Category: FERC

FERC Released Recommendations to Improve Security

FERC Released Recommendations to Improve Security

On March 29, the Federal Energy Regulatory Commission (FERC) issued a report that had recommendations to help the “users, owners and operators of the bulk-power system assess their risks, compliance efforts and overall cyber security posture.” The suggestions in the report are all based upon the lessons FERC learned during the 2018 fiscal year from “non-public audits of several registered entities of the Bulk Electric System and staff reviews of emerging advanced cyber and physical threats to energy infrastructure.” Those lessons will help FERC improve security for “the nation’s electric grid, strengthen cyber security and help facilitate compliance with mandatory reliability standards.”

“FERC’s Office of Electric Reliability, with assistance from its Office of Enforcement, conducted the audits in collaboration with the North American Electric Reliability Corporation (NERC) and its regional entities.” The FERC Office of Energy Infrastructure also assisted with analyzing the data obtained by the audit.

The report’s recommendations are:

  • “Enhance documented processes and procedures for security awareness training to consider NIST SP 800-50, ‘Building an Information Technology Security Awareness and Training Program’ guidance.
  • Consider implementing valid Security Certificates within the boundaries of BES Cyber Systems with encryption sufficiently strong enough to ensure proper authentication of internal connections.
  • Consider implementing encryption for Interactive Remote Access (IRA) that is sufficiently strong enough to protect the data that is sent between the remote access client and the BES Cyber System’s Intermediate System.
  • Consider Internet Control Message Protocol (ICMP) as a logical access port for all the BES Cyber Assets.
  • Enhance documented processes and procedures for incident response to consider the NIST SP 800-61, “Computer Security Incident Handling Guide.”
  • Consider the remote configuration of applicable Cyber Assets via a TCP/IP-toRS232 Bridge during vulnerability assessments.
  • Consider the use of secure administrative hosts to perform administrative tasks when accessing either Electronic Access Control or Monitoring Systems (EACMS) or Physical Access Control Systems (PACS).
  • Consider replacing or upgrading “End-of-Life” system components of an applicable Cyber Asset.
  • Consider incorporating file verification methods, such as hashing, during manual patching processes and procedures, where appropriate.
  • Consider using automated mechanisms that enforce asset inventory updates during configuration management.”

The report also notes some lessons they previously learned:

  • “Conduct a thorough review of CIP Reliability Standards compliance documentation to identify where the documented instructional processes are inconsistent with actual processes employed.
  • For each remote cyber asset conducting IRA, disable all other network access outside of the connection to the applicable Cyber System that is being remotely accessed, unless there is a documented business or operational need.
  • Enhance documented processes and procedures for identifying BES Cyber System Information to consider the NERC Critical Infrastructure Protection Committee guidance document, ‘Security Guideline for the Electricity Sector: Protecting Sensitive Information.’”

“The audits evaluated the registered entities’ compliance with the applicable Critical Infrastructure Protection (CIP) Reliability Standards and identified other possible areas for improvement not specifically addressed by the CIP reliability standards.”

FERC Issues Final Rules to Revise Regulations to Confirm with the FPA’s Recent Changes

FERC Issues Final Rules to Revise Regulations to Confirm with the FPA’s Recent Changes

On February 21, the Federal Energy Regulatory Commission (FERC) issued two final rules revising regulations in order to conform to recent changes made by Congress to the Federal Power Act (FPA), in relation to FERC’s review of hydropower permits and public utility mergers.

The rule related to mergers “implements statutory changes to FPA section 203 by amending FERC regulations requiring a public utility to seek authorization to merge or consolidate jurisdictional facilities so that such authorization is required only when those facilities are valued at more than $10 million.”

These revisions will also require public utility companies to tell FERC about “mergers or consolidations if the facilities are valued at more than $1 million but less than $10 million.” It will also “reduce the regulatory burden on utilities for lower-value transactions, and the final action comes within the 180-day period set by Congress.”

The rule about hydropower “conforms the Commission’s regulations to the America’s Water Infrastructure Act of 2018, which amended sections of the FPA related to preliminary permits, qualifying conduit hydropower facilities, and start for payment of annual charges. Under the Act and the Commission’s amended rules, FERC can issue preliminary permits for four years and extend a permit once for an additional four years, instead of three-year terms for preliminary permits with a possible two-year extension.”

This rule also now allows FERC to “issue a second four-year extension if warranted by extraordinary circumstances.” FERC also increased the “maximum installed capacity for qualifying conduit exemptions is increased from five megawatts (MW) to 40 MW.”

FERC was authorized by the Act to “to issue extensions of the start of construction deadline for licenses for up to eight years, which affects the start of the payment of annual charges … Annual charges will begin two years after a license is issued or any extension deadline expires.”

The third rule FERC issued was to clarify and update the “requirements related to interlocking officers and directors.” FERC’s position on “late-filed applications and informational reports” was also clarified.

FERC Clarifies Reforms of Generator Interconnection Procedures and Agreements

FERC Clarifies Reforms of Generator Interconnection Procedures and Agreements

The Federal Energy Regulatory Commission (FERC) clarified its position on Order 845 on February 21. “Order No. 845 adopted ten reforms to improve certainty for interconnection customers, promote more informed interconnection decisions, and enhance the interconnection process.”

FERC received 12 requests for a rehearing or clarification on Order 845. “The draft order grants in part and denies in part the requests for rehearing and clarification.” While most of the reforms in 845 will remain unchanged, FERC granted the rehearing for some of the reforms. The rehearing was granted to clarify “two aspects of the reform to remove a limitation on the interconnection customer’s option to build.”

The Order requires “transmission providers [to] explain why they do not consider a specific network upgrade to be a standalone network upgrade, and second, allows transmission providers to recover option to build oversight costs.” It also clarifies two different parts of the “option to build reform by finding, first, that the Order No. 845 option to build provisions apply to all public utility transmission providers, including those that reimburse interconnection customers for network upgrades, and second, that the option to build does not apply to stand alone network upgrades on affected systems.”

The rehearing also covered reforms to “create a surplus interconnection service process,” explaining that FERC has no intentions to “limit the ability of RTOs and ISOs to argue that an independent entity variation is appropriate.”

There were clarifications regarding the “study model and assumption transparency.” It found that:

  • “Transmission providers may use the Commission’s critical energy/electric infrastructure information regulations as a model for evaluating entities that request network model information and assumptions.”
  • “The phrase ‘current system conditions’ does not require transmission providers to maintain network models that reflect current real-time operating conditions of the transmission provider’s system but should reflect the system conditions currently used in interconnection studies.”

They also clarified the reforms to “institute interconnection study deadline reporting requirements.” Another clarification was on “the date for measuring study performance metrics and clarifies that the reporting requirements do not require transmission providers to post 2017 interconnection study metrics. Instead, the first required report will be for the first quarter of 2020.”

As for the reforms on “requesting interconnection service below generating facility capacity,” a partial rehearing was granted “to find that an interconnection customer may propose control technologies at any time at which it is permitted to request interconnection service below generating facility capacity.”

They also addressed “the reform that allows interconnection customers to request interconnection service below generating facility capacity,” clarifying that transmission providers “must provide a detailed explanation if it determines additional studies at the full generating facility capacity are necessary when the interconnection customer has requested service below full generating facility capacity.”

The draft order denied other requests for rehearings or clarification.

The draft order will go into effect 75 days after it is published in the Federal Register. Public utility transmission providers have to “submit a single compliance filing, within 90 days of the issuance of this order, to comply with Order No. 845 and this draft order on rehearing and clarification.”

Federal Energy Regulatory Commission (FERC) Chairman Neil Chatterjee testified before the Senate Energy & Natural Resources Committee

Federal Energy Regulatory Commission (FERC) Chairman Neil Chatterjee testified before the Senate Energy & Natural Resources Committee

On February 14, the  Federal Energy Regulatory Commission (FERC) Chairman Neil Chatterjee testified before the Senate Energy & Natural Resources Committee to discuss cybersecurity in the energy industry. Chatterjee had three specific points to bring up in his testimony: “first, the evolution of mandatory reliability standards; second, the voluntary partnerships FERC has established with industry and other agencies; and third, the interdependency of the electric and natural gas systems.”

For the mandatory reliability standards, Chatterjee discussed the ruling under the Federal Power Act that gave FERC “authority to approve mandatory reliability standards developed by the North American Electric Reliability Corporation (NERC).” After these are approved, they become mandatory and either NERC or FERC enforces them. “NERC’s standards for cybersecurity, known as the Critical Infrastructure Protection (CIP) standards, became mandatory and enforceable in 2009.”

In the last ten years, “the CIP standards have matured considerably and now form an effective framework for protections against cyber threats,” Chatterjee said. As a result of the standards maturing, “the need for constant revisions to address discrete issues and, instead, has allowed both FERC and NERC to focus on tackling emerging threats.”  Chatterjee brought up two recent actions that FERC has taken in regard to this. “First, at our October 2018 Commission Meeting, FERC approved NERC’s proposed reliability standards to address supply chain threats. This action is particularly significant given that these specific threats to the energy sector continue to grow. Second, at our July 2018 Commission Meeting, FERC approved a final rule directing NERC to expand reporting requirements for critical systems.”

Chatterjee said the final ruling “directed NERC to develop a standard that requires registered entities to report successful and attempted intrusions into critical systems to NERC’s Electricity Information Sharing and Analysis Center, as well as to the Department of Homeland Security.” The Chairman said this was “an important step toward enhancing the collection and distribution of information on rapidly evolving threats.”

As for voluntary partnerships, Chatterjee said that even though the CIP standards are an “important baseline for cybersecurity practices,” merely complying “is not enough to achieve cybersecurity excellence.” FERC has developed “two-prong approach to address threats to energy infrastructure: mandatory reliability standards overseen by our Office of Electric Reliability, and voluntary initiatives overseen by our Office of Energy Infrastructure Security (OEIS).” OEIS works with partners in state and federal agencies as well as those in the industry “to develop and promote best practices for critical infrastructure security. These initiatives include … voluntary architecture assessments of interested entities, classified briefings for state and industry officials, and joint security programs with other government agencies and industry.”

Chatterjee wants to continue strengthening those partnerships, and in the spirit of that, FERC is holding a joint technical conference with the Department of Energy on March 28. “The conference will explore current threats against energy infrastructure, best practices for mitigation, current incentives for investing in physical and cybersecurity protections, and cost recovery practices at both the state and federal level.”

As for the interdependency of the electric and natural gas systems, Chatterjee expressed his concerns that “because of our nation’s growing use of natural gas for power generation, a successful cyberattack on the natural gas pipeline system could have a significant impact on the electric grid.”

“I recently met with TSA Administrator David Pekoske to discuss pipeline cybersecurity and was impressed by his focus on this vital issue as well as his pledge to taking further action to improve TSA’s oversight of pipeline security. While I think both industry and government have made significant strides toward addressing this issue, I believe more work still needs to be done, and the Commission stands ready to assist in these efforts.”

A full video of Chatterjee’s testimony can be viewed here.

FERC Staff Issues the DEIS for the Annova LNG Brownsville Project

FERC Staff Issues the DEIS for the Annova LNG Brownsville Project

On December 14, the Federal Energy Regulatory Commission (FERC) issued a Draft Environmental Impact Statement (DEIS) on the Annova LNG Brownsville Project. The Annova Project has proposed a project to construct and operate a liquefied natural gas (LNG) terminal on the Brownsville Ship Channel in Cameron County, Texas. The DEIS assesses the impacts that the LNG would have on the environment in the surrounding area.

“The Project consists of the following facilities:

  • pipeline meter station;
  • liquefaction facilities;
  • two LNG storage tanks;
  • marine and LNG transfer facilities;
  • control room, administration/maintenance building;
  • site access road; and
  • utilities (power, water, and communication systems).”

The assessment came to the conclusion that the Annova Project would have adverse effects on the environment. “However, the impacts on the environment from the proposed Project would be reduced to less than significant levels with the implementation of Annova’s proposed impact avoidance, minimization, and mitigation measures and the additional measures recommended by FERC staff.” FERC also came up with a few mitigation methods that they recommended should “be attached as conditions to any authorization issued” in regards to this project.

Some of the things that were factored into FERC’s decision were:

  • “impacts on wetlands and aquatic habitat, including Essential Fish Habitat, would be mitigated per Annova’s draft Conceptual Mitigation Plan;
  • Annova would implement its Project-specific Upland Erosion Control, Revegetation, and Maintenance Plan and Wetland and Waterbody Construction and Mitigation Procedures to minimize construction impacts on soils, wetlands, and waterbodies;
  • we recommend that all appropriate consultations with the FWS and NOAA Fisheries under the Endangered Species Act should be completed before construction is allowed to begin;
  • we recommend that Annova file all outstanding cultural resource reports and agency comments for our review before construction is allowed to begin;
  • the Coast Guard issued a Letter of Recommendation indicating the BSC would be considered suitable for the LNG marine traffic associated with the Project;
  • the LNG terminal design would include acceptable layers of protection or safeguards that would reduce the risk of a potentially hazardous scenario from developing into an event that could impact the offsite public; and
  • FERC’s environmental and engineering inspection and mitigation monitoring program for this Project would ensure compliance with all mitigation measures and conditions of any FERC Authorization.”

“Annova LNG is pleased FERC has acknowledged our proactive approach towards minimizing and offsetting the project’s environmental impacts,” said Omar Khayum, Annova LNG CEO. “Annova LNG is investing in electric motor-driven equipment to minimize air emissions, restoring former wetlands in the project vicinity to more than offset wetlands impacts, and actively contributing to efforts to protect the ocelot and other wildlife, including establishing a wildlife corridor on the project site.”

The Annova project’s layout was modified to avoid over 100 acres of wetlands and to create a 185-acre environmental conservation corridor. It also plans to restore over 250 acres of wetlands and shallow water habitat.

Volume I of the DEIS can be found here. Volume II of the DEIS can be found here.

The commenting period on the DEIS is open until February 4, after which time FERC will begin deliberating on a decision.

FERC Energy Infrastructure Updates for September 2018

FERC Energy Infrastructure Updates for September 2018

On November 5, the Federal Energy Regulatory Commission (FERC) issued an update on the Energy Infrastructure in the country, related to natural gas and hydropower, and covering the highlight for electric generation and transmissions.

One pipeline project was placed in service in September, while another three were certified, and one other pipeline project was proposed.

A total of 10 pipeline projects have been placed into service between January and September of 2018, whereas the same timeframe in 2017, a total of 18 were put in service. Forty-two pipeline projects have been certified in the first nine months of the year, while last year only 27 were certified.

No storage facilities were put into service in those months, and only a single one was put into service in 2017. Four storage facilities were certified, as opposed to only one in 2017.

One liquefied natural gas (LNG) project was put in service for exports, and none were certified for either imports or exports. Last year there were two LNG projects put in service in that timeframe, but none were certified.

As for electric generation, six different projects were put online in September. Three wind plants went online in September, whereas 32 have been brought online in the first nine months. Nine solar power facilities also went online, part of the 310 that have been put in action since January

Four coal plants have gone online this year, along with 68 natural gas facilities, one nuclear facility, 11 oil facilities, ten water, 11 biomass, two geothermal steam, and two waste heat facilities; none of these went online in September. This is compared to the same time period last year, where no coal plants, 79 natural gas, one nuclear, 18 oil, 12 water, 55 wind, 25 biomass, one geothermal steam, and 433 solar facilities were brought online.

There were a large number of proposed additions and retirements of facilities with the goal of being finished by October 2021. For coal there was one addition and 74 retirements; 291 additions and 112 retirements for natural gas; eight additions and retirements for nuclear power; 18 additions and 22 retirements for oil; 252 additions and 19 retirements for water; 57 additions and 24 retirements for biomass; 22 additions and no retirements for geothermal steam; 2,020 additions and five retirements for solar power; six additions and no retirements for waste heat; and 88 additions labeled under the “other” category, which encompasses  “purchased steam, tires, and miscellaneous technology such as batteries, fuel cells, energy storage, and fly wheel.”

The only update FERC had for hydropower was: “NorthWestern Corporation was issued an order raising the capacity of its Missouri-Madison Project No. 2188 from 303.500 MW to 305.240 MW. The project is located on the Missouri and Madison Rivers in Gallatin, Madison, Lewis and Clark and Cascade Counties, MT.”

There were no transmission activities in September that needed to be highlighted in the report, no projects were completed in that month.

FERC’s Annual Report on Enforcement

FERC’s Annual Report on Enforcement

On November 15, the Federal Energy Regulatory Commission’s (FERC) Office of Enforcement issued their 12th annual report on enforcement. As in previous years, the Office of Enforcement will maintain its focus on the threats “posed by fraud and market manipulation in wholesale energy markets” in order to ensure that this kind of conduct does “not undermine FERC’s goal of ensuring efficient energy services at reasonable cost or erode confidence in those markets to the detriment of consumers and competitors.”

The report highlights FERC’s focus on fraud and market manipulation, conduct that threatens the regulated markets transparency, serious violations of mandatory Reliability Standards, and anticompetitive conduct. The Report follows the trend from previous years, of providing the public with information about “the nature of non-public enforcement activities,” like surveillance inquiries, self-reported violations, and investigations that had been closed without enforcement action in the public.

During the presentation about the Report, FERC was informed that “the Report summarizes audits, market reports, litigation filings, and settlements which were approved by the Commission.” The Office of Enforcement said that the summaries are available to help any companies that are seeking to comply with FERC’s orders and regulations. The individuals and companies whose conduct was reviewed in this report were not identified in order to maintain confidentiality.

During the 2018 Fiscal Year, FERC approved six different settlements between Enforcement and subjects in order to resolve different matters. These settlements totaled about $83 million in civil penalties and $66 million in disgorgement. More information on this was included in the Report.

Some of the highlights of Enforcement Report include:

  • “Investigations staff opened 24 new investigations and closed 23 pending investigations with no action. Additionally, staff negotiated six settlements that resulted in more than $83 million in civil penalties and disgorgement of more than $66 million in unjust profits. These Commission-approved settlements included provisions requiring the subjects to enhance their compliance programs and periodically report back to Enforcement regarding the results of those enhancements.
  • Audits and Accounting staff completed 14 audits of oil pipelines, electric utilities and natural gas companies, resulting in 209 recommendations for corrective action and directing refunds and recoveries totaling more than $185 million. Additionally, DAA advised and acted on 435 proceedings at the Commission covering various accounting matters with cost-of-service rate implications.
  • Market Oversight staff continued its analysis of market fundamentals, and enhanced its capabilities for identifying anticompetitive market outcomes and anomalies that may indicate an exercise of market power. Market Oversight published its 2017 State of the Markets Report and Seasonal Assessment reports. It also held two Electric Quarterly Report user group meetings to discuss potential system improvements and enhancements.
  • Analytics and Surveillance staff reviewed numerous instances of potential misconduct and provided analytical expertise to Investigations staff in approximately 50 investigations. Natural gas surveillance screens produced approximately 7,719 alerts. Each month Analytics and Surveillance staff ran and reviewed 84 electric surveillance screens, hourly and intra-hour sub-screens, and reports for more than 36,000 hubs and pricing nodes within six regional transmission owner and independent system operator regions.”