RF Enforcement: ‘Getting Harder to Process Violations’

Nov 22, 2019

Processing NERC violations is getting more difficult — at least in ReliabilityFirst, says the regional entity’s enforcement chief.

By Rich Heidorn Jr.

WASHINGTON — Processing NERC violations is getting more difficult — at least in ReliabilityFirst, says the regional entity’s enforcement chief.

ReliabilityFirst enforcement of NERC violations — Kristen Senk, ReliabilityFirst | © *ERO Insider*

RF Managing Enforcement Counsel Kristen Senk made the observation during a Compliance Committee presentation on 2019 enforcement activities at RF’s annual meeting Wednesday.

“I’m really proud of the team that’s here for the work that they’ve done. It’s getting harder to process violations,” Senk said. “I think entities probably realize this too. The violations themselves are getting more complicated. On the CIP [critical infrastructure protection] side, there’s some new technologies out there. Our [subject matter experts] are spending a lot of time trying to learn those technologies and working with the entities that understand [them].

“On the [operations] side, we’ve seen some really complicated … facility ratings issues. And also, the further we get into compliance, the more compliance history an entity has,” she continued. “So, for every new violation we process, we look at all the prior violations that were similar for that entity. So that list is just growing longer each year.”

2019 Statistics

RF had received 360 violations as of mid-November, so it may end the year with a slightly lower total than in 2018, Senk said. About 78% of this year’s violations were self-reports (vs. 76% for the ERO overall), with 22% resulting from audit findings.

“That’s good news,” Senk said. “We want to see mostly self-reports.”

ReliabilityFirst enforcement — RF and WECC receive and identify more potential violations than other NERC regions. | *ReliabilityFirst*

Senk noted that audit findings in 2019 more than doubled from the number in 2018. “That might sound alarming, but we’re actually not too concerned. … We did have a few more audits in 2019. … We also had some late audits in 2018 that kind of rolled over and we didn’t get the violations until 2019. And then we had a few entities that had multiple registrations, so when we audit them, the number would tend to go up.”

Three-quarters of the violations were for CIP, up from 72% last year. Like the ERO, about half the violations were in CIP-007 (patching) and CIP-010 (change management and baselining).

Senk said RF also is seeing an increase in CIP-004 violations. “Those really started increasing with the changeover to CIP version 5. CIP-004 violations are access management: So, some entities are revoking access too late. There’s a pretty strict timeline around those [requirements]. Also, not having the proper authorizations before granting access,” she said. “A lot of entities have kind of manual processes around this access management and they’re learning that those just aren’t sustainable for version 5.”

CIP MRO RF

KeywordsReliabilityFirst Corp.