Search
`
November 14, 2024

PJM Delays Action on CFTC Order

PJM Thursday postponed a vote on changes needed to comply with the Commodity Futures Trading Commission order exempting most PJM market participants from CFTC jurisdiction.

PJM Chief Financial Officer Suzanne Daugherty said the delay was needed to address questions from members about the proposed tariff and Operating Agreement changes, which expand financial marketers’ officer certification requirements.

The CFTC agreed March 28 to largely exempt from its regulations Financial Transmission Rights, day ahead and real time energy transactions, forward capacity transactions and reserve regulation transactions, sales that are already regulated by the Federal Energy Regulatory Commission. However, the CFTC said the exemption did not apply to financial market participants that cannot qualify as “appropriate persons” under the Commodity Exchange Act (CEA).

PJM responded April 7 by announcing it may deny trading privileges to as many as 55 small market participants if they are unable to qualify for the exemption. PJM said the change was necessary for the RTO to avoid being deemed a swap dealer and becoming subject to CFTC reporting requirements.

Captive Customers

J.P. Morgan vice president Robert O’Connell said PJM’s officer certification requirements are unnecessarily complex compared with those of the New York ISO.  He suggested that PJM has been less responsive to member complaints about paperwork requirements because it has “captive customers.”

If PJM members had alternatives for trading in PJM “there would be more thought given to person on the other side of the table,” O’Connell said.

Daugherty said PJM staff would attempt to simplify the requirements but was unable to accept companies’ Securities and Exchange Commission certifications, as O’Connell requested.

In preparing the changes needed to comply with the CFTC order, PJM officials discovered Operating Agreement language that raises questions about PJM Settlement Inc.’s independent authority to seek asset recovery following a trading participant’s default. Officials said they will propose deletion of the language, which appears to require a member vote before beginning collection efforts.

“Telling you about [PJM’s case] can be very detrimental to the legal position we’re in” by publicly exposing weaknesses in the RTO’s case, said PJM General Counsel Vince Duane. Instead, he said PJM would continue its current practice of “private bilateral conversations with those who are closest to the situation or most impacted by it.”

MRC Expands Black Start Study

Citing reliability concerns, the Markets and Reliability Committee agreed Thursday to expand the scope of a task force exploring compensation and incentives for black start generators.

The revised charter for the System Restoration Strategy Task Force will allow the group to consider changes to black start procurement, cost allocation and compensation, including “back stop” options if response to PJM’s voluntary request for resources leaves gaps in coverage.

Dana Horton, of AEP, noted that much of PJM’s black start capability is provided by coal-fired units scheduled for retirement. “We’ve never had a need to replace so many black start units,” he said.

The MRC approved the change over the objection of several members, who said PJM should evaluate the impact of changes approved in February before it considers additional ones. The motion to approve the revised charter was approved by acclimation, with 19 no votes.

MRC in February broadened its definition of “critical load” and increased the number of generators that could restore service to the load following a disruption. MRC also said black start units in one zone will be allowed to help restart generation in neighboring zones, allowing more efficient use of existing resources.

Michael Kormos, PJM senior vice president of operations, said the RTO won’t know the impact of the changes until it gets the results of its solicitation for black start generators at the end of 2013. “To start that conversation at that time would be too late [to prepare] for 2015,” Kormos said. “It’s going to put us in a big hole.”

Chantal Hendrzak, facilitator of the taskforce, said the group will research potential incentives for quick-starting units and how other RTOs procure and compensate black start resources.

Steve Lieberman, of Old Dominion Electric Cooperative, said the task force should consider all of the compensation other RTOs provide generators, not just black start compensation. Lieberman joined Bill Schofield, representative of the PJM Public Power Coalition, in calling the expanded charter premature.

Gloria Godson, vice president of federal regulatory policy for Pepco Holdings Inc., who noted her company owns no generation, supported the expanded study. “We don’t have credible responses” to the solicitations, she said. “Something needs to change.”

Dave Weaver, Exelon’s director of transmission operation and planning, also cited the coal retirements in calling for a broader charter. “I’m not convinced the changes we’ve made, although good changes,” are enough, Weaver said. “The iron in the ground remains the same … To me it’s really irresponsible to not have this plan in place.”

PJM Contact: Chantal Hendrzak

Back to the Drawing Board on FTR Forfeitures for Incs, Decs

PJM and its Market Monitor still don’t agree on how the Financial Transmission Rights forfeiture rule should be applied. But they have at least reached consensus on how it has been applied to date.

PJM Vice President of Market Operations Stu Bresler presented the Markets and Reliability Committee Thursday with a description of the practice as currently applied by the monitor on increment and decrement transactions.

MRC Vote in May

The MRC will be asked in May to approve a manual change documenting the monitor’s current application of the rule, and a problem statement to determine how it should be interpreted in the future.

The rule is intended to prevent participants from submitting virtual bids that boost the value of their FTRs.

PJM discovered only recently that it disagreed with the criteria by which the monitor has been determining whether a company’s virtual bid is “at or near” the delivery or receipt buses of its FTR. PJM does the billing and has the authority to use its own determination if it disagrees with the monitor’s.

The monitor has been applying the penalty based on the net impact of virtual bids, triggering its application in less than one-tenth of 1% of trades.

PJM proposed a different calculation under which companies would lose any profit for an FTR if 75% or more of the energy injected or withdrawn by a virtual bid is reflected in a constrained path between FTR source and sink.

Market Monitor Joseph Bowring says PJM’s method would eliminate the rule’s value in policing gaming.

Stalemate

The Market Implementation Committee on March 6 voted in favor of PJM’s calculation method over the monitor’s. But the MRC rejected the PJM proposal March 28, leaving the RTO with no documentation for the practice.

Incorporating Volumes

Pat Sunseri, of Twin Cities Power, LLC, Thursday reiterated his request that PJM consider the volume of transactions in its application of the rule so that it doesn’t prevent legitimate hedging. “I think it makes a lot of sense to look at the volumetric issue,” Bresler agreed.

Carol Smoots, counsel to the Financial Marketers Coalition, said the rule should be reviewed by a task force reporting to the Market Implementation Committee rather than by the MRC, as envisioned in the Market Monitor’s proposed problem statement.

“A lot of very good trading doesn’t occur” because of the current interpretation, Smoots said. “That’s harmful to the market.”

MRC Defines UTCs; Adds Bid Limit and FTR Forfeiture Rule

Up-to congestion transactions were in the spotlight Thursday as the Markets and Reliability Committee:

  • Approved a definition of UTCs and a limit on trading of them;
  • Approved rules for deciding when UTC traders will forfeit Financial Transmission Rights; and
  • Heard first reading of proposed UTC credit requirements.

The trading limits and FTR forfeiture rules each passed with only one no vote. But the near unanimity dissolved when Andy Ott, PJM senior vice president for markets, reiterated his call for imposing fees on UTCs. Echoing a recommendation by Market Monitor Joseph Bowring, Ott said fixed fees on UTCs would help reduce uplift from Operating Reserve charges (see “PJM Proposes Operating Reserve Changes to Cut Uplift”).

Ott said PJM staff will perform an analysis on how UTCs both benefit market liquidity and increase system congestion. The analysis, which Ott said was necessary to “demystify” UTCs, also will compare them with other virtual trades — increment offers and decrement bids. “We need to have actual analysis, not suppositions, not opinions,” he said.

Carol Smoots, counsel to the Financial Marketers Coalition, said she was “disappointed that some sort of back room deal has been agreed to” regarding fees on UTCs.

Smoots said virtual trades already pay fees, including 40% of line loss charges. “To say the financial sector is not contributing to the cost of physical supply is not accurate,” she said.

Smoots said financial marketers have become a “convenient dumping ground” for fees because they are a small sector with limited voting power within PJM. “Being singled out because some folks don’t choose to use this product is very troubling,” she said.

Almost 95% of UTC trading volume came from financial traders in 2012 versus less than 5% by physical traders, according to the State of the Markets report.

J.P. Morgan vice president Robert O’Connell said fees could undercut UTCs’ role in creating liquidity and price convergence between the day-ahead and real-time markets. If the market-wide benefits of UTCs and other virtual trades outweigh their costs, O’Connell said, they shouldn’t pay any fees. Setting a fee “sends the message that `we don’t want you to converge any closer than $1 or $2,’ whatever the fee is.”

Jeffrey Mayes, general counsel for the monitor, said the definition of UTCs and any consideration of fees should be the subject of a transparent process beginning with a problem statement. “This proceeding isn’t going to do that,” he said.

Trading Limits

Reason for Change:

PJM proposed the cap because high bid volumes can make it difficult for the RTO’s day-ahead markets software to reach solutions.

Impact:

PJM can limit market participants to no more than 3,000 UTC transactions each in the day-ahead market when necessary for market operations. (A similar cap also applies to increment offers and decrement bids.)

The definition of market participant includes all sub-accounts established under the member. Affiliates will be treated as separate participants and have their bids counted individually.

The cap includes changes to the tariff, Operating Agreement and Manual 11.

FTR Forfeiture Rule

Reason for Change:

The rule is intended to prevent market manipulation — in this case, the submission of UTCs that boost the value of a participant’s FTRs.

Impact:

The rule is applied when those UTCs result in a higher LMP spread in the day-ahead market than in the real-time market.

Credit Requirements

Reason for Change:

UTC trading volumes have grown dramatically since 2010 (see chart) but have no credit requirements to protect market participants against defaults.

UTC Trading Volume 2006 - 2012 (Source: State of the Markets 2012)
UTC Trading Volume 2006 – 2012 (Source: State of the Markets 2012)

Impact:

The Credit Subcommittee conducted polling on five alternative credit requirements for UTCs.  PJM’s recommendation (Alternative F) won support from 91% of the 159 members responding to the survey, besting Alternative C with 48%.

The alternatives vary by how much collateral would be required and how much credit exposure the collateral would cover.

PJM’s proposal sets a bid screen based on the 70th percentile of the difference between the bid price and two-month rolling historical real-time costs for prevailing flow bids. It uses the 80th percentile for counterflows.

The cleared portfolio requirement is based on the 70th percentile of the difference between the cleared price and two-month rolling historical real-time costs for prevailing flows and 95th percentile for counterflows.

PJM analyzed the impact of the five proposals against trading results for April 2011, July 2012, and January 2013 to evaluate shoulder, summer and winter periods. It also looked at how they fared against the largest losses in the 10-month period between January 1 and Oct. 31, 2012. (See chart.)

“There is not likely one perfect set of credit requirements that would cover every period,” PJM Chief Financial Officer Suzanne Daugherty said. Daugherty said the goal was to find a balance that minimizes exposure without setting collateral requirements “so high that it shuts down the market.”

One alternative (Alternative E) showed the lowest remaining exposure and highest credit requirements in all scenarios while another (Alternative B) had the lowest credit requirements and left the highest remaining exposure. (See chart.)

UTC-credit-requirement-performance-vs.-4-scenariosUTC traders would need at least $200,000 in collateral, the same as for increment and decrement transactions.

Traders in Financial Transmission Rights are required to post $500,000. Daugherty said the lower requirement was justified because UTCs’ exposure is limited to a single day while FTR exposures range from one to 36 months.

Daugherty said that because all market participants benefit from the liquidity UTCs add, PJM doesn’t support limiting defaults to only those trading UTCs.

Next Steps:

The Credit Subcommittee has scheduled a conference call for 1 pm today to discuss the results of the committee’s polling on the five alternatives.

The Market Implementation Committee (MIC) is scheduled to consider the issue May 8 and submit MRC a single option to consider on May 30.

PJM Proposes Operating Reserve Changes to Cut Uplift

PJM called Thursday for a broad review of its method of providing Operating Reserve payments, saying changes were needed to reduce growing uplift costs.

Operating Reserves are “make whole” payments that ensure generators dispatched out of merit for system reliability don’t operate at a loss. Because they are collected through uplift charges and not reflected in day-ahead or real-time locational marginal prices, they cannot be hedged.

Total Operating Reserve Charges: 1999 - 2012In 2012, operating reserve payments totaled a near record $649 million, 2.2% of total billing. Day-ahead operating reserve charges increased by about 90% in 2012, spiking in September after PJM increased the number of “must run” units dispatched in the day-ahead market.

PJM told the Markets and Reliability Committee it should consider an overhaul that incorporates more of the charges into LMPs.

MRC will be asked to vote on a proposed problem statement at its May 30 meeting. The effort, which would create a senior task force reporting to MRC, is expected to take at least a year.

PJM Senior Vice President of Markets Andy Ott said the focus should be a broad “re-look at the whole concept of uplift charges.”

Uplift charges often result from units that may be economic for two hours but must run for longer periods because of minimum run and ramping constraints. “It’s not an unusual circumstance. It happens every day, every hour,” Ott said.

Noha Sidhom, general counsel for Vel Energy, LLC, said her traders have reduced trading of increments and decrements because of price uncertainty. Incs and decs paid an average of about $2.50/MWh in operating reserve charges in 2012, with charges ranging from 20 cents to almost $18/MWh.

Ott said imposing fixed fees on virtual transactions to reflect their administrative costs and  contribution to operating reserve charges would result in “a much more robust market.”

The Market Monitor’s State of the Markets report included a dozen recommendations on operating reserves. Among them were a review of the allocation of operating reserve charges to ensure that such charges are paid by all responsible for incurring them, including those making up-to congestion (UTC) transactions. (See “MRC Defines UTCs”)

The monitor estimated the number of UTC transactions would have been cut by two-thirds if they were subject to operating reserve charges.

PJM contact: Lynn Horning

 

PJM Working on New Deal with Monitor

WILMINGTON  (April 25, 2013) – PJM announced today it is negotiating a new contract with its independent market monitor, Monitoring Analytics LLC, dropping plans to put the contract out for bid.

PJM General Counsel Vince Duane told the Markets and Reliability Committee that the RTO and Monitoring Analytics have agreed to extend the company’s current contract — due to expire in mid-2014 — through the end of next year.

Duane said PJM would issue a request for proposals (RFP) for monitoring services only if it cannot reach agreement with Monitoring Analytics on a new three-year contract beginning in 2015.  Such an impasse “doesn’t seem terribly likely,” Duane said.

Duane said the PJM board made the decision to renew the Monitoring Analytics contract in the interests of “continuity” after receiving feedback from stakeholders.

In March, state regulators, industrial consumers and cooperatives sent the PJM board letters protesting its draft RFP, saying it contained terms that would undermine the independence and quality of the monitoring function.

Duane said yesterday that the new contract would include “reasonable measures” for the board to exercise oversight ensuring the monitor’s “accountability.” Duane promised to update members on the status of negotiations within two months, adding,  “What we’d ask for at this time is some breathing room.”

Jeff Mayes, general counsel of Monitoring Analytics, said the company was confident that the two parties would reach agreement.

“We recognize the board’s important role in promoting an independent and capable monitoring function,” Mayes said in a statement. “We appreciate the board’s interest in fulfilling its responsibilities related to market monitoring under the tariff and FERC (Federal Energy Regulatory Commission) rules.”

A new contract with the monitoring firm would allow the board to avert another showdown with stakeholders over the monitor’s role.

Monitoring Analytics is headed by Joseph Bowring, a Ph.D. economist who has served as PJM’s market monitor since 1999. In April 2007, Bowring sparked a firestorm at a FERC technical conference when he accused then-PJM President Phil Harris and his allies of attempting to muzzle him by squelching his reports and cutting his budget.

Under the terms of a settlement approved by FERC, Bowring formed Monitoring Analytics to create an independent monitoring function (EL07-56-000) and was awarded a six-year contract.

Electric Industry Leads U.S. in Cybersecurity Protections

The North American Electric Reliability Corp. (NERC) issued $9.2 million in fines for violations of its cybersecurity rules between 2008 and October 2012, half of all fines issued over that period.

Violations of NERC’s Critical Infrastructure Protection (CIP) rules were involved in six of the top 10 penalties, including a $725,000 fine in October.

At a time when Congress has been unable to agree on cybersecurity legislation to protect the rest of the U.S. economy, there’s no doubt that NERC and the Federal Energy Regulatory Commission take the cyber threat seriously.NERC-reliability-violations-bar-graphs1

The industry has come a long way in the three years since I was sitting in on NERC audits as a member of the FERC enforcement staff. The new CIP rules approved by FERC last week will cover more assets and add more controls. They’ll no doubt be good for the business of IT consultants. Regulated utilities that are allowed to put the costs in rate base will be more than happy to spend the money.

But will it be enough to prevent the potential for what former Defense Secretary Leon Panetta called a “cyber Pearl Harbor”?

While Congress gave FERC authority to issue fines of up to $1 million per day per violation, the fines issued to date have been puny relative to the earnings of the companies involved — less than one-tenth of one percent of the companies’ net income (see table)CIP-Violators-chart

Meanwhile, a decision by NERC and FERC to stop disclosing the identities of CIP violators — so as not to expose the violators’ vulnerabilities — has removed any reputational risk that companies might fear. Since September 2011, virtually none of those penalized for CIP violations has been named.

In announcing the new CIP rules last week, FERC commissioners emphasized their desire to emphasize compliance over punishment. That’s a reasonable approach, especially when the rules are new.

But if there is no reputational risk and the financial penalties are not material, don’t be surprised if some companies decide that it’s better business to cut corners on cybersecurity.

Rich Heidorn Jr. 

FERC Remands DR Information Requirements

FERC ruled Friday that PJM must seek commission approval for new rules requiring demand response providers to provide officer certifications and additional information on their customers.

Acting on a complaint by three demand response providers, FERC said the changes required amendments to the PJM tariff and not just its manuals. Tariff changes require commission approval while manual changes don’t.

The rules, implemented March 28, require Curtailment Service Providers seeking to participate in capacity auctions to file “Sell Offer Plans,” including information about the provider’s customers. CSPs also must have a company officer sign a certification attesting to the company’s intent to physically deliver MWs.

The demand response providers filed the complaint April 3, saying the rules create unnecessary barriers to demand response participation in PJM’s capacity markets.

The plaintiffs’ procedural victory may be short-lived, however. In a statement concurring with the order, Commissioners Philip Moeller and Tony Clark indicated they would look favorably on the changes when PJM files them with the commission. “It appears that PJM has a legitimate need to require that demand resources provide certain information to substantiate offers to supply capacity,” the commissioners wrote.

The commissioners said the information was needed to prevent uncertainty that could “degrade the very purpose of PJM’s capacity market.”

Seeking “Bright Line,” FERC Leaves BES Appeal Rules Unclear

By Rich Heidorn Jr
PJM Insider

The Federal Energy Regulatory Commission gave final approval Thursday to NERC’s revised definition of the “Bulk Electric System“ (BES), the category of transmission facilities covered by NERC reliability rules (Docket #s RM12-6, RM12-7).

The new definition eliminates regional discretion and establishes a “bright-line” threshold including most facilities operating at or above 100 kV. Excluded from the definition are certain radial facilities.

The order includes a case-by-case exemption process for entities seeking to remove from BES status facilities that they believe should be characterized as local.

Thursday’s order reaffirmed FERC’s Dec. 20 ruling in the docket and rejected rehearing requests from several parties who said the commission’s explanation of the case-by-case exemption process was unclear. The  order did little to address the commenters’ concerns, however, containing several apparent contradictions (see below).

Reason for Change:

FERC directed NERC to develop the new BES definition in Order 743 (Nov. 18, 2010), saying the current process lacked sufficient oversight and led to inconsistencies between regions.

All reliability regions except the Northeast Power Coordinating Council, Inc. (NPCC) already use the 100 kV threshold. The commission said NPCC’s classifications of 100 kV facilities as local distribution were “subjective” and inconsistent and excluded “facilities that clearly are needed for reliable operation.”

The commission said the new threshold was appropriate because most 100 kV and above facilities operate in parallel with higher voltage facilities and experience similar loading. As a result, 100 kV facilities are relied upon during contingency scenarios and failures of such lines have caused cascading outages, the commission said.

The Commission also asserted that it can designate sub-100 kV facilities as part of the BES if they are necessary for the reliability of the transmission network, noting that such facilities were a significant factor in the Arizona-Southern California outages on Sept. 8, 2011.

Impact:

NERC had previously used 100 kV as a guideline for distinguishing between transmission and local distribution systems. The new order eliminates the phrase “generally operated at voltages of 100 kV or higher” in the current definition.

In its place is a new “core definition” covering all transmission elements and real power and reactive power resources connected at 100 kV or higher. The rule also lists five facilities configurations that are typically included in the BES and four that are excluded.

Newly-included elements have 24 months from the July 1, 2013 effective date to comply with reliability standards.

The commission required two changes to the NERC proposal, saying the exclusions for radial systems should not cover generator tie lines but should cover looped configurations connected below 100 kV.

The commission said most local distribution facilities will be automatically excluded by the 100 kV threshold and the local network exclusion (see exclusion 3). For those that aren’t, the new rules allow facility owners to appeal to NERC or FERC for a case-by-case review.

The “starting point” for FERC’s review will be the seven-factor test it set out in Order 888 (April 24, 1996). The seven “indicators” of local distribution include physical characteristics (local distribution facilities are normally in close proximity to retail customers, primarily radial and lower voltage) and functional characteristics (power flowing into local distribution systems is consumed in a restricted geographical area; it rarely, if ever, flows out to be transported to another market).

Confusion over Appeal Process

How NERC’s process will interact with FERC’s was the subject of much confusion after the Dec. 20 order.

In Order 743, the commission said that determining the line between transmission and local distribution should be part of NERC’s case-by-case exception process and directed NERC to develop rules for doing so.

In the Dec. 20 order, however, FERC announced that “while NERC’s case-by-case exceptions process is appropriate to determine the technical issue of whether facilities are part of the bulk electric system, the jurisdictional question of whether facilities are used in local distribution should be decided by the Commission.” (Emphasis added.)

Several parties filed responses saying that the Dec. 20 order created a confusing and potentially duplicative process.

“Will the processes run concurrently? If not, which process (NERC’s “technical” consideration or FERC’s “jurisdictional” consideration) is conducted first?” the National Rural Electric Cooperative Association asked in a Jan. 22 request for clarification or rehearing.

The Transmission Access Policy Study Group (“TAPS”) and Electricity Consumers Resource Council (“ELCON”) called FERC’s solution confusing and unwieldy. “Would NERC be bound by prior FERC determinations? Would FERC reopen NERC determinations? Are there issues that NERC would not be permitted or required to consider, or that entities would not be permitted to raise, in the exception process? Would one process be delayed pending completion of the other process?” the organizations asked in their petition.

FERC Response

In Thursday’s order, FERC denied the rehearing requests and attempted — without much success — to address the confusion.

FERC said that entities whose facilities are not excluded by NERC under the core definition and exclusions “may appeal a final NERC exceptions process decision to the Commission.” (Paragraph 91)

But it also said entities can petition FERC directly without filing first with NERC and that FERC’s “inquiry is a distinct process not made in connection with review of NERC exception process decisions.”(P 90)

The two processes, FERC said, “are separate, not concurrent and will be used for different determinations.” (P 89)

What the commission appears to be saying in paragraph 90 is that it will independently determine questions of whether a facility is used in local distribution or is part of the Bulk Electric System.

A separate question concerns whether a facility that is not used in local distribution should nonetheless be excluded from NERC’s reliability standards because it is not necessary for the grid’s reliability. In paragraph 91, the commission appears to say that this determination is initially NERC’s call, but can later be appealed to FERC.

A NERC spokeswoman told PJM Insider yesterday that it was still reviewing the order and had no immediate comment. A FERC spokesman said he was unable to elaborate on the order.

The bottom line: Unless the commission provides further clarification,  it may fall to the appellate courts to sort out this tangle.

Highlights of CIP Version 5

CIP version 5 is comprised of 10 standards, one covering the categorization of assets and nine mitigating their risk of being compromised.

Categorization of risk

CIP–002–5 (BES Cyber System Categorization) will require entities to categorize all BES Cyber Systems according to impact that “loss, compromise, or misuse” of the systems could have on the reliable operation of the grid.

  • High Impact facilities, which include large control centers and backup centers that perform the roles of the Reliability Coordinator, Balancing Authority (for generation of 3,000 MW or more in a single Interconnection), Transmission Operator or Generator Operator.
  • Medium Impact facilities are generation and transmission facilities (similar to those identified as Critical Assets in CIP-002-4) and control centers not identified as Critical Assets in CIP-002-4.
  • Low Impact facilities are all other BES Cyber Systems. This establishes protections for systems not covered by CIP Version 4.
Risk mitigation
  • CIP-003-5 (Security Management Controls) requires that low impact systems implement policies for cybersecurity awareness, physical security, electronic access, and incident reporting. The commission ordered NERC to provide more detail on these requirements.
  • CIP-004-5 (Personnel and Training) requires programs for security awareness, cyber security training, personnel risk assessment, and access management.
    • Expands training requirements and adds identification of roles requiring training.
    • Includes rules for electronic interconnectivity and storage media;
    • Specifies that the seven-year criminal history check covers all locations where an individual has lived for six consecutive months or more, regardless of official residence; and
    • Requires companies to revoke access for terminated employees immediately, instead of within 24 hours. Also requires immediate revocation for those no longer needing access (e.g., transferred employees).
  • CIP-005-5 (Electronic Security Perimeter(s)), focuses more on discrete Electronic Access Points; requires two security measures for detecting malicious communications so that Cyber Assets do not lose all perimeter protection if one measure fails.
  • CIP-006-5 (Physical Security of BES Cyber Systems) requires a physical security plan to protect BES Cyber Systems; clarifies that high impact systems must have at least two physical access controls protecting security perimeters; increases testing from every three years to every two years.
  • CIP-007-5 (Systems Security Management) is modified to make the requirements less dependent on specific technology so that they will remain relevant for future technologies; increases and clarifies testing requirements.
  • CIP-008-5 (Incident Reporting and Response Planning) specifies incident response requirements, including one requirement to report cyber security incidents to NERC’s Electricity Sector Information Sharing and Analysis Center (ES‐ISAC) within one hour and another for after-action reviews.
  • CIP-009-5 (Recovery Plans for BES Cyber Systems) specifies requirements for recovery plans, including testing every 36 months.
  • CIP-010-1 (Configuration Change Management and Vulnerability Assessments) is a new standard that consolidates requirements from previous versions of CIP-003, CIP-005 and CIP-007; includes requirements to detect unauthorized modifications to BES Cyber Systems.
  • CIP-011-1 (Information Protection) is a new standard that consolidates the information protection requirements from previous versions of CIP-003 and CIP-007; includes requirements to prevent unauthorized access to BES Cyber System Information and specifies reuse and disposal provisions to prevent unauthorized dissemination of protected information.