[Federal Register Volume 88, Number 152 (Wednesday, August 9, 2023)]
[Notices]
[Pages 53882-53885]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-17061]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission
[Docket No. RD23-2-000]
North American Electric Reliability Corporation; Final Notice of
Joint Technical Conference
As announced in the Notice of Joint Technical Conference issued in
this proceeding on May 30, 2023, the Federal Energy Regulatory
Commission (Commission) and North American Electric Reliability
Corporation (NERC) staff will convene a technical conference on August
10, 2023, from 9:00 a.m. to 4:30 p.m. Eastern Time.
The purpose of this conference is to discuss physical security of
the Bulk-Power System, including the adequacy of existing physical
security controls, challenges, and solutions. The conference will
include two parts and four panel discussions. Part 1 will address the
effectiveness of Reliability Standard CIP-014-3 (Physical Security) and
include two panels on the applicability of CIP-014-3 and minimum levels
of physical protection. Part 2 will address solutions beyond
Reliability Standard CIP-014-3 and include two panels on physical
security best practices and operational preparedness and planning a
more resilient grid.
We note that discussions at the conference may involve issues
raised in proceedings that are currently pending before the Commission.
These proceedings include, but are not limited to:
Petition for Rulemaking, Docket No. EL23-69-000
Attached to this Final Notice is an agenda for the technical
conference, which includes more detail for each panel. Only invited
panelists and staff from the Commission and NERC will participate in
the panel discussions. Interested parties may listen and observe, and
written comments may be submitted after the conference in Docket No.
RD23-2-000.
The conference will be held in-person at NERC's headquarters at
3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326.
Information on travelling to NERC's Atlanta office is available here.
The conference will be open for the public to attend, and there is no
fee for attendance. It will be transcribed and webcast. Those observing
via webcast may register here. Information on this conference will also
be posted on the Calendar of Events on the Commission's website,
www.ferc.gov, prior to the event.
Commission conferences are accessible under section 508 of the
Rehabilitation Act of 1973. For accessibility accommodations, please
send an email to [email protected], call toll-free (866) 208-3372
(voice) or (202) 208-8659 (TTY), or send a fax to (202) 208-2106 with
the required accommodations. The conference will also be transcribed.
Transcripts will be available for a fee from Ace Reporting, (202) 347-
3700.
For more information about this technical conference, please
contact Terrance Clingan at [email protected] or (202) 502-
8823. For information related to logistics, please contact Lonnie
Ratliff at [email protected] or Sarah McKinley at
[email protected] or (202) 502-8004.
Dated: August 3, 2023.
Debbie-Anne A. Reese,
Deputy Secretary.
[[Page 53883]]
[GRAPHIC] [TIFF OMITTED] TN09AU23.036
Joint Physical Security Technical Conference
Agenda
Docket No. RD23-2-000
August 10, 2023
August 10, 2023
9:00-4:30 p.m. Eastern
NERC Atlanta Office, 3353 Peachtree Road NE, Suite 600--North Tower,
Atlanta, GA 30326.
Welcome and Opening Remarks (9:00-9:12 a.m.)
NERC Antitrust Compliance Guidelines and Commission Staff Disclaimer
(9:12-9:15 a.m.)
Agenda
Introduction and Background (9:15-9:30 a.m.)
Commission and NERC staff will provide background information
relevant to discussion during the technical conference, including on
Reliability Standard CIP-014-3, the current physical security
landscape, recent Commission activities on physical security, and the
NERC report filed with the Commission in April.
Part 1: Effectiveness of Reliability Standard CIP-014-3
Part 1 of the technical conference will focus on Reliability
Standard CIP-014-3, as it is enforced today as well as any potential
revisions to the standard resulting in subsequent versions.
Panel 1--Applicability (9:30-10:50 a.m.)
This panel will explore the facilities subject to Reliability
Standard CIP-014-3. While the NERC report filed with the Commission did
not recommend revising the applicability section of the Standard at
this time, the report determined that this could change based on
additional information. Panelists will discuss whether the
applicability section of Reliability Standard CIP-014-3 identifies the
appropriate facilities to mitigate physical security risks to better
assure reliable operation of the Bulk-Power System. Panelists will also
discuss whether additional type(s) of substation configurations should
be studied to determine risks and the possible need for required
protections.
This panel may include a discussion of the following topics and
questions:
1. Is the applicability section of CIP-014-3 properly determining
transmission station/substations to be assessed for instability,
uncontrolled separation or cascading within the Interconnection?
Specifically, are the correct facilities being assessed and what
topology or characteristics should the applicable facilities have to be
subject to CIP-014? For example, are there criteria other than those in
Section 4.1.1 of CIP-014-3, such as connected to two vs. three other
station/substations and exceeding the aggregated weighted value of
3000, changing the weighting value of the table in the applicability
section, or including lower transmission voltages?
2. Given the changing threat landscape, are there specific
transmission station/substation configurations that should be included
in the applicability section of CIP-014-3, including combinations of
stations/substations to represent coordinated attacks on multiple
facilities? What would they be and why?
3. What other assessments (e.g., a TPL-001 planning assessment) may
be used to identify an at-risk facility or group of facilities that
should be considered for applicability under CIP-014-3? How stringent
are those assessments? Describe any procedural differences between
those other assessments and the CIP-014-3 R1 Risk Assessment. Should
CIP-014-3 apply to entities other than those transmission owners to
which 4.1.1 applies or transmission operators to which 4.1.2 applies?
4. Should potential load loss or generation loss be considered? If
so, why, and how would potential impact be determined (e.g., how would
potential load loss be determined in advance of running an
assessment?)?
5. Should facilities that perform physical security monitoring
functions that are not currently subject to CIP-014-3 (e.g., security
operation centers) be covered by CIP-014-3 as well? If so, what
criteria should be used?
Moderators:
Olutayo Oyelade, Supervisory Electrical Engineer, FERC
Kiel Lyons, Senior Manager, Compliance Assurance, NERC
Panelists:
Mark Rice, Senior Power Engineer, Pacific Northwest
National Lab
Eric Rollison, Assistant Director, Office of
Cybersecurity, Energy Security, and Emergency Response (Department of
Energy)
Adam Gerstnecker, Managing Principal Consultant,
Mitsubishi Electric Power Products, Inc.
Jamie Calderon, Manager, NERC
Lawrence Fitzgerald, Director, TRC Companies
Break (10:50-11:00 a.m.)
Panel 2--Minimum Level of Physical Protection (11:00 a.m.-12:30 p.m.)
This panel will discuss the reliability goal to be achieved and
based on that goal, what, if any, mandatory minimum resiliency or
security protections should be required against facility attacks, e.g.,
site hardening, ballistic protection, etc. This panel will discuss the
scope of reliability, resilience, and security measures that are
inclusive of a robust, effective, and risk-informed approach to
reducing physical security risks. The panel will also consider whether
any minimum protections should be tiered and discuss the appropriate
criteria for a tiered approach.
This panel may include a discussion of the following topics and
questions:
1. What is our reliability goal? What are we protecting against to
ensure grid reliability beyond what is required in the current
standards?
a. What are the specific physical security threats (both current
and emerging) to all stations/substations on the bulk electric system?
b. As threats are continually evolving, how can we identify those
specific threats?
c. How do threats vary across all stations/substations on the bulk
electric
[[Page 53884]]
system? How would defenses against those threats vary?
To what extent should simultaneous attacks at multiple sites be
considered?
2. Do we need mandatory minimum protections? If so, what should
they be?
a. Should there be flexible criteria or a bright line?
b. Should minimum protections be tiered (i.e., stations/substations
receive varying levels of protection according to their importance to
the grid)? How should importance be quantified for these protections?
c. Should minimum protections be based on preventing instability,
uncontrolled separation, or cascading or preventing loss of service to
customers (e.g., as in Moore County, NC) ? If minimum protections were
to be based on something other than the instability, uncontrolled
separation, or cascading, what burden would that have on various
registered entities? If the focus is on loss of service, is it
necessary to have state and local jurisdictions involved to implement a
minimum set of protections?
d. In what areas should any minimum protections be focused?
i. Detection?
ii. Assessment?
iii. Response?
3. To what extent would minimum protections help mitigate the
likelihood and/or reliability impact of simultaneous, multi-site
attacks?
Moderators:
Coboyo Bodjona, Electrical Engineer, FERC
Lonnie Ratliff, Director, Compliance Assurance and
Certification, NERC
Panelists:
Travis Moran, Senior Reliability and Security Advisor,
SERC
Mike Melvin, Director, Exelon representing Edison Electric
Institute
Kathy Judge, Director, National Grid representing Edison
Electric Institute
Jackie Flowers, Director, Tacoma Public Utilities
Lunch (12:30-1:00 p.m.)
Part 2: Solutions Beyond CIP-014-3
Part 2 of the technical conference will focus on solutions for
physical security beyond the requirements in Reliability Standard CIP-
014-3.
Panel 3--Best Practices and Operational Preparedness (1:00-2:30 p.m.)
This panel will discuss physical security best practices for
prevention, protection, response, and recovery. The discussion will
include asset management strategies to prepare, incident training
preparedness and response, and research and development needs.
This panel may include a discussion of the following topics and
questions:
1. What is the physical security threat landscape for each of your
companies? What best practices have been implemented to mitigate the
risks and vulnerabilities of physical attacks on energy infrastructure?
2. What asset management and preparedness best practices have your
member companies implemented to prevent, protect against, respond to,
and recover from physical attacks on their energy infrastructure?
3. What research and development efforts are underway or needed for
understanding and mitigating physical security risks to critical energy
electrical infrastructure?
4. What research and development efforts, including the development
of tools, would you like to see the National Labs undertake to assist
your companies in addressing physical threats to your critical
electrical infrastructure?
5. What do you need or would like to see from the energy industry
to improve your ability and accuracy in addressing physical security
risks to critical energy electrical infrastructure?
6. What best practices are in place to accelerate electric utility
situational awareness of an incident and to involve local jurisdiction
responders?
7. What can the federal and state regulators do to assist the
energy industry in improving their physical security posture?
8. What training improvements can NERC and the Regional Entities
implement to system operators to aid in real-time identification and
recovery procedures from physical attacks?
9. What changes could be made to improve information sharing
between the federal government and industry?
Moderators:
Joseph McClelland, Director, Office of Energy
Infrastructure Security, FERC
Bill Peterson, Director, Entity Development &
Communication, SERC
Panelists:
Vinit Gupta, Vice President, ITC Holdings Corp.
Randy Horton, Director, Electric Power Research Institute
Craig Lawton, Mission Campaign Manager, Sandia National
Lab
Michael Ball, National Security and Resiliency Advisor,
Berkshire Hathaway Energy
Thomas J. Galloway, Sr., President and CEO, North American
Transmission Forum
Scott Aaronson, Senior Vice President, Edison Electric
Institute
Break (2:30-2:40 p.m.)
Panel 4--Grid Planning to Respond to and Recover from Physical and
Cyber Security Threats and Potential Obstacles (2:40-4:10 p.m.)
This panel will explore planning to respond to and recovery from
physical and cyber security threats and potential obstacles to
developing and implementing such plans. This discussion will focus on
how best to integrate cyber and physical security with engineering,
particularly in the planning phase. The panel will discuss whether
critical stations could be reduced through best practices and how to
determine whether to mitigate the risk of a critical station or protect
it. Finally, the panel will consider the implications of the changing
resource mix on vulnerability of the grid and its resilience to
disruptions.
This panel may include a discussion of the following topics and
questions:
1. How can cyber and physical security be integrated with
engineering, particularly planning? What aspects of cyber and physical
security need to be incorporated into the transmission planning
process?
2. What modifications could be made to TPL-001 to bring in broader
attack focus (e.g., coordinated attack)? What sensitivities or examined
contingencies might help identify vulnerabilities to grid attacks?
3. Currently, if a CIP-014-3 R1 assessment deems a transmission
station/substation as ``critical'' that station/substation must be
physically protected. Are there best practices for reconfiguring
facilities so as to reduce the criticality of stations/substations?
4. When prioritizing resources, how should entities determine which
``critical'' stations/substations to remove from the list and which to
protect? If the project is extensive and may have a long lead time to
construct, to what degree does the station/substation need to be
protected during the interim period?
5. How will the development of the grid to accommodate the
interconnection of future renewable generation affect the resilience of
the grid to attack? Will the presence of future additional renewable
generation itself add to or detract from the resilience of the grid to
physical attack?
6. What are the obstacles to developing a more resilient grid? What
strategies can be used to address these obstacles?
a. Cost?
b. Siting?
c. Regulatory Barriers?
d. Staffing/training?
Moderators:
Terry Clingan, Electrical Engineer, FERC
Ryan Quint, Director, Engineering and Security
Integration, NERC
Panelists:
Ken Seiler, Vice President, PJM Interconnection
[[Page 53885]]
Tracy McCrory, Vice President, Tennessee Valley Authority
Daniel Sierra, Manager, Burns and McDonnell
Daron Frederick, Chief Information Officer, Arkansas
Electric Cooperative
Kent Chandler, Chairman, Kentucky Public Service
Commission
Closing Remarks (4:10-4:30 p.m.)
[FR Doc. 2023-17061 Filed 8-8-23; 8:45 am]
BILLING CODE 6717-01-P