By Holden Mann

FERC last week accepted settlements with Bonneville Power Administration and FirstLight Power, along with an unnamed entity in the Eastern Interconnection, for violations of NERC reliability standards. The commission said in a notice on Friday (NP20-7) it would not review the settlements, leaving NERC’s penalties intact.

NERC submitted the settlements to the commission in a spreadsheet notice of penalty (NOP) on Jan. 30.

$50,000 Penalty for Unnamed Entity

The unnamed entity accepted a $50,000 settlement with ReliabilityFirst over violations of reliability standard CIP-010-2 R2, relating to the management of configuration changes in its IT systems.

On Nov. 30, 2016, the entity’s IT team discovered that some of its device types — not specified in the NOP — were not being properly monitored for baseline configuration changes as required by CIP-010-2 R2. The standard requires the baseline for a group of devices to reflect every individual device within the group. However, staff at the entity had assumed that one device within a device type or group could be used to represent all devices within that type or group.

This approach is allowed under CIP-010-2 R1, but ReliabilityFirst found that the entity’s management had not clearly communicated the R2 requirements in procedures. As a result of the oversight, discrepancies developed in a number of device groups between individual device baselines and group baselines, leading to further errors, such as 11 devices missing port setting documentation, a violation of CIP-007-6 R1, and 10 potential missed change authorization instances, a violation of CIP-010-2 R1.

The IT team outlined the discrepancies in a self-report submitted to ReliabilityFirst on Feb. 16, 2017. The RE observed that “[not] monitoring baselines has the potential to affect the reliability of the Bulk Power System … by reducing the entity’s ability to identify unauthorized activity, changes, or vulnerabilities and by introducing system instability when making changes to assets.” It warned that the entity could have tried to make important decisions based on outdated information or missed unauthorized changes to ports needed for emergency operations (though this did not create an opportunity for unauthorized access).

However, the regional entity also credited the IT team for finding the discrepancy relatively quickly. The relevant requirement had gone into effect in July 2016, meaning the entity had been in violation for less than five months. In addition, ReliabilityFirst noted that the issue was discovered during a regular review of entity change management processes and device baselines. This, along with stringent defense-in-depth measures covering the affected devices, indicated that the entity had a robust safety culture.

Mitigating measures taken by the entity in response to the violation included:

• Updating management training procedures regarding change management tools and compliance change management requirements;
• Creating job aids for updates and monitoring and training employees in their use;
• Investigating and documenting port ranges in baseline documentation;
• Performing new baseline monitoring steps for IT and creating a baseline monitoring report and evidence for a cycle.

In determining the penalty level, ReliabilityFirst weighed these factors against the “severe” nature of the violation and “medium” risk factor. The RE also considered aggravating the penalty based on a previous incident of noncompliance with CIP-010-2 R2 but decided against this because the prior incident was attributed to a different root cause.

FirstLight Reports Ratings Error

None of the other violations in the NOP — one attributed to FirstLight Power and four to BPA — carried a monetary penalty.

The FirstLight Power settlement stemmed from a self-report filed to the Northeast Power Coordinating Council (NPCC) in 2019. The generator owner (GO) was seeking to register a violation of reliability standard FAC-008-3 R1, relating to the establishment of facility ratings. In a regular internal compliance review at the Cabot generating station on the Connecticut River in Massachusetts, the company had discovered incorrect ampacity ratings on several components. Correcting the relevant ratings limited the station’s overall rated capacity.

FirstLight determined that Cabot was the only station affected and that all of the components in question had been installed between 2001 and 2006 when the station was owned by the local transmission owner. When the GO discovered the discrepancy, it reduced the station’s maximum output to prevent unloading the limiting equipment.

Because of the age of the affected components, NPCC concluded that the violation spanned two versions of the relevant standard. FirstLight was in violation of FAC-008-1 R1 from Aug. 2007, when the entity registered as GO for the Cabot station, until the standard was retired on Dec. 31, 2012. The violation of FAC-008-3 R1 lasted from the standard’s introduction in January 2013 until the station’s output was reduced in July 2019.

Due to the duration of the violation, NPCC decided against compliance exception processing. However, in light of FirstLight’s quick mitigation activities — along with the low level of risk and lack of history of noncompliance, the RE ultimately declined to assess a penalty. Mitigation measures included the reduction of the facility’s output; revisions to its facility rating sheet; and updates to its procedures regarding tracking, documenting and approving changes to ratings.

BPA Files Transmission, Protection System Violations

Three of BPA’s violations concerned the MOD-029-2a, the NERC standard governing transfer capability calculations — but because two of the incidents occurred in 2016, they were found to involve the earlier version of the standard, MOD-029-1a.

For the first violation, BPA submitted a self-report to WECC in July 2016 that it had incorrectly allocated the total transmission capability (TTC) for one available transmission capability (ATC) path while responding to an outage in the Western Interconnection. Because of an agreement with another transmission operator, the entity was required to reduce the TTC pro-rata along with the other TOP during an outage. Instead, it took the entire reduction but corrected the allocation the same day.

The second case occurred on June 4, 2018, when it correctly posted the TTC on one ATC path but did not correctly allocate between affected transmission owners while assessing a seasonal limit as required by its allocation agreement. Instead, BPA allocated an additional 16 MW to one entity while reducing another’s allocation by the same amount. It corrected the issue the same day and submitted a self-report regarding the violation on June 15, 2018.

In response to both incidents, BPA allocated the correct TTC and clarified its desk-level procedures regarding the relevant issues. For the earlier incident the entity also tested its systems to ensure that operators can update ownership shares correctly.

The entity’s third violation, related to MOD-029, took place between March 27, 2016, and Sept. 6, 2016, and involved a 450-MW transmission reliability margin (TRM) for one ATC transmission path that was implemented on Feb. 3, 2016. The TRM was intended to ensure reliable system operation when the system operating limit across the ATC transmission path exceeded 2,000 MW. However, BPA set its TTC too low on March 27, April 2 and April 8, resulting in an incorrect TRM methodology.

The entity corrected its TRM calculation on Sept. 6, ending the violation. It then completed a series of mitigating steps, including the creation of a system to automate TRM submissions, updating its production environment to incorporate the new system and training staff on the new functionality. Mitigation was completed on Oct. 30, 2018.

BPA’s final violation concerned reliability standard PRC-005-2(i) R3, relating to “the maintenance of protection systems affecting the reliability” of the BES. On Dec. 23, 2016, the entity reported that four days earlier it had found that a control battery at one substation had not been inspected for unintentional grounds as required in the standard. BPA had incorrectly thought that maintenance was not required because the battery did not have automated ground detection equipment and that the battery was not subject to the standard because the substation did not support BES elements.

“However, in December 2016, BPA corrected its assumption because the VLA control battery at the substation supported distributed Under Frequency Load Shedding (UFLS), which qualified the VLA control battery as a BES element and subject to the requirements of PRC-005,” the NOP said. “As a result, BPA found one VLA control battery that did not have the required maintenance activities as far back as October 1, 2015, for its required four-month calendar intervals.”

WECC identified the root cause of the violation as BPA’s incorrect assumptions regarding the requirements for BES elements and about the significance of the lack of automated detection equipment. Mitigation actions undertaken by the entity included completing inspection and maintenance on the control battery and confirming the application of relevant inspection forms for all batteries subject to the standard. In addition, BPA added the missing control battery to the work management system and added its voltage readings to other monthly readings.

The entity is not subject to monetary penalties due to a D.C. Circuit Court of Appeals ruling that FERC and NERC cannot impose such penalties against federal entities.