ReliabilityFirst has assessed MISO a $500,000 fine for violating critical infrastructure protection standards.
The violations’ details are scant. The regional entity and RTO reached a settlement in late July after confidential talks.
Keri Glitch, MISO’s chief information security officer, said all but one of the violations were discovered over the course of a regular assessment of business operations that covered 2017 to 2019. MISO self-reported nine of the violation’s 10 issues, she said.
Glitch said none of the issues put the RTO’s security at risk.
“Because of the confidentiality, MISO is limited in what it can say,” Glitch said during an Aug. 18 Advisory Committee teleconference. “All of the compliance issues have been remediated, and there was no security threat.”
MISO will spread the penalty across market participants on a pro rata share for the operating days when the violations occurred. Glitch said all recovery is planned to take place this year.
The penalties are being assessed under the MISO tariff’s Schedule 34, “Allocation of Costs Associated with Reliability Penalty Assessments.” The provision allows staff to assign penalty costs to members if NERC or an RE finds that they “directly contributed to or were a root cause(s) of a confirmed violation.”
Most members will be charged $500 to $8,000, Glitch said. The largest assessed penalty will be $24,000.
Glitch said MISO has only one previous fine, of $79,000, over the last decade.
“NERC enforcement is getting tougher, and the penalties are getting larger,” Glitch said. “We were not provided any details of how the fine was actually calculated.”
“We did our best to provide as much information as we could but still stay within those bounds of confidentiality,” the grid operator’s chief customer officer, Todd Hillman, told members.
MISO offered no other comment about the violations.