The Midwest faces several new risks in 2023, including cybersecurity threats and supply chain difficulties, according to the Midwest Reliability Organization’s 2023 Regional Risk Assessment, released Monday.
MRO prepares its risk assessment each year as a supplement to the ERO Enterprise’s publications, such as NERC’s Long-Term Reliability Assessment (LTRA), State of Reliability Report and Reliability Risk Priorities Report, focusing on the risks specifically facing utilities in MRO’s footprint. The report was developed by MRO staff with input from the regional entity’s three advisory councils: Compliance Monitoring and Enforcement (CMEP), Reliability, and Security.
NERC’s LTRA, released in December, identified the Midwest as one of the areas at highest risk of energy shortfalls in the coming decade, largely because of generation retirements “outpacing the new resource additions and not keeping up with resource adequacy criteria.” (See NERC Warns of Ongoing Extreme Weather Risks.)
MRO’s new report echoed this warning, specifying that the new generation being introduced is both “dispersed [and] variable” and “perform much differently than conventional resources.” The consequence of the first issue is that reserve margins for the region’s utilities are becoming tighter; the second means that new modeling assumptions are needed to account for the difference in the new assets’ performance.
These factors were among the eight “most likely and impactful” risks of the 17 that MRO staff identified in the latest risk assessment. Also included in the highest risk category are:
- generation unavailability during extreme cold weather;
- insider threats;
- overhead transmission line ratings;
- phishing, malware and ransomware; and
- supply chain compromises.
The report’s authors ranked each of these risks as posing a moderate or major risk to bulk power system reliability, and either “possible” or “likely” to occur. MRO said that these risks “will be focus areas for 2023 mitigation action plans … to help improve or develop controls and increase awareness of these risks within MRO.”
The report also adds three risk areas that were not included in last year’s risk assessment: compromise of sensitive information by malicious actors; increased penetration of internet-connected devices on utility systems increasing the risk of remote infiltration; and availability of necessary materials and equipment because of supply chain disruptions, such as those caused by the COVID-19 pandemic. MRO considered each of these risks possible but posing a minor threat to grid reliability.
Six of the 14 risks that were found in both this year’s and the previous year’s assessments changed their ranking in the new report, with most increasing in either impact or likelihood. Bulk power model assumption accuracy and energy reliability planning both increased from “possible” to “likely” because of “limited mitigating actions” since last year.
Line ratings went from a minor to moderate risk because of “uncertainty introduced by FERC Order 881,” which requires the use of ambient-adjusted ratings for short-term transmission requests for all lines impacted by air temperature. (See FERC Denies Rehearing, Clarifies Order 881 on Line Ratings.) An “increasingly challenging job market” caused the “tightening supply of expert labor” risk to increase from “possible” to “likely,” and the “inadequate [inverter-based resources] ride-through capability” decreased in impact but increased in likelihood.
Only one risk dropped in both impact and likelihood: “misoperations due to human errors” was ranked as “possible” but with “negligible” impact, thanks to “guidance provided by an ERO and FERC report on protection system commissioning programs and the limited impact of a single misoperation on the bulk power system.”
“The risks highlighted in this report provide valuable insight to the challenges the industry faces and the policies and regulations that will help define a variety of proposed solutions,” MRO COO Richard Burt said in a press release. “This report and others published by the ERO Enterprise underscore the need for multiple stakeholders to work together in a coordinated and collaborative fashion towards the common goal of reliable and secure power grid.”