As part of a long-term effort to ensure the reliability of the North American grid, an upgraded Bulk Electric System (BES) definition and revised set of standards are being applied to more market participants in Ontario, including 32 generators who were not previously covered by the standards. In some cases there will be significant new compliance responsibilities for Ontario generators. The Northeast Power Co-ordinating Council (NPCC) notes that the rules are intended to focus on “system elements on which faults or disturbances can have a significant adverse impact outside of the local area.”
Although the standards are overseen on a continent-wide basis by the North American Electric Reliability Corporation (NERC), the responsibility for implementation in Ontario lies with the Independent Electricity System Operator. There are two practical aspects to the implementation: First, there is an updated definition of the BES, which is important because the definition is applicable to market participants depending on whether they own elements that are considered essential to the reliability of the BES. Second there is a revised set of standards, known as CIP5, short for Critical Infrastructure Protection version 5. Much of the current round of consultations and related work now underway in Ontario relates directly to the method of defining who is and who is not part of BES.
Hydro Review notes that, “Version 5 of the Critical Infrastructure Protection (CIP) Reliability Standards were approved by the Federal Energy Regulatory Commission (FERC) in November 2013 in an effort to reduce the likelihood of major cyber (and now physical) attacks on critical electric infrastructure and prevent the worst-case scenarios from becoming reality.” Although applicability is defined more specifically below, in general, if your facilities are considered necessary for the reliable operation of the interconnected bulk-power transmission system, you will likely have to comply with the CIP 5 requirements. The CIP rules have been evolving since 2005. Version 5 represents a major stage in their development that is expected to be enforced fully across the continent in less than two years. The implementation plan has an enforcement date of July 1, 2016 in Ontario. However, as the IESO hastens to point out, many actions need to be taken well before that date, in order to ensure compliance.
Protection of BES Cyber Assets and BES Cyber Systems are now the focus of the CIP standards. If the CIP 5 standards apply to your facility you will almost certainly need to allocate resources and employ high level expertise to deal with issues including “high watermarking,” configuration change management and vulnerability assessments. Affected entities are also required to conduct a written or active vulnerability assessment every 15 months. A July 2014 article in Hydro Review summarizes CIP V5 obligations for affected parties in general as follows:
• Beef up their cyber security policy or policies for CIP-003;
• Ensure that their Electronic Security Perimeter (ESP) extends to the “high water mark” of their High and Medium Impact BES Cyber Systems;
• Monitor in- and out-bound traffic from an ESP for malicious communications;
• Utilize encryption, multi-factor authentication, and intermediate devices for Interactive Remote Access;
• Implement a robust patch management process for tracking, evaluating and installing security patches for applicable Cyber Assets;
• Create a baseline of all ports and services;
• Bolster their change management and vulnerability assessment processes; and
• Ensure all BES Cyber System Information is properly stored or disposed.
Only a few generators in Ontario were considered part of the BES under the old definition; the new definition has added 32 generators to the list of in Ontario who must comply with NERC standards, including the CIP V5 standards. The approach to communicate the rule change was designed to ensure that each market participant knew how they were affected and done in a way to protect their confidentiality. This change impacts very specific elements of customer equipment and broadly communicating on it limits the ability to ensure the right information is being heard.
In early 2013 the IESO prepared an initial list of BES facilities in Ontario based on the Phase I BES definition, the Reference Document produced by the Standard Drafting Team, and FERC comments. Status letters were issued to all IESO-controlled-grid connected participants at that point. A Phase 2 assessment was conducted in early 2014. Letters were again issued in late May 2014 to all participants with facilities connected to the IESO-controlled-grid in Ontario. The letters indicated whether the recipient owned facilities or elements that are considered BES under the new definition and what those facilities were, or alternatively that the recipient did not own BES facilities according to the application of the definition.
The IESO weekly bulletin of April 24, 2014 included an announcement about the IESO forum on the NERC CIP version 5 transition. The CIP Standard Transition Forum is now established and meets once a month. Generators are actively participating in the Forum. Martine Holmsen of the IESO notes that, “This is a peer-to-peer forum, designed to help generators and other affected market participants assess the specific impact on their own facilities.” For more information about the Forum, market participants can contact
Holmsen stresses that, “Each generator will be impacted in different ways – it depends on their risk profile, but also on their current state of readiness – which is why these efforts to raise awareness and engage generators are so important.”
BES facility and Element owners must:
• Comply with all applicable NERC Reliability Standards
• Potentially implement internal processes to retain evidence in support of compliance (for auditing purposes)
• Participate in the Ontario Reliability Compliance Program (ORCP) which monitors, through self-certifications, NERC’s Actively Monitored List (AML) annually
• Self report potential NERC standard violations
• Undergo NERC Reliability Standard audits (on-site or spot checks) at the request of MACD.
Even facilities classified as low-impact assets may have compliance responsibilities under CIP 5. Stephen Parker, writing in Power magazine, says, “Generators are required to develop and implement security policies that address four specific areas of concern: security awareness, physical security, remote access connections, and incident response.”
The IESO has designed and implemented a tool to assist Market Participants determine which NERC reliability standards apply to them based on their Functional Entity type and other requirements. Link: http://www.ieso.ca/imoweb/ircp/orcp.asp.
The IESO’s July 2014 presentation on the BES summarizes what the changes are likely to mean for market participants, with the following points:
• Review BES lists that were sent out May, 2014.
• Determine what incremental standards apply to you.
• Assess impact to your existing processes.
• Assess if a BES Exception application is warranted based on your internal assessment and application of assessment criteria in MM 11.4.
• If warranted, submit BES Exception Application to IESO if you feel the new BES Definition may unnecessarily classify elements as BES or vice versa.
• Elements classified as BES but not necessary for the Reliable Operation of the interconnected bulk-power transmission system or vice versa.
• Applications accepted effective Jan 1, 2014.
In the process of preparing for CIP V5 implementation, the IESO made market rule changes. Ontario Market Rule Amendments were required in order to:
• Grant the IESO authority to establish an Ontario BES Exception Procedure.
• Grant the IESO Board authority to approve or disapprove BES Exception requests.
• Permit market participants who own elements and facilities or connection applicants to use the Ontario BES Exception Procedure.
• Allow the IESO to recover costs associated with assessing and processing BES Exception requests
• Grant right of appeal to a market participant whose BES exception request is denied.
The Market Rule Amendments were approved by the IESO Board on September 7 2012.