FERC on Friday rejected a challenge by security activist Michael Mabee against NERC’s Critical Infrastructure Protection (CIP) reliability standards (EL20-46).
Mabee filed his complaint May 12, focusing primarily on CIP-013-1 (Cybersecurity — Supply chain risk management) and its supposed deficiencies relating to President Trump’s executive order of May 1 declaring a national emergency regarding foreign threats to the bulk electric system. (See Trump Declares BPS Supply Chain Emergency.) The activist characterized the executive order as “a vote of no-confidence in the lackadaisical and inadequate actions of FERC and NERC” to protect the grid.
Mabee’s complaint holds that CIP-013-1 in particular is inadequate to protecting the grid because it only covers high- and medium-impact BES cyber systems but allows individual companies to determine what systems qualify as low-impact. Citing language in the order directing the secretary of energy to identify grid equipment “designed, developed, manufactured or supplied” by foreign adversaries, without reference to their level of impact, Mabee called for FERC to direct NERC to modify CIP-013-1 to apply to all BPS equipment without exception.
The complaint also criticized FERC for failing to ensure that the broader family of CIP standards “fully address leading federal guidance for critical infrastructure cybersecurity” — specifically the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. He requested that all CIP standards be revamped to bring them more in line with NIST’s recommendations.
FERC Sides with NERC, Trade Associations
NERC voiced its objections to Mabee’s complaint in June, accusing the activist of “[relying] on a logical fallacy” that the executive order must invalidate CIP-013-1 because it “covers more systems” than the standard. (See NERC Pushes Back on New CIP Standard Challenge.) Rather, the organization said, each measure applies to different cases, with the CIP standards — including CIP-013-1 — covering supply chain risks in a broad sense and the emergency declaration addressing “specific risks from specific sources.”
| Shutterstock
The ERO also said it “consistently relies upon” NIST’s framework to guide its standards development efforts and accused Mabee of using criticism of outdated versions of the CIP standards from various sources, including a 2019 Government Accountability Office report, to imply otherwise.
A coalition of trade associations, including the American Public Power Association, Edison Electric Institute and the National Rural Electric Cooperative Association, backed NERC’s call to dismiss the complaint, despite requests by Mabee and the Secure the Grid Coalition to block EEI from commenting because of its alleged work on behalf of the Chinese government.
The trade associations said that Mabee had “[failed] to articulate any connection between the executive order and … CIP-013-1,” and further called his assertion that entities had discretion to decide what constitutes a low-impact cyber system “simply untrue.” In addition, they called Mabee’s complaints regarding the CIP standards and the NIST framework “unfounded,” referring to statements by FERC commissioners that the GAO report Mabee cited as an indictment of the commission was actually “constructive” and had resulted in action to implement its recommendations.
In its response, FERC agreed that the complaint provided “[no] legal basis to conclude that [the] executive order … ‘invalidates’ or otherwise requires modifications to” CIP-013-1. The commission asserted that its recently issued Notice of Inquiry on BES equipment originating overseas showed that it takes the risk of foreign interference in the BPS seriously. (See FERC Opens Supply Chain Cyber Risk Inquiry.) In addition, FERC noted that NERC is currently revising the CIP standards “to expand protections for low-impact BES cyber systems.”
FERC also denied the request to overhaul the CIP standards to close gaps with the NIST framework, citing another recent NOI that revealed reluctance on the part of industry stakeholders to revise the standards. (See Stakeholders Speak out on FERC CIP Concerns.)
FERC Chair Neil Chatterjee said the commission’s technical conference on carbon pricing Wednesday would not be an academic exercise.
FERC Chair Neil Chatterjee | FERC
Although the commission “is not an environmental regulator,” he said, “our complex energy markets cannot be hermetically sealed from state environmental policies. … And it’s evident to anyone who’s watched us over the past several years [that] we’ve grappled with the thorny issues that arise at the intersection of state policies and our markets. We’re at a pivotal point when it comes to these discussions — a point that, I think, will ultimately lead to action in some shape or form.”
FERC heard from 32 industry officials, economists, lawyers, RTO executives and others during the daylong conference, which Chatterjee scheduled in response to a petition by a broad coalition of independent power producers and renewable energy trade groups in April (AD20-14). (See IPPs, Renewable Groups Seek FERC Carbon Pricing Conference.)
Most of the panelists urged the commission to support state and RTO efforts to introduce carbon pricing, although they said a uniform national price regime authorized by Congress would be preferable.
Here are the highlights of what we heard.
‘Crash Warnings’
Sen. Sheldon Whitehouse (D-R.I.) opened the conference with a list of potential bad outcomes if the U.S. and other industrialized nations fail to curb emissions linked to increasingly severe weather.
“These crash warnings focus separately on a coastal property value crash, a separate carbon bubble crash and insurance failure as risk becomes too unpredictable to value. But nothing says all three can’t happen,” said Whitehouse, co-founder of the Senate Climate Action Task Force and the ranking Democrat on the Senate Environment and Public Works Committee. “The warnings are many, clear and well founded. … When you are facing the risk of an economic crash, it’s hard to anticipate when the avalanche will start. It could be soon. It could be devastating.”
Legal Authority
Speakers on the day’s first panel agreed that the commission has the legal authority to approve a carbon price submitted by an RTO or ISO.
David Hill, Columbia University | FERC
David Hill, a member of the NYISO Board of Directors and an adjunct senior research scholar at the Columbia University Center on Global Energy Policy, went further. “I believe the authority and jurisdiction exist under Sections 205 and 206 of the Federal Power Act for an ISO or RTO tariff and market design to integrate state carbon pricing and carbon-control policy. And it potentially could be unjust, unreasonable or unduly discriminatory for it not to do so,” Hill said.
Kate Konschnik, director of the Climate & Energy Program at Duke University’s Nicholas Institute for Environmental Policy Solutions, said carbon pricing could “potentially reduce state policy proliferation.”
She ended her opening remarks by chiding FERC for failing to invite any state regulators or more women to the conference; all but five of the 32 panelists were men. “I hope there will be an opportunity to solicit a broader sampling of views for the record and in future conferences and dockets,” she said.
Ari Peskoe, Harvard University | FERC
Ari Peskoe, director of the Harvard Electricity Law Initiative, said that “the Supreme Court’s most recent decision [FERC v. EPSA] about the scope of the commission’s authority teaches that when the commission does ‘no more than follow the dictates of its regulatory mission to improve the competitiveness, efficiency and reliability of the wholesale market,’ courts will be reluctant to cut off the commission’s jurisdiction in the absence of a clear statutory bar. Integrating a carbon price can fit well within the commission’s mandate as a market regulator.”
Matthew Price, Jenner & Block | FERC
Attorney Matthew Price, of Jenner & Block, said that by accepting such an RTO filing, the commission does not impose any federal policy on unwilling states.
“States have allowed load-serving entities to join an RTO, understanding the RTO will make market design decisions governing the footprint. Many decisions will affect different states differently. Indeed, the status quo affects states that can’t do so in the most efficient manner, an inevitable consequence of being part of an interstate market,” Price said.
Jim Rossi, Vanderbilt University | FERC
Vanderbilt University School of Law professor Jim Rossi said that both courts and FERC have recognized that many state clean energy programs are beyond FERC’s jurisdictional reach, including zero-emission credits and unbundled renewable energy certificates.
“It would exceed the commission’s jurisdiction to use a carbon price in a wholesale tariff to pass judgment on existing state programs favoring clean energy resources, unless a state explicitly chooses for carbon pricing to apply to or supersede specific programs,” Rossi said.
Independent consultant Roy Shanker said that while the commission has authority to approve carbon pricing in RTOs, doing so might be counterproductive absent a nationwide and economy-wide carbon price that eliminates “leakage” concerns.
“Notions presented by parties that try to suggest that such segmented approaches to carbon pricing policy convey a societal benefit by internalizing carbon-related emission costs are simply incorrect,” Shanker said. “The reality is that they may be making things actually worse.”
One Wholesale Market, One Carbon Price
States should strive for agreement on a single carbon price across a wholesale market’s footprint — if not nationwide — experts stressed during the second panel of the day.
Stanford University’s Frank Wolak said a “stable, predictable price of carbon into the distant future” could function like fuel prices in wholesale electricity markets.
“Simply subsidizing green is a much more expensive way to reduce greenhouse gas emissions than taxing brown,” he said.
PJM Monitor Joe Bowring | FERC
PJM Independent Market Monitor Joe Bowring said a single carbon price for the RTO could simply become part of the marginal costs of generators, with states controlling the resulting revenues. If multiple states can’t settle on a single carbon price, he said, revenue redistribution mechanisms can be used.
NYISO CEO Rich Dewey said current compliance costs for environmental obligations, including the Regional Greenhouse Gas Initiative, are simply incorporated into suppliers’ offers and are subject to review from the ISO’s Market Monitoring Unit in a “fairly seamless” manner.
New York is relying on decarbonization to target a 70% renewable energy supply by 2030, a full renewable energy supply by 2040 and carbon neutrality by 2050, Dewey said.
“Achievement of those outlying goals will require significant investment in innovative technologies and commercialization of emerging new innovative choices which otherwise, absent a carbon price, would be very challenging to bring to market,” he said.
R Street Institute’s Devin Hartman argued for a universal carbon price from the federal level.
“Carbon pricing is, at least on paper, the least-cost solution to reducing emissions but also something that’s fully compatible with wholesale electric competition,” he said. “There’s a subset of states that do not want to pursue carbon emission reduction yet but may in the future. And then in the other camp, you have some that have really thrown a variety of policies at this issue. As we move forward in carbon pricing dialogue, the former camp will conform.”
Hartman said the longer states are left to pursue individual and uncoordinated pricing plans, the more “unnecessary risk” is introduced into investment decisions and wholesale markets.
“Whereas, if we start to have more long-term pricing stability on this front, then that lets markets go to work more efficiently,” he said.
ISO-NE CEO Gordon van Welie said there’s “obviously a big political dimension” surrounding how states pursue decarbonization and allocate carbon pricing revenues. He predicted that different approaches and discrepancies across states will create inefficiencies and distort wholesale markets until FERC is forced to act.
Kate Konschnik, Duke University | FERC
“I don’t think the commission can escape making a decision,” van Welie said, predicting that the issue will come to “a head more quickly in PJM, New England and New York,” whose capacity markets employ minimum offer price rules that make it difficult for state-subsidized resources to clear.
Arne Olson, senior partner with Energy and Environmental Economics, said the lack of a nationwide carbon price may be more detrimental to carbon-cutting goals than no carbon pricing at all.
“So the challenge is when [you] apply 50 carbon prices within interstate markets, where there is no ability to control or even measure the carbon content of imports … you could end up in a situation where piecemeal carbon pricing ends up with a worse result than no carbon pricing,” he said. “People want to do things now; they want to take early action to address this problem that is so glaringly obvious. Where we need to get is a societal agreement on what the price of carbon ought to be, so we can get electrification of vehicles and buildings, [and] emission reduction in the industrial sector.”
Panelists also conceded that carbon leakage is unavoidable when one geographic area of a wholesale market uses a carbon price and another doesn’t. “I think of it as trying to push water into one corner of a bathtub,” Olson said.
Leakage Concerns
Solving the leakage issue was a primary topic for Wednesday’s afternoon panel of market design experts.
“It’s not an intractable problem, but you have to manage leakage,” said Rana Mukerji, senior vice president for market structures at NYISO. “There’s not a politically perfect way of managing leakage, but you can minimize the effect of leakage at your borders.”
Anthony Giacomoni, senior market strategist for PJM, noted the distinctions between inter- and intra-market leakage.
Consultant Roy Shanker | FERC
Because PJM covers 13 states and D.C., he said, “you have this added complexity between the intra-ISO and inter-ISO leakage, and both have to be handled differently because of the nature of the economic dispatch. We dispatch across the entire RTO in one integrated dispatch. We do not handle external transactions in the same manner, and so a different mechanism is needed for leakage between ISOs.”
Chairman Chatterjee asked what role carbon pricing could play in investment decisions, including entry and exit of resources.
Matthew White, chief economist for ISO-NE, said carbon pricing would benefit the region’s flexible resources. As more renewables come onto the system, he said, there’s a need for more “balancing resources” that will be able to meet consumer demand when the weather is uncooperative and renewable resources can’t provide energy.
“We do not have the benefits of the sunshine of Southern California,” White said. “We live in a place where it is cold and dark for much of the year. And while I love to ski, it does mean we face a difficult challenge ensuring that the balancing resources can be there as much as we need them.”
Role for Nukes, Gas
In the closing session, Exelon CEO Christopher Crane lamented the increased emissions resulting from the shuttering of money-losing nuclear generators. He said Illinois will see a 70% increase in electric sector emissions if Exelon shuts its Byron and Dresden plants, which are scheduled for retirement in 2021, and the Braidwood and LaSalle plants, which he said are “showing increasing signs of financial distress.”
Crane said Exelon did not fully support the petition seeking a technical conference because it included a sentence saying the petitioners were not asking the commission to institute a rulemaking or direct implementation of carbon pricing.
“Continued talk about the benefit of placing a meaningful price on carbon emissions, uncoupled from concrete and immediate action to do so, while simultaneously acting to undermine state-led emission-reduction efforts, serves only to prolong emissions output from fossil generation, force more nuclear into early retirement and put the nation farther away from meeting our decarbonization goals,” Crane said. “Discussion at the commission and RTO/ISO level must evolve into action that is commensurate with the urgency of the climate crisis. Until then, states seeking to preserve and expand emissions-free electricity have only the second-best tools available. If the commission is serious about the virtue of wholesale markets and the efficiencies they bring, it will insist that those markets be used to help states achieve their carbon goals, rather than undermine them.”
Sen. Sheldon Whitehouse (D-R.I.) | FERC
Calpine CEO Thad Hill and Dena Wiggins, CEO of the Natural Gas Supply Association, expressed support of carbon pricing but lobbied for a continued role for natural gas-fired generation, saying it is essential to supplementing intermittent resources. “Natural gas generation is an enabler of economy-wide decarbonization, not an inhibitor,” Hill said.
Brett Mattison, CEO of American Electric Power’s Kentucky Power, said FERC must be cognizant of the economic hardship facing ratepayers in his company’s service territory. “In evaluating carbon pricing and other mechanisms designed to incentivize the participation of renewable resources in organized markets, it is important to consider the impacts of such mechanisms on our customers,” he said. “AEP recognizes and is committed to transformation to a greener economy; we cannot, however, overlook issues of cost and reliability as we realize this change. We must promote a diverse supply mix that can lower emissions while preserving cost and reliability goals.”
Chris Parker, executive director of the Utah Department of Commerce, said his state would “resist any direct, pre-dispatch carbon price mechanism in RTO/ISO markets because state policies should not have such a direct effect on wholesale markets.”
“FERC has no authority to tax resources in its markets. States have no authority to set a carbon price that directly changes dispatch and prices in wholesale electricity markets,” he continued. “The fact that states’ resource decisions will affect the wholesale markets does not license direct intervention in dispatch and pricing outcomes in wholesale markets. This would leap the boundaries of state authority, exporting state policies to the entire market. Federal market regulation does not license extraterritorial state taxation.
“There’s a lot of fear among states like Utah that we’re going to end up with other states’ policies rammed down our throat,” he added. “We’re going to be wary of participating in those markets.”
Chatterjee Responds
Speaking to reporters via teleconference the next day, Chairman Chatterjee acknowledged “there seems to be a basic, foundational agreement that FERC has the legal authority to evaluate” a state-imposed carbon price in an RTO’s or ISO’s tariff. Whether the tariff revisions pass the just-and-reasonable standard of the FPA would depend on their details, he said.
In his opening remarks Wednesday, Chatterjee warned that “some of the proposals that have been floated — while presumably well intentioned — could actually bring with them more harm than good.” When asked what these proposals were, he alluded to state subsidies.
“I believe in markets and market mechanisms, and the landmark actions we have taken bear that out,” he said, noting Orders 841 and 2222, which directed RTOs to open their markets to energy storage and aggregated distributed energy resources, respectively. “Out-of-market payments are less efficient toward” decarbonization of the electricity sector, he said.
Chatterjee also said it would not be “appropriate for the commission to act proactively” and find an RTO’s Tariff unjust and unreasonable because of its lack of a price on carbon, “absent a congressional mandate.”
The chairman also was asked about the potential impact of the presidential and congressional elections on federal carbon policy. Regardless of the election results, he said, “the commission is going to have to confront these issues, as states are going to continue to take it upon themselves to push for these policies.”
Voters in New Mexico and Nevada will make major decisions on their states’ energy futures come Election Day in November.
In Nevada, a constitutional amendment on the ballot asks if the state should commit to a clean-energy future like its neighbors California, New Mexico and Washington.
In New Mexico, lawmakers placed a constitutional amendment on the ballot that would shake up the state’s Public Regulation Commission by letting the governor appoint three at-large members in place of the five members now elected by geographic district. Republican and Democratic lawmakers overwhelmingly backed the ballot measure, and Gov. Michelle Lujan Grisham (D) supports it.
Many elected officials were angry with PRC commissioners for what they called an attempt to skirt the state’s landmark 2019 Energy Transition Act (ETA), signed by Lujan Grisham, which requires the state’s investor-owned utilities to get all their electricity from carbon-free sources by 2045. (See New Mexico Moves Toward Clean Energy, EIM Participation.)
The bill also allows Public Service Company of New Mexico (PNM), the state’s largest utility, to issue $360 million in ratepayer-financed bonds to cover the costs of closing the coal-fired San Juan Generating Station by the end of 2022 and replacing its capacity. The bonds would also fund severance and job training programs for displaced workers, many of whom are Navajo.
The PRC decided to consider a part of PNM’s closure application in a proceeding that commenced before the law was passed, raising doubts about whether the ETA would apply. The state Supreme Court later reversed the decision, saying PNM’s application was filed after the governor signed the ETA and that the law must govern the PRC’s decision-making.
A decision over the closure of the coal-fired San Juan generating station was one of the controversies that led to a ballot measure to reform New Mexico’s Public Regulation Commission. | PNM
Two current members of the PRC also back the amendment, saying some of those elected to the PRC lack the backgrounds needed to understand and rule on complex regulatory issues.
“The public and the utility companies that serve them deserve to have commissioners with meaningful expertise when they begin working as commissioners,” Commissioners Cynthia Hall and Stephen Fischmann wrote in an editorial published in many of the state’s newspapers in March 2019. “That means graduate-level education plus significant industry or regulatory experience. Commissioners should be experts at the outset, not rookies.”
Other members of the PRC argue allowing the governor to appoint its members would deprive voters, especially those in rural disadvantaged communities, of the opportunity to influence ratemaking and policy decisions.
“There is no requirement for any sort of geographic representation, which makes it extremely likely that the commission would be dominated by members from the urban population centers rather than rural New Mexico,” Chair Theresa Becenti-Aguilar and Vice Chair Jefferson Byrd wrote in an editorial published by the Associated Press the same month as Hall and Fischmann’s. “It is also likely that the ethnic and racial diversity of the PRC would be reduced along with the geographic diversity.”
The commission recently voted to replace Becenti-Aguilar as chair of the PRC with Fischmann.
Nevada Clean Energy
The vote coming up in Nevada is the second time residents have been asked whether the state should make clean-energy goals a part of its constitution.
Nevada already has a law, SB 358, signed by Gov. Steve Sisolak in April 2019, that requires the state to get half its electricity from non-carbon-emitting resources by 2030, but environmentalists worry the law could be overturned by elected officials if the political winds shift. They want to enshrine the 50%-by-2030 goal in the state constitution.
That effort, like the current one, was bankrolled by California billionaire activist Tom Steyer.
However, amendments to the state constitution in Nevada must be approved in two consecutive elections, so the ballot measure, again called Question 6, will be taken up for a final vote this year.
The CAISO Board of Governors on Thursday bid farewell to its retired CEO, greeted a new leader and passed a half dozen measures, including a plan to implement FERC Order 831 that one governor worried could lead to market manipulation.
The five-member board also named its new chair and vice chair.
The meeting occurred as CAISO called for conservation to avoid shortfalls unusually late in the year. Triple-digit temperatures hit Los Angeles and inland areas of California last week, straining supply.
The late-season heat wave was a reminder of the grid emergencies in August and September, when resources ran short during record temperatures and forced CAISO to order rolling blackouts Aug. 14-15. (See CAISO: Blackouts May Continue, Calls Emergency Meetings.)
The summer shortages came up in several of Thursday’s policy discussions and when former CEO Steve Berberich delivered his last report to the board about events that had happened on his watch.
Berberich officially retired from CAISO on Sept. 29 but agreed to stick around to help with the transition. He told the board Thursday he wanted to “make sure [new CEO Elliot Mainzer] doesn’t drown in the firehose that is headed his way.”
The ISO, the California Energy Commission and the California Public Utilities Commission are preparing a report that examines the root causes of the energy shortages, Berberich told the governors. The report will delve into factors such as exports from the state during the shortfalls and failures of some load-serving entities to schedule supply in the day-ahead market.
“We will look into those contributing factors and make sure we are not living on the margin like we were this summer,” Berberich said. “Mr. Mainzer, I know, is going to make resource adequacy a top priority.”
CAISO CEO Elliot Mainzer | BPA
The board honored Berberich with a resolution that praised his accomplishments during his nine years as CEO, including the creation of the now flourishing Western Energy Imbalance Market and the establishment of RC West, the reliability coordinator for most of the Western Interconnection.
The governors told Mainzer they were pleased he had accepted their job offer after seven years as head of the Bonneville Power Administration.
“Elliot, welcome,” Governor Ashutosh Bhagwat said. “We are very excited to work with you. These are exciting times — challenging times, but exciting times. And I know you are going to do an amazing job leading this organization.”
Later in the meeting, Bhagwat’s four colleagues chose him as their new vice chair and picked Angelina Galiteva as CAISO’s first female board chair in its 20-year existence. The positions rotate every two years.
The board approved CAISO’s fourth and last phase of its five-year effort to make it easier for energy storage and distributed energy resources (ESDER) to participate in its market. (See CAISO Finalizes ESDER Phase 4 Proposal.)
The ESDER initiative includes rooftop solar, energy storage, plug-in electric vehicles and demand response. It addresses a state-of-charge biddable parameter for storage resources; streamlines market participation agreements for non-generator resources; applies market power mitigation to storage resources; and sets a maximum daily run time parameter for DR.
The board also approved proposals on flexible ramping products, maximum import capability, reliability-must-run contracts, and changes to ISO rates and fees for next year.
Order 831 Initiative
The longest and most complex of the policy discussions, however, took place over an initiative meant to align the ISO’s practices with the requirements of FERC Order 831.
FERC issued Order 831 in 2016, two years after the polar vortex of 2014 pushed natural gas prices in the Northeast and Midwest to levels where marginal generation costs exceeded the $1,000 offer caps then in place. It required ISOs and RTOs to raise the hard caps on supply bids from $1,000 to $2,000, with offers over $1,000 requiring suppliers to justify their costs.
The board on Thursday approved a stakeholder initiative intended to help facilitate the order in California with import bidding rules and market parameters meant to “align the implementation of the order with some of the different characteristics of the Western grid,” said Greg Cook, the ISO’s director of market and infrastructure policy.
CAISO must implement the changes by March to comply with FERC’s ruling, he said.
The main differences between Eastern and Western markets, Cook said, is that it is rare to see natural gas prices as high as in the East because gas demand peaks at different times in varying parts of the West. Some areas are extremely hot in summer; others are bitterly cold in winter.
And CAISO, unlike other ISOs and RTOs, is heavily dependent on imported electricity, he said.
In response, CAISO maintains a power balance constraint to ensure that supply equals demand. If there is insufficient supply, the ISO relaxes the constraint and sets market prices at a bid cap of $1,000/MWh.
The initiative approved Thursday sets “appropriate levels of shortage pricing when energy costs exceed $1,000/MWh.” When that happens, and there is insufficient supply to meet demand, the “market will base prices on the price of the highest-priced cleared energy bid if the shortfall is no more than a small threshold value,” CAISO Vice President of Market Policy and Performance Mark Rothleder said in his written report to the board. “Market prices will be based on $2,000/MWh if the shortfall is greater than the threshold value.”
A second enhancement establishes rules for allowing import and virtual bids greater than $1,000/MWh, which Order 831 does not do. The proposal would allow CAISO to accept non-resource adequacy import and virtual bids above $1,000/MWh “only when the ISO has cost-verified a bid or the ISO has calculated a maximum import price that exceeds $1,000/MWh,” Rothleder wrote.
“For resource adequacy import bids, management proposes to reduce the price of bids priced above $1,000/MWh to the maximum import bid price index or the highest resource-specific cost-verified bid,” he said.
The ISO would calculate the maximum import price based on prevailing bilateral prices at the Palo Verde and Mid-Columbia trading hubs, whichever is higher.
“We picked those because those are the largest, most liquid trading hubs in the Southwest and Northwest, respectively,” Cook said.
The Palo Verde and Mid-Columbia hubs will be used by CAISO to set import prices during supply shortages. | U.S. EIA
CAISO’s Market Surveillance Committee previously supported the changes as an intermediate step but called for a stakeholder initiative on scarcity pricing to address situations similar to the August and September shortages. (See CAISO MSC Urges Scarcity Pricing for Emergencies.)
Cook said the ISO agrees with that assessment and intends to introduce a scarcity pricing initiative.
Governor Severin Borenstein, a professor at the University of California, Berkeley, took issue with the idea of using the higher-priced trading hub to set prices. Palo Verde can have higher prices and trades at a lower volume than Mid-Columbia, he noted.
“It seems that this is … not a very precise price index if we’re taking the maximum of two very different locations,” he said. He worried that CAISO is setting up a system by which traders could game the market with high bids at Palo Verde, which is less liquid than the Mid-Columbia hub.
CAISO said prices at Palo Verde climbed to $1,500/MWh during the August emergency, and Southern California Edison said it had seen prices of $1,750/MWh.
Eric Hildebrandt, executive director of market monitoring at CAISO, told Borenstein that FERC must approve such high prices after the fact.
“The best we can do is encourage FERC to perform that kind of review,” Hildebrandt said.
CAISO Governor Severin Borenstein | University of California, Berkeley
Cook said it would “be very rare for these bilateral trading prices to exceed $1,000 MWh,” except in situations such as the August heat wave.
In the initiative, CAISO “wanted to ensure we wouldn’t discourage import bids” during times of tight supply, Cook said. If conditions support prices over $1,000/MWh, then the ISO wants the energy to be able flow into its market, he said.
Rothleder said it would be “too risky at this point” to limit imported supply based on prices, given the experiences of August and September. CAISO intends to address the liquidity issue in the future, including seeking guidance from FERC, he said. In the meantime, it will closely watch prices to make sure they “keep with reality,” he said.
The board, including a somewhat reluctant Borenstein, approved the Order 831 initiative unanimously.
“I think we have to do this,” Borenstein said of the measure, but he said he remained concerned about creating an “incentive to manipulate the prices at the trading hubs” and urged the ISO to find a solution.
More than 8,000 wildfires have burned nearly 4 million acres in California this year, but there’s little indication that utility equipment played a role in starting major blazes.
That differs markedly from the last three years, when equipment belonging to Southern California Edison and Pacific Gas and Electric was blamed for starting catastrophic fires including the Camp Fire, the state’s deadliest and most destructive blaze, in November 2018. (PG&E says its large-scale public safety power shutoffs this year have helped avoid catastrophes.)
So far, the only 2020 summer wildfire in which power lines might be implicated is the Bobcat Fire burning in the San Gabriel Mountains northeast of Los Angeles.
The Bobcat Fire burns in the mountains above Monrovia, Calif., near Los Angeles, on Sept. 10.
A Sept. 15 report by SCE to the California Public Utilities Commission said the utility experienced a line fault at approximately the same time and in the same area the Bobcat Fire started. However, the utility said a fire camera had recorded smoke from the blaze shortly before its relay tripped.
“The Bobcat Fire was reported in the vicinity of Cogswell Reservoir/Dam in the Angeles National Forest on Sunday, Sept. 6, 2020, at 12:21 p.m.” SCE told the CPUC. “The Jarvis 12-kV circuit out of Dalton Substation experienced a relay operation at 12:16 p.m. on Sept. 6, 2020. The Mount Wilson East camera captured the initial stages of the fire, with the first observed smoke as early as approximately 12:10 p.m., prior to the relay operation.”
The investigation of the Bobcat Fire is being conducted by the U.S. Forest Service, which on Sept. 15 “requested that SCE remove a specific section of SCE overhead conductor in the vicinity of Cogswell Dam,” the utility reported.
Five of the 20 largest wildfires in California history have occurred this year and all but three since 2000. | Cal Fire
“While USFS has not alleged that SCE facilities were involved in the ignition of the Bobcat Fire, SCE submits this report in an abundance of caution given USFS’ interest in retaining SCE facilities in connection with its investigation,” it told the CPUC.
Lightning storms on Aug. 17-18 ignited massive wildfires, including the 980,000-acre August Complex, the largest fire in state history, USFS and the California Department of Forestry and Fire Protection (Cal Fire) reported.
The August storms also started three more of the five largest fires in state history: the SCU Lightning Complex, LNU Lightning Complex and the North Complex, all in Northern California, the agencies said.
The Creek Fire, in the Sierra Nevada foothills of Central California, rounds out the top five fires, all of which occurred this year, Cal Fire said. Its cause, and the cause of other major blazes, remains under investigation.
California still has at least another month of high fire risk. In Northern California, the late summer and fall fire season usually lasts until seasonal rains start in November. Major fires have broken out in drier Southern California as late as December in recent years.
“As we enter the fall season, which is known to have the largest wildfires, we want to remind everyone that now is the time to be prepared,” Cal Fire warned residents.
[contact-form][contact-field label=”Name” type=”name” required=”true” /][contact-field label=”Email” type=”email” required=”true” /][contact-field label=”Website” type=”url” /][contact-field label=”Message” type=”textarea” /][/contact-form]More than 200 people joined the annual two-day Energy Action Network (EAN) Summit online last week to hear ideas on how to tackle some of the clean energy challenges facing the mostly rural Vermont, including increasing bus ridership and incentivizing more fuel-efficient cars.
EAN comprises more than 200 nonprofits, businesses, public agencies and other organizations advocating for clean energy. Following is some of what we heard at the meeting.
Clockwise from top left: Carolyn Wesley, EAN; Cara Robechek VEEP; Jack Hanson, Sustainable Transportation Vermont; state Sen. Andrew Perchlik; and Linda McGinnis, EAN. | Vermont EAN
‘Cultural War’
State Sen. Andrew Perchlik spoke about his proposed vehicle “feebate” program aimed at people buying new vehicles. It would provide a rebate if the vehicle has a mileage rating above average for its vehicle class and add a fee on the purchase if it is below average. House Bill 529, signed into law last year, called for a study of the proposal, which Perchlik said would be self-funding program and revenue-neutral for the state.
The electric Chevy Bolt, which gets 118 mpg equivalent, would be worth a $1,000 rebate, under the program he said.
“But if you really wanted a Cadillac CT5 that only gets 21 mpg, that price would be adjusted up $500. … In a truck example, if you wanted the Ford F-150 Raptor four-wheel drive that only gets 16 mpg, you would pay $250 more for that vehicle,” Perchlik said.
“We would adjust accordingly… to make sure that it’s meeting its goal of causing people to buy more efficient vehicles,” Perchlik said. “We also don’t want to make the penalty so large … that it creates a lot of pushback, especially as we’re just rolling out the program.”
He said the program has been implemented in Ontario but not in the U.S. “Part of the reason is that you get into a cultural war of truck owners not wanting to support Prius owners, for example.”
Junk the Clunker, Go Electric
Sue Minter, executive director of Capstone Community Action, a social advocacy organization, and EAN Senior Fellow Linda McGinnis promoted a “Replace Your Ride” program modeled on one in California to provide cash incentives to low-income Vermonters to trade in their older high-polluting vehicles for a range of clean transportation and shared-mobility options.
Jennifer Wallace-Brodeur of the Vermont Energy Investment Corp. (VEIC), a nonprofit organization that advocates for energy efficiency and renewable energy, joined Cara Robechek of the Vermont Energy Education Program (VEEP) and Peggy O’Neill-Vivanco of the University of Vermont to speak on combining and electrifying rural school and public transportation.
The Vermont Clean Cities Coalition at UVM is a transportation fuels resource for educators, consumers and providers of advanced transportation technologies.
Clockwise from top left: Carolyn Wesley, EAN; Jennifer Wallace-Brodeur, VEIC; Peggy O’Neill-Vivanco, UVM; and Cara Robechek VEEP. | Vermont EAN
An anonymous participant submitted a question about how the electric buses would handle the rough terrain that a lot of diesel- or natural gas-powered school buses cover in rural areas.
In 2017, Green Mountain Transit, Advance Transit and UVM demonstrated an electric transit bus to test out how it would do in winter conditions and a variety of routes. “We did find that there are different emission savings and fuel cost savings associated with different operating conditions. So, whether it be short routes in town with lots of stops and starts, or hilly routes, there’s definitely some pros and cons to all of that. Operating conditions do make a difference,” O’Neill-Vivanco said. (See Takeaways from the Zero Emission Bus Conference.)
Wallace-Brodeur said that buses can increase their power through regenerative braking when they’re going downhill.
“But they do draw on the battery a little bit more when you’re going up, so it’s a bit of a tradeoff there,” she said. “And we absolutely know that winter conditions will impact the range of battery electric buses. So that has to be factored in when you’re planning routes and the size of batteries and battery configuration.”
Analysts at UVM have found that all of the schools that are participating in the test could meet the needs of their daily school transportation routes, with an electric bus, despite the range decreases in winter, Robechek said.
Another question was how the program would overcome safety issues connected with merging school and public transit systems.
“In most of the world, and many cities in this country, school and public transit does take place on the same buses, including in Burlington, Vt., and it takes place on public buses, not on school buses,” Robechek said.
Nothing Beats a Free Ride
Jack Hanson of Sustainable Transportation Vermont (STVT) proposed that the state allocate $3 million out of the $641 million transportation budget for 2020 to fund fare-free transit, as a way to cut per capita emissions and enhance social justice.
“Vermont has a very serious problem of transportation emissions despite years of improvement, with nearly half of current emissions as a state coming from transportation. By far the largest share of those emissions is from our reliance on single-occupancy vehicles,” Hanson said.
Mass transit offers a drastic reduction in carbon emissions over single-occupancy vehicle gains, but it’s a challenge in a rural state to get people out of their cars and onto buses. Fare-free transit has proven effective in case studies around the world, he said.
The first electric bus in Vermont went into service last winter in Burlington. | Green Mountain Transit
For example, Advance Transit, which serves the Dartmouth area between Vermont and New Hampshire, saw a 76% increase in ridership in the first two years of fare-free transit and a nearly 300% increase since it was implemented in 2014. Green Mountain Transit, which serves the Burlington and Montpelier areas, projects that if fare-free was implemented under normal, non-pandemic conditions, it would see a 37% increase in ridership, Hanson said.
“So, who is currently paying transit fares in Vermont? Well, it’s the bus riders themselves, obviously,” Hanson said. “And this is a group of Vermonters that is disproportionately low-income and people of color. It’s a group that has some of the least impact on climate change … [and] many of these folks have limited mobility options.”
The Sept. 29 debate between President Trump and former Vice President Joe Biden didn’t draw rave reviews, but there was one bright spot, said Dan Shreve, Wood Mackenzie’s head of Global Wind Energy Research.
“Happily, climate change did get about 10 minutes of the debate last night, which is far more than what was seen in the last presidential election,” Shreve said during a presentation at Greentech Media’s annual Power and Renewables Summit last week. “So certainly, environmental concerns are top of mind for folks.”
By one account, the three debates in the 2016 presidential general election spent less than six minutes on climate change and other environmental issues. In 2000, by contrast, Al Gore and George W. Bush spent more than 14 minutes discussing the environment over three debates.
While Trump has dismissed concern over climate change and is promising to continue rolling back environmental regulations, Biden has proposed a $2 trillion plan to eliminate power sector carbon emissions by 2035 and make the U.S. the leader in electric vehicle production. (See Biden Offers $2 Trillion Climate Plan.)
“The stakes are exceptionally high” in this election, said Shreve, citing both the presidential race and the fight for control of the Senate.
The Biden plan would require 1,500 GW of new capacity — more than 1,100 GW of utility-scale solar, 243 GW of onshore wind and 142 GW of offshore wind — plus 410 GW of battery storage, an estimated $2.2 trillion in capital expenditures.
“There are some big changes in here, and that’s why we’re characterizing them as aspirational. The changes are so substantial and require so much collaboration — things that we haven’t had a great deal of here in the United States for some time,” Shreve said.
The $2.2 trillion doesn’t cover transmission and other infrastructure upgrades needed to support the additional renewables. The National Renewable Energy Laboratory’s 2018 interconnection seams study, which proposed three HVDC transmission connections between the Eastern and Western Interconnections, would cost about $250 billion, Shreve said.
The Climate Institute’s proposed North American Supergrid, which envisions 42,000 miles of new HVDC transmission, most of it underground, has a price tag of almost $500 billion, he added.
Winning legislative approval and finding funding isn’t the end of the battle, however.
“We’re running increasingly into wind and solar permitting issues,” Shreve said. “A great deal of NIMBY [not in my back yard] concerns being voiced through social media and a variety of different avenues. … This same thing happens when we start talking about transmission infrastructure” needed to deliver wind power to load centers.
Energy Vault, which stores renewable energy by raising and lowering 35-ton cement bricks, won a $110 million investment from Softbank. | Energy Vault
If emission-free resources supply 90% of the nation’s power needs, the remaining 10% could be filled by natural gas-fired generation, but that would require refining carbon-capture technologies that have yet to reach commercialization, Shreve said.
“There’s an enormous amount of R&D that has to happen and a tremendous amount of risk of those technologies [not] actually reaching some level of commercial success.”
Shreve said venture capital has been pouring into companies attempting to develop long-duration, high-energy-density storage applications that could be paired with wind, citing Gravitricity and Energy Vault, which received a $110 million investment from Softbank.
“They are still very early-stage technologies,” he cautioned.
National Grid CEO Discusses Electrification Challenges
In another session at the virtual conference, Badar Khan, president of National Grid US, said decarbonizing heating will be the biggest obstacle to addressing climate change. The utility serves 20 million people in Massachusetts, New York and Rhode Island.
“Home heating is going to be the hardest sector to decarbonize because the current technologies beyond natural gas are just much more expensive. The good news is that plenty of people are working on solutions,” he said, referring to geothermal heat pumps, biogas from landfills and wastewater treatment plants, and “green” hydrogen made from renewable power.
“Whether it’s the electrifying pathway or the biogas/hydrogen pathway, we’re going to need to see a lot of innovation and policy support and a lot of customer engagement,” Khan said.
‘Bullish’ on the Future
Todd Glass, a partner in energy and infrastructure for the Palo Alto law firm Wilson Sonsini Goodrich & Rosati, said he’s “bullish” on the future.
“Renewables are becoming cheaper and cheaper, and the marginal cost of energy is lower than we ever thought it would be, especially 10 to 15 years ago when we were starting to do these types of things. The second thing is that the technology in the controls and dynamic pricing … these technologies with [artificial intelligence] and other things like that are driving innovation at the grid edge in a way that delivers value to customers.”
Glass said he’d like to “restart the conversation” from the beginning of utility restructuring 20 years ago, saying customers want “the opportunity … to be green.”
While two-thirds of the U.S. load is in restructured states, “one-third of the load has zero choice. That means they get whatever their utility serves up,” he said. “That is so stuck in the past and so contrary to the customers’ interest. For too long … utilities and captured utility commissions have deigned to speak for what customers want. I think we need to focus on what the customers actually want and put their interests first.”
‘Huge Opportunity’
Dan Seif, vice president of market development for 7X Energy, a Texas-based utility-scale solar and storage developer, said load-serving entities in Texas — particularly those not subject to retail choice — should be contracting for storage.
He said ERCOT’s interconnection queue has 200 MW of storage and is likely to hit 1 GW within two years. “The real issue that’s keeping it from … exploding and realizing the size of the queue is contractability of ancillary services, particularly” responsive reserve service (RRS), he said.
Seif said RRS represents two-thirds of the ancillary services that load-serving entities must purchase. “There’s a huge opportunity that’s kind of obvious for load-serving entities,” he said. “They should buy a portion of their load exposure from storage projects or solar and storage projects. All the big guys — Reliant [Energy], EDF [Renewables], the big monopoly utilities … Austin Energy, [Lower Colorado River Authority], Brazos [Electric Power Cooperative] — no reason not to put that into your portfolio and enable some of these storage projects.
“I think a lot of them are thinking about it, but maybe everybody is kind of looking to the left and right and saying, ‘You first.’”
Seif said some financial traders are looking at storage for arbitrage opportunities. But the “natural buyers” are LSEs, “as long as they think they’re going to have a lot of load for a while. And the monopolies have no excuse — the customers have nowhere to go.”
Brattle’s analysis also shows Rhode Island demand outlook similar to New England, with moderate load growth through 2030 and significant growth after because of heating and transportation electrification. | The Brattle Group
Rhode Island will need to add about 440 GWh of renewable energy annually to meet the state’s goal of 100% renewable energy by 2030, The Brattle Group said at the second in a series of three public workshops hosted by the state’s Office of Energy Resources (OER) on Sept. 29.
Equally daunting, the state will need to continue adding an average of 400 GWh a year to maintain the 100% target through 2050 as its load potentially doubles from the electrification of heating and transportation, Brattle said.
The consultants are helping state officials develop a plan by year-end for the clean energy target mandated in a January executive order by Gov. Gina Raimondo. (See RI Seeks to Lead with 100% Renewable Goal.)
Electrification Impact
At the first public meeting in July, the analysts said the state would need to add 360 GWh annually through 2030 to meet the target. The current estimate’s base case projects net load of 7,700 GWh in 2030, including electrification of 5% of light-duty vehicles (LDVs) and 5% of heating, based on an ISO-NE forecast, said Michael Hagerty, Brattle senior associate. The baseline also incorporates National Grid’s forecast for energy efficiency.
Michael Hagerty, Brattle | The Brattle Group
The baseline is bracketed by a low-demand scenario of 7,000 GWh and a high-demand scenario of 8,300 MWh, which assumes 15% LDV electrification and 10% heating electrification.
“In our low-demand scenario, we’re assuming that level of electrification does not occur,” Hagerty said.
The study says the state needs to add 4,400 GWh of renewable energy by 2030 to meet 100%. Last year, Rhode Island’s renewable electricity production of 930 GWh represented 13% of the state’s load. The state has 410 MW of renewables, including 230 MW of solar, including net metered resources, and 180 MW of contracted resources.
Current transmission queues list more than 12 GW of offshore wind, and 2.2 GW of onshore wind from Maine and 4 GW from New York. But the ISO-NE queue currently has no Rhode Island-based onshore wind because of wind quality and land availability, Brattle reported.
The costs of transmission and distribution system upgrades needed to accommodate the new renewables is “a source of significant uncertainty,” Hagerty said. “We’ve been reviewing these projections with renewable developers to make sure that they find them to be reasonable, and we’ve generally heard that they are.”
The limited availability of low-cost interconnection points for 1- to 10-MW scale distributed solar has resulted in increased interconnection costs, which might offset some of the cost declines seen in the industry, Hagerty said. An increase of $200 to $300/kW in system upgrades could increase distributed solar costs by $10 to $24/MWh, he added.
Wholesale Modeling
Brattle principal Dean Murphy outlined how the consultants are modeling the New England wholesale electricity market.
Dean Murphy, Brattle | The Brattle Group
“It’s important to recognize that the fundamental nature of this market is going to change substantially, even by 2030, and perhaps especially thereafter due to the significant addition of renewable energy generators across the system,” Murphy said. At 6% of regional load, “Rhode Island … is a very small component of New England overall, so it will be driven more by changes in other states that are also decarbonizing their electricity resources, albeit less quickly than Rhode Island.”
Because the output of renewables is highly correlated and difficult to store, once a lot of solar has been added to the system, incremental additions will have diminishing value. To capture how that dynamic will work out over time, Brattle uses an in-house model called GridSim.
Jurgen Weiss, Brattle | The Brattle Group
The study projects that gas-fired capacity will be kept around until 2040 but will be used much less than now as other renewable resources come online. In response to a question by an attendee, Brattle principal Jürgen Weiss acknowledged that gas generators will become increasingly dependent on capacity revenues to survive as their energy market revenue drops with lower utilization. He said the model accounts for the shift, ensuring all resources cover their fixed and variable costs.
“[It is] important to note that something similar is already the case since there are resources that don’t generate much electricity but stay in the market to provide reliability,” such as older dual-fuel units, he said. “If they have been built, you don’t necessarily need higher capacity prices since the capital cost is sunk and you just need to cover their going-forward costs,” Weiss said.
“Solar may be an excellent complement to wind, in part because it does generate more in the summer, when there is a summer peak for load in the daytime,” Murphy said. “A blend of these two kinds of resources is likely to be better than either one in isolation.”
Natural gas-fired capacity will be maintained into 2040 but will be used a lot less as other renewable resources come online. | The Brattle Group
Environmental Justice
OER Commissioner Nicholas Ucci told the workshop that his office is including social and environmental justice considerations in its work on clean energy.
“Folks should be comforted by the fact that we are accounting for many if not most of those categories in the 4600 framework, either analytically, qualitatively or by other means,” Ucci said, referring to the Public Utilities Commission’s Docket No. 4600, an investigation into the changing electric distribution system.
“One piece of good news is that, unlike in the past when dirty stuff was located in places that hurt particularly vulnerable populations, here we’re talking about locating renewable energy resources — and their negative impact on surrounding communities is considerably less than coal-fired power plants,” Weiss said.
How those vulnerable populations are protected from potential rate increases is a separate and important topic, Weiss said. “But we’re cleaning up Rhode Island’s electricity system, so the trajectory is to remove harm that might have been inflicted in the past. One can also ask whether the policies that are implemented to achieve the 100% renewable electricity target could be used to help those communities that are disadvantaged.”
For environmental justice, “the first step is to look inward,” Ucci said. “A lot of our state agencies are starting to connect with local grassroots organizations to better understand their perspectives [and] working to educate and train ourselves.”
FERC on Wednesday approved a settlement between WECC and an unnamed entity in the Western Interconnection for violations of NERC’s Critical Infrastructure Protection (CIP) reliability standards (NP20-21). The settlement does not involve a monetary penalty. NERC notified the commission of the agreement Aug. 30 in a Notice of Penalty (NOP), which FERC indicated in a notice that it would not review.
The NOP was submitted prior to NERC and FERC’s decision last month to end public disclosures of CIP violations and therefore follows the previous practice of redacting from public filings data considered to be critical energy/electric infrastructure information (CEII). (See FERC, NERC to End CIP Violation Disclosures.) Going forward, the organizations will treat CIP noncompliance information filed to the commission as CEII in its entirety (AD19-18); it is unclear whether NERC will continue to provide public information about CIP violations in any form.
Security Gaps in Remote Access Measures
WECC’s settlement with the unnamed utility involves two infringements of CIP-005-5 (Cybersecurity — Electronic security perimeter(s)) and one infringement of CIP-007-6 (Cybersecurity — Systems security management).
Both of the CIP-005-5 violations relate to requirement R2, mandating that entities “allowing interactive remote access to [high- and medium-impact bulk electric system] cyber systems” must implement two-factor authentication (2FA) and that intermediaries that ensure remote access programs do not come in direct contact with the BES cyber systems themselves. The entity made WECC aware of the violations via self-report in February and March 2017.
In the February incident, after multiple users reported lost or damaged security devices, the utility allowed those users to bypass its 2FA system before a planned replacement system had been activated. As a result, cyber assets covered by CIP-005-5 were accessible by passwords alone for some employees. In a few cases, even some users who had not reported issues were still not asked to verify their identities via 2FA. WECC determined the root case of the violation to be failure to assess the risks or consequences of bypassing 2FA and described the risk level as “serious and substantial.”
Details on the March case are less clear because of redactions, but WECC indicated that the entity was not using an intermediate system to block access to applicable cyber assets, although in this case, 2FA was not breached. Staff were also aware of the potential vulnerability and implemented several alleviation measures, including active monitoring of failed login attempts and regular patching of computers used to access the affected systems. As a result, WECC assessed the risk level as moderate, identifying the root cause as failure to clearly understand the compliance requirements or validate them for completeness.
Mitigation measures in the first case include developing a new process for creating, issuing, tracking and revoking hardware tokens, and training staff in their use; the entity also removed any previously granted password-only access. For the second instance, the entity changed its electronic access policies to ensure all interactive remote access goes through the same intermediary and revised its system architecture to ensure consistent policies are followed in future hardware deployment. WECC certified completion of the plans in September and October 2019, respectively.
Patch System Review Finds Holes
The entity’s violation of CIP-007-6 arose from requirement R2 of the standard; specifically, the utility reported in October 2017 that it had discovered “significant gaps in evidence to confirm compliance” with provisions related to high- and medium-impact cyber assets. The identified gaps include:
an inaccurate and incomplete control center patch source list;
patch evaluations not completed every 35 days;
patch installation or mitigation plans not completed within 35 days of patch evaluations; and
procedures ensuring that mitigation plans were completed on schedule not established and administered.
According to the entity’s records, the issues dated back at least to July 1, 2016, when the standard became enforceable. WECC attributed the violation to the entity “underestimating the resources and effort required to establish and operate a compliant security patch program” under the new standard, and determined that the issues posed a serious and substantial risk to BES reliability.
To address the violation, the entity consolidated patch source lists and updated them to include all software and firmware that might be covered by the relevant standard, and implemented standardized manual patch processes for all applicable cyber assets, among other measures. WECC verified completion of the mitigation plan in January 2020.
To justify its argument that no monetary penalty was needed, WECC cited the fact that the entity was cooperative through the process, reported all violations in a timely manner and made no effort to conceal the violations. The regional entity also observed that there was no indication the infringements were intentional.
While WECC acknowledged previous compliance issues with both CIP-005-5 and CIP-007-6, it argued that they did not serve as a basis for aggravating the penalty. The earlier CIP-005-5 violation was of minimal risk and occurred in 2011, and therefore was “not indicative of broader compliance issues,” while the current CIP-007-6 infringement was related to a lack of resources rather than flawed implementation of the patch management program, as in the earlier violation.
Experts at ReliabilityFirst’s Insider Threats Webinar on Wednesday warned that many common insider threat mitigation strategies can actually increase the risk of attacks and urged utilities to take a different approach to internal security.
“When we typically think about security controls, we’re talking about disabling somebody’s access or … doing something else punitive to them,” said Dan Costa, technical manager of enterprise threat and vulnerability at Carnegie Mellon Software Engineering Institute. “[But] the likelihood of that insider [causing] some harm against the organization might be best mitigated by … retraining, rebalancing somebody’s workload, [or] having coworker conflict training and mediation sessions available. … Organizations where employees are happy about working there … tend to experience less insider events than those that do.”
Insider threats — defined by Costa as the “potential misuse of authorized access to an organization’s critical assets … in a way that has the likelihood to have some negative outcome” for the organization — are a unique hazard for any company, in that by definition, they originate from those in whom the entity has already placed a great deal of trust. As a result, these incidents are potentially more damaging than external attacks and more likely to be overlooked by management.
They are also frequently overlooked by outsiders: As Costa noted, many organizations prefer to handle insider threat events internally, which means that without legally mandated reporting, the number of attacks reported in publicly available statistics may be deceptively low. Carnegie Mellon’s own statistics, which are based on court records, show a far higher incidence of insider threat events since 1996 in the finance and insurance industry, which has relatively strong fraud prevention laws, than in the utility sector.
Insider threat incidents by industry or sector since 1996 | Carnegie Mellon University
Even if Carnegie Mellon’s record of 29 insider incidents in the utility sector over 24 years is taken at face value, they must still be viewed seriously, given the fact that more than a third of these attacks led to financial impacts in the six figures.
“Insiders … know what is valuable to your organization; they know what is mission-essential to your organization,” Costa said. “They know how it’s protected; they know how to bypass or circumvent those protections; and insiders that are sufficiently motivated to intentionally cause harm to the organization are uniquely positioned to do so.”
Looking for Warning Signs
The vulnerability doesn’t end with current employees, as illustrated in the attack suffered by instrumentation developer Omega Engineering at the hands of former network administrator Timothy Lloyd. Steven McElwee, chief information security officer at PJM, described how Lloyd struck back at his former employer in 1996 when he was demoted, then fired.
“Because of his privileged access as a network engineer, and because of some temper issues, he didn’t handle it very well,” McElwee said. “So he wrote six lines of code … very simple, very elegant, and it was a time bomb. When he was fired, and he left the organization, it successfully deleted all of the source code for Omega engineering. It was a devastating blow to the company, and I don’t think they ever really recovered from it.”
Financial impact of insider threat incidents in the utility sector since 1996 | Carnegie Mellon University
Omega later reported spending nearly $2 million repairing the damage from Lloyd’s attack and losing almost $10 million in revenue, resulting in 80 layoffs. Quoting a line from the film “Batman Begins,” (“It’s not who I am underneath, but what I do that defines me.”) McElwee listed several behaviors that should have tipped managers off that Lloyd was likely to cause issues and led them to take additional precautions.
“First of all, he was demoted. That was a sign. … He was on someone’s radar as a problem employee,” McElwee said. “Second, he was considered to be a hothead. So, they might have expected a strong reaction when they were firing him and been able to take some additional precautions. Third, someone knew he was going to be fired. All of these factors should have raised lots of red flags.”
Support, not Punishment
Given cautionary tales like Omega’s, organizations might feel the best defense is to cut off insider attacks before they begin by locking down potentially difficult employees’ access to critical assets as soon as problems emerge, or by transferring, demoting or even terminating these workers. But participants in the webinar warned that these tactics are likely to backfire, creating the very situation they are intended to prevent.
Presenting Carnegie Mellon’s models for the incitement of insider fraud and sabotage events — the two most prominent types of incidents in its research — Costa observed that the vast majority of insider attacks have multiple contributing factors.
In the case of fraud, an individual may begin with no malicious intent toward their employer but move over time toward a decision to steal from the workplace because of family issues, financial pressures, resentment toward the company and other issues. Sabotage may stem from feeling underappreciated and mistreated by coworkers and management.
CERT’s model for predicting insider fraud | Carnegie Mellon University
Both situations can be aggravated by punitive measures such as reassignment, demotion or firing. An employee considering theft of company property may feel that such steps leave them with no legitimate option for solving their issues, while one thinking of sabotaging the workplace may feel insulted by attempts to remove their access and move forward with their plans.
“It’s this combination of concerning behavior and then maladaptive organizational responses, [and] these cycles that start to happen between more concerning behaviors exhibited and more maladaptive organizational responses,” Costa said. “There’s a tipping point where eventually the insider becomes motivated to cause harm to the organization.”
This does not mean that organizations should overlook warning signs for fear of pushing employees into a downward spiral, or that there are no situations where removing an insider’s access is appropriate. However, speakers emphasized that the most effective way to reduce the amount and impact of insider attacks is to understand the pressures that lead employees to cross the line and address them where possible.
“Everyone has vulnerabilities … and not all kinds of vulnerabilities are going to cause issues in their organization,” said Benjamin Gibson, a senior physical security analyst at the Electricity Information Sharing and Analysis Center. “It’s some of these confluences of factors … where you start raising the red flag. … Part of the program is to identify where the vulnerabilities are, know where the people might have vulnerabilities, and knowing can help mitigate [them].”
