NERC has submitted its final performance assessment to FERC, reviewing a turbulent five years in which NERC managed “significant collaboration” among the ERO Enterprise, stakeholder groups and government authorities that “resulted in high and improving grid performance.”
The performance assessment covers the years 2019 to 2023, a period that saw the outbreak of the COVID-19 pandemic, several major severe weather incidents, the emergence of serious cybersecurity threats to multiple aspects of the electric grid and the ongoing shift from traditional thermal generation to renewable resources.
In the report, NERC sought to highlight “the continued viability and effectiveness of the ERO model” at using “broad technical expertise across diverse stakeholder groups and [ensuring] the independence and agility required to advance reliability in a changing world.”
FERC regulations require NERC to file an assessment of its performance every five years as a prerequisite to recertifying it as the ERO, and the commission approved the last assessment in 2020. (See NERC Wins Another 5 Years as ERO.) Three years ago, FERC floated a proposal to shorten this timeline to three years, but the commission withdrew the proceeding this year after NERC and the regional entities warned that a three-year assessment cycle might not allow it to conduct the same level of review that the current schedule allows.
NERC posted a draft of this report in April, seeking stakeholder comments. (See NERC Makes Case for Recertification in Performance Assessment.) The finished assessment, filed July 19, “reflects feedback from [regional entities], industry stakeholders and commission staff,” NERC said, along with input gathered from stakeholders throughout the assessment period.
In the final assessment, NERC focused on its accomplishments through four key areas:
-
- Energy: addressing challenges arising from the changing resource mix, providing sufficient energy and essential reliability services, improving system performance during extreme weather and adding transfer capability;
-
- Security: addressing cyber and physical security risks;
-
- Agility: becoming nimbler in risk identification and standards development; and
-
- Sustainability: investing in automation, eliminating single points of failure, and strengthening the ERO Enterprise’s long-term stability and success.
The organization devoted a significant part of the report to its internal development and efforts to modernize and streamline its committee structure. These include the creation of the Reliability and Security Technical Committee in 2020 through the combination of several existing committees and the Regulatory Oversight Committee in 2023 to give NERC’s Board of Trustees “committee-level oversight of standards development.”
NERC also discussed its efforts to improve cyber and physical security across the ERO Enterprise. It said that during the assessment period, it “zeroed in on structural cybersecurity challenges” to the grid, including supply chain vulnerabilities and information technology and operational technology system monitoring.
In addition, the ERO highlighted its work developing the Energy Information Sharing and Analysis Center (E-ISAC), which “continues to play a vital role in securing the [grid] through sharing information on cyber and physical security threats and vulnerabilities with industry members, the vendor community, and government and cross-sector partners.”
NERC received a single comment from the Edison Electric Institute, which it posted as an appendix to the assessment. EEI suggested that “it would be helpful if the [final] assessment explored the use and value of [self-certification and spot checks as] alternatives to full on-site audit engagements.” In response, the ERO asserted that it “has increased its use of self-certification and spot checks to support compliance monitoring and intends to continue to significantly leverage those methods.”
NERC said that during the first quarter of this year, only 15% of its compliance monitoring engagements used full on-site audits. Among such engagements, 77% used self-certifications, while 8% used spot checks. NERC pledged to “continue coordinating across the ERO Enterprise to support consistent rationale in tool selection through its risk-based approach to” compliance monitoring and enforcement.