Search
`
September 30, 2024
NERC Seeks FERC Approval to Fund Office Move
Filings also Address Mabee CIP Complaint, Standards Submissions
The Atlanta Financial Center, current site of NERC's headquarters.
The Atlanta Financial Center, current site of NERC's headquarters. | © RTO Insider LLC
Sep 20, 2021 | Holden Mann
NERC asked FERC to approve tapping financial reserves for its office move and to deny a complaint by security activist Michael Mabee.

NERC hopes to leave its current office space in Atlanta by the end of October, according to a filing it submitted to FERC last week requesting permission to tap its financial reserves to fund the move (RR20-6).

In the filing submitted Wednesday, NERC asked the commission to approve an expenditure of up to $2 million from its Operating Contingency Reserve (OCR) to exercise the early termination option in the lease for its current office space in the Atlanta Financial Center. The organization is required to seek FERC’s permission to spend more than $500,000 from the OCR; such requests may proceed if the commission has not acted on them within 30 days.

Details of NERC’s relocation plan are being kept confidential because of ongoing negotiations with the prospective new landlord, but the organization said in the public portion of its filing that it expects to save more than $900,000 per year in “budgeted rent and facility expense” at the new location. The total out-of-pocket cost for the move to be funded by NERC in 2021 is about $2.7 million, including the early termination fee.

Financial considerations are not NERC’s only motive for pursuing a new working space. According to the filing the organization’s experience during the COVID-19 pandemic showed that staff could “successfully execute NERC’s responsibilities in remote, ‘work from home’ settings.”

Going forward, NERC management plans to provide employees with more flexibility to work remotely, thereby reducing the need for physical office space. The geographic footprint of the new office is about 40% less than NERC’s current space, which lines up with management’s plans. In addition, the new space offers amenities not available at the current office — such as free employee parking, which provides an additional benefit to NERC’s budget — and “excellent transportation and accommodation options,” including an adjacent hotel and conference center.

Because the proposed expenditure should “have no impact on overall assessments for 2021 or 2022,” NERC requested that the commission limit the comment period on its proposal to 14 days. The organization said a shortened comment period would give FERC enough time to deliberate and render a decision by Oct. 15, which would “allow NERC to execute the new lease on or around Oct. 15 [and] exercise the early termination option in the current lease prior to its expiration date of Oct. 31.”

NERC Argues to Dismiss Supply Chain Complaint

In another filing last week, NERC asked FERC to slap down another complaint by security gadfly Michael Mabee, who last month requested that the commission take action “to address the risks and vulnerabilities presented by the import and installation of equipment or systems originating from adversaries of the U.S., including China” (EL21-99).

Mabee’s August filing cited reports from media outlets and government officials that China has conducted “a campaign of cyberattacks” against critical U.S. infrastructure, including the energy sector. Specifically, he suggested that U.S. electric utilities continue to buy large amounts of equipment from Chinese suppliers despite warnings of their vulnerability to outside hacking. He asked that FERC direct NERC to:

      • survey all registered entities in the bulk power system to find out “what Chinese equipment or systems are currently in use”; and
      • submit a proposed reliability standard for “testing and security of Chinese equipment or systems” that are currently in use in the BPS or purchased in the future.

NERC’s reply argued that Mabee “failed to provide a basis for [his] complaint [while] misunderstanding … the application of NERC reliability standards and incorrectly [stating] that there are no requirements to assess new or existing equipment for risks and vulnerabilities.”

The organization cited several standards, such as CIP-005-6 (Electronic security perimeter(s)), CIP-010-3 (Configuration change management and vulnerability assessments) and CIP-013-1 (Supply chain risk management), which mandate entities assess risks to the BPS when acquiring applicable electronic systems. These standards “speak to supply chain risk generally, but that is by design as these risks continue to evolve,” NERC said. Mabee’s request that a specific foreign nation be identified by name could prevent their application to “other nation-states that may pose a threat.”

NERC also pointed to its efforts outside reliability standards to address cyber supply chain risk. These include the Supply Chain Risk Mitigation Program, initiated in 2017 to support implementation of the supply chain standards, and NERC alerts such as the one issued last year to gather data on the BPS’ exposure to “foreign adversaries.” (See NERC Issues Level 2 Supply Chain Alert.) In addition, the Electricity Information Sharing and Analysis Center has issued a number of All Points Bulletins to notify entities of “adversary compromises of software supply chain tools.”

“The complainant has failed to demonstrate that these activities, in addition to the current reliability standards, are deficient in addressing the risk of compromised equipment to the reliability of the BPS. As such, the requested relief sought … is unsupported,” NERC said.

Approval Sought for CIP Standards

NERC’s filings last week also included a submission of proposed reliability standards CIP-004-7 (Personnel and training) and CIP-011-3 (Information protection) for approval by FERC. The new standards, approved by NERC’s Board of Trustees at its August meeting, are the product of Project 2019-02 (Bulk electric system cyber system information access management). (See “Standards Actions Approved,” NERC Board of Trustees/MRC Briefs: Aug. 12, 2021.)

According to NERC’s petition, the new standards provide “increased options for entities to leverage third-party data storage and analysis systems,” particularly cloud services, while clarifying the security measures expected from utilities that choose to use such systems. The implementation plan calls for the standards to become effective the first day of the first calendar quarter that is 24 calendar months after the date the commission gives its approval.

CIPFERC & FederalNERC & Committees
Keywordscritical infrastructure protection (CIP)Federal Energy Regulatory Commission (FERC)NERC Operating Contingency ReserveNorth American Electric Reliability Corp. (NERC)
Holden Mann
Ballot Opens on Proposed GMD Revisions
More From This Author

Leave a Reply

Your email address will not be published. Required fields are marked *

We Recommend

1
FERC Reliability Conference to Highlight Resource Adequacy
Sep 26, 2024FERC & FederalHolden Mann
2
DHS Offers $280M in Grants for Cyber Investments
Sep 24, 2024State RegulationHolden Mann
3
Texas RE Endorses ERO Enterprise Strategy
Sep 23, 2024Regional EntitiesTom Kleckner
4
WECC, Members Grapple with Strategic Vision
Sep 19, 2024Regional EntitiesElaine Goodman
5
FERC Proposes Further Cybersecurity Measures
Sep 19, 2024Standards/ProgramsHolden Mann

Popular Stories

1
Study: HVDC Needs Standards to Take off in US
Sep 9, 2024Standards/ProgramsJames Downing
2
Webinar Examines How FERC Could Use Interregional Transmission Study
Sep 9, 2024FERC & FederalJames Downing
3
WECC, Members Grapple with Strategic Vision
Sep 19, 2024Regional EntitiesElaine Goodman
4
Consumer Response Saved Alberta Grid During Jan. 2024 Cold Snap
Sep 11, 2024Regional EntitiesElaine Goodman
5
FERC Proposes Further Cybersecurity Measures
Sep 19, 2024Standards/ProgramsHolden Mann

Industry Gatherings