Global Audit-Ready Standards Updates

This newsletter contains information of interest to compliance professionals in the electric utility industry. Cooper Compliance clients and non-clients alike will find useful, timely information, including the following:

Cooper Compliance News, Global Audit-Ready Enhancements, Industry News: Events, Cyber Security in the News, and Grid Reliability, New or Revised NERC Standards, Retiring Standards, Recently Enforceable Standards, Recent Changes to NERC Glossary, NERC Standards Under Development, and New RSAWs.

Cooper Compliance News

Cooper Compliance Global Audit-Ready products are cost-efficient and enable you to quickly focus on and enhance your compliance program instead of wasting time and money developing your own compliance systems and workflows in-house. Because Global Audit-Ready is an add-on, it allows you to put your resources to work in the most efficient way. Contact us to see how you can start enhancing your program with an installation that takes less than 15 minutes of your IT resources time!.

NERC Requirements List Updated

Added RSAWS for CIP-003-7, PRC-027-1, and EOP-006-3. The EOP-006-3 RSAW is version 2 and had previously been released by NERC as version 1.

Global Audit-Ready Application Enhancements

After the release of our two new products, the Global Audit-Ready Survey and the Global Audit-Ready Approval Tracking System, which let you survey SMEs for pertinent information and usher documents through approval processes while capturing all changes and comments as evidence, we have spent the month making changes recommended by our customers to enhance their experience with the Global Audit-Ready product. These types of enhancements are a key benefit to using Global Audit-Ready.

As part of the package offered to clients, subject matter experts present enhancement ideas to Cooper Compliance team and, if the changes makes sense for all clients, we implement them at no additional cost. This month, we have made enhancements to the following products:

Operator Instruction Log has been modified to include special forms for identifying personnel and equipment being worked on during switching or placing hold tags.

Survey Tool. Exciting changes to the Survey tool released this year let users streamline questions and open multiple tasks. For example, you can survey your subject matter experts to identify if they are making any changes to relays. Drill down questions can identify which types of relays. This may trigger multiple tasks that impact many standards. Tasks might include updating your entity's:

Assessment of BES Cyber Systems

FAC-008 rating

MOD-025, MOD-026, MOD-027 validation testing

PRC analysis and coordination

Cooper Compliance subject matter experts have developed a database of questions and associated tasks that work for all Standards using this tool, giving you a jump start on creating your own Survey questions. Customize each question and task to fit your specific needs.

Workflows and Reminders. The workflows associated with Global Audit-Ready have been enhanced to allow your entity to white list emails from SharePoint 365. This provides additional security to ensure your subject matter experts don’t get spammed or phished.

Global Audit-Ready Reports. The Global Audit-Ready reports have been enhanced to allow users to maintain specific information and documents that are important for internal tracking, but not necessary for audits. All reporting applications and audit documents can be triggered to show and print, or hide, this information.

Cooper Compliance listens to our users! Other minor enhancements have been implemented to our Compliance Activity Tracker, Dashboard, Audit Package Creator, and Operator Instruction Log. Customers may find these changes in our release notes.

Industry News

Industry Events

See Cooper Compliance and get a personalized demo of our NERC Compliance Software at the following events:

9th Annual North American Generator Forum Annual Meeting & Compliance Conference, October 15-17, NERC's office in Atlanta.

WECC Reliability & Security Workshop, providing in-depth outreach to address and mitigate key risks, October 22-24, Paris Hotel in Las Vegas.

GridSecCon 2019, bringing together cyber and physical security experts from industry and government to share emerging security trends, policy advancements, and lessons learned, October 22-25, Westin Peachtree Plaza in Atlanta.

Cyber Security

According to the Wall Street Journal, US launched a cyberattack that took down Iranian missile control computers on the night of June 20th. Iran may attempt to retaliate with spear-phishing strike back attacks against the U.S. Iran appears to be targeting U.S. government and energy sector entities, including oil and gas. For more information, see:

https://www.wsj.com/articles/u-s-launched-cyberattacks-on-iran-11561263454 (subscription)

According to multiple security websites, there is a new sophisticated scam targeting Microsoft 365 users that tricks victims into providing Office 365 credentials. An initial “file deletion” emails appears to be from the Microsoft Team, and prompts users to login into a very realistic-looking 365 login page, which is hosted by Azure, and therefore has a Microsoft-signed certificate. Read more about it by googling “”scam deletion alert Office 365” or viewing these security sites:

https://blog.knowbe4.com/file-deletion-alert-becomes-the-latest-scam-to-compromise-office-365-credentials

https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/

Grid Reliability

Argentina, Uruguay, and Paraguay were subject to a widespread blackout on June 20, putting the equivalent combined population of California, Oregon, and Washington in the dark. Preliminary reports suggested that the blackout likely originated from service disruptions on three 500kV circuits coming out of the municipality of Colonia Elía. One line experienced a fault, a second line tripped automatically, and the third was out of service at the time due to planned construction. Such an event serves as a reminder of why we strive for a reliable power grid through consistent and equally-applied regulations

FERC Order Regarding CIP-006-8

On June 20, the FERC Commission approved CIP-008-6 (Cyber Security – Incident Reporting and Response Planning) to become enforceable approximately 18 months from now, at which time CIP-008-5 will retire. CIP-008-6 is intended to mitigate the risk to the reliable operation of the BES from Cyber Security Incidents and applies to GOP, GO, TO, and some DPs. Under CIP-008-6, both Cyber Security Incidents, which are attempts to compromise, and Reportable Cyber Security Incidents, which are actual compromises, are required to be reported. The Commission also approved the revised definitions of “Cyber Security Incident” and “Reportable Cyber Security Incident” to include attempts to compromise.

Multiple Large CIP-Related Penalties Imposed

Keep on top of those CIP Standards, because the consequences can be dire if you do not! NERC's Enforcement Actions page (https://www.nerc.com/pa/comp/CE/Pages/Actions_2019/Enforcement-Actions-2019.aspx) contains notices of multiple large dollar amount penalties imposed in relation to non-compliant CIP Standards. On June 27, a $775,000 penalty was imposed and on May 30, two million dollar penalties were imposed. In keeping with security guidelines, these entities remain anonymous to help maintain cyber security.

New or Revised NERC Standards In the CCC Standards Database

None

Retiring Standards

PER-004-2 -- Reliability Coordination — Staffing. Applies to RC.

On November 21, 2018 in FERC order RD18-9-000 FERC approved retirement of PER-004-2. It becomes retired the day before PER-003-2 becomes effective, 6/30/2019.

Recently Enforceable Standards

PER-003-2 Operating Personnel Credentials 7/1/2019

TPL-007-3 Transmission System Planned Performance for Geomagnetic Disturbance Events 7/1/2019

Recent Changes to NERC Glossary

Recently Made Enforceable:

1/1/2019: Automatic Generation Control. A process designed and used to adjust a Balancing Authority Areas’ Demand and resources to help maintain the Reporting ACE in that of a Balancing Authority Area within the bounds required by applicable NERC Reliability Standards.

1/1/2019: Balancing Authority. The responsible entity that integrates resource plans ahead of time, maintains Demand and resource balance within a Balancing Authority Area, and supports Interconnection frequency in real time.

1/1/19: Pseudo-Tie. A time-varying energy transfer that is updated in Real-time and included in the Actual Net Interchange term (NIA) in the same manner as a Tie Line in the affected Balancing Authorities’ Reporting ACE equation (or alternate control processes).

10/1/2019: Qualified Path. A transmission element, or group of transmission elements that has qualified for inclusion into the Western Interconnection Unscheduled Flow Mitigation Plan (WIUFMP).

Recently Made Inactive

Inactive Date: 9/30/2019. Qualified Transfer Path.

NERC Standards Under Development

PRC-006-NPCC-2 - Automatic Underfrequency Load Shedding

Applies to GO, PC, CP, TO. This update will:

1) Remove redundancies with the most recent of the Continent-wide NERC Standard, PRC-006-3.

2) Ensure that UFLS island boundaries, once identified, are provided upon request to affected entities.

3)Minimum time UFLS relay time delay added to Attachment C tables and removed as a separate requirement

4)Added the ability for a TO or DP to calculate net load shed for UFLS if direct metering is not available

5)A number of minor clarifications.

6)Clarification that any compensatory load shedding for non-conformance with the Underfrequency trip specification for generation (in service prior to July 1, 2015) must be within the same island as the generator resides.

Comment Period 5/8/2019 6/21/2019

2018-04 Modifications to PRC-024-2 | Supplemental SAR

The purpose of this modification is to identify potential modifications to PRC-024-2 to ensure that inverter-based generator owners, operators, developers, and equipment manufacturers understand the intent of the standard in order for their plants to respond to grid disturbances in a manner that contributes to the reliable operation of the BPS.

Comment Period 6/27/2019 7/26/2019

2019-03 Cyber Security Supply Chain Risks

This project will modify the Supply Chain Standards; specifically it will address EACMSs, those systems that provide electronic access control to high and medium impact BES Cyber Systems.

Comment Period 6/27/2019 7/26/2019

New RSAWs

• CIP-003-7 – Cyber Security — Security Management Controls

• PRC-027-1 – Coordination of Protection System Performance During Faults.

• EOP-006-3 – System Restoration Coordination. This was an update to a previously released RSAW and contains errata only.

About

Cooper Compliance strives to simplify compliance by integrating compliance into our clients’ daily work. The Global Audit-Ready system records and stores evidence as you perform your normal activities, freeing-up time so you can focus on adding value to your organization. Let us know if we can help, or if you would like a demo of our transformative Global Audit-Ready compliance applications.

Cooper Compliance has been providing NERC Compliance services since 2007. The Global Audit-Ready Software suite by Cooper Compliance are SharePoint applications designed to provide automatic RSAW Development as well as controls to ensure accuracy when demonstrating compliance.