Search
`
November 13, 2024

Posted on

NERC Seeks $10M Fine for Duke Energy Security Lapses

By Rich Heidorn Jr.

NERC has recommended a $10 million fine on an unidentified utility for repeated violations of critical infrastructure protection (CIP) reliability standards over more than three years that exposed a “lack of management engagement, support and accountability.”

Energywire and The Wall Street Journal reported that the unnamed utility was Duke Energy, one of the nation’s largest, with 7.6 million retail electric customers in six states and 49,500 MW of generating capacity. The company told the Journal it does not comment on enforcement filings.

The control room at Duke Energy’s Buck combined cycle plant in Rowan County, N.C. | Duke Energy

In a Notice of Penalty filed Jan. 25, NERC cited 127 violations between 2015 and 2018 (52 posing “minimal” risk, 62 “moderate” and 13 “serious”). While most of the violations were self-reported, others resulted from compliance audits (NP19-4).

Although many of the details were redacted as critical energy/electric infrastructure information (CEIl), the document refers to “companies” and “regional entities” in the plural, suggesting a large, multistate utility was involved.

“The 127 violations collectively posed a serious risk to the security and reliability of the [bulk power system]. The companies’ violations of the CIP reliability standards posed a higher risk to the reliability of the BPS because many of the violations involved long durations, multiple instances of noncompliance, and repeated failures to implement physical and cybersecurity protections,” NERC said. “As an example, the companies’ failure to accurately document and track changes that deviate from existing baseline configurations increased the risk that the companies would not identify unauthorized changes, which could adversely impact BES [bulk electric system] cyber systems.”

The notice cited as contributing causes “disassociation of compliance and security that resulted in a deficient program and program documents, lack of implementation, and ineffective oversight and training.”

It also criticized “organizational silos” illustrated by a lack of communication between management levels and “a lack of awareness of the state of security and compliance.”

There were also silos across business units “that resulted in confusion regarding expectations and ownership of tasks, and poor asset and configuration management practices,” NERC said.

In a settlement, the companies agreed to pay the fine and to improve their performance by increasing senior leadership involvement and oversight; creating a centralized CIP oversight department; and restructuring roles to focus on standards, enterprise oversight, enterprise CIP tools, compliance metrics and regulatory interactions. They also agreed to conduct industry surveys and benchmark discussions to develop best practices.

Redacted excerpt from NERC’s Notice of Penalty.| NERC

The companies also agreed to invest in enterprise-wide tools for asset and configuration management, visitor logging, access management, configuration monitoring and vulnerability assessments; increase training; and institute annual compliance drills.

NERC said the penalty was based on the companies’ “repeat noncompliance” and “deficient” compliance program, mitigated by the lack of evidence of any attempt to conceal the violations. The settlement and fines are subject to approval by FERC.

Among the most serious violations cited were:

  • A failure to protect critical cyber asset (CCA) information. One-line diagrams lacked the appropriate NERC ClP classification markings and some employees were improperly granted “read-only” access to CCA information.
  • A failure to follow its change control and configuration management process. In three instances, software upgrades were deployed on a single CCA in the production environment without first being tested as required by the change control process.
  • A failure to maintain annual cybersecurity training for some employees with electronic or physical access to CCAs.
  • A failure to timely revoke former employees’ and contractors’ electronic access rights.
  • Allowing individuals improper electronic access to CIP-protected information.
  • Improperly configured routers that prevented monitor server logs from being sent to the security incident and event management (SIEM) device.
  • A failure to monitor electronic security perimeter (ESP) inbound and outbound communications and to restrict inbound electronic access to ESPs. “The companies used overly broad ESP firewall rulesets, which permitted access across ports and services that were not required for operations or for monitoring CAs within the ESPs,” NERC said. “Additionally, the companies failed to implement strong technical controls to ensure the authenticity of the accessing party for [redacted] individuals who were granted unauthorized access to the ESPs.”
  • Firewalls were configured to allow external remote access to sensitive systems without first going through an intermediate system, using encryption or requiring multi-factor authentication.
  • A failure to implement physical access controls to limit unescorted access to the physical security perimeter (PSP) and failing to document all required information in visitor logbooks.
  • Repeated failures to adhere to cybersecurity testing procedures, including deficient testing on software upgrades and failures to implement security patch programs.
  • Failing to change passwords on annual schedule and failing to change factory default passwords for remotely accessible BES cyber assets.
Duke Energy Center, Charlotte, N.C. | Duke Energy

NERC’s filing came days before intelligence officials told the Senate Intelligence Committee on Jan. 29 that Russian hackers have the capability to disrupt electrical service in the U.S.

“Moscow is now staging cyberattack assets to allow it to disrupt or damage U.S. civilian and military infrastructure during a crisis and poses a significant cyber influence threat,” officials said in the annual Worldwide Threat Assessment.

“Russia has the ability to execute cyberattacks in the United States that generate localized, temporary disruptive effects on critical infrastructure — such as disrupting an electrical distribution network for at least a few hours — similar to those demonstrated in Ukraine in 2015 and 2016. Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.” (See DHS: 2017 Russian Probes Hit Hundreds of Energy Cos.)

The report also warned that China also “has the ability to launch cyberattacks that cause localized, temporary disruptive effects on critical infrastructure — such as disruption of a natural gas pipeline for days to weeks—in the United States.”

Posted on

NERC Seeks $10M Fine for Duke Energy Security Lapses

By Rich Heidorn Jr.

NERC has recommended a $10 million fine on an unidentified utility for repeated violations of critical infrastructure protection (CIP) reliability standards over more than three years that exposed a “lack of management engagement, support and accountability.”

Energywire and The Wall Street Journal reported that the unnamed utility was Duke Energy, one of the nation’s largest, with 7.6 million retail electric customers in six states and 49,500 MW of generating capacity. The company told the Journal it does not comment on enforcement filings.

Duke
The control room at Duke Energy’s Buck combined cycle plant in Rowan County, N.C. | Duke Energy

In a Notice of Penalty filed Jan. 25, NERC cited 127 violations between 2015 and 2018 (52 posing “minimal” risk, 62 “moderate” and 13 “serious”). While most of the violations were self-reported, others resulted from compliance audits.

Although many of the details were redacted as critical energy/electric infrastructure information (CEIl), the document refers to “companies” and “regional entities” in the plural, suggesting a large, multistate utility was involved.

“The 127 violations collectively posed a serious risk to the security and reliability of the [bulk power system]. The companies’ violations of the CIP reliability standards posed a higher risk to the reliability of the BPS because many of the violations involved long durations, multiple instances of noncompliance, and repeated failures to implement physical and cybersecurity protections,” NERC said. “As an example, the companies’ failure to accurately document and track changes that deviate from existing baseline configurations increased the risk that the companies would not identify unauthorized changes, which could adversely impact [bulk electric system] cyber systems.”

The notice cited as contributing causes “disassociation of compliance and security that resulted in a deficient program and program documents, lack of implementation, and ineffective oversight and training.”

It also criticized “organizational silos” illustrated by a lack of communication between management levels and “a lack of awareness of the state of security and compliance.”

There were also silos across business units “that resulted in confusion regarding expectations and ownership of tasks, and poor asset and configuration management practices,” NERC said.

In a settlement, the companies agreed to pay the fine and to improve their performance by increasing senior leadership involvement and oversight; creating a centralized CIP oversight department; and restructuring roles to focus on standards, enterprise oversight, enterprise CIP tools, compliance metrics and regulatory interactions. They also agreed to conduct industry surveys and benchmark discussions to develop best practices.

Energywire and The Wall Street Journal reported that the unnamed utility was Duke Energy, one of the nation’s largest, with 7.6 million retail electric customers in six states and 49,500 MW of generating capacity. The company told the Journal it does not comment on enforcement filings.

The companies also agreed to invest in enterprise-wide tools for asset and configuration management, visitor logging, access management, configuration monitoring and vulnerability assessments; increase training; and institute annual compliance drills.

NERC said the penalty was based on the companies’ “repeat noncompliance” and “deficient” compliance program, mitigated by the lack of evidence of any attempt to conceal the violations. The settlement and fines are subject to approval by FERC.

Among the most serious violations cited were:

  • A failure to protect critical cyber asset (CCA) information. One-line diagrams lacked the appropriate NERC ClP classification markings and some employees were improperly granted “read-only” access to CCA information.
  • A failure to follow its change control and configuration management process. In three instances, software upgrades were deployed on a single CCA in the production environment without first being tested as required by the change control process.
  • A failure to maintain annual cybersecurity training for some employees with electronic or physical access to CCAs.
  • A failure to timely revoke former employees’ and contractors’ electronic access rights.
  • Allowing individuals improper electronic access to CIP-protected information.
  • Improperly configured routers that prevented monitor server logs from being sent to the security incident and event management (SIEM) device.
  • A failure to monitor electronic security perimeter (ESP) inbound and outbound communications and to restrict inbound electronic access to ESPs. “The companies used overly broad ESP firewall rulesets, which permitted access across ports and services that were not required for operations or for monitoring CAs within the ESPs,” NERC said. “Additionally, the companies failed to implement strong technical controls to ensure the authenticity of the accessing party for [redacted] individuals who were granted unauthorized access to the ESPs.”
  • Firewalls were configured to allow external remote access to sensitive systems without first going through an intermediate system, using encryption or requiring multi-factor authentication.
  • A failure to implement physical access controls to limit unescorted access to the physical security perimeter (PSP) and failing to document all required information in visitor logbooks.
  • Repeated failures to adhere to cybersecurity testing procedures, including deficient testing on software upgrades and failures to implement security patch programs.
  • Failing to change passwords on annual schedule and failing to change factory default passwords for remotely accessible BES cyber assets.
Duke Energy Center, Charlotte, N.C. | Duke Energy

NERC’s filing came days before intelligence officials told the Senate Intelligence Committee on Jan. 29 that Russian hackers have the capability to disrupt electrical service in the U.S.

“Moscow is now staging cyberattack assets to allow it to disrupt or damage U.S. civilian and military infrastructure during a crisis and poses a significant cyber influence threat,” officials said in the annual Worldwide Threat Assessment.

“Russia has the ability to execute cyberattacks in the United States that generate localized, temporary disruptive effects on critical infrastructure — such as disrupting an electrical distribution network for at least a few hours — similar to those demonstrated in Ukraine in 2015 and 2016. Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.” (See DHS: 2017 Russian Probes Hit Hundreds of Energy Cos.)

The report also warned that China also “has the ability to launch cyberattacks that cause localized, temporary disruptive effects on critical infrastructure — such as disruption of a natural gas pipeline for days to weeks—in the United States.”

Posted on

Judge Postpones Strict Probation Conditions for PG&E

By Hudson Sangree

A federal judge on Wednesday delayed his decision to impose extensive new probation conditions on Pacific Gas and Electric in its criminal case for the 2010 San Bruno gas line explosion, including a requirement that the utility inspect its entire grid for safety problems before the start of this year’s fire season.

Instead, Judge William Alsup, of the U.S. District Court for the Northern District of California, in San Francisco, said he would wait to the see the fire mitigation plan that PG&E files with the California Public Utilities Commission on Feb. 6, in compliance with last year’s SB 901. The judge also asked lawyers representing both explosion and wildfire victims to submit more information on fire safety measures they discussed at Wednesday’s hearing.

A section of the 30-foot gas pipeline owned by PG&E that exploded in 2010, killing eight people in San Bruno, Calif.

The hearing in the San Bruno case came a day after the utility and parent PG&E Corp. filed for bankruptcy, in part because they potentially face billions of dollars in liability for the fatal wine country fires of October 2017 and the Camp Fire in November 2018, which killed 86 people and destroyed the town of Paradise.

On Jan. 9, Alsup issued a tentative ruling in which he said that, unless the parties convinced him otherwise, he would impose new probation conditions on PG&E, which was convicted of six felonies for knowingly violating federal safety rules and obstructing a federal investigation after the 2010 explosion that killed eight people. (See Judge, Governor, CPUC and Protesters Weigh in on PG&E Mess.)

Those new conditions would include requiring the utility to reinspect its entire grid in the coming months and to remove any trees or branches that could contact power lines. In addition, he said PG&E would have to “identify and fix all conductors that might swing together and arc due to slack and/or other circumstances under high-wind conditions.”

The Camp Fire killed 86 residents and wiped out the town of Paradise on Nov 8, 2018. PG&E equipment is a suspected cause. | NASA

The utility “shall identify and fix damaged or weakened poles, transformers, fuses and other connectors; and shall identify and fix any other condition anywhere in its grid similar to any condition that contributed to any previous wildfires,” Alsup wrote.

“These conditions of probation are intended to reduce to zero the number of wildfires caused by PG&E in the 2019 wildfire season. This will likely mean having to interrupt service during high-wind events (and possibly at other times), but that inconvenience, irritating as it will be, will pale by comparison to the death and destruction that otherwise might result from PG&E-inflicted wildfires,” the judge wrote.

PG&E protested the proposed conditions, saying it would cost between $75 billion and $150 billion to comply with the requirements. Federal prosecutors also encouraged the judge to back down and defer to the federal monitor overseeing PG&E in the wake of the San Bruno case. (See PG&E Cleared in Fire that Burned Santa Rosa.)

Posted on

Make PG&E a Public Utility, Protesters Tell PUC

By Hudson Sangree

SACRAMENTO, Calif. — Protesters at the Public Utilities Commission meeting on Thursday urged the commissioners to try to turn Pacific Gas and Electric into a publicly owned utility as part of its Chapter 11 reorganization that began when the company filed for bankruptcy protection Tuesday.

Protesters at Thursday’s CPUC meeting in Sacramento read aloud the names of those killed by wildfires. | © RTO Insider

“We have the opportunity to radically restructure what our energy system looks like — safe, public and one that ensures everyone the right to access,” said Morganne Blais-McPherson, a University of California, Davis student and co-chair of the university’s Young Democratic Socialists of America chapter.

Unlike recent protests at PUC meetings in San Francisco, the Sacramento gathering was relatively tame. Demonstrators didn’t disrupt the meeting or shout. They spoke only during public comment, mostly without going over the two-minute time limit set by PUC President Michael Picker.

The calm meeting capped off a tumultuous week of hearings and court filings involving PG&E and the PUC.

On Monday, the PUC called a hasty and controversial meeting to allow PG&E to obtain billions of dollars in debtor-in-possession (DIP) financing to see it through bankruptcy.

On Tuesday, just after midnight, the utility filed for bankruptcy in federal court in San Francisco. The first hearing in the bankruptcy case, which was mainly procedural, was held that afternoon. (See PG&E Wants to Undo Contracts, Revamp Biz in Bankruptcy.)

Protesters displayed signs during Thursday’s CPUC meeting in Sacramento. | © RTO Insider

On Wednesday, a judge considered whether to impose stringent new conditions on PG&E for violating criminal probation in the 2010 San Bruno gas line explosion case, and the State Assembly held an oversight hearing of the PUC in which some lawmakers demanded that regulators do more to keep PG&E and other utilities from sparking deadly wildfires. (See related story, Lawmakers Grill CPUC President on PG&E, Fires.)

Another bankruptcy hearing started Thursday morning in San Francisco, about the same time the PUC was meeting in Sacramento. (See related story, Judge Postpones Strict Probation Conditions for PG&E.)

Seth Sanders, a member of the Democratic Socialists of America, said that as a parent and ratepayer, he was upset to see PG&E seek bankruptcy protection when it is suspected of starting November’s Camp Fire, which killed 86 people and destroyed the town of Paradise.

“I have been sick to my stomach,” Sanders told commissioners. “This is a terrible insult to the memories of the dead.”

Protesters listen to the CPUC proceedings during Thursday’s meeting in Sacramento. | © RTO Insider

Sanders and other protesters called for a restructuring of PG&E into municipal systems, citing the Sacramento Municipal Utility District as a model. Their statements were met with quiet finger snapping from other demonstrators, some of whom stood holding signs.

(San Francisco officials have said publicly they might be interested in taking over PG&E’s assets in the city and forming a municipal utility.)

At one point, protesters read aloud the names of about 40 fire victims, as they have done at other PUC meetings.

“Unless you do something, you’re going to get us all killed,” Robert Henderson told the commissioners during the public comment period.

Mary Kay Benson, of Butte County, Calif., said many of those who died in the Camp Fire were senior citizens, like her. | © RTO Insider

Mary Kay Benson said she was from Chico, the neighboring town to Paradise in largely rural Butte County. Many of the dead were senior citizens, like her, Benson said.

“Are we all just corporate collateral?” she asked the commissioners.

Pete Woiwode, of Oakland, said he was at Monday’s raucous meeting in San Francisco, when the PUC approved PG&E’s DIP financing with little public notice and over the objections of demonstrators.

“That should not have happened,” Woiwode said.

Posted on

Lawmakers Grill CPUC President on PG&E, Fires

By Hudson Sangree

SACRAMENTO, Calif. — Public Utilities Commission President Michael Picker told lawmakers Wednesday the commission probably isn’t the best public entity to address the “enormity” of the state’s recent wildfire crisis.

The PUC has been trying to help prevent wildfires sparked by electric utilities, as required by last year’s SB 901. But the commission, Picker said, is more like a specialized court that sets utility rates, not a fire prevention agency such as the Department of Forestry and Fire Protection.

“They understand fires. We understand ratemaking,” Picker told the Assembly Utilities and Energy Committee during its annual oversight hearing of the PUC.

He said the commission was set up long ago to slowly gather and weigh evidence on regulated utilities, not to react quickly to urgent public safety matters.

“I don’t think this is where you’re going to get a sense of urgency,” Picker said later.

Officials of the California Public Utilities Commission listened to lawmakers critique their handling of the state’s wildfire crisis at an oversight hearing Wednesday. | © RTO Insider

Picker’s briefing on the PUC’s varied activities quickly turned into a sometimes tense discussion of wildfires and Pacific Gas and Electric, which filed for bankruptcy Tuesday. (See PG&E Files for Bankruptcy.) Some lawmakers were cordial with Picker, while others grilled him about what the commission was doing to prevent more devastating wildfires like the deadly ones that ravaged the Northern California in the past two years.

“We’re well over 100 deaths in these fires,” said Assemblymember Jim Wood (D), whose North Coast district was heavily scarred by the wine country wildfires of 2017. “What will you do this year to protect Californians?”

Picker said the PUC had been in the process of figuring out what to do with PG&E, including breaking up the company or replacing its board members.

Financial penalties, including a $1.6 billion fine after the San Bruno gas line explosion in 2010, had failed to change the company’s board members or safety culture, he said.

“Fines are just not enough,” Picker said.

Now those decisions likely will be made by a federal bankruptcy judge, with the PUC recommending a reorganization plan for PG&E, he said.

“We will contend with them as advocates for ratepayers in bankruptcy,” Picker said.

Earlier this month, a federal judge overseeing PG&E’s criminal probation in the San Bruno case said he might require the utility to inspect every inch of its grid before the 2019 fire season starts this summer. The judge backed off on that plan, at least temporarily, in a hearing in San Francisco earlier Wednesday. (See Judge Postpones Strict Probation Conditions for PG&E.)

Picker said the PUC had looked at what it would take for it to inspect the state’s high-risk fire areas for overhanging branches and other safety problems. He said the commission would need to hire between 15,000 and 20,000 workers to inspect 4.2 million power poles and 200,000 miles of transmission lines.

A better investment, he said, would be for utilities to adopt extensive weather monitoring, as San Diego Gas & Electric did in Southern California. The National Weather Service typically estimates wind gusts on ridgetops. Fires start near electric lines in canyons down below. SDG&E deployed an extensive network of weather stations and cameras in such locations, Picker said. (See Calif. Regulators to Scrutinize De-energization.)

“They had to develop a whole new weather system within their service area,” and PG&E could do the same in Northern California, he told committee members.

During a Legislative oversight hearing Wednesday, Assemblywoman Eloise Gomez Reyes (D), right, asked PUC President Michael Picker, left, why more wasn’t being done to prevent wildfires sparked by electric utilities. | © RTO Insider

Assemblyman Bill Quirk (D) suggested the PUC had been partly responsible for driving PG&E into bankruptcy. SB 901 tasked the commission with performing a stress test to determine how much a utility could pay in wildfire liability without harming ratepayers or undermining grid reliability. The rest would have to be paid by shareholders.

Creditors wanted to know the extent of PG&E’s expected liability, Quirk said. The utility must borrow $2 billion a year, and the PUC’s inability to provide creditors with more certainty had led major ratings firms to downgrade PG&E’s creditworthiness to junk status and cut off its access to credit, he said.

Picker said the PUC couldn’t supply a stress-test figure until all official fire investigations have concluded and it performs its own analysis, which could take 18 months. “We don’t know the cost in the end,” he said.

Posted on

Bankruptcy Only ‘Viable’ Option for PG&E, Lawyer says

By Robert Mullin

A lawyer for Pacific Gas and Electric said the embattled utility did not file for bankruptcy to evade financial responsibility for wildfires that ravaged Northern California in 2017 and 2018, but to ensure the company is able to compensate the victims of those fires.

During a Thursday court hearing to review the numerous motions PG&E quickly submitted when it filed for Chapter 11 on Tuesday, Attorney Stephen Karotkin said the company’s move was intended to maintain its status as a going concern.

“Simply stated, your honor, there was no way for PG&E to finance its way through years of litigation and finance its business,” Karotkin told U.S. Bankruptcy Court Judge Dennis Montali. “Chapter 11 is the only viable alternative.”

Judge Dennis Montali | Commercial Law League of America

During the half-day hearing, plaintiffs’ attorneys urged the judge to create a claimant class for fire victims and asked him not to make their clients’ claims subordinate to suppliers and other creditors.

The hearing was peppered with humorous remarks, a reflection of Montali’s relaxed style even in the face of an extremely complex bankruptcy case involving the nation’s largest utility.

Early in the proceeding, Karotkin assured the judge that, unlike in its 2001 bankruptcy during the Western Energy Crisis, PG&E was this time “seeking to work collaboratively” with the California Public Utilities Commission “to achieve a successful reorganization.”

“You don’t think they were collaboratively engaged 18 years ago?” Montali asked, drawing laughter from the courtroom.

“I wasn’t here 18 years ago, but from what I heard, I don’t think so,” Karotkin replied.

“I still have the boxing gloves,” retorted Montali, who also oversaw that case.

‘Comprehensive Review’

In his opening remarks, Karotkin told the court that PG&E decided to file Chapter 11 after a “comprehensive review” of its business, which confirmed the utility faced “a multitude of claims” from wildfire victims and “thousands yet to be filed.” He noted about 50 complaints have already been filed against the company for November’s Camp Fire, the costliest and deadliest fire in California history. The cause of the blaze is still under investigation.

Stephen Karotkin | Weil, Gotshal & Manges

Karotkin added that a recent finding by California fire investigators that PG&E equipment was not responsible for igniting the 2017 Tubbs Fire that destroyed part of the city of Santa Rosa did not significantly alter the company’s precarious financial position. (See PG&E Cleared in Fire that Burned Santa Rosa.)

“The fact is, the comprehensive review fully took into account being exonerated for the Tubbs Fire,” Karotkin said, adding that plaintiffs’ lawyers “also think they have other theories to hold PG&E accountable” for that fire.

PG&E says its problems have been exacerbated by California’s doctrine of inverse condemnation, which holds a utility strictly liable for property damage caused by a fire started by its equipment, regardless of whether the utility is found to have neglected maintenance.

The situation has left PG&E unable to access the capital needed to operate and service its debts, Karotkin said.

“PG&E believes Chapter 11 will more quickly and equitably address PG&E’s liability than though the state court system,” Karotkin said. One objective of the bankruptcy case would be to establish a trust fund for wildfire victims and restoration efforts, he told the judge.

Fire Victims Seek Standing

But attorneys representing those victims expressed concerns that bankruptcy would force their clients to line up behind creditors and suppliers before they could collect on their claims.

Attorney Dario de Ghetaldi, a lawyer representing 1,500 claimants affected by the North Bay, Butte and Camp fires, asked that Montali not give debt and supplier payments priority over payments to plaintiffs that had executed pre-petition settlement agreements with PG&E over the Butte fire.

“There are other firms who have other Butte Fire plaintiffs in the same position, and I represent, I think, their views as well,” de Ghetaldi said.

“We’re obviously very sympathetic to his clients and the victims of these wildfires, and we understand their concerns, but we don’t think it’s prudent to risk the operations right now and risk potential recoveries for them going forward, which is why we think it’s absolutely critical to maintain [PG&E’s] operations and sustain them going forward,” countered Karotkin’s colleague, Matthew Goren.

Saying he represents “several thousand individuals who are now told they are creditors” of PG&E, San Francisco attorney Khaldoun Baghdadi asked the court to create a separate claimant class for fire victims.

“We feel that the voice that our clients represent is unique and central to resolution of these claims,” Baghdadi said. “And with respect to the expeditious resolution [of the proceeding], I will just point to the court: In October 2017, several thousand people lost their homes and loved ones. Nearly every one of their homeowner insurance policies provided for two years of alternative living expenses, which means in October of this year, several thousand people are going to have a serious problem in finding a place to live.”

Thursday’s hearing may have also provided cold comfort to PG&E’s many power suppliers, who have already beseeched FERC to intervene in any attempt by the utility to abrogate supply agreements. As part of its bankruptcy filing, PG&E asked the court to issue an injunction confirming its exclusive jurisdiction over the debtors’ rights to reject power purchase agreements and other FERC-regulated contracts. (See FERC Claims Authority over PG&E Contracts in Bankruptcy.)

“Despite what has been written in the newspapers, there are not any motions on file at this time to reject any power purchase agreements or any other contract, and there is no current intention to file any of those motions in the immediate future,” Karotkin said. “Those will be evaluated as the case progresses.”

Karotkin’s statement left unanswered the question of whether PG&E would seek to reprice PPAs with any of its power suppliers, as suggested in the utility’s own filings with the bankruptcy court Tuesday. (See PG&E Wants to Undo Contracts, Re-vamp Biz in Bankruptcy.)

Marc Sacks, a U.S. Department of Justice attorney representing FERC, said Thursday that FERC has agreed to give PG&E 60 days from its bankruptcy filing to respond to the agency’s Jan. 25 order contending that the contracts fall under FERC’s jurisdiction — and that it must sign off on any changes. That agreement extends the original Feb. 24 response deadline and also provides Montali enough time to rule on the injunction request.

By the end of the hearing, Montali had approved all 17 of PG&E’s motions under review, noting the scattered objections to a few of them, including provisions related to bonuses in a motion covering employee compensation. All objections would be addressed by the final hearing, the judge said.

The next hearings in the PG&E proceeding are scheduled for Feb. 12 and 13, followed by an additional hearings two weeks later.

Posted on

MISO Maintains Reliability Through Arctic Midwest Temps

By Amanda Durish Cook

CARMEL, Ind. — Record-breaking cold Wednesday and Thursday brought MISO’s eighth maximum generation event and multiple appeals for conservation from utilities in the northern portions of the RTO’s footprint.

But data on the emergency event are in short supply for now. Speaking at a Reliability Subcommittee meeting on Thursday, Director of Regional Operations Michael McMullen said it was too early for MISO to have prepared data to share. He told stakeholders the RTO will have more information at upcoming public meetings.

Consumers Energy lineman | Consumers Energy

At the time of the RSC meeting, MISO’s maximum generation alert had expired and the RTO was operating under a maximum generation warning through the morning. (See Cold Snap Halts DER Talk as MISO Calls Max Gen Event.)

But McMullen did reveal that the grid operator was able to maintain reliability during the dangerous cold on Jan. 30.

“In that sense, it was a good operating day,” he added.

Chris Miller, of FERC‘s Office of Energy Market Regulation, thanked MISO for working to maintain reliability through the historic cold.

Temperatures across MISO Midwest were about 15 to 30 degrees Fahrenheit below average.

Gas Shortage Warnings

The cold snap brought multiple gas shortage advisories in the northern portion of the MISO footprint.

An IPL lineman obscured by winter gear | Indianapolis Power and Light

During the event, both Consumers Energy and DTE Energy issued public appeals for conservation on Jan. 30. Consumers said ratepayers should lower thermostats or risk a gas shortage. The company also asked General Motors to suspend operations at about a dozen manufacturing sites. Consumers’ gas scarcity was compounded by a recent fire at one of its natural gas compressor stations near Detroit.

“We greatly appreciate conservation efforts by all natural gas customers across Lower Michigan to assist with a supply issue on our gas distribution network. Conservation, even by gas customers served by other utilities than Consumers Energy, is making a difference. This morning, we are cautiously optimistic that our public requests to reduce gas use are having a positive effect,” Consumers posted on Facebook on Friday morning.

In a video shared on social media, Michigan Gov. Gretchen Whitmer asked all residents in the Lower Peninsula to set their thermostats to 65 degrees Fahrenheit until noon on Friday. Several businesses were also complying with the request.

In Minnesota, Xcel Energy asked its gas customers to lower thermostats to 63 degrees through Thursday in order to sustain operations. “During this extremely cold weather, we are asking our Minnesota customers to help conserve natural gas so the system can continue to operate well for our customers throughout the state,” Xcel said Wednesday.

However, Xcel later on Thursday had to interrupt gas service to about 150 customers in central Minnesota because of a constrained portion of the system that temporarily lost pressure. The company reportedly booked rooms at several nearby hotels for affected customers.

An emergency smartphone alert from Consumers Energy | Facebook

Transmission owner ITC Holdings said it had suspended all routine maintenance and put some equipment back into service. ITC Chief Operating Officer Jon Jipping said the company sent crews out a few days in advance to check equipment and said crews were “actively monitoring equipment” as the cold settled in on Jan. 30. He also said ITC remained in contact with the Michigan Public Service Commission throughout the statewide emergency. At the time, ITC — which usually imports electricity into Michigan — reported exporting about 1,500 MW, most flowing south to other MISO zones and PJM.

“The more extreme events that we have, the more normal they become for us,” ITC Michigan President Simon Whitelocke said in a phone interview with RTO Insider. “Part of our job is to plan for a system that can handle this extreme weather we’re seeing.”

Posted on

NERC Issues $10M Fine for Security Lapses

By Rich Heidorn Jr.

NERC has recommended a $10 million fine on an unidentified utility for repeated violations of critical infrastructure protection (CIP) reliability standards over more than three years that exposed a “lack of management engagement, support and accountability.”

In a Notice of Penalty filed Jan. 25, NERC cited 127 violations between 2015 and 2018 (52 posing “minimal” risk, 62 “moderate” and 13 “serious”). While most of the violations were self-reported, others resulted from compliance audits.

| NERC

Although many of the details were redacted as critical energy/electric infrastructure information (CEIl), the document refers to “companies” and “regional entities” in the plural, suggesting a large, multistate utility was involved.

“The 127 violations collectively posed a serious risk to the security and reliability of the [bulk power system]. The companies’ violations of the CIP reliability standards posed a higher risk to the reliability of the BPS because many of the violations involved long durations, multiple instances of noncompliance, and repeated failures to implement physical and cybersecurity protections,” NERC said. “As an example, the companies’ failure to accurately document and track changes that deviate from existing baseline configurations increased the risk that the companies would not identify unauthorized changes, which could adversely impact [bulk electric system] cyber systems.”

The notice cited as contributing causes “disassociation of compliance and security that resulted in a deficient program and program documents, lack of implementation, and ineffective oversight and training.”

It also criticized “organizational silos” illustrated by a lack of communication between management levels and “a lack of awareness of the state of security and compliance.”

There were also silos across business units “that resulted in confusion regarding expectations and ownership of tasks, and poor asset and configuration management practices,” NERC said.

| NERC

In a settlement, the companies agreed to pay the fine and to improve their performance by increasing senior leadership involvement and oversight; creating a centralized CIP oversight department; and restructuring roles to focus on standards, enterprise oversight, enterprise CIP tools, compliance metrics and regulatory interactions. They also agreed to conduct industry surveys and benchmark discussions to develop best practices.

The companies also agreed to invest in enterprise-wide tools for asset and configuration management, visitor logging, access management, configuration monitoring and vulnerability assessments; increase training; and institute annual compliance drills.

NERC said the penalty was based on the companies’ “repeat noncompliance” and “deficient” compliance program, mitigated by the lack of evidence of any attempt to conceal the violations. The settlement and fines are subject to approval by FERC.

Posted on

NYISO Management Committee Briefs: Jan. 30, 2019

By Michael Kuser

RENSSELAER, N.Y. — NYISO last month incorporated additional 115-kV transmission facilities in its energy market model, Chief Operating Officer Rick Gonzales told the Management Committee on Wednesday.

Gonzales said the facilities, mostly in western New York, were incorporated into the real-time market on Dec. 4 and the day-ahead market on Dec. 5. “Commensurate with that activity, we also deployed an enhanced Niagara model, which allows us to better address those transmission constraints,” Gonzales said in delivering the monthly operations report.

The Niagara Power Plant comprises 25 individual generating units, divided into three bulk power system injection points: Niagara 230-kV Bus (1,770 MW total); Niagara 115-kV East Bus (860 MW total); and Niagara 115-kV West Bus (645 MW total).

| New York Power Authority

The ISO previously represented all 25 units as a single facility in the market models, which precluded the market model from shifting generation among these units to manage congestion and increase output from the plant. Operators can now shift output among these generators to manage congestion on both the 230-kV and 115-kV facilities.

Last month’s moves completed a project to begin scheduling and pricing more than 20 lower-voltage transmission facilities in the day-ahead and real-time markets, an effort the ISO’s Market Monitoring Unit, Potomac Economics, had recommended since 2014. (See “ISO to Begin Incorporating 100+kV Tx Facilities in Markets,” NYISO Business Issues Committee Briefs: Sept. 12, 2018.)

Howard Fromer, director of market policy for PSEG Power New York, asked whether the changes had led to a reduction in out-of-merit actions or prices.

“We’re very happy with the way that those two actions have turned out,” Gonzales said. “Securing the 115-kV with its additional constraints into our energy market has resulted in significant reductions in out-of-merit actions for Niagara or Ontario imports.”

He said the enhanced Niagara modeling should result in much more price stability in the entire New York Control Area because Niagara is a significant supplier of energy, reserves and regulation.

The ISO’s Manual 12, Transmission and Dispatch Operations Manual, says, “From time to time, generators must be operated out of economic order or at levels that are inconsistent with the calculated schedules. Any NYISO-authorized deviation from the schedule is considered out-of-merit (OOM) generation and is not subject to regulation penalties. A unit that is out-of-merit is balanced at actual output and may be eligible for a supplemental payment if its bid production cost is not met.”

Winter: So Far, So Good

Emilie Nelson, NYISO vice president of market operations, gave an update on January operations, noting the cold weather over the Martin Luther King Jr. Day weekend (Jan. 19-22) and the arctic blast that hit the state that day.

NYISO winter peak loads (MW): 2004/05 to 2017/18 | NYISO

Although there was substantial snowfall upstate, the storm caused no real transmission or distribution issues, Nelson said. Good coordination with transmission owners and neighboring grid operators led to some transmission being returned to service from maintenance outages in advance of the anticipated weather, she said.

“We did see in advance of the [MLK] weekend generators begin to switch to oil, with escalated gas prices and some limitations projected in advance of Monday, which was the coldest day,” Nelson said. “We of course have a weekly fuel survey process — which can occur more frequently for prolonged periods of cold weather — and we had sufficient oil inventories.”

Demand peaked at 24,728 MW on Monday, Jan. 21, exceeding the 90/10 day-ahead forecast, she said. The demand for energy reflected peak temperatures across the New York Control Area of 8.8 degrees Fahrenheit, which came in very close to the forecast. The minimums experienced were 3 F in Syracuse, 0 F in Albany and 6 F in New York City.

“This was the first time [this winter] we had the cold extend all the way into the downstate regions,” she said. On Jan. 21, the ISO saw about 700 MW of derates because of fuel-related issues and an additional 160 MW from other cold weather issues, Nelson said.

Consolidated Edison, National Grid and other natural gas pipeline operators issued operational flow orders in advance.

The storm hitting as she spoke looked to be very similar to the one in mid-January, both in terms of projected peak load and the value of low temperatures across the state, Nelson said.

Committee Approves Repricing TCC Credit Requirement

The MC approved using the market clearing price to calculate the credit requirement for fixed-price transmission congestion contracts (TCCs), in accordance with Market Services Tariff Section 26.4.2.4.1.

Sheri Prevratil, NYISO manager of corporate credit, reiterated the case she made in persuading the Business Issues Committee earlier in January, which recommended the measure to the MC. (See NYISO Business Issues Committee Briefs: Jan. 16, 2019.)

Under the changes, the ISO will use $0 as the payment obligation portion of the requirement if the price calculated for the fixed-price TCC is less than $0. Otherwise it will continue to use the greater of the payment obligation or the credit holding requirement until receiving payment for the contract. The credit holding requirement is the greater of the auction TCC holding requirement, the fixed-price TCC holding requirement or the mark-to-market calculation.

“Essentially we’re just proposing to change the fixed-price TCC credit requirement to be in line with the holding requirement for auction TCCs,” Prevratil said.

Asked whether stakeholders were adequately protected from the risk of a default like that of GreenHat Energy in PJM, Prevratil said, “Yes, in the end we will be covered more appropriately for these TCCs because the market clearing price will be used to better reflect the risk of the TCC instead of using the fixed price across the term of the TCC.” (See FERC OKs Key PJM Changes to Address GreenHat Default.)

If the change is approved by the Board of Directors in March, the ISO will file with FERC in April for deployment in June.

Posted on

Utility CEOs Urge PJM Board to Act on Price Formation

By Christen Smith

Four top utility executives urged PJM’s Board of Managers to act on price formation at its Feb. 12 meeting after stakeholders deadlocked on the issue last week.

Exelon CEO Chris Crane | © RTO Insider

CEOs Chris Crane of Exelon, Ralph Izzo of Public Service Enterprise Group and Charles E. Jones of FirstEnergy signed a Jan. 29 letter criticizing PJM for failing to implement energy and capacity market rule changes despite a decade of stakeholder discussions. Douglas Esamann, president of Duke Energy’s Midwest and Florida regions, also signed the letter, which said PJM was lagging behind other eastern RTOs and ISOs in addressing its “woefully out of date” operating reserve demand curve.

“Specifically, PJM has not been able to adequately navigate the current stakeholder process that was initiated to address key energy market price formation issues,” they said. “As a result, critical reforms have been mired in regulatory proceedings for years.”

Crane and Izzo have long supported changes to PJM’s market price formation methodology, calling it a “no brainer” and “long overdue.” (See CEOs See Dollar Signs in ZECs, PJM Price Formation.) They and Jones have threatened to shutter their struggling nuclear plants without rule changes to increase the plants’ revenues. FirstEnergy also has sought subsidies for its coal-fired generation.

“It is imperative that the board and PJM act swiftly and decisively on important price formation reforms so that these fundamental issues can be addressed within the PJM markets,” the executives concluded. “The markets are at a critical juncture and clear leadership is necessary to ensure the markets evolve to work as efficiently as intended and meet the needs of customers and investors.”

‘Not Enough’

Aside from the RTO’s stalled price formation initiative, the executives also chastised PJM for not defining resilience attributes and reacting too slowly to fuel security concerns following the December 2018 NERC report highlighting potential risks from accelerated retirements. (See NERC Releases ‘Stress Test’ Analysis of Gen Retirements.)

PSEG CEO Ralph Izzo | © RTO Insider

“Instead of driving changes for appropriate market price signals, PJM remains a facilitator to implement changes that achieve stakeholder consensus,” they said. “This is simply not enough.”

“This letter is one of a number of communications we expect to receive on the subject of reserve price formation and the stakeholder process in advance on the next PJM Board of Managers meeting,” PJM spokeswoman Susan Buehler said. “The board will take all stakeholder comments into consideration before reaching any decisions.”

Jeff Dennis, managing director and general counsel of Advanced Energy Economy, criticized the companies’ reliance on the NERC report and PJM’s own fuel security study as the basis for pushing through regulatory changes without stakeholder consensus.

“Let’s be clear — they’re trying to shortcut the stakeholder process on those issues based on two reports that make no showing of likely reliability risks in the near or immediate term, finding long-term risks in only the most extreme scenarios,” he tweeted Thursday. “If we’re going to continue the search for the black swan, let’s at least do it in an open, technology-neutral way that actually addresses demonstrated grid needs, rather than forcing discriminatory tech-specific market rules that benefit fuel-dependent resources.”

Stakeholder Deadlock

The executives’ letter came less than a week after the Markets and Reliability Committee failed to approve any of five price formation proposals — from PJM, Calpine, the Independent Market Monitor, the D.C. Office of the People’s Counsel and Vistra Energy.

FirstEnergy CEO Charles E. Jones | FirstEnergy

At the Jan. 24 meeting, load interests balked at the Jan. 31 deadline set by the board for stakeholder action. Exelon’s Jason Barker expressed frustration over the load interests’ request for more time after more than a year of discussions, saying “the time is now to move forward.” (See PJM Stakeholders Deadlock on Energy Price Formation.)

More than 60% of transmission owners voted in favor PJM’s plan or Calpine’s compromise package. The Vistra plan likewise received 86% support from TOs. Electric distributors and end-use customers unanimously supported the Monitor proposal instead. None came close to the two-thirds sector-weighted vote needed for approval.

PJM CEO Andy Ott said last week the board will consider input from both the MRC and upcoming Liaison Committee meetings before submitting a FERC filing on the issue. The Members Committee agreed to hold a special conference call no later than Feb. 8 if additional discussions yield a potential compromise in the interim.