Expanding Risk-Based Focus in Standards, Compliance Monitoring, and Enforcement
RELIABILITY FIRST (RF) COMPLIANCE USER GROUP (CUG) MEETING
February 18, 2022FERC to Issue Interim Green House Gas (GHG) Policy Statement
February 21, 2022
Summary:
The ERO Enterprise has shifted from a primarily compliance-focused approach to one that incorporates a more holistic, risk-based approach in pursuit of continuous improvement, innovation, and value-driven efforts. Compliance with Reliability Standards remains fundamental to the collective mission to maintain reliability, resilience, and security. By maintaining and expanding a risk-based focus in its operations, the ERO Enterprise is able to apply resources to the most significant reliability risks and better respond to emerging risks. As the resource situation continues to become more complicated and dependent on other critical infrastructures and weather conditions, the ERO Enterprise must be prepared to take necessary action to prepare the system for the most critical reliability risks, particularly extreme weather events and supply chain vulnerabilities, in addition to continuing to align and streamline routine compliance and enforcement activities.
Additional Discussion:
The criticality of supply chain risk mitigation, which has been a NERC priority since 2016, has been highlighted even further over the past two years by a marked increase in supply chain compromises perpetrated by nation-state actors. Without trusted suppliers working with asset owners and operators, industry will struggle to increase or maintain reliability while directly addressing the ever-increasing security threats to the grid.
As a core element of its mission, the ERO Enterprise works closely with industry, forums, government, and other organizations to perform ongoing analyses of significant known reliability risks to the BPS. The ERO Enterprise also collaborates with subject matter experts and other stakeholders as appropriate to assess emerging risks that result from grid transformation, extreme natural events, cyber and physical security vulnerabilities, and critical infrastructure interdependencies. The ERO Enterprise collects substantial amounts of data and information on the ongoing performance of the BPS along with projected system conditions. The evaluation of early indicators of risk that is supported by data and analysis drives action across industry that support BPS reliability.
In NERC's recent ERO Reliability Risk Report, NERC provided a holistic view of the risk landscape that faces the BPS now and in the future and serves as a road map for the identification of key emerging risks and potential mitigating activities to address those risks. The report presented the results of the Reliability Issues Steering Committee’s (RISC) efforts to strategically define and prioritize risks to BPS reliability and identified four significant, evolving, and interdependent risk categories; the most significant—grid transformation—has broad implications as it can be a catalyst for additional changes. The report also examined three additional risk categories in detail: security; extreme natural events; and critical infrastructure interdependencies, such as the ability to deliver natural gas to generating units supporting the reliability, resilience, and security of the BPS. The report addressed recommendations that the ERO Enterprise and industry should take to enhance reliability, resilience, and security to manage those risks.
In the NERC 2021 State of Reliability report, it was recommended that the ERO Enterprise and industry should continue improving their ability to model, plan, and operate a system with a significantly different resource mix. Additionally, the report recommended that system planners should evaluate the need for flexibility as conventional generation retirements are considered by industry and policymakers. Retirement planning studies should consider Interconnection-level impacts and sensitivity assessments associated with the loss of critical transmission paths and the loss of local generation in larger load pockets. The report also recommended that the ERO and industry develop comparative measurements and metrics to understand the different dimensions of resilience during the most extreme events and how system performance varies with changing conditions. Finally, the report recommended that the ERO Enterprise, industry, and government significantly increase the speed and detail of the cyber and physical security threat information that is shared. This will allow the Enterprise to counter the increasingly complex and targeted attacks by capable nation-state adversaries and criminals that could be a threat to critical infrastructure. This should be complemented by a review of cyber security standards, supply chain procurement, risk assessments, and a review of the CIP standards’ bright-line criteria between high-, medium-, or low-impact assets.
Associated Files:
