alberta electric system operator - auc · cyber security – system security management...

Decision 3441-D01-2015

Alberta Electric System Operator Application regarding Critical Infrastructure Protection Alberta reliability standards September 14, 2015

Alberta Utilities Commission

Decision 3441-D01-2015

Alberta Electric System Operator

Application regarding Critical Infrastructure Protection Alberta reliability standards

Application 1610881

Proceeding 3441

September 14, 2015

Published by the:


Fifth Avenue Place, Fourth Floor, 425 First Street S.W.

Calgary, Alberta

T2P 3L8

Telephone: 403-592-8845

Fax: 403-592-4406

Website: www.auc.ab.ca

http://www.auc.ab.ca/

Decision 3441-D01-2015 (September 14, 2015) • i

Contents

1 0BINTRODUCTION ................................................................................................................. 1

2 1BBBACKGROUND ................................................................................................................... 2

3 RELEVANT STATUTORY AND REGULATORY PROVISIONS ............................... 4

4 2BCOMMISSION FINDINGS AND DECISION .................................................................. 5 4.1 Confidentiality requests ................................................................................................. 5

4.1.1 Commission findings regarding confidentiality................................................ 5 4.2 Technically deficient ...................................................................................................... 5

4.2.1 Commission findings regarding the objection that the CIP Standards are

technically deficient ...................................................................................................... 6

4.3 Not in the public interest ................................................................................................ 6

4.3.1 Not in the public interest due to the implementation period ............................. 6 4.3.2 Not in the public interest due to costs ............................................................... 7

4.3.3 Not in the public interest due to a lack of interpretative guidance ................... 8 4.3.4 Commission findings regarding the objection that the CIP Standards are not in

the public interest .......................................................................................................... 8 4.4 Inconsistent with Section 21(3) of the Transmission Regulation .................................. 9


inconsistent with Section 21(3) of the Transmission Regulation ................................. 9

Appendix 1 – Proceeding participants ...................................................................................... 11

Appendix 2 – Abbreviations ....................................................................................................... 12

Decision 3441-D01-2015 (September 14, 2015) • 1


Calgary, Alberta

Alberta Electric System Operator Decision 3441-D01-2015

Application regarding Critical Infrastructure Application 1610881

Protection Alberta reliability standards Proceeding 3441

1 0BIntroduction

1. On September 29, 2014, the Alberta Utilities Commission (AUC or the Commission)

received three applications from the Alberta Electric System Operator (AESO)1 for Commission

review and approval of 11 recommended new Critical Infrastructure Protection (CIP) Alberta

reliability standards (the CIP Standards) pursuant to Section 19 of the Transmission Regulation.

The applications were assigned proceeding numbers 3441, 3442 and 3443 respectively in the

Commission’s electronic filing system.

2. Proceeding 3441 is the AESO’s application for approval of the following 11 CIP Alberta

reliability standards.

Cyber Security – BES Cyber System Categorization CIP-002-AB-5.1

Cyber Security – Security Management Controls CIP-003-AB-5

Cyber Security – Personnel & Training CIP-004-AB-5.1

Cyber Security – Electronic Security Perimeter(s) CIP-005-AB-5

Cyber Security – Physical Security of BES Cyber Systems CIP-006-AB-5

Cyber Security – System Security Management CIP-007-AB-5

Cyber Security – Incident Reporting and Response CIP-008-AB-5

Cyber Security – Recovery Plans for BES Cyber Systems CIP-009-AB-5

Cyber Security – Configuration Change Management and Vulnerability Assessments

CIP-010-AB-1

Cyber Security – Information Protection CIP-011-AB-1

Cyber Security – Implementation Plan for Version 5 CIP Security Standards CIP-PLAN-

AB-1

3. The AESO stated in its application that the CIP Standards were adopted from North

American Electric Reliability Corporation (NERC) Version 5 CIP reliability standards in the

1 The Independent System Operator (ISO) is established under Section 7(1) of the Electric Utilities Act and operates

under the trade name AESO.

Critical Infrastructure Protection Alberta reliability standards Alberta Electric System Operator

2 • Decision 3441-D01-2015 (September 14, 2015)

United States of America, and included modifications made by the AESO to ensure that the CIP

Standards are capable of applying in Alberta.

4. Proceeding 3442 contained the AESO’s application for approval of 22 reliability standard

definitions to be added to the ISO Consolidated Authoritative Document Glossary, and is

considered in a separate decision.

5. Proceeding 3443 included a request by the AESO that the Commission commence a

written proceeding to determine whether some or all of the costs to be incurred by particular

generating unit owners to comply with the CIP Standards are the responsibility of the particular

generating unit owners or the responsibility of the AESO. On November 25, 2014, the

Commission determined that it would consider Proceeding 3443 at a later date (see Proceeding

3441, exhibit 0055.01).

6. The main dispute in Proceeding 3441 relates to the length of time permitted under

Alberta reliability standard Cyber Security – Implementation Plan for Version 5 CIP Security

Standards CIP-PLAN-AB-1 for responsible entities to comply with the CIP Standards applicable

to bulk electric systems (BES) cyber systems and assets categorized as medium impact under

Cyber Security - BES Cyber System Categorization CIP-002-AB-5.1.

7. After considering the evidence and arguments presented in this proceeding, and for the

reasons given in this decision:

(a) The Commission finds that no interested person has satisfied the Commission that

the AESO’s recommendation to approve the CIP Standards is technically

deficient.

(b) The Commission finds that no interested person has satisfied the Commission that

the AESO’s recommendation to approve the CIP Standards is not in the public

interest.

(c) The Commission further finds that no contravention of Section 21(3)(a) of the

Transmission Regulation has been proved that might render the AESO’s

recommendation to approve the CIP Standards not in the public interest.

(d) The Commission approves the CIP Standards to become effective on the dates

proposed by the AESO.

2 1BBBackground

8. On October 7, 2014, the Commission issued a notice of filing and for objection for the

CIP Standards by uploading the notice to the Commission’s eFiling system and posting the

notice on the AUC website.2

9. On October 21, 2014, the Commission received objections in Proceeding 3441 from

Capital Power Corporation (Capital Power), TransAlta Corporation (TransAlta) and

TransCanada Energy Ltd. (TCE). Statements of intent to participate (SIPs) were also received

2 Exhibit 0052, AUC Notice of Application 1610881, October 7, 2014.



from ATCO Power Canada Ltd. and EPCOR Distribution & Transmission Inc., both of which

indicated an interest in monitoring this proceeding.

10. The AESO’s application indicated that the Sundance generation facility is currently the

only generator in Alberta expected to be identified by the responsible entity as containing a

medium impact BES cyber system under the proposed CIP Standards.3 TransAlta is the owner

and operator of the Sundance generation facility and the power purchase arrangement (PPA)

owner.4 TCE is the PPA buyer from TransAlta for 100 per cent of the capacity generated by

Sundance Units 1 and 2, as well as the buyer for 50 per cent of the capacity generated by

Sundance Units 3 and 4.5

11. On December 17, 2104, Capital Power withdrew its objection in Proceeding 3441, stating

that “Capital Power Corporation (‘Capital Power’) no longer objects to the Alberta Electric

System (‘AESO’) implementing the CIP 5 Cyber Security Reliability Standards (‘CIP 5’).”6

12. On April 2, 2015, TransAlta submitted a letter advising the Commission that “TransAlta

is withdrawing from Proceeding 3441 and 3442 as TransAlta is of the view that the proposed

Supplemental CIP Standard will formalize flexibility in implementation of the CIP standards.”7, 8

13. TransAlta also requested that its evidence filed on December 17, 2014 be expunged from

the record. It submitted that it was in the public interest to ensure that information respecting the

reliability of generating units be removed from the record.9 The Commission received no

objections to this TransAlta request, and on April 23, 2015, the Commission ordered that

TransAlta’s December 17, 2014 evidence be removed from the public record.10

14. On June 5, 2015, the Commission received a further request from TransAlta that the

Commission direct parties to destroy any copies of TransAlta’s December 17, 2014 evidence and

direct that parties may not rely upon the December 17, 2014 evidence. TransAlta stated that it

“… considers that a number of aspects of the December 17 Evidence are no longer reliable.”11

15. On June 11, 2015, TCE filed a letter with the Commission requesting that it be allowed to

file revised evidence on the basis that in light of TransAlta’s June 5, 2015 letter, TCE may have

“placed unreliable evidence on the record of this Proceeding.”12 On June 15, 2015, after

considering submissions from the AESO regarding this TCE request, the Commission granted

TCE’s request to file revised evidence.13

3 Exhibit 3441-X0047, AESO Reply Argument, July 9, 2015, page 7, paragraph 17.

4 Exhibit 3441-X0030, AESO Written Evidence, April 30, 2015, page 1, paragraph 2.

5 Exhibit 3441-X0041, TCE Motion for Confidential Treatment and Revised Evidence, June 15, 2015, page 1,

paragraph 3. 6 Exhibit 0062, Capital Power response to notices of applications, December 17, 2014.

7 Exhibit 3441-X0022, TransAlta LT AUC re Withdrawal, April 2, 2015.

8 On May 8, 2015, the AESO filed an application for CIP-SUPP-001-AB (CIP-SUPP) which allows responsible

entities to request variances with respect to the requirements of the CIP Alberta reliability standards. See AUC

Decision 20417-D01-2015. 9 Exhibit 3441-X0022, TransAlta LT AUC re Withdrawal, April 2, 2015.

10 Exhibit 3441-X0026, AUC ruling on TransAlta request for removal of records, April 23, 2015.

11 Exhibit 3441-X0035, TAC letter to AUC re request for destruction Dec 17 evidence, June 5, 2015.

12 Exhibit 3441-X0038, TCE LT AUC re TCE Response to AESO, June 11, 2015.

13 Exhibit 3441-X0040, AUC letter re TCE request to file revised evidence, June 15, 2015.

http://www.auc.ab.ca/applications/decisions/Decisions/2015/20417-D01-2015.pdf



16. Subsequent to receiving argument and reply argument from the AESO and TCE, on July

24, 2015, the Commission requested clarification from both parties regarding certain confidential

information filed by them.14 On August 6, 2015, both the AESO and TCE filed responses to the

Commission’s request on a confidential basis. The Commission considers that the record for

Proceeding 3441 closed on August 6, 2015.

17. In reaching the determinations contained within this decision, the Commission has

considered all relevant materials comprising the record of this proceeding. Accordingly,

references in this decision to specific parts of the record are intended to assist the reader in

understanding the Commission’s reasoning relating to a particular matter and should not be taken

as an indication that the Commission did not consider all relevant portions of the record with

respect to that matter. The evidence considered includes the information submitted by parties that

the Commission has already ordered in this proceeding to be kept confidential and not placed on

the public record under the confidentiality provisions of AUC Rule 001.

3 Relevant statutory and regulatory provisions

18. The regulatory framework in Alberta governing reliability standards is prescribed in the

Electric Utilities Act and the Transmission Regulation made under Section 142(1)(1.1) of the

Act. The applicable part of Section 19(1) of the Transmission Regulation provides that the

reliability standards that apply in Alberta include those of the North American Electric

Reliability Council to the extent that those are adopted by the ISO in accordance with

subsections (4) and (5).

19. Subsection 19(4) specifies that before adopting or making reliability standards, the ISO

must consult with those market participants that it considers likely to be directly affected and

forward the proposed reliability standards to the Commission for review, with the ISO’s

recommendation that the Commission approve or reject them. Subsection 19(5) imposes a

requirement for Commission approval of the proposed reliability standards “subject to subsection

(6).”

20. Pursuant to Subsection 19(6) of the Transmission Regulation, the Commission must

follow the recommendation of the ISO to either approve or reject proposed reliability standards

unless an interested party satisfies the Commission that the recommendation is technically

deficient or not in the public interest.

Reliability Standards […] 19(5) Subject to subsection (6), the Commission must approve or refuse to approve the

reliability standards, agreements, criteria or directives, and must inform the ISO of its

decision.

(6) The Commission must follow the recommendation of the ISO that the Commission

approve or reject the proposed reliability standards, agreements, criteria or directives

unless an interested person satisfies the Commission that the ISO’s recommendation is

(a) technically deficient, or

14

Exhibit 3441-X0050, AUC cover letter re AUC IRs to AESO and TCE, July 24, 2015.



(b) not in the public interest.

21. Subsection 21(3) also prescribes that when the ISO participates in the adoption or

modification of reliability standards, the ISO must consider whether the standards are capable of

applying in Alberta, and ensure, to the extent reasonable, that any new or modified standard that

will apply in Alberta will not require a material change in the framework for the market for

electric energy.

Reliability standards adoption, publication and modification

[…]

21(3) When the ISO participates in the development, adoption or modification of

reliability standards, the ISO must

(a) consider whether the standards are capable of applying in Alberta, and

(b) ensure, to the extent reasonable, that any new or modified standard that

will apply in Alberta will not require a material change in the framework

for the market for electric energy.

4 2BCommission findings and decision

4.1 Confidentiality requests

22. During the course of Proceeding 3441, several requests were made to the Commission

seeking to have certain portions of filed evidence, information requests and responses and

references to such information in arguments and submissions kept confidential and dispensing

with the usual requirement for such information to be placed on the public record. During the

course of this proceeding, the Commission made several rulings, filed on the public record,

granting confidentiality requests.

4.1.1 Commission findings regarding confidentiality

23. Based on its consideration of all of the evidence now filed, its review of the information

sought to be kept confidential and the submissions made to it, the Commission confirms and

extends its previous rulings that the redacted materials and documents submitted on a

confidential basis shall be kept confidential and not be placed on the public record in accordance

with Section 13.4(b) of AUC Rule 001: Rules of Practice.

4.2 Technically deficient

24. One of TCE’s original grounds for objection was that the CIP Standards were technically

deficient in satisfaction of the requirement in Section 19(6) of the Transmission Regulation. TCE

submitted in its SIP that the criteria in the CIP Standards that designates the Sundance generation

facility as a medium impact asset are deficient in the context of the Alberta system and that the

CIP Standards in this regard may not be applicable in Alberta.15

15

Exhibit 0003.01, TransCanada Rule 001 Section 24 response to notice, October 21, 2014.



25. While the AESO responded that the CIP Standards were not deficient in this regard, the

AESO also said that it did not understand that any interveners were taking the position that the

CIP Standards are technically deficient and so limited its argument to public interest issues.16

4.2.1 Commission findings regarding the objection that the CIP Standards are technically

deficient

26. The Commission finds that TCE did not provide cogent evidence satisfying the

Commission how or where the CIP Standards were likely to prove technically deficient. As a

result, the Commission is not satisfied that the AESO’s recommendation to approve the CIP

Standards is technically deficient.

4.3 Not in the public interest

27. In its written argument, TCE took issue with the proposed two-year effective date

imposed for compliance respecting medium impact assets under the CIP Standards but appeared

to concede that they are otherwise in the public interest. TCE stated:

There is little doubt that adoption of the CIP Standards in Alberta is important and is ultimately

in the public interest. TCE agrees that, in balancing TCE’s position with the public interest, the

Commission must exercise a high degree of discretion. However, the AESO has provided no

factual basis to justify its insistence on a 2-year effective date.17

28. The Commission notes that the Transmission Regulation by Section 19(4), requires only

that the AESO consult with market participants and forward to the Commission the AESO’s

recommendation to approve the NERC reliability standard that the AESO proposes to adopt.

Under Section 19(6), TCE faces the statutory presumption that the AESO’s recommendation is

to be found in the public interest without requiring any evidence from the AESO.

4.3.1 Not in the public interest due to the implementation period

29. The AESO indicated that Alberta currently does not have any standards in place that

specifically apply to cyber systems. The AESO further asserted that having regard for the current

state of protection from potential cyber attacks and the risks associated with operating without

the CIP Standards in place, the timeframe for implementing the CIP Standards is reasonable,

appropriate and in the public interest.18

30. In its evidence, TCE said that to achieve compliance with the CIP Standards, some of the

work would have to be completed during plant outages, and that TCE expected that the two-year

implementation period would require additional outages.19

31. In evidence, TCE acknowledged that in some respects, the AESO’s proposed two-year

implementation period is consistent with the NERC standards that were approved by the Federal

Energy Regulatory Commission (FERC); however, TCE identified three fundamental differences

that substantiate a longer implementation period:

16

Exhibit 3441-X0045, AESO Written Argument, June 26, 2015, page 6, paragraph 13. 17

Exhibit 3441-X0044, TCE Written Argument, June 26, 2015, page 10, paragraph 31. 18

Exhibit 3441-X0030, AESO Written Evidence, April 30, 2015, page 6, paragraph 18. 19

Exhibit 3441-X0041, TCE Motion for Confidential Treatment and Revised Evidence, June 15, 2015, page 2,

paragraph 4.



(a) the CIP Standards are new to Alberta, whereas they are not for FERC-

jurisdictional entities that were given three years to comply with version 1 and

two years to comply with the current version of similar CIP Standards;

(b) NERC plans to develop transitional guidance documents and a compliance

program to assist responsible entities; and,

(c) prior to approving the implementation period, FERC sought comment from

responsible entities, and approved the two-year period for medium impact assets

on the basis of those comments.20

32. The AESO reiterated that unlike in other jurisdictions, where responsible entities are

transitioning from a previous version of CIP Standards to a new and more robust version, Alberta

does not currently have any standards in place that specifically apply to cyber systems and

assets.21 The AESO further submitted that the proposed implementation dates are reasonable and

appropriate given the nature of the threat being addressed by the CIP Standards and the severity

of the risk to the reliability of the AIES (Alberta Interconnected Electric System) in the absence

of the CIP Standards.22

4.3.2 Not in the public interest due to costs

33. TCE asserted that as a PPA buyer for the Sundance generation facility, “[a]s per the

“change in law” provisions of the PPAs, TCE may be subject to a portion of the costs associated

with establishing and maintaining compliance with the CIP Standards when they are effective.”23

34. TCE submitted that it is also concerned with the lost opportunity costs of an additional

outage and particularly concerned with the increased compliance costs associated with a two-

year effective date.24 TCE also said that as a PPA buyer, it is not privy to the same level of detail

as a PPA owner regarding the costs to comply with the CIP Standards.25

35. The AESO submitted that as there are no standards in place specific to the protection of

Alberta’s bulk electric system from cyber attacks, it would be contrary to the public interest to

delay implementation of the CIP Standards even if it could be demonstrated that there would be a

cost savings associated with a delay.26

36. The AESO argued that “TCE has provided only an estimate of its potential lost

opportunity costs if an additional outage is required to implement the CIP Standards.”27 The

AESO continued that any potential incremental costs or lost opportunity costs may be avoided if

a variance is applied for and granted in accordance with the requirements of the CIP-SUPP

reliability standard.28

20

Exhibit 3441-X0041, TCE Motion for Confidential Treatment and Revised Evidence, June 15, 2015, pages 2-4,

paragraphs 5-8. 21


Ibid., page 3, paragraph 8. 23

Exhibit 3441-X0041, TCE Motion for Confidential Treatment and Revised Evidence, June 15, 2015, page 2,

paragraph 3. 24

Exhibit 3441-X0048, TCE Written Reply Argument, June 26, 2015, page 2, paragraph 7. 25

Ibid., June 26, 2015, page 2, paragraph 8. 26

Exhibit 3441-X0045, AESO Written Argument, June 26, 2015, page 7, paragraph 17. 27


Ibid., page 8, paragraph 20.



37. The AESO also submitted that “TCE has not demonstrated that transitioning from a

former version of the CIP Standards requires less IT or compliance work than what would be

required to adopt the NERC v. 5 CIPs from the outset … and that this should not be assumed in

absence of any evidence.”29

4.3.3 Not in the public interest due to a lack of interpretative guidance

38. TCE submitted that there is a risk that the AESO may interpret certain CIP Standard

requirements differently than the responsible entity and maintained that this creates an

interpretation risk.30 TCE stated that the AESO has not taken any material steps to mitigate the

interpretation risk as there are no CIP interpretation documents available in Alberta.31

39. The AESO submitted that it is working with the responsible entities to determine how it

might provide an appropriate amount of support in implementing the CIP Standards. The AESO

stated that it “will seek input from stakeholders in the development of its compliance monitoring

program, and plans to hold industry sessions regarding this program in accordance with its

normal practices.”32 The AESO further submitted that compliance and audit issues are irrelevant

to the issue of whether the CIP standards are in the public interest.33

4.3.4 Commission findings regarding the objection that the CIP Standards are not in the

public interest

40. To the extent possible, on the basis of the limited evidence presented to it, the

Commission has considered the implementation costs associated with the different

implementation periods proposed by the AESO and TCE. This is particularly important in this

case where it is the PPA owners who will be responsible for ensuring that each generation unit is

compliant with the CIP Standards. The generation unit owner’s choice of means to achieve

compliance is somewhat discretionary; however, such choices may well significantly affect the

welfare of any PPA buyers.

41. TCE has submitted evidence saying only that it is possible that the AESO’s proposed

two-year implementation period may increase the costs for TCE and other PPA buyers because

this may require more unplanned outages, possibly leading to negative consequences for the

competitiveness of the market and for reliability of Alberta’s electrical system. TCE is clear that

many of its concerns are speculative. TCE explains that this is largely because with the relevant

generating units, TCE is a PPA buyer, and it is the PPA owner that is responsible for compliance

with the CIP Standards. This makes it difficult for TCE to have direct knowledge of the actions

that may be required or preferred by the generation unit owner as it brings its assets into

compliance with the CIP Standards. As a result, the aggregate costs of compliance for both TCE

and the public, remain a matter of conjecture.

42. The Commission concludes that the AESO is in a better position to determine the risks

facing the AIES and response times warranted in this case, while the CIP Standards are not in

force. The AESO has stated on the record of this proceeding, that based on the risks and the

costs, a two-year implementation period is reasonable, appropriate and in the public interest.

Based on the speculative nature of the risks and costs associated with implementing the

29

Exhibit 3441-X0047, AESO Reply Argument, July 9, 2015, page 4, paragraph 6. 30

Exhibit 3441-X0034, TCE Rebuttal Evidence, June 3, 2015, page 4, paragraph 13. 31



Exhibit 3441-X0047, AESO Reply Argument, July 9, 2015, page 5, paragraph 10.



implementing the CIP Standards, as put forward by TCE, the Commission is not persuaded that

it should reject the AESO’s assertion that a two-year implementation period is necessary. The

Commission finds that no interested person has satisfied the Commission that the AESO’s

recommendation to approve the CIP Standards is not in the public interest.

4.4 Inconsistent with Section 21(3) of the Transmission Regulation

43. While TCE appeared to concede that adoption of the CIP Standards would not require a

material change to the framework for the electricity market, it maintained that the proposed two-

year effective date does not reflect the circumstances of their implementation in Alberta34 and,

thus inconsistent with Section 21(3) of the Transmission Regulation35 – presumably implying

that this aspect of the CIP Standards is not capable of applying in Alberta.

44. The AESO asserted that the CIP Standards are based on the NERC Version 5 CIP

Reliability Standards and contain variances that modify them to ensure that the CIP Standards

are capable of applying in Alberta and do not require a material change to the framework of the

market for electrical energy.36


inconsistent with Section 21(3) of the Transmission Regulation

45. Section 21(3)(a) of the Transmission Regulation requires the AESO to consider whether

the proposed CIP Standards are capable of applying in Alberta. It is evident to the Commission

that in adapting the CIP Standards from the NERC Version 5 CIP reliability standards, the AESO

has given substantial consideration to the capability of the CIP Standards to apply in Alberta.

The Commission finds that no contravention of Section 21(3)(a) of the Transmission Regulation

has been proved that might render the AESO’s recommendation to approve the CIP Standards

not in the public interest. Further, TCE does not suggest, and the Commission is not persuaded,

that the AESO’s adoption of the CIP Standards will require a material change in the framework

for the market for electric energy under section 21(3) (b).

46. The Commission also finds that the AESO’s application provides satisfactory evidence of

sufficient AESO consultation with those market participants that it considers likely to be directly

affected by the CIP Standards. Accordingly, pursuant to Section 19(6) of the Transmission

Regulation, the Commission approves the CIP Standards contained within Application 1610881,

in accordance with the recommendations of the ISO. The Commission advises that the CIP

Standards will be effective as follows:

Table 1. Effective date

Reliability standards Effective date

CIP-002-AB-5.1,

CIP-003-AB-5 (except R2),

CIP-004-AB-5.1,

CIP-005-AB-5,

Approved, effective October 1, 2017.

34

Exhibit 3441-X0044, TCE Written Argument, June 26, 2015, page 5, paragraph 16. 35


Exhibit 3441-X0030, AESO Written Evidence, April 30, 2015, page 1, paragraph 3.



CIP-006-AB-5,

CIP-007-AB-5,

CIP-008-AB-5,

CIP-009-AB-5,

CIP-010-AB-1,

CIP-011-AB-1 and

CIP-PLAN-AB-1

R2 of CIP-003-AB-5 Approved, effective October 1, 2018.

Dated on September, 14, 2015.


(original signed by)

Tudor Beattie, QC

Panel Chair


Bill Lyttle

Commission Member


Henry van Egteren

Commission Member



APPENDIX 1 – PROCEEDING PARTICIPANTS

Name of organization (abbreviation) counsel or representative

Alberta Electric System Operator (AESO or ISO)

Allison Sears – Stikeman Elliot LLP Brandon Mewhort – Stikeman Elliot LLP

ATCO Power Canada Ltd. Horst Klinkenborg Akira Yamamoto

Capital Power Corporation (Capital Power)

Elizabeth Farthing

Epcor Distribution & Transmission In.

Jay Baraniecki

TransAlta Corporation (TransAlta)

Laura Marie Berg Bernette Ho – Norton Rose Fullbright Canada LLP

TransCanada Energy Ltd. (TCE)

Steven Kley Mark Thompson

Alberta Utilities Commission Commission panel Tudor Beattie, QC, Panel Chair Bill Lyttle, Commission Member Henry van Egteren, Commission Member Commission staff

John Petch, Commission Counsel Greg Andrews, Market Analyst



APPENDIX 2 – ABBREVIATIONS

Abbreviation

Name in full

AESO Alberta Electric System Operator

AIES Alberta Interconnected Electric System

AUC Alberta Utilities Commission

BES bulk electric systems

Capital Power Capital Power Corporation

CIP Critical Infrastructure Protection

CIP-SUPP Cyber Security – Supplemental CIP Alberta Reliability

Standard CIP-SUPP-001-AB

CIP Standards Critical Infrastructure Protection Alberta reliability

standards

FERC Federal Energy Regulatory Commission

NERC North American Electric Reliability Corporation

PPA power purchase agreement

SIP statement of intent to participate

TransAlta TransAlta Corporation

TCE TransCanada Energy Ltd.

alberta electric system operator - auc · cyber security – system security management...

Documents