This comment form is no longer interactive because the comment period is closed.

2016-02 Modifications to CIP Standards | Control Center Definition and Implementation Plan

Description:

Start Date: 03/16/2018
End Date: 04/30/2018

Associated Ballots:

Ballot Name Project Standard Pool Open Pool Close Voting Start Voting End
2016-02 Modifications to CIP Standards Control Center Definiton IN 1 DEF 2016-02 Modifications to CIP Standards Control Center Definiton 03/16/2018 04/16/2018 04/20/2018 04/30/2018
2016-02 Modifications to CIP Standards Control Center Definiton Implementation Plan IN 1 OT 2016-02 Modifications to CIP Standards Control Center Definiton Implementation Plan 03/16/2018 04/16/2018 04/20/2018 04/30/2018

Filter:

Hot Answers

The phrase “act independently” could be interpreted to exclude current Control Centers that act solely on direction of the ISO.  NRG believes the intent to be has the ability to control rather than act independently.  NRG recommends that the verbiage be clarified.

The first exception lists plant operators at a generating plant site.  This implies that plant control rooms that have the ability to start or monitor units at other plant locations would not be considered Control Centers.  NRG recommends that this should be clarified.

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Consider the following revision: “(4) can act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations that have the ability to impact the BES;”

Brandon Gleason, Electric Reliability Council of Texas, Inc., 2, 4/30/2018

- 0 - 0

Other Answers

Linda Jacobson-Quinn, City of Farmington, 3, 3/21/2018

- 0 - 0

Val Ridad, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Jeff Ipsaro, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Sandra Pacheco, Silicon Valley Power - City of Santa Clara, 5, 4/13/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

References to Real – time should be consistent with the NERC Glossary.

- 0 - 0

Nicholas Lauriat, Network and Security Technologies, 1, 4/21/2018

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 4/23/2018

- 0 - 0

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

Trying to define a “control center” is difficult and can have unintended consequences.  As you work your way through this definition, the boundary of a control center should be discussed and considered.  Where is the boundary of a control center?

Reliability standard requirements contain words such as “within” a control center (TOP-001-4 R20), so the importance of knowing the boundary is important and in many cases, the boundary isn’t obvious.  Control centers are typically located with other business functions and including a larger boundary than necessary can apply regulatory requirements to business functions not intended to be included in the requirement and introduce confusion.  Possible boundaries may be defined by the following:

  1. The property line or fence line of the facility.  This broad brush of a definition will include functions not intended for applicability under Reliability Standards and cause unneeded costs for customers.  In many cases where a control center is located in a metro area collocated in a building with other functions, a fence does not exist and the property line may be a public sidewalk.  This definition is also problematic because cyber access equipment is not typically located at this boundary and access control would be extremely difficult.  With the exception of a fence, gate, camera, etc., it is difficult to apply reliability controls to effectively control access with little ability to apply defense in-depth.  Other concerns identified below for using the exterior building walls may also apply to using the property line or fence line.  This definition is not recommended and should only be used in special cases.

  2. The exterior building walls surrounding the control center.  This definition is problematic due to other functions being collocated with the control center.  If a control center is located with other business functions, such as a corporate headquarters, the control center may be located on a floor of a multiple floor building.  In these situations, defining the exterior building walls is clearly an overextension of the regulatory requirements and will cause undue costs for an entity.  Control centers may be collocated with a substation or power plant.  For these situations, specific regulatory requirements may apply to the substation or power plant and simply designating the exterior building wall will confuse how to apply regulatory requirements.  In a situation where you have a control center isolated from other business functions in a standalone facility, other support functions for the control center are needed.  These support functions would not need the additional protections and will cause additional costs without a benefit to the BES.  This definition may be used in specific situations, but should not be a default by everyone. 

  3. The Physical Security Perimeter (PSP) for the Control Center, or if a formal PSP is not required, the location where the PSP would be implemented, if required.  A PSP is already defined in the NERC Glossary of Terms and entities have implemented security measures around these defined locations, where required.  These are demarcations with clear boundaries and can be used to apply regulatory requirements.  But, it’s easy to identify situations where identifying the boundary of a control center as a PSP may have unintended consequences.  A PSP is defined for CIP requirements and trying to standardize by using a CIP term for an Operations & Planning requirement will lead to unintended consequences.  A PSP is designed to contain BES Cyber Systems.  In situations where you have multiple PSPs in the same building, you would need to address how the area between the PSPs is handled for the control center definition.

  4. The boundary of a control center could be defined as the room(s) where NERC certified system operators perform real-time functions and the associated data centers.  This definition limits the scope of the control center to the core functions and should provide a basis for the intent of the Reliability Standards.  There may be exceptions, but this definition may cover a large percentage of registered entities that have a control center and need to identify a boundary.

    Recommend the following definition:

    One or more rooms in a facility, including their associated data centers, that monitor and control the Bulk Electric System (BES) and also host NERC certified operating personnel who:

Tony Eddleman, Nebraska Public Power District, 3, 4/23/2018

- 2 - 0

POPUD is concerned that the proposed definition of Control Center may include Dispatching Centers (Distribution), Back-Up Centers and Power Plant Control Rooms in small utilities which have SCADA controls that control a very limited group of BES transmission assets.  In our case, we provide SCADA to the various areas because of the multiple roles our staff has due to staffing constraints.  We believe that the unintended consequences of the proposed change will impact us by confusing the auditing staff with the roles of Transmission Operators or Balancing Authorities; and, who must be NERC Certified.  We own approximately 58 miles of transmission which is operated and monitored by another entity.

Kevin Conway, Public Utility District No. 1 of Pend Oreille County, 1, 4/23/2018

- 0 - 0

Dominion Energy disagrees with the proposed definition for the following reasons:

 

  1. The term ‘real time reliability tasks’ is undefined and ambiguous.  This term is critical to compliance and needs some additional context to allow entities to reliability operate.  As such, there should be no obligations included in the task list for other Entities to perform.  For example, one would not expect a TOP’s task list to require that a TO perform a task.  Rather, the TOP may require that the TO identify a Real-time reliability task (in the TOs list under R2.1) to cover a situation.   In this case, the real-time reliability-related task belongs to the TO and not the TOP.  Consequently, one would never expect that a task be classified as real-time reliability-related for one Entity just because it has been designated as such by another Entity.  For example, an RC may include running State Estimator and Contingency Analysis programs on its list of real-time reliability-related tasks.  Just because a TO happens to run a State Estimator does not make running the State Estimator a real-time reliability-related task for the TO unless the TO has so designated it in the TO list, nor does the TO running the State Estimator satisfy the RC’s obligation to run the State Estimator.

  2. If the context for ‘real time reliability tasks’ is PER-005, the task lists are entity specific and not necessarily shared with the entity responsible for determining if it’s a control center.

If PER-005 is the basis for these tasks, than the proposed Control Center definition should have the same language and limitations contained in PER-005.

  1. Just because an entity performs a task on any RC, BA, TOP BES company-specific Real-time reliability-related task list, the proposed definition appears to automatically make that performance a reliability task that qualifies you as a Control Center.

If this is accurate, the responsible entity may not know what is on these lists as the entities that develop the lists are not required and, in most cases, do not share these with other entities.

  1. As currently written, the proposed definition excludes the reliability related tasks developed by a TO and could make the TO fall under the definition of a Control Center unknowingly based on #3.

  2. Based on ‘real time reliability tasks’ being defined in the context of PER-005, Dominion Energy proposes the following alternative language for a Control Center definition.

 

“One or more facilities, including their associated data centers, of an RC, BA, TOP, TO that monitor and control the Bulk Electric System (BES) and host operating personnel who can act independently to operate or direct in Real-time the operation of Bulk Electric System Transmission Facilities; or a centrally located GOP dispatch center hosting dispatch personnel at who receive direction from their RC, BA, TOP or TO and may develop specific dispatch instructions for plant operators or plant control systems under their control.

 

Operating and dispatch personnel do not include:

  1. Transmission Owner or Transmission Operator field switching personnel; or

  2. Plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications.

    The intent of the change to the definition is not clear in regards to TOs.  Item 5 in the proposed definition of Control Center indicates that having the ability to operate a TO’s BES Transmission Facilities or merely having the ability to dispatch someone to operate the Facility creates a Control Center.  Is the desired intent that any TO with SCADA control OR field switching personnel have a Control Center?    Field switching personnel are excluded from the definition of “operating personnel”, but there is no definition of who is included in this definition.  Is someone who answers the phone (e.g., from a TOP) and passes the instructions to field switching personnel considered to be “operating personnel”?  Consider the example of a Storm Center (e.g., conference room) where personnel gather to monitor storm damage and direct field personnel for Real-time operation of the TO’s BES Transmission Facilities.  Does the conference room become a Control Center under this definition, or is it excluded because those gathered in it are not considered operating personnel? This ambiguity should be resolved.

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

Use of the term; “One or more facilities…” should be defined further as the NSRF believes the SDT’s intent and offer that a “facility” may be looked at as an entire building that houses RCs, BAs, and TOPs.  Recommend that the first part of the definition read “One or more rooms in a facility…”.  This clearly points to a prescribed area within a facility and not the entire facility.

 

Without understanding what “Real-time reliability-related tasks” are (see next paragraph), we cannot support this definition.  There could be an entity that has personnel who work outside the “Control Center” walls that have Real-time tasks that support the RC, BA and TOP.  Or is the SDT referring to NERC Certified System Operators only?  Many entities require NERC Certifications for non-System Operators as part of the positions that they fulfill.  Please clarify.   

 

It is unclear to what the SDT believe the definition of “…reliability-related tasks…” refers to within is part 1, 2, and 3 of the proposed Control Center definition.  Is this the “reliability-related tasks” associated with the tasks identified by each RC, TOP and BA per PER-005-2?  Or is it the “reliability-related tasks” noted in some other NERC document?  Note that “reliability-related tasks” is not used within the NERC Functional Model.  The Functional Model uses “related reliability tasks”, only within the introduction sections and not under any specific Function.  The term “Tasks” is used under each Function.  Is the SDT referring to “Tasks” within the Functional Model to mean the same as “…reliability related tasks…” within the proposed Control Center definition?  The NSRF is against using the Functional Model as a reference document as the current version is from 2010 and can be changed by NERC at any time.  The NSRF recommends that an asterisk (*) [or foot note] be placed next to “reliability-related tasks*” and refer to reliability-related tasks identified by PER-005-2.  This provides clarity the each applicable RC, TOP and BA.

 

Part 4 uses the word “can act” to describe the action that a GOP could accomplish in developing dispatch instructions.  A GOP “can” do something but may not have the authority to accomplish the dispatch instruction.  Recommend that part 4 use the word “perform” in place of “can act”, this is also in line with parts 1, 2, and 3.

 

Part 5 also uses the word “Can act”.  Recommend this be replaced with “perform” with the same justification in part 4.

 

The NSRF would like to point out that the term "data center" is not defined in any NERC standard or NERC documentation.  The issue is how far into the SCADA acquisition process does the data center definition penetrate.  Does the data center definition penetrate into data aggregators used to reduce communication costs that represent loss of several RTU if compromised?  The main impact area of this definition is in the new TOP-001-4 standard R20 that becomes enforceable 7-1-18.  If the data center definition is beyond the bricks and mortar used for the Control Room and SCADA, then redundant
and diversely routed data exchange infrastructure may be needed outside of the traditional primary Control Center facility.  Please clarify.


  R20. Each Transmission Operator shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Transmission Operator's primary Control Center, for the exchange of Real-time data with its Reliability Coordinator, Balancing Authority, and the entities it has identified it  needs data from in order for it to perform its Real-time monitoring and Real-time
Assessments.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 2 - 0

Thank you for the opportunity to comment on the proposed revisions to the definition of Control Center. WECC agrees with and supports the purpose and intent of the proposed revisions to the Control Center Definition. WECC supports the revisions to the first five elements, and the concept behind the last two elements identifying what is not a control center. However, WECC believes that the definition of a Control Center should not include identifying what operating personnel are not, but rather, should include a definition of what a Control Center is not.

WECC believes that including language defining what Operating personnel are not will conflict with the purpose of COM-002-4 – Operating Personnel Communications Protocols. There is evidence that a significant number of Misoperations are a result of poor communication between System Operators at control centers and the entity’s operating personnel in the field.

The attached file contains WECC's proposed revisions to the defintion.

Steven Rueckert, Western Electricity Coordinating Council, 10, 4/25/2018

2016-02_Control_Center_Modified_Definition_03162018-WECC comments.docx

- 0 - 0

a) For the purpose of clarity, AZPS recommends that the first sentence of the proposed definition be changed to:

One or more facilities, including their associated data centers, hosting operating personnel that monitor and control the Bulk Electric System (BES) to: 

 

b) AZPS is concerned that the new definition sets up the potential for inconsistency due to the use of the term “reliability tasks” in the definition for items 1 and 3, but the term “functional obligations” in sections 1.1 and 1.3 of the CIP-002 attachment 1. 

 

c) AZPS is concerned that item (5), which appears to be the equivalent of Transmission Operator Control Centers, presents a lower criteria for control centers than is applicable under item (3).  Specifically, item 3, which is applicable to Transmission Operators,  applies only when there are “facilities at two or more locations;” however, item 5, which could be construed as describing a Transmission Operator does not have the same qualifier.   For this reason, AZPS requests clarification of the  use of “can operate” as stated in item 5 of the definition as well as what the intended differentiation between items 3 and 5 is.  

Jonathan Aragon, 4/25/2018

- 0 - 0

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 1 - 0

Jeff Johnson, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 1, 2, 3, 4, 5, 6, 7, 8, 9

- 0 - 0

City Light supports APPA comments

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Faz Kasraie, On Behalf of: Seattle City Light, WECC, Segments 5

- 0 - 0

BES substation control rooms may be identified as “Control Centers” under the proposed definition; among other concerns, this could result in a substation being classified as High-Impact.

ALAN ADAMSON, New York State Reliability Council, 10, 4/26/2018

- 0 - 0

supporting comments from NPCC

Peter Yost, Con Ed - Consolidated Edison Co. of New York, 3, 4/27/2018

- 1 - 0

Glen Farmer, Avista - Avista Corporation, 5, 4/27/2018

- 0 - 0

- 0 - 0

BPA believes the majority of this definition isn’t needed. The only difference from existing System Operator definition being incorporated is the inclusion of GOP. BPA suggests using the defined term System Operator in the existing definition of Control Center and specifically including operating personnel at GOPs rather than listing all functions already covered in the current System Operator definition. The exclusions would also be covered in this manner since the System Operator definition only applies to people “at a Control Center.”

BPA proposes the following:

One or more facilities where the Bulk Electric System (BES) is monitored and controlled, including its associated data centers and communications infrastructure, and hosting operating personnel who:

1)         perform the Real-time reliability-related tasks of a Reliability Coordinator; or

2)         perform the Real-time reliability-related tasks of a Balancing Authority; or

3)         perform the Real-time reliability-related tasks of a Transmission Operator for Transmission Facilities at two or more locations; or

4)         can act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations.

The exclusions aren’t clear enough to know whether No. 1 only applies to personnel located at generating plants or includes personnel at other centrally located dispatch centers as well.

Operating personnel do not include:

1)         Plant operators located at a generator plant site who relay or implement dispatch instructions from a Generator Operator without making any modifications; or

2)         Personnel at a centrally located dispatch center who relay or implement dispatch instructions without making any modifications; or

3)         Transmission Owner or Transmission Operator field switching personnel.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

With respect to Generator Operators and Generator Owners;

There are existing generation Facility control rooms, and perhaps other centralized control or data centers, who have the capability to operate or direct the operation of generation Facilities at two or more locations, but who do not develop specific dispatch instructions, but simply implement or relay (electronically in some cases) operating and dispatch instructions from their RC/BA/TOP, or from their GOP if the existing generation Facility control room implements or relays operating and dispatch instructions from a second larger GOP Control Center.  These existing generation Facility control rooms meet the existing Control Center definition, but would be excluded from the proposed definition.

Some of these existing generation Facility control rooms can operate or direct the operation of Generator Owner Facilities at two or more locations (thereby meeting the existing Control Center definition) with an aggregate of 1500MW or more in a single Interconnection (e.g. 1000MW at one Facility, 500MW at another Facility), but simply implement or relay (electronically in some cases) operating and dispatch instructions from their RC/BA/TOP/GOP in doing so.  The proposed definition will lower the impact rating of the BCS located at these exiting generation Facility control rooms from Medium under the CIP-002-5.1a impact rating criterion 2.11 down to Low under criterion 3.3, as these control rooms would no longer meet the proposed Control Center definition.  The proposed Control Center definition adds new applicability criteria to CIP-002-5.1a impact rating criterion 2.11 by reference, thereby reducing the scope of applicability of CIP-002-5.1a impact rating criterion 2.11.

Since the intent of the CIP standards is to protect Cyber Assets and systems that “if rendered unavailable, degraded, or misused, would adversely impact the reliable operation of the BES within 15 minutes of the activation or exercise of the compromise”, the fact that a GOP (or GO) Facility’s control room operating personnel do or do not develop specific dispatch instructions for generation Facilities at two or more locations or simply implement or relay such instructions should be immaterial to the CIP-002-5.1a impact rating of the BCS located at those Facility control rooms.

As the 1500MW threshold is an important one and used in several CIP-002-5.1a Medium impact rating criteria, and the proposed definition will lower the impact rating of some BCS under CIP-002-5.1a impact rating criterion 2.11, we do not agree with the proposed definition.

We propose the following modifications:

     1- Modify the sentence:

“4) can act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations;”

To:

“4) act as the Generator Operator for generation Facilities at two or more locations;” which is similar to the existing definition, or perhaps to more accurately capture the intent of the CIP standards and to capture Facilities and control rooms performing GOP functions,

To:

“4) can operate or direct the operation of a Generator Owner’s BES generation Facilities at two or more locations in Real-time”, similar to the language of “5)”, which would capture all control rooms performing GOP functions for BES generation Facilities at two or more locations.

     2- Remove exclusion “1) plant operators located at a generator plant site or personnel …”

Otherwise, CIP-002-5.1a impact rating criterion 2.11 should be modified to recapture Medium BCS at control centers or control rooms that would now be excluded from this criterion by the proposed definition.

 

With respect to Transmission Owner Control Centres (TOCCs);

The language in item “5)” should likely align with the concept in item “3)” with respect to operating or directing the operation of “Transmission Facilities at two or more locations;”

We propose the following modifications:

     1- Modify the sentence:

“5) can operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time.”

To:

“5) can operate or direct the operation of a Transmission Owner’s BES Transmission Facilities at two or more locations in Real-time.”

 

Joel Charlebois, On Behalf of: AESI - Acumen Engineered Solutions International Inc., , Segments 5

- 0 - 0

We support the MRO NSRF comments.  The proposed definition of Control Center is fatally flawed in that it would allow for the exclusion of any data center which does not host operating personnel. This would introduce unacceptable security risks to the Bulk Electric System.

Thomas Breene, WEC Energy Group, Inc., 3, 4/27/2018

- 0 - 0

Adrian Andreoiu, On Behalf of: BC Hydro and Power Authority, WECC, Segments 1, 3, 5

- 0 - 0

Agree with WECC's comments regarding specifying what a Control Center is not.

Also Attachment No. 1 item four is too ambiguous. "can act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations".  How does a GOP prove that they can not develop specific dispatch instructions?

I suggest the following: "Generator Operators that develop specific written dispatch instructions for generation Facilities, at two or more locations in real-time (at the same time), that deviate from their Balancing Authority's dispatch instructions".

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Please refer to comments submitted by Robert Blackney on behalf of Southern California Edison

Kenya Streeter, Edison International - Southern California Edison Company, 6, 4/27/2018

- 0 - 0

WAPA desires clarification on the definition of “associated data centers”. As written, it could bring data centers into scope that have nothing to do with power systems operations, but are “associated” in some other way.  The qualifiers regarding “monitor and control the BES” and “host operating personnel” apply to the “One or more facilities” and not necessarily to “associated data centers”. As one example, there might be a business office data center that is associated with the facilities that monitor and host operating personnel.  Another example might be that a scheduling vendor’s data center (which provides Net Scheduled Interchange data) is associated with the facilities that operate a Balancing Authority.  More clarity is needed as to the intent in bringing “associated data centers” into this definition.

sean erickson, Western Area Power Administration, 1, 4/29/2018

- 0 - 0

Duke Energy disagrees with the proposed revisions to the definition of Control Center based on the existence of some ambiguities. Regarding “operating personnel”, is it the drafting team’s intent that to be considered as operating personnel, does the personnel need to be able to control equipment such as opening a breaker?  While we appreciate the drafting team’s effort to provide more detail to explain who “operating personnel” actually applies to in the definition of Control Center, perhaps it may be more beneficial for operating personnel to have its own definition.

Also, the phrase “associated data centers”, while already in use today, would benefit industry if a more common understanding was created.  For example, is it the drafting team’s intent that a facility would need to be manned to be considered applicable to this definition? Industry could benefit from having a common definition for “data center” as well.

Duke Energy offers the following suggested definition of Control Center for the drafting team’s consideration:

One or more facilities, including their associated data centers for the acquisition, aggregation, processing, or inter-utility exchange of Bulk Electric System (BES) data that is used to support Real-time operations to make operational decisions regarding reliability and operability of the BES, and also host operating personnel, who monitor and control the BES and

  1. perform the Real-time reliability-related tasks of a Reliability Coordinator; or Balancing Authority; or Transmission Operator for Transmission Facilities at two or more locations; or

  2. can act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations; or

  3. can operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time.

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Operating personnel is vague and broad. American Transmission Company LLC (ATC) proposes replacing operating personnel with the NERC Glossary of Terms defined term System Operator. As a result, ATC requests consideration of rephrasing the first sentence as follows “One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) and also host System Operators who:”

Douglas Johnson, 4/30/2018

- 0 - 0

Please refer to comments submitted by Robert Blackney on behalf of Southern California Edison

Steven Mavis, 4/30/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

- 0 - 0

1.  The use of “host” in the first sentence is not understood.

2.  The use of “including their associated data centers” in the proposed definition is a concern. Moving the “including their associated data centers” phrase as proposed, could suggest, to some, that the data center must host operating personnel.

3.  The use of “perform the Real-time reliability related tasks of a” in Numbers 1-3 in the proposed definition is a concern. The additions of, “Real-time” and “related” to the existing “reliability tasks” does not provide additional clarity. These wording choices appear to be a reference to the NERC Functional Model, since the current Introduction to the Function Model (V5) includes subsections labeled “Tasks” and “Real Time.” An entity that performs the reliability tasks listed in the Functional Model should have the appropriate Functional Registration. For purposes of the Control Center definition, the three criteria should be limited to entities with the RC, BA and TOP registrations. Adding this phrase to points 1 -3 of the proposed definition does not address the issue of “capability or authority” as it relates to “perform.” Therefore, Lakeland Electric recommends striking this phrase in all locations.

4. Using “can” in point number 4 of the definition is a concern.  Using “can” does not address the issue of “capability or authority.”  Therefore, it is unclear how “can act” differs from the “perform” used in points 1-3.  For example, if a VP of Operations for a GO (and not GOP) entity “can” order a unit shut to be shut down, would that entity’s facilities fit under the definition?  Lakeland Electric recommends removing the word “can.”

5.  Using “specific dispatch instructions” in definition point 4 is a concern.  It is unclear how the addition of the word “specific” differentiates between different dispatch instructions.  Therefore, Lakeland Electric recommends deleting the word “specific” and replacing the undefined “dispatch instructions” with the NERC defined term “Operating Instruction.”

6. The term “locations” used in point 4 is open to many interpretations and therefore causes concern.  It is unclear how “locations” is applied to dispersed generation, adjoining or nested substations and switchyards.  “Locations” may need to be defined in the NERC Glossary.

7. Use of “can” in the proposed definition point 5 causes concern. The word “can” does not address the issue of “capability or authority.”  It is unclear how “can act” differs from the “perform” used in definition points 1-3. As written, this qualifier seems to go against the CIP-002-5.1 GTB (page 24) which states, “A TO BES Cyber System in a TO facility that does not perform or does not have an agreement with a TOP to perform any of these functional tasks does not meet the definition of a Control Center.”  Therefore, Lakeland Electric recommends language that limits the scope to entities that have the capability.  In addition, to ensure clarity, the GTB would need to be updated to agree with this change.

8. Use of, “Real-time” in point 5 without a pertinent understanding of how it will be specifically understood, causes concerns. The determination of how “Real-time” is applied was made by the SDT for the BES Cyber Asset definition developed under project 2014-02  Critical Infrastructure Protection Standards Version 5 Revisions - CIP-003, CIP-004, to mean “within 15 minutes of a required operation”.  Lakeland Electric recommends that this 15-minute phrase be used in place of the “Real-time” term to ensure clarity.

9.  Lakeland Electric believes the point 5 qualifier should use, “two or more locations,” to provide clarity to the proposed definition. Without this qualifying phrase, a facility at a TO with a single BES substation could be identified as a Control Center when “operating personnel” are present. Depending on how “host(ing)” is defined, all control buildings at a TO substation could be Control Centers under the proposed definition.  APPA recommends adding the “two or more locations” phrase to this qualifying point 5.

10. Regarding exclusions with respect to operating personnel, point 1 states, “plant operators located at a generator plant site, or personnel at a centrally located dispatch center who….”  It is unclear if both parts (plant operators~personnel) of this exclusion point, apply to only generation?  The phrase, “generator plant site” can include both BES and non-BES generation and presents a lack of clarity. Public power recommends replacing “dispatch center” with “personnel who.”  It is also possible for an operating instruction to be relayed for Transmission and not just Generation.  Therefore, Lakeland Electric recommends removing the specific language limiting this exclusion to generation.

11.  Exclusion point 1 includes, “dispatch instructions,” which is not a defined term. Lakeland Electic recommends replacing it with the NERC defined term “Operating Instruction.”

The suggestions above could result in the following definition:

 

One or more facilities that monitor and control the Bulk Electric System (BES) and host operating personnel during normal operations, including the facilities’ associated data centers, of a:

1) Reliability Coordinator; or

2) Balancing Authority; or

3) Transmission Operator for Transmission Facilities at two or more locations; or

4) Generator Operator that act independently to develop Operating Instructions for generation Facilities at two or more locations;

5) Generation Owner or Generation Operator that have generation Facilities that;

           i) must operate, within 15 minutes of a required operation and

          ii) are at two or more locations or

6) Transmission Owner that have the Transmission Facilities that:

           i) must operate, within 15 minutes of a required operation and

          ii) are at two or more locations or

 

Operating personnel do not include:

1) plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay Operating Instructions without making any modifications; or

2) field switching personnel.

 

Larry Watt, Lakeland Electric, 1, 4/30/2018

- 0 - 0

The NERC Rules of Procedure Section 500 and Appendix 5A require an entity which registers as a Balancing Authority (BA), Reliability Coordinator (RC), and Transmission Operator (TOP) to undergo Certification which requires an audit and readiness review of the registering entity to perform the functions of a BA, RC, or TOP.  The control centers would have been identified under the program with exclusion to a GOP dispatcher for generation Facilities at two or more locations.

The current Control Center definition introduces the concept of a GOP Control Center and uses the undefined term “operating personnel.”  The proposed Control Center definition creates potential conflict by overstating a control center function, attempting to define operating personnel, and uses the undefined term “plant operator.”

Recommend the following changes to the proposed Control Center definition and creation of an Operations Personnel definition.

Control Center - One or more facilities, including associated data centers, that hosts Operations Personnel who monitor, operate, or direct the operation of the Bulk Electric System (BES) in Real-time of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generator Operator’s generation Facilities at two or more locations.

Operations Personnel - Includes System Operators, Transmission Owner personnel, and centrally located dispatch personnel who develop specific dispatch instructions for Generator Operators under their control.  The Transmission Owner or Transmission Operator personnel exclude field switching personnel.  The dispatch personnel exclude Generator Operators who relay dispatch instructions without making any modifications.

Entergy, Segment(s) 1, 5, 12/13/2017

- 0 - 0

NRECA strongly disagrees with the wording in item 5) of the proposed revised Control Center definition.  As we have stated numerous times, a TO should not be considered to own/operate a Control Center unless they have the capability AND independent authority to operate BES Transmission Facilities in Real-time.  NRECA recommends that item 5) be redrafted as follows: 5) can act with independent authority and capability to operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time.

Barry Lawson, National Rural Electric Cooperative Association, 4, 4/30/2018

- 0 - 0

Comment 1 - Exelon would like to see the following modification made to 5. :

          5. can operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time, at two or more locations.

Without this additional language, Exelon is concerned that the current language in 5. may bring some currently out-of-scope relay houses into scope as Medium Control Centers.

Comment 2 - Exelon questions the wording of the first item under “Operating personnel do not include:” Exelon suggests the following wording change:

1. plant operators located at a generator plant site or personnel at a centrally located dispatch center who can only relay dispatch instructions and cannot make any modifications; or

This covers the situation where the normal process is for dispatch instructions to be relayed without modification, however, the system would allow the operating personnel to make modifications to the dispatch instructions.

Daniel Gacek, Exelon, 1, 4/30/2018

- 0 - 0

The proposed changes to the definition do not address all of the “opportunities for clarification” and may add additional areas of uncertainty.  Some of these issues are:

 1) “host”:  Does this mean that a facility is a Control Center only when operating personnel are in the room?  Example: A DP/TO with a two 115KV BES Substations staffs their emergency operations room during weather related emergency conditions.  The facility can control the BES breakers at the BES substations.  The facility is not staffed at most other times.  Does this facility “host” operating personnel? Does this mean that a facility is a Control Center only when operating personnel are in the room? Adding the phrase “during normal operations” is meant to exclude locations like those mentioned in the example.  We feel that this better defines a control center but may require that the list of assets in CIP-002 R1 be modified to include other assets.  “Host” may need to be defined in the NERC Glossary.

2) “including their associated data centers”: Moving the “including their associated data centers” phrase, as proposed, could allow the interpretation that the data center must host operating personnel.  Suggest restructuring this sentence. A suggested version of this language is included in the proposed definition included at the end of these comments.

3) Inclusion lines 1-3, “perform the Real-time reliability related tasks of a”: It is unclear how adding “Real-time” and “related” to the existing “reliability tasks” provides any clarity.  This seems to be a direct reference to the NERC Functional Model.  The Introduction to the Function Model (V5) as it includes subsections labeled “Tasks” and “Real Time.” An entity that performs the reliability tasks listed in the Functional Model should have the appropriate Functional Registration.  These three criteria should be limited to entities with the RC, BA and TOP registrations. Adding this phrase to the inclusion lines 1 -3 does not address the issue of “capability or authority” as it relates to “perform”.  Suggest striking this phrase in all locations.

4)  Inclusion line 4, “can”:   The word “can” phrase does not address the issue of “capability or authority”.  It is unclear how “can act” differs from the “perform” used in lines 1-3.   Does and entity meet this qualifier if a VP of Operations for a GO (and not GOP) entity can order that a unit shut down?  Suggest removing the word “can”.

5) Inclusion line 4, “specific dispatch instructions”.  It is unclear how the addition of the word “specific” differentiates between different dispatch instructions.  Suggest deleting the word specific and replacing the undefined “dispatch instructions” with the NERC defined term “Operating Instruction”.

6) Inclusion line 4.  This proposed definition does not include Generation that responds to Operating instructions for generation at two or more locations.  Propose adding an inclusion that is similar to the inclusion criteria for Transmission Owners with Transmission Facilities at two or more locations.

7) Inclusion line 4, “locations”.  The term “locations” is open to many interpretations.  It is unclear how “locations” is applied to dispersed generation or adjoining or nested substations or switchyards.  “Locations” may need to be defined in the NERC Glossary.

8) Inclusion line 5, “can”:   The word “can” does not address the issue of “capability or authority”.  It is unclear how “can act” differs from the “perform” used in lines 1-3. As written, this qualifier seems to go against the CIP-002-5.1 GTB (page 24) which states “A TO BES Cyber System in a TO facility that does not perform or does not have an agreement with a TOP to perform any of these functional tasks does not meet the definition of a Control Center.”  Suggest replacing with language that limits the scope to entities that have the capability.  The GTB would need to be updated to agree with this change. 

9)  Inclusion line 5, “Real-time”: The determination of how “Real-time” is applied was made by previous SDT to mean “within 15 minutes of a required operation”.  Suggest that this 15-minute phrase be used in place of the “Real-time” term.

10) Inclusion line 5, “two or more locations”:  This qualifier does not include the “two or more locations” phrase.  Without this phrase, a facility at a TO with a single BES substation could be identified as a Control Center when “operating personnel” are present.  Depending on how “hosting” is defined, all control buildings at a TO substation could be Control Centers.  Suggest adding the “two or more locations” phrase to this qualifier.

11) Exclusions line 1, “plant operators located at a generator plant site or personnel at a centrally located dispatch center who”: It is unclear if both parts of this exclusion line applies to only generation. “generator plant site” would apply to both BES and non-BES generation. “Dispatch center” is undefined an could include the offices that dispatches service personnel. Suggest replacing the term with “personnel who”.  It is also possible for an operating instruction to be relayed for Transmission and not just Generation.  Suggest removing the specific language limiting this exclusion to generation.

12) Exclusion line 1, “dispatch instructions”.  This term is undefined.  Suggest replacing it with the NERC defined term “Operating Instruction”.

13) Change “Transmission Owner or Transmission Operator field switching personnel” to just “Field switching personnel” so that all field switching personnel are excluded.

The suggestions above could result in the following definition:

One or more facilities that monitor and control the Bulk Electric System (BES) and host operating personnel during normal operations, including the facilities’ associated data centers, of a:

1) Reliability Coordinator; or

2) Balancing Authority; or

3) Transmission Operator for Transmission Facilities at two or more locations; or

4) Generator Operator that act independently to develop Operating Instructions for generation Facilities at two or more locations;

5) Generation Owner or Generation Operator that monitor and control generation Facilities that;

           i) must operate, within 15 minutes of an operation required by an Operating Instruction and

          ii) are at two or more locations or

6) Transmission Owner that monitor and control Transmission Facilities that:

           i) must operate, within 15 minutes of an operation required by an Operating Instruction and

          ii) are at two or more locations or

 

Operating personnel do not include:

1) personnel who relay Operating Instructions without making modifications; or

2) field switching personnel.

Brian Evans-Mongeon, Utility Services, Inc., 4, 4/30/2018

- 0 - 0

AECI supports comments provided by NRECA

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

While Xcel Energy generally agrees with the proposed revisions, there is some concern with the lack of clarity in the verbiage in items #4 and #5.  We note the exception of operating personnel identified in #1 and #2 of the "Operating personnel do not include" section. However, additional clarity provided would resolve cencerns.  Xcel Energy suggests editing the language to read:

4) Has the authority to act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations; or

5) Has the authority to operate or direct the operation of a Transmission Owner's BES Transmission Facilities in Real-time.

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Ellen Oswald, 4/30/2018

- 0 - 0

  • The term "operating personnel" should be changed to NERC defined term "System Operator".

 

  • We believe the definition is overly complicated. Please consider the following wording to replace items 1-5:

 

A facility, including its associated data center(s), that houses equipment for the monitoring and control of the Bulk Electric System (BES) and also System Operators who must be trained in accordance with NERC Standard PER-005-2.

 

Rationale: FERC challenged NERC to identify those personnel whose job duties that have real-time reliability implications for BES reliability. As a response to the FERC directive, NERC established PER-005 to identify and govern those individuals who are RC, TOP, BA, TO, or GOP who have the real-time reliability tasks. On its face then, PER-005-2 identifies everyone whose work assets should be protected and also by exclusion those whose assets do not need to be protected since their work product does not affect real-time reliability (I.e. or else they should be trained.)

David Jendras, Ameren - Ameren Services, 3, 4/30/2018

- 0 - 0

James Anderson, 4/30/2018

- 0 - 0

FMPA agrees with the following comments from APPA:

APPA believes that the proposed Control Center definition needs to identify and address additional “opportunities for clarification.” Currently, the lack of clarity on these additional items increases uncertainty associated with the implementation of the proposed Control Center definition. “opportunities for clarification” include:

1.   The use of “host” in the first sentence is not understood. Does this mean that a facility is a Control Center only when operating personnel are in the room?  As an example:

a.   An entity registered as a DP/TO with a two 115KV BES Substations staffs their emergency operations room during weather-related emergency conditions.  Otherwise, the facility is not staffed.  The facility can control the BES breakers at the BES substations.

Does the above scenario represent an instance that the facility is “host(ing)” operating personnel at the facility during emergencies? The proposed definition implies that a facility is a Control Center when operating personnel are (ever) in the room. APPA believes that adding the phrase, “host during normal operations” would provide the needed clarity. We believe that this change would improve the proposed Control Center definition.  Public power recognizes that this change may require that the list of assets in CIP-002 R1 be modified to include other assets.  Moreover, “host” may need to be defined in the NERC Glossary.

2. The use of “including their associated data centers” in the proposed definition is a concern. Moving the “including their associated data centers” phrase as proposed, could suggest, to some, that the data center must host operating personnel.  Public power suggests restructuring this sentence. A suggested version of this language is included in the proposed definition provided at the end of these comments.

3.  The use of “perform the Real-time reliability related tasks of a” in Numbers 1-3 in the proposed definition is a concern. The additions of, “Real-time” and “related” to the existing “reliability tasks” does not provide additional clarity. These wording choices appear to be a reference to the NERC Functional Model, since the current Introduction to the Function Model (V5) includes subsections labeled “Tasks” and “Real Time.” An entity that performs the reliability tasks listed in the Functional Model should have the appropriate Functional Registration. For purposes of the Control Center definition, the three criteria should be limited to entities with the RC, BA and TOP registrations. Adding this phrase to points 1 -3 of the proposed definition does not address the issue of “capability or authority” as it relates to “perform.” Therefore, APPA recommends striking this phrase in all locations.

4. Using “can” in point number 4 of the definition is a concern.  Using “can” does not address the issue of “capability or authority.”  Therefore, it is unclear how “can act” differs from the “perform” used in points 1-3.  For example, if a VP of Operations for a GO (and not GOP) entity “can” order a unit shut to be shut down, would that entity’s facilities fit under the definition?  APPA recommends removing the word “can.”

5.  Using “specific dispatch instructions” in definition point 4 is a concern.  It is unclear how the addition of the word “specific” differentiates between different dispatch instructions.  Therefore, APPA recommends deleting the word “specific” and replacing the undefined “dispatch instructions” with the NERC defined term “Operating Instruction.”

6. The proposed definition’s point 4 does not include Generation that responds to operating instructions for generation at two or more locations.  APPA proposes adding inclusion criteria for Generation, similar to the inclusion criteria for Transmission Owners with Transmission Facilities at two or more locations

7. The term “locations” used in point 4 is open to many interpretations and therefore causes concern.  It is unclear how “locations” is applied to dispersed generation, adjoining or nested substations and switchyards.  “Locations” may need to be defined in the NERC Glossary.

8. Use of “can” in the proposed definition point 5 causes concern. The word “can” does not address the issue of “capability or authority.”  It is unclear how “can act” differs from the “perform” used in definition points 1-3. As written, this qualifier seems to go against the CIP-002-5.1 GTB (page 24) which states, “A TO BES Cyber System in a TO facility that does not perform or does not have an agreement with a TOP to perform any of these functional tasks does not meet the definition of a Control Center.”  Therefore, APPA recommends language that limits the scope to entities that have the capability.  In addition, to ensure clarity, the GTB would need to be updated to agree with this change.

9. Use of, “Real-time” in point 5 without a pertinent understanding of how it will be specifically understood, causes concerns. The determination of how “Real-time” is applied was made by the SDT for the BES Cyber Asset definition developed under project 2014-02  Critical Infrastructure Protection Standards Version 5 Revisions - CIP-003, CIP-004, to mean “within 15 minutes of a required operation”.  APPA recommends that this 15-minute phrase be used in place of the “Real-time” term to ensure clarity.

10. APPA believes the point 5 qualifier should use, “two or more locations,” to provide clarity to the proposed definition. Without this qualifying phrase, a facility at a TO with a single BES substation could be identified as a Control Center when “operating personnel” are present. Depending on how “host(ing)” is defined, all control buildings at a TO substation could be Control Centers under the proposed definition.  APPA recommends adding the “two or more locations” phrase to this qualifying point 5.

11. Regarding exclusions with respect to operating personnel, point 1 states, “plant operators located at a generator plant site, or personnel at a centrally located dispatch center who….”  It is unclear if both parts (plant operators~personnel) of this exclusion point, apply to only generation?  The phrase, “generator plant site” can include both BES and non-BES generation and presents a lack of clarity. Public power recommends replacing “dispatch center” with “personnel who.”  It is also possible for an {C}1)      operating instruction to be relayed for Transmission and not just Generation.  Therefore, APPA recommends removing the specific language limiting this exclusion to generation.

12.  Exclusion point 1 includes, “dispatch instructions,” which is not a defined term. Public power recommends replacing it with the NERC defined term “Operating Instruction.”

The suggestions above could result in the following definition:

One or more facilities that monitor and control the Bulk Electric System (BES) and host operating personnel during normal operations, including the facilities’ associated data centers, of a:

1) Reliability Coordinator; or

2) Balancing Authority; or

3) Transmission Operator for Transmission Facilities at two or more locations; or

4) Generator Operator that act independently to develop Operating Instructions for generation Facilities at two or more locations;

5) Generation Owner or Generation Operator that have generation Facilities that;

           i) must operate, within 15 minutes of a required operation and

          ii) are at two or more locations or

6) Transmission Owner that have the Transmission Facilities that:

           i) must operate, within 15 minutes of a required operation and

          ii) are at two or more locations or

Operating personnel do not include:

          1) personnel who relay Operating Instructions without making modifications; or

                2) field switching personnel.

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Andrey Komissarov, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

Agree with WECC's comments regarding specifying what a Control Center is not.

Also Attachment No. 1 item four is too ambiguous. "can act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations".  How does a GOP prove that they can not develop specific dispatch instructions?

I suggest the following: "Generator Operators that develop specific written dispatch instructions for generation Facilities, at two or more locations in real-time (at the same time), that deviate from their Balancing Authority's dispatch instructions".

Dennis Sismaet, Northern California Power Agency, 6, 4/30/2018

- 0 - 0

Cowlitz PUD supports the comments submitted by Brian Evans-Mongeon, Utility Services Inc.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

We support the following RSC comments :

  • recommend changing "dispatching instructions" with the defined term "Operating instructions".
  • Inclusion line 5 : "can" : The word “can” phrase does not address the issue of “capability or authority”.  It is unclear how “can act” differs from the “perform” used in lines 1-3. As written, this qualifier seems to go against the CIP-002-5.1 GTB (page 24) which states “A TO BES Cyber System in a TO facility that does not perform or does not have an agreement with a TOP to perform any of these functional tasks does not meet the definition of a Control Center.”  Recommend 1) replacing with language that limits the scope to entities that have the capability; 2) updating the GTB language to the new definition
  •  Inclusion line 5, “two or more locations”:  This qualifier does not include the “two or more locations” phrase.  Without this phrase, a facility at a TO with a single BES substation could be identified as a Control Center when “operating personnel” are present.  Depending on how “hosting” is defined, all control buildings at a TO substation could be Control Centers.  Recommend adding the “two or more locations” phrase to this qualifier.

  • Exclusions line 1, “plant operators located at a generator plant site or personnel at a centrally located dispatch center who”: It is unclear if both parts of this exclusion line applies to only generation. “generator plant site” would apply to both BES and non-BES generation. “Dispatch center” is undefined and could include the offices that dispatches service personnel. Recommend replacing the “plant operators located at a generator plant site or personnel at a centrally located dispatch center who” with “personnel who”.

  • Exclusion line 1, “dispatch instructions”.  This term is undefined.  Recommend replacing it with the NERC defined term “Operating Instruction”.

  • Recommend removing Transmission Operator and Transmission Owner from the second exclusion, because Generator personnel can also perform field switching.

 

Our recommendations above could result in the following proposed definition:

One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) and also host operating personnel who:

  1. perform the Real-time reliability tasks of a Reliability Coordinator, or

  2. perform the Real-time reliability tasks of a Balancing Authority; or

  3. perform the Real-time reliability tasks of a Transmission Operator for Ttransmission Facilities at two or more locations;, or

  4. has the capacity to  act independently as the a Generator Operator to develop Operating instructions for generation Facilities at two or more locations; or.

  5. has the capability to  operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time at two or more locations.

Operating personnel do not include:

1) personnel who relay Operating Instructions without making modifications; or

2) field switching personnel.

Nicolas Turcotte, On Behalf of: Hydro-Qu?bec TransEnergie, , Segments 1

- 0 - 0

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

Dmitriy Bazylyuk, 4/30/2018

- 0 - 0

Supporting the MRO NSRF's comments.

George Brown, Acciona Energy North America, 5, 4/30/2018

- 0 - 0

What does “Can act independently as the GOP” mean? Does “develop specific dispatch instructions” mean “develop specific dispatch instructions after receiving direction from the GOP’s RC, BA, TOP, or TO”? There has been confusion within the generation industry on this meaning as evident in comments, questions, and concerns raised during the PER-005-2 project.

 

The current interpretation of the proposed definition as it relates to Generator Operators will impact not only NERC CIP Standards, but Operations and Planning Standards as well. With respect to CIP Standards, there are numerous generation control centers that do not develop specific dispatch instructions. Due to this, the proposed definition would impact the classification of BES Cyber Systems as required in CIP-002. Furthermore, generation control centers with more than 1,500 MW in one or more Interconnection(s) would be able to easily revise operating protocols to ensure the entity never reaches the criteria to be classified as a Medium Impact BES Cyber Systems as defined with CIP-002. This loophole would not support the reliability of the Bulk Electric System.

 

EDPR NA advises the SDT to reconsider revising the definition of Control Center, which will have a significant impact on all NERC Standards, and include applicability segments to the desired standard similar to PER-005-2 rather than revising the definition of Control Center.

Heather Morgan, On Behalf of: EDP Renewables North America LLC, , Segments 5

- 0 - 0

No comments.

Teresa Cantwell, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

NV Energy believes that it is time to address the term “data centers” within the definition. If there is no defined NERC Glossary Term for a “data center”, the term becomes ambiguous, and interpretation is too subjective. NV Energy believes that NERC should address defining this term at this time.

NERC should provide further clarity within the revised definition, by adding the term “System Operator”, as the individuals perform the RT reliability tasks. This would better align with the expectation of the applicable parties/facilities that the NV Energy believes the definition is looking to address.

NV Energy identifies concerns with the Control Center definition and PER-005-2. The inclusion of “Real-Time reliability tasks” to the definition creates confusion between the standards. PER-005-2 identifies that Entities define their BES-company-specific RT reliability tasks, but the revised definition does not recognize that RT reliability tasks are Entity-specific.  The definition should address that the RT reliability tasks performed at these locations, are defined by the Entity themselves, in order to better align with the existing PER-005-2 Standard.

NV Energy believes the use of passive action language as “…can act” is an issue. The inclusion of this language creates more questions than answers for defining Control Centers.

The exclusions section of the definition should also include a reference to Operations Support Personnel (i.e. IT and/or OT personnel), especially with inclusion of the PER-005-2 term, Real-time reliability tasks.

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 4/30/2018

- 0 - 0

John Merrell, Tacoma Public Utilities (Tacoma, WA), 1, 4/30/2018

- 0 - 0

We recommend the SDT consider approaches that correspond the scope of RC, TOP and BA Control Centers to the scope of EOP-008 and incorporate System Operator.  We recommend considering qualifying draft criteria 1 (RC), 2 (BA) and 3 (TOP) with the concept of “System Operator.” This aligns with the BES risk intended.  We are concerned that EOP-008 appears absent in consideration of solutions for the definition with respect to RCs, TOPs and BAs. Yet, all EOP-008 versions since June 2007 have the stated purpose to continue reliable operations “in the event its control center becomes inoperable” and don’t appear to have problems identifying the primary and backup control centers (Note: EOP-008 does not use the Glossary Control Center term). The Control Center definition has problematically created ambiguity since its origination, especially with the concept of “two or more locations.” We also agree with MRO NSRF comments that “One or more facilities” should be reconsidered as well as “reliability related tasks.”

In the GOP criteria (inclusion 4 and exclusion 1), following PER’s words exactly is not working. For inclusion 4, “can act” and having the authority to act are not the same thing. See MRO NSRF comments. For exclusion 2, we reiterate comments from prior drafts that the PER concept of “plant operators located at a generator plant site” is antiquated and does not comprehend dispersed generation, including combustion turbines, wind and solar. Consider for exclusion 2, “personnel who do not independently make modifications to dispatch instructions for generation Facilities.”

Inclusion 5 “can operate” is problematic. If a Transmission Owner can operate their Facilities at a substation (under the direction of a TOP) and not for switching, does inclusion 5 now make the substation a Control Center.

Additional exclusions are recommended to make it crystal clear that IT (information technology) and Operations Support Personnel are excluded.

We share concerns of other commenters on “data center” ambiguity. This includes other commenters concerns about how “and also host operating personnel” does or doesn’t apply to data centers as currently drafted grammatically.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 4/30/2018

- 0 - 0

We recommend the SDT consider approaches that correspond the scope of RC, TOP and BA Control Centers to the scope of EOP-008 and incorporate System Operator.  We recommend considering qualifying draft criteria 1 (RC), 2 (BA) and 3 (TOP) with the concept of “System Operator.” This aligns with the BES risk intended.  We are concerned that EOP-008 appears absent in consideration of solutions for the definition with respect to RCs, TOPs and BAs. Yet, all EOP-008 versions since June 2007 have the stated purpose to continue reliable operations “in the event its control center becomes inoperable” and don’t appear to have problems identifying the primary and backup control centers (Note: EOP-008 does not use the Glossary Control Center term). The Control Center definition has problematically created ambiguity since its origination, especially with the concept of “two or more locations.” We also agree with MRO NSRF comments that “One or more facilities” should be reconsidered as well as “reliability related tasks.”

 

In the GOP criteria (inclusion 4 and exclusion 1), following PER’s words exactly is not working. For inclusion 4, “can act” and having the authority to act are not the same thing. See MRO NSRF comments. For exclusion 2, we reiterate comments from prior drafts that the PER concept of “plant operators located at a generator plant site” is antiquated and does not comprehend dispersed generation, including combustion turbines, wind and solar. Consider for exclusion 2, “personnel who do not independently make modifications to dispatch instructions for generation Facilities.”

 

Inclusion 5 “can operate” is problematic. If a Transmission Owner can operate their Facilities at a substation (under the direction of a TOP) and not for switching, does inclusion 5 now make the substation a Control Center.

 

Additional exclusions are recommended to make it crystal clear that IT (information technology) and Operations Support Personnel are excluded.

 

We share concerns of other commenters on “data center” ambiguity. This includes other commenters concerns about how “and also host operating personnel” does or doesn’t apply to data centers as currently drafted grammatically.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 4/30/2018

- 0 - 0

APPA believes that the proposed Control Center definition needs to identify and address additional “opportunities for clarification.” Currently, the lack of clarity on these additional items increases uncertainty associated with the implementation of the proposed Control Center definition. “opportunities for clarification” include:

 

1)     The use of “host” in the first sentence is not understood. Does this mean that a facility is a Control Center only when operating personnel are in the room?  As an example:

 

a.      An entity registered as a DP/TO with a two 115KV BES Substations staffs their emergency operations room during weather-related emergency conditions.  Otherwise, the facility is not staffed.  The facility can control the BES breakers at the BES substations.

 

Does the above scenario represent an instance that the facility is “host(ing)” operating personnel at the facility during emergencies? The proposed definition implies that a facility is a Control Center when operating personnel are (ever) in the room. APPA believes that adding the phrase, “host during normal operations” would provide the needed clarity. We believe that this change would improve the proposed Control Center definition.  Public power recognizes that this change may require that the list of assets in CIP-002 R1 be modified to include other assets.  Moreover, “host” may need to be defined in the NERC Glossary.

 

2)     The use of “including their associated data centers” in the proposed definition is a concern. Using the “including their associated data centers” phrase as proposed, could suggest, to some, that the data center must host operating personnel.  Public power suggests restructuring this sentence. A suggested version of this language is included in the proposed definition provided at the end of these comments.

 

3)     The use of “perform the Real-time reliability related tasks of a” in Numbers 1-3 in the proposed definition is a concern. The additions of, “Real-time” and “related” to the existing “reliability tasks” does not provide additional clarity. These wording choices appear to be a reference to the NERC Functional Model, since the current Introduction to the Function Model (V5) includes subsections labeled “Tasks” and “Real Time.” An entity that performs the reliability tasks listed in the Functional Model should have the appropriate Functional Registration. For purposes of the Control Center definition, the three criteria should be limited to entities with the RC, BA and TOP registrations. Adding this phrase to points 1 -3 of the proposed definition does not address the issue of “capability or authority” as it relates to “perform.” Therefore, APPA recommends striking this phrase.

 

4)     Using “can” in point number 4 of the definition is a concern.  Using “can” does not address the issue of “capability or authority.”  Therefore, it is unclear how “can act” differs from the “perform” used in points 1-3.  For example, if a VP of Operations for a GO (and not GOP) entity “can” order a unit shut to be shut down, would that entity’s facilities fit under the definition?  APPA recommends removing the word “can.”

 

5)     Using “specific dispatch instructions” in definition point 4 is a concern.  It is unclear how the addition of the word “specific” differentiates between different dispatch instructions.  Therefore, APPA recommends deleting the word “specific” and replacing the undefined “dispatch instructions” with the NERC defined term “Operating Instruction.”

 

6)     The proposed definition’s point 4 does not include Generation that responds to operating instructions for generation at two or more locations.  APPA proposes adding inclusion criteria for Generation, similar to the inclusion criteria for Transmission Owners with Transmission Facilities at two or more locations.

 

7)     The term “locations” used in point 4 is open to many interpretations and therefore causes concern.  It is unclear how “locations” is applied to dispersed generation, adjoining or nested substations and switchyards.  “Locations” may need to be defined in the NERC Glossary.

 

8)     Use of “can” in the proposed definition point 5 causes concern. The word “can” does not address the issue of “capability or authority.”  It is unclear how “can act” differs from the “perform” used in definition points 1-3. As written, this qualifier seems to go against the CIP-002-5.1 GTB (page 24) which states, “A TO BES Cyber System in a TO facility that does not perform or does not have an agreement with a TOP to perform any of these functional tasks does not meet the definition of a Control Center.”  Therefore, APPA recommends language that limits the scope to entities that specifically have the capability.  In addition, to ensure clarity, the GTB would need to be updated to agree with this change. 

 

9)     Use of, “Real-time” in point 5 without a pertinent understanding of how it will be specifically understood, causes concerns. The determination of how “Real-time” is applied was made by the SDT for the BES Cyber Asset definition developed under project 2014-02  Critical Infrastructure Protection Standards Version 5 Revisions - CIP-003, CIP-004, to mean “within 15 minutes of a required operation”.  APPA recommends that this 15-minute phrase be used in place of the “Real-time” term to ensure clarity.

 

10) APPA believes the point 5 qualifier should use, “two or more locations,” to provide clarity to the proposed definition. Without this qualifying phrase, a facility at a TO with a single BES substation could be identified as a Control Center when “operating personnel” are present. Depending on how “host(ing)” is defined, all control buildings at a TO substation could be Control Centers under the proposed definition.  APPA recommends adding the “two or more locations” phrase to this qualifying point 5.

 

11) Regarding exclusions with respect to operating personnel, point 1 states, “plant operators located at a generator plant site, or personnel at a centrally located dispatch center who….”  It is unclear if both parts (plant operators~personnel) of this exclusion point, apply to only generation?  The phrase, “generator plant site” can include both BES and non-BES generation and presents a lack of clarity. Public power recommends replacing “dispatch center” with “personnel who.”  It is also possible for an operating instruction to be relayed for Transmission and not just Generation.  Therefore, APPA recommends removing the specific language limiting this exclusion to generation.

 

12) Exclusion point 1 includes, “dispatch instructions,” which is not a defined term. Public power recommends replacing it with the NERC defined term “Operating Instruction.”

 

The suggestions above could result in the following definition:

 

One or more facilities that monitor and control the Bulk Electric System (BES) and host operating personnel during normal operations, including the facilities’ associated data centers, of a:

 

1) Reliability Coordinator; or

2) Balancing Authority; or

3) Transmission Operator for Transmission Facilities at two or more locations; or

4) Generator Operator that act independently to develop Operating Instructions for generation Facilities at two or more locations;

5) Generation Owner or Generation Operator that monitor and control generation Facilities that;

           i) must operate, within 15 minutes of an operation required by an Operating Instruction and

          ii) are at two or more locations or

6) Transmission Owner that monitor and control the Transmission Facilities that:

           i) must operate, within 15 minutes of an operation required by an Operating Instruction and

          ii) are at two or more locations or

 

Operating personnel do not include:

1) personnel who relay Operating Instructions without making modifications; or

2) field switching personnel.

Jack Cashin, American Public Power Association, 4, 4/30/2018

- 0 - 0

Texas RE appreciates the opportunity to comment on the proposed revisions to the definition of a Control Center.  While Texas RE appreciates the Standard Drafting Team’s (SDT) efforts to develop a workable definition, Texas RE remains troubled regarding two aspects of the proposed revisions.  First, Texas RE believes that the proposed revisions to the Generator Operator (GOP) Control Center definition are problematic and will lead to reliability gaps.  Second, Texas RE contends that the use of the phrase “host operating personnel” could result in confusion among Registered Entities regarding the scope of their compliance obligations.  Texas RE respectfully requests that the SDT remove these changes from the proposed definition.  Alternatively, as detailed more fully below, the SDT must engage in a comprehensive review of the impact of these changes on all affective Reliability Standards and not simply focus on the proposed CIP-012 data exchange requirements. 

 

As an initial matter, Texas RE is concerned that the proposed GOP Control Center definition improperly narrows the Control Center scope solely to GOP facilities that “can act independently . . . to develop specific dispatch instructions.”  In Texas RE’s experience, a significant number of GOP entities have asserted that PER-005-2 is not applicable to their Control Centers due to language in that requirement limiting training obligations to circumstances in which GOP Control Center personnel act independently to develop specific dispatch instructions.  Given this experience, Texas RE is concerned that the use of similar concepts of “independent operations” and “developing dispatch instructions” will result in a number of GOPs believing that their Control Centers are now largely excluded from the scope of the NERC CIP Cyber Security standards altogether.  That is, the proposed definition implies that BES Cyber Systems located at significant centralized GOP control locations would longer meet the Medium or High Impact criteria in CIP-002-5.1a.  As such, these BES Cyber Systems, despite potentially controlling thousands of MWs of generation resources potentially would not be required to possess the full range of physical and electronic protections specified throughout the NERC CIP Standards applicable to Medium and High Impact BES Cyber Systems. 

 

Consider the following result.  Under the current Control Center definition, BES Cyber Systems located at a “Control Center” performing the functional obligations of a GOP for generating units at a single plant location with an aggregate net Real Power capability equal to or exceeding 1500 MW in a single interconnection are current considered to be a High Impact BES Cyber Systems.  Under the proposed Control Center definition, a GOP could reasonably conclude that because it only dispatches this 1500 MW Facility pursuant to the instructions from its Reliability Coordinator or Transmission Operator, it does not “independently” develop dispatch instructions.  As such, the associated facility would no longer be a Control Center under the definition.  Although the BES Cyber Systems at this facility are responsible for the control of a 1500 MW facility – identified by the Federal Energy Regulatory Commission (FERC) as the line at which the generation resource itself represents a heightened risk to reliability – the BES Cyber Systems at the facility actually controlling it would not need apply robust cyber security controls.  This is wholly contrary to the intent underpinning the development of the CIP-002-5.1 impact rating criteria to provide clear “bright-line” criteria that is rooted in the actual impact an associated facility can have on the BES. 

 

The SDT should decline to follow this approach.  At a minimum, the Texas RE recommends the SDT fully evaluate this issue, develop a record, and provide FERC with information regarding the rationale for fundamentally redefining the CIP Standards in this manner.

 

In addition to these concerns, Texas RE also asserts that the proposed definition’s use of the phrase “hosts operating personnel” is problematic.  Texas RE asserts that the Control Center definitions above apply equally to primary and backup Control Centers.  In Texas RE’s reading, both types of facilities are capable of hosting operating personnel and, therefore, properly fall within the Control Center definition and all associated requirements.  This reading makes sense from a reliability perspective, particularly given the expectation in EOP-008 that a backup Control Center will be capable of performing the same operating tasks as the primary Control Center for the duration of an issue at the primary facility.  The proposed definition, however, potentially clouds this clear reliability picture.  Specifically, entities could argue that only “hot” facilities actually “host operating personnel,” and exclude backup Control Centers from the definition.  This would be an erroneous reading of the definition.  However, Texas RE suggests that the SDT add additional clarification by inserting the phrase “are capable of” so that the proposed definition reads “also are capable of hosting operating personnel” to clarify this issue. 

 

Lastly, Texas RE is concerned that “Real-time reliability related tasks” is not defined.  This will lead to each registered entity having its own criteria and not being consistent with the other entities performing the same function.  It also may not include Operations Planning Analysis, which is just as important for reliable operations as Real-time analysis. 

Rachel Coyne, Texas Reliability Entity, Inc., 10, 4/30/2018

- 0 - 0

Please see PacifiCorp’s suggested edits to the definition below:

One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) and also host operating personnel who:

1)         are System Operators that perform the Real-time reliability-related tasks of a Reliability Coordinator; or

2)         are System Operators that perform the Real-time reliability-related tasks of a Balancing Authority; or

3)         are System Operators that perform the Real-time reliability-related tasks of a Transmission Operator for Transmission Facilities at two or more locations; or

4)         are Generator Operator dispatch personnel at a centrally located dispatch center who receive direction from the Generator Operator’s Reliability Coordinator, Balancing Authority, Transmission Operator, or Transmission Owner, and may develop specific dispatch instructions for plant operators under their control for generation Facilities at two or more locations; or      

The current phrase "  can act indepently as the Generator Operator to develop specific dispatch instructions" has been deleted from the proposed text above. 

5)         are Transmission Owner personnel who can act independently to operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time.

Operating personnel do not include:

1)         are Generator Operator plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications; or

2)         Transmission Owner or Transmission Operator field switching personnel.

3)         Information Technology and Operational Technology personnel that perform task related to maintenance and security on BES Cyber Systems.

Adding System Operators to the scope of items 1, 2, & 3 narrows the scope sufficiently to include only the personnel trained and certified to operate the BES.   The edits to item 4, along with exclusion 1, reflect the applicability from PER-005-2 for Generator Operators.  However, we would like the Standards Drafting Team to address comments from prior drafts that the PER concept of “plant operators located at a generator plant site” is antiquated and does not comprehend dispersed generation, including combustion turbines, wind and solar, by making further changes to the exclusion or adding one for dispersed generation.  The edits to item 5 reflect the applicability from PER-005-2 for Transmission Owner personnel.  Adding an exclusion for Information Technology and Operational Technology personnel allows for them to perform their tasks related to their job descriptions without limiting the number of locations that they can be connected and communicating to at any given time, or inadvertently including them as operating personnel should they occupy a desk in a Control Center or associated data center.  We share concerns of other commenters on “data center” ambiguity. This includes other commenters concerns about how “and also host operating personnel” does or doesn’t apply to data centers as currently drafted grammatically.

Sandra Shaffer, On Behalf of: Berkshire Hathaway - PacifiCorp, , Segments 6

- 0 - 0

Southern Company would like to see clarification regarding the inclusion and exclusion statements where there are instances that a Generator Operator may partially meet an inclusion and exclusion at the same time.  For example, a Generator Operator that does not “act independently” outside of its BA/RC, but that does develop specific dispatch instructions for non-reliability related functions may or may not be interpreted to be scoped in under this proposed definition.  A Generator Operator may act independently to develop specific dispatch instructions that are relayed from a centrally located dispatch center to plant personnel (i.e., the GOP can monitor only – not monitor AND control), and may or may not be interpreted to be scoped in under this proposed definition.  Additionally, if there is a facility that houses field switching personnel exclusively, and field switching is identified by a RC, BA and/or TOP as a “Real-time reliability-related task” in their PER-005-2 training programs, and the entity for which the field switching personnel are associated is registered as a RC, BA and/or TOP, then there is a conflict between the inclusions and exclusions.

 

Southern questions the use of “Real-time reliability tasks” in the scope of inclusions 1 through 3, but not in the scope of inclusions 4 and 5, and feels the term should be further defined. If the intent is an indirect reference to PER-005‑2 that uses the term “Real-time reliability-related tasks”, where applicability is to a Balancing Authority, Transmission Operator, Reliability Coordinator and Transmission Owner (even though the PER-005‑2 Standard applies to GOPs), this indirectly implies that the Generator Operator typically does not perform “Real‑time reliability‑related tasks”, and therefore a specific exclusion to this effect is not warranted.  This also appears to manifest itself in a change in wording for Inclusion Item 4 to “can act independently” in reference to the Generator Operator.  The ability to act (i.e., “can”) is not equivalent to the authority to act.  If the word “independently” included here is intended to suggest authority, then this remains ambiguous, at best. Southern feels that the definition of Control Center can be more clearly stated if more clarity is provided around what constitutes “Real-time reliability tasks”.  For example, Southern suggests that to provide clarity the wording should be changed to: “GOPs that have been granted the authority by a BA, TOP or RC to make reliability decisions and incorporate these into their dispatch instructions.”

Southern also requests additional clarity be provided on the intent of the term “dispatch instructions” versus the NERC defined term “Operating Instructions.”  We are not comfortable proceeding in support of this change without clarity on these terms and their use or omission from the proposed definition.   

Additionally, Southern provides the following proposed definition of Control Center:

One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) in Real-time and also hosts operating personnel that perform Real-time reliability-related tasks as defined and identified by the applicable Reliability Coordinator(s), Balancing Authority(ies), or Transmission Operator(s).  Note: Real-time reliability-related tasks do not include the execution of Operating Instructions by Generator Operators as issued by applicable Reliability Coordinator(s), Balancing Authority(ies), or Transmission Operator(s).

 Note that the above definition does not require inclusions or exclusions. If there is a facility housing operating personnel under a Generator Operator registration and those operators monitor and control BES assets in real-time and perform Real-time reliability-related tasks defined and identified by their RC, BA or TOP, then the facility is a Control Center.  If there is a facility that houses field switching personnel that monitor and control BES assets in real-time and perform Real-time reliability-related tasks defined and identified by their RC, BA or TOP, then the facility is a Control Center. If there is a facility that houses field switching personnel, but the facility does not allow for monitoring and control of BES assets in real-time, or does not perform Real-time reliability-related tasks defined and identified by their RC, BA or TOP, then the facility is not a Control Center.

 

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

1.      ACES supports the standard drafting team (SDT) and NERC efforts to clarify the definition of a Control Center. However, ACES suggests the SDT use NERC-defined terms that have been industry vetted and/or defined in the NERC Glossary of Terms, and those terms used consistently.  Examples of terms that are vague, overly broad, and/or not NERC-defined include “operating personnel”, “Real-time reliability tasks”, “monitor and control” (does the ability to “monitor” belong in the definition at all?), and “2 or more locations.”  

 

2.      ACES requests further clarification regarding Line (5) regarding operation of a Transmission Owner’s BES Transmission Facilities in Real-time to eliminate any confusion by small entities operating under a TOP’s jurisdictional control.  ACES suggests the following alternative language:

 

5) “acts independently to operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time.”  

 

3.      As proposed, the Control Center definition seems to be encompassing all entities with BES Facilities, regardless of size or impact to the BES.  From a cyber-security standpoint, we understand that a cyber attacker is not going to ask permission from a TOP before performing actions on the BES, and that NERC is trying to address that risk.  However, aren’t those risks and mitigations addressed in the Low Impact CIP Requirements?  Is it NERC’s intent to pull virtually every control center and associated data center into scope?  Many small entities (with no material impact to the BES) would be brought in under the proposed definition.   

ACES Standards Collaborators, Segment(s) 1, 3, 4, 5, 4/30/2018

- 0 - 0

The proposed changes to the definition do not address all of the “opportunities for clarification” and may add additional areas of uncertainty.  Some of these issues are:

 

1) Inclusion lines 1-3, Recommend striking “perform the Real-time reliability related tasks of a:” this phrase in all locations. It is unclear how adding “Real-time” and “related” to the existing “reliability tasks” provides any clarity.  This seems to be a direct reference to the NERC Functional Model.  The Introduction to the Function Model (V5) as it includes subsections labeled “Tasks” and “Real Time”. An entity that performs the reliability tasks listed in the Functional Model should have the appropriate Functional Registration.  Adding this phrase to the inclusion lines 1 -3 does not address the issue of “capability or authority” as it relates to “perform”. Inclusions line 1-3 should only apply to Entity with those Functional Registrations

 

2)  Inclusion line 4, “can act independently”:   The word “can” phrase does not address the issue of “capability or authority”.  It is unclear how “can act” differs from the “perform” used in lines 1-3.   Does an entity meet this qualifier if a VP of Operations for a GO (and not GOP) entity can order that a unit shut down?  Recommend removing the word “can”.

 

3) Inclusion line 4, “specific dispatch instructions”.  It is unclear how the addition of the word “specific” differentiates between different dispatch instructions.  Recommend replacing the undefined “dispatch instructions” with the NERC defined term “Operating Instruction”.

 

4) Inclusion line 5, “can”:   The word “can” phrase does not address the issue of “capability or authority”.  It is unclear how “can act” differs from the “perform” used in lines 1-3. As written, this qualifier seems to go against the CIP-002-5.1 GTB (page 24) which states “A TO BES Cyber System in a TO facility that does not perform or does not have an agreement with a TOP to perform any of these functional tasks does not meet the definition of a Control Center.”  Recommend 1) replacing with language that limits the scope to entities that have the capability; 2) updating the GTB language to the new definition

 

5) Inclusion line 5, “two or more locations”:  This qualifier does not include the “two or more locations” phrase.  Without this phrase, a facility at a TO with a single BES substation could be identified as a Control Center when “operating personnel” are present.  Depending on how “hosting” is defined, all control buildings at a TO substation could be Control Centers.  Recommend adding the “two or more locations” phrase to this qualifier.

 

6) Exclusions line 1, “plant operators located at a generator plant site or personnel at a centrally located dispatch center who”: It is unclear if both parts of this exclusion line applies to only generation. “generator plant site” would apply to both BES and non-BES generation. “Dispatch center” is undefined and could include the offices that dispatches service personnel. Recommend replacing the “plant operators located at a generator plant site or personnel at a centrally located dispatch center who” with “personnel who”.

 

7) Exclusion line 1, “dispatch instructions”.  This term is undefined.  Recommend replacing it with the NERC defined term “Operating Instruction”.

 

8) Recommend removing Transmission Operator and Transmission Owner from the second exclusion, because Generator personnel can also perform field switching.

 

The recommendations above could result in the following definition:

 

One or more facilities that monitor and control the Bulk Electric System (BES) and host operating personnel, including the facilities’ associated data centers, of a:

 

1) Reliability Coordinator; or

2) Balancing Authority; or

3) Transmission Operator for Transmission Facilities at two or more locations; or

4) Generator Operator that act independently to develop Operating Instructions for generation Facilities at two or more locations; or

5) Transmission Owner that have the capability to operate, in Real-time, the Transmission Owner’s Transmission Facilities, at two or more locations.

 

Operating personnel do not include:

1) personnel who relay Operating Instructions without making modifications; or

2) field switching personnel.

RSC no Dominion, NextEra and HQ, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 4/30/2018

- 0 - 0

For all occurrences of the following terms, Reclamation recommends changing “Facilities” to “BES Facilities,” “Transmission Facilities” to “BES Transmission Facilities,” and “generation Facilities” to “BES generation Facilities” to reduce confusion.  Therefore, first paragraph of the proposed definition should be revised to state:

“One or more BES facilities, including their associated Data Centers, that monitor and control the BES and also host System Operators who...”

 and items 3 and 4 of the proposed definition should be revised as follows:

  • perform the Real-time reliability-related tasks of a Transmission Operator for any BES Transmission Facilities; or

  • can act independently as the Generator Operator to develop specific dispatch instructions for any BES generation Facilities.

 

Reclamation also recommends adding the following definitions to the NERC Glossary of Terms:

  • Data Center: A location used to interchange BES Data.

  • BES Data: BES reliability operating services information affecting Operational Planning Analysis, Real-time Assessments, and Real-time monitoring.

Wendy Center, U.S. Bureau of Reclamation, 5, 4/30/2018

- 0 - 0

Line 4, by adding the requirement that it must have the capability “to develop specific dispatch instructions”, excludes facilities that are currently included and traditionally considered to be control centers. In the case where dispatches are received and modified or developed at a central “control center” facility and sent to regional control centers who act on but do not modify those dispatches, those regional control centers would seem to no longer be control centers by the proposed definition when, in fact, that is where the most sensitive, directly controlling systems (such as SCADA) reside. These regional control centers often directly control remote, unstaffed generation Facilities directly through their BCS. A viable GOP control center definition must consider the differences between control centers that merely co-ordinate and issue instructions (dispatches) and control centers that directly control generating resources, such as those that have BCS that remotely control normally unstaffed generation Facilities. If both types are intended to be included, the defining criteria must be common to both or distinguish between and specifically apply to each type.

 

Proposal for Line 4: a) who develop or modify dispatch instructions that are sent to either another control center or 2 or more generation facilities or b) who have the potential to supply the final authoritative human supplied control inputs at least some of the time for 2 or more generation facilities.

 

Note that the suggested Line 4 above eliminates the need for Exclusion Line 1. The wording of b) would likely need to be refined, but the idea is to capture the people who have the ability to input control inputs to operate generating resources without the need for other people’s involvement. For example, a remote operator at a “control center” that can control the remote resource without the need for local personnel at the remote generation resource to intercede. The existence of local operators or local control capability does not interfere with criteria b).

 

Line 4 - Dispatch instruction is not a defined term – suggest using the term operational instruction.

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

PNM disagrees with the proposed revision to the definition of Control Center.  We agree with concerns about the use of “real-time reliability tasks” as raised by Dominion Energy, EEI, and Texas RE.  We also share WECC’s concern that “including language defining what Operating personnel are not will conflict with the purpose of COM-002-4 – Operating Personnel Communications Protocols.”  We also share Texas RE’s concern that “that BES Cyber Systems located at significant centralized GOP control locations would longer meet the Medium or High Impact criteria.”

Thus we recommend to either 1) change the criteria in CIP-002 Attachment 1 Impact Rating Criteria to achieve the desired outcome of scoping out smaller facilities, or 2) consider Entergy’s recommended definition of Control Center and proposed term Operations Personnel.

Lynn Goldstein, 4/30/2018

- 0 - 0

Concur with PNM-Lynn Goldstein Comments

Laurie Williams, PNM Resources - Public Service Company of New Mexico, 1, 4/30/2018

- 0 - 0

The SPP Standards Review Team suggests that the drafting team takes into consideration, providing some clarification for the lower case term facilities. The defined term of Facility in the Glossary of terms focuses on electrical equipment serving as a single BES Element. However, there is some confusion on what the lower case term facilities are applicable to. During our discussions, there were questions of could the term be referring to a specific room in a building or is it an entire building? From our perspective, this clarity is needed to help the industry get a better understanding to meet the expectations of the definition which helps ensure the reliability of the grid.   

Additionally, we would suggest revising to #4 and #5 in the definition to read as follows:

4. Can have the authority to act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations; or

5. Has the authority act independently to operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time.

SPP Standards Review Group, Segment(s) , 4/30/2018

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

Hot Answers

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Brandon Gleason, Electric Reliability Council of Texas, Inc., 2, 4/30/2018

- 0 - 0

Other Answers

Linda Jacobson-Quinn, City of Farmington, 3, 3/21/2018

- 0 - 0

Val Ridad, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Jeff Ipsaro, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Sandra Pacheco, Silicon Valley Power - City of Santa Clara, 5, 4/13/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

- 0 - 0

Nicholas Lauriat, Network and Security Technologies, 1, 4/21/2018

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 4/23/2018

- 0 - 0

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

COM-001-3: The proposed Control Center definition excludes field switching personnel. COM-001-3 R12 uses the Control Center definition and includes communications between Control Centers and field personnel. This is a Conflict with the proposed definition of Control Center.

IRO-002 and TOP-001 both use the terms “primary” Control Centers in each of their applicable Requirement language. COM-001-3 uses the term Control Center. When one looks at proposed CIP-012-1 it is apparent in the rationale section of the Implementation Guide that Backup Control Centers are included.  Can one assume that “Control Center” used in Reliability Standards includes the Backup Control Center? Will this result in consistent appication?

Tony Eddleman, Nebraska Public Power District, 3, 4/23/2018

- 1 - 0

There is no choice for potentially.  The unintended consequences will not be known until the auditing of standards has begun after the definition change.  The auditors, who are responsible to measure compliance performance, can have a subjective change in interpretation for applicability of many standards.  It is the duty of the Drafting Team to make a complete analysis of the existing standards to assure there is not misapplication due to the change in definition.

Kevin Conway, Public Utility District No. 1 of Pend Oreille County, 1, 4/23/2018

- 0 - 0

The impacts to the non CIP Standards have not been examined at length due to the abbreviated amount of time available, but many non-CIP standards rely on the definition of Control Center.

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

COM-001-3; One scenario may be a GO could direct (verbally or through automatic schemes) a TO Facility to operate in support of a RAS.

COM-001-3: The proposed Control Center definition excludes field switching personnel. COM-001-3 R12 uses the Control Center definition and includes communications between Control Centers and field personnel.  Do the words of the Standard over-ride the proposed definition?  The proposed Control Center definition is in conflict with COM-001-3, R12 and will lead to uncertainty with CEAs and Applicable Entities. 

IRO-002-5 uses the phrase “…and other entities deemed necessary…” which allows the RC to added any entity to the RC’s Monitoring and Analysis capabilities.  No issue.

TOP-001-4 (effective 7/1/2018);  This Standard’s Applicability section may need to be expanded if there are entities identified per the proposed Control Center definition, such as a GO who can direct a Transmission Facility to do something to save their generator (RAS).

IRO-002 and TOP-001 both use the terms “primary” Control Centers in each of their applicable Requirement language. COM-001-3 uses the term Control Center.  Does the proposed definition include both primary and secondary Control Centers?  If so, request that the SDT make this statement for all Applicable Entities to understand.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 1 - 0

COM-002-4 

Concern that proposed definition would cause uncertainty in whether or not personnel at control centers must use three part communications. There is evidence that a significant number of Misoperations are a result of poor communication between System Operators at control centers and the entity’s operating personnel in the field.

Steven Rueckert, Western Electricity Coordinating Council, 10, 4/25/2018

- 0 - 0

Jonathan Aragon, 4/25/2018

- 0 - 0

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 1 - 0

Jeff Johnson, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 1, 2, 3, 4, 5, 6, 7, 8, 9

- 0 - 0

City Light supports SRP comments

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Faz Kasraie, On Behalf of: Seattle City Light, WECC, Segments 5

- 0 - 0

ALAN ADAMSON, New York State Reliability Council, 10, 4/26/2018

- 0 - 0

Peter Yost, Con Ed - Consolidated Edison Co. of New York, 3, 4/27/2018

- 0 - 0

Glen Farmer, Avista - Avista Corporation, 5, 4/27/2018

- 0 - 0

- 0 - 0

None

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Yes. CIP-002-5.1a impact rating criterion 2.11.  See response to question #1.

Joel Charlebois, On Behalf of: AESI - Acumen Engineered Solutions International Inc., , Segments 5

- 0 - 0

We support the MRO NSRF comments.

Thomas Breene, WEC Energy Group, Inc., 3, 4/27/2018

- 0 - 0

Adrian Andreoiu, On Behalf of: BC Hydro and Power Authority, WECC, Segments 1, 3, 5

- 0 - 0

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Please refer to comments submitted by Robert Blackney on behalf of Southern California Edison

Kenya Streeter, Edison International - Southern California Edison Company, 6, 4/27/2018

- 0 - 0

WAPA is in agreement with the comment that the term "data center" is not defined in any NERC standard or NERC documentation.  The issue is how far into the SCADA acquisition process does the data center definition penetrate.  Does the data center definition penetrate into data aggregators used to reduce communication costs that represent loss of several RTU if compromised?  The main impact area of this definition is in the new TOP-001-4 standard R20 that becomes enforceable 7-1-18.  If the data center definition is beyond the bricks and mortar used for the Control Room and SCADA, then redundant and diversely routed data exchange infrastructure may be needed outside of the traditional primary Control Center facility.  Please clarify.

sean erickson, Western Area Power Administration, 1, 4/29/2018

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Douglas Johnson, 4/30/2018

- 0 - 0

Steven Mavis, 4/30/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

- 0 - 0

COM-001-3 requires internal Interpersonal Communication capabilities between Control Centers and field personnel.  It is unclear if the proposed Control Center definition revision could be interpreted to also require these capabilities to and from the “associated data center” (the phrase used in the current definition of Control Center.  While this concern does not seem to be caused by changes in the proposed definition, clarity is needed.  Possibly this could be clarified in COM-001 guidance.

Larry Watt, Lakeland Electric, 1, 4/30/2018

- 0 - 0

Please see comments for Question 4.

Entergy, Segment(s) 1, 5, 12/13/2017

- 0 - 0

Additional impacted standards include EOP-004-4 and EOP-008-1.  To the extent the Control Center definition is revised and moves forward, it is possible that new Control Centers will be identified or a Control Center impact rating could increase.  Because of this, the proposed Implementation Plan should be revised to provide additional time for non-CIP standard compliance impacted by the revised Control Center definition.

Barry Lawson, National Rural Electric Cooperative Association, 4, 4/30/2018

- 0 - 0

Yes the definition may change scope or intent of these standards, unless the added phrase “at two or more locations” is added to 5.

Daniel Gacek, Exelon, 1, 4/30/2018

- 0 - 0

COM-001-3 requires internal Interpersonal Communication capabilities between Control Centers and field personnel.  It is unclear if this revision could be interpreted to require these capabilities to and from the associated data center.   (The “associated data center” phrase is in the existing definition of Control Center.  This concern does not seem to be caused by changes in the proposed definition.)  This may need to be clarified in guidance to COM-001.

Brian Evans-Mongeon, Utility Services, Inc., 4, 4/30/2018

- 0 - 0

AECI supports comments provided by NRECA

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Ellen Oswald, 4/30/2018

- 0 - 0

(Ditto EEI Comments):

  • COM-001-3; One scenario may be a GO could direct (verbally or through automatic schemes) a TO Facility to operate in support of a RAS.

  • COM-001-3: The proposed Control Center definition excludes field switching personnel. COM-001-3 R12 uses the Control Center definition and includes communications between Control Centers and field personnel.  Do the words of the Standard over-ride the proposed definition?  The proposed Control Center definition is in conflict with COM-001-3, R12 and will lead to uncertainty with CEAs and Applicable Entities. 

  • IRO-002-5 uses the phrase “…and other entities deemed necessary…” which allows the RC to be added any entity to the RC’s Monitoring and Analysis capabilities.  No issue.

  • TOP-001-4 (effective 7/1/2018);  This Standard’s Applicability section may need to be expanded if there are entities identified per the proposed Control Center definition, such as a GO who can direct a Transmission Facility to do something to save their generator (RAS).

  • IRO-002 and TOP-001 both use the terms “primary” Control Centers in each of their applicable Requirement language. COM-001-3 uses the term Control Center.  Does the proposed definition include both primary and secondary Control Centers?  If so, request that the SDT make this statement for all Applicable Entities to understand.

David Jendras, Ameren - Ameren Services, 3, 4/30/2018

- 0 - 0

James Anderson, 4/30/2018

- 0 - 0

FMPA agrees with the following comments from APPA:

COM-001-3 requires internal Interpersonal Communication capabilities between Control Centers and field personnel.  It is unclear if the proposed Control Center definition revision could be interpreted to also require these capabilities to and from the “associated data center” (the phrase used in the current definition of Control Center.  While this concern does not seem to be caused by changes in the proposed definition, clarity is needed.  Possibly this could be clarified in COM-001 guidance.

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Andrey Komissarov, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

Dennis Sismaet, Northern California Power Agency, 6, 4/30/2018

- 0 - 0

Cowlitz PUD supports the comments submitted by Brian Evans-Mongeon, Utility Services Inc.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

Nicolas Turcotte, On Behalf of: Hydro-Qu?bec TransEnergie, , Segments 1

- 0 - 0

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

Within this proposed definition it appears that the SDT is interpreting who should not be included as “operating personnel”. Is this just in the context of the Control Center definition or throughout the NERC Standards? For example would this apply to COM-002-4 Operating Personnel Communication Protocols R1 R2 R3 R4? Maybe “operating personnel” should be defined separately. 

Also, in addition to standards mentioned in this question, this proposed definition is tied to other definitions such as “Operating Instruction” and “System Operator”. This may change the “scope or intent” of Reliability Standards which would require further review. 

Dmitriy Bazylyuk, 4/30/2018

- 0 - 0

Supporting the MRO NSRF's comments.

George Brown, Acciona Energy North America, 5, 4/30/2018

- 0 - 0

The NERC SDT should consider the impact on COM-001-3. With the proposed definition, many generation Control Centers (as currently defined within the NERC Glossary) would no longer be a Control Center (with the proposed definition). With the proposed definition, many current Generator Operator Control Centers would not have to have Interpersonal Communication “between Control Centers within the same functional entity, and/or between a Control Center and field personnel” since they do not develop specific dispatch instructions as proposed.

 

Heather Morgan, On Behalf of: EDP Renewables North America LLC, , Segments 5

- 0 - 0

No comments.

Teresa Cantwell, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

The current and revised Control Center definition is actually presently impacting interpretation for TOP-001-4, Requirement 20.  Without an official definition for a data center, interpretation of the Control Center perimeter (per this Standard), may require redundant and diversely routed data exchange infrastructure to be required outside of the traditional primary Control Center facility.

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 4/30/2018

- 0 - 0

John Merrell, Tacoma Public Utilities (Tacoma, WA), 1, 4/30/2018

- 0 - 0

We support that EOP-008-2 (future enforceable) and prior versions do NOT (and should not) use the Control Center definition, but rather apply to “control centers” for RCs, TOPs and BAs. We are not aware of plans to change that. However, Control Center first only existed in CIP standards and has since crept into non-CIP standards. It is important that the definition revision consider what would happen to other standards, such as EOP-008, if future revisions of EOP-008 considered adopting “Control Center” to replace “control center.”

The main impact area of this definition is in the new TOP-001-4 standard R20 that becomes enforceable 7-1-18.  If the data center definition is beyond the bricks and mortar used for the Control Room and SCADA, then redundant and diversely routed data exchange infrastructure may be needed outside of the traditional primary Control Center facility.  R.20. says: “R20. Each Transmission Operator shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Transmission Operator's primary Control Center, for the exchange of Real-time data with its Reliability Coordinator, Balancing Authority, and the entities it has identified it  needs data from in order for it to perform its Real-time monitoring and Real-time Assessments.”  Please clarify.
 

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 4/30/2018

- 0 - 0

We support that EOP-008-2 (future enforceable) and prior versions do NOT (and should not) use the Control Center definition, but rather apply to “control centers” for RCs, TOPs and BAs. We are not aware of plans to change that. However, Control Center first only existed in CIP standards and has since crept into non-CIP standards. It is important that the definition revision consider what would happen to other standards, such as EOP-008, if future revisions of EOP-008 considered adopting “Control Center” to replace “control center.”

 

The main impact area of this definition is in the new TOP-001-4 standard R20 that becomes enforceable 7-1-18.  If the data center definition is beyond the bricks and mortar used for the Control Room and SCADA, then redundant and diversely routed data exchange infrastructure may be needed outside of the traditional primary Control Center facility.  R.20. says: “R20. Each Transmission Operator shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Transmission Operator's primary Control Center, for the exchange of Real-time data with its Reliability Coordinator, Balancing Authority, and the entities it has identified it  needs data from in order for it to perform its Real-time monitoring and Real-time Assessments.”  Please clarify.
 

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 4/30/2018

- 0 - 0

COM-001-3 requires internal Interpersonal Communication capabilities between Control Centers and field personnel.  It is unclear if the proposed Control Center definition revision could be interpreted to also require these capabilities to and from the “associated data center” (the phrase used in the current definition of Control Center.  While this concern does not seem to be caused by changes in the proposed definition, clarity is needed.  Possibly this could be clarified in COM-001 guidance.

Jack Cashin, American Public Power Association, 4, 4/30/2018

- 0 - 0

The definition of Control Center has changed substantively.  Texas RE has identified 40 standard requirements that contain the term control center (upper and lowercase).  Texas RE inquires as to whether the SDT analyzed all of these requirements in order to determine the implications of the revised definition of Control Center on other standards.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 4/30/2018

- 0 - 0

PacifiCorp supports MEC’s comments regarding TOP-001-4: The main impact area of this definition is in the new TOP-001-4 standard R20 that becomes enforceable 7-1-18.  If the data center definition is beyond the bricks and mortar used for the Control Room and SCADA, then redundant and diversely routed data exchange infrastructure may be needed outside of the traditional primary Control Center facility.  R.20. says: “R20. Each Transmission Operator shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Transmission Operator's primary Control Center, for the exchange of Real-time data with its Reliability Coordinator, Balancing Authority, and the entities it has identified it  needs data from in order for it to perform its Real-time monitoring and Real-time Assessments.”  Please provide additional clarity.

Sandra Shaffer, On Behalf of: Berkshire Hathaway - PacifiCorp, , Segments 6

- 0 - 0

The term “control center” is used in other Standards as an undefined term (lower case “c”s).  Specifically, in COM‑001‑3, “control centers” are referenced in Requirements R12 and R13, which apply to the GOP and DP functions, respectively.  Both requirements specify that Interpersonal Communication capability is required “between control centers within the same functional entity, and/or between a control center and field personnel.” [Note that “control center” is lower case (i.e., an undefined term)].  Southern does not believe that the proposed Control Center definition change is in conflict with the Requirements of COM‑001‑3, but the term “control center” should be capitalized in a future revision.

In TOP‑001‑4, Requirements R20, R21, and R24 reference “Control Center” as a defined term.  In the context of these references, the proposed definition of Control Center does not create any concerns or conflicts provided that applicability for these Requirements is not expanded to other functions such as GOPs because they are explicitly included in the new definition of Control Center.

In IRO‑002‑5, Requirements R2 and R3 reference “Control Center” as a defined term.  In the context of these references, the proposed definition of Control Center does not create any concerns or conflicts provided that the applicability for these Requirements is not expanded to other functions such as GOPs because they are explicitly included in the new definition of Control Center.

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

No comments.

ACES Standards Collaborators, Segment(s) 1, 3, 4, 5, 4/30/2018

- 0 - 0

RSC no Dominion, NextEra and HQ, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 4/30/2018

- 0 - 0

If Reclamation’s proposed revisions are adopted, changes to the scope of COM-001-3 could be interpreted. To avoid changing the scope of COM-001-3, Reclamation recommends modifying COM-001-3 to replace “Control Center” with “primary Control Center” throughout the Reliability Standard to align COM-001-3 with TOP-001-4 and IRO-002-5.

Wendy Center, U.S. Bureau of Reclamation, 5, 4/30/2018

- 0 - 0

CIP-012 and CIP-002. Facilities that are considered GOP control centers would no longer be if they do not host people who originate or modify dispatch instructions.

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

PNM believes that COM-001-3 is the one most likely to be affected since it is the only one with Generation Operator Control Centers in scope and that is what the definition is trying to change. 

Lynn Goldstein, 4/30/2018

- 0 - 0

Laurie Williams, PNM Resources - Public Service Company of New Mexico, 1, 4/30/2018

- 0 - 0

SPP Standards Review Group, Segment(s) , 4/30/2018

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

Hot Answers

Please see NRG comment to Question number 1.

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Brandon Gleason, Electric Reliability Council of Texas, Inc., 2, 4/30/2018

- 0 - 0

Other Answers

Linda Jacobson-Quinn, City of Farmington, 3, 3/21/2018

- 0 - 0

Val Ridad, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Jeff Ipsaro, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Sandra Pacheco, Silicon Valley Power - City of Santa Clara, 5, 4/13/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

- 0 - 0

Nicholas Lauriat, Network and Security Technologies, 1, 4/21/2018

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 4/23/2018

- 0 - 0

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

Without knowing the boundary of a control center as discussed above in question one, it is not possible to answer this question.  Will the new definition of a control center, without a boundary as currently written, produce unintended consequences of bringing new cyber assets into CIP compliance?  At a minimum, a larger than required control center will require CIP-002 screening for BES Cyber Systems to include countless systems not intended to be screened for entities collocated with other business functions.

Tony Eddleman, Nebraska Public Power District, 3, 4/23/2018

- 1 - 0

Dispatch centers of small utilities that are not categorized as Control Centers will now fall under that category.  They will be categorized as low impact facilities.  It is possible that some plant control rooms will also be considered as Control Centers now because they may be responsible for local and remote generation, or generation that is within the same campus, but not the same facility.  Some large industrial sites, with their own generation, fall under this category.

Kevin Conway, Public Utility District No. 1 of Pend Oreille County, 1, 4/23/2018

- 0 - 0

It is unclear if entities with facilities not previously defined as a Control Center will now be considered a Control Center, resulting in newly categorized BES Cyber Systems.

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

The NSRF cannot answer this question as we do not know the configuration within every member of NERC.  Please see the second paragraph to question 1.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 1 - 0

Steven Rueckert, Western Electricity Coordinating Council, 10, 4/25/2018

- 0 - 0

Jonathan Aragon, 4/25/2018

- 0 - 0

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 1 - 0

Jeff Johnson, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 1, 2, 3, 4, 5, 6, 7, 8, 9

- 0 - 0

City Light supports SRP comments

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Faz Kasraie, On Behalf of: Seattle City Light, WECC, Segments 5

- 0 - 0

ALAN ADAMSON, New York State Reliability Council, 10, 4/26/2018

- 0 - 0

Supporting comments from NPCC

Peter Yost, Con Ed - Consolidated Edison Co. of New York, 3, 4/27/2018

- 0 - 0

Glen Farmer, Avista - Avista Corporation, 5, 4/27/2018

- 0 - 0

- 0 - 0

None

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

No. CIP-002-5.1a impact rating criterion 2.11.  See response to question #1.

Joel Charlebois, On Behalf of: AESI - Acumen Engineered Solutions International Inc., , Segments 5

- 0 - 0

We support the MRO NSRF comments.

Thomas Breene, WEC Energy Group, Inc., 3, 4/27/2018

- 0 - 0

Adrian Andreoiu, On Behalf of: BC Hydro and Power Authority, WECC, Segments 1, 3, 5

- 0 - 0

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Please refer to comments submitted by Robert Blackney on behalf of Southern California Edison

Kenya Streeter, Edison International - Southern California Edison Company, 6, 4/27/2018

- 0 - 0

It is possible that the ambiguity of the language “associated data center” could result in an unintended consequence within BES Cyber System categorization. 

sean erickson, Western Area Power Administration, 1, 4/29/2018

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Douglas Johnson, 4/30/2018

- 0 - 0

Steven Mavis, 4/30/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Language on inclusion 5 includes “direct operations” which is too vague for clear interpretation.

- 0 - 0

Larry Watt, Lakeland Electric, 1, 4/30/2018

- 0 - 0

Please see comments for Question 4.

Entergy, Segment(s) 1, 5, 12/13/2017

- 0 - 0

There are an unknown number of scenarios where the BES Cyber System impact rating/categorization could be impacted.  Because of the potential impacts to non-CIP standards, the proposed Implementation Plan should be revised to provide additional time for non-CIP standard compliance impacted by the revised Control Center definition.

Barry Lawson, National Rural Electric Cooperative Association, 4, 4/30/2018

- 0 - 0

Daniel Gacek, Exelon, 1, 4/30/2018

- 0 - 0

Brian Evans-Mongeon, Utility Services, Inc., 4, 4/30/2018

- 0 - 0

AECI supports comments provided by NRECA

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Ellen Oswald, 4/30/2018

- 0 - 0

Clarification needs to be added around "associated data center" and whether it is included due to its relationship in support the Control Center or because it contains operating personnel/System Operators (obviously, the former).

David Jendras, Ameren - Ameren Services, 3, 4/30/2018

- 0 - 0

James Anderson, 4/30/2018

- 0 - 0

No comment

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Andrey Komissarov, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

Dennis Sismaet, Northern California Power Agency, 6, 4/30/2018

- 0 - 0

Cowlitz PUD supports the comments submitted by Brian Evans-Mongeon, Utility Services Inc.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

Nicolas Turcotte, On Behalf of: Hydro-Qu?bec TransEnergie, , Segments 1

- 0 - 0

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

Dmitriy Bazylyuk, 4/30/2018

- 0 - 0

From a Generator Operator perspective the proposed definition of Control Center does not.

George Brown, Acciona Energy North America, 5, 4/30/2018

- 0 - 0

The current interpretation of the proposed definition as it relates to Generator Operators will impact not only NERC CIP Standards, but Operations and Planning Standards as well. With respect to CIP Standards, there are numerous generation control centers that do not develop specific dispatch instructions. Due to this, the proposed definition would impact the classification of BES Cyber Systems as required in CIP-002. Furthermore, generation control centers with more than 1,500 MW in one or more Interconnection(s) would be able to easily revise operating protocols to ensure the entity never reaches the criteria to be classified as a Medium Impact BES Cyber Systems as defined with CIP-002. This loophole would not support the reliability of the Bulk Electric System.

Furthermore, current Low Impact BES Cyber System Control Centers that do not “develop specific dispatch instructions,” will no longer have a Low Impact BES Cyber System Control Center with the proposed changes.

Heather Morgan, On Behalf of: EDP Renewables North America LLC, , Segments 5

- 0 - 0

No comments.

Teresa Cantwell, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

NV Energy does not recognize an impact for its facilities, but the fact that additional criteria have been added to define a Control Center, there is an opportunity than an Entity will now have facilities that were not previously identified as a Control Center, now in scope of the Impact Criterion.

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 4/30/2018

- 0 - 0

John Merrell, Tacoma Public Utilities (Tacoma, WA), 1, 4/30/2018

- 0 - 0

We have had confidence on what in version 5 are our high and medium impact Control Centers. Depending on the revised Control Center definition, low impact Control Centers could be in doubt. Refer to concerns with the definition.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 4/30/2018

- 0 - 0

We have had confidence on what in version 5 are our high and medium impact Control Centers. Depending on the revised Control Center definition, low impact Control Centers could be in doubt. Refer to concerns with the definition.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 4/30/2018

- 0 - 0

Jack Cashin, American Public Power Association, 4, 4/30/2018

- 0 - 0

Please see Texas RE’s response to #1. 

Rachel Coyne, Texas Reliability Entity, Inc., 10, 4/30/2018

- 0 - 0

Sandra Shaffer, On Behalf of: Berkshire Hathaway - PacifiCorp, , Segments 6

- 0 - 0

Southern does not foresee this change altering our categorization of existing BES Cyber Assets.

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

It does not change the criteria used in CIP-00205.1a but it does influence the entity if they are now ruled a Control Center. If so, then that new Control Center should have time to reevaluate their BES Cyber System categorization process and update their documentation.

ACES Standards Collaborators, Segment(s) 1, 3, 4, 5, 4/30/2018

- 0 - 0

RSC no Dominion, NextEra and HQ, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 4/30/2018

- 0 - 0

Wendy Center, U.S. Bureau of Reclamation, 5, 4/30/2018

- 0 - 0

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

Lynn Goldstein, 4/30/2018

- 0 - 0

Laurie Williams, PNM Resources - Public Service Company of New Mexico, 1, 4/30/2018

- 0 - 0

SPP Standards Review Group, Segment(s) , 4/30/2018

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

Hot Answers

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Brandon Gleason, Electric Reliability Council of Texas, Inc., 2, 4/30/2018

- 0 - 0

Other Answers

Linda Jacobson-Quinn, City of Farmington, 3, 3/21/2018

- 0 - 0

Val Ridad, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Jeff Ipsaro, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Erroneous Response:  I would like to change my answer from Yes to No.

Sandra Pacheco, Silicon Valley Power - City of Santa Clara, 5, 4/13/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

- 0 - 0

Nicholas Lauriat, Network and Security Technologies, 1, 4/21/2018

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 4/23/2018

- 0 - 0

Potentially yes, but AEP is not aware of any specific instances.  The words of the definition could be changed to only exclude if there are no inclusions to get ahead of any possible issues.  AEP suggests the SDT change the definition as follows: “Operating personnel do not include if they are the only operating personnel located at the asset:”

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

Tony Eddleman, Nebraska Public Power District, 3, 4/23/2018

- 0 - 0

By Agreement with our TOP, during emergency conditions we have staff that potentially can meet the included staff for "...operat[ing] or direct[ing] the operation of a Transmission Owner’s BES Transmission Facilities in Realtime." Under Normal conditions we have "...plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications."
 

Kevin Conway, Public Utility District No. 1 of Pend Oreille County, 1, 4/23/2018

- 0 - 0

Yes, but it appears that even if there are any inclusion personnel it doesn’t matter if there are any exclusion personnel because by definition it’s a Control Center.

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

There may be an Entity who is vertically integrated and host those Functions in separate locations due to their apparent size.  

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 0 - 0

Steven Rueckert, Western Electricity Coordinating Council, 10, 4/25/2018

- 0 - 0

Jonathan Aragon, 4/25/2018

- 0 - 0

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 1 - 0

Jeff Johnson, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 1, 2, 3, 4, 5, 6, 7, 8, 9

- 0 - 0

City Light supports SRP comments

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Faz Kasraie, On Behalf of: Seattle City Light, WECC, Segments 5

- 0 - 0

ALAN ADAMSON, New York State Reliability Council, 10, 4/26/2018

- 0 - 0

Supporting comments from NPCC

Peter Yost, Con Ed - Consolidated Edison Co. of New York, 3, 4/27/2018

- 0 - 0

Glen Farmer, Avista - Avista Corporation, 5, 4/27/2018

- 0 - 0

- 0 - 0

BPA believes the current language in the exclusion section isn’t clear enough to determine whether personnel can fall within both inclusion and exclusion.  Based on current language, it is unclear whether personnel at a centrally located dispatch center could fall within both inclusion and exclusion.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Yes.

For GOP Control Centers, there may be operating personnel who can develop specific dispatch instructions for generation Facilities at two or more locations as part of their job function, and other operating personnel who simply operate (start/stop/etc) or relay the developed dispatch instructions.

Joel Charlebois, On Behalf of: AESI - Acumen Engineered Solutions International Inc., , Segments 5

- 0 - 0

We support the MRO NSRF comments.

Thomas Breene, WEC Energy Group, Inc., 3, 4/27/2018

- 0 - 0

Adrian Andreoiu, On Behalf of: BC Hydro and Power Authority, WECC, Segments 1, 3, 5

- 0 - 0

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Please refer to comments submitted by Robert Blackney on behalf of Southern California Edison

Kenya Streeter, Edison International - Southern California Edison Company, 6, 4/27/2018

- 0 - 0

sean erickson, Western Area Power Administration, 1, 4/29/2018

- 0 - 0

Has the drafting team considered a scenario in which there could be two separate facilities that could both potentially fall under the proposed definition, that are housed inside the same Physical Security Perimeter (PSP)? With both facilities being inside the same PSP, would this be considered to be one Control Center or two separate Control Centers?

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Douglas Johnson, 4/30/2018

- 0 - 0

Steven Mavis, 4/30/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

- 0 - 0

It may be possible for a single person to fit both operating personnel revised definition, as well as the definition of excluded personnel, but at different times. This can happen at smaller organizations where individuals perform multiple roles. 

It is also possible for management or engineering staff to be identified as operating personnel due to their qualifications, while not actually performing the operator function.

Larry Watt, Lakeland Electric, 1, 4/30/2018

- 0 - 0

The operation of a Transmission Owner breaker may be shared between the Transmission Operator and Generator Operator not centrally dispatched.  In such a case, the shared breaker(s) may exist on a ring bus where there is no separate breaker to isolate the generator Facility from the ring bus, or a similar scenario involving a breaker and a half scheme.  The use of the undefined term “plant operator” does not exclude the Generator Operator from operating a Transmission Owner breaker.  The same situation may occur with distribution customers, retail or commercial, which may have the ability to operate a Transmission Owner breaker due to not having separate isolation equipment.

NOTE: Typically a Generator Operator which has a need to operate the shared Transmission Owner breaker will submit an outage request to the Balancing Authority, Reliability Coordinator, and/or Transmission Operator.  Unsure about distribution customer outages.

Entergy, Segment(s) 1, 5, 12/13/2017

- 0 - 0

Barry Lawson, National Rural Electric Cooperative Association, 4, 4/30/2018

- 0 - 0

Daniel Gacek, Exelon, 1, 4/30/2018

- 0 - 0

It may be possible for a single person to fulfil both roles, maybe at different times.  This may be more likely to occur in smaller organizations where individuals perform multiple roles. 

Management or engineering staff may also be identified as operating personnel when qualified to, but not performing the operator function.

Brian Evans-Mongeon, Utility Services, Inc., 4, 4/30/2018

- 0 - 0

AECI supports comments provided by NRECA

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Ellen Oswald, 4/30/2018

- 0 - 0

David Jendras, Ameren - Ameren Services, 3, 4/30/2018

- 0 - 0

James Anderson, 4/30/2018

- 0 - 0

FMPA agrees with the following comments from APPA:

It may be possible for a single person to fit both operating personnel revised definition, as well as the definition of excluded personnel, but at different times. This can happen at smaller organizations where individuals perform multiple roles.

It is also possible for management or engineering staff to be identified as operating personnel due to their qualifications, while not actually performing the operator function.

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Andrey Komissarov, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

Dennis Sismaet, Northern California Power Agency, 6, 4/30/2018

- 0 - 0

Cowlitz PUD supports the comments submitted by Brian Evans-Mongeon, Utility Services Inc.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

We support the following RSC comment : Unless modified to limit to two or more locations, the inclusion qualifier 5 could include control building within a substation.

For small locations, one person may fulfill both roles (at different times)

Nicolas Turcotte, On Behalf of: Hydro-Qu?bec TransEnergie, , Segments 1

- 0 - 0

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

During the Loss of Primary Control Center Event (Real or Test), Dispatch Operator (TO) at Back Up Control Center (BUCC) may act as a TOP while Transmission System Supervisors (TOP) are in transit to the BUCC.

Dmitriy Bazylyuk, 4/30/2018

- 0 - 0

Supporting the MRO NSRF's comments.

George Brown, Acciona Energy North America, 5, 4/30/2018

- 0 - 0

EDPR NA is not aware of the scenario ocnsisting of both inclusion and exclusion personnel. 

Heather Morgan, On Behalf of: EDP Renewables North America LLC, , Segments 5

- 0 - 0

No comments.

Teresa Cantwell, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 4/30/2018

- 0 - 0

John Merrell, Tacoma Public Utilities (Tacoma, WA), 1, 4/30/2018

- 0 - 0

One example could be GOP inclusion personnel located at a plant site where there are also excluded unit operators.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 4/30/2018

- 0 - 0

One example could be GOP inclusion personnel located at a plant site where there are also excluded unit operators.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 4/30/2018

- 0 - 0

It may be possible for a single person to fit both operating personnel revised definition, as well as the definition of excluded personnel, but at different times. This can happen at smaller organizations where individuals perform multiple roles. 

 

It is also possible for management or engineering staff to be identified as operating personnel due to their qualifications, while not actually performing the operator function.

 

Jack Cashin, American Public Power Association, 4, 4/30/2018

- 0 - 0

Please see Texas RE’s response to #1.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 4/30/2018

- 0 - 0

One example as suggested above, without adding an exclusion for Information Technology and Operational Technology personnel allows for them to perform their tasks related to their job descriptions without limiting the number of locations that they can be connected and communicating to at any given time, or inadvertently including them as operating personnel should they occupy a desk in a Control Center or associated data center. 

Sandra Shaffer, On Behalf of: Berkshire Hathaway - PacifiCorp, , Segments 6

- 0 - 0

Please see the comments provided under question 1 for examples of possible inclusion/exclusion conflicts.  Southern Company believes there are situations that exist where there is the potential to have an inclusion / exclusion conflict for business units that may partially meet an inclusion and exclusion at the same time.

For example, Southern Company has a centrally located dispatch center that develops specific dispatch instructions for economics under the constraints of reliability as determined by the BA and RC, and reliability dispatch instructions from the BA and RC are relayed through the dispatch center without making modifications.  The use of “develop dispatch instructions” versus using the NERC defined term “Operating Instruction” may create confusion and ambiguity regarding applicability.

 

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

No comment.

ACES Standards Collaborators, Segment(s) 1, 3, 4, 5, 4/30/2018

- 0 - 0

Unless modified to limit to two or more locations, the inclusion qualifier 5 could include control building within a substation.

 

For small locations, one person may fulfill both roles (at different times)

RSC no Dominion, NextEra and HQ, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 4/30/2018

- 0 - 0

Wendy Center, U.S. Bureau of Reclamation, 5, 4/30/2018

- 0 - 0

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

Lynn Goldstein, 4/30/2018

- 0 - 0

Laurie Williams, PNM Resources - Public Service Company of New Mexico, 1, 4/30/2018

- 0 - 0

SPP Standards Review Group, Segment(s) , 4/30/2018

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

Hot Answers

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Based on significance of possibly changing the impact rating of a BES asset, this should take place on an implementation timeline that allows sufficient time for entities to verify their compliance with the operations and planning standards noted. The implementation and enforcement timelines for CIP-002 have been addressed, but the timeline for the other non-CIP standards has not been addressed.

Brandon Gleason, Electric Reliability Council of Texas, Inc., 2, 4/30/2018

- 0 - 0

Other Answers

Linda Jacobson-Quinn, City of Farmington, 3, 3/21/2018

- 0 - 0

Val Ridad, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Jeff Ipsaro, On Behalf of: Silicon Valley Power - City of Santa Clara, , Segments 3, 4, 5

- 0 - 0

Sandra Pacheco, Silicon Valley Power - City of Santa Clara, 5, 4/13/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

- 0 - 0

Nicholas Lauriat, Network and Security Technologies, 1, 4/21/2018

- 0 - 0

The IESO submits that the implimentation plan should allow an RE to update its documentation during its regular review cycle. This will help avoid duplication of effort. It should also consider any potentially significant changes required for Control Center physical and logical changes to occur within budget cycles.

Leonard Kula, Independent Electricity System Operator, 2, 4/23/2018

- 0 - 0

Knowing that the FERC will determine the effective dates, AEP believes the Implementation Plans for the revised Control Center definition and proposed CIP-002-6 should be synchronized so the transition is less impactful.

 

Aaron Austin, On Behalf of: Aaron Austin, , Segments 3, 5

- 0 - 0

Tony Eddleman, Nebraska Public Power District, 3, 4/23/2018

- 0 - 0

In some cases there may be a need to implement security measures not considered prior to the reclassification.  Depending on the budget period and cycle, these would be unbudgeted and may take up to a year to complete.

Kevin Conway, Public Utility District No. 1 of Pend Oreille County, 1, 4/23/2018

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

For those entities that may need to start some programs from scratch, they will need more time.  Recommend that the Implementation time line be pushed to 12 months.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 0 - 0

Steven Rueckert, Western Electricity Coordinating Council, 10, 4/25/2018

- 0 - 0

AZPS agrees with the exception to the initial implementation of CIP-002-6 as set forth in “Implementation Plan”.

Jonathan Aragon, 4/25/2018

- 0 - 0

If the definition is a defined term being used by multiple reliability standards, 18 calendar months will be more appropriate to implement the revised definition.

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 1 - 0

Jeff Johnson, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 1, 2, 3, 4, 5, 6, 7, 8, 9

- 0 - 0

City Light supports SRP comments

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

Faz Kasraie, On Behalf of: Seattle City Light, WECC, Segments 5

- 0 - 0

The Implementation Plan does not allow enough time to bring newly-identified Control Centers into compliance.

ALAN ADAMSON, New York State Reliability Council, 10, 4/26/2018

- 0 - 0

Supporting comments from NPCC.

Peter Yost, Con Ed - Consolidated Edison Co. of New York, 3, 4/27/2018

- 0 - 0

Glen Farmer, Avista - Avista Corporation, 5, 4/27/2018

- 0 - 0

- 0 - 0

None

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Yes we agree, assuming there are appropriate implementation plans in place for all affected standards and requirements that allow newly identified Control Centers brought into scope by the proposed definition sufficient time to come into compliance with such standards and requirements. 

If such implementation plans for all affected standards and requirements do not currently exist or do not currently address newly identified Control Centers, then we suggest that the SDT review all affected standards and requirements to develop an appropriate implementation plan for each of those, or otherwise lengthen the effective date of the proposed definition to an appropriate duration to allow newly identified Control Centers sufficient time to come into compliance with all applicable standards and requirements. 

Joel Charlebois, On Behalf of: AESI - Acumen Engineered Solutions International Inc., , Segments 5

- 0 - 0

We do not believe the definition can be implemented as proposed and hesitate to suggest an alternative timeframe until we see a revised definition however 12 months may be more appropriate than 3 months.

Thomas Breene, WEC Energy Group, Inc., 3, 4/27/2018

- 0 - 0

Adrian Andreoiu, On Behalf of: BC Hydro and Power Authority, WECC, Segments 1, 3, 5

- 0 - 0

Marty Hostler, On Behalf of: Northern California Power Agency, , Segments 5, 6

- 0 - 0

Please refer to comments submitted by Robert Blackney on behalf of Southern California Edison

Kenya Streeter, Edison International - Southern California Edison Company, 6, 4/27/2018

- 0 - 0

WAPA agrees with the NSRF comment that for those entities that may need to start some programs from scratch, they will need more time.  Recommend that the Implementation time line be pushed to 12 months.

sean erickson, Western Area Power Administration, 1, 4/29/2018

- 0 - 0

Duke Energy disagrees with the proposed Implementation Plan of three (3) calendar months. The change to the definition of Control Center would necessitate a review of all internal procedures in which it is referenced to determine if said procedure would need to be updated. The review and analysis, coupled with the training that would be necessary if changes to a procedure were implemented would take much longer than three months. Duke Energy recommends an Implementation Plan of twelve (12) months. This would give industry enough time to do internal reviews, make changes where necessary, and train on said changes prior to the new definition going into effect.  

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Douglas Johnson, 4/30/2018

- 0 - 0

Steven Mavis, 4/30/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

See EEI Comments.

- 0 - 0

Three months should be acceptable if implementation of the revised definition does not result in the identification of a new Control Center.  It should be made clear that identification of a new Control Center would be an “unplanned change” and therefore provide an additional one or two years to meet the requirements.

Larry Watt, Lakeland Electric, 1, 4/30/2018

- 0 - 0

The three (3) calendar months would not allow enough time to make the needed procedure updates.  Recommend six (6) calendar months.
 

Entergy, Segment(s) 1, 5, 12/13/2017

- 0 - 0

While the Implementation Plan for CIP standard compliance, coupled with the proposed Planned and Unplanned Changes language in the proposed CIP-002-6, is adequate, the Implementation Plan needs to be changed for non-CIP standard compliance.  NRECA strongly recommends that language and timeframes similar to the Planned and Unplanned Changes language should be added to the Implementation Plan for non-CIP standards compliance.  Without this change, registered entities will only have a little more than three months to be in compliance with non-CIP standards that include the defined term Control Center in the standard/requirement language.

Barry Lawson, National Rural Electric Cooperative Association, 4, 4/30/2018

- 0 - 0

Yes, if the language is adjusted in 5. to add “at two or more locations.”

Daniel Gacek, Exelon, 1, 4/30/2018

- 0 - 0

Three months would be acceptable if the definition does not result in the new identification of a Control Center.  It should be made clear that this new identification would be an “unplanned change” and allow for the additional one or two years for implementation.

Brian Evans-Mongeon, Utility Services, Inc., 4, 4/30/2018

- 0 - 0

AECI supports comments provided by NRECA

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Ellen Oswald, 4/30/2018

- 0 - 0

If the changes needed to demonstrate compliance with this change amounts to more than a simple document change then there needs to be additional time to accommodate the changes. We would suggest 12 months for implementation.

David Jendras, Ameren - Ameren Services, 3, 4/30/2018

- 0 - 0

If the definition is a defined term being used by multiple reliability standards, 18 calendar months will be more appropriate to implement the revised definition.

James Anderson, 4/30/2018

- 0 - 0

FMPA agrees with the following comments from APPA:

Three months should be acceptable if implementation of the revised definition does not result in the identification of a new Control Center.  It should be made clear that identification of a new Control Center would be an “unplanned change” and therefore provide an additional one or two years to meet the requirements

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Andrey Komissarov, On Behalf of: Sempra - San Diego Gas and Electric - WECC - Segments 7

- 0 - 0

Dennis Sismaet, Northern California Power Agency, 6, 4/30/2018

- 0 - 0

Cowlitz PUD supports the comments submitted by Brian Evans-Mongeon, Utility Services Inc.

Russell Noble, On Behalf of: Cowlitz County PUD, , Segments 3, 5

- 0 - 0

We support the following RSC comment : It should be made clear that this new identification would be an “unplanned change” and allow for the additional one or two years for implementation as proposed in the CIP-002 revisions.

The Implementation Plan should state that any facilities that are newly identified as Control Centers as a result of the revised definition will have 24 months to meet newly applicable compliance requirements that apply to those Control Centers.The Implementation plan should allow an RE to update its documentation during its regular review cycle. This will help avoid duplication of effort. It should also consider any potentially significant changes required for Control Center physical and logical changes to occur within budget cycles.

Nicolas Turcotte, On Behalf of: Hydro-Qu?bec TransEnergie, , Segments 1

- 0 - 0

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

The changes would likely take more time than 3 months to implement. 12 calendar months would be reasonable to make sure the processes and documentation are ready.

Dmitriy Bazylyuk, 4/30/2018

- 0 - 0

Supporting the MRO NSRF's comments.

George Brown, Acciona Energy North America, 5, 4/30/2018

- 0 - 0

Due to the proposed definition of “Control Center” and its impact to numerous NERC Standards, longer time should be given to allow Registered Entities appropriate time to reevaluate CIP-002 as well as several other NERC Standards.

Heather Morgan, On Behalf of: EDP Renewables North America LLC, , Segments 5

- 0 - 0

No comments.

Teresa Cantwell, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

The questions relies on the revision of the definition only required administrative work associated with documentation. There is a concern that the revised definition will place equipment and/or facilities within scope of Standards that were previously not addressing the equipment and/or facility.

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 4/30/2018

- 0 - 0

John Merrell, Tacoma Public Utilities (Tacoma, WA), 1, 4/30/2018

- 0 - 0

Until the scope of the revised definition is concrete, there isn’t certainty in how long it could take to implement changes, if there are any.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 4/30/2018

- 0 - 0

Until the scope of the revised definition is concrete, there isn’t certainty in how long it could take to implement changes, if there are any.
 

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 4/30/2018

- 0 - 0

Three months should be acceptable if implementation of the revised definition does not result in the identification of a new Control Center.  It should be made clear that identification of a new Control Center would be an “unplanned change” and therefore provide an additional one or two years to meet the requirements.

Jack Cashin, American Public Power Association, 4, 4/30/2018

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 4/30/2018

- 0 - 0

Until the scope of the revised definition is concrete, there isn’t certainty in how long it could take to implement changes, if there are any.

Sandra Shaffer, On Behalf of: Berkshire Hathaway - PacifiCorp, , Segments 6

- 0 - 0

Southern Company feels that 12 months is a more reasonable timeframe for implementation if Order 693 facilities are impacted by this change or if an entity is required to start a program from the ground up.

 

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

For those entities now considered a Control Center and not a Control Room, we recommend that the Implementation time line be 18 months.

ACES Standards Collaborators, Segment(s) 1, 3, 4, 5, 4/30/2018

- 0 - 0

It should be made clear that this new identification would be an “unplanned change” and allow for the additional one or two years for implementation as proposed in the CIP-002 revisions.

 

The Implementation Plan should state that any facilities that are newly identified as Control Centers as a result of the revised definition will have 24 months to meet newly applicable compliance requirements that apply to those Control Centers.

 

The Implementation plan should allow an RE to update its documentation during its regular review cycle. This will help avoid duplication of effort. It should also consider any potentially significant changes required for Control Center physical and logical changes to occur within budget cycles.

RSC no Dominion, NextEra and HQ, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 4/30/2018

- 0 - 0

Reclamation recommends the new Control Center definition become effective on the first day of the first calendar quarter that is eighteen (18) calendar months after the effective date of the applicable governmental authority’s order approving the definition to allow entities time to evaluate the impact of the changes effected by the new definition and implement an appropriate response. This will allow registered entities time to evaluate the impact of the new definition on their facilities and determine any necessary changes.

 

Wendy Center, U.S. Bureau of Reclamation, 5, 4/30/2018

- 0 - 0

If the new definition will bring new Control Centers into the scope of CIP Compliance then the three calendar months are not enough to complete all the activities required for compliance.

David Ramkalawan, On Behalf of: David Ramkalawan, , Segments 5

- 0 - 0

PNM agrees with EEI’s 12 month proposal/comments.

Lynn Goldstein, 4/30/2018

- 0 - 0

Laurie Williams, PNM Resources - Public Service Company of New Mexico, 1, 4/30/2018

- 0 - 0

The SPP Standards Review Group feels that this isn’t enough time to get everything implemented. We suggest one year (1) in the event that an entity needs to get an unidentified Control Center into compliance.

SPP Standards Review Group, Segment(s) , 4/30/2018

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0