This comment form is no longer interactive because the comment period is closed.

2016-02 Modifications to CIP Standards | Proposed Definition of Control Center

Description:

Start Date: 08/14/2017
End Date: 09/12/2017

Associated Ballots:

Ballot Name Project Standard Pool Open Pool Close Voting Start Voting End

Filter:

Hot Answers

We agree with the concept of aligning with PER-005-2 with two exceptions. First, the existing language for PER-005-2 has become somewhat outdated because it does not comprehend renewable energy such as wind and solar. A wind farm is not a plant site, but personnel for a wind farm should be excluded too. Second, the language for generator operator was changed from “may develop” to “have the capability to develop.” Consider, “and develops”.
 

Annette Johnston, On Behalf of: Annette Johnston, , Segments 1, 3

- 0 - 0

Tacoma Power supports the comments of APPA.

Marc Donaldson, On Behalf of: Tacoma Public Utilities (Tacoma, WA), , Segments 1, 3, 4, 5, 6

- 0 - 0

Other Answers

The California ISO supports the comments of the Security Working Group (SWG)

Richard Vine, On Behalf of: Richard Vine, , Segments 2

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

PER-005-2 does not use Real-time reliability related tasks when referring to a GOP.  The proposed definition implies these tasks exist.  A GOP does not perform a Real-time reliability related task.  Therefore, no GOP would have a Control Center that meets the definition.

Matthew Beilfuss, On Behalf of: WEC Energy Group, Inc., MRO, RF, Segments 3, 4, 5, 6

- 0 - 0

The Control Center definition should only define a physical location where Real-time Bulk Electrical System (BES) reliability related operating tasks are performed.  It also can include, but cautiously, information on personnel that a Control Center houses, however it should not attempt to define these personnel,  either System Operators or operating personnel.

If it is the intention of the SDT to define operating personnel of a Transmission Owner (TO) performing the Real-time reliability-related operating tasks of a Transmission Operator and Generator Operator (GOP) operating personnel, then a separate term needs to be defined to identify these individuals.

Data centers usually do not host personnel and the proposed Control Center definition needs to be modified to account for this.

In the context of the proposed definition of Control Center, in the Generator Operator section, the term “direction” is used, “Operating Instruction” is already a defined term and should be used instead of “direction”.  Also, the term “capability” is used and is inaccurate, many individuals have the capability to modify a generator, i.e. IT/OT personnel, however, few have the authority; “capability should be modified to “authority”. 

The following is suggested:

Control Center: One or more facilities that monitor and control the Bulk Electric System and host System Operators and Operating Personnel who perform the Real-time operating reliability related-tasks, and includes the associated data centers, of:

1) a Reliability Coordinator,

2) a Balancing Authority,

3) a Transmission Operator for Transmission Facilities at two or more locations,

4) a Transmission Owner performing the delegated Real-time reliability-related operating tasks of a Transmission Operator at two or more locations or

5) a Generator Operator for generation Facilities at two or more locations.

Operating Personnel:  An individual at a Control Center of a Transmission Owner or Generator Operator who perform the Real-time operating reliability related-tasks as follows:

  1. For a Transmission Owner these individuals would be personnel who can act independently and have the authority to operate or direct the operation of the Transmission Owner’s Bulk Electric System Transmission Facilities in Real-time.

    2. For a Generator Operator these individuals would be personnel who receive Operating Instructions from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and have the authority to develop and direct specific dispatch instructions for plant operators under their control. These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay Operating Instructions and dispatch instructions without making any modifications.

George Brown, On Behalf of: Acciona Energy North America, , Segments 5

- 0 - 0

Leonard Kula, On Behalf of: Independent Electricity System Operator, , Segments 2

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

Agree with the alignment but not the specific wording

Request clarification of the Transmission Owner’s “field switching personnel,” for this definition. This term was not explained well in PER-005.

Request clarification of the Generation Operator – “have the capability to develop specific dispatch instructions.” Should this be the capability to issue instead of capability to develop?  The word “capability” is too generic.  Suggest that the phrase be changed to “authority to develop or modify the specific dispatch instructions” since authority is related to the generator operating personnel and not the control systems.

Suggest that the phrase “These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications.” Be modified to “These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay verbal dispatch instructions without making any modifications.”  This would clarify that this is related to the generator operating personnel and not the

FMPA, Segment(s) , 8/2/2017

- 0 - 0

The NSRF has great concerns with the wording of “...having the capability…”  This wording is ambiguous since everyone has the “capability” to do develop dispatch instructions even if they are not authorized to do so.  Recommend that “having the capability” be changed to “have the authority”.  This clearly states that the GOP can make said adjustments.

For Generator Operators, the operating personnel above consist of dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and have the capability to develop specific dispatch instructions for plant operators under their control. This personnel does not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications. 

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Texas RE appreciates the Standard Drafting Team’s (SDT) effort to clarify the Control Center definition within the overall project scope set forth in the governing Standards Authorization Request (SAR).  While Texas RE does not necessarily object to these clarifications and understands that the SDT’s intent is not to substantively alter the Control Center definition as it is currently applied to registered entities, Texas RE is concerned that the overall project may increase confusion around the application of the Control Center definition across the industry. 

 

As an initial matter, Texas RE notes that there are a number of areas in which there is a clear need for further clarity regarding the use of the term “Control Center.”  Texas RE has identified several standards using descriptors such as primary and backup, several standards where the term control center is not capitalized, and standards with confusion regarding the TO acting as TOP.  Texas RE respectfully requests that the SDT consider these additional applications and scenarios as part of a more comprehensive review of the “Control Center” definition.

 

For example, EOP-008 refers to functionality at an entity’s “primary control center” and “backup control center.”  In either case, the term “control center” is not capitalized and therefore does not appear to refer to the defined term.  In contrast, IRO-002-5 R2 and R3, in parallel with TOP-001-4 R23 and 24 reference “primary Control Centers.”  Here, the reference is to the defined “Control Center” term, but there is no defined understanding in the standards of what constitutes a primary Control Center.  It seems that the new definition removes the need for descriptors such as “primary” and “back up”.   

 

The following standards use the term control center, which is not capitalized: BAL-005-0.2b, BAL-006-2, CIP-014-2, COM-001-3, EOP-008-1, EOP-008-2, and FAC-003-4.

 

Texas RE is supportive of a more narrowly focused effort to correct the obvious NERC Registration issues with the “TO acting as a TOP” issue.  Most importantly, TOP is a certified function and the fact that TOs are acting as a TOP without the requisite certification is a potential reliability gap that should be taken more seriously by the ERO. The following Standards/Requirements do not adequately cover TOs acting as a TOP:

  • COM-001-3 R12:  Field personnel are called out for having communication capability but are excluded in the definition of Control Center.  This will create confusion and inconsistent implementation of applicability. 
  • IRO-002-5 R2: TOs acting as TOPs may be considered only if the RC “deems necessary”.  It is apparent that the establishment of compliance obligations that are contingent on non-definitive terms such as “deems necessary” with no specificity or criteria do not occur in a consistent manner.  This leads to poor communication and reliability gaps due to compliance concerns (or compliance postures where a company, in this example an RC, does not want to place a compliance burden on a company due to the political nature of such an act). 
  • CIP-014-2 in its entirety missed a “TO acting as a TOP” partially because that condition is not fully recognized and the term “Control Center” is lower cased.  Does the SDT believe there is a difference between the proposed definition and the lower-case term?  If so, what is it?

 

Beyond these scoping issues, Texas RE is concerned that the proposed clarifications may inadvertently introduce more ambiguity into the Standard in two areas.  First, the “Control Center” definition continues to hinge on the concept of a facility that “hosts” operating personnel.  Texas RE has consistently interpreted this language to describe the intended functionality of a facility and not to imply any current staffing levels or operations.  That is to say, the fact that a Control Center operating as an entity’s backup facility is not currently hosting operating personnel does not mean that facility is not a “Control Center” under the definition.  Although the proposed revisions do not appear intended to alter this common sense interpretation, the introduction of the conjunctive “and” could possibly lead entities to conclude that until a Control Center is actually hosting operating personnel, the mere fact that it can monitor and control the Bulk Electric System does not render that facility a “Control Center” as defined.  Texas RE requests that the SDT clarify that facilities that have the purpose of hosting operating personnel are subject to the Control Center definition, regardless of whether they have done so or not.

 

Second, Texas RE notes that the proposed “Control Center” definition could be interpreted to limit Generator Operator “Control Centers” subject to the definition.  In particular, the SDT has elected to fold training requirements for Generator Operator personnel into the Control Center definition, presumably to provide clarity around the scope of facilities that “host operating personnel.”  Texas RE noticed the proposed description of GOP operating personnel utilizes the description of dispatch personnel in PER-005-2.  Texas RE requests the SDT evaluate the tasks for each dispatch personnel and operating personnel to determine whether or not this is appropriate.  Folding this training requirement directly into the Control Center definition may result in further confusion.  In Texas RE’s experience, numerous GOPs have the capability to develop dispatch instructions and may take various actions in response to requests from their Reliability Coordinators or Transmission Operators, including altering their voltage profile or Real power output.  It is not clear in what circumstances these constitute “developing dispatch instructions.”  A better approach may be to clarify that operating personnel include persons that “are capable of developing dispatch instructions” to reduce ambiguity about the scope of the Control Center definition as it pertains to the internal operating procedures of specific Generator Operators.

Rachel Coyne, On Behalf of: Texas Reliability Entity, Inc., , Segments 10

- 0 - 0

SCL supports the APPA submitted comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Daniel Gacek, On Behalf of: Exelon, , Segments 1, 3, 5, 6

- 0 - 0

Santee Cooper, Segment(s) 1, 9/8/2017

- 0 - 0

  1. NCPA agrees with the SDT decision to align the operating personnel in the Project 2016-02 Standard with personnel identified in Reliability Standard PER-005-2. While the alignment is appropriate, NCPA believes that some wording needs to be clarified.

     

  2. The term, “field switching personnel,” used in the draft control center definition, is not well explained in PER-005-2. Therefore, this term needs to be clarified for use in the CIP Standards.

     

  3. NCPA requests clarification regarding the language associated with Generation Operator (GOP) – that the GOP, “have the capability to develop specific dispatch instructions.” Specifically, is “capability” referring to the capability to issue instructions, or is it the capability to develop instructions? The use of the word “capability” here is too generic and NCPA suggests changing it to, “authority to develop or modify the specific dispatch instructions,” since authority is related to the generator operating personnel and not the control systems.

     

  4. NCPA requests that the phrase, “These personnel do not include plant operators located at a generator plant site, or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications,” be changed to “These personnel do not include plant operators located at a generator plant site, or personnel at a centrally located dispatch center who relay verbal dispatch instructions without making any modifications.” This would clarify that this is related to the generator operating personnel and not the control systems.

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

To better ensure alignment with PER-005-2, AZPS suggests clarifying the term Real-time reliability-related tasks as utilized in the definition.  An amendment to the first sentence of the definition similar to the following is recommended:

One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) and host operating personnel who perform Real-time reliability-related tasks identified by the Responsible Entity as part of its systematic approach to training under the Operations Personnel Training standard, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for Transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.

An additional possible revision could be:

One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) and host operating personnel who perform Real-time reliability-related tasks of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for Transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.  Real-time reliability-related tasks are those tasks identified by the Responsible Entity as part of its systematic approach to training under the Operations Personnel Training standard.

Alternatively, AZPS suggests that the SDT define “Real-time reliability-related tasks” in the glossary of terms.

Vivian Moser, On Behalf of: Vivian Moser, , Segments 1, 3, 5, 6

- 0 - 0

Dominion generally agrees with the alignment to PER-005-2. Dominion has concerns that one of the requirements of PER-005-2 is to “create a list of BES company-specific Real-time reliability-related tasks based on a defined and documented methodology”.  This clause results in the proposed definition being dependent on the execution of PER-005-2, and can vary from one Entity to another.  Also, the phrase “Real-time reliability-related tasks” is not specifically used in reference to Generator Operators in PER-005-2.

Dominion suggests the following changes to the proposed defintion to resolve this issue:

One or more facilities, including their associated data centers, of an RC, BA, TOP, TO, GOP that monitor and control the Bulk Electric System (BES) and host operating personnel who  perform Real-time reliability-related tasks of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for Transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.have the capability to operate or direct in Real-time the operation of Bulk Electric System Transmission Facilities at two or more locations or have the capability to direct specific dispatch instructions to plant operators or plant control systems for generation Facilities at two or more locations.

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

Amy Folz, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 1, 3, 5, 6

- 0 - 0

AEP suggests the SDT should consider making the argument that the Real-time Reliability Tasks that the personnel and Cyber Assets can perform comprise the rationale for making the change.
 

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

Public Utility District No. 1 of Cowlitz County (District) supports APPA comments.

In addition, the District believes the intent is to exclude personnel having no system wide awareness and who manually operate BES Facilities on location, while including personnel who perform autonomous (“independent”) centralized reliability monitoring and remote control (via “Real-time” SCADA) for two or more discrete Transmission Facilities located at unique addresses on behalf of a registered TOP. While the District agrees with basing operating personnel qualification on the applicability language in PER-005-2 in part, it is not clear if a Control Center is inclusive of a room containing dispatch personnel who can only perform local reliability operations which do not impact or concern the covering Transmission Operator’s greater system.  The District seeks greater clarification. In particular, it is not clear if autonomous directives related to public safety or quality of service, such as clearing transmission segments compromised by weather or traffic accidents, are inclusive within the undefined term “reliability.” 

Further, it is not clear what operational aspect of a Transmission Owner’s central control room raises it to the status of a Control Center; note that PER-005-2 avoids associating a TO with a Control Center and performing “tasks of a Transmission Operator.”  In the case of the “TO Control Center,” it appears the intent is to limit inclusion to those control rooms containing personnel tasked by the registered TOP to autonomously address events meeting a list of PER-005-2 “BES company-specific Real-time reliability-related” tasks that align with the covering TOP’s Reliable Operation obligation. This will depend on how the TO defines a “BES company-specific Real-time reliability-related task,” and assuming Enforcement agrees.  If Enforcement finds the entity in violation of PER-005-2 Requirement R2, this may create double jeopardy with the CIP standards.  However, the intent could conversely imply the inclusion of control rooms that have the ability (sans authority) to independently impact the covering TOP’s obligation to Reliably Operate the BES.  The District requests the SDT clarify the intent, and submits a possible solution in question 4.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

We have great concerns with the wording of “...having the capability…”.  This wording is ambiguous since everyone has the “capability” to do develop dispatch instructions even if they are not authorized to do so.  Recommend that “having the capability” be changed to “have the authority”.  This clearly states that the GOP can make said adjustments.

For Generator Operators, the operating personnel above consist of dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and have the capability to develop specific dispatch instructions for plant operators under their control. These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications.

While including personnel roles executed helps to clarify what is and what isn’t a Control Center, the definitions of those roles should be standalone in the NERC Glossary of Terms. I.E. “Operating Personnel” should have its own definition and be used as a defined term in the Control Center definition.

Thomas Breene, On Behalf of: WEC Energy Group, Inc., , Segments 3, 4, 5, 6

- 0 - 0

Louisville Gas and Electric Company and Kentucky Utilities Company, Segment(s) 3, 5, 6, 4/13/2017

- 0 - 0

Per the NSRF: the proposed definition of Control Center.  The largest issue is the last paragraph concerning a Generating Operator.  The use of the word “capability” is ambiguous and will confuse Registered Entities and CEAs, a like.  The SDT should consider the approved Applicability within PER-005-2 part 4.1.5.1, which reads:

 

 Dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and may develop specific dispatch instructions for plant operators under their control. These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications.

 

This aligns with current and understood wording of PER-005-2.

Are the noted “Real-time reliability related- tasks” within the proposed definition, the same “Real-time Reliability-related task prescribed in PER-005-2?  If so, please state this in your consideration of comments document and within your guidance document.

 

 

sean erickson, On Behalf of: Western Area Power Administration, , Segments 1, 6

- 0 - 0

Theresa Rakowsky, On Behalf of: Theresa Rakowsky, , Segments 1, 3, 5

- 0 - 0

The SRC & ITC SWG agrees with the creation of a new standard, rather than expanding CIP-003, CIP-005 and/or CIP-006 requirements to provide new controls over physical communication links.  Specifically, the SRC & ITC SWG commends the SDT for recognizing that not all utilities own or control their own physical communications links.

 

The SRC & ITC SWG offers the following comments and recommendations.

R1. For data used for Operational Planning Analysis, Real-time Assessments, and Real-time monitoring, as documented by a Reliability Coordinator, Transmission Operator, or Balancing Authority, the Responsible Entity shall develop one or more documented plan(s) to mitigate the risk of the unauthorized disclosure or modification of the data while it is being transmitted between Control Centers. This excludes oral communications, regardless of transport means.

The note to R1 concerning the existence of a Control Center or specified data should be a dealt with in Section 4 – Applicability part of the Standard.    This would eliminate the need for this to be discussed as part of the RSAW.

Recommend that it be clarified whether this is a standalone Standard similar to CIP-014 or if it is intended to define the scope of applicable systems to be protected under CIP-003 thru CIP-011.

In order to evaluate the extent and kind of obligation involved, the definition of between control centers needs to be clearer with regard to the communication link. The Standard should address the proper demarcation points for obligation to show implementation and compliance. To clearly define the obligation of Responsible Entities, the required plan should include identification of the demarcation points. Information is also needed on the explicit agreements required on each end of the physical communication link to arrange and identify such demarcation. Where there is disagreement on how protections are to be applied between two or more Responsible Entities, what is the arbitration process to resolve these disagreements?

How is the situation handled where a Responsible Entity (e.g., an RC) is receiving information from a third-party provider that is aggregating and submitting data on behalf of one or more Responsible Entities (e.g., a TOP)? What is the identification of the demarcation points? In reading the standard, it does not appear that the connection to the third-party provider is in scope since they are not a Responsible Entity or even registered with NERC. The same situation may be present for entities that use an outsourced data center provider. The question is also relevant for the data that is provided to regulatory agencies that are not bound by CIP Standards. 

SRC + SWG , Segment(s) 2, 3, 1, 0, 9/11/2017

- 0 - 0

SERC CIPC, Segment(s) 10, 1, 2, 5, 9, 8/19/2016

- 0 - 0

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

The definition is not consistent with PER-005-2 part 4.1.5.1. It uses the statement “have the capability to develop specific dispatch instructions… “, where PER-005-2 part 4.1.5.1. states “may develop specific dispatch instructions…”. There is significant difference between having the capability to do something, versus doing it. The language (i.e.”may” versus “having the capability to”) concerning Generation and Control Centers (a “centrally located dispatch center” in PER-005-2 part 4.1.5.1) has already been settled by industry, through development and approval of PER-005-2. The proposed definition should stay consistent with PER-005-2 part 4.1.5.1. 
 

PSEG REs, Segment(s) 5, 6, 3, 1, 3/6/2017

- 3 - 0

Harold Sherrill, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

ERCOT ISO supports the comments of the ITC SWG.

Elizabeth Axson, On Behalf of: Elizabeth Axson, , Segments 2

- 0 - 0

Request clarification of the Transmission Owner’s “field switching personnel,” for this definition. This term was not explained well in PER-005.

 

Request clarification of the Generation Operator – “have the capability to develop specific dispatch instructions.” Should this be the capability to issue instead of capability to develop?  The word “capability” is too generic.  Suggest that the phrase be changed to “authority to develop or modify the specific dispatch instructions” since authority is related to the generator operating personnel and not the control systems.

 

Suggest that the phrase “These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications.” Be modified to “These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay verbal dispatch instructions without making any modifications.”  This would clarify that this is related to the generator operating personnel and not the control systems

Brian Evans-Mongeon, On Behalf of: Utility Services, Inc., , Segments 4

- 0 - 0

Entergy/NERC Compliance, Segment(s) 1, 5, 3/1/2017

- 0 - 0

Robert Blackney, On Behalf of: Edison International - Southern California Edison Company, WECC, Segments 1, 3, 5, 6

- 0 - 0

SPP Standards Review Group, Segment(s) , 9/11/2017

- 1 - 0

Reclamation supports having the Control Center definition only in the Glossary, rather than contained within other standards.

Wendy Center, On Behalf of: U.S. Bureau of Reclamation, , Segments 1, 5

- 0 - 0

MP agrees with the NATF's concerns with the wording of “...having the capability…”.  This wording is ambiguous since everyone has the “capability” to do develop dispatch instructions even if they are not authorized to do so.  Recommend that “having the capability” be changed to “have the authority”.  This clearly states that the GOP can make said adjustments.

 

For Generator Operators, the operating personnel above consist of dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and have the capability to develop specific dispatch instructions for plant operators under their control. These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications.

Jamie Monette, On Behalf of: Allete - Minnesota Power, Inc., , Segments 1

- 0 - 0

NRECA requests additional clarity to be added to the draft revised Control Center definition.  Specifically, in the third paragraph, second and third line, of the definition, replace “who can act independently to operate …..” with “who have independent authority to operate ……”  This better and more clearly addresses the capability and independent authority issues. 

Barry Lawson, On Behalf of: Barry Lawson, , Segments 3, 4

- 0 - 0

Aaron Ghodooshim, On Behalf of: FirstEnergy - FirstEnergy Corporation, , Segments 1, 3, 4

- 0 - 0

While the inclusion of the language to link the duties to PER-005 make sense, PER-005 also includes Transmission Owner employees who operate local control centers. If the logic holds that PER-005 attributes are linked to these requirements, we believe the omission of Transmission Owners is inappropriate. Even though Transmission Owners are discussed in the third paragraph, they should be listed as number 5) to ensure TO personnel hosted at such a facility would qualify that facility.

 

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

OPG recommend to change the “capability to develop specific dispatch instructions” to “capability to originate or modify and issue specific dispatch instructions”.

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

Laura Nelson, On Behalf of: Laura Nelson, , Segments 1

- 0 - 0

Alternative proposition for GOP:

For Generator Operators, the operating personnel above consist of dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner. These operating personnel only include personnel who can act independently to operate or direct the operation of the Generator Owner’s Bulk Electric System Facilities in Real-time.

 

Normande Bouffard, On Behalf of: Normande Bouffard, , Segments 1, 5

- 0 - 0

Agree with the alignment but not the specific wording

 

This definition of uses the NERC defined term “System Operator”. In the NERC Glossary, the “System Operator” definition uses the term “Control Center.” Request this dependency be addressed.

 

Request clarification of the Transmission Owner’s “field switching personnel,” for this definition. This term was not explained well in PER-005.

 

Request clarification of “who can act independently to operate or direct the operation.” Is this addressing capability or authority?

 

Request clarification of the Generation Operator – “have the capability to develop specific dispatch instructions.” Should this be the capability to issue instead of capability to develop?
 

RSC no Con-Edison and Dominion, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 9/11/2017

- 0 - 0

SRP agrees with the alignment of the Control Center definition with PER-005-2, such as the incorporation of the phrase “Real-time reliability related tasks."

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

BC Hydro, Segment(s) 1, 2, 3, 5, 5/6/2015

- 0 - 0

Douglas Webb, On Behalf of: Great Plains Energy - Kansas City Power and Light Co., SPP RE, Segments 1, 3, 5, 6

- 0 - 0

Southern respectfully disagrees with the approach used by the SDT to re-define the term Control Center based solely on the functions of a facility’s operating personnel (as defined in PER-005-2) rather than based on the reliability impact of the equipment and data associated with the facility.  We believe the proposed definition may result in the unintended consequence of omitting dispatch centers with control over significant amounts of generation because operating personnel in the facility do not modify dispatch instructions they receive from their RC, BA or TOP. 

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

APPA agrees with the SDT decision to align the operating personnel in the Project 2016-02 Standard with the personnel identified in Reliability Standard PER-005-2. While the alignment is appropriate, public power believes that some of the wording needs clarification. 

The term, “field switching personnel,” used in the draft control center definition, is not well explained in PER-005-2. Therefore, this term will need to be clarified for use in the CIP Standards. Specifically, regarding Transmission Owners’ field switching personnel, the term needs clarification to be used effectively in the CIP standards.    

Public power agrees with the comments of the Public Utility District No. 1 of Cowlitz County that, while alignment with PER-005-2 is appropriate for Project 2016-02, further clarity is needed regarding personnel roles. Specifically, it should be made clear that the CIP standard’s intent is to exclude personnel having no system-wide awareness and who manually operate BES facilities on location, while including personnel who perform autonomous reliability monitoring and remote control for a registered Transmission Operator (TOP). Further clarity is needed because, under PER-005-2, it is not clear if Control Center personnel include dispatch personnel who only perform local reliability functions rather than impacting the TOP’s greater system. Therefore, while the alignment with PER-005-2 is appropriate, further clarity is needed to work within the CIP standards and prevent significantly changing BES Cyber System categorization (see question 3).  

 

Additionally, public power requests clarification regarding the language associated with Generation Operator (GOP) – that the GOP, “have the capability to develop specific dispatch instructions.” Specifically, is “capability” referring to the capability to issue instructions, or is it the capability to develop instructions? The use of the word “capability” here is too generic and public power suggests changing it to, “authority to develop or modify the specific dispatch instructions,” since authority is related to the generator operating personnel and not the control systems. 

APPA also suggests that the phrase, “These personnel do not include plant operators located at a generator plant site, or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications,” be changed to “These personnel do not include plant operators located at a generator plant site, or personnel at a centrally located dispatch center who relay verbal dispatch instructions without making any modifications.” This would clarify that this is related to the generator operating personnel and not the control systems. 

Jack Cashin, On Behalf of: American Public Power Association, , Segments 4

- 0 - 0

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI supports the SDT's approach to align the Control Center definition with PER-005-2.  However, AECI requests additional clarity to be added to the draft Control Center definition.  Specifically, in the third paragraph, second and third line, of the definition, replace “who can act independently to operate …..” with “who have independent authority to operate ……”

AECI & Member G&Ts, Segment(s) 1, 6, 5, 3, 4/11/2017

- 0 - 0

Hot Answers

The change in the definition could impact CIP-012 scope.

Annette Johnston, On Behalf of: Annette Johnston, , Segments 1, 3

- 0 - 0

Tacoma Power supports the comments of APPA.

Marc Donaldson, On Behalf of: Tacoma Public Utilities (Tacoma, WA), , Segments 1, 3, 4, 5, 6

- 0 - 0

Other Answers

The California ISO supports the comments of the Security Working Group (SWG)

Richard Vine, On Behalf of: Richard Vine, , Segments 2

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Though the proposed modifciation (adding transmission owner) has the potential to impact how other standards (EOP-004, EOP-008) consider using the NERC defined term in the future.

Matthew Beilfuss, On Behalf of: WEC Energy Group, Inc., MRO, RF, Segments 3, 4, 5, 6

- 0 - 0

From a Generator Operator perspective the proposed definition of Control Center does not.  The Control Center definition should only define a physical location where Real-time Bulk Electrical System (BES) reliability related operating tasks are performed.  It also can include, but cautiously, information on personnel that a Control Center houses, however it should not attempt to define these personnel,  either System Operators or operating personnel.

George Brown, On Behalf of: Acciona Energy North America, , Segments 5

- 0 - 0

Leonard Kula, On Behalf of: Independent Electricity System Operator, , Segments 2

- 0 - 0

No comment.

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

As a CIP standard, most of the commenting will be done by non-operations personnel.  It is a concern that the operational impact will not be identified during the balloting and commenting process.  This may cause unintentional consequences if the definition is approved.

FMPA, Segment(s) , 8/2/2017

- 0 - 0

See question 1.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Please see Texas RE’s comments for #1.

Rachel Coyne, On Behalf of: Texas Reliability Entity, Inc., , Segments 10

- 0 - 0

SCL supports the APPA submitted comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Daniel Gacek, On Behalf of: Exelon, , Segments 1, 3, 5, 6

- 0 - 0

Santee Cooper, Segment(s) 1, 9/8/2017

- 0 - 0

CIP standards typically garner comments from information technology personnel rather than from system operations personnel. This could result in the unintended consequence of potential operational impacts not being appropriately identified during the standard balloting and commenting process.

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Vivian Moser, On Behalf of: Vivian Moser, , Segments 1, 3, 5, 6

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

Amy Folz, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 1, 3, 5, 6

- 0 - 0

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

The District finds the proposed definition as it relates to the registered functions of the RC, BA, TOP, and GOP does not change the original intent and scope.  Further, the proposed definition clarifies “operating personnel” for the RC, BA, and TOP registered functions as System Operators, who are presumably NERC certified (please see question 4).  The District strongly agrees with subjecting registered entities with monitoring and enforcement action as officially registered, and seeks full retirement of the phrase “performing the functional obligations of.”  Rather, the new definition seeks to define TO activities that closely aligns with certain standard requirements placed on the TOP.  The District believes the registered TOP may delegate certain tasks to the TO, but not transfer responsibility.  In this case, where the TO is performing Real-time reliability-related tasks – regardless if autonomous or directed – as defined by “Reliable Operation of the BES” on behalf of its TOP, the term Control Center definitely applies.  Although the District advances improvements in the definition of Control Center, the District fully supports SDT’s definition modification efforts.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

See question 1.

Thomas Breene, On Behalf of: WEC Energy Group, Inc., , Segments 3, 4, 5, 6

- 0 - 0

Louisville Gas and Electric Company and Kentucky Utilities Company, Segment(s) 3, 5, 6, 4/13/2017

- 0 - 0

sean erickson, On Behalf of: Western Area Power Administration, , Segments 1, 6

- 0 - 0

Theresa Rakowsky, On Behalf of: Theresa Rakowsky, , Segments 1, 3, 5

- 0 - 0

SRC + SWG , Segment(s) 2, 3, 1, 0, 9/11/2017

- 0 - 0

SERC CIPC, Segment(s) 10, 1, 2, 5, 9, 8/19/2016

- 0 - 0

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

PSEG REs, Segment(s) 5, 6, 3, 1, 3/6/2017

- 1 - 0

Harold Sherrill, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

ERCOT ISO supports the comments of the ITC SWG.

Elizabeth Axson, On Behalf of: Elizabeth Axson, , Segments 2

- 0 - 0

Brian Evans-Mongeon, On Behalf of: Utility Services, Inc., , Segments 4

- 0 - 0

Entergy/NERC Compliance, Segment(s) 1, 5, 3/1/2017

- 0 - 0

Robert Blackney, On Behalf of: Edison International - Southern California Edison Company, WECC, Segments 1, 3, 5, 6

- 0 - 0

SPP Standards Review Group, Segment(s) , 9/11/2017

- 1 - 0

Reclamation supports having the Control Center definition only in the Glossary, rather than contained within different standards.

Wendy Center, On Behalf of: U.S. Bureau of Reclamation, , Segments 1, 5

- 0 - 0

See question 1

Jamie Monette, On Behalf of: Allete - Minnesota Power, Inc., , Segments 1

- 0 - 0

Barry Lawson, On Behalf of: Barry Lawson, , Segments 3, 4

- 0 - 0

Aaron Ghodooshim, On Behalf of: FirstEnergy - FirstEnergy Corporation, , Segments 1, 3, 4

- 0 - 0

In our opinion, the changes are fraught with problems. First of all, in the NERC definition of System Operator, facilities DO NOT monitor or control the BES, people do. The language as written says otherwise. Second, the inclusion of “and” means a control center must have facilities and people. As automation becomes more prevalent, the definition as written would allow a “control center” that governed thousands (or tens of thousands) of MW of load and/or generation to escape classification as a NERC Control Center if it was completely automated, i.e. hosted no people. (Or even today, the “control center” could be personnel free but operators remotely accessed it.) We feel that when considering cyber security, this hardly seems like a change that supports BES reliability. Finally, if the control center definition is going to be amended, it should be modified to fix the ambiguity regarding Transmission facilities. “Two or more locations” while meaningful and clear when describing substations we believe this makes little to no sense on its face when thinking about lines. If the intent is two or more circuits, then the language should plainly say so.

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

Laura Nelson, On Behalf of: Laura Nelson, , Segments 1

- 0 - 0

Normande Bouffard, On Behalf of: Normande Bouffard, , Segments 1, 5

- 0 - 0

RSC no Con-Edison and Dominion, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 9/11/2017

- 0 - 0

Neither the definition of Control Center proposed by the SDT, nor the definition proposed by SRP in comment #4 affect the scope or intent of any O&P requirements.

SRP agrees with APPA and LPPC that this commenting should not be included along with comments to CIP standards. By doing so, the personnel working exclusively with 693 standards are being excluded and may cause unintentional consequences.

 

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

BC Hydro, Segment(s) 1, 2, 3, 5, 5/6/2015

- 0 - 0

Douglas Webb, On Behalf of: Great Plains Energy - Kansas City Power and Light Co., SPP RE, Segments 1, 3, 5, 6

- 0 - 0

Considering the definition’s proposed alignment with PER-005, Southern does not see a change in the GOP function based on this definition.  

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

Jack Cashin, On Behalf of: American Public Power Association, , Segments 4

- 0 - 0

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI & Member G&Ts, Segment(s) 1, 6, 5, 3, 4/11/2017

- 0 - 0

Hot Answers

One of the fundamental purposes for changing the Control Center definition was so Transmission Owners under certain circumstances could have the responsibilities of a Control Therefore, Responsible Entities who previously did not have a Transmission Control Center could have one with this change in definition. There could be other scenarios too, including generation.

Annette Johnston, On Behalf of: Annette Johnston, , Segments 1, 3

- 0 - 0

Tacoma Power supports the comments of APPA.

Marc Donaldson, On Behalf of: Tacoma Public Utilities (Tacoma, WA), , Segments 1, 3, 4, 5, 6

- 0 - 0

Other Answers

The California ISO supports the comments of the Security Working Group (SWG)

Richard Vine, On Behalf of: Richard Vine, , Segments 2

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

No comment

Matthew Beilfuss, On Behalf of: WEC Energy Group, Inc., MRO, RF, Segments 3, 4, 5, 6

- 0 - 0

From a Generator Operator perspective the proposed definition of Control Center does not.

George Brown, On Behalf of: Acciona Energy North America, , Segments 5

- 0 - 0

Leonard Kula, On Behalf of: Independent Electricity System Operator, , Segments 2

- 0 - 0

TVA believes adoption of the proposed definition provides useful clarification regarding identification of Low Control Centers.

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

This new definition may bring in new assets or change the impact level of existing assets which would change the list of BES Cyber Systems and impact levels

FMPA, Segment(s) , 8/2/2017

- 0 - 0

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, On Behalf of: Texas Reliability Entity, Inc., , Segments 10

- 0 - 0

SCL supports the APPA submitted comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Daniel Gacek, On Behalf of: Exelon, , Segments 1, 3, 5, 6

- 0 - 0

Santee Cooper, Segment(s) 1, 9/8/2017

- 0 - 0

NCPA does not agree with the SDT assertion that there will be no change in BES Cyber System categorization due to the Control Center definition. This new definition may bring in new assets or change the impact level of existing assets which would change the list of BES Cyber Systems and impact levels.

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Vivian Moser, On Behalf of: Vivian Moser, , Segments 1, 3, 5, 6

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

Amy Folz, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 1, 3, 5, 6

- 0 - 0

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

The District supports APPA comment. The current definition draft may pull the District’s low impact dispatch center in as a Control Center if further clarifications are not provided. This is due to possible RE identification of the District’s ability to independently control for public safety as a “Real-time reliability-related TOP task.”  Of note, the District’s covering Transmission Operator’s intent is to remove all TOP Reliable Operation obligation from the District; this assures improved Reliable Operation of the BES by removing a “bucket line” approach to BES critical operations.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

Thomas Breene, On Behalf of: WEC Energy Group, Inc., , Segments 3, 4, 5, 6

- 0 - 0

Louisville Gas and Electric Company and Kentucky Utilities Company, Segment(s) 3, 5, 6, 4/13/2017

- 0 - 0

sean erickson, On Behalf of: Western Area Power Administration, , Segments 1, 6

- 0 - 0

Theresa Rakowsky, On Behalf of: Theresa Rakowsky, , Segments 1, 3, 5

- 0 - 0

The SRC & ITC  SWG also encourages the drafting team to make the requirement forward-looking in regards to contracts currently in place. Provisions should be set for legacy contracts including grandfathering of existing agreements and equipment.  Implementation of controls involving telecommunications providers will require coordination and scheduling to align to the providers’ resource availability and reduce adverse impact on reliability. This should not require renewal and renegotiation of existing contracts until they reach the end of the existing contract period.   

 

It should be noted that it is difficult to determine suitability of the implementation timeline when there are open questions about the viability of available solutions for adequate protections.

 

More time is necessary to allow for coordination with a large number of parties. This will require budgeting, planning, and scheduling with external resources for implementation. It will also require significant testing and validation by parties on both ends of a connection.

 

The SRC & ITC SWG recommends a phased implementation with defined milestones similar to CIP-014. Consider the following:

For creation of the plan, 12 months should be allowed to (1) conduct an impact assessments, (2) identify the approach to be included in the plan, (3) implementation milestones, and (4) implementation schedule. This could identify the communication links that have protections currently in place. The plan could also include identifying all links and protections requiring changes to address service contracts and related relationships to adjust for new protections. The plan could then be approved by an appropriate entity.

For implementation of the plan, additional time should be allowed for budgeting, planning, and scheduling with external resources. This includes planning with other Responsible Entities as well as telecommunications providers. 

SRC + SWG , Segment(s) 2, 3, 1, 0, 9/11/2017

- 0 - 0

SERC CIPC, Segment(s) 10, 1, 2, 5, 9, 8/19/2016

- 0 - 0

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

PSEG REs, Segment(s) 5, 6, 3, 1, 3/6/2017

- 3 - 0

Harold Sherrill, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

ERCOT ISO supports the comments of the ITC SWG.

Elizabeth Axson, On Behalf of: Elizabeth Axson, , Segments 2

- 0 - 0

This new definition may bring in new assets or change the impact level of existing assets which would change the list of BES Cyber Systems and impact levels

 

Brian Evans-Mongeon, On Behalf of: Utility Services, Inc., , Segments 4

- 0 - 0

Entergy/NERC Compliance, Segment(s) 1, 5, 3/1/2017

- 0 - 0

Robert Blackney, On Behalf of: Edison International - Southern California Edison Company, WECC, Segments 1, 3, 5, 6

- 0 - 0

SPP Standards Review Group, Segment(s) , 9/11/2017

- 1 - 0

Wendy Center, On Behalf of: U.S. Bureau of Reclamation, , Segments 1, 5

- 0 - 0

Jamie Monette, On Behalf of: Allete - Minnesota Power, Inc., , Segments 1

- 0 - 0

Barry Lawson, On Behalf of: Barry Lawson, , Segments 3, 4

- 0 - 0

Aaron Ghodooshim, On Behalf of: FirstEnergy - FirstEnergy Corporation, , Segments 1, 3, 4

- 0 - 0

As noted above, and summarized here, the current enforcement is wide ranging and would incorporate for instance a TOP “control center” that had a meaningful potential impact on the BES without regard to the presence or absence of personnel. While the current Standard may not directly mention this, the wide ranging practical enforcement has included a review of any such facilities. However, we believe that the new definition will absolutely provide an opportunity to avoid compliance obligations by ensuring that no personnel are present at the facility relying instead on automation or remote access.

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

Laura Nelson, On Behalf of: Laura Nelson, , Segments 1

- 0 - 0

Normande Bouffard, On Behalf of: Normande Bouffard, , Segments 1, 5

- 0 - 0

This new definition may bring in new assets or change the impact level of existing assets which would change the list of BES Cyber Systems and impact levels.

RSC no Con-Edison and Dominion, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 9/11/2017

- 0 - 0

This new definition may bring in new assets or change the impact level of existing assets which would change the list of BES Cyber Systems and impact levels

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

BC Hydro, Segment(s) 1, 2, 3, 5, 5/6/2015

- 0 - 0

Douglas Webb, On Behalf of: Great Plains Energy - Kansas City Power and Light Co., SPP RE, Segments 1, 3, 5, 6

- 0 - 0

Southern disagrees with the above assertion.  Given the assumption that the term “operating personnel” in the current definition is a point of ambiguity and the focus of these Control Center definition changes, Southern has evaluated potential scenarios where a Facility under the current definition would be considered a Control Center, but under the proposed definition, due to ambiguity and interpretation, might not be considered a Control Center, which could ultimately impact your CIP-002-5.1 impact identification and categorization of BES Cyber Systems.  The strategy of attempting to remove from scope those lower impact Facilities as Control Centers appears to have the potential to scope out larger impact Facilities as well.  We applaud the SDTs efforts in this regard, but recognize that additional discussion and consideration is needed to come up with a better approach to modifying the Control Center definition.

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

APPA does not agree with the SDT assertion that there will be no change in BES Cyber System categorization due to the Control Center definition. This new definition may bring in new assets or change the impact level of existing assets which would change the list of BES Cyber Systems and impact levels. 

If the clarifications APPA (and others) request in question 1 are sufficient, then potentially little or no change in BES Cyber System categorization will occur. However, without adequate clarification, public power believes that there will be significant change in BES Cyber System categorization, should local control rooms become considered as Control Centers. 

 

Jack Cashin, On Behalf of: American Public Power Association, , Segments 4

- 0 - 0

Some entities, registered as Transmission Owners, contract out their Transmission Operator responsibilities but have dispatch centers that are capable of performing tasks on their BES system for safety or maintenance reasons. The current Control Center definition would not automatically classify these dispatch centers as Control Centers. The proposed definition, without clarification, would allow interpretations that may identify these dispatch centers as a Control Center.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

The revised Control Center definition may bring in new assets that would be identified by the revised definition.  Furthermore, assets such as local control centers/dispatch centers that were not previously considered Control Centers could now be identified as medium impact BES Cyber Systems due to the "functional obligations" language that is present in CIP-002-5.1a Attachment 1, Criterion 2.12.

AECI & Member G&Ts, Segment(s) 1, 6, 5, 3, 4/11/2017

- 0 - 0

Hot Answers

As expressed in the comments on question 1, the revised Control Center definition doesn’t adequately address renewable energy sites. Also, the change in wording to add “capability” potentially broadens the scope.

Annette Johnston, On Behalf of: Annette Johnston, , Segments 1, 3

- 0 - 0

Tacoma Power supports the comments of APPA.

Marc Donaldson, On Behalf of: Tacoma Public Utilities (Tacoma, WA), , Segments 1, 3, 4, 5, 6

- 0 - 0

Other Answers

The California ISO supports the comments of the Security Working Group (SWG)

Richard Vine, On Behalf of: Richard Vine, , Segments 2

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

Duke Energy agrees with the proposed changes to the definition of Control Center, but would like to recommend the drafting team consider the following revision to the first sentence in the first paragraph of the definition:

One or more facilities, including their associated data centers, that host operating personnel who monitor and control the Bulk Electric system (BES) by performing Real-time reliability-related tasks of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for Transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.

For Reliability Coordinators, Balancing Authorities, and Transmission Operators, the operating personnel above are System Operators.

For Transmission Owners performing the Real-time reliability-related tasks of a Transmission Operator, the operating personnel above consist of personnel, excluding field switching personnel, who can act independently to operate or direct the operation of the Transmission Owner’s Bulk Electric System Transmission Facilities in Real-time. 

For Generator Operators, the operating personnel above consist of dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and have the capability to develop specific dispatch instructions for plant operators under their control. These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications.

As currently written, the first sentence of the first paragraph of the proposed definition, it seems to imply that it is the Facilities that monitor and control the BES, however, it should actually read that the operating personnel are responsible for monitoring and controlling of the BES. We feel that the above is a more accurate statement, and better reflects the current state of operations.

 

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Adjusting the NERC defined term for Control Center to facilitate the expansion of CIP-002 scope to additional cyber assets is not appropriate. In particular, the inclusion of Transmission Owner and lengthy definition of operating personnel does not belong in the NERC Glossary of Terms.  If a CIP project team identifies a class of cyber assets that can impact the BES (a gap in the existing standards), approaches that expand the definition of a Control Center beyond what is understood by industry potentially limits use of the term in other standards.

Below is a proposed revision, please note we have included the operating personnel of a TO for illustrative purposes, we do not believe it belongs in the Control Center definition.

One or more facilities, including their associated data centers that monitor and control the Bulk Electric System (BES) and host System Operators, or any of the following;

  • operating personnel of a Generator Operator that have the ability to develop specific dispatch instructions for plant operators under their control at two or more locations

  • operating personnel of a Transmission Owner who can act independently to operate or direct the operation of the Transmission Owner’s Bulk Electric System Transmission Facilities in Real-time.

 

Matthew Beilfuss, On Behalf of: WEC Energy Group, Inc., MRO, RF, Segments 3, 4, 5, 6

- 0 - 0

The Control Center definition should only define a physical location where Real-time Bulk Electrical System (BES) reliability related operating tasks are performed.  It also can include, but cautiously, information on personnel that a Control Center houses, however it should not attempt to define these personnel,  either System Operators or operating personnel.

If it is the intention of the SDT to define operating personnel of a Transmission Owner (TO) performing the Real-time reliability-related operating tasks of a Transmission Operator and Generator Operator (GOP) operating personnel, then a separate term needs to be defined to identify these individuals.

Data centers usually do not host personnel and the Control Center definition needs to be modified to account for this.

In the context of the proposed definition of Control Center, in the Generator Operator section, the term “direction” is used, “Operating Instruction” is already a defined term and should be used instead of “direction”.  Also, the term “capability” is used and is inaccurate, many individuals have the capability to modify a generator, i.e. IT/OT personnel, however, few have the authority; “capability should be modified to “authority”. 

The following is suggested:

Control Center: One or more facilities that monitor and control the Bulk Electric System and host System Operators and Operating Personnel who perform the Real-time operating reliability related-tasks, and includes the associated data centers, of:

1) a Reliability Coordinator,

2) a Balancing Authority,

3) a Transmission Operator for Transmission Facilities at two or more locations,

4) a Transmission Owner performing the delegated Real-time reliability-related operating tasks of a Transmission Operator at two or more locations or

5) a Generator Operator for generation Facilities at two or more locations.

Operating Personnel:  An individual at a Control Center of a Transmission Owner or Generator Operator who perform the Real-time operating reliability related-tasks as follows:

  1. For a Transmission Owner these individuals would be personnel who can act independently and have the authority to operate or direct the operation of the Transmission Owner’s Bulk Electric System Transmission Facilities in Real-time.

    2. For a Generator Operator these individuals would be personnel who receive Operating Instructions from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and have the authority to develop and direct specific dispatch instructions for plant operators under their control. These personnel do not include plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay Operating Instructions and dispatch instructions without making any modifications.

George Brown, On Behalf of: Acciona Energy North America, , Segments 5

- 0 - 0

Leonard Kula, On Behalf of: Independent Electricity System Operator, , Segments 2

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

This definition of uses the NERC defined term “System Operator”. In the NERC Glossary, the “System Operator” definition uses the term “Control Center.” Request this dependency be addressed.

Request clarification of “who can act independently to operate or direct the operation.” Is this addressing capability or authority?

The phrase “Real-time reliability-related tasks” is not defined and may be determined by some entities or auditors to be associated with the Functional Model.  Suggest clarification on the meaning of this phrase

FMPA, Segment(s) , 8/2/2017

- 0 - 0

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Please see Texas RE’s comments to #1.

Rachel Coyne, On Behalf of: Texas Reliability Entity, Inc., , Segments 10

- 0 - 0

SCL supports the APPA submitted comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Daniel Gacek, On Behalf of: Exelon, , Segments 1, 3, 5, 6

- 0 - 0

Santee Cooper, Segment(s) 1, 9/8/2017

- 0 - 0

  1. NCPA does not agree with the proposed definition of Control Center based on the need for language clarity in several places. The response to question 1 above provides several examples of where the draft language needs to be changed.

     

  2. NCPA believes there are other language changes that need to be made to the draft definition. The proposed definition uses the NERC defined term “System Operator.” In the NERC Glossary, the “System Operator” definition uses the term “Control Center.” APPA believes this circular dependency of terms needs to be addressed.

     

  3. NCPA requests the SDT clarify the term, “who can act independently to operate or direct the operation.” It is not clear if the operation or direction of this person is specifically addressing that person’s capability or authority to direct or operate.

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

AZPS is concerned that, although the SDT intends to align the definition with PER-005-2, the language in the definition leaves ambiguity regarding the genesis of reliability-related tasks.  To better ensure this alignment, alleviate the potential for confusion, and enhance clarity, AZPS reiterates its comments provided in response to Question 1 above.

Vivian Moser, On Behalf of: Vivian Moser, , Segments 1, 3, 5, 6

- 0 - 0

Please refer the comments in Q1,

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

While Vectren understands the need to clarify the Control Center definition and the use of NERC Standard PER-005-2 language to provide clarity, we believe that the language “have the capability to develop” is ambiguous.  At Vectren, the operating personnel at the centrally located dispatch center may have the capability to perform, but do not actually perform Real-time Reliability related tasks. PER-005-2 language doesn’t mention capability, but rather states that “dispatch personnel at a centrally located dispatch center… may develop dispatch instructions…” We propose that the SDT modify the definition to better align with PER-005-2 language by removing the words “have the capability”.

Amy Folz, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 1, 3, 5, 6

- 0 - 0

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

The District supports APPA comment.

The District proposes the SDT to consider control rooms restricted to TOP authorized planned maintenance and/or public safety emergency operations as outside the scope of the Control Center definition.  If the TO control room is necessary for BES Reliable Operation, then it must be treated as a Control Center.  Further, if the covering TOP is able to perform its registered functional obligation without utilizing the TO’s control room capabilities, it is counterproductive to add secondary process, i.e., directing the TO personnel, in executing actions to maintain BES within Reliable Operation parameters.

The District suggests the following to clarify the intent of identifying a TO control room as a Control Center:

One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) and host operating personnel who perform Real-time reliability-related tasks of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator, or Transmission Owner performing BES Reliable Operation tasks on behalf of the Transmission Operator, for Transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.

For Reliability Coordinators, Balancing Authorities, and Transmission Operators, the operating personnel above appropriately maintain NERC System Operator Certification credentials.

For Transmission Owners performing tasks necessary for Bulk Electric System Reliable Operation on behalf of the Transmission Operator, the operating personnel above consist of personnel, excluding field switching personnel lacking Real-time monitoring capability, who can monitor and control the Transmission Owner’s Bulk Electric System Transmission Facilities in Real-time as directed by the Transmission Operator’s certified operating personnel. Transmission Owner operations related to Transmission Operator authorized planned facility maintenance, and autonomous emergency operations to protect public safety are excluded from this definition.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

See question 1.

Thomas Breene, On Behalf of: WEC Energy Group, Inc., , Segments 3, 4, 5, 6

- 0 - 0

We support SERC's comments.

Louisville Gas and Electric Company and Kentucky Utilities Company, Segment(s) 3, 5, 6, 4/13/2017

- 0 - 0

sean erickson, On Behalf of: Western Area Power Administration, , Segments 1, 6

- 0 - 0

Theresa Rakowsky, On Behalf of: Theresa Rakowsky, , Segments 1, 3, 5

- 0 - 0

In addition to the comments provided in response to question 3, the SRC & SWG offers these comments regarding cost effectiveness.  Open Source options to satisfy the requirement to protect communication links and sensitive bulk electric system data communicated between bulk electric systems Control Centers are limited.  Few options generally translated to high vendor leverage, which could lead to high implementation costs.  It is unclear how or whether costs could be shared among participants in the network. Architectural changes to support these requirements should be spread out over several years. Plus there will be business impacts. 

SRC + SWG , Segment(s) 2, 3, 1, 0, 9/11/2017

- 0 - 0

  • Revised Definition: Second paragraph, change to read “…the operating personnel above includes System Operators.”

Rationale: Not all operating personnel are technically System Operators

  • Revised Definition: Third paragraph, change to read “…who has the ability to act independently to operate or direct the operation of the Transmission Owner’s Bulk Electric System Transmission Facilities in Real-time.”

Rationale: To provide clarity that the intent is to include operators that have the ability to act independently even though they might not have the authorization to do so.

SERC CIPC, Segment(s) 10, 1, 2, 5, 9, 8/19/2016

- 0 - 0

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

The definition is not consistent with PER-005-2 part 4.1.5.1. It uses the statement “have the capability to develop specific dispatch instructions… “, where PER-005-2 part 4.1.5.1. states “may develop specific dispatch instructions…”. There is significant difference between having the capability to do something, versus doing it. The language (i.e.”may” versus “having the capability to”) concerning Generation and Control Centers (a “centrally located dispatch center” in PER-005-2 part 4.1.5.1) has already been settled by industry, through development and approval of PER-005-2. The proposed definition should stay consistent with PER-005-2 part 4.1.5.1.

PSEG REs, Segment(s) 5, 6, 3, 1, 3/6/2017

- 3 - 0

Harold Sherrill, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

ERCOT ISO supports the comments of the ITC SWG.

Elizabeth Axson, On Behalf of: Elizabeth Axson, , Segments 2

- 0 - 0

See comments to question 1.

 

This definition of uses the NERC defined term “System Operator”. In the NERC Glossary, the “System Operator” definition uses the term “Control Center.” Request this dependency be addressed.

 

Request clarification of “who can act independently to operate or direct the operation.” Is this addressing capability or authority?

 

The phrase “Real-time reliability-related tasks” is not defined and may be determined by some entities or auditors to be associated with the Functional Model.  Suggest clarification on the meaning of this phrase

Brian Evans-Mongeon, On Behalf of: Utility Services, Inc., , Segments 4

- 0 - 0

Note that while Transmission Owners are mentioned in the third paragraph, they are not mentioned in the 4 applicable functions.  For completeness, Transmission Owners should be listed as a 5th applicable function.  Recommend adding a fifth identification for Transmission Owner for Transmission Facilities who can act independently to operate or direct the operation of the Transmission Owner’s Bulk Electric System Transmission Facilities in Real-time to the 1st paragraph definition.

Entergy/NERC Compliance, Segment(s) 1, 5, 3/1/2017

- 0 - 0

The proposed definition of Control Center, as written, does not specify whether manned or unmanned data centers are considered facilities associated with a Control Center. NERC should modify the proposed definition to clarify that both manned and unmanned data centers are facilities associated with a Control Center. Specific modifications to the proposed Control Center definition are provided below (modifications are in bold):

“One or more facilities, including their associated manned or unmanned data centers, that monitor and control the Bulk Electric System (BES)…”

Robert Blackney, On Behalf of: Edison International - Southern California Edison Company, WECC, Segments 1, 3, 5, 6

- 0 - 0

The SPP Standards Review Group has a concern that the term Real-time in the proposed definition does not properly align with the term mention or defined in other Reliability Standards.

SPP Standards Review Group, Segment(s) , 9/11/2017

- 1 - 0

Reclamation recommends the first paragraph of the proposed definition revise to state:

One or more agency-designated (i.e., primary or backup) Facilities that host System Operators

 

Reclamation also recommends that the Control Center definition be restricted to Facilities with the capability to control two or more Facilities that, when combined, are considered high or medium impact rated Facilities.

 

Reclamation also recommends the SDT consider the implications of whether the Facility has the capability to perform “Real-time reliability-related tasks” with or without hosting System Operators or dispatch personnel.

Wendy Center, On Behalf of: U.S. Bureau of Reclamation, , Segments 1, 5

- 0 - 0

With modification in question 1.

Jamie Monette, On Behalf of: Allete - Minnesota Power, Inc., , Segments 1

- 0 - 0

See NRECA’s answer to Question 1.

Barry Lawson, On Behalf of: Barry Lawson, , Segments 3, 4

- 0 - 0

FirstEnergy recognizes that the proposed Control Center language describing Transmission Owner operating personnel is to a large degree already used in NERC Reliability Standard PER-005-2 — Operations Personnel Training.  However, from a cyber system point of view, it might be beneficial to clarify that these personnel are not inclusive of operating personnel who “can act”, which could be interpreted as “who are capable of”.  There may be personnel who are capable within a location based on cyber system privileges, but who are not authorized, trained, etc. to independently take actions using a cyber system (e.g. IT System Administrators).  FirstEnergy recommends the following change to the definition:  

For Transmission Owners performing the Real-time reliability-related tasks of a Transmission Operator, the operating personnel above consist of personnel, excluding field switching personnel, who independently operate or direct the operation of the Transmission Owner’s Bulk Electric System Transmission Facilities in Real-time

Aaron Ghodooshim, On Behalf of: FirstEnergy - FirstEnergy Corporation, , Segments 1, 3, 4

- 0 - 0

It provides a new gap in enforcement and does not improve the current one where needed.

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

Laura Nelson, On Behalf of: Laura Nelson, , Segments 1

- 0 - 0

Alternative proposition for GOP:

For Generator Operators, the operating personnel above consist of dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner. These operating personnel only include personnel who can act independently to operate or direct the operation of the Generator Owner’s Bulk Electric System Facilities in Real-time.

Normande Bouffard, On Behalf of: Normande Bouffard, , Segments 1, 5

- 0 - 0

Need clarification(s) – see Q1.

RSC no Con-Edison and Dominion, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 9/11/2017

- 0 - 0

SRP does not agree with the inclusion of “Transmission Owner” in the following statement, “For Generator Operators, the operating personnel above consist of dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and have the capability to develop specific dispatch instructions for plant operators under their control." By definition, Transmission Owners have no responsibility for operation.

SRP believes the majority of the proposed language in paragraphs 2 through 4 is already expressed within the first paragraph and is redundant. SRP proposes the following language: “One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) and host operating personnel who perform Real-time reliability-related tasks of any of the following, regardless of NERC registration: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for Transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations. These personnel do not include individuals who only execute or relay dispatch instructions without making any modifications.”

The language within the proposed definition of “Control Center” seeks to further identify and define a “System Operator.” This term is already a defined term within the NERC Glossary of terms. Seeking to create a second definition of the term creates confusion and redundancy.

Additionally, SRP agrees with APPA’s comment and requests clarification of what is meant by “Real-time reliability-related tasks.”

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

BC Hydro, Segment(s) 1, 2, 3, 5, 5/6/2015

- 0 - 0

Douglas Webb, On Behalf of: Great Plains Energy - Kansas City Power and Light Co., SPP RE, Segments 1, 3, 5, 6

- 0 - 0

As noted in #1, above, Southern respectfully disagrees with the approach chosen by the SDT to redefine the term Control Center.  The reliability impact of the facility(ies) controlled by the center are an important element of this definition and this aspect did not receive due consideration in the proposed version of the definition.  

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

APPA does not agree with the proposed definition of Control Center based on the need for language clarity in several places. The response to question 1 above provides several examples of where the draft language needs to be changed.   

Public power believes there are additional  language changes that need to be made to the draft definition. The proposed definition uses the NERC defined term “System Operator.” In the NERC Glossary, the “System Operator” definition uses the term “Control Center.” APPA believes this circular dependency of terms needs to be addressed. 

APPA also requests the SDT clarify the term, “who can act independently to operate or direct the operation.” It is not clear if the operation or direction of this person is specifically addressing that person’s capability or authority to direct or operate. Public power believes this should be clarified. 

The phrase “Real-time reliability-related tasks” used in the draft definition is not a NERC defined term. APPA believes that the term could be confusing to some NERC compliance personnel who may think it has some relation to the NERC Functional Model. Consequently, public power believes this phrase needs clarification.  

Jack Cashin, On Behalf of: American Public Power Association, , Segments 4

- 0 - 0

Additional clarity is needed with the phrase “operating personnel who perform Real-time reliability-related tasks of…”.  If the operating personnel have the capability of performing the real-time reliability-related tasks of a TOP but do not have the authority, it is unclear if their facility would be a Control Center. It is also unclear if the SDT’s goal is to make these facilities Control Centers or not.

BPA believes that updating the Control Center definition for CIP standard purposes can potentially cause issues with O&P compliance. BPA recommends broadening scope of the control center definition to include more active engagement from O&P SME’s.  More analysis will need to be done once the definition is clarified.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI supports NRECA's comments.

Additionally, the phrase “reliability-related tasks” is not defined and may be misinterpereted by Responsible Entities or compliance enforcement staff.  AECI suggests that the SDT clarify the the meaning of this phrase or propose a definition for inclusion in the Glossary of Terms Used in NERC Reliability Standards.

AECI & Member G&Ts, Segment(s) 1, 6, 5, 3, 4/11/2017

- 0 - 0

Hot Answers

The Implementation Plan for other standards provide that unplanned changes could result in a low impact categorization where previously the asset containing BES Cyber Systems had no categorization. Categorization changes due to this definition should be treated that same... Under these circumstances for CIP version 5, Responsible Entities were to comply with all Requirements applicable to low impact BES Cyber Systems within 12 months following the identification and categorization of the affected BES Cyber System.

Annette Johnston, On Behalf of: Annette Johnston, , Segments 1, 3

- 0 - 0

Tacoma Power supports the comments of APPA.

Marc Donaldson, On Behalf of: Tacoma Public Utilities (Tacoma, WA), , Segments 1, 3, 4, 5, 6

- 0 - 0

Other Answers

The California ISO supports the comments of the Security Working Group (SWG)

Richard Vine, On Behalf of: Richard Vine, , Segments 2

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

No comment

Matthew Beilfuss, On Behalf of: WEC Energy Group, Inc., MRO, RF, Segments 3, 4, 5, 6

- 0 - 0

From a Generator Operator perspective the proposed definition of Control Center should not affect current operations.  However, the proposed definition of Control Center applies to a new Functional Entity, the Transmission Owner, and as such an implementation plan/period will be required.  Transmission Owner’s should suggest an appropriate plan/period.

George Brown, On Behalf of: Acciona Energy North America, , Segments 5

- 0 - 0

Leonard Kula, On Behalf of: Independent Electricity System Operator, , Segments 2

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

This seems appropriate for CIP because the Implementation Plans in the other CIP Standards will cover newly identified Control Centers.  It is unclear of the impact on Operations so it also unclear on the implementation of any changes to operations

FMPA, Segment(s) , 8/2/2017

- 0 - 0

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Absent a specific implementation plan, Texas RE understands the definition would be effective upon FERC approval.

Rachel Coyne, On Behalf of: Texas Reliability Entity, Inc., , Segments 10

- 0 - 0

SCL supports the APPA submitted comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Daniel Gacek, On Behalf of: Exelon, , Segments 1, 3, 5, 6

- 0 - 0

Santee Cooper, Segment(s) 1, 9/8/2017

- 0 - 0

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Vivian Moser, On Behalf of: Vivian Moser, , Segments 1, 3, 5, 6

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

Vectren respectfully requests the SDT consider that Responsible Entities which are impacted by these changes should have at least 12 months to implement the new definition, similar to other NERC operational and CIP standards.

Amy Folz, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 1, 3, 5, 6

- 0 - 0

AEP suggests that the SDT include explicit reference to the section of Implementation Plan for Version 5 CIP Cyber Security Standards for unplanned changes.
 

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

The District believes the proposed timing for the implementation plan is appropriate. The Implementation Plans for in the existing CIP Standards will cover newly identified Control Centers.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

Thomas Breene, On Behalf of: WEC Energy Group, Inc., , Segments 3, 4, 5, 6

- 0 - 0

We support SERC's comments.

Louisville Gas and Electric Company and Kentucky Utilities Company, Segment(s) 3, 5, 6, 4/13/2017

- 0 - 0

sean erickson, On Behalf of: Western Area Power Administration, , Segments 1, 6

- 0 - 0

Theresa Rakowsky, On Behalf of: Theresa Rakowsky, , Segments 1, 3, 5

- 0 - 0

SRC + SWG , Segment(s) 2, 3, 1, 0, 9/11/2017

- 0 - 0

  • Alternate Implementation Period: 2 Year Implementation Plan Period

Rationale: There are a number of factors to consider, and all affect the time required to implement, to include the following:

    • Complexity of the technology solutions to be implemented,

    • Number of interconnecting lines to secure,

    • Troubleshooting/testing at each connection point, and

    • Coordination requirements with external stakeholders

SERC CIPC, Segment(s) 10, 1, 2, 5, 9, 8/19/2016

- 0 - 0

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

PSEG REs, Segment(s) 5, 6, 3, 1, 3/6/2017

- 3 - 0

Harold Sherrill, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

ERCOT ISO supports the comments of the ITC SWG.

Elizabeth Axson, On Behalf of: Elizabeth Axson, , Segments 2

- 0 - 0

This seems appropriate for CIP because the Implementation Plans in the other CIP Standards will cover newly identified Control Centers.  It is unclear of the impact on Operations so it also unclear on the implementation of any changes to operations.

Brian Evans-Mongeon, On Behalf of: Utility Services, Inc., , Segments 4

- 0 - 0

Would recommend at least a 30 day implementation period upon applicable governmental authority approval to allow entities appropriate time to make any necessary changes to policies, procedures and other necessary administrative documentation and make notification and training as necessary.

Entergy/NERC Compliance, Segment(s) 1, 5, 3/1/2017

- 0 - 0

Robert Blackney, On Behalf of: Edison International - Southern California Edison Company, WECC, Segments 1, 3, 5, 6

- 0 - 0

The SPP Standards Review Group has developed an interpretation based on discussions from the CIP SDT, it’s believed that this is just a definition change and no additional implementation time.  If this does involve an additional implementation time, we believe 18 months is better than 12 months. Due to technological changes needed to secure the data and collaboration between sending and receiving party, we feel more time is needed to implement the standard.

SPP Standards Review Group, Segment(s) , 9/11/2017

- 1 - 0

Eighteen calendar months after the approval of the control center definition and the CIP-012-1 standard to allow entities time to evaluate the impact of the changes effected by the new standard and implement an appropriate response.

Wendy Center, On Behalf of: U.S. Bureau of Reclamation, , Segments 1, 5

- 0 - 0

With regards to CIP, this wouldn’t be a problem.  I cannot speak for others that would be impacted.

 

Jamie Monette, On Behalf of: Allete - Minnesota Power, Inc., , Segments 1

- 0 - 0

NRECA requests that the Implementation Plan (IP) be revised to provide a 24 month period of time for registered entities that do not meet the current Control Center definition, but under a revised Control Center definition they do have a Control Center.  This 24 month time period is necessary to provide registered entities enough time to deal with procurement and budget cycles, and the implementation of the required technical and procedural controls for a “low, medium or high” category Control Center.

Barry Lawson, On Behalf of: Barry Lawson, , Segments 3, 4

- 0 - 0

Aaron Ghodooshim, On Behalf of: FirstEnergy - FirstEnergy Corporation, , Segments 1, 3, 4

- 0 - 0

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

Idaho Power proposes that additional implementation time be provided to evaluate the effect of the new definition and to ensure applicable protections/controls are in place. Idaho Power believes 6 to 12 months would be appropriate.

Laura Nelson, On Behalf of: Laura Nelson, , Segments 1

- 0 - 0

12 to 18 months needed for new control center

Normande Bouffard, On Behalf of: Normande Bouffard, , Segments 1, 5

- 0 - 0

Yes, because the Implementation Plan in the CIP Standards will cover newly identified assets.

RSC no Con-Edison and Dominion, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 9/11/2017

- 0 - 0

SRP agrees with APPA and LPPC that this commenting should not be included along with comments to CIP standards. By doing so, the personnel working exclusively with 693 standards are being excluded and may cause unintentional consequences.

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

BC Hydro, Segment(s) 1, 2, 3, 5, 5/6/2015

- 0 - 0

The company will review current systems and protections against the approved Control Center glossary term and as part of CIP-012-1 implementation.

Douglas Webb, On Behalf of: Great Plains Energy - Kansas City Power and Light Co., SPP RE, Segments 1, 3, 5, 6

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

APPA believes the proposed timing for the implementation plan is appropriate. The Implementation Plans for in the existing CIP Standards will cover newly identified Control Centers.   

Jack Cashin, On Behalf of: American Public Power Association, , Segments 4

- 0 - 0

BPA believes that the implementation period is dependent on the clarification of what will or what should become a control center. 

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI supports NRECA's response to Question 5.

AECI & Member G&Ts, Segment(s) 1, 6, 5, 3, 4/11/2017

- 0 - 0

Hot Answers

Annette Johnston, On Behalf of: Annette Johnston, , Segments 1, 3

- 0 - 0

Tacoma Power supports the comments of APPA.

Marc Donaldson, On Behalf of: Tacoma Public Utilities (Tacoma, WA), , Segments 1, 3, 4, 5, 6

- 0 - 0

Other Answers

The California ISO supports the comments of the Security Working Group (SWG)

Richard Vine, On Behalf of: Richard Vine, , Segments 2

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

No ocmment

Matthew Beilfuss, On Behalf of: WEC Energy Group, Inc., MRO, RF, Segments 3, 4, 5, 6

- 0 - 0

No further comments.

George Brown, On Behalf of: Acciona Energy North America, , Segments 5

- 0 - 0

Leonard Kula, On Behalf of: Independent Electricity System Operator, , Segments 2

- 0 - 0

TVA agrees with the proposed definition of Control Center.

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

FMPA, Segment(s) , 8/2/2017

- 0 - 0

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Texas RE does not have additional comments.

Rachel Coyne, On Behalf of: Texas Reliability Entity, Inc., , Segments 10

- 0 - 0

SCL supports the APPA submitted comments.  Our primary concern here is that it is not appropriate to ballot in CIP only for a far-reaching change that can impact both O&P and CIP standards.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

No comments

Daniel Gacek, On Behalf of: Exelon, , Segments 1, 3, 5, 6

- 0 - 0

Santee Cooper, Segment(s) 1, 9/8/2017

- 0 - 0

No additional comments.

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Vivian Moser, On Behalf of: Vivian Moser, , Segments 1, 3, 5, 6

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

Vectren is committed to the safety and reliability of the BES and committed to compliance excellence.  We appreciate the efforts of the Standard Drafting Team and will be glad to provide any additional detail upon request.  Thank you for allowing Vectren the opportunity to provide comments on this draft definition.

Amy Folz, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 1, 3, 5, 6

- 0 - 0

None

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

Thank you for the opportunity to comment.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

N/A

Thomas Breene, On Behalf of: WEC Energy Group, Inc., , Segments 3, 4, 5, 6

- 0 - 0

Louisville Gas and Electric Company and Kentucky Utilities Company, Segment(s) 3, 5, 6, 4/13/2017

- 0 - 0

sean erickson, On Behalf of: Western Area Power Administration, , Segments 1, 6

- 0 - 0

n/a

Theresa Rakowsky, On Behalf of: Theresa Rakowsky, , Segments 1, 3, 5

- 0 - 0

The SRC & ITC SWG asserts that the proposed standard does not make clear how entities should work together when addressing security concerns across a communication network link.  If both entities work with CIP Standard assumptions on both ends of a communication network, some support for joint handling of issues could be made clear.  However, if only one entity is CIP-compliant for a given link, the current standard draft does not make clear the extent of protection expected for the data.  The Standard should provide more information on the ownership of obligations for protecting the entire link

 

It is unclear whether the addition of CIP-012 affects the exemptions of communication networks in any of the applicability sections of other standards (CIP-002 through CIP-011). The SWG requests clarification that CIP-012 fills in some of the gap created the CIP-002 – CIP-011 third party telecommunications exemption (4.2.3.2. Cyber Assets associated with communication networks and data communication links between discrete Electronic Security Perimeters.)

 

It has been ten years since the SANDIA report (“Secure ICCP Considerations and Recommendations”), the only detailed report on this subject which could be considered close having entered mainstream awareness in the industry.  Today, as ten years ago, Secure ICCP is not a viable choice for utilities, if only due to limited community experience and vendor support, not to mention the complexities of key management. The transition strategies that SANDIA discusses – Layer 3 protection using IPsec and Layer 2 protection with hardware encryption – remain today’s target solutions.

IPsec is a viable alternative.  Over MPLS, IPsec could secure GRE tunnels between CE routers.  Challenges with this approach include the possibility of having to hire a third party to manage certificates and IPsec links, especially for ISOs that do not manage their own MPLS networks.

 

The SRC &  ITC SWG position on security architecture is that business transactions (such as ICCP) should not be tightly coupled with encryption technologies.  Solutions should prefer network overlays versus security extensions to a protocol (such as Secure ICCP or DNP3 SA).

 

The security architecture should prefer least-latent encryption solutions at the Ethernet or IP layers of the network stack.  MACsec (802.1AE) models the spirit of an optimal solution within a metro area – could it scale wider?

 

The SRC &  ITC SWG’s overall position on Secure ICCP is that it represents too much reliability risk.  The ITC SWG is concerned about the lack of open standards and protocols available to meet the confidentiality and integrity security objectives of CIP-012.  Assuming that a solution involves encryption, the only two open standards and protocols that can meet the CIP-012 security objectives are IPsec and TLS.  The potential for vendor leverage in such a small open solution space is large.  Vendor-managed MPLS networks, typical among utilities, already entrench high annual telecommunication costs in utility budgets.  Security vendors continue to benefit from the expense of establishing layered cyber defenses.  Open Source solutions provide a cost and agility refuge from this lopsided value chain without compromising defense layers.  The trend toward managed services makes the cost problem worse for utilities, especially in the context of insufficiently evaluated risk.  Vendor leverage only grows given the practical consideration that all the communicating parties in a WAN of connected real-time Control Centers would need to adopt a common solution in order to minimize complexity and cost.

SRC + SWG , Segment(s) 2, 3, 1, 0, 9/11/2017

- 0 - 0

SERC CIPC, Segment(s) 10, 1, 2, 5, 9, 8/19/2016

- 0 - 0

CenterPoint Energy Houston Electric, LLC believes the revisions to the Control Center definition more accurately identify Control Centers. 

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

It is unclear if/how RC “backup control center” facilities or TOP/BA “backup functionality” required for RC and TOPs/BAs, respectively, by NERC reliability standard EOP-008, are addressed by the proposed definition.

PSEG REs, Segment(s) 5, 6, 3, 1, 3/6/2017

- 3 - 0

·       SDG&E desires clarification on the definition of “associated data centers”. Is it the data centers that house the Industrial Controls Systems (ICS) or is it all data centers that support the “control center”?

 

·       The language in the proposed definition excludes oral communication, but could email be considered “data used for Operational Planning Analysis, Real-time Assessments, and Real-time monitoring”?

 

·       The proposed definition states: “One or more facilities, including their associated data center, that monitor and control the BES……”   SDG&E recommends the following change: “One or more facilities, including their associated data center, used to monitor and control the BES……”

-In sections where “Transmission Operator” is mentioned the term BES should be inserted before “Transmission Facilities…”

- In sections where “Generator Operator” is mentioned the term BES should be inserted before Generator Operator for “Generation Facilities….”

 

·       SDG&E believes clarity could be given to the words: “have the capability to develop specific dispatch instructions for plant operators under their control.”

  • SDG&E seeks clarification on the phrase: “centrally located dispatch center who relay dispatch instructions without making any modifications.”

Harold Sherrill, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

Elizabeth Axson, On Behalf of: Elizabeth Axson, , Segments 2

- 0 - 0

Brian Evans-Mongeon, On Behalf of: Utility Services, Inc., , Segments 4

- 0 - 0

Entergy/NERC Compliance, Segment(s) 1, 5, 3/1/2017

- 0 - 0

Robert Blackney, On Behalf of: Edison International - Southern California Edison Company, WECC, Segments 1, 3, 5, 6

- 0 - 0

SPP Standards Review Group, Segment(s) , 9/11/2017

- 1 - 0

None.

Wendy Center, On Behalf of: U.S. Bureau of Reclamation, , Segments 1, 5

- 0 - 0

Jamie Monette, On Behalf of: Allete - Minnesota Power, Inc., , Segments 1

- 0 - 0

NRECA appreciates the continued efforts of the CIP SDT.

Barry Lawson, On Behalf of: Barry Lawson, , Segments 3, 4

- 0 - 0

Aaron Ghodooshim, On Behalf of: FirstEnergy - FirstEnergy Corporation, , Segments 1, 3, 4

- 0 - 0

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

Laura Nelson, On Behalf of: Laura Nelson, , Segments 1

- 0 - 0

Normande Bouffard, On Behalf of: Normande Bouffard, , Segments 1, 5

- 0 - 0

RSC no Con-Edison and Dominion, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 9/11/2017

- 0 - 0

SRP is concerned the SDT presented this proposed definition under CIP only. This could result in missing comments from a broader 693 audience who will be affected by this definition change. 

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

BC Hydro, Segment(s) 1, 2, 3, 5, 5/6/2015

- 0 - 0

None.

Douglas Webb, On Behalf of: Great Plains Energy - Kansas City Power and Light Co., SPP RE, Segments 1, 3, 5, 6

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

APPA thanks the SDT for the opportunity to comment. 

Jack Cashin, On Behalf of: American Public Power Association, , Segments 4

- 0 - 0

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI & Member G&Ts, Segment(s) 1, 6, 5, 3, 4/11/2017

- 0 - 0