FOLSOM, Calif. — CAISO’s Western Energy Imbalance Market posted more than $801 million in benefits for its participants after five years of reporting quarterly results, the EIM’s Governing Body members heard Wednesday.
Mark Rothleder, the ISO’s vice president for market quality and California regulatory affairs, told the Governing Body’s four current members (one seat is vacant) that the EIM racked up $64 million in benefits in the third quarter of 2019 — its 20th quarterly report.
“It marks a five-year mark in terms of operation of the EIM,” Rothleder said.
Arizona Public Service received the bulk of the third-quarter benefits, with more than $20 million in savings, followed by PacifiCorp and Portland General Electric, which each benefited by about $9.5 million, according to the ISO.
The benefits were less than the $100 million posted during the third quarter of 2018 because natural gas price spikes last year created additional benefits for EIM participants, Rothleder said.
The real-time EIM uses security-constrained economic dispatch technology to find and deliver low-cost electricity across eight Western states and facilitates the use of renewable energy that might otherwise be curtailed.
With new members steadily joining, the EIM is on track by 2022 to have members representing more 77% of load in the Western Interconnection, Rothleder said.
Its nascent competitor, SPP’s Western Energy Imbalance Service, started up in June and announced its first three members Sept. 9. (See WAPA, Basin, Tri-State Sign up with SPP EIS.)
The EIM’s nine current members include Idaho Power, NV Energy, Powerex, Puget Sound Energy and Sacramento Municipal Utility District. Those scheduled to join include Arizona’s Salt River Project and Seattle City Light in 2020, the Los Angeles Department of Water and Power and Public Service Company of New Mexico in 2021, and the Bonneville Power Administration in 2022.
“We’ve got a robust set of implementations coming up,” Rothleder told Governing Body members.
At the EIM meeting Wednesday, Pam Sporborg, with Portland General Electric, made her first presentation, by phone, as the new chair of the EIM’s Regional Issues Forum.
Sporborg recently took over from Therese Hampton, executive director of the Pacific Northwest’s Public Generating Pool.
“She’s leaving quite big shoes to fill,” Sporborg said. “I’m looking forward to taking on the chair role and all the work to hold the RIF together.”
Jennifer Gardner, a senior attorney with Western Resource Advocates, has assumed the role of the RIF’s vice chair.
The RIF’s next meeting will be Dec. 3 in Las Vegas, where the EIM Governing Body is set to meet Dec. 4.
There will be updates from new EIM entrants such as Tucson Electric Power, a discussion of resource sufficiency versus resource adequacy, and perhaps a presentation from FERC on price formation, Sporborg said.
“We’re putting together quite an exciting agenda for that meeting,” she said.
Increased wind output helped Avangrid’s profits jump 20% in the third quarter as the company continued to see strong growth in its renewables fleet.
The company earned $150 million ($0.48/share) during the quarter, compared with $125 million ($0.40/share) in 2018. Net income for the first nine months was flat at $477 million, compared with $476 million for the same period last year.
The results “reflect really positive performance in renewables that improved production due to better wind resource and new assets in service during the quarter,” CEO James P. Torgerson said in a call with analysts Wednesday.
A subsidiary of Spain-based Iberdrola, Avangrid owns United Illuminating, Connecticut Natural Gas, Central Maine Power, New York State Electric and Gas, and Rochester Gas & Electric, as well as generating assets throughout the U.S.
Avangrid expects its 1,200-MW New England Clean Energy Connect transmission project to start construction in the second quarter of 2020 and come online by the end of 2022. | Avangrid
Renewables Projects
Torgerson noted Avangrid’s Renewables division has commissioned 427 MW of onshore wind this year and has about 562 MW under construction. The company’s approximately 16.5-GW pipeline of renewable energy projects is about evenly divided among onshore wind, offshore wind and solar.
The company last quarter executed a new power purchase agreement with Oregon-based Portland General Electric for the repowering of the 75-MW Klondike II wind project.
Vineyard Wind’s leases south of Cape Cod could potentially host 5 GW of generation. | Avangrid
It also inked a $112 million deal with Axium, expected to close in the fourth quarter, to sell a 50% ownership interest in a wind farm and a solar project in Arizona, both of which have long-term PPAs. Torgerson characterized the deal as a continuing strategy to recycle capital and optimize pipeline projects and assets.
He also said the company expects the Bureau of Ocean Energy Management to issue a supplemental environmental impact statement for the Vineyard Wind offshore project “by late 2019, early 2020.” Avangrid is a 50/50 partner in the offshore venture with Copenhagen Infrastructure Partners.
Vineyard Wind submitted separate bids in the Massachusetts and Connecticut offshore wind solicitations but lost out to Mayflower Wind on Wednesday for Massachusetts’ second 800-MW offshore award. Connecticut is expected to announce its contract award in November.
On the transmission front, the company expects its $950 million, 1,200-MW New England Clean Energy Connect project to start construction in the second quarter of 2020 following receipt of the final permits from Maine and the U.S. Army Corps of Engineers, as well as approval from ISO-NE.
“The project is progressing well,” Torgerson said.
Utility Rates
NYSEG and RG&E in May filed one-year rate cases requesting new rates from the New York Public Service Commission.
Both utilities are seeking a 9.5% return on equity and proposing additional capital for resilience plans, which include an vegetation management and automated metering infrastructure, Torgerson said.
He said the company expects the rate cases to substantially mitigate impacts of outage restoration, staging costs and overtime, particularly for increased vegetation management at NYSEG, which was penalized by the PSC in June for performance issues. (See NYPSC Dings Utilities for 2018 Reliability, Safety.)
CMP has an ongoing rate case with a decision expected early in the first quarter of 2020. The utility has requested an ROE of 10%, above the current 9.45%, Torgerson said. The Maine Public Utilities Commission proposed lowering it to 8.75% because of customer service issues, he said. The company in turn recommended organizational changes and the establishment of a $6 million customer benefit fund, plus the establishment of an energy assessment pilot with Efficiency Maine.
NERC CEO Jim Robb told board members Thursday he’s “feeling very good about” his senior executives after what he acknowledged was a “turbulent year” for the management team.
“We’ve had a pretty turbulent year in terms of the makeup on that team, but … I keep reminding myself that every time a door closes, a window opens,” he told the Corporate Governance and Human Resources Committee on a conference call.
Since Robb joined NERC from the Western Electricity Coordinating Council in April 2018, the corporation has seen the retirement of General Counsel Charles Berardesco, and the departures of CFO and Chief Administrative Officer Scott Jones and Senior Vice President and Chief Security Officer Marcus Sachs. James Merlo, vice president and director of reliability risk management, abruptly left the company in September. (See Merlo Out at NERC.)
“We have spent a lot of time over the last quarter really getting the senior team into alignment around a whole bunch of priorities … and I think we really have a very sound, and most importantly, a very aligned, team of executives leading the company right now,” Robb told the committee.
He said it was “pretty astounding, given all the change we’re going through, that our attrition level is hovering below 10%. We obviously would like to drive that number down.”
“Some of that attrition is regretted,” he added. “Some not.”
Robb said a “steering committee” of officers working with Director of Human Resources Damon Epperson “on renewing our HR programs” is paying dividends.
“One, we’re getting more heads against some thorny issues of how to continue to modernize our approach to HR to be aligned with the transformational aspirations we have for the company [NERC] and [ERO] Enterprise,” he said. “The other thing that it’s doing is also taking away everybody’s ability to complain about HR, because we’re now all part of the problem.”
He said the team is considering changes to its recruiting and onboarding practices and is “going to be taking a hard look at our performance management approach.”
Diversity and Inclusion
“Most importantly, we’ve laid out a series of aspirations for ourselves both in terms of the workplace environment we want to create for our staff, but also the importance we want to place on diversity and inclusion — that, as we continue to evolve the organization, we’re making it more reflective of the society that we live in and serve.”
Robb’s approach won an endorsement from Director Kenneth W. DeFontes Jr.
“If you design [a company in which] HR is the HR organization’s responsibility — not line management — you won’t be successful,” he said. “It sounds like you’re off on the right track to engage your leadership team [into] accepting this responsibility.”
Vacancies Remaining
NERC’s 2020 business plan reduced Robb’s direct reports to five from eight, two of which — chief financial and administrative officer, and the general counsel — are the subject of an ongoing search. Robb said last week he expects to announce the new executives by the end of November.
Sonia Mendonca, Berardesco’s former deputy, is interim general counsel, and Controller Andy Sharp, who served under Jones, is interim CFO.
Janet Sena, senior vice president for policy and external affairs, and Mark Lauby, senior vice president and chief engineer, are the only direct reports to Robb who remain from the executive team under former CEO Gerry Cauley.
Robb’s other direct report, Bill Lawrence, chief security officer and director of the Electricity Information Sharing and Analysis Center, replaced Sachs in August 2018. Lawrence was mysteriously absent last week at GridSecCon, E-ISAC’s annual conference, which drew more than 600 people. (See related story, Overheard at GridSecCon 2019.)
Robb said Lawrence was “taking some time off” but expected him to return.
ATLANTA — Peter Scalici, manager of security outreach programs for Northeast Power Coordinating Council, still speaks with the blunt, no-nonsense demeanor of the New York City police detective he once was.
“I was never a fan of academia telling us how to handle real-world situations. I felt that many times we reached paralysis through analysis, where we were analyzing things so much that we never took action, we never solved the problem,” he said.
But when he learned about NERC’s Design Basis Threat (DBT) assessment, he was very impressed, he told NERC’s GridSecCon 2019 last week. “I said, ‘Now here’s something that really has value.’”
Based on a concept that originated in the nuclear power industry, NERC’s DBT was created in 2016 by the Physical Security Advisory Group. It is a tool for identifying the intentions and capabilities of potential adversaries and determining appropriate, cost-effective defensive measures.
Sam Chanoski, director of intelligence for the Electricity Information Sharing and Analysis Center, noted that hackers’ motives can vary depending on who they are: nation states seeking to affect geopolitics; extortionists seeking financial gain; or nihilists that “might want to break something or set it on fire.”
“It really gets down to imagination bounded by the laws of physics,” he said.
David Godfrey, critical infrastructure protection manager for Garland Power & Light, summed up the DBT this way: “What does winning look like for them? What does losing look like for us?
“It doesn’t always cost a lot to protect something, but it does take the knowledge of a good group of experienced folks,” Godfrey explained. “And that’s not just security folks. That is your substation people. That is engineers; your cyber folks; operations. Get them all in the room, and put their heads together.”
Scalici agreed, saying NPCC will integrate the DBT into the voluntary physical security assessments it offers its members. “This opens up everybody’s eyes to how everything is connected,” he said.
David Jarrett, Southern California Edison’s senior adviser for physical security, said the tool can be used by anybody within a utility’s security organization with some training.
The E-ISAC offers workshops to utilities to help them implement the program, which focuses on the functions of “detection, delay and response” to baseline a physical protection system and determine cost-effective upgrades.
One key step is comparing the amount of time adversaries require in their attacks (task time) with the time the response force requires to engage or neutralize the attack (response time).
Ross Johnson, president of Bridgehead Security Consulting, talked about the need to update the DBT in the face of new technologies, such as the battery-powered Metabo 36-V angle grinder, which he said can cut through a chain link fence in about 30 seconds.
Johnson noted that the ASTM International standards for fence penetrations for low- and moderate-threat facilities do not identify battery-operated tools as concerns because they were written when batteries were extremely heavy and not very powerful.
“They didn’t work very well so it wasn’t really an issue,” he said. “Today it’s different. Tools like this are affordable: That’s $450 at Home Depot. And it will go through anything very, very quickly.”
The ASTM standards are being updated accordingly, he said. “Which is really good news for us because what we don’t want to use is fencing that we think is good enough but doesn’t actually protect us against this particular tool.”
The other good news: New fencing can withstand such tools. “Sometimes, depending on the quality of the steel used in the fence, it’s so hard to cut that it wears the grinding wheel out or wears the battery out before it can get through,” Johnson said. “So that kind of fencing is your friend.”
Godfrey said the best fences can provide up to an hour of deterrence. “We have substations that take law enforcement an hour to get to,” he said.
War Games
Johnson said E-ISAC’s DBT implementation workshop is the best security training he’s ever had. “The first time I took it, by the end of the five days, I was embarrassed at the amount that I learned,” he said.
Johnson said the DBT implementation “teaches you how to … take all of the various pieces of the physical protection system … and use them together in order to defeat an adversary.”
“In the old days, which weren’t that long ago, we would design these security facilities … put a fence up here, put cameras here … but we didn’t ever really war game it out against an adversary. We just hoped it worked. And it almost always does, because you actually rarely get attacked by determined adversaries. So, we’re never faced with our own failure.”
One thing to avoid, the speakers said, is having too many participants in a DBT workshop or participants who will dominate the discussions.
“If you get the right five or six people in the room you can solve a lot of scenarios,” Godfrey said.
“The best number is about 20,” said Michael Bowen, associate director of physical security for the E-ISAC.
BALTIMORE — State environmental officials worry about PJM’s involvement in carbon pricing for very different reasons, depending on where their states sit along geographical — and economic — lines.
For agencies in PJM’s eastern territory, “how” matters much less than “why” states might implement carbon policies. But to the west — where fossil fuels dominate — the inverse appears to be true.
During a panel discussion Monday on state carbon policies at the Organization of PJM States Inc.’s (OPSI) annual meeting, environmental officials from some PJM states expressed doubts about the viability of a federal carbon tax and said cap-and-trade programs, like the Regional Greenhouse Gas Initiative, would more effectively achieve emissions targets popping up across the RTO’s footprint.
“We are still talking carbon tax versus a cap-and-trade, [and] I think the important thing is we price carbon effectively and keep a few principles in mind,” said Chris Bast, deputy director of the Virginia Department of Environmental Quality. “A tax gives price certainty, and cap-and-trade gives a reductions certainty.”
Bast joined officials from Kentucky, Maryland and Pennsylvania on the panel. He said states should consider science-based policies that don’t harm marginalized communities, and that PJM itself should investigate how the broader energy transition from fossil fuels to renewable resources could unfold regionwide.
But Kentucky Secretary of Environment and Energy Charles Snavely objected to involving PJM in any carbon pricing scheme because his state’s economy depends on cheap and reliable coal generation, which attracts industry and keeps electricity bills low for its poorest residents. That makes early retirement of fossil fuel plants politically and economically untenable.
“Kentucky does not have the intention to continue to be a coal-fired state, but we will not shut something down prematurely and put that cost on our citizens,” he said.
The Carbon Divide
PJM began studying carbon pricing impacts on the wholesale market last year and recently assembled a stakeholder task force to prepare for incoming state policies as more governors across the region adopt aggressive clean energy targets.
Panelists agreed that PJM faces a challenge not experienced in other RTOs and ISOs considering carbon pricing: a patchwork of states with competing political and economic interests that fear the financial and environmental impacts of each other’s policies.
That’s where consensus ended.
States on the RTO’s western border, like Kentucky and West Virginia, worry PJM will implement carbon pricing in a way that disadvantages their coal-heavy generation and leaves their poorest customers footing the bill for clean energy programs in the east.
“It is our opinion that PJM is enabling the policies of certain states at the expense of others,” Snavely said. “We will reconsider our participation in PJM just out of necessity. It appears to me that a lot of this is a competitive move by some of our members to further their economic interests, and Kentucky will further our own interests too.”
States pursuing clean energy goals, however, said an ill-designed PJM carbon price mechanism could inadvertently punish them as well, by building carbon costs into the offers of their cleaner plants. That could lead to the dispatch of cheaper — and more polluting — fossil fuel-generated power, one facet of a phenomenon called “carbon leakage.”
“Markets work best when prices tell the truth about costs,” Bast said. “I pay to throw away my trash, yet we are allowing unlimited carbon dumping into the atmosphere for free. In order to tell the truth about what that costs us, we have to account for all of the costs of that.”
Ben Grumbles, secretary of the Maryland Department of Environment, said RGGI auctions have driven more than $650 million worth of investments in his state alone since it joined in 2007. He suggested that a similar regionwide attempt to price carbon and reduce emissions could work for PJM, but it’s up to the legislatures and state regulators to decide.
“Our message continues to be to other states — learn more about regional cap-and-invest plans like RGGI,” he said. “It will continue to grow in size and importance. As PJM looks at carbon pricing, from our perspective, it’s very important to come up with a goal that actually reduces greenhouse gas emissions and addresses leakage.”
Only two PJM states, Maryland and Delaware, participate in RGGI. The group says it has reduced its nine members’ power sector CO2 pollution by 45% over the last 14 years and provided $2.31 billion in lifetime energy bill savings. Participating states, either through regulation or legislation, cap power plant emissions and auction off credits to generators on a quarterly basis; generators purchase the allowances as proof of compliance. The proceeds return to participating states for reinvestment.
New Jersey will officially enter the program in January, and Pennsylvania Gov. Tom Wolf instructed the state Department of Environmental Protection to begin the process for joining earlier this month — a surprising move given the state’s wealth of shale gas and booming energy exports that bridge the east-west divide. (See Pennsylvania Governor Signs RGGI Executive Order.)
RGGI’s proven track record and existing framework appealed to Pennsylvania Environmental Protection Secretary Patrick McDonnell. He told the OPSI crowd that although the Keystone State remains the No. 2 producer of natural gas, the industry itself contributes to carbon pollution and presents a real challenge for achieving the governor’s clean energy targets. (See Pennsylvania Joins US Climate Alliance.)
“In our state, we’ve seen about a 12% reduction in greenhouse gas emissions, but we will see that ramp back up because it’s predominantly been driven by the retirement of coal,” he said. “RGGI is about giving us a pathway toward that cleaner energy future. Something has to be there to take up the load, and right now that is natural gas. What we don’t want to see is reversals.”
A Short Bridge
The importance of Pennsylvania’s gas supply in propelling RGGI’s success wasn’t lost on any of the panelists Monday — despite a changing and more hostile regulatory environment for new gas plants.
“The honest assessment of being on the path of greenhouse gas reductions is the transition from coal to natural gas, Grumbles said. “There is a role for natural gas. It is a bridge fuel, and the goal is to make sure [the bridge is] not unacceptably long or leaky.”
“I’d say don’t bite the hand that feeds you,” Snavely said. “What conversation would we be having today if it weren’t for West Virginia and Pennsylvania and Marcellus Shale? We wouldn’t have the technology without natural gas. When renewable technology is at a point when we don’t need to be backed up by natural gas, that’s fine; take natural gas out of the equation.”
The tension between the promise of renewable resources and the affordability of natural gas appears prominently in Virginia, Bast said, where changing attitudes have jeopardized some high-profile construction projects. (See Stalled Pipeline Overshadows Dominion’s OSW Project.)
“I don’t think it’s a secret that there are currently $12 billion in pipelines planned in Virginia to bring some of that natural gas our way,” he said. “But they are struggling to be finished.”
Dominion Energy’s Atlantic Coast Pipeline, which will run underground for 600 miles from West Virginia to North Carolina, remains tied up in federal court after developers lost a permit to cross 600 feet below a section of the Appalachian Trail last year. The Supreme Court will soon decide whether to hear the case, and construction on the project could resume before the end of 2019.
Likewise, two natural gas plants — including one of the largest in the country — have not yet broken ground, and doubt remains if developers ever will, Bast said.
“It’s not a switch that gets thrown tomorrow, and we need to make up the difference right away,” McDonnell said.
Entergy beat Wall Street’s expectations Wednesday by reporting third-quarter adjusted earnings of $506 million ($2.52/share), up from $431 million ($2.35/share) a year earlier on increased rates, higher sales and lower nuclear generation costs.
Zacks Investment Research’s survey of financial analysts had projected $2.31/share.
The New Orleans-based company’s GAAP results were $365 million ($1.82/share), compared to $536 million ($2.92/share) a year ago.
Company executives said during a conference with analysts that the “strong results” led them to raise their 2019 adjusted earnings guidance’s midpoint by 5 cents and narrowed the range to $5.25 to $5.45/share.
“The fundamentals supporting our steady, predictable growth are strong and give us confidence in our financial outlooks,” CEO Leo Denault said.
Entergy Wholesale Commodities (EWC), the company’s merchant generation business, suffered a loss of $141 million during the quarter after a $105 million profit the year before. The company said revenues were down following the sale of Massachusetts’ Pilgrim Nuclear Power Station to Holtec International in August and tax items recorded a year ago.
Denault said the Pilgrim sale completes an “orderly exit” from EWC’s nuclear business. The Indian Point units in New York and the Palisades plant in Michigan are scheduled to be shut down in 2021 and 2022, respectively.
Entergy’s share price was trading Wednesday at $121.56 during after hours, up $2.61 from the morning’s open.
MISO will not seek an increase in Tariff rates in 2020 despite proposed spending increases.
The RTO projects it will spend about $368 million in 2020, an 8.3% increase from 2019, with $337.7 million in operating expenses and $30.4 million in capital expenses. But it will again seek a 41-cent/MWh Tariff rate from customers, the same as last year and just a penny more than the 2018 rate.
Since Entergy joined the footprint in 2014, MISO electricity use has remained at 740 to 750 TWh annually.
MISO projects its ongoing market platform replacement project will account for $12.7 million of operating expenses and $12.3 million of capital expenses in the upcoming year. It also forecasts base operating expenses will be $264.7 million, up $9.7 million from last year.
MISO CFO Melissa Brown said a host of issues are driving the uptick in spending, including the market platform replacement, facilities upgrades, wage increases and cost increases in computer maintenance and engineering studies.
The Board of Directors’ Audit and Finance Committee voted unanimously to approve the budget proposal during a conference call Tuesday. MISO will seek a final board vote on the budget Dec. 11 during its quarterly Board Week.
ATLANTA — NERC’s ninth annual GridSecCon was the biggest yet, as more than 600 attendees heard talks on drones, insider threats, supply chain risks and other topics. Here’s some of the highlights of the conference, which was organized by NERC’s Electricity Information Sharing and Analysis Center.
Brian Harrell, assistant director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, rallied the attendees, saying critical infrastructure owners must understand their “gaps” to protect against nation-state attacks.
“It’s on the margins, on the folds; it’s where you’re not looking that an adversary … is looking to exploit,” he said. “We should all understand that one day, we will be faced with a security event. Something will happen in our system. Let me ask this very key question: Are you prepared to be overwhelmed, when it’s the fog of war; there’s incomplete information; everyone is yelling on the radio at the same exact time? Maybe there;s blood on the ground. Are we prepared to be overwhelmed?”
Although DHS has moved past the post-9/11 antiterrorism mission on which it was founded, it cannot prevent sabotage of industrial control systems by itself, Harrell said.
“It takes patriots. It takes those with a vested interest in how we leave this country to our children. So I ask as we leave this conference … that you leave with a ‘to-do’ list, with a list of items that we can do to prepare the next generation, promote resilience, protect our critical infrastructure and work for the common good of national security.”
Harrell said he is surprised at how far behind other critical infrastructure sectors are in their cybersecurity measures compared with the electric industry. DHS is urging other sectors to adopt the model of the Electricity Subsector Coordinating Council (ESCC), which includes more than 30 CEOs of investor-owned utilities, public power companies, rural electric cooperatives and industry trade groups.
Because it is led by CEOs, Harrell said, “when we have a robust conversation around the table, and we say, ‘This is the plan; let’s go forward; let’s make things happen,’ it actually happens. Instead, the other model [without CEOs] is, ‘Let me go back to the shop … get concurrence, get some approvals and then we’ll see you next quarter,’” Harrell continued. “That is ineffective. It is slow. It is burdensome.”
Harrell also discussed insider threats, saying, “I am convinced that we have individuals within our companies that have the institutional knowledge as to how to bring us to our knees. They understand the keys to the kingdom. They understand what the crown jewels are.”
Conducting background checks every seven years isn’t enough protection, he said. “Do we have the technology in place to understand what data is leaving our system and going to somebody else’s Gmail?” he asked.
Fanning: AI Key to Defense Against Increasing Threats
Southern Co. CEO Tom Fanning, co-chair of the ESCC, said the rise of machine learning has resulted in an explosion of attacks against utilities and a need for robust artificial intelligence. Fanning said utilities have faced millions of attacks daily, including efforts to position, probe defenses and gain intelligence.
“Heretofore you can imagine a nondescript concrete building on the streets of Beijing, China, with armies of people banging keyboards trying to get in,” he said. “But as machines learn how to attack, we are now into trillions of [attacks] a day, and the success and failure of attack defense will be driven by how good your artificial intelligence is. It’s almost beyond human capability to … understand an attack and how to defend ourselves.”
Fanning said the Cyberspace Solarium Commission, a bipartisan group of members of Congress, former government officials and industry representatives authorized by Congress, will produce a report later this year or in early 2020 that will “reimagine how government and private industry work together” to address cyber threats.
“The concept of [information] sharing will be obviated in the not-too-distant future. Sharing is too slow,” he said. “I think we will consider an effort to join the data-sharing, knowledge-sharing and sharing of insight among and between the intelligence community, the defense community and private industry in a way that we have never seen before.”
Collaborating to Deal with Squirrels and Nation-states
Karen S. Evans, assistant secretary in the Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response, joked that her responsibilities span from “squirrels to nation-states.”
“My leadership’s greatest fear is when we are responding to a natural disaster, that that is when our country is most vulnerable. And that’s when we would be taken advantage of,” she said.
She said the relationships between industry, DOE and its national laboratories are crucial to protecting the grid. “The only reason why this is going to work is because of the partnerships that we have within the sector,” she said.
Zach Tudor, Idaho National Laboratory’s associate director for national and homeland security, had a similar message. “The reason we can speak with one voice is you’ve built a community of trust,” he told the audience.
Ross Johnson, president of Bridgehead Security Consulting, also stressed the value of collaboration, decrying organizations that have dropped out of industry groups because management didn’t understand the value.
“They’re crazy,” he said. “You don’t learn anything hanging around the office. You learn from meetings like this.”
Tim Conway, technical director for SANS Institute’s ICS and supervisory control and data acquisition programs, suggested utilities participate in NERC’s biennial GridEx to get tested by “surprise” scenarios and work in the off-years on the risks to which they are most vulnerable.
Conway said the industry can sound “schizophrenic.”
“We say these standards are a baseline minimum, indicating we should all be doing more. But because they’re changing so much, you’re not incentivized to do more because you’d be misallocating capital.”
Ben Miller, vice president for professional services and R&D for Dragos, a security firm focused solely on ICS, said, “There’s a difference between incident response planning and readiness.
“And largely what we’ve been testing to date with GridEx, I would say, is largely on the planning side. Being able to measure and understand readiness is a whole different ballgame.
“I do recognize that GridEx does do interdependency testing,” he continued. “I am suggesting from a threat assessment and threat understanding [perspective], we can sometimes close our eyes to the external facing threats that we don’t control because they’re hard to approach. That said, there’s still very realistic … scenarios that [suggest] some level of planning and discussion should happen outside of exercises.”
DER Risks and Benefits
Several speakers mentioned the potential risk from distributed energy resources.
“If we look at … our infrastructure … there’s visibility right at the edge that we don’t have for certain types of cyber issues,” said Ben Blakely, chief security officer for Hydro One. “You can’t manage scenarios that you’re not aware of.
“I’d be curious to see how other folks are doing in that space and also how it would be manifest in a certain scenario that would have impacts on the distribution and transmission system, and ultimately the customer,” he added.
Conway said DERs provide both risks (lower defenses) and potential benefits (the ability to island during disturbances). “We’re in this weird in-between zone right now,” he said.
Jason Stenstrom, Entergy’s director of detection and response, said heightened awareness of cyber risks has also increased the volume of the “noise” with which he must contend.
“Not to say that is bad, because we’re building the culture where people are being aware of all these potential threats, but it can create quite a bit of noise,” he said. “Our CEO … will hear something … and [the question] will come right down to our CIO and right down to me: ‘What are we doing about this?’ It may not even be relevant to our environments.”
Market Systems’ Vulnerability
Blakely was asked how vulnerable the grid would be if the Ontario Independent Electricity System Operator’s market systems were unavailable or corrupted.
“We actually exercised this a few years back in a GridEx scenario,” he responded. “And one of the things we identified was, sure, we understood the criticality of the settlements and markets processes, but we’re not applying the appropriate controls consistent with where the other crown jewels are — at that point in time, the ESP [electronic security perimeter]. So, we actually started to put plans in place to harden that portion of the infrastructure.”
Blakely said Ontario can operate the power system without the market functioning, having a way to process settlements afterward. Still, he said, “It’s absolutely concerning. I don’t think it’s fully explored.”
Kathy Judge, head of U.S. physical security for National Grid, talked about the difference between reliability regulation of the oil and natural gas (ONG) industry and that of the electric grid, which answers to NERC.
“On the ONG side, we have many parents we have to answer to, and they don’t always agree in their approaches,” she said. “They each have their own regulations. … We have TSA [Transportation Security Administration] for pipeline security guidelines; we fall under the Department of Transportation under PHMSA [Pipeline and Hazardous Materials Safety Administration] regulations and DHS for [counterterrorism] standards. We’re under FERC in some situations. Each state regulates us, and then the U.S. Coast Guard [does so] as well. So, you can have a situation one week where you can have three different regulators come to look at the same site. So, not always ideal from an operational perspective.”
The positive: Gas regulations are “much less prescriptive” than NERC’s, Judge said. “We like that.”
Robert Mims joined Southern Co. as director of security for its gas, nuclear, generation and transmission operations, after the company’s acquisition of AGL Resources (now Southern Company Gas) in 2016. He confessed to having “NERC envy” when he was responsible for gas alone.
“I would see my electric peers and see all the resources they had to apply to the same problem that I did. But they’re serving 4.2 million customers with 30,000 employees, and they’ve got a team of 100 cybersecurity people. And I’m dealing with the same circumstances [with fewer resources] … so, it’s a challenge,” he said. “I don’t have regulations; I have pipeline security guidelines that are voluntary. If it takes a regulatory action to get me those resources, I’m all for it. That’s one way of looking at it.”
He recalled the 1965 blackout that led to NERC’s formation and the 2003 outage that caused Congress to authorize mandatory reliability standards for grid operators.
The gas industry knows “we’re one incident away [from mandatory regulations],” he said. “In the meantime, we’re going to keep working together, with a lot of industry collaboration, a lot of partnerships, and just understand our own risk and threats and doing what we think is the right thing for our companies to mitigate those risks.”
Not Sleepless in Idaho Falls
Several of the panel discussions included that hoary question, “What keeps you up at night?” Although the security of 5G technology concerns him, INL’s Tudor insists he sleeps well.
“I like to say, ‘I’m from Idaho Falls and I sleep like a baby, [thanks to] that fresh air and everything else,’” he said. “A lot of us have been here and doing this for a long time, and we’re really getting better. So, yeah, the adversaries are getting more sophisticated, but our community’s growing. We’re learning more, so it makes me hopeful every day. So, I don’t try to take it to bed with me. I just wake up energized to do more the next day.”
ATLANTA — “For the record,” joked Ben Miller, “I cry watching ‘Frozen.’”
Miller was one of five former colleagues who offered sometimes tearful, often funny, tributes to the late Mike Assante during the emotional highlight of GridSecCon 2019 last week.
Assante died July 5 at 48, following a more than 15-year battle with cancer. After serving more than a decade in the Navy and being named Intelligence Officer of the Year for the Pacific Fleet in 1997, Assante became NERC’s first chief security officer after a stint as CSO for American Electric Power. He later worked for Idaho National Laboratory and became director of the SANS Institute’s industrial control systems and supervisory control and data acquisition security training curricula.
The speakers Oct. 23 praised him as a visionary, noting his 2009 letter to stakeholders as NERC CSO that called for a shift to consider potential misuse of cyber assets, not just the loss of them.
“A lot of the things he [did] at NERC, including the letter, including the HILF report — high-impact, low frequency report — created the structure [to] move the ball forward beyond merely regulation,” said Miller, vice president of professional services and R&D for Dragos. One product of that effort was the Electricity Information Sharing and Analysis Center. (“We probably wouldn’t have the E-ISAC without Michael Assante,” NERC CEO Jim Robb told the organization’s board of directors in August.)
But Assante’s greatest gift, speakers said, was his ability to inspire, recalling career pivots they made based on his advice. And his legacy, they said, would be the “community” of cyber patriots he sought to protect critical infrastructure.
“Throughout his career, Mike informed presidents, shaped policies of foreign countries, helped establish standards for nations’ key resources, advised CEOs and leaders,” said SANS colleague Tim Conway, technical director of the institute’s ICS and SCADA programs. “But more important to Mike … has always been the individual lives that he has changed, that he’s invested in, and the things that those people have gone on to do in their own careers … throughout this industry.
“One of his most amazing skills has always been in identifying, connecting, motivating and enabling people to go on and do things that they wouldn’t have normally done. I’m one of those people who had the opportunity to work with Mike in a variety of different roles [and] organizations over the years. And [at] each one, he led me to challenges and to move in ways I would not have been comfortable with if he was not there with me.”
Jason Christopher met Assante while working at FERC and stayed in touch when he moved to the Department of Energy, eventually working with him at SANS. He remembers Assante approaching him when he was representing FERC during a NERC Critical Infrastructure Protection Committee meeting, where Assante was giving a presentation about the industry’s aging workforce.
“So much of my work about training … and trying to inspire others — I can pinpoint it to him coming up to me in the back of a room and just inspiring me,” said Christopher, now chief technology officer for Axio.
“The first couple times you [met him, you] realized he just kind of knew everything,” Christopher continued. “Everyone wanted his opinion … on how to do any project at DOE. If you told me that the HVAC vendor for DOE was asking Mike Assante’s opinion, I’d say, ‘Yeah that makes sense.’ Everyone wanted to get his perspective because he had seen so much and done so much already and helped the industry be what it is.”
Bryan Owen, cybersecurity manager for OSIsoft, who worked with Assante at INL, recalled a “red-blue” training at which Assante was one of the motivational speakers. “He would come in and just wow everyone,” Owen said. “And after that, I had guys coming back and telling me all the great things they wanted to do — they were turned on to do secure design and secure by default … Mike just had that gift.”
Owen also recalled Assante leading a group of reporters through the lab during a media tour following news of Stuxnet.
“One of the journalists asked, ‘Tell me about this Aurora test.’ Mike’s eyes lit up, and he started describing this [herky jerky] diesel generator that had served its purpose so well, and in its final act, it was sacrificed to prove that cyber really could take one of these things down,” he said. “You could just see everyone listening to him. And they all felt sorry for the generator.”
He also recounted a photo of Assante that was posted at a SANS cyber summit. “The message around that was, ‘We can’t sit back and be reactive when it comes to protecting infrastructure. We have to go out and hunt for these bad guys in our systems.’ That’s stuck with me ever since.”
INL named a classified conference room for Assante, said Zach Tudor, the lab’s associate director for national and homeland security science and technology. “Mike is a huge figure among all of us at Idaho National Laboratory,” he said. “If he would suggest, ‘Do you think you should do this?’ It was kind of like, ‘You better do this.’”
Fifth of July
Assante survived his first battle with cancer more than 15 years ago but learned — at GridSecCon 2017 — that his leukemia had returned, Conway said.
“He waited [to pass] until after the Fourth of July. I talked to him the day before and he said, ‘I don’t really want to go on the Fourth of July when everyone is supposed to recognize the nation and our freedom. I really hope I can make it another day. He really had control of this the whole way through.”
“And he didn’t want to die on July 6, which is his wife’s birthday,” wrote Dragos founder Robert M. Lee, who continued the story in a blog post titled, “Goodbye Mike Assante, Thank you For Literally Everything.”
“So essentially Mike chose the fifth,” Lee wrote. “That’s the kind of stuff we make up about people to pretend they’re a badass. But that was just another true story and small feat by Mike. Mike didn’t lose his battle to cancer; he kicked its ass a decade ago. It came back, and he told it, ‘No, you’re going to wait your turn.’”
Christopher said it was community that Assante was thinking about at the end. “My last conversation with Mike, he mentioned this community, the people in this room. And he said, ‘This is what’s important. It’s the community,’” he recounted. Assante said “to take care of each other because we’re all making a difference, and we’re doing what we do best, and we do it best together. He said to make sure that we talk about that. That we talk about us as a community. The specialness we have as a group.”
Assante left behind his wife, Christina, and three children, Alex, Anabel and Asher.
Tom Vanderhorst, Christina’s brother, ended the program with reminiscences of campfires at which his brother-in-law talked about his “community.”
“Along with being passionate about those he loved, he was also passionate about this community,” he said. “He was living his dream.”
The federal judge overseeing Pacific Gas and Electric’s bankruptcy named a mediator Monday to help the embattled utility and its bondholders negotiate a reorganization plan.
Lawyers for PG&E Corp. and its utility subsidiary Pacific Gas and Electric Co. have been pleading for a mediator for weeks to help them resolve differences with bondholders trying to take over the company. (See Attorneys Clash over PG&E Reorg, Blackouts Resume.)
Judge Dennis Montali, with the U.S. Bankruptcy Court in San Francisco, finally acquiesced, saying he hoped mediation would work now as it had in the utility’s 2003 bankruptcy, when a mediator helped PG&E and the California Public Utilities Commission hammer out a compromise.
“Now, more than sixteen years later in the utility’s second case (this time with parent company), the need for mediation is far more obvious and the stakes unbelievably higher,” Montali wrote in an order. “After presiding over every hearing in these Chapter 11 cases over the past nine months, the court is convinced that mediation should be attempted once again.”
Montali named retired bankruptcy Judge Randall J. Newsome as the mediator. Newsome, who works now for JAMS, the nation’s largest private mediation and arbitration firm, served on federal bankruptcy courts in Ohio and Northern California before retiring in 2010. He joined JAMS’ San Francisco office in 2011, according to a biography posted by the National Conference of Bankruptcy Judges.
Online biographies for Newsome do not list any utility-related experience, but Montali gave him authority to “recommend the appointment of one or more additional mediators who possess needed requisite expertise and experience to join him in his efforts.”
PG&E and its bondholders have been fighting for control of the company for months. On Oct. 9 the judge ended PG&E’s period of exclusivity — the time it had to propound its own reorganization plan without competition — and allowed the bondholders to submit their plan for potential confirmation. (See Judge Admits Takeover Plan as PG&E Starts Blackouts.)
PG&E argued Montali’s action hadn’t helped advance the bankruptcy process and asked again for a mediator.
“As we predicted at the exclusivity hearing, termination of exclusivity has not worked to promote a consensus,” PG&E lawyer Stephen Karotkin told Montali during an Oct. 23 hearing. “[W]e say to your honor, now is the time to promptly appoint a mediator. That is the way to move these cases forward.”
Randall Newsome | University of Pennsylvania
The competing plans differ in their sources of financing and the amounts they would set aside for victims of wildfires sparked by PG&E’s equipment. The bondholders plan allocates roughly $5 billion more to fire victims in cash and PG&E stock. The bondholders also claim to have more than $29 billion cash in hand, versus promises by PG&E’s creditors to provide more than $34 billion for its reorganization efforts.
The bondholders, a group of high-risk hedge funds and institutional investors, want to wipe out the equity of PG&E’s current shareholders and give themselves control of the company.
PG&E sought bankruptcy protection in January after a series of devastating blazes threatened the company with insolvency. They included the wine country fires of October 2017 and the Camp Fire in November, the deadliest and most destructive wildfire in California history.
Seeking to avoid additional wildfires, PG&E has turned off power to millions of California residents three times in the past week during dry, windy weather conditions. The latest round of shutoffs to roughly 600,000 customers began Tuesday.
PG&E’s stock sunk to record lows of less than $4/share Monday on news it’s equipment may have started the Kincade fire, which had burned more than 75,000 acres and destroyed 124 structures in Sonoma County as of Tuesday morning, according to the California Department of Forestry and Fire Protection.
Montali’s appointment of a mediator and other factors caused PG&E’s stock price to jump more than 20% during trading Tuesday to nearly $5/share. It traded at about $70/share prior to the October 2017 fires.
