At FERC’s annual reliability technical conference on Thursday, commissioners focused on the work needed to prepare the bulk power system for a world of rapidly developing challenges.
“Much has been said about mistakes that have happened in the past. Much has been said about some of the near-misses and misses that we’ve had on our system,” Commissioner Willie Phillips, who served as moderator, said in his opening remarks. “What I would like to focus on is the future. I would like for you to help me see around the corner [and] what your thoughts are on best practices that we can use.”
He continued, “Help us see where the gaps are with our regulatory regime, so that we can make sure that we direct the right and specific changes to [NERC’s] reliability standards, which I don’t think anybody can argue are a great foundation.”
The first of the day’s two panels focused on the reliability challenges emerging because of multiple transformations occurring, with the North American power grid becoming more decarbonized, more decentralized and more digital. NERC CEO Jim Robb outlined the issues that the ERO has identified in recent years, such as the behavioral differences between renewable and traditional generation resources; difficulties in controlling a large number of small, distributed generators; and the spread of cyberattacks from criminals and state-backed organizations.
Asked by FERC Chairman Richard Glick for their thoughts on the issues that the commission and NERC should be prioritizing, Robb’s fellow panelists had a wide range of responses. Michelle Bloodworth, president and CEO of America’s Power — a trade organization that advocates on behalf of the U.S. coal generation fleet and its supply chain — warned that the expected retirement of 93 GW of coal plants between now and 2030 would deprive the grid of generators with the “attributes” — including availability, fuel security and voltage stability — needed to maintain stable operation.
“I do think that it’s under FERC’s legal authority to ensure that we’re sending market signals so those resources do not exit the market,” Bloodworth said. “I also think that it’s in FERC’s responsibility under Section 215 [of the Federal Power Act] to … provide the financial support that is needed to retain those assets that provide those attributes, until resources with equivalent characteristics come online.”
But instead of incentivizing utilities to keep these assets and the safety they provide, Bloodworth said that current policies tend to have the opposite effect of encouraging entities to retire their coal plants prematurely. She urged FERC to “play a large role in … determining how we value those attributes” that contribute to reliability “with a sense of urgency” so that utilities can plan their generation needs properly.
Building on Bloodworth’s point, Mark Ahlstrom — vice president of renewable energy policy at NextEra Energy Resources, which calls itself the world’s largest producer of wind and solar energy — told commissioners they “need to actually get down to defining what ‘essential reliability services’ are.”
Calling himself “a representative from the inverter-based side of the world” — referring to the fact that solar and wind facilities, unlike coal plants, connect to the grid through inverters — Ahlstrom said the lack of agreement on what is necessary may have prevented his industry from pursuing the best paths.
“I’ve often said … give me some energy, some electronics, software and a definition of what you need, [and] we can give you anything you want. We just really haven’t clearly defined what is essential,” he said.
Asked by Commissioner Allison Clements about the challenges to managing the clean energy transition, Ahlstrom said that while there are “many pathways [that] all could reach the destination,” the difficult part is coordinating among the many different stakeholders helping to build the BPS. Tricia Johnstone, director of operational readiness at CAISO, added that while NERC’s reliability standards “provide a really good basis for us right now,” the ERO will have to work to ensure they are proactively adapting to the rapid changes.
“For an operator, your day-to-day measure [of] ‘are we doing a good job as a balancing authority’ is [NERC’s] BAL standards and measures, and that’s what we’re monitoring in the control room to make sure that we’re in balance,” Johnstone said, referring to the family of standards that govern resource and demand balancing. “But with some of the technologies — [for example], battery storage ramps very fast, and it will actually send our measurements where we don’t want them to be.”
She said the question for utilities and regulators should be how “those [standards] need to evolve in the future, so as the resource mix changes, do those measurements need to be adjusted?”
Emerging Cyber Challenges
In the second panel, which focused on cybersecurity, Phillips opened by noting that successful cyber defense requires “buy-in from the leadership” and full commitment to establishing a culture of safety, not just compliance. Phillips called NERC’s Critical Infrastructure Protection (CIP) standards a “floor” that can still “never keep up with the threats that we face,” and asked panelists “do you have the resources, do you have the intelligence, do you have the technical capability to … identify and respond to cybersecurity threats?”
SERC Reliability CEO Jason Blake acknowledged the cyber threat landscape as “daunting,” with “well funded [and] aggressive” adversaries who are “only getting more sophisticated.” Coupled with the dedication of the global cyber threat community, the increasing use of remote controls for grid monitoring and control, along with digital communications between utility staff, has expanded the “attack surface” available for these adversaries to target.
While Blake also reported taking “great pride [in] where this industry is today” and called the electric industry’s progress on cybersecurity far ahead of many other industries, he reminded the commission that considerable work will be needed on an ongoing basis just to stay even with the threats.
“We are not perfect, and we cannot rest, and you have to understand that concept as you move forward,” Blake said. “So how do you do that? I think you go in with the larger vision [and] overarching framework to make sure that you are constantly striving your organization, to advance it to meet the security challenges of today and tomorrow. It’s not enough just to try to achieve baseline compliance … what you’re wanting to do is … drive a continuous improvement mindset where you’re really advancing and pushing people.”
The work required to keep the CIP standards up to date was a major topic of discussion at the panel, with Clements suggesting that the deliberate pace of NERC’s standards development process might not be capable of keeping up with the emerging threats. She asked panelists for suggestions of how to make regulated entities more “nimble” while avoiding approaches that would “add another layer of bureaucracy or processes to it.”
Eric Miller, executive director of information technology infrastructure and real-time application support at MISO, suggested that there “could be benefit in trying to adopt existing frameworks.” For example, NERC collaborated with the National Institute for Standards and Technology (NIST) last year on a reference document mapping NIST’s Framework for Improving Critical Infrastructure Cybersecurity to the ERO’s CIP standards. (See NERC, NIST Update Cybersecurity Mapping.)
The benefit of this mapping, Miller said, is that at “a very high level, it’s very easy to communicate across the spectrum” the relationship between NERC’s standards and the NIST framework so that registered entities can identify actions that satisfy both. It can also help NERC’s standards development staff to find gaps in the standards and blind spots that are addressed by other frameworks.
All panelists felt that the CIP standards should not have to stand as the sole word on cybersecurity in the power industry. Brandon Wales, the executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said that utilities should have the flexibility to look beyond the minimum required of them and find the tools needed to meet their goals.
“Standards are never going to be there to address the acute problems we deal with, and so I wouldn’t say all emerging issues are behind the power curve, because there are many that can be fit within the existing structures,” Wales said. “But I do think that there are potentially a class of emerging issues that really test the foundations of what we are doing, and … we may need new areas that the existing frameworks don’t sufficiently capture the complexities of the network environment we deal with today.”