1

NERCCTOTF – FALL 2011

© 2008 by NAES Corporation. All rights reserved. Use of this product is subject to the restrictions and terms and conditions of the operation and maintenance agreement between NAES Corporation and the ownership of the facility where this product is in use.

CTOTF – Fall 2011

2

Overview

Introduction

New/Revised Standards

Audit Expectations

Lessons Learned / Best Practices

Questions

3

Introduction to NAES

Formed in 1980

Largest 3rd Party O&M provider in North America, currently with over 37,000MWs of

generation under management in all technologies other than nuclear

Provide technical services in the following areas:

NERC

Reliability Compliance Program in use at over 210 facilities

Engineering

Environmental

CMMS

Procedures and Drawings

4

Introduction – Alan Bull, PE

Over 10 years of industry experience

Five years with NAES in various roles – currently NERC Manager

Five years as an electrical and controls field engineer with GE

5

New / Revised Standards

PRC-005-2 - Protection System Maintenance and Testing

CIP Revision 4 - Critical Infrastructure Protection

IRO-004-2 – Operations Planning

6

PRC-005-2

PRC-005 Revision 2 Status

Description of Current Draft:

This is the fourth draft of the Standard. This standard merges previous standards PRC-005-1,

PRC-008-0, PRC-011-0, and PRC-017-0. It also addresses FERC comments from Order 693, and

addresses observations from the NERC System Protection and Control Task Force.

7

PRC-005-2

What is the next step in the process?

Post for 45-day comment period - Aug 15 – Sept 14, 2011

Conduct successive ballot - Sept 19 – 28, 2011

If it passes the ballot sent to NERC BOT

If approved by NERC BOT, then sent to FERC BOT

Implementation

R1 – 12 months following approval

R2 & R3 – 15 – 168 months depending on the test frequency of the protective system

devices

8

How will this affect you?

Changes to PRC-005-2 have not yet been approved by NERC or FERC.

All drafts as well as the implementation plan can be found at NERC.com in the “Standards

Under Development” section as Project 2007-17 Protection System Maintenance and Testing

– PRC-005.

Protective System and Maintenance Program updates.

Updated definition of Protective System

9

Protective System Definition

Protective relays which respond to electrical quantities,

Communications systems necessary for correct operation of protective functions,

Voltage and current sensing devices providing inputs to protective relays,

Station dc supply associated with protective functions (including station batteries, battery

chargers, and non-battery-based dc supply), and

Control circuitry associated with protective functions through the trip coil(s) of the circuit

breakers or other interrupting devices.

10

PRC-005 Rev 2

PRC-005 Revision 2

R1. Each Transmission Owner, Generator Owner, and Distribution Provider shall establish a

Protection System Maintenance Program (PSMP) for its Protection Systems designed to provide

protection for BES Element(s). The PSMP shall:

1.1. Address all Protection System component types (same as before)

1.2. Identify which maintenance method (time-based, performance-based (per PRC-005

Attachment A), or a combination) is used to address each Protection System component

type. All batteries associated with the station dc supply component type of a Protection

System shall be included in a time-based program as described in Table 1-4.

1.3. Identify the associated maintenance intervals for time-based programs, to be no less

frequent than the intervals established in Table 1-1 through 1-5 and Table 2.

11

PRC-005 Rev 2

1.4. Include all applicable monitoring attributes and related maintenance activities

applied to each Protection System component type consistent with the maintenance

intervals specified in Tables 1-1 through 1-5 and Table 2.

R2. Each Transmission Owner, Generator Owner, and Distribution Provider that uses

performance-based maintenance intervals in its PSMP shall follow the procedure established

in PRC-005 Attachment A to establish and maintain its performance-based intervals.

R3. Each Transmission Owner, Generator Owner, and Distribution Provider shall implement

and follow its PSMP and initiate resolution of any identified maintenance correctable issues.

Maintenance Correctable Issue - Failure of a component to operate within design

parameters such that it cannot be restored to functional order by repair or calibration

during performance of the initial on-site activity. Therefore this issue requires follow-up

corrective action.

12

PRC-005 Rev 2 – Protective Relays

13

PRC-005 Rev 2 Summary

Time Based VS Condition Based Programs

Specific monitoring criteria

Longer intervals

Monitoring functions for relays

No longer need a basis

The table is a “not to exceed” guideline, your own PSMP can be stricter

14

CIP Revision 4

CIP Revision 4 - Status

CIP-002-4 through CIP-009-4 status: Approved by BOT on 1/24/2011. Waiting approval from FERC.

CIP-002-4: Critical Asset Identification Method requirement removed.

CIP-003-4 through CIP-009-4: No major changes. Effective Date: The first day of the eighth calendar quarter after applicable

regulatory approvals have been received (or the Reliability Standard otherwise becomes effective the first day of the ninth calendar quarter after BOT adoption in those jurisdictions where regulatory approval is not required).

15

CIP Revision 4

Why is NERC updating CIP standards to revision 4?

Number of “self identified” critical assets lower than expected.

Lack of trust from authorities concerning the Critical Asset Identification Methods.

16

CIP-002-4

CIP-002 Revision 4 – Requirements

R1. Critical Asset Identification — The Responsible Entity shall develop a list of its identified

Critical Assets determined through an annual application of the criteria contained in CIP-002-

4 Attachment 1 – Critical Asset Criteria. The Responsible Entity shall update this list as

necessary, and review it at least annually.

17

CIP-002-4

CIP-002 Revision 4 – Requirements

R2. Critical Cyber Asset Identification— Using the list of Critical Assets developed pursuant

to Requirement R1, the Responsible Entity shall develop a list of associated Critical Cyber

Assets essential to the operation of the Critical Asset. The Responsible Entity shall update

this list as necessary, and review it at least annually.

For the purpose of Standard CIP-002-4, Critical Cyber Assets are further qualified to be

those having at least one of the following characteristics:

The Cyber Asset uses a routable protocol to communicate outside the Electronic

Security Perimeter; or,

The Cyber Asset uses a routable protocol within a control center; or,

The Cyber Asset is dial-up accessible.

18

CIP-002-4

CIP-002 Revision 4 – Requirements

R3. Annual Approval —The senior manager or delegate(s) shall approve annually the list of

Critical Assets and the list of Critical Cyber Assets. Based on Requirements R1 and R2 the

Responsible Entity may determine that it has no Critical Assets or Critical Cyber Assets. The

Responsible Entity shall keep a signed and dated record of the senior manager or

delegate(s)’s approval of the list of Critical Assets and the list of Critical Cyber Assets (even

if such lists are null.)

19

CIP-002-4 Attachment 1

1.1. Each group of generating units (including nuclear generation) at a single plant location with an

aggregate highest rated net Real Power capability of the preceding 12 months equal to or exceeding 1500

MW in a single Interconnection.

1.2. Each reactive resource or group of resources at a single location (excluding generation Facilities)

having aggregate net Reactive Power nameplate rating of 1000 MVAR or greater.

1.3. Each generation Facility that the Planning Coordinator or Transmission Planner designates and

informs the Generator Owner or Generator Operator as necessary to avoid BES Adverse Reliability Impacts

in the long-term planning horizon.

1.4. Each Blackstart Resource identified in the Transmission Operator's restoration plan.

1.5. The Facilities comprising the Cranking Paths and meeting the initial switching requirements from the

Blackstart Resource to the first interconnection point of the generation unit(s) to be started, or up to the

point on the Cranking Path where two or more path options exist, as identified in the Transmission

Operator's restoration plan.

Sections 1.6 to 1.11 Pertain to Transmission Facilities

20

CIP-002-4 Attachment 1

1.7. Transmission Facilities operated at 300 kV or higher at stations or substations interconnected at 300

kV or higher with three or more other transmission stations or substations.

1.8. Transmission Facilities at a single station or substation location that are identified by the Reliability

Coordinator, Planning Authority or Transmission Planner as critical to the derivation of Interconnection

Reliability Operating Limits (IROLs) and their associated contingencies.

1.9. Flexible AC Transmission Systems (FACTS), at a single station or substation location, that are identified

by the Reliability Coordinator, Planning Authority or Transmission Planner as critical to the derivation of

Interconnection Reliability Operating Limits (IROLs) and their associated contingencies.

1.10. Transmission Facilities providing the generation interconnection required to connect generator

output to the transmission system that, if destroyed, degraded, misused, or otherwise rendered

unavailable, would result in the loss of the assets identified by any Generator Owner as a result of its

application of Attachment 1, criterion 1.1 or 1.3.

21

1.12. Each Special Protection System (SPS), Remedial Action Scheme (RAS) or automated switching system

that operates BES Elements that, if destroyed, degraded, misused or otherwise rendered unavailable,

would cause one or more Interconnection Reliability Operating Limits (IROLs) violations for failure to

operate as designed.

1.13. Each system or Facility that performs automatic load shedding, without human operator initiation, of

300 MW or more implementing Under Voltage Load Shedding (UVLS) or Under Frequency Load Shedding

(UFLS) as required by the regional load shedding program.

Sections 1.14 through 1.17 pertain to control centers and back up control centers.

CIP-002-4 Attachment 1

22

Eliminates subjectivity by entities over what is “critical”.

CIP-004-2 Attachment 1 identifies the Critical Assets.

Important criterions for GO/GOPs:

1.1: Generation unit with a real power capability equal or exceeding 1500MW.

1.2: Reactive resources having Reactive Power nameplate rating of 1000MVAR or greater.

1.3: Generation facilities deemed by Planning Coordinator or Transmission Planner as necessary to avoid BES Adverse Reliability Impacts.

1.4: Blackstart Resources.

1.12: Special Protection Systems, Remedial Action Scheme or automated switching systems that operates BES elements.

1.13: Facilities that performs automatic load shedding of 300MW or more.

1.14: Control or Backup centers that perform the functional obligations of the Reliability Coordinator.

CIP-002-4 Summary

23

IRO-004 Revision 2

IRO-004-2

NERC decided to retire requirements R1 through R6 from IRO-004-1.

IRO-004-2 requirement is IRO-004-1 R7.

Effective in July 2011.

Applicable to Balancing Authorities, Transmission Operators & Transmission Service

Providers.

Purpose of the standard:

Make sure that applicable entities comply with the Reliability Coordinator directives,

so the BES can be operated reliably in anticipated normal and contingency conditions.

24

IRO-004 Revision 2

IRO-004-2

R1. Each Transmission Operator, Balancing Authority, and Transmission Service Provider shall comply with the directives of its Reliability Coordinator based on the next day assessments in the same manner in which it would comply during real time operating events.

25

IRO-004 Revision 2

Why did NERC update IRO-004 standard to revision 2?

IRO-004-1 has inaccurate language.

NERC claims that retired requirements (R1-R6) from IRO-004-1 are appropriately addressed in new Reliability Standards IRO-008-1, IRO-009-1 & IRO-010-1a.

NERC asserts that the requirements in currently-effective IRO-014, IRO-015, and IRO-016 are aimed at ensuring that reliability coordinators coordinate their actions with one another and act in the best interest of the interconnection as a whole.

26

Audit Expectations

Region Publishes Audit Schedule – usually by November of prior year.

Audit will be for the enforceable standards within the entity’s registered function.

Enforceable Standards are published by NERC – usually by August of prior year – in the Compliance Monitoring and Enforcement Program.

Approximately 90 Days prior to your audit you will receive an audit packet that includes your auditors name and bio and the requested data in the for of Reliability Standard Audit Worksheets (RSAWs).

The RSAWs are completed and returned to the lead auditor prior to the audit date

27

NERC Standards Violations

28

NERC Standards Violations

29

NERC Standards Violations

The percentage of CIP to Non-CIP violations has risen to 64%.

6 month violation receipt average : January 1, 2011 through June 30, 2011: 274 violations/month

Between June, 2007 and June, 2011 7414 violations have been found.

The following table describes the amount of penalty that could be applied for each day that a violation continues:

30

Lessons Learned from PRC-005 Findings:

Violations primarily stemmed from missed intervals.

Use your CMMS to track Protective System Devices.

Ensure that ALL protective system components listed in PRC-005 are captured in your PSMT

plan - this will include Battery Chargers sometime in the near future.

1 day late or 1 relay missed could equal a NERC violation, be diligent – manage your

contractors.

Follow your plan.

Lessons Learned

31

Lessons Learned from VAR-002 Findings:

All Automatic Voltage Regulators should be operated in Automatic and controlling voltage

unless specifically directed by the Transmission Operator.

WECC requires ALL Generators to operate in Auto – exceptions for maintenance only.

Any change in operation, status or capability of the AVR requires contact to your TOP within

30 minutes.

Lessons Learned

32

Lessons Learned from FAC-008/FAC-009 Findings:

Violations were due to having an incomplete ratings methodologies that did not include the

most limiting applicable equipment rating.

Ensure that there is a specific statement in your FAC-008 document that addresses your

most limiting factor.

Lessons Learned

33

Lessons Learned from FAC-008/FAC-009 Findings:

As discussed in CAN-0018, terminal equipment includes:

Wave Traps

Potential devices

Disconnect Switches

Breakers

Fuses

“Any piece of equipment that is in series with the circuit and that could become a limiting element.”

Ensure all listed items are discussed in your methodolgy

Lessons Learned

34

Lessons Learned from CIP-002 Findings:

Methodologies Impact-based rather than Risk-based. (CIP-002-3 R1. Critical Asset

Identification Method — The Responsible Entity shall identify and document a risk based ‑

assessment methodology to use to identify its Critical Assets.)

Critical Assets List not annually reviewed or diligently updated.

Lessons Learned

35

NAES Reliability Compliance

Email: Reliability@NAES.com

Phone: 425-270-6400

Alan Bull

Sean Thompson

Joseph Bennett

Angela Small

Remy Barquero

Questions