The team developing a reliability standard requiring internal network security monitoring (INSM) at some grid cybersystems saw two “big wins” in the recent ballot round for the standard despite it failing to reach the threshold for passage, leaders said at the monthly meeting of NERC’s Standards Committee on March 20.
Stakeholders returned the proposed standard, CIP-015-1 (Internal network security monitoring), with a 48.52% segment-weighted vote for approval in the ballot round that ended earlier that week, short of the necessary two-thirds majority. (See Industry Sends Back NERC Cyber Monitoring Standards.) FERC has ordered NERC to submit standards requiring INSM by July 9.
Valerie Ney, the standard development team’s vice chair, reminded SC members that the result represents a significant improvement over the last ballot round in January, when CIP-007-X (the team’s previous attempt at adding INSM to an existing standard) received a segment-weighted vote of just 15.42%. She observed that the choice to create a new standard received overwhelming support, with 97% of respondents who expressed an opinion on the change approving.
Ney noted that stakeholders were also supportive of the SDT’s decision to remove electronic access control or monitoring systems and physical access control systems from the standard’s applicability list when they fall outside an entity’s electronic security perimeter. Comments on this change were 100% supportive.
Thad Ness, the SDT’s chair, acknowledged that the authors “got a lot of feedback” on the requirement that entities identify the network locations facing the greatest security risks and how they will develop their monitoring capabilities, and said the next iteration may have to “be a little clearer on that front.” He also mentioned that respondents pointed out “operational limitations” with the standard’s communication requirements, in that some substations “might not have a strong bandwidth to get this data and move it around.”
“We really thank the industry for providing some really good comments,” Ness said. “I do believe this is going to have an abbreviated posting [timeline] for the next round … so we are up to the task of doing any outreach to make sure the industry is aware of what we’re doing with the changes and can get the support for this.”
The SDT will meet March 21 to discuss its next moves.
IBR, Cold-weather Ballots Approved
Committee members at the meeting voted unanimously to post four other proposed reliability standards for ballot and comment periods.
First up were two standards under development by Project 2020-02 (Modifications to PRC-024 — generator ride-through). The project is intended to address performance issues identified in inverter-based resources, causing generators to trip offline unexpectedly and potentially cause grid stability challenges.
PRC-029-1 (page 60 in the agenda) is a new standard that creates ridethrough requirements specifically for IBRs, while PRC-024-4 (page 14) updates ridethrough requirements found in the existing PRC-024 standard applicable to synchronous resources. Both standards will be posted for a 25-day comment period; the committee authorized shortening the typical 45-day period at its December 2023 meeting because the project is responding to FERC Order 901, which imposed a Nov. 4, 2024, deadline for IBR performance standards addressing IBR performance issues.
Also approved for a 25-day comment period was PRC-030-1 (Unexpected inverter-based resource event mitigation) (page 83), under development by Project 2023-02 (Analysis and mitigation of BES IBR performance issues). The proposed standard, also developed in response to Order 901, would require “analysis and mitigation of unexpected or unwarranted protection and control operations from IBRs.” SC members approved a waiver for this project at the December meeting as well.
Finally, the committee authorized the posting of TPL-008-1 (Transmission system planning performance requirements for extreme weather events) (page 96) for a 45-day initial formal comment period. This standard would require entities to develop benchmark planning cases based on previous extreme cold or hot weather events, use those cases to plan for future extreme events, and develop corrective action plans when performance requirements for extreme heat and cold are not met.
Project 2023-07 is also developing this standard in response to a FERC directive, in this case Order 896 requiring a standard to be submitted by December 2024 addressing cold weather performance concerns. Although the SC did grant the project a waiver allowing shortened comment and ballot periods, the SDT elected not to pursue this option. NERC Manager of Standards Development Jamie Calderon explained that “the team wanted to ensure that there [were] substantive comments” to help shape their work in the coming months.