General Counsel: Security more Important than Compliance
WASHINGTON — After 12 years as the FERC-delegated Electric Reliability Organization, it’s time for NERC to reconsider its approach, General Counsel Charles Berardesco told the Compliance and Certification Committee (CCC) last week.
“The way the grid operates is dramatically different from the way we thought about it. … We have to look at the changing nature of the industry and think about being more proactive about those changes,” he said. “So, does everything go to a standard? … Is there another approach? Are assessments enough? Is it enough for NERC to just raise its hand and say, ‘Whoa! Here’s the issue. You should be worrying about this’? Do we need to do something in between?”
About 50 committee members and NERC staff attended the March 12 meeting at Edison Electric Institute (EEI) headquarters on Pennsylvania Avenue. (See related story, NERC Survey Highlights Alignment, Transparency Concerns.)
In addition to the routine “blocking and tackling” of consistently implementing its risk-based Compliance Monitoring and Enforcement Program (CMEP), Berardesco said, “We need to continue to enhance our expertise on assessing the grid’s overall reliability. We need to continue to build better data streams and build analytic capabilities inside of NERC [with] the industry.”
Berardesco noted that NERC’s Regional Entities will be reduced from seven to six effective July 1 when the Florida Reliability Coordinating Council (FRCC) is scheduled to be merged into SERC Reliability.
“Those regions, for the first time, will be about the same size and the same scope. We also have some new leadership in the regions. So, I think it’s an opportunity, a moment in time, to think about roles and responsibilities in a different way at the ERO to ensure we’re actually using our resources most effectively and efficiently and focusing our efforts on reliability, not just process,” he said. “I think what it means is thinking about the ERO as one organization, not seven different entities. And that’s a lot of the work that’s going to be going on in the next couple years at NERC.”
Delivering an update on the Reliability Issues Steering Committee (RISC), RISC member Patti Metro also called for a re-evaluation, saying the committee is planning to “streamline and fine tune” its activities.
“We are under the impression it’s time to step back and [review the effectiveness] and efficiencies when it comes to RISC,” said Metro, senior grid operations and reliability director of the National Rural Electric Cooperative Association. “Is it time to step back and say, ‘How much value is that exercise [providing? Should we be] continuing to do that type of report?’”
She noted that NERC’s Reliability Leadership Summit, held March 14, “is very similar to the technical conference that the FERC does every summer. We hear the same topics, the same conversations, a lot of the same speakers speak in both of those events. And so, our is, should we regroup, and do we have to continue doing that type of event?” (See related story, Changing Grid Calls for New Models, Mindset, Officials Say.)
The RISC will present a report on its plans at the NERC Board of Trustees’ August meeting.
Berardesco said he had one message for members to take back to their companies.
“Security is a lot more important than compliance. We [NERC] can never do anything bad enough to you as would happen if there’s an actual breach in security. … NERC is not your problem. Security is your problem, and I would just urge all of you to think about that in the context of how you interrelate with NERC. The sharing of information, which is so critical to making this system work better, should not be withheld because you’re worried about a compliance risk.”
EEI Security Chief Warns Against Complacency
Scott Aaronson, EEI’s vice president of security and preparedness, also warned against becoming complacent with achieving compliance. “If I put a 10-foot fence around everything … the adversary just brings a 12-foot ladder,” he said. “So, let’s not pretend that standards themselves equate to security.”
“If we’re not preparing for failure, we’re going to fail. That is a sign, I like to believe, of maturity in this sector: That we are willing to talk about — not just all the things we are doing to prevent bad things from happening — but our effectiveness at response and recovery when the bad things come.
“Not if, but when: cyber, physical, storms, acts of war, acts of God. Zombie apocalypse. [We] don’t care why: The power’s out. What are we going to do about it?”
“We have a sense of urgency, both here at EEI and through the [Electricity Subsector Coordinating Council] to do more, do more, do more. Because we know that a war used to be started with a ballistic [missile] being fired downrange. It is far more likely today that a war is going to be started with strokes of a keyboard and attacks on critical infrastructure,” he said. “We know we’re a target.”
Subcommittees to Merge
CCC Chair Jennifer Flandermeyer, of Kansas City Power and Light, said members are moving forward with plans to eliminate the Compliance Processes and Procedures Subcommittee (CPPS) and merge its functions into the ERO Monitoring Subcommittee (EROMS).
“There are a number of reasons for [the merger] but primarily because the workloads tend to complement each other,” Flandermeyer said. “The expertise needed for both of those subcommittees is similar, if not the same, and what CPPS was seeing in their work was feeding the ERO Monitoring Subcommittee, and what EROMS was seeing was actually providing input that was helpful to CPPS. So, there was a natural synergy there.”
EROMS Chair Ted Hobson, of Florida cooperative JEA, will serve as chair until the FRCC seat is dissolved. Lisa Milanes of CAISO will be the vice chair.
“Our expectation is that we would have an approved scope document [for the combined committee] that’s operational before the June [CCC] meeting,” said CPPS Chair Matt Goldberg, of ISO-NE.
[Editor’s Note: An earlier version of this article incorrectly described NRECA’s Patti Metro as the chair of the Reliability Issues Steering Committee (RISC). The RISC chair is Nelson Peeler, chief transmission officer for Duke Energy.]
— Rich Heidorn Jr.