Transmission Operator entity’s restoration plan, or; ROP Appendix 5B at III.c.4 Any generator, regardless of size, that is material to the reliability of the Bulk Power System.

[Exclusions: A Generator Owner/Operator will not be registered based on these criteria if responsibilities for compliance with approved NERC Reliability Standards or associated Requirements including reporting have been transferred by written agreement to another entity that has registered for the appropriate function for the transferred responsibilities, such as a Load‐Serving Entity, generation and transmission cooperative or joint action agency as described in Sections 501 and 507 of the NERC Rules of Procedure.

As a general matter, a customer‐owned or operated generator/generation that serves all or part of retail load with electric energy on the customer’s side of the retail meter may be excluded as a candidate for Registration based on these criteria if (i) the net capacity provided to the Bulk Power System does not exceed the criteria above or the Regional Entity otherwise determines the generator is not material to the Bulk Power System and (ii) standby, back‐up and maintenance power services are provided to the generator or to the retail load pursuant to a binding obligation with another Generator Owner/Operator or under terms approved by the local regulatory authority or the Federal Energy Regulatory Commission, as applicable.]

Functional Model Description The Generator Owner may operate its generating facilities or designate a separate organization to perform the Generator Operation Function. The Generator Operator operates, or directs the operation of generation facilities. The Generator Operator supports the needs of the Bulk Electric System up to the limits of the generating facilities in its purview. Ultimately, the Generator Operator’s role is to meet generation schedules, manage fuel supplies, and provide frequency support and reactive resources without jeopardizing equipment. Relationship with the Generator Owner. The organization that serves as Generator Operator may also be the owner of the generation facilities it operates; or it may be a separate organization designated by the Generator Owner to operate the facilities. The Generator Operator receives maintenance and performance verification schedules from the Generator Owner, and develops operating and unit commitment plans based on these schedules.

Appendices


Relationship with the Transmission Operator. The Generator Operator provides reliability related services through arrangements or by direction from the Transmission Operator for support of the Bulk Electric System. The Generator Operator provides maintenance schedules, generator status, and AVR status to the Transmission Operator. The Generator Operator receives notification of transmission system problems affecting its generator from the Transmission Operator or Reliability Coordinator. Relationship with the Balancing Authority. The Generator Operator provides unit commitment schedules, generator status, and operating and availability status of generating units to the Balancing Authority. Relationship with the Reliability Coordinator. The Generator Operator provides annual maintenance plans, and operational data to the Reliability Coordinator. The Generator Operator takes actions based on directives from the Reliability Coordinator for the needs of the Bulk Electric System. Relationship with Purchasing‐Selling‐Entity. The Generator Operator receives notice of Arranged Interchange approved by the Purchasing‐Selling‐Entity. Proposed Elimination N/A Proposed Revised Threshold Yes, as outlined in the analysis and discussion of Generator Owner. A common technical analysis is required of standards applicable to both functions. An initial review indicates a proportionally smaller number of Generator Operator‐related requirements would likely be determined to be applicable to small GO/GOP entities than would be the case for Generator Owner‐related requirements. For example, proposed COM‐002‐2a would require all Small Generator Operators to “have communications (voice and data links) with appropriate Reliability Coordinators, Balancing Authorities, and Transmission Operators [that are] . . . staffed and available for addressing a real‐time emergency condition.” COM‐002‐3 would require small GOPs to train staff and be prepared to document the use of three‐part communications in communications that are unlikely to take place. Regional Entities would similarly be responsible for ensuring compliance with these requirements.

Appendices

NERC | DRAFT Risk‐Based Registration White Paper | April 9, 2014 B‐1

Appendix B – Current State of Registration Program

NERC’s Role NERC plays several key roles in entity registration. NERC has authority to identify candidates for registration. In addition, NERC reviews registration recommendations and changes to the NCR from Regional Entities. NERC also oversees implementation of the Registration program at the Regional Entities. Finally, NERC is responsible for registering entities, and establishing and maintaining the NCR of the BPS users, owners and operators subject to its Reliability Standards.16 Throughout implementation of the Registration program, NERC has provided formal and informal guidance to Regional Entities and industry regarding Registration requirements, roles and responsibilities. This guidance generally has been in response to issues that have arisen in execution of the Registration program, primarily through registration appeals as well as entity sales, mergers, and acquisitions of assets. However, NERC has not defined certain terms used in the Registry Criteria17 or mandated a set of specific criteria that could result in the addition or removal of an entity from the NCR. NERC also has not prescribed the use of a single web‐based portal or common registration form. In addition, NERC has worked closely with Regional Entity Registration activities and reviewed Registration activities and processes over time, and has recently revised internal oversight processes. As part of this initiative, NERC is reviewing best practices and procedures at the Regional Entities to incorporate them into the proposed design. This white paper identifies a summary of those practices and procedures, as well as possible improvements, such as a common registration form.

Regional Entity’s Role As called for in the NERC Rules of Procedure and its appendices, the Regional Entities identify candidates for registration. In addition, Regional Entities review and evaluate registration requests and changes making recommendations to NERC when a request or change may affect the NCR. The staffs of the Regional Entities actively participate in NERC‐led committees, task forces, and working groups, which facilitate the exchange of information between NERC and the Regional Entities. In addition, the Regional Entities are active participants in the ERO Compliance and Enforcement Management Group (ECEMG) and the Registration and Certification Functional Group (RCFG), both of which are under the oversight of the ERO Executive Management Group, comprised of the chief executive officers of NERC and the eight Regional Entities. As part of this initiative, the ECEMG was asked to provide a review of the Regional Entity registration practices. A summary of the observations is below:

1. The majority of the Regional Entities use the Registry Criteria to determine materiality. If the entity meets the Registry Criteria, it will be registered and considered material. Some Regional Entities invoke the footnote in Registry Criteria that allows registration of an entity if it is material to the reliability of the BPS, even if it does not meet Registry Criteria.

2. Most Regional Entities have developed internal procedures to implement registration, based on the Registry Criteria. However, some Regional Entities use the Registration Criteria to determine registration candidates and then apply a material or risk “assessment.”

16 See http://www.nerc.com/pa/comp/Pages/Registration‐and‐Certification.aspx.

Appendices


3. There is no consistency among Regional Entities in defining “materiality.” A major objective should be to develop a consistent approach, for use by all Regional Entities, to determine an entity’s material impact on BPS reliability.

Functional Model Users, owners and operators of the BPS are registered by the function they perform, based upon the Functional Model. An entity is registered by function to comply with specific Reliability Standards, because the “Applicability” section of each Reliability Standard is based on the functional approach. However, there are some exceptions (e.g., based on facility characteristics such as radial lines 200 kV and above as called for in FAC‐003). Unless an entity is registered for the function to which a Reliability Standard requirement is applicable, it is not responsible for compliance with that requirement. Fifteen function types are included in the Registry Criteria. These include Balancing Authorities (BAs), DPs, Generator Owners (GOs), Generator Operators (GOPs), Interchange Authorities (IAs), LSEs, Planning Authorities (PAs)/Planning Coordinators (PCs), Purchasing‐Selling Entities (PSEs), Reliability Coordinators (RCs), Transmission Planners (TPs), Transmission Owners (TOs), Transmission Operators (TOPs), Resource Planners (RPs), Reserve Sharing Groups (RSGs) and Transmission Service Provider (TSPs). User roles, include but are not limited to, DPs, LSEs, IAs and PSEs. Once registered for a function, entities are generally subject to the full set of Reliability Standards applicable to that function.

Thresholds NERC’s Registration program uses threshold criteria to determine if an entity meets a functional category and qualifies for registration. A user, owner or operator of the BES is considered a user, owner and operator of the BPS. Currently, an entity that meets the threshold criteria is deemed to have a material impact on the reliability of the BPS and thus may be registered, unless a Regional Entity determines otherwise. The NERC Rules of Procedure, and specifically the Registry Criteria in Appendix 5B,18 provide the flexibility needed to register the appropriate organizations and subject them to applicable Reliability Standard requirements. The Registry Criteria provides for registration of an entity based on a material impact assessment even if it does not satisfy the threshold criteria, and for declining to register an entity that satisfies the threshold criteria based on a determination of lack of material impact. Notwithstanding this flexibility, implementation of the Registration program generally has led to a one‐size‐fits‐all approach for identification of candidates for registration and related Reliability Standard applicability.19 Inconsistencies in application also appear because terms are not be consistently defined or evaluated in the same way across the Regional Entities.

18 See Registry Criteria at p. 11, “Notes to the above Criteria,” Item number 1. 19 For example, an entity that owns only a single BES 115 kV line or substation cannot specify realistic voltage schedules for generators in accordance with VAR‐001 R4 when it is between two neighbors with disparate voltage schedules on their systems; the voltage schedule will be driven by larger neighboring system(s) with a wide‐area view and responsibility for BES operations, not the small entity operating limited transmission facilities. Another example is that a small TOP without a wide‐area view should not be setting System Operating Limits.

Appendices


Reliability Standard Applicability Once registered for a function, an entity is subject to the full set of Reliability Standards applicable to that function. There are a few exceptions, such as a technical or physical limitation (e.g., the entity does not have the asset subject to the Reliability Standard requirement such as SPS, Blackstart units, etc., or has an approved Technical Feasibility Exception, etc.). However, this approach may result in implementation of the Registration program in a manner that does not take the size and scope of entities, and their role in BES reliability, into account in determinations as to registration and Reliability Standard applicability. In Order No. 693,20 and as part of its approval of the revised BES Definition,21 FERC has encouraged Registered Entities to work with NERC and Regional Entities to determine if a sub‐list of Reliability Standard requirements should be applicable to its respective registration. In some limited situations, NERC and the Regional Entities have tailored Reliability Standard requirement applicability for certain functional categories, such that the entity is not automatically subjected to the full scope of standard requirements otherwise applicable to a particular function.22 This experience has shown that appropriately scoped registration better serves reliability, as it allows entities to increase their focus on their specific reliability and operational obligations, as appropriate to the reliability risk they impose. In addition, NERC’s GO/TO project, which led to Order No. 785, “Generator Requirements at the Transmission Interface,” demonstrated that this approach can be effective in addressing a class of Registered Entities, as well as on an individual basis.

Registration Types Once the functional type is identified, there are four categories of entity registration:

1. First, in an Individual Registration scenario, an entity is registered on the NCR for one or more specific functions, and that individual entity accepts full compliance responsibility and accountability regarding Reliability Standard requirements associated with those specific functions.

2. Second, in a Joint Registration Organization (JRO) scenario, an entity registers on behalf of one or more of its members or related entities for one or more functions for which its members or related entities would otherwise be required to register, in accordance with Section 507 of the NERC Rules of Procedure. In this case, the registered entity accepts full compliance responsibility and accountability regarding Reliability Standards associated with those functions.

3. Third, Section 508 of the NERC Rules of Procedure allows two or more entities to register using a Coordinated Functional Registration (CFR). In this case, both entities are registered for one or more applicable function(s) and each is assigned respective responsibility for Reliability Standard requirements applicable to those functions. In a CFR, each registered entity accepts full compliance responsibility and accountability regarding Reliability Standards associated with those functions as listed in the CFR.

4. Finally, entities may be registered as a “concurrent registration” or “co‐registration.” A concurrent registration may be used when two entities meet the requirements for registration individually and may have an existing arrangement, agreement or contract that assigns responsibility for taking certain reliability actions, but the entities have not entered into a JRO or CFR. In this circumstance, NERC has the ability to register both entities for the same function, and may enforce noncompliance by either or both entities for failure to take the required reliability actions.

20 Mandatory Reliability Standards for the Bulk‐Power System, Order No. 693, FERC Stats. & Regs. ¶ 31,242, order on reh’g, Order No. 693‐A, 120 FERC ¶ 61,053 (2007).

21 Order Approving Revised Definition, 146 FERC ¶ 61,199 (2014). 22 See, e.g., Cedar Creek Wind Energy, LLC, 139 FERC ¶ 61,214 (2012).

Appendices


The functional registration of an entity does not preclude it from delegating activities and tasks related to compliance to third parties. In such cases, only the entity that appears on the NCR are held accountable for compliance with applicable Reliability Standards.

Multi-Regional Registered Entity (MRRE) MRRE is not a formal registration process. NERC and the Regional Entities are separately addressing compliance monitoring and enforcement activities for entities registered in more than one Regional Entity footprint. In some enforcement situations, the Regional Entities have worked together to identify a lead region, such that one of the respective Regional Entities has led enforcement efforts for a given MRRE.

Appendices

NERC | DRAFT Risk‐Based Registration White Paper | April 9, 2014 C‐1

Appendix C – BES Definition “Bulk Electric System” or “BES” means unless modified by the lists shown below, all Transmission Elements operated at 100 kV or higher and Real Power and Reactive Power resources connected at 100 kV or higher. This does not include facilities used in the local distribution of electric energy. Inclusions:

• I1 ‐ Transformers with the primary terminal and at least one secondary terminal operated at 100 kV or higher unless excluded by application of Exclusion E1 or E3.

• I2 ‐ Generating resource(s) including the generator terminals through the high‐side of the step‐up transformer(s) connected at a voltage of 100 kV or above with:

a) Gross individual nameplate rating greater than 20 MVA. Or,

b) Gross plant/facility aggregate nameplate rating greater than 75 MVA.

• I3 ‐ Blackstart Resources identified in the Transmission Operator’s restoration plan.

• I4 ‐ Dispersed power producing resources that aggregate to a total capacity greater than 75 MVA (gross nameplate rating), and that are connected through a system designed primarily for delivering such capacity to a common point of connection at a voltage of 100 kV or above. Thus, the facilities designated as BES are:

a) The individual resources, and

b) The system designed primarily for delivering capacity from the point where those resources aggregate to greater than 75 MVA to a common point of connection at a voltage of 100 kV or above.

• I5 ‐ Static or dynamic devices (excluding generators) dedicated to supplying or absorbing Reactive Power that are connected at 100 kV or higher, or through a dedicated transformer with a high‐side voltage of 100 kV or higher, or through a transformer that is designated in Inclusion I1 unless excluded by application of Exclusion E4.

Exclusions:

• E1 ‐ Radial systems: A group of contiguous transmission Elements that emanates from a single point of connection of 100 kV or higher and:

a) Only serves Load. Or,

b) Only includes generation resources, not identified in Inclusion I2, I3, or I4, with an aggregate capacity less than or equal to 75 MVA (gross nameplate rating). Or,

c) Where the radial system serves Load and includes generation resources, not identified in Inclusions I2, I3 or I4, with an aggregate capacity of non‐retail generation less than or equal to 75 MVA (gross nameplate rating).

Note 1 – A normally open switching device between radial systems, as depicted on prints or one‐line diagrams for example, does not affect this exclusion.

Note 2 – The presence of a contiguous loop, operated at a voltage level of 50 kV or less, between configurations being considered as radial systems, does not affect this exclusion.

• E2 ‐ A generating unit or multiple generating units on the customer’s side of the retail meter that serve all or part of the retail Load with electric energy if: (i) the net capacity provided to the BES does not exceed 75 MVA, and (ii) standby, back‐up, and maintenance power services are provided to the generating unit

Appendices

NERC | DRAFT Risk‐Based Registration White Paper | April 9, 2014 C‐2

or multiple generating units or to the retail Load by a Balancing Authority, or provided pursuant to a binding obligation with a Generator Owner or Generator Operator, or under terms approved by the applicable regulatory authority.

• E3 ‐ Local networks (LN): A group of contiguous transmission Elements operated at less than 300 kV that distribute power to Load rather than transfer bulk power across the interconnected system. LN’s emanate from multiple points of connection at 100 kV or higher to improve the level of service to retail customers and not to accommodate bulk power transfer across the interconnected system. The LN is characterized by all of the following:

a) Limits on connected generation: The LN and its underlying Elements do not include generation resources identified in Inclusions I2, I3, or I4 and do not have an aggregate capacity of non‐retail generation greater than 75 MVA (gross nameplate rating);

b) Real Power flows only into the LN and the LN does not transfer energy originating outside the LN for delivery through the LN; and

c) Not part of a Flowgate or transfer path: The LN does not contain any part of a permanent Flowgate in the Eastern Interconnection, a major transfer path within the Western Interconnection, or a comparable monitored Facility in the ERCOT or Quebec Interconnections, and is not a monitored Facility included in an Interconnection Reliability Operating Limit (IROL).

• E4 ‐ Reactive Power devices installed for the sole benefit of a retail customer(s).

Note ‐ Elements may be included or excluded on a case‐by‐case basis through the Rules of Procedure exception process.

MEMORANDUM

TO: Kristen Iwanechko, Secretary NERC Member Representatives Committee

FROM: Allen Mosher, Vice President, Policy Analysis, American Public Power Association Jacqueline Sargent, General Manager, Platte River Power Authority, on behalf of the Large Public Power Council John Twitty, Executive Director, Transmission Access Policy Study Group

DATE: April 29, 2014

SUBJECT: Response to Request for Policy Input

The American Public Power Association, the Large Public Power Council, and the Transmission Access Policy Study Group concur with the Policy Input submitted today by the State/Municipal and Transmission Dependent Utility Sectors of the Member Representatives Committee in response to NERC Board Chair Fred W. Gorbet’s April 9, 2014 letter requesting policy input in advance of the May 2014 NERC Board of Trustees meeting.

NERC Board of Trustees Policy Input – Canadian Electricity Association

Philadelphia, Pennsylvania; May 7, 2014

The Canadian Electricity Association (“CEA”) appreciates this opportunity to provide policy

input for the NERC Member Representatives Committee (“MRC”) and Board of Trustees

(“Board”) meetings in Philadelphia, in response to the April 9 letter issued by the NERC Board

Chair requesting stakeholder feedback on specific issues of particular interest to the Board.

1. Reliability Standard Audit Worksheet (“RSAW”) Review and Revision Process

CEA sincerely appreciates the efforts of the working group to address concerns around

the absence of a process for communicating the basis for any proposed revision to an

RSAW after it is put in place or for appealing any such proposed revision.

CEA views the proposed RSAW Review and Revision Process as an encouraging step

towards enhanced clarity. However, a few concerns and questions remain, for which

CEA respectfully requests clarification in subsequent refinements to the draft process:

o An RSAW is a tool setting forth NERC’s evidentiary expectations for a registered

entity to demonstrate compliance. It is not the purpose of, nor is it permissible

for, an RSAW to effect any change in the scope or intent of a standard. In this

regard, a few instances of unclear wording in the document require modification.

For example, there are two references in the draft to an RSAW not effectuating

any “material” change in the scope or intent of a standard. This implies that it is

acceptable for an RSAW to make non-material changes to a standard. This

implication is incorrect. The word “material” should therefore be deleted.

Similarly, under the “Proposed Process” heading, section 3.b. refers to whether

the proposed RSAW change “incorrectly expands what is required by the

standard’s requirements.” The erroneous implication here is that a proposed

RSAW change could “correctly” expand a standard’s requirements. Likewise,

section 3.c. refers to compliance requirements being increased retroactively. The

document should clarify that RSAW changes cannot increase compliance

requirements whatsoever – whether retroactively or prospectively.

This unclear wording confuses the distinction between the compliance

requirements of a standard and the RSAW. Some modifications are necessary to

the language cited above, in order to ensure maximum clarity and to ensure the

same type of confusion that was encountered with Compliance Application

Notices is not duplicated with RSAWs.

o There is a risk of inconsistency in the interpretation of what constitutes a

2

“substantive” revision to an RSAW. NERC may wish to provide examples of

what it deems to be a “substantive” revision or not, or offer a general definition of

what constitutes a “substantive” revision.

o Assuming no additional revisions are made beyond the initial posting of a revised

RSAW, entities may not be able to adjust their compliance processes/activities in

a 15-day window for either current open audits or audits commencing on or after

the effective date of the revised RSAW (particularly if the proposed revisions

entail significant changes in the compliance approaches for multiple requirements

in a standard). Some type of implementation schedule would be desirable.

o In step 4a., if the Chair of the Standards Oversight and Technology Committee

(“SOTC”) does not take any action on those remaining comments not accepted by

NERC, is the Chair required to provide justification and/or respond to the

comments raised by entities? Some measure of guidance or form of explanation

is preferable to a decision by the SOTC Chair that no action is required, but which

is not accompanied by any justification for the decision.

o Similarly, in step 5, if the full SOTC does not make any additional changes to the

RSAW, is it required to address any unresolved comments?

o Is there an appeal process beyond the SOTC for entities which feel that their

comments or concerns have not been adequately addressed by either the SOTC

Chair or the full SOTC?

Finally, CEA trusts that, alongside the adoption and implementation of an RSAW Review

and Revision Process, it will continue to be acknowledged that a registered entity is not

legally bound by an RSAW and may demonstrate compliance in another manner.

2. Risk-Based Registration Assessment

As stated in CEA’s previous policy input, CEA believes that the goals of this initiative

are laudatory and that this effort is consistent with other essential NERC initiatives

seeking to implement risk-based approaches across NERC program areas.

Much work has been undertaken since the formal launch of this initiative. CEA applauds

the efforts of the advisory group and, in particular, of NERC staff in preparing thoughtful

issues and recommendations for stakeholders’ wider consideration at this time.

It should be noted, though, that the proposals are still at an incipient stage of development

and that the whitepaper – in whole and in part – does not yet reflect the general consensus

3

views of the advisory group.

CEA’s principal thoughts and recommendations on the whitepaper are the following:

i. In its current form, the Preface makes reference to the jurisdiction of NERC

within the context of the U.S. Federal Power Act. In addition, it should be

observed that the reliability regimes in place in many Canadian jurisdictions have

the authority for entity registration and registration oversight, and have

implemented criteria and practices to ensure the right entities are subject to the

right set of applicable standards. (To be clear, though, many of these approaches

build upon or are modelled upon elements of NERC’s registration program, and

many entities in Canada are nevertheless listed on NERC’s compliance registry).

As registration governance and the application of NERC’s registration program

vary across Canadian jurisdictions, so too will certain aspects of a new risk-based

approach to registration. This includes alignment with the revised BES definition,

the adoption and implementation of which will differ across Canadian

jurisdictions. Certain jurisdictions may adopt the revised BES definition, while

others are pursuing or have already pursued different means (e.g. legislation or an

equivalent exception process) to define the scope of facilities to which reliability

standards will apply.

Accordingly, CEA respectfully requests that the Preface make note of the above.

ii. CEA supports the proposed elimination of the Purchasing-Selling Entity (“PSE”)

from the compliance registry. The analysis in Appendix A of the paper makes a

robust case in favor of such elimination and in support of the argument that PSEs

are not able to pose material risk to bulk-power system (“BPS”) reliability.

iii. Each key group within the ERO reliability regime – governmental authorities,

NERC and industry – has stressed the need to keep this effort clean and simple.

CEA is not yet persuaded that establishing “classes” (or “tiers” as they were

previously described) of registered entities to which specific subsets of reliability

standard requirements would apply is an approach that will pass the cleanliness

and simplicity tests. Rather, it raises the specter of undue complexity and

unintended consequences within the registration process.

iv. As noted in the whitepaper, Project 2010-07 (the “GO/TO project”) is a

successful model for tailoring reliability standard requirements to specific entities.

CEA supports the registration initiative seeking to emulate approaches and

outcomes validated through the GO/TO project. Furthermore, any option to

4

revise standards should be coordinated with existing standards revision efforts,

wherever possible.

3. Potential Alternative Funding Mechanism to Support Expanded Cyber Security

Information Sharing and Capabilities

To begin, CEA wishes to re-affirm support for the Electricity Sector Information Sharing

and Analysis Center (“ES-ISAC”) being housed within NERC and having a robust

capability to share timely and actionable information to BPS users, owners and operators

on security threats and risks.

The proposal to explore potential supplemental, alternative voluntary funding for

expanded information sharing capabilities appears and sounds reasonable.

However, CEA is not able to weigh-in with a robust opinion based on the limited

information presented to date – both in the April 9 letter from the Board Chair and in the

April 22 stakeholder briefing from NERC on the 2015 business plan and budget. For

example, answers to the following questions remain unclear:

o What are the specific reliability benefits which this expanded capability is

expected to yield?

o Does this proposal raise questions and concerns around the fair allocation of costs

under the ES-ISAC’s funding structure? How can such questions and concerns be

most effectively addressed?

For example, entities which are not assessed fees to fund NERC activities are

currently able to subscribe to the ES-ISAC. Moreover, ES-ISAC activities fall

under the criteria developed by NERC in 2013 for determining whether a

reliability activity is eligible for statutory funding. Is there a risk of establishing

an unusual precedent for seeking outside, voluntary funding for an activity that is

deemed to fall under NERC’s statutory functions (recognizing that the only other

NERC activity employing such an approach is System Operator Certification?)

o Consistent with the above, how will NERC ensure NERC registrants do not

unfairly subsidize the expanded activities where other entities derive a benefit?

This problem is apparent because incremental costs are estimated, participation is

voluntary and uncertain, and the allocation basis is not disclosed.

o There appears to be separate pieces under this proposal (e.g. installation and

support of the Cyber Risk Information Sharing Program [“CRISP”] information

5

sharing infrastructure; subscription services to the U.S. Department of Energy

laboratory which developed the technology; and additional analytical resources at

the ES-ISAC). Do all of these pieces necessarily have to be covered under new,

supplemental outside funding? As suggested during the April 22 stakeholder

briefing, is there an opportunity to draw on NERC reserves to cover a portion of

these expenses?

o During the April 22 stakeholder briefing, it was suggested that the emergence of a

critical mass of industry participants installing CRISP technology has signaled a

concomitant need for NERC to likewise invest in such an installation. (The

Electricity Subsector Coordinating Council [“ESCC”] is currently executing a

plan for a targeted, tiered roll-out of CRISP installations by the end of 2014).

However, NERC has only offered a range of estimated costs and clarity is lacking

on the degree that the investment would be funded through NERC reserves or

through an alternate funding mechanism. What decision-making mechanisms has

NERC implemented to guide the transition towards an alternate funding

mechanism?

There is ongoing debate around both the ES-ISAC’s existing funding and governance

structure. Before committing to additional funding for expanded ES-ISAC capabilities

and operations, CEA believes that it is imperative for this debate to be settled and for

industry participants to have certainty regarding the long-term stability of ES-ISAC

funding and governance.

While the April 22 stakeholder briefing offered an early snapshot of NERC’s 2015

business plan and budget, the details of where costs are being contained and where they

are growing are not yet more widely known. Like other stakeholders, CEA members are

concerned about the unsustainable trend of year-over-year NERC assessment increases.

It would be helpful to know how the estimated expenses associated with supplemental

ES-ISAC funding fit into the overall ERO budget.

To reiterate, CEA affirms the critical role played by the ES-ISAC in disseminating

information regarding BPS security and is by no means dismissing outright the prospect

of endorsing NERC’s proposal for supplemental ES-ISAC funding. However, at this

stage, the expression of a firmer view on the proposal is challenged by the absence of

additional details, such as those identified above.

Other Topics – NERC Five-Year Performance Assessment

The meetings in Philadelphia mark the only occasion in 2014 during which the draft

Five-Year Performance Assessment will be discussed as part of a quarterly open meeting

6

of the Board. CEA therefore wishes to share brief observations on the draft assessment

(as posted for public comment in early March 2014) for the Board’s consideration.

The draft assessment is generally a fair and measured evaluation of NERC’s performance

in fulfilling its responsibilities as the ERO. It is clear from the description of activities

and accomplishments that NERC has made significant progress in helping to improve

BPS reliability in the years following its previous self-assessment in 2009.

However, it seems curious that the draft assessment omits any reference to NERC’s

current budget level and the growth in NERC’s overall budget since the 2009 assessment.

While the draft assessment acknowledges increases in specific program areas, it neither

acknowledges nor provides a more global explanation for the expansion of NERC’s

overall budget from approximately US$34.5 million in 2009 to US$55.6 million in 2014.

An essential component of evaluating an organization’s performance is consideration of

the budgetary backdrop under which this performance has been executed. One would

assume that, given the significant escalation of costs at NERC, the draft assessment

would at least recognize that improvements in NERC’s performance have not been free.

Ideally, the document would clearly demonstrate the cost-effectiveness of growth in

NERC’s overall budget and headcount, and would explain how NERC applies its

resources in a cost-effective manner in service of BPS reliability.

This omission in the draft assessment is likewise peculiar in light of the strenuous

concerns stakeholders have expressed over the last few budget cycles regarding

significant year-over-year increases in NERC’s budget.

CEA believes that more detail around – or at a minimum, a basic acknowledgment of –

growth in NERC’s budget, stakeholders’ enduring concerns and NERC’s plans to control

costs going forward is appropriate and necessary in the Five-Year Assessment.

CEA sincerely thanks the Board for considering these comments and looks forward to further

discussion during the upcoming meetings in Philadelphia.

Dated: April 29, 2014

Contact: Patrick Brown (613) 627-4124

Director, U.S. Affairs [email protected]

Canadian Electricity Association


1

Policy Input of the Edison Electric Institute

NERC Board of Trustees Meeting

Philadelphia

May 7, 2014

On behalf of the member companies, the Edison Electric Institute (EEI) appreciates the

opportunity to provide the following brief policy input in advance of next week’s NERC

meetings in Philadelphia. EEI views on bulk power system reliability are formed by the CEO

Policy Committee on Reliability and Business Continuity, and the Reliability Executive

Advisory Committee.

Risk-based Registration

EEI supports the broad NERC strategic initiative to manage its programs and activities based

on reliability risks. In addition, EEI has strongly asserted that NERC focus its resources on its

core programs and activities to ensure the successful and efficient management of those

programs.

For example, EEI has for several years asked NERC to overhaul the compliance and

enforcement program in recognition of the fact that the overwhelming numbers of

enforcement actions are immaterial to reliability, drive unnecessary administrative cost

burdens, serve as a significant distraction for company personnel who have important

responsibilities for planning and operations, and provide very weak incentives to maintain

strong performance levels. While messages around the “Reliability Assurance Initiative”

continue to offer hope and change, our discussions with member companies reflect very

little meaningful progress. Far too much bureaucracy has developed to cover far too many

immaterial matters entering the enforcement pipeline.

Similarly, EEI supports a careful review of the NERC registration process. In its comments to

FERC in the registration appeals of Cedar Creek Wind Energy and Milford Wind in 2010, EEI

commented in the docket that a review of the application by the regions of NERC

registration criteria seemed to be in order to help ensure consistent application of the

2

criteria.1 EEI envisioned at the time that such a review would trigger a broader inquiry on

registration process and due process

We support continued focused discussion on potential changes to the registration process.

As this discussion takes place, it will be critically important to remain faithful to and in

compliance with the decisions made by FERC in its orders on the Bulk Electric System (BES),

as well as all orders approving mandatory reliability standards as mandatory and

enforceable. Having defined in multiple FERC orders the appropriate scope for the BES,

NERC cannot indirectly alter that definition through application of a registration process

that exempts certain entities. Regardless of the importance of the strategic initiative, NERC

and registered entities must comply with all final FERC decisions.

From a reliability perspective, as companies expect significant changes to the nation’s

electricity resource mix over the next ten years, and as new technologies and customer-

based resources continue to become more integrated with the bulk system, the need will

significantly grow for transmission operations and reliability coordination personnel to have

clear situation awareness, accurate data and information, and confidence in their ability to

maintain controls over various elements of the system. Going forward, transmission

operations will perform much more detailed granular realtime management to support

reliability. Therefore, broad-based exemptions from requirements under the mandatory

reliability standards must be very carefully examined for potential unintended

consequences that might follow from such exemptions.

Regardless of the outcomes in the broader initiative, any entity may seek relief now from

what it views as an unnecessary or costly compliance responsibility through either a)

requests for exclusions under the processes set forth in the FERC-approved BES definition

procedure or b) organizing a Joint Registration Organization that allows several entities to

have compliance responsibilities managed by a single entity. Finally, we urge the Board of

Trustees to ensure that any new registration process avoids developing into yet another

costly and opaque bureaucracy.

RSAWs

EEI supports the proposed RSAW process modification as a modest improvement.

NERC needs to continue seeking processes and methods that provide companies with clear

compliance guidance. Until NERC develops a better set of guidance tools and processes, we

continue to stress the importance for NERC to make sure that RSAWs not inadvertently change

1See 135 FERC ¶ 61,241, Order Denying Appeals of Electric Reliability Organization Registration

Determinations, June 16, 2011. EEI filed comments in the docket on December 7, 2010.

3

FERC-approved requirements and, once approved, that RSAW documents not receive any

further editorial treatment outside the RSAW process.

CIP V.5 Implementation

CIP v.5 implementation provides an example of the appetite for timely and practical compliance

guidance. In discussions with member companies around the country, it is very clear that v.5

implementation offers a broad range of complex design, planning, management, and business

and budget challenges, which must take place while companies conduct day-to-day workloads

with constrained resources. V.5 goes much further than a step change, it is a programmatic

redesign and expansion of scope that requires very careful planning and execution.

At previous meetings, NERC staff has described general plans to develop v.5 transition

guidance. Given the size and nature of work needing to be performed, EEI urges NERC to begin

now a focused discussion aimed at developing a complete set of guidance materials by no later

than August 2014. These discussions need to make use of the volunteer companies engaged in

the various pilot activities, where this group already has identified a small number of significant

technical issues. NERC needs to develop, communicate, and execute a single plan for v.5

guidance materials as an urgent priority.

ES-ISAC / CRISP

EEI and its member companies strongly support the CRISP program. Earlier this year, EEI

cooperated with ES-ISAC and Battelle Memorial Institute (Battelle), the contracting party for

the CRISP technology, to assist two investor-owned utilities to install and implement CRISP

on their systems as part of an initial pilot program. Since then, EEI and ES-ISAC have been

supporting the efforts of Battelle, these initial two utilities and three additional investor-

owned utilities have discussed the merits of negotiating a standard agreement pursuant to

which all interested industry participants would be able to more broadly implement CRISP

under the same terms and conditions, including the expectation of benefiting from

economies of scale. To date, these industry participants and Battelle have focused their

attention primarily on addressing the various legal and contractual concerns that arise in

the context of a program of this nature.

We understand that under the Battelle agreement, industry participants would pay Battelle

to procure and install the necessary equipment on their systems. Analytics and reporting

issues also factor into the cost and the specific sharing arrangements between Battelle,

industry participants, and ES-ISAC are now being addressed by these initial five companies.

However, stakeholders beyond these initial five companies have not yet fully discussed the

scope of ES-ISAC's proposed role in CRISP, how any such role would be legally implemented,

nor the costs associated with any such role. Accordingly, we would propose additional

stakeholder outreach regarding ES-ISAC's proposed 2015 budget, including a breakdown of

4

scope of work, costs and timing, for its role in CRISP to help inform and expedite the

funding approach suggested in Item 3 of the policy input letter.

EEI also understands that ES-ISAC has begun development of a strong code of conduct, and

consideration of strong physical separation of ES-ISAC staff and NERC staff and restrictions

on passing information to FERC, NERC and/or Regional Entities Staff for compliance and

enforcement purposes. Given the critical need to maintain complete confidentiality of

sensitive information handled by ES-ISAC, we welcome these considerations as steps in the

right direction.

Physical Security

We are very grateful to all companies and company personnel who worked tirelessly in the

development of CIP-014. The successful ballot outcome for the standard shows strong

consensus support for a solid set of requirements to identify and physically protect critical

facilities, and underscores stakeholders’ ability to efficiently respond to FERC reliability

directives. We applaud both the process and the outcome, recognizing the unique attributes of

the assignment and the timeline demanded to achieve a complete and timely response.

GMD

The GMD “phase two” standard offers a similar set of technical and process challenges,

including mitigation requirements based on a realistic benchmark event that appropriately

addresses reliability risks associated with geomagnetic disturbances caused by solar storms. EEI

and the member companies look forward to an open and transparent discussion on the merits

of the issues in the project, complete responses to all FERC directives, and timely filing at FERC

in early 2015.

Benjamin Franklin

NERC meeting in Philadelphia invites a brief recognition of Benjamin Franklin and his role as

a research scientist in electricity and, with the invention of the lightning rod, a pioneer in

physical security systems.

In 1750, Mr. Franklin published a proposal for an experiment to prove that lightning is

electricity by flying a kite in a storm that appeared capable of becoming a lightning storm.

In June, 1752, he may have conducted his famous kite experiment in Philadelphia,

successfully extracting sparks from a cloud. His experiment was not written up with credit

until Joseph Priestley's 1767 History and Present Status of Electricity.

Franklin indicates that he was aware of the dangers of electrocution and offered alternative

ways to demonstrate that lightning was electrical, as shown by his use of the concept of

electrical ground. If Franklin did perform this experiment, he may have used the kite to

5

collect some electric charge in a Leiden jar from a storm cloud, which implied that lightning

was electrical.

Franklin's electrical experiments led to his invention of the lightning rod. He surmised that

this could help protect buildings by attaching "upright Rods of Iron, made sharp as a Needle

and gilt to prevent Rusting, and from the Foot of those Rods a Wire down the outside of the

Building into the Ground; ... Would not these pointed Rods probably draw the Electrical Fire

silently out of a Cloud before it came nigh enough to strike, and thereby secure us from that

most sudden and terrible Mischief!" Following a series of experiments on Franklin's own

house, later in 1752 lightning rods were installed on the Academy of Philadelphia (later the

University of Pennsylvania) and the Pennsylvania State House (later Independence Hall).

April 29, 2014

Sector 8 Policy Input to the NERC BOT and MRC

Dated April 29, 2014

Item 1: Reliability Standard Audit Worksheet (RSAW) Review and Revision Process

The Large Consumer segment appreciates the opportunity to provide feedback on the RSAW review and revision process proposed by the ERO Enterprise. We are encouraged that NERC and the Regional Entities understand the vital connection between the entities that develop the guidelines and those that are subject to them. Too many times, material modifications to guidelines are implemented without sufficient transparency – and the consequences are only determined when costly penalties are absorbed by less-observant registered entities who find to their surprise that their procedures or documentation are no longer sufficient.

We do understand and appreciate the need for Compliance Enforcement Authorities (CEAs) to rapidly incorporate essential findings from audits, spot checks, and BES events analysis into the RSAWs. In addition, we can all agree that it can be difficult to discern the degree of impact from a material modification – some will reflect universal industry practices, while others may unexpectedly disallow comparable alternatives. As such, the Large Consumer segment fully agrees with the initial steps that the ERO Enterprise has proposed.

However additional steps should be mandatory when feedback from an industry stakeholder established that the modification is inconsistent with the scope or intent of the Standard. Evidence of such inconsistency should be more than mere opinion but may include the Standard Development Team’s (SDT) responses to industry commentary, the NERC submission to FERC prior to approval, or FERC’s order approving the Standard. When such evidence is presented, the ERO Enterprise must be compelled to address it in written format. It can solicit input from the SOTC or even the Standards Committee and the original SDT Chair. In the event that the industry stakeholder’s position is rejected, the ERO Enterprise must issue a written response so that, if appropriate, its decision can be appealed.

We believe that this type of process will separate issues of serious consideration from those which are not. Most RSAW modifications still will pass through the process in short order, but the tougher ones deserve added attention – and some may even require a Standard’s modification. If an emergency update is needed due to a never-before-experienced situation, there are other enforceable vehicles that NERC can use in the interim.

Item 2: Risk-Based Registration Assessment

Question 1. The whitepaper sets out several objectives for this initiative. Do you agree with these objectives and are there any other considerations you would suggest?

Ans: The Large Consumer Segment strongly supports the Risk-Based Registration (RBR) initiative provided that it pursues the following objectives as stated in the Executive Summary:

“(i) clearly defined terms, criteria and procedures that are risk-based and ensure reliability of the BES, (ii) refined thresholds, where warranted, based on sound technical analysis and support, and (iii) reduced Reliability Standard applicability, where warranted, based on sound technical analysis and support.”

We agree that accomplishing these objectives would result in a vastly improved basis for registering entities.

However, a literal reading of the detailed text of the whitepaper indicates that the primary objective, at least for GO/GOP and TO/TOP, may not be aimed at the Registry, nor is it to promote de-registration, but rather appears only to be reducing the compliance scope for small GO/GOP and TO/TOP:

“The intent of establishing a small GO/GOP threshold is not to remove any BES generator owners and operators from the registry. Rather, all BES generator owners and operators that meet the BES Definition, as well as the Registry Criteria capacity thresholds (individual units >20 MVA, plant >75 MVA), would remain registered and subject to compliance with applicable GO/GOP standards. For entities that do not exceed the small GO/GOP threshold set in the RBR process, they would be subject only to a defined subset of GO/GOP requirements (discussed below), which is to be determined after further analysis.” (Appendix A)

We seek clarification on the important point that the RBR initiative should focus on reducing unnecessary registrations as a threshold matter, as well as on reducing the compliance scope for entities that are registered but should not be subject to the full GO/GOP or TO/TOP requirements. The Large Consumer segment trade group, ELCON, has repeatedly expressed its concern that the revised BES definition will greatly expand the number of candidates for registration – especially involving load-only manufacturing facilities – because of the blunt-force nature of the definition’s bright-line thresholds. While these thresholds may be reasonable and effective for identifying BES Elements on utility systems, they are not suitable for identifying BES Elements inside manufacturing facilities except in the instance of large, utility-scale behind-the-meter generation that are already registered. Imposing certain standards requirements on manufacturing facilities – all of which are retail loads – is tantamount to taking control of and interfering with the industrial production process. This violates the basic premise of the electric power industry that the plenary responsibility of the industry is to reliably serve its retail customers at just and reasonable rates.

To date, no load-only manufacturing facility that we are aware of has been required to register in the NERC Compliance Registry. Yet it is common knowledge that a large number of such facilities have interconnection or other internal facilities that will disqualify them from the E1 Radial and E3 Local Network exclusions and therefore they will become candidates for registration. It is not clear what their registration status will be under the existing Statement of Compliance Registry Criteria. It is therefore imperative that registration criteria be devised that prevents wholesale registration of these manufacturing entities. ELCON has proposed one such approach to the RBRAG and it is on pages A-15 and A-16 of the whitepaper.

Also, the Board should be aware that most behind-the-meter generators offer sales to the BES on a discretionary basis. However, most of the behind-the-meter generators that are currently registered are large and utility scale with a business model that combines energy/steam self-supply with merchant sales. These units are routinely engaged in power sales and actively seek such commercial opportunities, in addition to responding to requests by the TOP/BA/RC for reliability purposes. Many of the machines that generally provide discretionary sales may choose to carefully limit such sales to the BES so as to avoid exceeding the applicable thresholds that would trigger registration. In effect, they may deliberately limit energy and capacity sales to the grid because the cost of compliance with the Reliability Standards would exceed the value of incremental power sales. Many regions in the US are experiencing or anticipating problems with resource adequacy because of the penetration of variable energy resources and/or the retirement of coal-fired or nuclear power plants. It would be a wise application of the RBR to allow behind-the-meter generators to exceed the thresholds if such sales are deemed to be free of any negative impacts to reliability. For example, if a TOP or BA openly solicits

―2―

capacity from such entities, the fulfillment of such requests should not be used to trigger registration. In many instances, allowing the thresholds to be exceeded by these resources is the lower risk option. ELCON has proposed on page A-20 and A-21 of the whitepaper a set of criteria that would allow greater discretionary sales when such sales have either no reliability impact or otherwise make a net positive contribution to reliability as directed by the BA, TOP or RC.

The Large Consumer Segment supports the two stated goals of RBR on page 3 of the whitepaper, specifically to:

(1) Develop and deploy a sustainable Registration program design that incorporates evaluation of the reliability risks and benefits provided by an entity to ensure reliability, and where appropriate, define classes of Registered Entities for application of a properly scoped set of Reliability Standard requirements.

(2) Create an implementation plan that supports a 2016 or sooner launch, along with business practices and IT requirements, with the possibility of early adoption options that can address undue industry burden, while also preserving reliability.

We also support:

(1) The objective to develop a consistent approach, for use by all Regional Entities, to determine an entity’s material impact on BPS reliability;

(2) A consistent approach to assessing materiality;

(3) NERC oversight and guidance on regional registration practices;

(4) Allowing for one-time attestations that a requirement is inapplicable;

(5) The application of a centralized review process;

(6) The development of a common registration form for entity risk assessment; and

(7) The elimination of the functional registration categories identified in the whitepaper (PSEs and IAs).

We agree that several options should be pursued for implementing RBR as discussed on pages 8 and 9. These are:

(1) A CMEP approach in which it is prima facie established that certain requirements do not apply to a Registered Entity. The Regional Entities enforcement policies and the Reliability Assurance Initiative (RAI) must play a key role in advancing the RBR Initiative. The RAI has recently been remarkably successful in reducing audit scope while maintaining or improving reliability focus on important requirements.

(2) A materiality approach in which existing thresholds may be revised as appropriate to account for lower or no risk situations with the outcome that the Registered Entity may be a candidate for deregistration, or the BES classified candidate for registration is not subject to registration. For example, ELCON has proposed to allow net sales to the BES by behind-the-meter generators to exceed the 75-MVA threshold in limited, reliability enhancing situations that would not entail registration of the entity (see page A-20 of the whitepaper). Similarly, we have proposed a series of risk-based criteria that would exempt load-only manufacturing facilities from registration even if the entity owns or operates an electrical configuration that does not qualify for the E1 Radial and E3 Local Network BES exclusions (see pages A-15 to A-16).

―3―

(3) Revising Reliability Standards such that subsets of requirements are applied to subcategories of functional entities. Long-term, the Standards Development Process should be where the emphasis should be.

Finally, we support the formation of SME task forces to develop risk criteria and Reliability Standard applicability classes. Regarding the latter, we remind the Board that the GOTO effort took a long time to reach fruition and that any attempt to deploy this model again should be conditioned on a more expeditious timeline for completion.

Question 2. Is the use of multiple thresholds, as discussed in the whitepaper, a prudent approach to determining whether an entity should be registered and do you believe this may cause any unintended consequences?

Ans: The Large Consumer Segment supports the use of multiple or revised thresholds as a very practical approach to account for the level of risk. At its most fundamental level, the thresholds would map the disparity between entities that are public utilities and entities that are not public utilities. Within the class of public utilities, the thresholds should also be established on the basis of entity size. We acknowledge that this may entail the need for a case-by-case process modeled after the BES exception process.

We remind the BOT that the use of multiple thresholds has already been demonstrated within specific Standards applicability, and were deemed a prudent and fair way of limiting Standard Requirements to entities that actually affect the reliability issues being addressed by a given Standard. Examples of such Standards are FAC-003, MOD-26, -27, and CIP V4.

Question 3. Are there other considerations not identified in the whitepaper that you believe need to be factored into this initiative?

Ans: Although not specifically a registry issue, the compliance burden of the small entities could be further reduced by having different audit schedules (as part of the RAI).

In addition, as discussed above, the cost of complying with Reliability Standards for some behind-the-meter generators might cause those generators to withhold energy and capacity from the energy and ancillary services markets in order to stay below the “net capacity” thresholds in the existing Statement of Compliance Registry Criteria. In regions of the country that face resource adequacy challenges, the risk of registration may itself become an added reliability risk. This issue might be easily resolved under any rational risk-based assessment of the entity (ignoring the implications on resource adequacy). However, RBR also might be a useful tool for identifying and mitigating situations where the compliance cost burden may potentially degrade reliability and this should be an important criterion for not registering the entity. For example, there have been repeated efforts to functionalize demand response and subject this resource to the requirements of certain Reliability Standards. It is well known that large manufacturers are frequent suppliers of demand response. We would anticipate that the availability of this resource would be sharply curtailed if the provider were at risk of NERC registration.

Item 3. Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities.

The Electricity Sector Information Sharing and Analysis Center (ES-ISAC) was established in 1998 when DOE requested that NERC serve as the ISAC for the electricity sub-sector. The purpose of the ES-ISAC is the rapid and secure sharing of information with the electric industry and applicable governmental entities regarding real and potential cyber-related threats to the electricity sector. NERC has funded the

―4―

ES-ISAC but that will end after the 2014 Fiscal Year because ES-ISAC is not a statutory requirement under Section 215 of the Federal Power Act. NERC has proposed an alternative funding scheme that would rely on voluntary contributions.

ELCON supports the proposal that ES-ISAC be funded on a voluntary, opt-in basis from the utility sector. In general, direct financing by the industry is preferable to governmental allocations through FERC. It allows for shared decision making on expenses – and the voluntary nature of the contributions would force NERC to continually demonstrate the value of the program. However, under a voluntary scheme there will be a strong incentive for free riders. Therefore, there may need to be some tangible benefit provided to contributors that non-contributors do not get. But this should be balanced with the need for inclusiveness and the avoidance of a governing structure dominated by a subsector of the utility industry.

###

―5―

NERC Board of Trustees Philadelphia, Pennsylvania

May 7, 2014 Policy Input of the Merchant Electricity Generator and Electricity Marketer

Sectors Sector 6, Merchant Electricity Generator, and Sector 7, Electricity Marketer,1 take this opportunity to provide policy input in advance of the upcoming NERC Member Representatives Committee (“MRC”) and Board of Trustees (“BOT”) meetings. Generators and Marketers (“G&M”) appreciate the BOT recognizing value in stakeholders’ policy input for the MRC and BOT meetings and how that input can play an important role in informing the BOT leadership on issues impacting the Electric Reliability Organization (“ERO”) mission and activities. In the quarterly policy input letter, BOT Chair Fred Gorbet requested of MRC Chair John Anderson that the MRC provide input on three items of interest to the BOT: (1) the Reliability Standard Audit Worksheet (“RSAW”) Review and Revision Process; (2) Risk Based Registration Assessment; and, (3) the Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities. Herein, Generators and Marketers respond to some of the noted topics, with an overall message that NERC, as an organization, should be focused on increasing efficiency and effectiveness by emphasizing programs and processes that materially support reliability in the most cost effective manner. Reliability Standard Audit Worksheet Review and Revision Process Assuming that RSAWs are necessary and will continue to be used as an auditor tool, G&M generally support the RSAW revision process outlined in the letter. G&M, however, do have some concerns with the proposal that are provided below and need to be addressed. A fundamental issue that the Board should first consider is whether RSAWs are needed to ensure consistent compliance. Standards include both Requirements and Measures, and it is the Measures that are used to determine compliance with a Requirement. Granted, if each standard included clear and unambiguous Measures, then the ability to measure compliance would be straightforward. However, an unclear Measure should not be used as an opportunity to create a document (i.e., RSAW) outside of the standards process that potentially provides for an interpretation of the Measure. If the Board determines that RSAWs are still

1 The Electric Power Supply Association (“EPSA”) endorses the Sector 6 & 7 policy input. EPSA is the national trade association representing leading competitive power suppliers, including generators and marketers. Competitive suppliers, which collectively account for 40 percent of the installed generating capacity in the United States, provide reliable and competitively priced electricity from environmentally responsible facilities. Each EPSA member typically operates in four or more NERC regions, and members represent over 800 registered entities in the NERC registry. EPSA seeks to bring the benefits of competition to all power customers. The comments contained in this filing represent the position of EPSA as an organization, but not necessarily the views of any particular member with respect to any issue.

required, then RSAWs must be based solely on the Measures that are developed through the standards process. Furthermore, if the Board determines that the proposed RSAW revision process is needed, then the following concerns need to be addressed: • The effective date of an RSAW should be an agreed upon fixed period after the

RSAW is approved; the effective date should not be the subject of individual RSAW comments.

• RSAWs, once approved and effective, should not apply to open audits or to any entity that has received its “90-day letter from a compliance enforcement authority that announces an audit.”

• What is sent to the Chair of the SOTC should be posted for all stakeholders, and a requirement for posting should be added to Paragraph 3. Such a posting will ensure transparency and increase awareness regarding RSAW changes.

• While the proposed process applies to an RSAW that is already in place for an existing standard, the same process should apply to an RSAW for a new standard.

Risk Based Registration Initiative G&M understand the need to have a risk-based registration process and endorse the overall concept, particularly related to the potential elimination of entities that do not have a material impact on Bulk Electric System (“BES”) reliability such as Purchasing Selling Entities (“PSEs”). However, G&M do have various concerns with the white paper and believe these concerns should be addressed prior to the finalization of a risk-based registration process. The comments below are an attempt to address some of these concerns as outlined in the request for policy input. To implement some of the changes it appears that various technical analysis, stakeholder comments, and various regulatory filings/approvals (including possible Rules of Procedure changes) will be needed. It is not clear if the new risk-based registration process develops specific registration criteria or an evaluation methodology that will lead to a decision as to whether an entity needs to be registered. Various options need to be carefully studied considering that the BES definition implementation offers an exemption process. It is also possible that various standards may need to be modified and such changes will not occur quickly given the structure of the standards process. As a result, G&M encourage NERC and the Regions to develop simple criteria that can be used to quickly eliminate entities from the Registry where common sense indicates the entities do not have a material impact on reliability. This would be analogous to a P81 approach. In parallel to this effort, a more detailed approach to evaluate the need for various entities to be in the Registry can be developed and endorsed.

2

An additional concern is that the risk-based registration process could directly, or indirectly, create conflicts with the BES definition implementation and RAI. Again, eliminating obvious entities from the Registry that do not have a material impact on reliability, such as PSEs, makes sense. Stakeholders, however, need to be assured through clear procedures and examples that the near simultaneous implementation of RAI, BES, and risk-based registration complement one another. Finally, G&M are concerned that the current documentation appears to be blurring the lines regarding GO/GOPs whose interconnection facilities may be treated as transmission facilities. Work needs to be done to ensure that we do not directly, or indirectly, create a situation whereby generators are once again being registered as TOs and/or TOPs regarding their interconnection facilities. Any material gap in reliability whereby registering a GO/GOP as a TO/TOP might close the gap must be resolved through the modification or creation of a standard. The registration process is not the place to resolve such gaps. The G&M appreciate the concept and work that is being done on risk-based registration. While G&M welcome rapid completion and implementation of the entire risk-based registration initiative in 2016, we caution the Board to be mindful of the practical hurdles such a goal will face due to the changes that may be required to various standards and other documents in addition to possible regulatory filings. We recommend that a detailed project plan should be developed and communicated to industry. Sincerely, /s/ Sector 6 Merchant Electricity Generator Representatives: Scott Helyer Tenaska John Seelke PSEG Sector 7 Electricity Marketer Representatives: Jack Cashin Electric Power Supply Association Jason Marshall ACES Power Marketing Dated: May 1, 2014

3

ISO/RTO Council’s (IRC) Policy Input to Board of Trustees April 29, 2014

The ISO/RTO Council appreciates the opportunity to respond to the Board’s request for policy input. This document contains IRC’s input on the following areas in response to Mr. Fred W. Gorbet’s letter dated April 9, 2014, to the Members Representatives Committee (MRC).

Reliability Standard Audit Worksheet (RSAW) Review and Revision Process 1. The MRC is encouraged to provide feedback on the proposed process and, specifically, whether it

addresses the concerns raised during the February meetings

Risk-Based Registration Assessment 1. The whitepaper sets out several objectives for this initiative. Do you agree with these objectives

and are there any other considerations you would suggest? 2. Is the use of multiple thresholds, as discussed in the whitepaper, a prudent approach to

determining whether an entity should be registered and do you believe this may cause any unintended consequences?

3. Are there any other considerations not identified in the whitepaper that you believe need to be factored into this initiative?

Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities

1. The Board requests input on this alternative funding approach.

I. Reliability Standard Audit Worksheet (RSAW) Review and Revision Process

The IRC supports the approach laid out in the proposed process, but believes that one important addition can be made that would: (a) improve RSAW development through utilizing a CCC Subcommittee to act as a stakeholder advisory group to the NERC Compliance Personnel; and (b) reserve Board involvement for only those situations where there are serious policy or implementation issues surrounding Standard enforcement.

By employing a CCC Subcommittee as an advisory group, NERC Compliance personnel can tap into a group of individuals with deep experience in compliance and enforcement matters. And, the CCC CPPS (previously the CCC Standards Interface Subcommittee and CCC Procedures Committee) is comprised of company representatives that have worked on RSAW development and Standards quality reviews (primarily from a compliance and enforcement perspective). This approach would also provide a slightly more formal basis for NERC Compliance personnel to vet difficult policy or implementation issues with stakeholders, and that vetting should help clarify the issues that need to be brought the Board SOTC’s review when RSAWs are completed.

Page 1 of 6

Therefore, the IRC would recommend that the Proposed Process be amended slightly to add the following two steps:

The first proposal would be for an initial step to begin the process:

• NERC Compliance Operations will post a form and a process for registered entities to use to raise issues with existing RSAWs. NERC Compliance Operations and the Compliance Process and Procedures Subcommittee (CPPS) will review the issues raised by registered entities and assess whether an RSAW needs to be modified.

The second proposal would be an added step following the collection of comments and triggered if NERC Compliance Operations Staff identified comments that were not accepted:

• After the revised RSAW is posted, comments not accepted for incorporation into the RSAW by NERC Compliance Operations will be reviewed by the CPPS subcommittee of the CCC. The purpose of this review is to determine if: a) A technical error or inaccuracy regarding the proposed change is identified in the

submitted comments; or b) The submitted comments identify that the proposed change incorrectly expands what is

required by the Standard through its requirements.

II. Risk-Based Registration Assessment

The IRC appreciates the ERO initiatives to focus the administration of its functions based on risk to the BES. This concept, if implemented appropriately, should increase the efficiency and effectiveness of NERC’s functions. Consistent with other risk based initiatives, the apparent purpose of the RBR initiative is to register organizations on a risk basis, such that entities that pose marginal risk to the BES are either deregistered or are subject to focused registration, which would register relevant entities only for the requirements that have a relationship to BES reliability.

The IRC appreciates the intent of the RBR initiative. However, in its assessment of different options, the ERO should consider other means to accomplish the goals of this initiative. Appropriate application of the RAI principles to the CMEP functions and/or appropriate revisions to the standards would appear to address the concerns without potentially compromising the “reliability floor” established under the current registration program. If categorical exemptions are pursued to effectuate the RBR initiative, they must be carefully and thoroughly vetted through the appropriate stakeholder and regulatory approval processes and then included as objective registration thresholds. This will help to ensure that any such

Page 2 of 6

proposals do not have any unintended reliability impacts generally, or relative to the different regional rules that may implicate the relevant entities in different reliability roles in the different regions.

Appendix A provides additional information that forms the basis of the IRC’s proposal. The IRC looks forward to working with the ERO in addressing the issues underlying the RBR initiative.

III. Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities

The IRC appreciates NERC efforts to review the projects known as the “Cyber Federated Model” (CMF) and Cyber Risk Information Sharing Program” (CRISP), to reduce cost and improve efficiency of the information sharing provided by these programs, alongside with the ES-ISAC. However at this point, more information is needed concerning the details about what types of services they are proposing to offer in a volunteer funding model, or what that might mean to our overall NERC costs. The IRC would be supportive of more transparency and an assurance of cost causation. In order that we can more effectively assess the proposed approach, more information is needed with respect to how the alternative funding mechanism relates to the overall NERC fee structure and the risk of unfunded mandates.

Page 3 of 6

Appendix A - IRC’s View on the Proposed Risk-Based Registration Approach

The RBR white paper lays out several options for achieving the goals of the RBR initiative. The IRC looks forward to working with the ERO in its consideration of the different options to address the issues the RBR initiative is attempting to address.

In addition to considering new approaches to registration, the ERO should also consider whether the current registration process is appropriate, and whether there are other means to address disparate risk profiles of functional entities. Under the current registration program, the ERO registers entities based on objective functions (e.g. RC, TOP, etc.) and thresholds (e.g. MV size thresholds). These criteria have been thoroughly vetted by stakeholders during the development and regulatory approval processes. This approach identifies entities that perform activities that have a relationship to the reliable planning and operation of the BES. The relevant entities are then responsible for compliance with the NERC standards and requirements that apply to their registered functions. The result of this process is the establishment of “reliability floor”. This approach has provided a registration baseline that facilitates BES reliability by including all relevant entities within the NERC standards reliability paradigm.

The current registration program supports BES reliability, but the IRC appreciates the fact that different entities may have disparate risk profiles. The IRC also recognizes that the BES reliability risks differ between the standards and requirements that apply to a particular function – for example, if there are 100 requirements that apply to a function, 20 of those requirements may be administrative in nature and have no direct impact on BES reliability. Accordingly, it is possible that a particular registered entity may present a low risk to the BES. In these circumstances it is reasonable for the ERO to recognize this in the administration of its functions. While there may be value in considering changes to the registration function to address these issues, the ERO should also consider addressing them through other means.

The ERO may be able to address low risk circumstances more quickly and effectively by recognizing the risk profile of an entity through the actual administration of its CMEP functions – i.e. compliance monitoring and enforcement. In fact, the RAI initiative is designed to effectuate this result. If applied correctly, the risk level of an entity, generally, and in terms of the different risks presented by the requirements that apply to a function (i.e. requirements that do not have an impact on BES reliability) can be addressed in the application of the CMEP functions. To accomplish this, the CMEP monitoring proceedings (e.g. audit, spot check, etc.) can be scoped based on risk so the impact to the entity reflects its risk profile. For example, the CMEP activity can focus just on the requirements that have a relationship to risk, and the CMEP activities can similarly be scoped relative to risk. Thus, proper application of the RAI process to the CMEP activities can effectively manage disparate risk profiles between entities.

Depending on the underlying concerns behind the RBR effort, another option to address the issue is appropriate revisions to the NERC Standards. If the primary concern underlying the RBR initiative is that specific standards and requirements applicable to particular functional entities have no, or minimal,

Page 4 of 6

relationship to BES reliability risk, then that is an issue with the standards, and not one of registration. In that case, the most effective way of addressing the issue is to pursue appropriate revisions to the relevant standards. This could be effectuated using a holistic approach, similar to the Paragraph 81 effort. The goal would be to review the requirements applicable to the relevant functions to either revise or eliminate the requirements with marginal risk impact. This would eliminate the need for changing the registration program, and would directly address the core issue – i.e. removing requirements that have no relationship to BES reliability.

Addressing the concerns underlying the RBR initiative via risk based CMEP administration and/or appropriate revisions to the NERC Standards assumes that the relevant functional entities do perform some tasks that have a relationship to BES reliability. Conversely, if the concern underlying the RBR initiative is that the existing registration thresholds inappropriately include particular types of entities because they have no relationship to BES reliability, and that such entities can be categorically identified and excluded on a programmatic basis, then the appropriate means of addressing that issue would be to develop appropriate registration thresholds via the stakeholder and regulatory processes that resulted in the current registration paradigm. This would ensure that any resulting changes are based on a comprehensive record and an informed decision-making process. This is critical to affirming the underlying assumption of such categorical exemptions, which is that the relevant entities, in fact, have no relationship to BES reliability.

In considering categorical threshold exemptions, it is also important to understand that operational and planning relationships and corresponding obligations under regional rules that are related to compliance with NERC standards can differ from region to region. In some regions relevant entities may not perform tasks under the regional rules that effectuate compliance with the NERC standards (this does not mean the entity does not impact BES reliability – it simply means the regional rules that establish operating and planning relationships do not implicate the entity in tasks that effectuate compliance with the NERC standards). In other regions the rules may implicate those entities in reliability matters that correlate to obligations under the NERC standards. This is particularly important where meeting a reliability objective requires multiple registered entities to do the right thing (e.g. generators providing accurate operating characteristics so that system models are accurate).

Accordingly, any categorical exemptions would have to be carefully reviewed to ensure the exemption does not create any reliability gaps in the different regions. Related to this issue, any such exemptions would also have to be coordinated with other functional entity obligations to ensure they do not create potential compliance issues for other entities.

Other issues the ERO should consider in its assessment of any RBR initiative are 1) whether the new BES definition and associated procedures present opportunities for relevant entities to be exempt from registration via the specific exclusions in the BES definition, or, alternatively, to seek exemption via the ad hoc exemption process; and 2) the issue of stranded BES assets – for example, if an entity is exempt under a prospective RBR process, the process needs to ensure that entity’s facilities are appropriately managed

Page 5 of 6

in the registration process if they have a relationship to BES reliability. With respect to the stranded asset issue, the IRC expects that any RBR process would address that issue, but is raising it to ensure any RBR process does not have unintended consequences to BES reliability.

Page 6 of 6

Page | 1

MIDWEST RELIABILITY ORGANIZATION

POLICY INPUT TO NERC BOARD OF TRUSTEES April 29, 2014

Pursuant to the NERC Board of Trustee’s (BOT) request for policy input from the NERC Member Representatives Committee for the upcoming May 7, 2014 meeting, the Midwest Reliability Organization (MRO) Board of Directors (MRO Board) respectfully submits the following for consideration by the NERC BOT.

Item 1: Reliability Standard Audit Worksheet (RSAW) Review and Revision Process The MRO Board does not oppose the adoption of the RSAW Review and Revision Process and supports transparency regarding the Electric Reliability Organization’s (“ERO”) work processes that publication of tools such as the Auditor Handbook and RSAWS offer. However, the MRO Board is concerned that the review and revision process results in additional ERO and industry costs and resources to manage what is essentially an ERO internal documentation tool. RSAWs are akin to internal work paper organization for audit staff; RSAWs do not provide guidance regarding compliance. And in fact, the RSAWs specifically disclaim that they should be used “as a substitute for the Reliability Standard or viewed as additional Reliability Standard requirements.” Therefore, MRO suggests that NERC support industry’s development of application guides to give detailed meaning about compliance with the standards. This joint ERO and industry-driven effort would improve understanding and common expectations around compliance with the standards and lead to improved reliability. Adding resources to focus on work paper structure and evidence requirements under the RSAWs, which is an administrative matter, is not likely to impact reliability.

With regard to the admonishment in the RSAWs that “the Regional Entity should rely on the language contained in the Reliability Standard itself,” the MRO Board recommends adoption of professional standards framework and guidance for Regional Entity and NERC staff in performing CMEP activities to assure adherence to the standards as well as high-quality work with competence, integrity, objectivity, and independence. Item 2: Risk-Based Registration Assessment The MRO Board supports the Regional Entity Management Group (“REMG”) policy comments on registration.

380 St. Peter Street, Ste. 800, Saint Paul, MN 55102 MidwestReliability.org P.651.855.1760 F.651.855.1712

C L A R I T Y ■ A S S U R A N C E ■ R E S U L T S

Page | 2

Item 3: Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities

In our April 30, 2013 Policy Input, we said that “in order to ensure the most robust exchange of information, the ESCC and ES-ISAC must ultimately be independent of NERC given its regulatory responsibilities and the power to assess significant monetary penalties.”1 The MRO Board continues to support more independence between the ES-ISAC from NERC, which includes separate funding and voluntary participation.

1 April 30, 2013 Policy Input to the NERC BOT at page 21.

380 St. Peter Street, Ste. 800, Saint Paul, MN 55102 MidwestReliability.org P.651.855.1760 F.651.855.1712

C L A R I T Y ■ A S S U R A N C E ■ R E S U L T S

http://www.nerc.com/gov/bot/Agenda%20highlights%20and%20Mintues%202013/Policy%20Input_May_2013_%20Boston.pdf

NPCC Board of Directors Policy Input to the May 6, 2014 NERC Member Representatives Committee

and May 7, 2014 NERC Board of Trustees Meetings

1. Reliability Standard Audit Worksheet (RSAW) Review and Revision Process NPCC supports the open and transparent development of and revisions to RSAWs that are

consistent with the intent of the reliability standard and give the industry guidance to the standard’s application

NPCC recommends that documentation around RSAWs continue to identify them as one of a number of tools available to auditors in their thorough and unbiased monitoring of compliance, especially with the introduction of the Reliability Assurance Initiative

NPCC recommends that any revisions made to RSAWs be prospective so as not to be disruptive to registered entities undergoing audits, and that compliance continue to be measured against the reliability standard, not the RSAW

2. Risk-Based Registration Assessment NPCC supports initially targeting for risk-informed reviews and revisions to the registration

criteria for the Distribution Provider (DP), Purchasing Selling Entity (PSE), and Load Serving Entity (LSE) functions, where the potential for lower risks are more likely to exist

NPCC recommends that any risk assessment of functional registration should consider both individual registered entity risks, as well as their potential aggregate reliability impacts

NPCC does not support the introduction of multiple threshold levels within the registration criteria for GOs, GOPs, TOs or TOPs as they could introduce unnecessary complexity for the registered entity without identified reliability cost-benefits

3. Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities NPCC supports the establishment of a “Cyber Risk Information Sharing Program” (CRISP)

node at NERC and the sharing of non-attributed security threat data within the industry as being consistent with NERC’s ES-ISAC role

NPCC supports the sharing of security information as being within NERC’s Section 215 responsibilities, and recommends that it be funded within the NERC budget as such

NPCC does not support alternative funding for separate NERC security functions or specific NERC staffing to perform customized security analyses, and suggests that other entities (e.g. Pacific Northwest National Laboratory) may more efficiently and appropriately perform such tasks

4. NERC Initial Draft 2015 Business Plan and Budget NPCC supports the collaborative development of multi-year strategic plans, goals and

objectives between NERC and the Regional Entities NPCC supports the clarification and separation of roles and responsibilities between NERC

and the Regional Entities as the foundation for establishing an efficient ERO Enterprise

NPCC recommends that the NERC 2015 Business Plan include descriptions of NERC’s oversight role to provide better certainty to performance metrics

NPCC recommends that NERC include the projected resource impacts to registered entities of proposed initiatives in its annual business plans

Approved by the NPCC Board of Directors at its April 29, 2014 Meeting

National Rural Electric Cooperative Association (NRECA) Policy Input to the NERC Board of Trustees (BOT)

April 29, 2014

NRECA appreciates the opportunity to provide policy input to the NERC BOT regarding several issues that will be discussed at the May 6/7 MRC and BOT meetings. Reliability Standard Audit Worksheet (RSAW) Review and Revision Process

• NRECA appreciates the efforts of the working group to address RSAW issues. The proposal before us only addresses RSAW revisions for existing and approved standards. NRECA believes the focus of the working group should be expanded to address potential NERC Rules of Procedure (ROP) modifications to address the need for RSAWs to be posted at the same time a new or revised standard is posted for comment/ballot during the standard development process.

• We understand NERC is committed to posting RSAWs with new or revised standards that are posted for comment/ballot; however, we recommend that NERC consider making this a required action for the NERC Compliance and Enforcement department.

• We appreciate the increased transparency the working group included in their proposal; however, we have a number of questions that require clarification before being able to provide complete support for the proposal:

o Unsure of meaning of “substantive” and “material” as used in the proposal.

o Need to better understand how a revised RSAW could apply to a currently open audit.

o What basis will the Standards Oversight and Technology Committee (SOTC) Chair use to determine if the full SOTC should review a revised RSAW?

o Is SOTC the appropriate committee to perform this role? Should it be the BOT CC since it’s responsible for compliance matters?

o Need further explanation regarding the retroactive nature of compliance requirements as described in the proposal.

o Does the SOTC Chair have a time limit on making the decision of whether the full SOTC should review a revised RSAW? Same question for the full SOTC if they review RSAW.

o How will industry learn of the SOTC Chair’s decision on who will review RSAW revisions?

Risk-Based Registration Assessment

• NRECA appreciates the efforts of NERC staff in reaching out to stakeholders in this initiative. Further, we believe the April 9 Risk-Based Registration draft white paper represents the scope of discussions that took place during the Risk-Based Registration Advisory Group (RBRAG) meetings and conference calls.

• NRECA continues to recommend that the following issues be closely examined during this initiative:

o Replace BPS and 100kV with BES throughout the Statement of Compliance Registry Criteria (SCRC).

o Reduce the number of undefined terms in the SCRC, such as user, material, etc.

1

o Add simple and straightforward procedures to the NERC ROP for deregistration based on self-determined application of the current and future SCRC. This should include processes and deadlines for all parties involved – NERC, Regional Entity and the registered entity. The SCRC should provide certainty for the vast majority of registration self-determinations.

o Add procedures to the NERC ROP for exceptions to the self-determined application of the current and future SCRC. With improved criteria in the SCRC, the exceptions process should only be needed in very limited situations.

o Review current MW, kV and other thresholds/criteria to determine if changes are supported.

o Assess whether the use of automatic protective devices should impact whether an entity should be registered.

o While this is a longer-term issue, NERC should renew its focus on revising the applicability language for existing standards and those under development. Increased granularity in the applicability section of reliability standards can help to better identify those entities that impact BES reliability.

o For entities with minimal compliance responsibilities, consider replacing mandatory six-year audits with self-certifications and spot checks as necessitated by the entities’ impacts on BES reliability.

o Eliminate the requirement for entities to submit unnecessary and repetitious attestations certifying that certain standards continue not to apply to them. After an initial attestation, another attestation should only be required when a registered entity’s circumstances change and result in additional standards applying to the entity.

Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities

• NRECA is interested in pursuing further discussion on this issue. It is critical to such a discussion to have a better understanding of the potential costs and staffing estimates for this funding initiative.

• NRECA requests clarification that this is not a pay to play arrangement. Information gained with any new capabilities should be shared with all industry participants regardless of whether financial support is provided. Security information that is provided to all industry participants helps to make the entire industry more reliable and secure.

Barry R. Lawson Associate Director, Power Delivery & Reliability National Rural Electric Cooperative Association (NRECA) 703.907.5781 [email protected]

2


REMG REGIONAL ENTITY MANAGEMENT GROUP

STACY DOCHODA – FRCC ED SCHWERDT – NPCC SCOTT HENRY – SERC LANE LANFORD – TRE

DAN SKAAR – MRO TIM GALLAGHER – RFC RON CIESIEL – SPP CONSTANCE WHITE – WECC

2815 Coliseum Centre Drive, Suite 500, Charlotte, NC 28217, Phone: 704.357.7372, Fax: 704.357.7914

POLICY INPUT TO NERC BOARD OF TRUSTEES April 29, 2014

Pursuant to the NERC Board of Trustee’s (BOT) request for policy input from the NERC Member Representatives Committee for the upcoming May 7, 2014 meeting, the REMG

respectfully submits these comments for consideration by the NERC BOT.

Risk-Based Registration The REMG supports an evaluation of the registration criteria that NERC established at the inception of mandatory standards and the ERO. After eight years, the current criteria could benefit from a risk-informed review. The REMG offers the following consensus comments on the NERC whitepaper objectives:

NERC should initially target the Distribution Provider (DP), Purchasing Selling Entity (PSE) and Load Serving Entity (LSE) functions, where a more risk-informed criteria could result in benefits to smaller entities with a careful evaluation.

Threshold criteria must consider risk based on past performance and potential harm in the future. For example, violation history is a consideration of past risk. Current practices have reduced the number of violations associated with vegetation management, yet this does not indicate that vegetation issues no longer pose risk to reliability.

Risks must include consideration of the aggregate effects of removing subsets of Registered Entities and/or functions and assessing their respective impacts to reliability.

Reclassifying Transmission Owners (TO) as Distribution Providers (DP) or developing multiple thresholds for other functions may overcomplicate the registration process and have unintended consequences such as creating ambiguity in the applicability of certain standards.

Attempting to define regulatory oversight in a “global” manner with diverse and unique entities through the registration process may unintentionally overlook specific risks which impact reliability.

The proposed changes to registration may have the effect of replacing a “one-size fits all” approach with a “two or three sizes fits all” approach and may make registration much more complex for Registered Entities.

Given that the new Bulk Electric System (BES) definition will be implemented later this year along with the Reliability Assurance Initiative (RAI), we encourage the Trustees to be mindful that the impacts from the BES definition and RAI have not been calibrated and a complete redesign of registration may be premature. Therefore, after addressing the DP, PSE and LSE functions, we would prefer to focus on enhancing consistent implementation of the existing registration criteria while we work through these two key initiatives which may impact the scope of regulation in the future.

Thank you for the opportunity to comment.

Sector 4 Policy Input to NERC Board of Trustees May 2014

Pursuant to the NERC Board of Trustee’s (“Board”) request for policy input from the Member Representatives Committee (“MRC”) for the upcoming May 6-7, 2014 meeting in Philadelphia, PA, Sector 4 respectfully submits the following comments for consideration. Item 1: Reliability Standard Audit Worksheet (RSAW) Review and Revision Process Sector 4 applauds NERC’s approach to gradually transition away from the Compliance Application Notices (CANs) which have historically caused Registered Entities much angst and consternation. This proposed RSAW Review and Revision Process is a step in the right direction in fostering transparency and consistency in NERC’s compliance monitoring and enforcement regime, however, we believe that some of the pitfalls associated with the introduction and application of CANs are still apparent and warrant further consideration. Sector 4 recommends the following issues be further clarified:

i. Objective #4 of the proposed process states that “any proposed change to an RSAW does not effectuate a material change in the scope or intent of a standard”. Sector 4 firmly opines that any proposed change to an RSAW shall not change the scope or intent of a standard, period. Measuring materiality is by no means an objective exercise and may easily lead unintended consequences. Further, changes to the scope or intent of a standard through the revision of an RSAW will be seen as a circumvention of the standard development and review process. Likewise, step 3.b of the proposed process refers to whether the proposed RSAW change “incorrectly expands what is required by a standard’s requirement”. We again strongly opine that there is no correct way for an RSAW to expand what is required by a standard.

ii. Issue i.) notwithstanding, the proposed process does not provide Registered Entities with sufficient timelines for implementing changes to their compliance processes and procedures which may be required as a result of the RSAW revisions. One significant shortcoming of the CANs is the fact that they are effective immediately after the approval (and it some cases, even retroactively). Sector 4 sees the same challenges for Registered Entities under the proposed process. With “learning” being one of NERC’s four pillars of continued success, an implementation timeframe of sufficient duration should be integrated to the process to enable Registered Entities to similarly learn and adapt to new expectations.

iii. The proposed process lacks an appeal mechanism beyond a review of Registered Entity comments by the full SOTC. As drafted, it is unclear to Sector 4 whether Registered Entities with unresolved comments will be entitled to further recourse beyond the SOTC.

Item 2: Risk-Based Registration Assessment Sector 4 agrees with the objectives of this initiative and believes that it is in alignment with NERC’s overall thrust to incorporate risk-based principles to bulk power system reliability. That being said, we caution that the balance of risk and reliability should not come at the expense of simplicity. While certain functions that do not materially impact reliability should be eliminated, we believe that the addition of multiple thresholds to the remaining functions may add another

Sector 4 Policy Input to NERC Board of Trustees May 2014

layer of complexity to the Functional Model. Moreover, on the topic of materiality, we agree with NERC that this term should be better defined and that assessments to determine materiality should be consistently applied throughout the ERO Enterprise. Item 3: Alternative Funding Mechanism for ES-ISAC Sector 4 supports the concept of exploring potential voluntary funding for expanded information sharing capabilities. However, such funding by NERC registrants may open the door to certain entities gaining unfair advantages or benefits like restraining access to a competitor, denying representation to certain groups, etc. NERC will have to guarantee that no entity could buy a benefit for itself. We submit that transparency of the funding and clear governance rules are needed avoid this situation. Sector 4 is unable to provide further comment on this topic until additional details have been presented. We encourage NERC to further investigate the feasibility of ES-ISAC participation in the CFM and CRISP programs, and to share with stakeholders probable costs and benefits at a future date. Sector 4 appreciates the opportunity to comment and thanks the Board for its consideration. We look forward to discussing these matters further in Philadelphia.

1101 Vermont Ave, NW, Suite 200, Washington, DC 20005 USA, Tel: 1-202-898-2200, Fax: 1-202-898-2213,

www.naruc.org

April 29, 2014

Fred W. Gorbet, Chairman

NERC Board of Trustees

3353 Peachtree Road NE

Suite 600, North Tower

Atlanta, GA 30326

Re: Sector 12 Policy Input to NERC Board of Trustees

Dear Mr. Gorbet:

Thank you for your letter of April 9, 2014 (“Policy Input Letter”). The NERC

Member Representatives Committee (MRC) Sector 12 representatives (herein “State

Government Sector”), supported by the National Association of Regulatory Utility

Commissioners (NARUC), appreciate the opportunity to provide policy input on the

issues that the Board carefully identifies as critical to NERC’s continuation as an

effective electric reliability organization. This year’s extreme weather has only

underscored the importance of coordinating efforts to ensure reliable electric service.

Issues raised by the Board of Trustees in the Policy Input Letter dovetail with the

State Government Sector’s continued interest in ensuring that NERC’s standards

demonstrably contribute to reliability without imposing unnecessary costs on retail

ratepayers. Building flexibility into the making of guidelines or standards events can

help to control ultimate ratepayer impact.

The State Government Sector continues to be concerned about the jurisdictional

overreach and the additional cost to ratepayers associated with sweeping elements

previously classified as local distribution into the Bulk Electric System (BES) definition.

Specifically, the Sector 12 representatives share a concern that the BES definition, when implemented, will subject some local distribution facilities, not subject to Section 215 reliability standards, to a time consuming regulatory process to ensure they maintain their status in the new regime. It is difficult to tell whether Risk-Based Registration Assessment Process, as proposed, will begin to ameliorate this concern. The State Government Sector generally supports the concept of ensuring that only the right entities are subject to right set of applicable reliability standards by using a consistent and common approach to risk assessment across the ERO enterprise. It appears to provide the potential to reduce costs by exempting some otherwise required registrations, although the White Paper includes some language that indicates that the initiative’s purpose is not to deregister entities. The State Government Sector strongly endorses the hard look NERC is taking into this option


www.naruc.org

and appreciates NERC’s creation of an Advisory Group, and the subsequent White Paper. The evaluation of this proposal should focus on the potential for unintended consequences that could increase costs to ratepayers or inappropriately expand the scope and application of reliability standards. The State Government Sector is pleased that this item is on the agenda for the May meeting. To better assess whether Risk-Based Registration is in the interest of ratepayers, we will closely monitor the feedback provided through this process, and look forward to the discussions next week in Philadelphia.

The State Government Sector has thoughts on two additional issues, including

Agenda Item 9 regarding the Essential Reliability Task Force and a continued interest in ensuring that NERC standards are cost-effective and provide demonstrable benefits.

Prior to the May 2013 MRC/Board of Trustees (BOT) Meeting, the State

Government Sector submitted its policy input to the BOT. Sector 12 underscored in its

input the critical importance of NERC meaningfully considering in the standards

development process the costs and benefits associated with new proposed requirements.

Sector 12 asked the BOT for an update on the Cost Effectiveness Analysis Process

(CEAP) pilot project as well as other initiatives underway to integrate cost/benefit

analyses, as appropriate, into the process. At the May 2013 BOT meeting, NERC

representatives provided the following information:

Two pilot projects applying the CEAP were scheduled for completion by the end

of 2013 and should inform a more significant effort in 2014 on cost-benefit

analysis.

Pursuant to NERC’s three-year Strategic Plan and its 2014 Budget, NERC will be

developing a methodology in 2014 to quantify the impact of proposed standards.

This was described by one NERC representative as “going live” with a cost-

effectiveness tool.

Sector 12 appreciates any further update that the BOT can provide regarding

efforts in 2014 relative to cost-benefit tools incorporated into NERC activities, including

the status of the CEAP project. In general, we are becoming concerned that some of the

expedited standard setting processes in play right now will shift focus away from this

important initiative to quantify the impact of NERC standards.

With regard to the Essential Reliability Services Task Force (ERSTF) mentioned

on the MRC Agenda at Item #9, the Government Sector would like to bring its keen

interest to the attention of the BOT. As stated, Essential Reliability Services (ERS) ERS

are operational attributes from conventional generation, such as providing reactive power

to maintain system voltages and physical inertia to maintain system frequency, necessary

to reliably operate the BPS. Variable renewable generation is mentioned as a factor that

contributes to the need for reassessing reliability services. The White Paper references


www.naruc.org

that “the proposed levels of commitment to renewable variable generation is one

component of an ongoing shift in resource mix.” It is suggested that the proposed

ERSTF will “include membership from existing technical subcommittees and working

groups.” Due to State regulators' extensive oversight of resource mix issues, among other things, a State Government Sector representative would contribute an important perspective to the work of the ERSTF.

On behalf of the Sector 12 State Government Sector Representatives, we thank

you for the opportunity to provide this important feedback and look forward to discussing

these issues during the August meetings.

Sincerely yours,

/s/ Asim Haque

Asim Haque, Commissioner

Public Utilities Commission of Ohio

/s/David R Clark

David R. Clark

Utah Public Service Commission

MRC Sector 12 Representatives

MEMORANDUM

TO: Kristin Iwanechko, Secretary NERC Member Representatives Committee

FROM: Carol Chinn Jackie Sargent Bill Gallagher John Twitty

DATE: April 29, 2014

SUBJECT: Response to Request for Policy Input

The MRC’s State/Municipal and Transmission Dependent Utility sectors (“SM-TDUs”)

appreciate the opportunity to respond to the April 9, 2014 letter from NERC Board Chair Fred W. Gorbet to Mr. John A. Anderson, Chair of the NERC Member Representatives Committee (“MRC”), requesting policy input on topics that will be of particular interest during the upcoming May 6-7, 2014 meetings of the NERC Board of Trustees, Board committees, and NERC MRC.

This response is divided into two parts. Part one outlines our strong support for NERC’s efforts on many fronts to ensure the physical and cyber security of the electricity sector in North America and reiterates our full support for a government-industry partnership that combines NERC reliability standards with information sharing and analysis, coordination, contingency planning and exercises to increase the resiliency of the nation’s critical infrastructures. We commend in particular NERC’s response to the Commission’s order directing NERC to submit a physical security reliability standard on or before June 5, 2014 and NERC’s efforts through the Electricity Sector Information Sharing and Analysis Center (“ES-ISAC”) to alert the industry on the Heartbleed cybersecurity vulnerability.

Part two addresses each of the three items specifically identified in Mr. Gorbet’s letter: the Reliability Standard Audit Worksheet (“RSAW”) review and revision process, the Risk-Based Registration Initiative, and Potential Alternative Funding Mechanisms to Support Expanded Cyber Security Information Sharing and Associated Capabilities. To summarize our views:

SM-TDUs support the proposed RSAW review and revision process and urge NERC to codify procedures that ensure consistency and quality in the revision process.

We fully support NERC’s Risk-Based Registration Initiative as a long-overdue effort to “right-size” the NERC compliance registry to include only those entities that have a material impact on bulk electric system reliability, while ensuring that this reform creates no material gaps in NERC’s reliability programs.

We strongly support expanded funding for and enhanced capabilities for the NERC ES-ISAC – and including that funding within NERC’s section 215 Business Plan and Budget and annual assessments to load-serving entities. All electricity sector entities in North

SM-TDU Response to Request for Policy Input April 29, 2014 Page 2

America benefit tangibly from NERC’s efforts on this front, even when they do not participate directly in the ES-ISAC, because these efforts serve to increase the resiliency of the entire sector. If and when NERC or the ES-ISAC undertake analytical projects that do not provide broad benefits to the electricity sector as a whole, these costs can and should be directly assigned to the beneficiaries, with the revenues received credited to operating reserves, thereby reducing next year’s NERC budget assessment.

As a final note on SM-TDU’s broader policy concerns, we urge the Board to press NERC staff and the regions to complete their work on the Reliability Assurance Initiative’s design and bring the field trials to conclusion. RAI needs to be brought to implementation in a form that is actionable by and beneficial to registered entities.

I. Physical and Cyber Security of the Electricity Sector

NERC and the industry as a whole have been subject to recent criticisms of our efforts to ensure the physical and cyber security and resiliency of the electricity sector in the United States and elsewhere in North America. Some have taken the occasion of the Metcalf attack to level charges that the industry seemingly does not care about physical security and to assert that the section 215 regulatory model, with an independent Electric Reliability Organization certified by the Federal Energy Regulatory Commission, is somehow structurally deficient.

SM-TDUs disagree with these criticisms. As Sue Kelly, president and CEO of the American Public Power Association testified before the Senate Energy and Natural Resources Committee on April 10, 2014, the reliability of the bulk electric system — “keeping the lights on” for our customers and the economy — is a national security issue. And it is of paramount importance to electric utilities. Industry for decades has taken action to protect the grid and is now working closely with government officials to continue to keep it safe.

When it comes to physical security threats, utilities have routinely deployed risk mitigation measures, such as cameras and locks. We are now going further, employing “defense-in-depth” techniques, to reinforce and strengthen security measures that will protect our facilities and allow the grid to recover quickly if an attack should occur. But since there are over 45,000 substations in the United States, prioritizing resources to protect the most critical assets is crucial.

We are moving forward through partnerships with government officials at all levels. After the Metcalf incident, government and industry conducted a series of briefings across the country for utilities and local law enforcement to learn more about it and how best to respond. These information sharing activities continue at the federal, state and local levels.

Also, on March 7, the Federal Energy Regulatory Commission (FERC) directed NERC to submit proposed physical security standards covering critical assets within 90 days. NERC has moved with alacrity, achieving super-majority support for the first draft of the standards less than 50 days later. SM-TDUs are confident that a final version of the proposed standard will be presented to the independent NERC Board of Trustees for adoption in late May, for timely submission to the Commission.


Cybersecurity entails a similar multi-level response, which includes taking an enterprise-wide perspective on cybersecurity within each of our utilities, deployment of advanced detection and protection tools, information sharing with our government partners, preparation for cyber events, and the application of cybersecurity standards to our bulk electric system operations through NERC’s Critical Infrastructure Protection standards.

The recent disclosure of the “Heartbleed” vulnerability is a case in point. NERC’s initial Industry Advisory was distributed on April 11, just days after public disclosure of the vulnerability in the OpenSSL encryption library, followed soon after by an industry-wide webinar describing steps that electric utilities can take to identify and assess their specific vulnerabilities and patch them expeditiously. SM-TDUs commend NERC for performing the pivotal task of ensuring timely communication of emerging threats and vulnerabilities to the industry.

To summarize, grid security requires collaboration: it is, and must be, a shared responsibility between industry, NERC and government. Our industry is investing in security measures to protect the grid against evolving threats and make it more resilient and robust. With the help of government, the entire electric utility industry will work to protect critical electric utility infrastructure from both cyber and physical threats. NERC fills a pivotal role in this process.

II. Policy Input Topics

A. Reliability Standard Audit Worksheet (RSAW) Review and Revision Process

SM-TDUs are highly supportive of the proposed Reliability Standards Audit Worksheet (RSAW) review and revision process. This simple process memorializes the essence of a key Standards Process Input Group (SPIG) recommendation that was endorsed by the BOT in 2012.

RSAWs are a critical tool for the ERO and registered entities. This tool outlines compliance expectations for registered entities and guidance for auditors in the compliance monitoring and enforcement process.

We are encouraged that RSAWs are now posted alongside balloted standards. Clearly the revision process must also be just as transparent. Providing regulatory certainty is a core accountability for the ERO and we view the RSAW review and revision process as a good control in assuring regulatory certainty. The timely development and posting of RSAWs is a key element to gaining stakeholder consensus in support of new and revised reliability standards.

On a related note, currently there are some highly complex standards that are lacking an RSAW, including PRC-005-2, TPL-001-4 and CIP Version 5. While these standards are each subject to future enforcement, registered entities are already in the implementation stage and need the RSAWs to assure compliance.

We appreciate that the Board had been very supportive of a strong emphasis on RSAWs. Having Board representation on the SPIG back in 2012 and now with representation on this recent MRC RSAW working group, we are making good strides in improving the clarity and consistency of compliance expectations.


B. Risk-Based Registration Initiative

SM-TDUs fully support NERC’s Risk-Based Registration Initiative as a long-overdue effort to “right-size” the NERC compliance registry to include only those entities that have a material impact on bulk electric system reliability, while ensuring that this reform creates no material gaps in NERC’s reliability programs.

The current registration paradigm is out of step with NERC’s ongoing efforts to align standards, compliance, and enforcement with risk to the grid. Many of the nearly 2000 entities on the NERC Compliance Registry pose little to no risk to the Bulk Electric System (“BES”), or are subject to demonstrating compliance with requirements far in excess of what is needed to protect the BES and ensure reliable operations. To make matters worse, the NERC Rules of Procedure lack clear deregistration procedures and timelines, leaving entities that are over-registered under the current registry criteria subject to compliance while their deregistration requests remain in limbo. This situation is inefficient, burdensome, and reflects an outdated, one-size-fits-all approach to registration, standards and compliance that is incompatible with the risk-informed focus that NERC seeks to bring to all of its activities.

Tailoring entities’ compliance responsibilities to their impact on the grid will relieve some small entities from NERC compliance burdens altogether, reduce the burden on others through more targeted applicability, and save significant resources for all involved, thereby allowing the industry and the ERO enterprise to enhance reliability by focusing their resources on material risks to reliability. And with the upcoming implementation of the revised BES definition, the time is right to reform the registry to reflect risk.

SM-TDUs support the priority afforded to this initiative, including the commitment to present a new registration framework and transition plan at the November 2014 Board of Trustees meeting. The project plan is ambitious but achievable, because many promising approaches can be used in combination to achieve a risk-based approach to registration. These approaches include:

Incorporating the revised definition of Bulk Electric System into the design and implementation of the NERC Statement of Compliance Registry Criteria, to align registration, standards applicability and compliance with the BES’ bright line criteria and application of the BES exception process.

Increasing the size thresholds or adding new refining criteria to limit registration of entities that do not perform core BES reliability functions, particularly small DPs and LSEs that do not own required BES protection systems;

Targeting the applicability of reliability standards applicable to small GOs and GOPs that are shown to have only limited capability to support reliable BES operations;

Using the successful GO-TO model to address the limited BES reliability impacts of DPs with limited BES transmission elements, by extending the applicability of certain standards to such DPs, rather than registering such entities as TO/TOPs;


Eliminating altogether the registration of entities that perform largely commercial functions and do not have a material impact on BES reliability, such as PSEs and IAs;

Codifying improved procedures for deregistration of entities that do not meet the revised registration criteria, as well as for procedures (similar to the BES exception process) for case-by-case resolution of requests to register or deregister a particular entity where the revised registry criteria fail to accurately reflect its impact on BES reliability;

Clarifying evidentiary requirements to make showings of material impact on the BES and aligning the technical foundation for material impact with NERC reliability standards and the assessment of risks to the BES; and

Developing the NERC enterprise-wide business processes and infrastructure to carry out the Risk-Based Registration Initiative.

SM-TDUs urge the Board to endorse this important initiative and ensure that NERC staff has the resources necessary to meet the proposed deadlines.

C. Potential Alternative Funding Mechanisms to Support Expanded Cyber Security Information Sharing and Associated Capabilities

SM-TDUs strongly support expanded funding for and enhanced capabilities for the NERC ES-ISAC – and including that funding within NERC’s section 215 Business Plan and Budget and annual assessments to load-serving entities. All electricity sector entities in North America benefit tangibly from NERC’s efforts on this front, even when they do not participate directly in the ES-ISAC, because these efforts serve to increase the resiliency of the entire sector.

A good example of these efforts is NERC’s support for the Cybersecurity Risk Information Sharing Program (CRISP), an initiative by the U.S. Department of Energy to deploy information sharing devices (ISDs) within the electric utility industry at the cyber interface between each participating utility’s external and internal systems, to analyze IT traffic flows for hostile digital signatures. The CRISP system includes a sophisticated, encryption-based information exchange protocol, the Cyber Federated Model (CFM), which allows the site to specifically determine who receives its data. Along with reports, and other situational-analysis information generated through CRISP, the data shared is a combination of hostile IP addresses, DNS domains, and other indicators. Each of the participating utilities will bear the direct costs of installing the ISDs and will share the ongoing contractor costs of analyzing the information flows. The NERC ES-ISAC will perform an equally important but different role: taking the results of these analyses and working with the contractor to anonymize the resulting indicators of threats and vulnerabilities, to develop alerts and advisories that can be shared with the electricity sector as a whole. Anonymized information may also be shared with the federal government and the ISACs for other critical infrastructure sectors.

SM-TDUs view such activities to be fully consistent with NERC’s role as the Electric Reliability Organization for North America, charged with ensuring the reliable operation of the bulk-power system. The NERC budget is an equitable approach for funding the ES-ISAC, including these new initiatives. While a small percentage of the ES-ISAC’s participants are not on the NERC

SM-TDU Response to Request for Policy Input April 29, 2014 Page 6 compliance registry, each such entity is paying its load ratio share of NERC’s budget, including the ES-ISAC. If and when NERC or the ES-ISAC undertake analytical projects that do not provide broad benefits to the electricity sector as a whole, these costs can and should be directly assigned to the beneficiaries, with the revenues received credited to NERC’s operating reserves, thereby reducing next year’s NERC budget assessment on load-serving entities.

The NERC Board, stakeholders and regulatory authorities have an obligation to review, comment on and approve the NERC Business Plan and Budget, including the ES-ISAC. At some juncture, NERC may propose to undertake projects within the ES-ISAC that we may oppose, because such projects are inappropriate for NERC, excessively costly, or better performed by other organizations. SM-TDUs will undertake such due diligence when the proposed 2015 Business Plan and Budget is posted on May 16.

Thank you for the opportunity to provide this policy input.

SERC Board of Directors Policy Input to NERC May 2014

The SERC Board of Directors (SERC Board) appreciates the opportunity to provide policy input to NERC for the May 2014 Board of Trustees (BoT) and Member Representatives Committee meetings.

Reliability Standard Audit Worksheet (RSAW) Review and Revision Process The SERC Board is generally supportive of the proposed RSAW review process. The

working group developed a process that strikes a balance between ensuring the RSAWs are an effective work paper for professional auditors and providing to registered entities a resource which enhances understanding of reliability standards.

Risk-Based Registration Assessment The SERC Board generally supports the comments submitted by the Regional Entity

Management Group. Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities As a regional entity, SERC does not take a position on the alternative funding mechanism

for expanded cyber security functionality. The SERC Board does, however, encourage NERC to ensure the ES-ISAC is operationally

relevant. To ensure situational awareness and responsiveness to new and emerging threats, the ISAC needs to possess the tools and personnel appropriately separated from NERC staff that can effectively manage intelligence streams, parse information, and communicate focused information to the right parties in a timely manner. The SERC Board recommends that the ES-ISAC be required to present a robust business plan that ensures these goals are sustainably deliverable.

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L • W W W . W E C C . B I Z 1 5 5 N O R T H 4 0 0 W E ST • S U I T E 2 0 0 • S A L T L A K E C I T Y • U T A H • 8 4 1 0 3 - 1 1 1 4 • P H 8 0 1 . 5 8 2 . 0 35 3 • F X 8 0 1 . 5 8 2 . 3 9 1 8

May 2014 Policy Input to NERC Board of Trustees

April 29, 2014

WECC has the following comments to the request for policy input, issued to the NERC Member Representatives Committee by letter dated April 9. 2014: 1. Reliability Standard Audit Worksheet (RSAW) Review and Revision Process

The ERO Enterprise should welcome input on any of its activities from industry. Providing opportunity for input can raise concerns or inaccuracies and help improve all of our activities. WECC also acknowledges that all parties providing input to the draft policy worked very hard to find common ground and the final draft reflects compromises requested by the regional entities. We appreciate the efforts made by the group. However, we have a few concerns remaining. WECC believes that the proposed policy may not be necessary, and that it could appear to compromise auditors’ independence. Finally, we have a specific suggestion to amend the proposal if the NERC Board determines to adopt it.

• WECC respectfully suggests that the Board cannot adequately decide whether a policy is necessary, or whether the proposed policy is the right one, until there is a precise statement of the problem to be solved. Is the problem that RSAWS are being changed in ways that exceed the scope of standards, or is it a fear that this might happen?

• Even if there is a possibility that RSAWS could exceed the standard, this proposed process could be unnecessary. It is NERC’s proper role to provide oversight that keeps the RSAW documents within appropriate bounds, to identify any errors or overstepping of boundaries that may arise with actual use of the RSAWS, and to work with regions to correct problems.

• Under the proposed process the SOTC could bar RSAWS – in effect, auditors’ work papers – from going into effect or require additional changes. This could lead to the appearance of less than full independence in the ability of auditors to carry out their compliance monitoring activities.

Finally, WECC has a specific suggestion for an addition to the proposed policy, if the Board does adopt it: With respect to the Standards Oversight and Technology Committee (SOTC) review, we ask that the Board consider specifying a time limit within which the SOTC must consider appeals, or the RSAW is deemed accepted. This would provide greater certainty to all stakeholders with an interest in RSAWS.

April 29, 2014 Page - 2


2. Risk-Based Registration Assessment

The Regional Executive Management Group (REMG) filed comments on behalf of all regions on the issue of risk-based registration. WECC fully supports the joint REMG comments. Because WECC has undertaken an evaluation of some of our existing registrations prior to the announcement of the new NERC Risk Based Registration initiative, we offer the following comments in furtherance of the REMG comments. Our intent is to provide some actual, preliminary “field experience”, particularly in the evaluation of the DP and LSE functions.

During 2013, WECC began an initiative to carefully review our registration practices. We took into account existing rules and criteria, the new BES definitions and NERC’s accompanying policy guidance, and incorporated our experience in developing risk-based review of entities in the Western Interconnection to determine if they are registered appropriately.

Distribution Provider (DP) and Load-Serving Entity (LSE) Functions

Of particular interest was review of the Distribution Provider/Load-Serving Entity (DP/LSE) functions in the Western Interconnection. In addition to the factors noted above, further review of these function was prompted by the South Louisiana Electric Cooperative Association (SLECA) order from FERC.

WECC developed a draft policy to test, incorporating simplified criteria and guidelines for considering registration of certain entities registered for the DP/LSE functions, with particular attention to the meaning of the phrase “directly connected” in the SLECA order and its guidance on analyzing interconnection points. The draft policy focuses on characteristics of the DP/LSE functions to ensure that we consistently can identify entities that are truly necessary for reliability, and whether some currently registered entities have facilities that we can now determine may be truly “radial” and present little or no risk to the Western Interconnection.

Several entities registered for the DP/LSE functions recently filed appeals of their registration with NERC. At NERC’s request, and as part of the usual appeal process, WECC reviewed the record and made recommendations to NERC on the disposition of the appeal in each case. After careful technical analysis, WECC recommended deactivation of these functions. NERC’s technical committee, upon reviewing the appeals, concurred with WECC’s analysis and recommendation. NERC accepted the recommendations, resulting in deactivation of the LSE/DP functions for six entities previously registered.

April 29, 2014 Page - 3


Results

As a result of these activities, within the last ten months or so, WECC has recommended that NERC deactivate (i.e. deregister) a total of 123 different functions, affecting 72 entities. This includes deactivation of 26 DPs, 21 LSEs, 27 GOPs, 22 GOs, and 12 PSEs. Also as a result of our continuing review of entities, and additional activities on their part such as such as transfer of assets or consolidation, plus applications of new entities, WECC continues to recommend activation (registration) of new functions as appropriate. To date, NERC has accepted all recommendations for deactivation or for registration. WECC believes this demonstrates that specific issues can be identified and addressed short of a major redesign of the entire registration program. Furthermore, these activities all have been accomplished using the common registration form and other templates developed by the Registration and Certification Functional Group.

In conclusion, WECC believes our experience presents some evidence corroborating the REMG recommendations, showing how benefits could be achieved using existing registration criteria short of a complete redesign of registration.

WECC appreciates the opportunity to comment on this process and we look forward to further discussion.

3353 peachtree road ne suite 600, north tower 404 … highlights and mintues 2013/policy... ·...

Documents