November 22, 2024
Canadians Seek Inclusion in Cybersecurity Meetings
Canadian Electricity Association CEO Marchi complained to NERC that he and other Canadian stakeholders have been excluded from DHS cybersecurity briefings.

By Tom Kleckner

CALGARY, Alberta — Canadian Electricity Association CEO Sergio Marchi took advantage of several opportunities during last week’s NERC Board of Trustees meeting to complain that he and other Canadian stakeholders have been excluded from Department of Homeland Security cybersecurity briefings.

canadian electricity association nerc cybersecurity
Canadian Electricity Association’s Sergio Marchi | © RTO Insider

“We’re forbidden to participate because we are considered, quote unquote, foreigners,” said Marchi, whose association represents integrated utilities, independent power producers, transmission and distribution companies, power marketers and industry suppliers. “The irony is the two CEOs [representing Canada’s electricity sector] happen to be American citizens.”

Marchi said that over the last year, he and the two U.S.-born CEOs on the Electricity Subsector Coordinating Council (ESCC), ENMAX’s Gianna Manes and Hydro One’s Mayo Schmidt, have been shut out of the classified briefings.

NERC responded that the Canadians have been excluded because they don’t have the proper security clearance. It added that it is working with industry and government partners to increase the functionality of the Electricity Information Sharing and Analysis Center (E-ISAC) portal, which gathers, analyzes and shares security data across the North American grid.

canadian electricity association nerc cybersecurity
NERC CEO Jim Robb | © RTO Insider

“NERC as a private company does not have authority to grant or sponsor clearances or to provide access to classified briefings in the United States or in Canada,” CEO Jim Robb said in a statement provided to RTO Insider. “However, NERC will ensure that all NERC events are inclusive of all our North American stakeholders. Simply getting information is only piece of the security pie, and the E-ISAC is in a unique place to analyze and triangulate information to identify threats and mitigation actions to share information that North American stakeholders need to protect their systems.”

Marchi told RTO Insider that the exclusion from the ESCC briefings has become more of an issue under the Trump administration.

“It’s frustrating, and whether it’s NERC or Bruce Walker [the Department of Energy’s NERC representative], they haven’t been able to pinpoint who is blocking us and why,” he said. “This is an example, where everyone says we should be in the meeting, but we don’t know who [is preventing us] and why we are kept out of the meeting. We’re hopeful we can make progress, and the next time the council meets, we can be on the same team.”

Robb acknowledged the issue while briefing trustees on the ESCC’s recent discussions. He said improving information sharing with Canadian industry members is “complicated territory.”

Marchi said the CEA was willing to give Robb a “proper runway” to improve the process.

A former member of the Canadian Parliament and cabinet minister, Marchi also objected to what he said was a 25% budget increase for the E-ISAC as part of NERC’s overall 9.5% budget increase.

“Our Canadian utilities receive the same information from Canadian sources, but it’s quicker and of higher quality,” Marchi said. “Why should we pay twice for information that is of less quality, and that is late on arrival?”

In his statement, Robb pointed out that Canadian stakeholders were able to file comments on the 2019 budget and business plan as part of NERC’s “open and transparent” budget process. He said the organization takes their concerns seriously.

“[We] had multiple meetings, phones calls and written exchanges with [Canadian stakeholders] to discuss the 9.5% increase,” Robb said. “While we acknowledge [their] concerns, we believe the budget approved by the NERC Board of Trustees is the right answer for industry based on all feedback we received.”

Robb acknowledged that the Canadian government has, at times, “authorized release of information to Canadian industry sooner than the U.S. government.” He said NERC recently executed a memorandum of understanding with the Canadian Cyber Incident Response Centre to help improve E-ISAC access to the Canadian government’s security information.

Marchi said the CEA will monitor the next budget cycle and “consider our options” at that time. He said the E-ISAC’s relationship with U.S. security organizations is “an important piece of that puzzle.”

“It’s very important those relationships are picture perfect, if a new investment to the E-ISAC will create the outcomes they’re intended to,” he said. “We need to continue to work closely as our industry evolves at a rapid pace and cyberattacks continue at a great pace. This work must be done in a cost-effective and efficient manner, because both regulators and customers demand and expect it.”

NERC Board Chair Roy Thilly said improving the involvement of Canadian utilities in the E-ISAC “is a very high priority” for the trustees. “We ask the Canadian utilities to work with us to help you provide that value.”

Earlier in the week, the NERC board and Canadian regulators held their annual meeting. NERC said Canadian regulators were briefed on cybersecurity, including the E-ISAC long-term strategic plan and the organization’s reliability assessment and performance analysis capabilities.

Robb Reflects on Cross-border Interconnections

Robb noted several significant milestones during his president’s report, pointing to NERC’s 50th anniversary and the 15th anniversary of the 2003 blackout in the Northeast. As Robb put it, a vegetation contact in Ohio led to power failures in Ontario and “returned the favor” for 1965, when a transmission line tripped in the Canadian province and blacked out Manhattan.

“These anniversaries and our meeting in Canada have given me a chance to reflect on the interconnected nature of our grid and the importance of our international collaboration,” he said. “The Electric Reliability Organization [ERO] is an agency for driving a common approach to reliability and security. We have a tremendous amount of work to do together, and it is a high priority for all of us.”

In addition to establishing reliability coordination services in the West, Robb listed as top issues security, integrating new technology, and a changing resource mix that could halve the U.S.’ coal fleet by 2030. (See related story, Sept. 4 Key Date for Potential Western RC Providers.)

Robb said the early returns on NERC’s six-month-old, five-year strategic plan have been “very positive,” but that there is a “tremendous amount of work to do.”

“It’s a very complex system to defend,” he said of the grid.

The continuing retirements of coal- and nuclear-fired generation, combined with the rapid deployment of variable resources and natural gas plants, is a problem “no one agency or individual forum can solve,” Robb said.

He said NERC has started work on a guideline to bring “greater clarity” regarding what kind of contingencies need to be studied.

“There are serious issues in the Northeast and desert areas of the Southwest,” Robb said. “We need to move along very quickly on this.”

CEO: AESO’s Challenges Same as Everyone Else’s

The Alberta Electric System Operator (AESO) faces steep challenges in meeting legislative mandates to phase out its coal-fired generation — which accounts for 40% of its installed capacity — and produce 30% of its energy from renewables by 2030. Adding to the challenge, it has very little hydro and no nuclear power in its generation mix.

But that’s no different than the challenges facing other jurisdictions, CEO David Erickson said.

canadian electricity association nerc cybersecurity
AESO CEO Dave Erickson (left) and DOE’s Catherine Jereza | © RTO Insider

“With the integrated nature of the grid in North America, working together to solve those problems is important,” he said. “That’s the only way to get through this transformation, with the increasing penetration rate of renewables, cyber threats and changing generation mix. Those are real challenges we need to work together to solve. The ISO/RTO community has a big role.

“That said, NERC has an enormous role to get through this. I encourage the industry, I encourage NERC to work together. Whether we like it or not, we’re in this together. There’s a better path that’s more efficient and a lot more effective, if we do this together.”

FERC & FederalReliability

Leave a Reply

Your email address will not be published. Required fields are marked *