Tuesday, March 19, 2019

NERC Chief: No ‘Appetite’ for Expanding Authority

By Rich Heidorn Jr.

WASHINGTON — NERC CEO Jim Robb said Thursday he sees no “appetite” among policymakers for expanding the organization’s authority despite rising concerns over the visibility of distributed energy resources.

NERC CEO Jim Robb speaking Thursday at the agency’s biennial Reliability Leadership Summit at the Mayflower Hotel in D.C. | © RTO Insider

Robb made the comments to reporters after NERC’s daylong biennial Reliability Leadership Summit, where more than 130 regulators, utility officials, RTO executives and others gathered to compare notes on best practices, industry trends and emerging challenges.

The discussions turned repeatedly to the reliability challenges posed by a changing generation mix and the increasing volume of DERs, which are not under the operational control of regional grid operators.

“In the current model, [for] vertically integrated utilities, it’s pretty clear who’s accountable for generator performance, maintenance, testing … but that gets very fuzzy in the DER world,” said John Stephens of City Utilities of Springfield Missouri. “How do we hold them accountable? How do we know our planning assumptions are valid for more than the next six weeks?”

David Morton, chairman of the British Columbia Utilities Commission, said he is concerned about distribution-level cybersecurity.  Attacks “can happen in the distribution system also,” he said. “… While NERC and FERC have …  standards in place that seem to be working reasonably well on the transmission system we don’t have similar assurance on the distribution system.”

Talking with reporters after the conference, Robb was asked if he thought federal policymakers would someday look to expand NERC’s authority beyond the bulk power system.

“I don’t think there’s a whole lot of appetite for that,” he responded.

“I think visibility is very important. I think that’s one of the issues that … can be done voluntarily. It doesn’t necessarily have to be done through a standard or regulation — because nobody wants this issue, right? Nobody wants to be the [regulator] sitting on top of a major reliability event.”

Robb said NERC has “maintained a fairly regular dialogue” with the National Association of Utility Regulatory Commissions and individual state regulatory agencies. “So, they’re aware of the work we’re doing that’s applicable to them. That’s one of the areas both sides have agreed we need to do more of as this line continues to blur and more and more of the resource sits on the distribution side of the house, or the sub-BPS.”

Confident on Cybersecurity

Robb also expressed confidence over the grid’s ability to withstand cyberattacks, despite the Worldwide Threat Assessment released by U.S. intelligence agencies in January, which raised warnings about the ability of Russian and Chinese hackers to disrupt electrical service and natural gas pipelines in the U.S. (See Senators Call for Urgency on Energy Cybersecurity.)

“The system provides substantial protections in terms of a major cyber event. … It’s built to withstand the loss of large assets,” Robb said. “So, while I would never say zero [risk], I don’t think this is something that we need to be worried about — something taking down half of the Eastern Interconnection.”

How about blacking out a major city?

“Possibly more vulnerability there, but even then, it would be likely something that could be recovered from fairly quickly,” Robb said.

The NERC chief said he agrees that China and Russia “are persistent threat actors.”

“They are working very, very hard to build capabilities to penetrate the grid. Most of the vulnerabilities are on the enterprise side of the house — IT systems — not the operating systems. And we have very vigorous rules around firewalls and air gaps between enterprise systems and the operating systems. If somebody could even get into a company’s enterprise system, their ability to translate that into something actionable on the control side of the system is substantially mitigated.”

Asked whether fuel security is more of a concern than cybersecurity, Robb paused, then laughed.

“It depends on the day. Both are very, very important. The difference is that [with] cyber, you’re dealing with a persistent threat, whereas fuel security is more of a random event, like any other reliability event. But there are clearly areas of the country that are getting closer and closer to the edge, related to fuel. We’ve heard about New England. We heard about the issues in Southern California. And we’ll see more and more of that as the system becomes more and more reliant on natural gas and it becomes harder and harder to develop the gas infrastructure to support it.”

Leave a Comment