By Amanda Durish Cook
Additional research has reinforced earlier projections that MISO’s market platform will become obsolete in five to seven years, RTO executives told members of the Board of Directors on Tuesday.
Ever-evolving cybersecurity standards are contributing to the system’s end and MISO’s vendors plan to stop supporting its platform by 2023 as they shift to newer technology, officials said. The RTO has predicted that with “limited investments,” its market platform can only accommodate a “modest increase in complexity” and has five to seven years before it can no longer clear the day-ahead market.
“The market systems’ likely end of life is in sight, and our studies have only confirmed that we’ll need a substantial upgrade,” MISO Executive Director of Market Design Jeff Bladen told directors on a May 16 conference call of the board’s Technology Committee.
MISO began a stress test study last fall examining how the performance and security of its critical operating system would hold up over time. (See MISO to Study Aging Software; Market Improvements Planned for 2017.) Since then, MISO has completed nine one-on-one workshops with vendors to discuss the overhaul.
Recommendations Due in June
Bladen’s staff is drafting near- and long-term upgrade recommendations and will issue them, and post-2018 budget estimates, during the board’s June week of meetings in Branson, Mo.
A business case recommending a specific course of action for a long-term platform upgrade will come in two to three years after multiple viability tests, Bladen said. MISO wants the replacement platform to employ a modular architecture, allowing replacement of individual components without affecting the rest of the system.
MISO Director Baljit Dail asked if the end of vendor support at the end of 2023 is a hard and fast date. MISO Technology Executive Kevin Caringer said vendors have agreed that the end year might be extended if absolutely necessary. “It’s not a date that we can negotiate out forever, but there is some flexibility,” Caringer said.
Directors asked for a special meeting in front of MISO membership and the full board to discuss the technology study and a range of possible improvements. Staff said the meeting could be scheduled sometime in October. A more detailed rundown of MISO technology improvements and goals was reserved for the committee’s closed session following the meeting.
Heavy Demands from CIP Standards
MISO said NERC’s Critical Infrastructure Protection standards are outstripping the adaptions it can make. Compliance with the standards will require investment in near-term improvements in 2017 and 2018, MISO Chief Information Officer Keri Glitch said.
MISO expects more new NERC standards in 2019, among them tighter requirements for control center communications and supply chain risk management, requiring verification of vendors, neighboring ISOs and market participants.
“We know the speed of change is not going to slow down,” said Glitch, pointing to the seven versions of CIP standards rolled out since 2008.
Painting the Golden Gate Bridge
“At what point does this become painting the Golden Gate Bridge, where there’s just so much stuff we can’t keep up?” Dail asked.
Glitch said MISO is already preparing for its 2018 audit, which isn’t slated to begin until the fall. “We’re in a continual cycle because of the audit process.”
More than 975 cyber assets and 59,500 pages of evidence will be scrutinized in the NERC audit next year, Glitch said — almost three times the volume examined in the 2012 audit. “The electric industry has undergone tremendous change to critical infrastructure standards,” she said.
Director Michael Curran also asked if staff from NERC itself can keep up with the corporation’s accelerated rate of new compliance standards and changes to existing standards.
“That’s a loaded question,” Glitch said. “I do see that they’ve made improvements over the last few years. From a MISO perspective, are they making all the improvements MISO would like to see? Perhaps not, but they are more open to suggestions.”
“The answer I heard is ‘No, they haven’t kept up, but they’re listening,’” Curran replied.
During the meeting, MISO directors stressed the importance of cybersecurity in light of the massive, ongoing WannaCry ransomware attacks, which have been linked to North Korean IP addresses.
“NERC compliance does not equal security. Just because you’re NERC-compliant does not mean you’re not going to have an attack,” Glitch said.