Last year represented a “transformational” one for NERC, as the ERO faced wide-ranging challenges such as cyber and physical security, extreme weather, and a changing resource mix that “it is abundantly clear” will only become more pressing in 2023, CEO Jim Robb said in the organization’s annual report released Tuesday.
“As I begin my fifth year as CEO, I can’t help but reflect on the extraordinary transformation of the resource base that is occurring, the challenges associated with extreme weather systems and the transformation of the ERO Enterprise toward operating as one synchronous machine,” Robb said in the report. “I’m pleased with how far we have come in a relatively short time with the complex and rapidly evolving risk and threat environment across North America.”
The report highlighted NERC’s major achievements last year, organized by the five key focus areas from the ERO Enterprise Long-term Strategy published in 2019, and the objectives associated with each area.
In the first section, “Expanding risk-based focus in standards, compliance monitoring, and enforcement,” NERC highlighted its shift “to a holistic, risk-based approach to compliance” that allows the ERO Enterprise to “apply resources to the most significant reliability risks and better respond to emerging risks.” NERC’s efforts in this area included its work on reliability standards related to physical and cybersecurity such as CIP-014-3 (Physical security), approved by FERC in June, and the cyber supply chain standards that became effective in October. (See FERC OKs Updated Supply Chain Standards.)
NERC also touted the completion last year of its new extreme cold weather standards, calling winter weather “one of the most critical and high-priority challenges currently facing [the electric] industry.” FERC approved the standards last week, while pushing the ERO to continue its development work. NERC’s report was written before the commission granted its approval but acknowledged that “work is presently underway to address” issues identified after the February 2021 winter storm. (See FERC Orders New Reliability Standards in Response to Uri.)
Security Collaboration Opportunities
Security was also addressed in a section of the report discussing the Electricity Information Sharing and Analysis Center (E-ISAC), which “worked to stay ahead of these challenges” by improving its own products and services, and by pursuing partnerships with other critical infrastructure sectors and the government.
Cross-border cybersecurity threats were a constant theme in 2022, thrown into sharp relief by Russia’s invasion of Ukraine that began last February. Even before the invasion, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency launched its “Shields Up” campaign to remind infrastructure operators to improve cyber defenses and be vigilant against potential intrusions. (See Utilities Warned of Cyberattacks amid Russia Tensions.)
The E-ISAC played its part in the collective security posture by activating, with its sister organizations from other sectors, the Tri-Sector All-Hazards Playbook. NERC said the E-ISAC is now updating the playbook “based on lessons learned from this year’s coordination.” The organization is also developing the Energy Threat Analysis Center alongside the Department of Energy to coordinate security activity among utilities and government agencies.
NERC addressed further collaboration activities in its section on “strengthening engagement across the reliability and security ecosystem in North America,” highlighting its communication with state, provincial and federal authorities across the U.S. and Canada. The report also mentioned collaboration efforts with electric industry stakeholders in Europe, Africa and South America.
Identifying Improvement Areas
Another focus area concerned “steps to mitigate known and emerging risks to reliability and security” and is related to the ongoing transition of the North American electric grid to carbon-free resources. NERC’s discussion of these items in the annual report mainly dealt with its reliability assessments — including its seasonal and long-term assessments — and the annual State of Reliability Report.
NERC also highlighted its inverter-based resource and distributed energy resource strategy documents, published in September and November, respectively, to outline work needed to address the promises and pitfalls of the new generation fleet, along with its reports on disturbances involving wind and solar generators that “illustrate the need for immediate industry action” to address their performance issues.
Finally, the ERO discussed its efforts to capture opportunities for “effectiveness, efficiency and continuous improvement.” In this section NERC primarily highlighted the introduction of the Align software tool and ERO Enterprise Secure Evidence Locker, which began in 2021 and continued throughout 2022.
In addition, the organization mentioned its initiatives to improve workplace culture and give staff more flexibility in arranging their work schedule. These efforts include NERC’s new office space in D.C., dubbed the “Collaboration Hub,” that reduced working space needs “while still providing a space for the ERO Enterprise and stakeholders to connect and collaborate.”
“Fulfilling NERC’s statutory mandates and tackling the new challenges before us requires a step change in how we fulfill our mission,” Board of Trustees Chair Ken DeFontes said. “This step change requires all of us to look differently at NERC’s priorities and the resources required to accomplish these shared goals … through a new lens — one focused on agility, adaptation and aggregated approaches. Managing the pace of change is a challenge for reliability, and we need to ensure that our own efforts adapt to this pace when appropriate.”