November 17, 2024

CISA Launches Cybersecurity Software Buying Guide

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help organizations determine their software suppliers’ approach to cybersecurity in order to prevent nonsecure code from getting into their systems. 

CISA’s Secure by Demand Guide, published Aug. 6, provides “questions and resources” that software buyers can use to double-check their suppliers. The agency said that while staff in charge of software acquisition at an organization usually understand the core cybersecurity requirements for a desired technology, they often do not check whether suppliers have “practices and policies in place to ensure that security is a core consideration” at all stages of development. 

The document is intended as a complement to the agency’s Secure by Design Guide, released a week earlier. That guide aims to help instill in software developers the philosophy of building cybersecurity into their products from the ground up and taking proactive steps to ensure their software is free of vulnerabilities. A secure-by-design approach follows three principles: 

    • Take ownership of customer security outcomes. 
    • Embrace radical transparency and accountability. 
    • Build organizational structure and leadership to achieve these goals. 

With the new guide, CISA said, businesses can make sure suppliers are following these principles. 

“We are glad to see leading technology vendors recognize that their products need to be more secure. … Businesses can also help move the needle by making better risk-informed decisions when purchasing software,” CISA Director Jen Easterly said in a statement. “This new guide will help software customers understand how they can use their purchasing power to procure secure products and turn secure by design into secure by demand.” 

In the guide, CISA said businesses’ due diligence of software manufacturers “often [focuses] on [the manufacturers’] enterprise security measures,” which they examine through the lens of compliance standards. However, this focus on enterprise security — which relates to how the company protects its own infrastructure — can come at the expense of neglecting the vendor’s product security, by which the company ensures its products are safe from attacks. 

The guide urged organizations to look for ways to make product security a focus at each stage of procurement. Before procurement, an organization can use probing questions to evaluate a manufacturer’s understanding of product security; during procurement, the organization can write product security requirements into its contract language; and afterward, it can continue to assess the product security and security outcomes. 

Suggested general questions for software manufacturers include whether the manufacturer has taken CISA’s Secure by Design Pledge, how it measures its adherence to the pledge, and to what extent it supports security patches. Additional questions cover a number of specific topics: 

    • authentication — whether the product supports secure authentication measures such as single sign-on and multifactor authentication and has eliminated default passwords in its products. 
    • eliminating classes of vulnerability — what vulnerability classes the manufacturer has addressed systematically in its products, and whether it has a road map for eliminating those classes. 
    • evidence of intrusions — whether manufacturers make security logs available to customers in the baseline version of their products. 
    • software supply chain security — whether the manufacturer generates a software bill of materials in a standardized format that is available to customers, and how it vets the security of open source software components. 
    • vulnerability disclosure and reporting — whether the manufacturer demonstrates transparency and timeliness in vulnerability reporting for its products. 

Describing the guide as “a starting point for software customers to generate the demand for more secure technology products,” CISA advised businesses to use additional resources, such as its Software Acquisition Guide for Government Enterprise Consumers and the National Institute of Standards and Technology’s Secure Software Development Framework. 

NYISO Presents Draft Recommendations for Demand Curve Reset

NYISO presented its draft recommendations for the demand curve reset Aug. 1, including the choice of a two-hour battery electric storage system resource as the proxy unit in calculations.

The ISO said it agreed with the findings of Analysis Group, even after some stakeholders — mostly generators — opposed the choice. (See NYISO Stakeholders Continue Debate over Battery as Proxy Unit.)

The presentation to the Installed Capacity Working Group was proceeded by a long discussion of various financial parameters employed by NYISO’s consultants.

“Hopefully I don’t need to cover this,” said Zach Smith, senior manager of capacity and new resource integration market solutions for NYISO, referencing a background slide. “We just spent the past two hours talking about” it.

Smith said that NYISO staff concurred with the recommendations of Analysis Group. Based on the data analyzed so far, a 200-MW, two-hour lithium battery storage system is the technology that represents the highest variable and lowest fixed cost for all zones in New York.

“There are a couple of areas we are continuing to investigate, to sharpen our pencils on,” Smith said. “The first is an assessment of the capital parameters for the battery storage option. … We are also looking at the appropriate derating factor for battery energy storage.”

Smith added that NYISO was looking at the appropriate indices and weightings used for updating the cost of new entry.

Doreen Saia, a lawyer with Greenberg Traurig, said she was unsure how well Analysis Group captured the risk portfolio of the two-hour battery as compared to other storage options. Earlier she said she believed the analysis was “too aggressive” on an eight-hour battery but not aggressive on the two-hour.

“While I’m not conflating capacity accreditation factors with this, from a risk perspective, I think you have to project or assume or presume that investors are going to see that distinction and manage it with a risk assessment,” Saia said. “I think that’s where the train fell off the tracks a little.”

Other stakeholders seemed concerned about the derating factor for energy storage. Derating factors measure the availability or performance of specific resources. They are combined with duration adjustment factors to account for a resource’s capacity accreditation.

Smith outlined a problem with the derating factor for the two-hour battery. Analysis Group and its consulting partners, 1898 and Co., recommended a 2% derating factor. However, NYISO’s ICAP Manual establishes that the initial derating factor for new classes of energy storage entering the capacity market is set to the NERC class average of pumped hydro storage, 9%.

“There is a potential misalignment between the assumed proxy EFORd [equivalent forced outage rate – demand] value for energy storage directed by the ICAP Manual versus the potential operating performance anticipated for such resources,” said Smith. “We are continuing to evaluate what the appropriate derating factor should be for battery energy storage systems in the demand curve reset.”

“You’re acknowledging that there’s a problem,” said Mark Younger, president of Hudson Energy Economics. “But you have not committed yet to fixing the problem.”

“We are committed to investigating the problem,” Smith answered. “I don’t know what the solution to the problem is, but we will have a resolution to it.”

Smith went on to say that NYISO would work with Analysis Group to investigate the appropriateness of the composite escalation factor methodology in the indices used for determining the gross CONE. Composite escalation factors combine inflation and potential market shifts to try to estimate the future cost of longer-term projects.

“Despite our best efforts, which everyone seems to be having including the state in their contracting efforts, the issue of how to manage escalation has taken on a life on its own. … It’s cumbersome and unmanageable,” said Saia.

Smith said that NYISO was still soliciting feedback and it would post the comments received. It will post the final staff recommendations Sept. 5. The final reports from NYISO and the consultants will then be posted on Sept. 19 and referred to the Board of Directors for approval. Final stakeholder comments for the board should be filed by Oct. 9.

The ISO is required to file a proposal with FERC by Nov. 30.

“Then I’m going to take a vacation,” Smith said.

DC Circuit Vacates FERC Approval of Two LNG Facilities in Texas

The D.C. Circuit Court of Appeals issued an order Aug. 6 vacating FERC’s approval of two LNG export facilities in Texas and remanding the cases back to the commission. 

The two facilities are in Cameron County, Texas, which borders Mexico. The facilities’ approval already had been in front of the court in appeals filed by Vecinos para el Bienestar de la Comunidad Costera (Neighbors for the Well-being of the Coastal Community). The vacated orders were on remand from those earlier cases. 

“The commission erroneously declined to issue supplemental environmental impact statements addressing its updated environmental justice analysis for each project and its consideration of a carbon capture and sequestration system for one of the terminals,” said the decision, authored by a three-judge panel. “It also failed to explain why it declined to consider air quality data from a nearby air monitor.” 

Texas LNG Brownsville filed an application in 2016 to build an LNG export terminal on the Brownsville Shipping Channel. Within six weeks, Rio Grande LNG filed to build a second terminal nearby, while Rio Bravo Pipeline Co. filed to build an interstate pipeline to bring fuel to the second facility. The latter two firms are subsidiaries of NextDecade LNG and the joint pipeline/LNG development is called the Rio Grande project. 

Rio Grande filed to add a carbon capture and sequestration system to its facility after losing the first round of litigation. It would seek to capture 90% of the CO2 produced by natural gas liquefaction and ship it via pipeline to an underground injection site in Texas. 

On remand, the commission did an environmental justice analysis that included gathering new, relevant information. But it declined to order a more formal supplemental Environmental Impact Statement (EIS) under the National Environmental Policy Act (NEPA), which would have required giving parties a chance to comment on its analysis. 

Petitioners argued FERC should have done an EIS on the projects on remand. The court agreed. NEPA requires a supplemental EIS when significant new circumstances or information related to environmental concerns of the action are available.  

“Here, the pertinent ‘new information’ includes the updated demographic and environmental data submitted by the developers, as well as the commission’s entirely new analysis and interpretation of that data, which are substantially different from the previously conducted environmental justice analysis in the final EIS,” the court said. 

The original EIS covered the impact on just a two-mile radius around the projects, which FERC extended to 50 kilometers (31 miles) in the less formal review on remand. The new analysis was significantly longer and, unlike the initial EIS, found “disproportionately high and adverse” impacts on environmental justice communities. FERC also ordered additional mitigation measures. 

FERC argued it did not have to do a formal EIS because it reached the same conclusion that the projects would not have major impacts on air quality. 

“That explanation is inadequate for two related reasons,” the court said. “First, neither the regulations nor case law condition the requirement to issue a supplemental EIS on a new determination that a particular environmental impact is significant.” 

The second reason in FERC’s argument is that environmental justice analyses, even new and expanded ones, are not important enough to require a supplemental EIS unless they also disclose significant impacts on the physical environment.  

Effects on environmental justice communities are impacts that are relevant to environmental concerns, which would require a supplemental EIS, the court said. 

FERC took comments on how the developers responded to its new analysis, but it did not let other parties comment directly on its conclusions. 

“But NEPA’s purpose is to allow the public to see and comment on the agency’s interpretation of data, not just the underlying data itself,” the court said. FERC therefore deprived petitioners and the broader public of an adequate springboard for public comments, which it would have been legally required to consider in its decision. 

Rio Grande’s addition of CCS to its project also drew arguments that FERC should have conducted a new EIS based on that change. 

“Rio Grande submitted its CCS proposal specifically in response to our 2021 remand — which required the commission to revisit aspects of its environmental analysis and its ultimate approval of the project — such that both approval requests were pending before the commission at the same time,” the court said. “Indeed, Rio Grande implored the commission to consider the CCS proposal as part of the reauthorization process precisely because it viewed the two actions as related and thought that the CCS proposal’s ability to capture most of the terminal’s GHG emissions would make reauthorization more likely.” 

On remand, FERC must consider the actions together in its environmental analysis before deciding whether to reauthorize the terminal. Even if Rio Grande decided against moving ahead with the CCS, FERC must study it as an alternative in a new EIS on remand. 

The court also criticized FERC for failing to properly consider data from a nearby air monitor, and on remand, it must use the data or supply a reasoned argument for not doing so. 

The court noted its decision to vacate the orders could have a significant impact on the two projects, but it was warranted due to FERC’s serious “procedural defects.” 

ISO-NE Outlines ‘Straw Scope’ of Capacity Market Reforms

ISO-NE responded to stakeholder feedback on its capacity auction reform (CAR) project at the NEPOOL Markets Committee meeting Aug. 6, providing clarity on the scope of its capacity market overhaul.

Chris Geissler, ISO-NE’s director of economic analysis, outlined the “straw scope” of the reforms, including which topics likely will be included in the project, and those remaining under consideration.

The CAR project is intended to coordinate resource accreditation reforms with changes to the time frame of capacity auctions. ISO-NE plans to move from the current forward annual auction format to a prompt seasonal auction for the 2028/29 capacity commitment period (CCP).

This change would reduce the time between the auction and the CCP and would split the yearlong CCP into seasons. (See ISO-NE Moving Forward with Prompt, Seasonal Capacity Market Design.)

Geissler presented ISO-NE’s initial thoughts on the scope to the MC in July, and stakeholders submitted written comments prior to the August meeting. (See NEPOOL Markets Committee Restarts Work on Capacity Market Changes.)

The core aspects of the project include defining the timing and schedule of the prompt reforms, the treatment of new and retiring resources, and the delineation of seasons in the CCP, along with finalizing the accreditation reforms, Geissler said. The project also will include a focus on offer price formation, accounting for gas constraints and updating the current data systems, he added.

ISO-NE also plans to move from a descending clock to a sealed bid, which was recommended by the External Market Monitor. He said sealed bids would help enable simultaneous (instead of sequential) seasonal auctions, which ISO-NE is considering to allow bidders “to submit offers that separately reflect seasonal and annual costs.”

Geissler said the RTO still is considering whether to include an evaluation of how it will model resources that are retained via out-of-market mechanisms, tie benefits and correlated temperature-related outages.

He added ISO-NE will consider whether it can improve the existing load model used for accreditation, along with the modeling frameworks used for different resource types. Storage developers argue the RTO’s load modeling has produced unrealistic capacity shortfall events. (See ISO-NE Capacity Accreditation Reforms Spur Energy Storage Concerns.)

The RTO is unlikely to include in the scope a reconsideration of the underlying software program used for the accreditation modeling, or an evaluation of modeling of resource start time. Some stakeholders argue in favor of modeling resource start time, and the External Market Monitor (EMM) has highlighted the issue.

“Resources with long startup times that do not operate frequently provide less reliability value than more flexible units,” the EMM noted in 2021.

Scope Feedback

Prior to the meeting, a wide range of stakeholders submitted written comments on ISO-NE’s scope proposal.

A coalition of clean energy companies and environmental advocacy groups called on ISO-NE to “facilitate more discussion on how the modeled risk relates to observed real-world risk.”

Storage developers expressed concern that the new accreditation framework will lead to a significant reduction in capacity market revenue for storage resources. The impact analysis results presented in the previous stage of the accreditation project indicated storage would see the most significant revenue reduction of all resource types. (See ISO-NE: RCA Changes to Increase Capacity Market Revenues by 11%.)

Several solar companies also submitted comments urging the RTO to consider “enhancements to the modeling framework” for co-located solar and storage resources.

LS Power made the case that accreditation should account for unit-by-unit differences in natural gas availability for gas generation. The company has stressed that gas availability when temperatures decline varies significantly by state and by unit, and ISO-NE’s current accreditation proposal would not account for these differences.

“Just as the current Forward Capacity Auction methodology recognizes locational variations and unit-specific characteristics for accreditation, ISO’s CAR accreditation approach to natural gas accessibility must do the same,” LS wrote.

Meanwhile, RENEW Northeast expressed support for ISO-NE’s proposal for accrediting gas resources, writing that “the proposed market constraint for gas, as part of the seasonal market, appears to be a significant improvement and we appreciate that ISO continues to plan for this as part of the initial market reform effort.”

Calpine advocated for a simultaneous clearing design for seasonal auctions, writing that it has “grave concerns with a seasonal construct that does not allow or permit resources the opportunity to recover full (annual) costs.”

The company also stressed the scope should include an evaluation of tie benefits, and that tie benefits should be treated similarly to other capacity resources.

In contrast, Synapse Energy Economics wrote that re-evaluating the treatment of tie benefits is “not a critical priority at this stage,” adding that it likely would have a small impact on overall capacity requirements.

Several stakeholders, including the New England Power Generators Association (NEPGA), said ISO-NE should discuss with stakeholders what costs can be included in a capacity market offer price.

The Massachusetts Attorney General’s Office recommended ISO-NE “develop a longer-term strategic plan and roadmap for consideration and implementation of needed capacity market reforms that are outside the scope of CAR for CCP 19.”

Financial Assurance

A proposal by NEPGA to amend ISO-NE’s proposed updates to the financial assurance policy failed to gain the support of the MC, with 50% of votes in favor.

NEPGA’s proposal would direct ISO-NE to allow bilateral trading of capacity supply obligations (CSOs) until five business days before each obligation month and would require ISO-NE to review trades within five business days of their submission. (See NE Generators Propose Financial Assurance Changes.)

“The current rules create incremental risk and increase the cost of assuming a CSO,” said Bruce Anderson of NEPGA. “The ability to trade closer in time to the obligation month improves reliability, in that it allows for timely substitution of anticipated Capacity Scarcity Condition performance.”

NERC Report Identifies Persistent CIP Violation Themes

In a report released Aug. 6, NERC said registered entities’ cyber and physical security postures have room for improvement in four key areas and called on stakeholders to “continue the conversations within their organizations and with their peers” to build a safer electric grid. 

The 2024 Critical Infrastructure Protection Themes and Lessons Learned report is the third in a series, with previous installments published in 2015 and 2018.  

Its goal is to identify “risk themes that have made it difficult for some entities to mitigate risks associated with the NERC Critical Infrastructure Protection (CIP) reliability standards [and] to communicate these themes” to stakeholders, along with possible resolutions. NERC said the recommendations are “merely approaches that have been successful for certain entities,” rather than mandatory directives.  

“While industry excels at many aspects of cyber security, the intention of this report is to outline areas for improvement with the goal of driving continued progress toward our shared mission of ensuring a reliable power system,” NERC said, adding that the document includes “high-level fact patterns from open and closed cases” while withholding information that could expose security holes in the grid. 

The risks discussed fall into four main themes: 

    • latent vulnerabilities; 
    • insufficient commitment to low-impact programs;
    • shortages of labor and skillsets;
    • performance drift. 

Latent vulnerabilities refer to “long-standing, higher-risk issues that evade detection and persist within entities’ environments,” which arise even at entities with robust and effective CIP compliance programs that have seen overall failures decline. The ERO noted that such violations tend to be “more isolated in nature” without significant trends but warned that entities still must address these risks to “drive continuous improvement” in grid security. 

Examples of latent vulnerabilities highlighted in the report include an entity’s discovery that an outdated system configuration had granted improper access for grid cyber systems to thousands of unauthorized users for more than five years. The entity discovered the issue only when a transferred employee realized she still had access to files outside her new department. 

Another case involved physical security: An entity had no monitoring system in place for physical access points to substations, despite having alarms and alerts that “created a false sense … that monitoring was occurring.” In reality, the report said, the alarms and alerts had been effectively neutralized by configuration changes during construction of the substations.  

To address these issues, NERC suggested that entities try to determine whether they have dedicated enough resources to the development and execution of detective controls, test their controls regularly and scrutinize their design while “contemplating scenarios that those controls may not address.” The ERO advised that entities conduct periodic searches for latent vulnerabilities in addition to formal internal audits. 

Another theme involves insufficient commitment to low-impact programs, which cover systems considered not to pose a significant risk to grid security. NERC noted that since 2017, there has been a steady rise in the number of noncompliances regarding the CIP-003 (Cybersecurity — security management controls) family of standards, which contain “the majority of low-impact cybersecurity requirements” — from two violations in 2017 to 53 last year. 

The ERO said the majority of these infringements involve misunderstandings of CIP obligations and security objectives, insufficient understandings of the cyber environment, struggles “to effectively manage electronic access,” or inability to implement effective controls on removable media. 

NERC called for entities to improve their attention to detail, planning and execution of low-impact security programs. It also recommended utilities evaluate whether security personnel understand their expectations and cyber environment and that entities taking over the management of existing low-impact sites undergo the same evaluation. 

Labor Issues

Shortages of skilled labor also contribute to security risks, NERC said. The ERO observed that 70% of organizations in the energy, power and utilities industry report a shortage of cybersecurity staff, even as nearly 80% of the industry considers the current threat landscape as the most challenging in the past five years.  

Tying this into the security risk discussion, NERC said many CIP violations it has seen resulted from “entities losing skilled labor … and failing to successfully transition the underlying job responsibilities to new or existing staff.” These transition failures can result from inadequate knowledge transfer or from difficulties finding replacement staff with the necessary skills to adapt to the cybersecurity needs of the electric industry. 

NERC said tackling this issue will require “creativity and attention.” Possible solutions include proactively hiring new staff while experienced employees still are available to educate and train them, along with evaluating their approaches to hiring and compensation to ensure they can attract workers with the skills they need. In addition, the ERO recommended implementing succession plans for employees in critical positions whose departure could “lead to process or internal control failures.” 

The final trend identified in the report is performance drift, relating specifically to physical security and meaning “apathy, circumvention, complacency, inattentiveness” and other human performance issues that creep into security programs “at entities of every size and type.” NERC noted that physical security often requires repetitive behavior that may last long periods of time, and workers may lose focus on or forget the importance of individual acts. 

The ERO said it has “seen increased failure with these repetitive behaviors when disciplined execution becomes inconvenient or uncomfortable.” For example, multiple cases involve staff allowing individuals into secure areas who forgot their credentials or never had them at all. This can arise from a feeling of favors being owed, or employees assuming the people in question “were supposed to be there” — such as a truck assumed to be an authorized delivery vehicle or an unknown individual allowed into a secure area because he claimed to be with a vendor. 

Among NERC’s suggestions to address this issue are regular testing for potential performance drift, such as physical penetration tests. Security programs must exhibit “continuous internal skepticism,” especially because remote work and high turnover have caused staff to become “increasingly unfamiliar with colleagues and other departments.” Additional improvements include implementing incentive programs to “promote process adherence and whistleblowing when processes are ignored.” 

CAISO Proposal Seeks to Refine Storage Bid Cost Recovery

A new CAISO proposal seeks to address unwarranted bid cost recovery (BCR) payments to storage resources, an issue that has stirred controversy over the past month.

The proposal, which CAISO presented at an Aug. 5 workshop, is part of Track 1 of CAISO’s new Storage Bid Cost Recovery and Default Energy Bids Enhancements, which began July 8 and has been criticized by stakeholders for its “aggressive timeline.” (See CAISO Kicks Off Storage Bid Cost Recovery Stakeholder Initiative.) A final proposal is scheduled for a board vote Sept. 26.

“This is a very complicated issue with a lot of moving parts, and I do appreciate that there could be a significant amount of economic burden that’s being introduced into the market because of this, but I really do agree that we should slow down,” Josh Arnold, senior market and operations analyst at Customized Energy Solutions, said during the Aug. 5 meeting. “It’s an incredibly complicated system and I think in some cases it has been oversimplified.”

The initiative aims to address what the ISO identified as unusually high BCR payments to storage resources, despite the payments not being aligned with the intent of BCR.

As noted in the ISO’s July 26 straw proposal, BCR was created with conventional assets in mind, meaning it doesn’t consider storage resources’ opportunity costs or state-of-charge (SOC) constraints. The differentiated treatment of unavailable energy, the proposal says, has led to two primary concerns: that storage assets aren’t exposed to real-time prices for deviating from day-ahead schedules due to SOC constraints, and that it creates incentives for resources to bid inefficiently to maximize a combined BCR and market payment.

CAISO’s proposal seeks to address the problem of a storage resource being unable to meet a day-ahead schedule due to an SOC constraint. In that case, the market instructs the storage asset to a 0-MW dispatch because of the SOC being binding, categorizing the energy as “optimal” and making it eligible for BCR.

“Our proposal is really to define that dispatch that is unavailable due to state-of-charge constraints in the binding interval as non-optimal energy, meaning that it would not be eligible for BCR,” Sergio Dueñas Melendez, storage sector manager at CAISO, said in the meeting. “We believe that this will materially limit the chances of unwarranted BCR derived from buy- or sell-backs of the day-ahead schedule.”

Because the proposal applies only to the real-time binding interval, it wouldn’t fully eliminate BCR, Dueñas Melendez noted.

‘Knee-jerk Reaction Initiative’

Track 2 of the initiative addresses how the BCR construct treats energy storage in co-located configurations, as well as dealing with storage and hybrid resource default energy bids (DEBs).

Some stakeholders expressed concern that the proposal didn’t consider the complexities of BCR and that Tracks 1 and 2 should be separated into different initiatives.

“There’s instances where, yes, the scheduling coordinator of the storage resources is causing the SOC [constraint] [and] that you don’t want to get bid cost recovery. But we know that there are market design issues that can result in the SOC being mismanaged,” said Don Tretheway, director, Markets & Regulatory Policy at GDS Associates.

Tretheway also noted that separating Tracks 1 and 2 could solve the problem more efficiently.

“CAISO is basically saying that you’re going to try and solve now the two instances that you’re concerned of. The first is the ability to inflate your BCR payments so that you can get additional revenues, versus storage resources not being exposed to the real-time bid price when they can’t meet their SOC,” Tretheway said. “I think you can separate those two issues, and you can address those bidding concerns you have in a very simple BCR settlement versus trying to do all this other complex stuff, which would then give us the time to think about what the appropriate approach would be.”

He argued that by solving Track 2 issues related to the DEB first, scheduling coordinators wouldn’t need to ensure that real-time energy bids reflect real-time conditions for storage resources.

Several stakeholders agreed with Tretheway’s concerns, underscoring the complexity of the topic and the need for more time to resolve issues.

Kallie Wells, senior consultant at Gridwell Consulting representing the Western Power Trading Forum, highlighted the need for a more “robust discussion.”

“I think we owe it to ourselves to talk through different ways to address this issue,” Wells said. “One of the drawbacks I see of this proposal is it does create an incentive that we haven’t really discussed. And I do wonder to what extent this proposal is going to incent resources to now bid in a way to ensure that they meet their day-ahead schedules, which we all know real-time conditions change from day-ahead. So, if they’re bidding in a way that basically self-schedules them at their day-ahead schedule, we’ve now lost all that flexibility that these resources are bringing to the market, and that can cause reliability issues.”

Stakeholders continued to ask for more time to address the issue.

“This feels to be a bit of a knee-jerk reaction initiative overall,” said Chris Devon, director of energy market policy at Terra-Gen. “It doesn’t seem like CAISO is willing or able to talk about storage in a manner that looks at everything that needs to be discussed holistically.”

Exelon Prepping for Major Load Growth in Utility Service Territories

Exelon is focused on meeting rising demand from data centers and manufacturing while also working with regulators to ensure that Commonwealth Edison’s integrated grid plan meets the requirements of the Illinois Climate and Equitable Jobs Act, company officials said during its second-quarter earnings call Aug. 1.

CEO Calvin Butler said a revised grid plan, filed in May, is on track for approval after the Illinois Commerce Commission rejected the original in December. The company has reached agreements with the city of Chicago, the Building Owners and Management Association, and environmental organizations, he said.

“These affirmations are good examples of what differentiates the process this year. Approval of the plan will ensure that Northern Illinois will receive the investment needed to maintain an affordable, resilient, reliable and clean grid for its customers and will support the state’s success in attracting new business,” Butler said.

CFO Jeanne Jones said data centers, energy-intensive manufacturing, economic development and electrification are leading to increased transmission spending over the next four years.

She said the growth is exemplified by a partnership between Exelon and Compass Datacenters to build one of the largest data centers in Illinois. She also noted the 235-acre Baltimore Peninsula mixed-use development, which includes 100 MW of load and is supported by rebuilding or constructing several new substations.

“This growth in high-density load, not just in data centers, but also in solar panel production, [electric vehicle] battery manufacturing, hydrogen production, quantum computing and other industries is one of several drivers for why our transmission spend increased by 45% in our four-year plan,” Jones said.

ComEd CEO Gil Quiniones said data center growth is likely to continue in the utility’s region.

“It’s been a robust market for data centers here in Illinois. We have over 5 GW in what we call engineering phase where data centers have paid us to start engineering their projects,” he said. “Some of them actually have made deposits so that we can order large equipment like transformers and breakers. And then behind that, we have another 13 GW in what we call prospects. So they’re not yet in engineering, but they are knocking on our doors, making inquiries very interested in coming to our jurisdiction.”

Exelon reported net income of $448 million ($0.45/share) in the second quarter, a 30.6% increase over that of the same period last year.

PJM Capacity Auction

A substantial increase in PJM capacity prices likely will push consumer rates up, Jones said, potentially leading to double-digit increases in the Baltimore Gas and Electric region, which reached its $466.35/MW-day price cap in the latest Base Residual Auction because of limited local capacity and constrained transmission. (See PJM Capacity Prices Spike 10-fold in 2025/26 Auction.)

Butler said Exelon and PJM have signaled concerns about future resource adequacy as baseload generation is replaced by renewable resources and load growth fueled by data centers.

“The price signals that we saw clearly indicate a need for infrastructure investments in our footprint, particularly in BGE, both generation and transmission,” he said.

Jones said utilities are working to keep costs down, such as with energy efficiency programs that have led to $9 billion in ComEd consumer savings since their inception in 2008. A ComEd rebate program also has facilitated the development of 1 GW of distributed energy resources.

Co-located Load

Butler discussed the utility’s protest of PJM’s request for FERC to amend the Susquehanna nuclear generator’s interconnection service agreement (ISA) to reduce the facility’s capacity interconnection rights (CIRs) and shift 480 MW of its output to a co-located data center (ER24-2172).

The ISA already contains language allowing 300 MW of the facility’s output to be dedicated to co-located load. (See Talen Energy Deal with Data Center Leads to Cost Shifting Debate at FERC.)

Exelon urged the commission to set the matter for hearing and argued that the proposed amendments do not address how the configuration would prevent the load from receiving energy from the PJM grid. It also said the configuration would create a new category of PJM load that does not yet exist in the governing documents and that it should be required to pay for ancillary grid benefits.

Butler said Exelon supports co-located load and data centers, but it should be recognized they benefit from being a part of the PJM grid and should pay for those services.

“Users of the grid should pay their fair share. And while there may be unique opportunities to leverage land and equipment at generation plants to get data centers online quickly, they are still connected to the grid and are benefiting from a host of services that the grid provides to serve all of the load connected to it,” he said.

Colette Honorable, Exelon’s executive vice president of public policy, said the company’s priority is making sure the rules for co-located load are equitable.

“Look, this demand is coming either way, whether it’s co-located or not,” said Honorable, a former FERC commissioner. “And our focus is making sure the investment gets done for the needs of our customers and that everyone has a fair and equitable allocation of the cost of using the grid. And I think that’s the bottom line.”

Duke Energy Executives Discuss Demand Growth on Q2 Earnings Call

Duke Energy executives highlighted how the return to load growth is impacting its utilities during its second-quarter earnings call with analysts Aug. 6. 

The trend started to impact the utility at the start of the year, when it had to file an update to a still-pending integrated resource plan at the North Carolina Utilities Commission after load forecasts increased. 

“We operate in some of the most attractive jurisdictions for both economic development and customer migration, which provide conviction in our 2% load growth forecast in 2024, and 1.5 to 2% load growth CAGR (compound annual growth rate) over the five-year planning horizon,” CFO Brian Savoy said. 

Residential customers are moving at high rates to Duke’s territories in the Carolinas and Florida, where demand was up 2.4% in the first half of the year. Commercial demand growth exceeded Duke’s expectations, while industrial demand saw somewhat slower growth in its territory. Some large customers in Duke’s territory were impacted by interest rates and worries of a possible economic downturn, but the company expects growth in advanced manufacturing and data centers to rise significantly in the long term. 

“It’s primarily what I would call our legacy industries of textile and paper that are feeling the pressure,” CEO Lynn Good said. “And we continue to track with all of that industrial volume we’re expecting from economic development; that is exactly on track. So, it’s a little bit of an old-industry/new-industry story that we’re seeing in the Carolinas in particular, and a little bit in Indiana.” 

Duke recently entered into memoranda of understanding with large customers in the Carolinas, including Amazon, Google, Microsoft and Nucor, to explore tailored solutions to meet large-scale energy needs and lower the long-term cost of investing in clean energy, Savoy said. 

“These voluntary programs, which are subject to commission approval, would be open to any large customer and would include protections for nonparticipating customers,” Savoy said. “We look forward to continued collaboration with all stakeholders as we work to meet the accelerating demand in our service territories.” 

Of the forecasted “economic development” demand growth through 2028, just 25% comes from data centers, though Good said that in the longer term, that is forecasted to be a bigger chunk of new demand. The MOUs are meant to not only help the firmer load growth in its pipeline, but also encourage continued expansion in Duke’s territories, Good said. 

“The discussions are early,” she added. “I think there’s a clear understanding that we are trying to do a couple of things here. We’re trying to meet the load. We’re trying to meet their sustainability goals. We’re trying to do so in a way that protects retail customers. We’re trying to meet their timelines. And I would say the discussion is very constructive, and the notion of risk sharing is something that we’re very clear on and have lots of experience in talking with customers about.” 

Nucor has signaled interest in using nuclear power to fuel its steel-manufacturing operations, even investing $35 million in a potential fusion plant. Good was asked whether the MOUs with it and the others included work on nuclear. 

“They have an interest, obviously, in carbon-free generation, and nuclear represents an around-the-clock option,” Good said. “But we all recognize we’re [in] the early stages of development. So, is there a structure? Is there premium pricing? Is there some method of equity investment? Is there some structure that would encourage the development at a perhaps a more rapid pace, or sooner, because of the partnership? So, all of that is being explored as we talk with them.” 

Duke reported $886 million ($1.13/share) in net income for the second quarter, a big improvement over its loss of $234 million in the same quarter last year. 

No Clear Blueprint for Western ‘RO’ Stakeholder Process

One thing has become abundantly clear after three intensive workshops this summer: There’s no blueprint for developing the stakeholder process for the “regional organization” (RO) envisioned by the West-Wide Governance Pathways Initiative. 

“Stakeholder engagement process” is one of six “work streams” the Pathways Initiative launched this summer to lay the foundation for the RO, which would assume the governance of CAISO’s Western Energy Imbalance Market (WEIM) and Extended Day-Ahead Market (EDAM). (See Busy Summer Ahead for Pathways Initiative.) In some ways, its outcome could be the most vital for the RO’s long-term viability.   

That’s because supporters of SPP’s Markets+ day-ahead offering have touted the market’s stakeholder-led approach to governance nearly as much as the independence of that governance from state (that is, California) influence, challenging acceptance of CAISO’s more staff-driven model. 

Scott Miller, executive director of the Western Power Trading Forum, recognized the change in expectations last July, telling RTO Insider that Markets+ had been “charmed” by SPP’s approach to stakeholder engagement. (See In Contest for the West, Markets+ Gathers Momentum — and Skeptics.) 

“Now they’ve been exposed to a stakeholder process that the stakeholders run, and there still hasn’t been a stakeholder process [in CAISO] that is developed much differently, even in the context of the EIM,” Miller said at the time. 

‘Little Bit Outside the Mainstream’

A year later, Pathways backers seek to address those changed expectations, beginning with a series of four workshops to determine how stakeholders want to interact with the future RO. The group’s Launch Committee considered the subject weighty enough to engage an independent facilitator, Gridworks, to manage the workshop discussions. 

Workshop participants are grappling with a broad question of how to create a “hybrid” stakeholder process model that combines the best parts of CAISO’s staff-driven process with the stakeholder-driven — and committee-based — processes of the RTOs in the Eastern Interconnection, which themselves vary in their approaches. 

Several participants have pointed to benefits of CAISO’s approach: its inclusiveness, accessibility and relative informality, despite its top-down nature. They’ve noted that while CAISO’s process does not rely on stakeholder committees, the ISO recently rolled out use of stakeholder “working groups” to hash out market initiatives.  

“The CAISO process is able to organically capture large ideas [and groups of] stakeholders,” Alan Meck, principal market design analyst at Pacific Gas and Electric, said during the Pathways Initiative’s July 24 workshop.  

Meck said he sees benefit in the ISO’s less structured — that is, non-committee — approach to addressing issues because it doesn’t entail a process in which “x percent” of votes from certain stakeholder groups is needed to advance markets changes. 

Oregon Public Utility Commissioner Letha Tawney said that “as a stakeholder who is not resourced to engage in these processes very deeply,” she appreciated the open nature of the CAISO process. 

“I like how it doesn’t ask, ‘What’s your standing? Why do you have a voice here? Do you get to have a say in this? It’s an all-comers [process], and as a decision-maker myself, who tries to run procedurally equitable processes, I really like that,” said Tawney, one of the signatories of the July 2023 letter launching the Pathways Initiative. 

Tony Braun, an attorney who represents publicly owned utilities in California, offered an example of how that openness can benefit stakeholders who sit “a little bit outside the mainstream” on a market issue. 

“When the flexible capacity product was first introduced, the proposal, which was very mature, was to just peanut butter the costs of it on a load-ratio share basis,” Braun said. “We had to fight tooth-and-nail to show … CAISO that our loads and resources did not look like everybody else’s, or at least certain loads and resources.” 

Braun said the public utilities ultimately convinced the ISO to adopt a more cost-causation approach. 

“And I can’t help but think that would have not happened in a voting structure — that we would have just been an extraordinarily small minority and we would just get rolled over,” he said. 

Ryan Millard, West region senior director of regulatory and political affairs at NextEra Energy Resources, said CAISO included elements of “the good, the bad and the ugly.” Among the bad, Millard noted, is that CAISO’s lack of stakeholder process formality can translate into unclear timelines. 

Citing the example of the ISO’s interconnection process enhancements initiative, he said, “I don’t think there were enough attempts in the beginning to kind of structure how the stakeholder process was going to move forward, and there [weren’t] timelines built into the front. In fact, that was my commentary through that process multiple times: ‘Pick a date, you have a lot of conflicting or complicated compliance filings at FERC that are going to make this more complicated.’ And sure enough, it did.” 

Other workshop participants pointed to what they see as advantages in SPP’s more structured stakeholder process, which they experienced in developing the Markets+ tariff. 

Doug Marker, an intergovernmental affairs specialist at the Bonneville Power Administration, said BPA recognizes and supports the fact that Pathways is seeking “to do something different than the older CAISO staff model.”  

“We would like to see a more stakeholder-led issue development process,” he said during the July 24 workshop. In April, BPA staff issued a recommendation that the agency choose Markets+ over EDAM, citing governance and stakeholder processes as two key reasons for its leaning. (See BPA Staff Recommends Markets+ over EDAM.)  

For BPA, it’s important the stakeholder process “get issues defined and developed so that there’s a clear majority and minority perspective, if necessary,” Marker said. 

“The Markets+ process has helped to facilitate developing consensus on some difficult issues. We were really skeptical going into the process about the voting aspect of it, but it served in some instances to really facilitate consensus,” he said. 

Lauren Tenney Denison, director of market policy and grid strategy at the Portland-based Public Power Council, spoke approvingly of the Markets+ system of standing work groups and ad hoc task forces, both of which include representatives from various stakeholder sectors and rely on forms of voting to advance issues through the stakeholder process. 

“While all decisions go to an independent board eventually, they build up through that working group level,” Tenney Denison said. “Then there’s the Markets+ Executive Committee that has representatives from all the participants and stakeholders. That group is also able to direct work back to those workgroups and task forces. So there’s just more structure involved that has stakeholders having an active voice through this voting mechanism on what to prioritize and what needs to be looked at.” 

‘Pleasantly Surprised’

An Aug. 2 Pathways workshop delved into the question of what a “sector-based committee and voting structure” could add to the RO.  

Braun said he thinks sector-based representation is essential and provides an “indicia of inclusiveness” to the stakeholder process, helping to “get the right people at the table” and build consensus. 

“I think I probably get less worked up about the definitions of the sectors than many do,” he said. “I get nervous when sectors get too granular. I think one of the lessons that we’ve learned is that making the sectors broad forces people to work together to come up with plans for populating the sectors and the relative positions in the stakeholder processes,” such as in the WEIM’s stakeholder-led Regional Issues Forum (RIF).  

“I think one of the benefits of having some similarly situated folks within the same group is that it’s helpful to sort of zoom in on areas where there is consensus out of the gate and areas where maybe we’re using different terminology to describe the same thing — or with areas also where there isn’t consensus,” said Ian White, director of regulatory affairs at Shell Trading. 

White said the RIF group representing independent power producers, marketers and independent load-serving entities sector — one in which Shell participates — has become “quite an unruly” sector with its 70 members, many of which operate under different business models and therefore don’t always share the same interests.  

“Regardless of sector size, I think you’re always going to have splinter factions form over issues that are of unique concern to an organization’s individual goals,” NextEra’s Millard said. “And that’s particularly true in diverse sectors, of which NextEra is one. The less formal structure of CAISO’s stakeholder framework sort of allows for that, and you have the ability to collaborate and/or advocate as a subgroup of your sector or even cross-collaborate with other sectors.” 

Allie Mace, manager of market policy and analysis at BPA, said sector-based representation encourages collaboration among stakeholders. 

“In the Markets+ experience, we were pretty pleasantly surprised by the enthusiasm and engagement to dig in on issues and shape compromises and consensus approaches across the sectors,” Mace said. “The sector definitions didn’t seem like they were a barrier to that collaboration. I think defined sectors can help to provide some good helpful parameters for organizing issues and input.” 

Voting with Purpose

On the topic of whether the RO’s stakeholder process should include participant voting, both Braun and Scott Ranzal, director of portfolio management at Pacific Gas and Electric, expressed support for some kind of voting, but raised the question of the purpose of votes.  

As noted throughout the workshop, voting can be characterized as “indicative” (showing a preference during the process), “advisory” (expressing an opinion to a board or other body) or “binding” (advancing a proposal).   

“I think voting is a reflection of desire that actually already happens inside the CAISO,” Ranzal said. “It’s not labeled as a vote, but it is very clear in the CAISO processes where people want to be. So I think if voting is a reflection of desire, and that can help with accountability and visualizing what is happening, adding that to the CAISO process seems like it would have a positive bent to it.” 

“I think voting has the potential to complicate engagement and sometimes discourage engagement altogether, if you’re a minority voice on a specific issue,” Millard said, advocating for “narrowing the application of when and how voting” is used in the stakeholder process. 

Mace said BPA found voting in Markets+ to be a “positive experience” after the agency overcame a “learning curve.” 

“We were pretty impressed with how voting helped to move things along,” Mace said. “Calling for that advisory vote could be a very powerful tool at times in meetings for getting out of a spinning topic and identifying where people stood, so then you can move forward on the compromise and collaboration.” 

Natalie McIntire, a senior advocate at the Natural Resources Defense Council, said she wouldn’t take a position on whether the RO should include voting and whether such voting should be advisory or binding. 

“But if there is voting, I think it’s really important that you spend a fair amount of time thinking about the balance of those votes,” McIntire said. “I think different regions across the country have different ways that they weight voting based on sectors, and you want to really make sure that that voting is reasonably balanced so that no one sector has control over the outcome of those votes.” 

Kerinia Cusick, president of the Center for Renewables Integration, said any “effective” stakeholder process she’s been involved with has included some form of voting. 

“I’m trying to sort of think of examples where there has been no voting, and those have been somewhat frustrating processes,” Cusick said. “They’ve been sort of long, very engaged, and then nothing comes out of it. So there’s a ton of value of voting to drive accountability.” 

Michele Beck, director of Utah Office of Consumer Services, said she agreed with workshop participants who want to find a “middle ground” between the more “prescriptive” voting structure of the Eastern RTOs and the CAISO process, “something that might be more limited, more indicative.” 

Ranzal said Pathways likely will draw on parts of multiple RTOs to serve the RO’s stakeholder process.   

“We’re going to create our own thing, as we often do in the West, and I think that suits and fits the needs of the West and that’s a good thing. That’s part of the reason why we’re all out here,” he said. 

4th Circuit Remands Duke Energy Market Power Lawsuit Filed by NTE

The 4th U.S. Circuit Court of Appeals on Aug. 5 sent back to lower courts a lawsuit alleging Duke Energy abused its market power to prevent a power plant developer from serving a municipal utility in North Carolina.

NTE Energy had pursued a deal where it would build a natural gas plant in part to serve Fayetteville, N.C., as the municipality’s contract with Duke was about to expire. But the utility came back with a cheaper contract and kept the business. A lower court found Duke was just competing for its business, but the appeals panel of three judges has open questions on whether market power was abused.

“While we recognize that much of Duke’s conduct can be understood to be legitimate competitive conduct, as well explained by very able counsel, we also have found much from which a jury could conclude that Duke’s actions were illegitimate anticompetitive conduct that violated Section 2 of the Sherman Act, also as well explained by very able counsel,” the 4th Circuit said. “Because genuine disputes of material fact exist, we vacate the district court’s summary judgment and remand for further proceedings.”

On remand, a different district judge will have to be assigned to the case because in the first round U.S. District Judge Kenneth Bell had recused himself due to a former law partner working for the utility. He was reassigned the case years later and denied a motion from NTE to recuse himself again.

“We conclude, as most courts have, that once a judge recuses himself from a case, he should remain recused from that case, even though his recusal may not have originally been required,” the order said.

As an independent power producer, NTE builds power plants and has to rely on utility-owned transmission to transport its power to customers that typically are municipalities. It started construction in 2016 on a new combined cycle natural gas plant in Kings Mountain, N.C., which required access to Duke’s system because it controlled more than 90% of the wholesale market in the region.

Duke and NTE signed a standard interconnection agreement for the Kings Mountain plant and at first were not worried about the constitution. But the IPP started attracting customers as its new combined cycle plant provided power at cheaper rates than Duke could offer, and nine customers signed deals for power from the plant.

NTE had cheaper power, but Duke had 20-year contracts with many customers that required several years of advance notice before they could be terminated, which limited the opportunities for customers. Fayetteville and its 500 MW of load had an expiring contract after being served by Duke for a century.

“NTE did indeed then have plans to build additional power plants in the Carolinas,” the court said. “But key to its plans for expansion was the rare opportunity — because of the terms of Fayetteville’s agreement with Duke — to compete for Fayetteville’s business.”

The Reidsville Energy Center was planned to be a 475-MW combined cycle plant, but it needed a large anchor customer to get built, and Fayetteville was the most attractive one available. Duke entered into an interconnection agreement with the plant that FERC approved, which had NTE pay it $58.9 million for the interconnection lines plus ongoing charges to use them.

After that deal, NTE poached an additional three Duke wholesale customers, and as of 2017, its costs to supply them still were 30% above the IPP’s. Duke identified holding onto Fayetteville as its “biggest upcoming battle” with an opt-out for its contract opening up in 2024, the court said.

Duke reworked its contract with Fayetteville, and executives exchanged emails saying they hoped to get a deal worked out and “ruin NTE’s plans” for the Reidsville plant, as any other remaining opportunities to get a municipal customer were more than a decade away, the court said.

“Despite its relative inefficiency, Duke made a highly attractive, multi-faceted offer to Fayetteville, which amounted in the aggregate to a discount of $325 million for Fayetteville and which was unprecedented,” the court said.

The discount came on the deal the city already had with Duke, but the terms moved those rates higher starting this year to a price more than NTE would have charged. Duke also agreed to quadruple the price it paid for excess power from a fossil plant Fayetteville owned.

Duke expected to lose $100 million on the reworked deal, but in a white paper, company officials argued they could offset the loss through higher charges to other customers.

NTE tried to exercise a suspension of its interconnection agreement, which it thought would have kept its place in Duke’s queue, but the utility said it had breached the deal and tried to terminate it outright.

On Sept. 6, 2019, Duke unilaterally terminated the deal with NTE without notifying FERC as the interconnection agreement required. Days later it approved the reworked deal with Fayetteville and signed it while the plant’s interconnection was listed as canceled.

FERC approved the reworked Fayetteville deal in early 2020, and NTE’s efforts on the Reidsville plant lost momentum. The commission also found a few months later that Duke had improperly terminated the NTE interconnection deal.

NTE argued that Duke’s actions destroyed the value of the new plant and left its customers with no choice but to pay the utility higher rates, which led to the lawsuit.

The district court entered a summary judgment dismissing NTE’s lawsuit, which NTE appealed to the 4th Circuit.

“NTE alleges that Duke engaged in several, simultaneous courses of conduct that combined to thwart NTE from bringing a more efficient power plant online and ultimately from competing with Duke in the Carolinas wholesale power market,” the court said. “It argues that the district court erroneously ‘compartmentalized’ the various aspects of Duke’s anticompetitive conduct and asked whether each one, independently, was unlawful.”

Duke argued the appeals court should reject the holistic approach NTE favors, saying the Supreme Court has set up tests to determine whether conduct abuses market power and the IPP flunked them all. All the activities Duke undertook were legal under those tests.

“In the context of the allegations in this case, we agree with NTE,” the court said. “It is foundational that alleged anticompetitive conduct must be considered as a whole.”

Anticompetitive conduct comes in different forms and can’t always be categorized easily as in the Supreme Court’s tests, which can be too rigid for a “complex or atypical exclusionary campaign.” Such cases are more challenging than when individual practices are each independently unlawful, but they are not categorical impossibilities under the law, the court said.

While the court agreed with NTE that the lower court should look at Duke’s activity (canceling the interconnection deal and offering a discount to Fayetteville) altogether, material disputed facts in the case prevented summary judgment.

“Upon resolution of those disputed facts, a jury might well conclude that Duke’s conduct was simply good, old-fashioned competition, which, in the end, favors the consumers of electric power in the relevant market,” the court said. “On the other hand, the factfinder might just as well conclude that Duke saw a more efficient competitor in NTE and acted, through a broad range of anticompetitive conduct in various contexts, to eliminate that competition, to the detriment of consumers.”