[Federal Register Volume 88, Number 152 (Wednesday, August 9, 2023)]
[Notices]
[Pages 53882-53885]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-17061]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

[Docket No. RD23-2-000]


North American Electric Reliability Corporation; Final Notice of 
Joint Technical Conference

    As announced in the Notice of Joint Technical Conference issued in 
this proceeding on May 30, 2023, the Federal Energy Regulatory 
Commission (Commission) and North American Electric Reliability 
Corporation (NERC) staff will convene a technical conference on August 
10, 2023, from 9:00 a.m. to 4:30 p.m. Eastern Time.
    The purpose of this conference is to discuss physical security of 
the Bulk-Power System, including the adequacy of existing physical 
security controls, challenges, and solutions. The conference will 
include two parts and four panel discussions. Part 1 will address the 
effectiveness of Reliability Standard CIP-014-3 (Physical Security) and 
include two panels on the applicability of CIP-014-3 and minimum levels 
of physical protection. Part 2 will address solutions beyond 
Reliability Standard CIP-014-3 and include two panels on physical 
security best practices and operational preparedness and planning a 
more resilient grid.
    We note that discussions at the conference may involve issues 
raised in proceedings that are currently pending before the Commission. 
These proceedings include, but are not limited to:

Petition for Rulemaking, Docket No. EL23-69-000

    Attached to this Final Notice is an agenda for the technical 
conference, which includes more detail for each panel. Only invited 
panelists and staff from the Commission and NERC will participate in 
the panel discussions. Interested parties may listen and observe, and 
written comments may be submitted after the conference in Docket No. 
RD23-2-000.
    The conference will be held in-person at NERC's headquarters at 
3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326. 
Information on travelling to NERC's Atlanta office is available here. 
The conference will be open for the public to attend, and there is no 
fee for attendance. It will be transcribed and webcast. Those observing 
via webcast may register here. Information on this conference will also 
be posted on the Calendar of Events on the Commission's website, 
www.ferc.gov, prior to the event.
    Commission conferences are accessible under section 508 of the 
Rehabilitation Act of 1973. For accessibility accommodations, please 
send an email to [email protected], call toll-free (866) 208-3372 
(voice) or (202) 208-8659 (TTY), or send a fax to (202) 208-2106 with 
the required accommodations. The conference will also be transcribed. 
Transcripts will be available for a fee from Ace Reporting, (202) 347-
3700.
    For more information about this technical conference, please 
contact Terrance Clingan at [email protected] or (202) 502-
8823. For information related to logistics, please contact Lonnie 
Ratliff at [email protected] or Sarah McKinley at 
[email protected] or (202) 502-8004.

    Dated: August 3, 2023.
Debbie-Anne A. Reese,
Deputy Secretary.

[[Page 53883]]

[GRAPHIC] [TIFF OMITTED] TN09AU23.036

Joint Physical Security Technical Conference

Agenda

Docket No. RD23-2-000

August 10, 2023

August 10, 2023

9:00-4:30 p.m. Eastern
NERC Atlanta Office, 3353 Peachtree Road NE, Suite 600--North Tower, 
Atlanta, GA 30326.
Welcome and Opening Remarks (9:00-9:12 a.m.)
NERC Antitrust Compliance Guidelines and Commission Staff Disclaimer 
(9:12-9:15 a.m.)
Agenda
Introduction and Background (9:15-9:30 a.m.)

    Commission and NERC staff will provide background information 
relevant to discussion during the technical conference, including on 
Reliability Standard CIP-014-3, the current physical security 
landscape, recent Commission activities on physical security, and the 
NERC report filed with the Commission in April.

Part 1: Effectiveness of Reliability Standard CIP-014-3

    Part 1 of the technical conference will focus on Reliability 
Standard CIP-014-3, as it is enforced today as well as any potential 
revisions to the standard resulting in subsequent versions.

Panel 1--Applicability (9:30-10:50 a.m.)

    This panel will explore the facilities subject to Reliability 
Standard CIP-014-3. While the NERC report filed with the Commission did 
not recommend revising the applicability section of the Standard at 
this time, the report determined that this could change based on 
additional information. Panelists will discuss whether the 
applicability section of Reliability Standard CIP-014-3 identifies the 
appropriate facilities to mitigate physical security risks to better 
assure reliable operation of the Bulk-Power System. Panelists will also 
discuss whether additional type(s) of substation configurations should 
be studied to determine risks and the possible need for required 
protections.
    This panel may include a discussion of the following topics and 
questions:
    1. Is the applicability section of CIP-014-3 properly determining 
transmission station/substations to be assessed for instability, 
uncontrolled separation or cascading within the Interconnection? 
Specifically, are the correct facilities being assessed and what 
topology or characteristics should the applicable facilities have to be 
subject to CIP-014? For example, are there criteria other than those in 
Section 4.1.1 of CIP-014-3, such as connected to two vs. three other 
station/substations and exceeding the aggregated weighted value of 
3000, changing the weighting value of the table in the applicability 
section, or including lower transmission voltages?
    2. Given the changing threat landscape, are there specific 
transmission station/substation configurations that should be included 
in the applicability section of CIP-014-3, including combinations of 
stations/substations to represent coordinated attacks on multiple 
facilities? What would they be and why?
    3. What other assessments (e.g., a TPL-001 planning assessment) may 
be used to identify an at-risk facility or group of facilities that 
should be considered for applicability under CIP-014-3? How stringent 
are those assessments? Describe any procedural differences between 
those other assessments and the CIP-014-3 R1 Risk Assessment. Should 
CIP-014-3 apply to entities other than those transmission owners to 
which 4.1.1 applies or transmission operators to which 4.1.2 applies?
    4. Should potential load loss or generation loss be considered? If 
so, why, and how would potential impact be determined (e.g., how would 
potential load loss be determined in advance of running an 
assessment?)?
    5. Should facilities that perform physical security monitoring 
functions that are not currently subject to CIP-014-3 (e.g., security 
operation centers) be covered by CIP-014-3 as well? If so, what 
criteria should be used?
    Moderators:
     Olutayo Oyelade, Supervisory Electrical Engineer, FERC
     Kiel Lyons, Senior Manager, Compliance Assurance, NERC
    Panelists:
     Mark Rice, Senior Power Engineer, Pacific Northwest 
National Lab
     Eric Rollison, Assistant Director, Office of 
Cybersecurity, Energy Security, and Emergency Response (Department of 
Energy)
     Adam Gerstnecker, Managing Principal Consultant, 
Mitsubishi Electric Power Products, Inc.
     Jamie Calderon, Manager, NERC
     Lawrence Fitzgerald, Director, TRC Companies
Break (10:50-11:00 a.m.)

Panel 2--Minimum Level of Physical Protection (11:00 a.m.-12:30 p.m.)

    This panel will discuss the reliability goal to be achieved and 
based on that goal, what, if any, mandatory minimum resiliency or 
security protections should be required against facility attacks, e.g., 
site hardening, ballistic protection, etc. This panel will discuss the 
scope of reliability, resilience, and security measures that are 
inclusive of a robust, effective, and risk-informed approach to 
reducing physical security risks. The panel will also consider whether 
any minimum protections should be tiered and discuss the appropriate 
criteria for a tiered approach.
    This panel may include a discussion of the following topics and 
questions:
    1. What is our reliability goal? What are we protecting against to 
ensure grid reliability beyond what is required in the current 
standards?
    a. What are the specific physical security threats (both current 
and emerging) to all stations/substations on the bulk electric system?
    b. As threats are continually evolving, how can we identify those 
specific threats?
    c. How do threats vary across all stations/substations on the bulk 
electric

[[Page 53884]]

system? How would defenses against those threats vary?
    To what extent should simultaneous attacks at multiple sites be 
considered?
    2. Do we need mandatory minimum protections? If so, what should 
they be?
    a. Should there be flexible criteria or a bright line?
    b. Should minimum protections be tiered (i.e., stations/substations 
receive varying levels of protection according to their importance to 
the grid)? How should importance be quantified for these protections?
    c. Should minimum protections be based on preventing instability, 
uncontrolled separation, or cascading or preventing loss of service to 
customers (e.g., as in Moore County, NC) ? If minimum protections were 
to be based on something other than the instability, uncontrolled 
separation, or cascading, what burden would that have on various 
registered entities? If the focus is on loss of service, is it 
necessary to have state and local jurisdictions involved to implement a 
minimum set of protections?
    d. In what areas should any minimum protections be focused?
    i. Detection?
    ii. Assessment?
    iii. Response?
    3. To what extent would minimum protections help mitigate the 
likelihood and/or reliability impact of simultaneous, multi-site 
attacks?
    Moderators:
     Coboyo Bodjona, Electrical Engineer, FERC
     Lonnie Ratliff, Director, Compliance Assurance and 
Certification, NERC
    Panelists:
     Travis Moran, Senior Reliability and Security Advisor, 
SERC
     Mike Melvin, Director, Exelon representing Edison Electric 
Institute
     Kathy Judge, Director, National Grid representing Edison 
Electric Institute
     Jackie Flowers, Director, Tacoma Public Utilities

Lunch (12:30-1:00 p.m.)

    Part 2: Solutions Beyond CIP-014-3
    Part 2 of the technical conference will focus on solutions for 
physical security beyond the requirements in Reliability Standard CIP-
014-3.

Panel 3--Best Practices and Operational Preparedness (1:00-2:30 p.m.)
    This panel will discuss physical security best practices for 
prevention, protection, response, and recovery. The discussion will 
include asset management strategies to prepare, incident training 
preparedness and response, and research and development needs.
    This panel may include a discussion of the following topics and 
questions:
    1. What is the physical security threat landscape for each of your 
companies? What best practices have been implemented to mitigate the 
risks and vulnerabilities of physical attacks on energy infrastructure?
    2. What asset management and preparedness best practices have your 
member companies implemented to prevent, protect against, respond to, 
and recover from physical attacks on their energy infrastructure?
    3. What research and development efforts are underway or needed for 
understanding and mitigating physical security risks to critical energy 
electrical infrastructure?
    4. What research and development efforts, including the development 
of tools, would you like to see the National Labs undertake to assist 
your companies in addressing physical threats to your critical 
electrical infrastructure?
    5. What do you need or would like to see from the energy industry 
to improve your ability and accuracy in addressing physical security 
risks to critical energy electrical infrastructure?
    6. What best practices are in place to accelerate electric utility 
situational awareness of an incident and to involve local jurisdiction 
responders?
    7. What can the federal and state regulators do to assist the 
energy industry in improving their physical security posture?
    8. What training improvements can NERC and the Regional Entities 
implement to system operators to aid in real-time identification and 
recovery procedures from physical attacks?
    9. What changes could be made to improve information sharing 
between the federal government and industry?
    Moderators:
     Joseph McClelland, Director, Office of Energy 
Infrastructure Security, FERC
     Bill Peterson, Director, Entity Development & 
Communication, SERC
    Panelists:
     Vinit Gupta, Vice President, ITC Holdings Corp.
     Randy Horton, Director, Electric Power Research Institute
     Craig Lawton, Mission Campaign Manager, Sandia National 
Lab
     Michael Ball, National Security and Resiliency Advisor, 
Berkshire Hathaway Energy
     Thomas J. Galloway, Sr., President and CEO, North American 
Transmission Forum
     Scott Aaronson, Senior Vice President, Edison Electric 
Institute

Break (2:30-2:40 p.m.)
Panel 4--Grid Planning to Respond to and Recover from Physical and 
Cyber Security Threats and Potential Obstacles (2:40-4:10 p.m.)

    This panel will explore planning to respond to and recovery from 
physical and cyber security threats and potential obstacles to 
developing and implementing such plans. This discussion will focus on 
how best to integrate cyber and physical security with engineering, 
particularly in the planning phase. The panel will discuss whether 
critical stations could be reduced through best practices and how to 
determine whether to mitigate the risk of a critical station or protect 
it. Finally, the panel will consider the implications of the changing 
resource mix on vulnerability of the grid and its resilience to 
disruptions.
    This panel may include a discussion of the following topics and 
questions:
    1. How can cyber and physical security be integrated with 
engineering, particularly planning? What aspects of cyber and physical 
security need to be incorporated into the transmission planning 
process?
    2. What modifications could be made to TPL-001 to bring in broader 
attack focus (e.g., coordinated attack)? What sensitivities or examined 
contingencies might help identify vulnerabilities to grid attacks?
    3. Currently, if a CIP-014-3 R1 assessment deems a transmission 
station/substation as ``critical'' that station/substation must be 
physically protected. Are there best practices for reconfiguring 
facilities so as to reduce the criticality of stations/substations?
    4. When prioritizing resources, how should entities determine which 
``critical'' stations/substations to remove from the list and which to 
protect? If the project is extensive and may have a long lead time to 
construct, to what degree does the station/substation need to be 
protected during the interim period?
    5. How will the development of the grid to accommodate the 
interconnection of future renewable generation affect the resilience of 
the grid to attack? Will the presence of future additional renewable 
generation itself add to or detract from the resilience of the grid to 
physical attack?
    6. What are the obstacles to developing a more resilient grid? What 
strategies can be used to address these obstacles?
    a. Cost?
    b. Siting?
    c. Regulatory Barriers?
    d. Staffing/training?
    Moderators:
     Terry Clingan, Electrical Engineer, FERC
     Ryan Quint, Director, Engineering and Security 
Integration, NERC
    Panelists:
     Ken Seiler, Vice President, PJM Interconnection

[[Page 53885]]

     Tracy McCrory, Vice President, Tennessee Valley Authority
     Daniel Sierra, Manager, Burns and McDonnell
     Daron Frederick, Chief Information Officer, Arkansas 
Electric Cooperative
     Kent Chandler, Chairman, Kentucky Public Service 
Commission

Closing Remarks (4:10-4:30 p.m.)

[FR Doc. 2023-17061 Filed 8-8-23; 8:45 am]
BILLING CODE 6717-01-P