This comment form is no longer interactive because the comment period is closed.

2020-04 Modifications to CIP-012

Description:

Start Date: 04/26/2021
End Date: 06/09/2021

Associated Ballots:

Ballot Name Project Standard Pool Open Pool Close Voting Start Voting End
2020-04 Modifications to CIP-012 CIP-012-2 IN 1 ST 2020-04 Modifications to CIP-012 CIP-012-2 04/26/2021 05/25/2021 05/31/2021 06/09/2021
2020-04 Modifications to CIP-012 Implementation Plan IN 1 OT 2020-04 Modifications to CIP-012 Implementation Plan 04/26/2021 05/25/2021 05/31/2021 06/09/2021

Filter:

Hot Answers

ERCOT interprets Order 866 to mean that FERC would like to see a proactive obligation to promote availability of communications links and data between control centers through redundancy and/or service level agreements, for example.  As written, ERCOT has concerns as to whether the draft standard addresses the specific directives in the FERC Order.  As such, ERCOT proposes a requirement to address FERC’s proactive perspective.  Further, ERCOT agrees with the SDT and the comments of the ISO/RTO Standards Review Committee that the standard should require a plan to provide for the continuity of data if the primary communication link is unavailable or compromised and that coordination of responsibility between Control Centers should be required.  ERCOT offers the language below as one way to address these three related concepts.  

 

R2.          The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to promote the availability of communications links between Control Centers and data used for Real-time Assessment and Real-time monitoring. This does not include oral communications. The plan(s) shall include: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

2.1.         Measures the Responsible Entity will take to promote availability of communication links and data transmitted between Control Centers used for Real-time Assessment and Real-time monitoring. Examples include, but are not limited to, contracted service levels and redundant or backup communication capabilities.

2.2.         An Operating Process to recover unavailable or compromised communication links between Control Centers, including:

2.2.1.     The use of redundant or backup communication capability to maintain data availability between Control Centers;

2.2.2.     Actions taken to restore communications links and data flow;

2.2.3.     Methods of identifying the duration of data loss, if any, related to an incident involving loss of communication links between Control Centers; and

2.2.4.     Roles and responsibilities of personnel implementing the Responsible Entity’s Operating Process.

2.3.         If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for availability of communications links between Control Centers.

Brandon Gleason, 6/9/2021

- 0 - 0

Cowlitz agrees with the spririt of the requirement, but finds the use of "avalibility" too vauge. Currently the standard only addresses Control Center (CC) data communication with another CC that exists. However, the new proposed requirement implies data communication must exist between Control Centers with no criteria on how each responsible entity should identify who the communication links must be made available to, or if each responsible entity should identify those CCs where data is required. Current wording will create enforcement and monitoring uncertainty.

Russell Noble, Cowlitz County PUD, 3, 6/9/2021

- 0 - 0

Other Answers

Gladys DeLaO, CPS Energy, 1, 5/26/2021

- 0 - 0

Part 2.2 is inconsistent with the language in the other Requirements. Dominion Energy recommends making the language consistent as follows: Identification of how the Responsible Entity has addressed communication links and data restoration to maintain continuity of operations in the Responsible Entity’s plan.

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

This requirement reads as redundant to TOP-001-5 R20 – R24.  In satisfying TOP-001-5 R20 & R24, you indirectly satisfy CIP-012 R2.

Joshua Andersen, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

Although the SDT revised CIP-012-1 and added R2 to meet the directives outlined in FERC Order No. 866, the requirement may be better placed under a TOP standard. This requirement does not address Cyber Infrastructure Protection.

Glenn Barry, Los Angeles Department of Water and Power, 5, 6/1/2021

- 0 - 0

Duke Energy  does not agree with the changes as proposed. The existing wording may be confusing regarding applicability of the term “availability” to links vs to data.  We recommend these be presented separately for clarity. Furthermore, we recommend removal of ‘restoration’ from the requirement, as there may be alternate means in a plan where full restoration is not immediately needed. Also, data interruption can come in many forms, including partial data loss or data loss from sources, such as RTUs, outside the scope of CIP-012, so requirements to restore all such data may be over-reaching.

Duke Energy proposes the following wording to address the specific handling of links vs data;

R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to provide for the availability of communications links and data used for Real-time Assessment and Real-time monitoring that is transmitted between Control Centers. The Responsible Entity is not required to include oral communications in its plan. The plan shall include:

2.1. Identification of how the Responsible Entity has provided for the availability of the communications links;

2.2. Identification of how the Responsible Entity has addressed the risk of data interruption to maintain continuity of operations; and

2.3. Identification of the responsibilities of each Responsible Entity for providing availability of communications links and data that is transmitted between Control Centers owned or operated by different Responsible Entities.

Examples of 2.2 evidence may include :

  • a data interruption response plan with roles and responsibilities or
  • alternate data transfer or communication methods or
  • Other plans addressing how to mitigate the impact on operations

Duke Energy, Segment(s) 1, 5, 6, 3, 12/13/2019

- 1 - 0

The SPP Standards Review Group (SSRG) recommends the drafting team consider that entities should be able to utilize redundancy capabilities or multiple communication avenues if one data link is unavailable.

CIP-012-1 falls under the umbrella of CIP-002-5.1a, which does not allow for use of redundant systems to satisfy requirements.

In Order 866, NERC appears to identify redundancy as necessary to data exchange infrastructure (See P 20 of Order 866), and FERC recognized in Order 866 that redundant communication links help support availability (See P 21 of Order 866). The SSRG requests that the drafting team include language in CIP-012-1 that recognizes redundant systems as capable of meeting the availability requirements in a plan.

Southwest Power Pool Standards Review Group (SSRG), Segment(s) 2, 9/4/2019

- 0 - 0

“Availability” is too ambiguous a term to be used in this requirement. The current interpretation of “availability” is more in line with the amount of uptime and downtime utilization of the links between control centers. BPA recommends the term “availability” be replaced with “redundant links or backup links” to clarify the intent of CIP-012-2. 

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

No

NCPA agrees that other entity statements that the draft language does not clearly define the term "availability".  While we generally agree that availability is part of the cyber security triad, this language is targeted only to the communication links, which reside outside the scope of the protected BES Cyber Systems and is considered more of an operational concern than what the prior CIP standards address with regards to infrastructure protection.

Further, redundancy is a large part of any solution to increase availability, however redundancy has been specifically excluded from the evaluation criteria when defining BES Cyber Systems in CIP-002.  This appears to be inconsistent with the objective messaging of the prior standards.

Chris Carnesi, On Behalf of: Marty Hostler, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6

- 0 - 0

While including a requirement for Control Centers owned or operated by different Responsible Entities makes sense for the R1.3 security objective, it does not for R2.3. One entites communication link would only be relevant to their individual provider of that link and not another entity. This appears to simply require an agreement that each entity will ensure they have redundant communication links.

 

The inclusion of ‘in the Responsible Entity’s plan’ in R2.2 seems duplicative as it is already included in R2, ‘The plan shall include:’

WECC CIP, Segment(s) 10, 2/17/2021

- 0 - 0

Anthony Jablonski, ReliabilityFirst , 10, 6/7/2021

- 0 - 0

Rachel Coyne, Texas Reliability Entity, Inc., 10, 6/7/2021

- 0 - 0

Kelsey Settle, On Behalf of: Nova Scotia Power Inc., NPCC, Segments NA - Not Applicable

- 0 - 0

Stacy Lee, On Behalf of: City of College Station, , Segments 1

- 0 - 0

Dan Bamber, On Behalf of: ATCO Electric, , Segments 1

- 0 - 0

PNMR believes this requirement is unnecessary as IRO and TOP requirements address availability. If the intent is to cover the backup control centers, then SDT should revise IRO and TOP to scope in the back-up controls rather than a new requirement for CIP-012. 
Additionally, PNMR agrees with comments made by Duke Energy, SSRG, and Los Angeles Department of Water and Power. 

 

Aidan Gallegos, 6/7/2021

- 0 - 0

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

Scott McGough, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

ATC supports the comments of EEI

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 0 - 0

OKGE supports comments provided by EEI. 

OKGE, Segment(s) 6, 1, 3, 5, 3/22/2021

- 0 - 0

The addition of "availability" appears to overlap with the "redundancy and diverse routing requirements already established for TOP-001-5 - R24. Is the distinction between the infrastructure (e.g. switches, routers, firewalls) vs. the underlying communication infrastructure (e.g. fiber, ethernet)?

Oliver Burke, Entergy - Entergy Services, Inc., 1, 6/7/2021

- 0 - 0

FE would have preferred language similar to TOP-001 R20 -  “shall have data exchange capabilities with redundant and diversely routed data exchange infrastructure.”

 

FE Voter, Segment(s) 1, 3, 5, 6, 4, 2/23/2021

- 0 - 0

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

AEP supports the comments that EEI has provided. Please see below for EEI’s comments:

 

FERC Order No. 866 does not require entities to “provide for the availability of communications links and data” but rather to provide protections regarding the availability of those communication links and data.  The underscored language is different from what the Commission directed and what is contained in the proposed requirement.  Moreover, the Commission acknowledged in the order that the “redundancy of communication links cannot always be guaranteed” (see P35); responsible entities should therefore plan for both recovery of compromised communication links and use of backup communications.  To remedy this issue, we suggest the following modification to Requirement R2 and its subparts:

 

R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) that provide protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers. The Responsible Entity is not required to include oral communications in its plan. This plan shall include:

 

2.1  Identification of how the Responsible Entity has provided protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while   being transmitted between Control Centers; and 

 

2.2  Identification of how the Responsible Entity has addressed communications and data availability (strike flow and replace with availability because the order specifically directed availability) restoration in the Responsible Entity’s plan; and (strike to maintain continuity of operations because this statement makes no sense in the context of restoration of communications.)

 

2.3  If the Control Centers are owned or operated by different Responsible Entities, those entities shall jointly identify and record each entity’s responsibilities for providing protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring.

JT Kuehne, AEP, 6, 6/8/2021

- 0 - 0

Tacoma Power is concerned on utilizing the terminology “availability” in the Requirement language. Responsible Entities do not have complete control over portions of the communication system outside of the entities’ footprint. Responsible Entities cannot assure the availability of communication carrier networks, even if contract language specifies the availability.

Tacoma Power recommends amending the language in the Requirement to specify that entities only need to ensure availability up to the connection to the common carrier and provide demarcation of what parts of the system are under the Entities’ control.

Tacoma Power, Segment(s) 1, 3, 4, 5, 6, 3/9/2021

- 1 - 0

CenterPoint Energy Houston Electric, LLC (CEHE) does not agree with the proposed language. The terminology “real-time assessment and real-time monitoring data” is not clear as to what data is included. CEHE proposes that the SDT incorporate and reference language from the FERC Order - i.e. “With this understanding, we are satisfied that the data protected under Reliability Standard CIP-012-1 is the same data identified under Reliability Standards TOP-003-3 and IRO-010-2.” Adding a reference to the requirement specifying that the data is “the same data identified under Reliability Standards TOP-003-3 and IRO-010-2” would provide clarity on the terminology “real-time assessment and real-time monitoring data.”

Additionally, CEHE supports EEI’s comments.

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments NA - Not Applicable

- 0 - 0

As mentioned in FERC Order No. 866, CHDP shares the Commission’s concern that Reliability Standard CIP–012–1 does not adequately identify the types of data covered by its requirements and recommends that the term ‘‘Real-time monitoring’’ be defined in the Reliability Standard or the NERC Glossary.

In addition, “availability” as proposed in CIP-012-2 is too ambiguous. To clarify the intent of CIP-012-2, CHPD suggests the term “availability” be replaced with more specific wording such as “redundant communication links with diverse equipment and paths”.   If “availability” of data remains in the standard, provide guidance on how to establish “availability of data.”

CHPD recommends including language in CIP-012-2 that recognizes redundant systems as meeting the availability requirements. If the drafting team intends redundancy to accomplish the goal of availability, CHPD recommends considering expanding the scope of redundancy requirements under TOP-001-5 to include “between Control Centers.” In general, CHPD recommends similar requirements be consolidated under one standard instead of having similar requirements scattered among various standards.
 

CHPD, Segment(s) 3, 1, 6, 5, 6/8/2021

- 0 - 0

Southern Indiana Gas and Electric (SIGE) does not agree with the proposed language. The terminology “real-time assessment and real-time monitoring data” is not clear as to what data is included. SIGE proposes that the SDT incorporate and reference language from the FERC Order - i.e. “With this understanding, we are satisfied that the data protected under Reliability Standard CIP-012-1 is the same data identified under Reliability Standards TOP-003-3 and IRO-010-2.” Adding a reference to the requirement specifying that the data is “the same data identified under Reliability Standards TOP-003-3 and IRO-010-2” would provide clarity on the terminology “real-time assessment and real-time monitoring data.”

Additionally, SIGEsupports EEI’s comments

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 3, 5, 6

- 0 - 0

LCRA understands the intent of R2 is to reduce the risk that communication links are unavailable between applicable Control Centers; however, LCRA is uncertain what the desired output is based upon how R2 is currently written. Furthermore, the ambiguity around this risk-based requirement could yield inconsistent interpretations across Registered Entities and Regional Entities. By not defining the term “availability” the subjectivity of the requirement is unsatisfactory.

James Baldwin, Lower Colorado River Authority, 1, 6/8/2021

- 0 - 0

PG&E agrees with the response provided by EEI when EEI indicated FERC Order No. 866 did not require entities to “provide for the availability of communications links and data” but rather to provide protections regarding the availability of those communication links and data. 

PG&E supports the suggested modifications provided by EEI as part of their submission for this command and ballot.

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

LCRA understands the intent of R2 is to reduce the risk that communication links are unavailable between applicable Control Centers; however, LCRA is uncertain what the desired output is based upon how R2 is currently written. Furthermore, the ambiguity around this risk-based requirement could yield inconsistent interpretations across Registered Entities and Regional Entities. By not defining the term “availability” the subjectivity of the requirement is unsatisfactory.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

ACES feels that this new requirement does not address any risk to the BES.  Availability of communications links between Control Centers are often out of the control of Registered Entities, thus the reason for the exceptions in CIP-002 through CIP-011 and CIP-013.  Availability of communication links are more often out of the control of a Registered Entity and Registered Entities are at the mercy of communication providers from an availability perspective, andhaving a plan stating “Control Centers use redundant links and utilize multiple carriers and/or mediums” does not address any risks to the BES.  This requirement creates more administrative and compliance burden than protecting the BES. 

While availability of data is part of cybesecurity’s CIA triad, downed communication links between Control Centers or any other link for that matter, does not make data unavailable and therefore we do not feel this is a cybersecurity issue.  If Control Center data links were to become unavailable in any way, the issue would be investigated, and onlyif it was determined to be a cybersecurity incident would fall into the scope of CIP-008: Incident Reporting and Response planning, thus this requirement is not needed.

ACES also believes that R2.3 is redundant to R2.1 due to the other Responsible Entity’s Control Centers being in scope of R2 and is therefore unnecessary.

ACES Standard Collaborations, Segment(s) 1, 5, 3, 4, 6/8/2021

- 0 - 0

AZPS is in agreeance with EEI comments regarding the proposed addition of R2 not being in the scope of FERC Order No.866.  The focus is on providing protections regarding availability of the communication links and data instead of providing the availability of communications links and data.  The focus should be on the protections of the availability of links and data to make sure the responsible entity can plan for both recovery of compromised communication links and the use of backup communications. 

Suggested Alterations: addition of “protections” within the standard when speaking to availability. 

Daniela Atanasovski, APS - Arizona Public Service Co., 1, 6/8/2021

- 0 - 0

Southern Indiana Gas and Electric (SIGE) does not agree with the proposed language.  The terminology "real-time" assessment and real-time monitoring data" is not clear as  what data is included.  SIGE proposes that the SDT incorporate and reference language from the FERC Order 0 i.e. "Witth this understanding, we are satisfied that the data protected under Reliability Standard CIP-012-1 is the same data indentified under Reliability Standard TOP-003-3 and IRO-10-2."  Adding a reference to the requirement specifying that the data is "the same data identified under Relliability Standars TOP-003-3 and IRO-010-2" would provide clarity on the terminology "real-time assessment and real-time monitoring data."  Additionally, SIGE supports EEI's comments.

Larry Rogers, On Behalf of: Southern Indiana Gas and Electric Co., , Segments 3, 5, 6

- 0 - 0

This draft of the requirement implies redundancy, which does not align with existing CIP standards, particularly CIP 002-5.1a. As availability is the purview of operations, it would be better suited to IRO and TOP standards.

BC Hydro recommends removing this requirement from CIP-012 and revise IRO and TOP standards to address this need instead.

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

FERC Order 866 directed NERC to develop modification to require “protections” regarding availability of communication links and data communicated between bulk electric system Control Centers.

R2 should be modified to: 1) include the term “protections;” 2) be objective based; and 3) less prescriptive. The following is suggested:

R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) that provide protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers. The Responsible Entity is not required to include oral communications in its plan.  This plan shall address:

2.1  Methods of protection

2.2  Restoration plans

It is not necessary to have a separate part specifically for identification of responsibilities of Control Centers owned or operated by different Responsible Entities, since those would be covered by 2.1. This could be included in the technical rationale as an example of a possible protection.

Joseph Amato, On Behalf of: Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1,3; Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1,3

- 0 - 0

 

Availability is defined as “Ensuring timely and reliable access to and use of information” (per Technical Rationale document),  We request that the drafting team include in guidance or technical rationale some description of factors that should drive Responsible Entity definition of “timely” in the context of availability of data for RTA/RTM.

 

Possible overlap with other approved standards; IRO-010, TOP-003 and COM-001 Standards address availability already. R2 adds layer of complication/possible conflicts with already approved reliability standards.  Including availability in CIP-012 introduces an additional requirement for a compliance program to carefully review and maintain all plans/procedures related to standards mentioning availability to avoid potential non-compliance due to possible conflicts in requirements or applicability of measures involved to address availability.  This could involve duplication of effort and increase administrative burden beyond what is required to ensure power system reliability in this case.

John Galloway, On Behalf of: Michael Puscas, ISO New England, Inc., 2; Michael Puscas, ISO New England, Inc., 2

- 0 - 0

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

We appreciate the work accomplished so far in the drafting of R2 and its parts

but we recommend removing “how”language in R2.1 and R2.2 and suggest the following wording:

 

“2.1. Identify the available communications links and data transmitted between Control Centers and used for Real-time Assessment and Real-time monitoring

 

2.2. Identify restoration and continuity of operations to maintain and restore available communications links and data transmitted between Control Centers; “

Bruce Reimer, Manitoba Hydro , 1, 6/9/2021

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 1.

Alan Kloster, On Behalf of: Derek Brown, Evergy, 1,3,5,6; Derek Brown, Evergy, 1,3,5,6; Allen Klassen, Evergy, 1,3,5,6; Allen Klassen, Evergy, 1,3,5,6; Thomas ROBBEN, Evergy, 1,3,5,6; Thomas ROBBEN, Evergy, 1,3,5,6; Marcus Moor, Evergy, 1,3,5,6; Marcus Moor, Evergy, 1,3,5,6

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 1.

Derek Brown, Evergy, 5, 6/9/2021

- 0 - 0

IESO supports the comments submitted by IRC as well as NPCC

The IRC SRC supports the SDT’s efforts to model the proposed language for requirement R2 after an existing requirement, R1. That said, we recommend the SDT adopt the following proposed modifications as the language from R1 may not be a “best fit.” (Note: The “Recommended language” for Part 2.1 below is loosely modeled after that of another requirement, that in EOP-008-2, Part 1.6.)

Recommended language:

R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to provide for the availability of communications links between Control Centers and data used for Real-time Assessment and Real-time monitoring . The Responsible Entity is not required to include oral communications in its plan. The plan shall include: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

2.1. An Operating Process describing the actions to be taken to recover compromised communication links and data used for Real-time Assessment and Real-time monitoring, including:

2.1.1    The use of redundant or backup communication capability to maintain availability during the restoration period.  

2.1.2.   Identification of the roles for personnel involved in implementing the Operating Process.

2.2. If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for providing availability of communications links between Control Centers and data used for Real-time Assessment and Real-time monitoring.

NPCC: Availability is outside of most entities’ control because of outsourcing communications between locations. Also, IRO-010, TOP-003 and COM Standards address availability already. Previously industry gave this feedback. We recommend this SDT support the earlier industry feedback.

Leonard Kula, Independent Electricity System Operator, 2, 6/9/2021

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 1.

Allen Klassen, Evergy, 1, 6/9/2021

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 1.

Thomas ROBBEN, Evergy, 6, 6/9/2021

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 1.

Marcus Moor, Evergy, 3, 6/9/2021

- 0 - 1

 

Comments: FERC Order 866 directed NERC to develop modification to require “protections” regarding availability of communication links and data communicated between bulk electric system Control Centers.

R2 should be modified to: 1) include the term “protections;” 2) be objective based; and 3) less prescriptive. The following is suggested:

R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) that provide protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers. The Responsible Entity is not required to include oral communications in its plan.  This plan shall address:

2.1  Methods of protection

2.2  Restoration plans

 

It is not necessary to have a separate part specifically for identification of responsibilities of Control Centers owned or operated by different Responsible Entities, since those would be covered by 2.1. This could be included in the technical rationale as an example of a possible protection.

This less prescriptive and objective-based language meets the FERC Order and provides entities flexibility to define protections under their plan that will be used to meet the requirement.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/9/2021

- 0 - 0

Exelon is choosing to align with EEI in response to this question.

Daniel Gacek, Exelon, 1, 6/9/2021

- 0 - 0

Exelon is aligning with EEI in response to this question.

Kinte Whitehead, Exelon, 3, 6/9/2021

- 0 - 0

Exelon is aligning with EEI in response to this question.

Cynthia Lee, Exelon, 5, 6/9/2021

- 0 - 0

Exelon is aligning with EEI in response to this question,

Becky Webb, Exelon, 6, 6/9/2021

- 0 - 0

Byron Booker, On Behalf of: Lee Maurer, Oncor Electric Delivery, 1; Lee Maurer, Oncor Electric Delivery, 1

- 0 - 0

Alliant Energy supports the comments submitted by the MRO NSRF.

Larry Heckert, Alliant Energy Corporation Services, Inc., 4, 6/9/2021

- 0 - 0

reference NCPA Chris Carnesi’s comments

Michael Whitney, Northern California Power Agency, 3, 6/9/2021

- 0 - 0

The NSRF appreciates the work accomplished so far in the drafting of R2 and its parts.  We also appreciate the SDT’s efforts to model the proposed language for requirement R2 after an existing requirement, R1. That said, we recommend the SDT consider alternative requirement language e.g. that from EOP-008-2, Part 1.6, as a model as the language from R1 may not be a “best fit.”

Additional:

a. The NSRF recommends language that clearly allows entities to use redundant capabilities or multiple communications systems or architectures to address communications link availability so as not to leave any ambiguity with respect to the language in CIP-002-5.1a.  Control Centers are defined in CIP-002-5.1a, a standard which does not allow redundant system designs and architectures as controls to meet compliance obligations. In Order 866, NERC appears to identify redundancy as necessary to meet the Order’s data exchange infrastructure (See P 20 of Order 866), and FERC recognized in Order 866 that redundant communication links support the availability topic requested by FERC (See P 21 of Order 866). The NSRF recommends the SDT include language in CIP-012-2 that recognizes redundant systems as a solution to the issue of availability.

b.  The NSRF does not wish for “availability” in R2 to be defined as it is a simple term and defined by Merriam-Webster as “the quality or state of being available”.  Or in other words, being accessible when needed.

c. The draft language in R2.1 and R2.2 requires entities to identify “how” (“Identification of how”) which requires Entities to establish a process to meet the “how” and can result in Entities confusion about adherence to the language as it requires a process of “how” without regard to existing configurations, documentation, processes or systems design and architectures. The SDT should consider a more concise and simple language choice to clarify the deliverable as while allowing entities the flexibility of implementation.

d. Because FERC Order 866 describes the data in IRO-010 and TOP-003 which at a minimum is needed to be available, “monitoring” does not need to be defined within Real-time monitoring.

e. The NSRF views R2.3 as being redundant for the following reasons;

-It is duplicative of R1.3 which already establishes lines of responsibility among different owners of the Control Centers in question. Further, R2.1 and R2.2 already address availability and restoration. We ask the SDT to clarify what is intended to be shown/proven/demonstrated by the requirements in R2.3 and consider amend or strike the existing R2.3 language.

-Because R2.1 and R2.2 only states between (applicable) Control Centers regardless of ownership, R.2.3 is not required because  Control Centers owned and operated by different Responsible Entities are already included in R2.1 and R2.2.  R.2.2 clearly states a restoration process is required between Control Centers regardless of whom owns or operates the Control Center.

 

MRO NSRF, Segment(s) 2, 4, 1, 6, 3, 5, 3/31/2021

- 1 - 0

While the Requirement specifies the data type to be protected, it does not specifically identify “data paths” or “data flows” yet the Rationale states that these paths and/or flows, “data exchange infrastructure”, are the intended focus to address availability of data. Specifically referring to data exchange infrastructure for transmitting this data type, as done with communication links, would be consistent. 

Protection of data exchange infrastructure is appropriately placed in the CIP Standards, which could support retirement of TOP-001 R20/R21. Testing of infrastructure would be a reasonable control to assure functionality under CIP-012 as determined and designed by the entity’s plan and more in keeping with a risk-based approach than a prescriptive requirement. 

R2.3 is redundant in that applicable Control Centers must meet R2, which inherently requires coordination and communication. However, if the Drafting Team elects to keep R2.3, alternate language has been provided.

R2 The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to provide for the availability of communications links and data exchange infrastructure used for transmitting Real-time Assessment and Real-time monitoring data between Control Centers. The Responsible Entity is not required to include oral communications in its plan. The plan shall include:

2.1. Identification of how the Responsible Entity has provided for the continuity of data flow across communications links and data exchange infrastructure subject to R2;

2.2. Identification of how the Responsible Entity has addressed the restoration of applicable data flow across links and data exchange infrastructure subject to R2 to maintain continuity of operations in the Responsible Entity’s plan; and

2.3. If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for providing continuity of applicable data flow across communications links and data exchange infrastructure subject to R2.

Angela Wheat, Southwestern Power Administration, 1, 6/9/2021

- 0 - 0

The effort to measure, evaluate an assess the ‘availability’ of communication links would be quite burdensome on us (the entity) as well as our partners as a link works in two directions and both entities share responsibility on maintaining it. In addition, “availability” implies some degree of analysis that calculates a measurable value which is compared to a target – neither of which is identified in the SAR.

Nurul Abser, NB Power Corporation, 1, 6/9/2021

- 0 - 0

AEPCO agrees with ACES comments and feels that this new requirement does not address any risk to the BES.  Availability of communications links between Control Centers are often out of the control of Registered Entities, thus the reason for the exceptions in CIP-002 throughCIP-011 and CIP-013.  Availability of communication links are more often out of the control of a Registered Entity and Registered Entities are at the mercy of communication providers from an availability perspective, andhaving a plan stating “Control Centers use redundant links and utilize multiple carriers and/or mediums” does not address any risks to the BES.  This requirement creates more administrative and compliance burden than protecting the BES. 

While availability of data is part of cybesecurity’s CIA triad, downed communication links between Control Centers or any other link for that matter, does not make data unavailable and therefore we do not feel this is a cybersecurity issue.  If Control Center data links were to become unavailable in any way, the issue would be investigated, and onlyif it was determined to be a cybersecurity incident would fall into the scope of CIP-008: Incident Reporting and Response planning, thus this requirement is not needed.

 

AEPCO also agrees with ACES comments and believes that R2.3 is redundant to R2.1 due to the other Responsible Entity’s Control Centers being in scope of R2 and is therefore unnecessary.

 

AEPCO has signed on to ACES comments.

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 6/9/2021

- 0 - 0

FERC Order No. 866 does not require entities to “provide for the availability of communications links and data” but rather to provide protections regarding the availability of those communication links and data.  The underscored language is different from what the Commission directed and what is contained in the proposed requirement.  Moreover, the Commission acknowledged in the order that the “redundancy of communication links cannot always be guaranteed” (see P35); responsible entities should therefore plan for both recovery of compromised communication links and use of backup communications.  To remedy this issue, we suggest the following modification to Requirement R2 and its subparts:

 

R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) that provide protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers. The Responsible Entity is not required to include oral communications in its plan.  This plan shall include:

 

2.1  Identification of how the Responsible Entity has provided protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers; and

2.2  Identification of how the Responsible Entity has addressed communications and data availability (strike flow and replace with availability because the order specifically directed availability) restoration in the Responsible Entity’s plan; and (strike to maintain continuity of operations because this statement makes no sense in the context of restoration of communications.)

2.3  If the Control Centers are owned or operated by different Responsible Entities, those entities shall jointly identify and record each entity’s responsibilities for providing protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring.

 

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

MPC agrees with comments from Duke.

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

I agree with the NSRF's comments for #1 as uploaded.

larry brusseau, Corn Belt Power Cooperative, 1, 6/9/2021

Project 2020-04 Comment_Form_MRO NSRF_CIP-012.docx

- 0 - 0

N&ST is concerned that as written, R2 could be construed as requiring a Responsible Entity to achieve 100% availability of communication links and the data they carry, something FERC Order 866 concedes cannot always be guaranteed.

N&ST suggests the following, alternate wording: “The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to mitigate threats to the availability of communications links and Real-time Assessment and Real-time monitoring data communicated between Control Centers. The Responsible Entity is not required to include oral communications in its plan.”

Parts 2.1 through 2.3 should be modified to maintain consistency with this language.

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

Reclamation recommends the SDT ensure that, where applicable, the requirements for electronic communications are aligned to the existing requirements for interpersonal communication identified in COM-001-3:

  • Have electronic communication capability.

  • Where technically feasible, designate alternative electronic communication capability in the event of a failure of the primary communication capability.

  • Where applicable, test the alternate method of electronic communication.

The Technical Rationale states that CIP-012 R2 is meant to align with TOP-001 and IRO-002 requirements for data at the primary Control Center.  Reclamation recommends the SDT use the same wording as the referenced TOP and IRO standards.

Reclamation also recommends the SDT review the paragraph under CIP-012 Technical Rationale Figure 3. “Station Alpha and Entity A’s TOP Control Center subject to CIP-012 without the exemption” does not align with the description in Figure 3 that states, “This communication is exempt from CIP-012.”

Reclamation recommends the SDT add “Availability” to the NERC Glossary of Terms as it relates to intra-Control Center communication links (i.e., between Control Centers owned by the same registered entity) and inter-Control Center communications (i.e., between Control Centers owned by different registered entities, specifically between GOP/RC, GOP/TOP, and GOP/BA Control Centers).

Reclamation identifies that when using the plain meaning of the terms “access,” “use,” and “in transit,” it may not make sense to mandate that encrypted data be accessible and usable while in transit.  The purpose of encryption is to ensure data is not available during transmittal.  Data needs to be accessible and usable at both Control Centers, but not while it is being transmitted from one Control Center to another.

Reclamation does not recommend a NERC definition for monitoring. This term, uncapitalized, should continue to be used with its common definition.

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/9/2021

- 0 - 0

Karie Barczak, DTE Energy - Detroit Edison Company, 3, 6/9/2021

- 0 - 0

Tri-State does not agree with the proposed language and see several distinct issues: 1) the term availability is ambiguous and difficult to measure for literal implementation. For example, is a 30-minute outage acceptable?  2) We do not believe that communication links should be included in the requirements, and instead focus solely on the data. This will provide maximum flexibility to the entity in how they comply with the requirement. Additionally, the inclusion of communication links implies that an entity must have dual circuit/redundant communication paths or that those circuits must be high availability. 3) Most of the time, entities must use an outside network (AT&T, Verizon, etc.) for communication between Control Centers. Thus, the availability, redundancy, and restoration plans of most communication links between control centers are out of the entity's control. 4) There does not appear to be flexibility for risk-based decision-making, nor flexibility in solutions to address when there is an outage. 

Donna Wood, Tri-State G and T Association, Inc., 1, 6/9/2021

- 0 - 0

The ISO/RTO Council Standards Review Committee (IRC SRC)[1] supports the SDT’s efforts to model the proposed language for requirement R2 after an existing requirement, R1. That said, we recommend the SDT adopt the following proposed modifications as the language from R1 may not be a “best fit.” (Note: The “Recommended language” for Part 2.1 below is loosely modeled after that of another requirement, that in EOP-008-2, Part 1.6.)

In addition, we recommend the SDT consider the following in crafting the language in standard:

  • Explicit language that allows (but does not require) Responsible Entities to use redundant, diverse routing or backup communication capability as one action taken to provide for availability and recovery

Recommended language:

R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to provide for the availability of communications links used to transmit data between Control Centers for the purpose of Real-time Assessment and Real-time monitoring. The Responsible Entity is not required to include oral communications in its plan. The plan shall include: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

2.1. The actions taken to provide for the availability and recovery of communication links used to transmit data between Control Centers for the purpose of Real-time Assessment and Real-time monitoring, for which the use of redundant, diverse routing or backup communication capability is allowed but not required.

2.2. Identification of the roles for personnel involved in implementing the Responsible Entity’s plan.

2.3. If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for providing availability of communications links used to transmit data between Control Centers for the purpose of Real-time Assessment and Real-time monitoring.

[1] For purposes of these comments, the IRC SRC includes the following entities: IESO, ISO-NE, MISO, NYISO, PJM and SPP.

ISO/RTO Council Standards Review Committee 2020-04 Modifications to CIP-012 (Draft 1), Segment(s) 2, 6/9/2021

- 0 - 0

sean erickson, Western Area Power Administration, 1, 6/9/2021

CIP-012 - 2020-04_Unofficial_Comment_Form_WAPA.docx

- 0 - 0

Availability is outside of most entities’ control because of outsourcing communications between locations. Also, IRO-010, TOP-003, and COM Standards address availability already. Previously industry gave this feedback. We recommend this SDT supports the earlier industry feedback.

 

The SDT should use the same language as R1, i.e., talk only about the data and not communication links. We suggest the following wording:

The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to provide for the availability of data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers.

 

R1 makes reference to communications “between any applicable Control Centers”, while the proposed R2 is a more general “between Control Centers”.  Overall, this revision should clearly state that these requirements are only applicable to communications between “applicable” Control Centers.   

NOTE: the summary of R2 in the Technical Rationale document states “Between applicable Control Centers”

NPCC Regional Standards Committee, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 5/5/2021

- 0 - 0

Consider including verbiage from the technical rationale within the requirements’ language or include the technical rationale as part of the standard.  For example, from the draft R2 language “…provide for the availability of communications links and data used for Real-time assessment and Real-time monitoring…” is unclear, while from the technical rationale “These availability measures can be achieved via varied solutions including, but not limited to, redundant communication links and data paths. When identifying the methods used to provide availability, Responsible Entities should implement in a manner best fitting their individual circumstances.” is much more descriptive and more clearly explains what the requirement is trying to achieve.

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 0 - 0

We agree that conceptually the new requirement and parts meet the FERC directive to provide availability of the data and communication links. However, we feel that the lead-in sentence to the parts “the plan shall include” should be edited to the “the plan shall”.

R2.1 can be edited to read, including the lead-in statement:

“The plan shall:

2.1. Address how the Responsible Entity provides availability of communications links and dta used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers”

R2.2 can be edited to read, including the lead in statement:

“The plan shall:

2.2. Address communications and data flow restoration to maintain continuity of operations in the Responsible Entity’s plan”

This language could allow more flexibility to describe the manner in which each objective is achieved.

We also recommend removing R2.3, there are other reliability requirements that address an entity’s obiligation to keep the data and communication links available.

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 6/9/2021

- 0 - 0

Concerning the second part of the FERC directive in 866 on incident response & continuity of operations we ask for clarification because in our opinion new R2 requirement does not appear to us to meet the FERC directives.

 

David Jendras, Ameren - Ameren Services, 3, 6/9/2021

- 0 - 0

Southern does not agree with the proposed language as written. The language “provide for the availability of communications links and data” indicates there are two separate and distinct objects of the availability objective; the comm links and the data.  This implies that an entity’s plan must cover not only the data-in-motion between the Control Centers, but also the production (and potentially consumption) of the data by systems within the Control Centers; an area already covered by the requirements in IRO-002, IRO-010, EOP-008, and TOP-003 standards.

 

It also seems that “communications links and data” is the antecedent of the “while being transmitted” phrase, but comm links are not transmitted.

 

Southern suggests an approach that allows entities the flexibility to focus on either the data-in-motion or the comm links the data traverses.  Essentially it is a change from a “comm links AND data” construct to a “comm links OR data” construct as follows:

 

The Responsible Entity shall implement, except under CIP Exceptional Cirmcumstances, one or more documented plan(s) to provide for the availability of:

  • Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers; or
  • Communications links used to transmit Real-time Assessment and Real-time monitoring data between Control Centers.

The Responsible Entity is not required to include oral communications in its plan…

 

This allows the entity to choose either a data-centric or comm link-centric view to meet the same objective of providing for the availability of the data-in-motion while being transmitted between Control Centers.

 

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

OPG supports NPCC RSC’s comments.

Constantin Chitescu, Ontario Power Generation Inc., 5, 6/9/2021

- 0 - 0

PacifiCorp agrees that conceptually the new requirement and parts meet the the FERC directive to provide for the availability of the data and communication links. However, we feel that the the requirement should be more objective based and include “protections for the availability” as suggested in FERC order 866 and the lead in sentence to the parts “the plan shall include” should be edited to the “the plan shall”.  Also, by adding “applicable” to R2, maintains consistent Control Center scoping between requirements R1 and R2.

R2 could be edited to read:

“R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) that address protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between any applicable Control Centers. The Responsible Entity is not required to include oral communications in its plan.  The plan shall:”

Then R2.1 could be edited to read, including the lead in statement:

“The plan shall: 2.1. Address how the Responsible Entity provides protections for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers”

R2.2 could be edited to read, including the lead in statement:

“The plan shall: 2.2. Address availability restoration of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers”

We feel this language would allow more flexibility to describe the manner in which each objective is achieved.

We also recommend removing R2.3, the protections for the availability and coordination between Entities would be covered by implementing R2.2.

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 6/9/2021

- 0 - 0

Hot Answers

No response.

Brandon Gleason, 6/9/2021

- 0 - 0

The modification creates compliance uncertainty and therefore cost effeciency is lost.

Russell Noble, Cowlitz County PUD, 3, 6/9/2021

- 0 - 0

Other Answers

Gladys DeLaO, CPS Energy, 1, 5/26/2021

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

To be effective, it is going to take money, resources and planning to implement, and monitoring both from the primary entity to the register entity, and the primary Control Center and backup Control Center.

Joshua Andersen, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

Glenn Barry, Los Angeles Department of Water and Power, 5, 6/1/2021

- 0 - 0

Duke Energy does not agree that the cost impact is not clear. The addition of technical controls to monitor continuous data flow, as implied by the Technical Rational as being necessary for compliance, presents an uncertain cost and impact and therefore we cannot agree that it is cost effective at this time.

Duke Energy, Segment(s) 1, 5, 6, 3, 12/13/2019

- 0 - 0

Southwest Power Pool Standards Review Group (SSRG), Segment(s) 2, 9/4/2019

- 0 - 0

Implementation and maintenance of redundant links to all facilities within scope of the CIP-012-2 standard would be extremely costly.  Dedicated equipment and personnel would be required to maintain and preserve the integrity of the links to comply with the standard.

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

No

Based on how the draft language is written we don't know what is determined to be acceceptable "availability" and is difficult to discern future increases in associated costs.

Chris Carnesi, On Behalf of: Marty Hostler, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6

- 0 - 0

WECC CIP, Segment(s) 10, 2/17/2021

- 0 - 0

Anthony Jablonski, ReliabilityFirst , 10, 6/7/2021

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 6/7/2021

- 0 - 0

Kelsey Settle, On Behalf of: Nova Scotia Power Inc., NPCC, Segments NA - Not Applicable

- 0 - 0

Stacy Lee, On Behalf of: City of College Station, , Segments 1

- 0 - 0

Dan Bamber, On Behalf of: ATCO Electric, , Segments 1

- 0 - 0

Aidan Gallegos, 6/7/2021

- 0 - 0

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

Scott McGough, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 0 - 0

OKGE, Segment(s) 6, 1, 3, 5, 3/22/2021

- 0 - 0

Oliver Burke, Entergy - Entergy Services, Inc., 1, 6/7/2021

- 0 - 0

FE Voter, Segment(s) 1, 3, 5, 6, 4, 2/23/2021

- 0 - 0

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

JT Kuehne, AEP, 6, 6/8/2021

- 0 - 0

The proposed modifications are not cost effective. In order to provide redundant communication between control centers with no single points of failure, as specified in the Technical Rational, two separate carrier networks would be needed. There are limited carriers who can provide this service, so if two communication carriers need to be contracted, it will be difficult to secure them. Additionally, requiring a second carrier doubles the compliance cost with limited benefits to reliability. 

Tacoma Power, Segment(s) 1, 3, 4, 5, 6, 3/9/2021

- 1 - 0

CEHE does not agree that the modification meets FERC directives in a cost effective manner.  The proposed language for CIP-012, Requirement R2 does not provide guidance on what are acceptable measures for a Registered Entity to take to meet the requirement. There are not sufficient measures, guidelines, or technical rationale documented in the draft for an entity to design a solution that meets security goals and is cost effective. This allows varied interpretations, which may result in compliance risks. 

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments NA - Not Applicable

- 0 - 0

CHPD, Segment(s) 3, 1, 6, 5, 6/8/2021

- 0 - 0

SIGE does not agree that the modification meets FERC directives in a cost effective manner.  The proposed language for CIP-012, Requirement R2 does not provide guidance on what are acceptable measures for a Registered Entity to take to meet the requirement. There are not sufficient measures, guidelines, or technical rationale documented in the draft for an entity to design a solution that meets security goals and is cost effective. This allows varied interpretations, which may result in compliance risks. 

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 3, 5, 6

- 0 - 0

LCRA is unable to answer this question due to the inability to know what this requirement will entail. See the response to question 1 for additional details on LCRA’s perspective regarding uncertainty of outputs.

James Baldwin, Lower Colorado River Authority, 1, 6/8/2021

- 0 - 0

PG&E cannot agree the modifications are cost effective since the work to complete the implementation of CIP-012-1 is still ongoing and any work to implement CIP-012-2 modifications cannot be started until the full scope of those modifications is known.  PG&E would have preferred having an “Unknown” option to select for Question 2 since that would have been a more accurate response.

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

LCRA is unable to answer this question due to the inability to know what this requirement will entail. See the response to question 1 for additional details on LCRA’s perspective regarding uncertainty of outputs.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

ACES Standard Collaborations, Segment(s) 1, 5, 3, 4, 6/8/2021

- 0 - 0

AZPS does not agree with the proposed modifications of CIP-012-2 being cost effective based on the response provided for question #1. 

Daniela Atanasovski, APS - Arizona Public Service Co., 1, 6/8/2021

- 0 - 0

SIGE does not agree that the modification meets FERC directives in a cost effective manner.  The proposed language for CIP-012, requirement R2 does not provide guidance on what are acceptable measures for a Registered Entity to take to meet the requirement.  There are not sufficient measures, guidelines, or technical rationale documented in the draft for an entity to design a solution that meets the security goals and is cost effective.  This allows varied interpretations, which may result in compliance risks.

Larry Rogers, On Behalf of: Southern Indiana Gas and Electric Co., , Segments 3, 5, 6

- 0 - 0

It is unclear at this time what costs BC Hydro would incur, especially with respect to agreements with third parties and agreements required to implement R2.3. The ambiguity of "availability" could result in costs beyond what is needed to fulfill the intent.

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

The proposed prescriptive language of the three subparts creates an admininstrative burden of obtaining evidence that does not improve reliability of the Bulk Electric System. 

Joseph Amato, On Behalf of: Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1,3; Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1,3

- 0 - 0

 

 

 

Per the comment to #1, availability is already covered by other Standards (IRO-010, TOP-003 and COM-001 Standards).  Including availability in CIP-012 introduces an additional requirement for a compliance program to carefully review and maintain all plans/procedures related to standards mentioning availability to avoid potential non-compliance due to possible conflicts in requirements or applicability of measures involved to address availability.  This could involve duplication of effort and increase administrative burden beyond what is required to ensure power system reliability in this case.

If Availability is defined as “Ensuring timely and reliable access to and use of information” (per Technical Rationale document), “timely” could have a cost associated depending on what timely is defined (or understood/expected as).  We request that the drafting team include in guidance or technical rationale some description of factors that should drive Responsible Entity definition of “timely” in the context of availability of data for RTA/RTM.

John Galloway, On Behalf of: Michael Puscas, ISO New England, Inc., 2; Michael Puscas, ISO New England, Inc., 2

- 0 - 0

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

Bruce Reimer, Manitoba Hydro , 1, 6/9/2021

- 0 - 0

Alan Kloster, On Behalf of: Derek Brown, Evergy, 1,3,5,6; Derek Brown, Evergy, 1,3,5,6; Allen Klassen, Evergy, 1,3,5,6; Allen Klassen, Evergy, 1,3,5,6; Thomas ROBBEN, Evergy, 1,3,5,6; Thomas ROBBEN, Evergy, 1,3,5,6; Marcus Moor, Evergy, 1,3,5,6; Marcus Moor, Evergy, 1,3,5,6

- 0 - 0

Derek Brown, Evergy, 5, 6/9/2021

- 0 - 0

NPCC: Per the comment to #1, we suggest availability is already covered by other Standards

Leonard Kula, Independent Electricity System Operator, 2, 6/9/2021

- 0 - 0

Allen Klassen, Evergy, 1, 6/9/2021

- 0 - 0

Thomas ROBBEN, Evergy, 6, 6/9/2021

- 0 - 0

Marcus Moor, Evergy, 3, 6/9/2021

- 0 - 0

The proposed prescriptive language of the three subparts creates an admininstrative burden of obtaining evidence that does not improve reliability of the Bulk Electric System. 

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/9/2021

- 0 - 0

Daniel Gacek, Exelon, 1, 6/9/2021

- 0 - 0

Kinte Whitehead, Exelon, 3, 6/9/2021

- 0 - 0

Cynthia Lee, Exelon, 5, 6/9/2021

- 0 - 0

Becky Webb, Exelon, 6, 6/9/2021

- 0 - 0

Byron Booker, On Behalf of: Lee Maurer, Oncor Electric Delivery, 1; Lee Maurer, Oncor Electric Delivery, 1

- 0 - 0

Larry Heckert, Alliant Energy Corporation Services, Inc., 4, 6/9/2021

- 0 - 0

reference NCPA Chris Carnesi’s comments

Michael Whitney, Northern California Power Agency, 3, 6/9/2021

- 0 - 0

MRO NSRF, Segment(s) 2, 4, 1, 6, 3, 5, 3/31/2021

- 1 - 0

Angela Wheat, Southwestern Power Administration, 1, 6/9/2021

- 0 - 0

The effort to measure, evaluate an assess the ‘availability’ of communication links would be quite burdensome on us (the entity) as well as our partners as a link works in two directions and both entities share responsibility on maintaining it. In addition, “availability” implies some degree of analysis that calculates a measurable value which is compared to a target – neither of which is identified in the SAR.

Nurul Abser, NB Power Corporation, 1, 6/9/2021

- 0 - 0

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 6/9/2021

- 0 - 0

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

MPC agrees with comments from Duke.

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

None.

larry brusseau, Corn Belt Power Cooperative, 1, 6/9/2021

- 0 - 0

N&ST believes that as written, the draft “Technical Rationale” document strongly implies that Responsible Entities should employ redundant communication links between Control Centers to address R2. In some suburban and rural areas, this could be prohibitively expensive, of only marginal incremental benefit to availability (no options for path diversity), or both. While we agree that redundant links should be considered, we recommend the Technical Rationale document be revised to acknowledge this may not be a viable approach to mitigating availability threats in all cases.

N&ST notes, further, that while FERC Order 866 suggests it might be possible for a Responsible Entity to establish availability-related service level agreements with one or more network service providers, the Technical Rationale document makes no mention of this option.

 

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

Prior to proposing additional modifications, Reclamation also recommends each SDT take additional time to completely identify the scope to account for future potential compliance issues. This will provide economic relief for entities by minimizing the costs associated with the planning and adjustments required to achieve compliance with frequently changing standard versions. NERC should foster a compliance environment that will allow entities to fully implement technical compliance with current standards before moving to subsequent versions.

Reclamation recommends the SDT take particular care to coordinate CIP-012 changes with existing drafting teams for existing related standards to ensure consistency and avoid duplication, specifically, Project 2016-02 and Project 2019-03. This will help to minimize churn among standard versions, reduce the risk that standards will conflict with one another, and better align the standards.

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/9/2021

- 0 - 0

Karie Barczak, DTE Energy - Detroit Edison Company, 3, 6/9/2021

- 0 - 0

As currently drafted, the requirements seem to imply that data and communication paths be available all the time. This would require high availability and redundancy of both data and communication paths, which would most certainly be very costly. We feel there are other methods to ensure reasonable availability of data without mandating high availability and redundancy of communication links.

Additionally, high availability across communication links that an entity does not own end to end would likely require redundant network links/paths. R1 would apply to all redundant links as well, so they’d all have to be protected with encryption or the like. The hardware, separate conduit, software, service, and labor costs for redundancy would be significant.

Donna Wood, Tri-State G and T Association, Inc., 1, 6/9/2021

- 0 - 0

ISO/RTO Council Standards Review Committee 2020-04 Modifications to CIP-012 (Draft 1), Segment(s) 2, 6/9/2021

- 0 - 0

sean erickson, Western Area Power Administration, 1, 6/9/2021

CIP-012 - 2020-04_Unofficial_Comment_Form_WAPA.docx

- 0 - 0

Per the comment to #1, we suggest availability is already covered by other Standards.

 

The SDT is forcing the entities to invest in at least two means (communication links and data) to achieve its goal of data availability. The SDT should allow the entities the flexibility to ensure the availability of the data, in whichever means deemed sufficient by the entity.

NPCC Regional Standards Committee, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 5/5/2021

- 0 - 0

Increasing availability and security generally comes with increased cost, but Black HIlls Corporation doesn’t think the standard is requesting anything out of profile

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 0 - 0

We have no basis to determine the cost effectiveness of implementing this standard.

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 6/9/2021

- 0 - 0

David Jendras, Ameren - Ameren Services, 3, 6/9/2021

- 0 - 0

Once the requirement R2 has been clearly defined and established the implementation can be accomplished in a cost effective manner.

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

OPG supports NPCC RSC’s comments.

Constantin Chitescu, Ontario Power Generation Inc., 5, 6/9/2021

- 0 - 0

We have no basis to determine the cost effectiveness of implementing this standard. But we feel that changing R2 to be more objective based would allow flexibility to implement the requirements in a manner that is cost effective to the entity.

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 6/9/2021

- 0 - 0

Hot Answers

None.

Brandon Gleason, 6/9/2021

- 0 - 0

Russell Noble, Cowlitz County PUD, 3, 6/9/2021

- 0 - 0

Other Answers

Gladys DeLaO, CPS Energy, 1, 5/26/2021

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

Joshua Andersen, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

Glenn Barry, Los Angeles Department of Water and Power, 5, 6/1/2021

- 0 - 0

Duke Energy, Segment(s) 1, 5, 6, 3, 12/13/2019

- 0 - 0

Southwest Power Pool Standards Review Group (SSRG), Segment(s) 2, 9/4/2019

- 0 - 0

BPA recommends a 36-month implementation plan to allow for comprehensive planning, development, allocation of personnel, RFP / vendor vetting, contract procurement, identifying and purchasing goods, execution of equipment and testing to support implementation of CIP-012-2.

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

No

 

Chris Carnesi, On Behalf of: Marty Hostler, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6

- 0 - 0

WECC CIP, Segment(s) 10, 2/17/2021

- 0 - 0

Anthony Jablonski, ReliabilityFirst , 10, 6/7/2021

- 0 - 0

Rachel Coyne, Texas Reliability Entity, Inc., 10, 6/7/2021

- 0 - 0

Kelsey Settle, On Behalf of: Nova Scotia Power Inc., NPCC, Segments NA - Not Applicable

- 0 - 0

Stacy Lee, On Behalf of: City of College Station, , Segments 1

- 0 - 0

Dan Bamber, On Behalf of: ATCO Electric, , Segments 1

- 0 - 0

Aidan Gallegos, 6/7/2021

- 0 - 0

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

Scott McGough, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 0 - 0

OKGE, Segment(s) 6, 1, 3, 5, 3/22/2021

- 0 - 0

Oliver Burke, Entergy - Entergy Services, Inc., 1, 6/7/2021

- 0 - 0

FE Voter, Segment(s) 1, 3, 5, 6, 4, 2/23/2021

- 0 - 0

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

JT Kuehne, AEP, 6, 6/8/2021

- 0 - 0

Tacoma Power, Segment(s) 1, 3, 4, 5, 6, 3/9/2021

- 0 - 0

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments NA - Not Applicable

- 0 - 0

CHPD, Segment(s) 3, 1, 6, 5, 6/8/2021

- 0 - 0

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 3, 5, 6

- 0 - 0

LCRA is unable to answer this question due to the inability to know what this requirement will entail. See the response to question 1 for additional details on LCRA’s perspective regarding uncertainty of outputs.

James Baldwin, Lower Colorado River Authority, 1, 6/8/2021

- 0 - 0

PG&E agrees with the 24-month Implementation Plan.  PG&E would recommend the SDT consider allowing for an earlier adoption option as part of the Implementation Plan similar to what the Project 2019-02 BES Cyber System Information Access Management SDT placed in their Implementation Plan.

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

LCRA is unable to answer this question due to the inability to know what this requirement will entail. See the response to question 1 for additional details on LCRA’s perspective regarding uncertainty of outputs.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

ACES Standard Collaborations, Segment(s) 1, 5, 3, 4, 6/8/2021

- 0 - 0

AZPS agrees with the 24-month implementation plan at this time.

Daniela Atanasovski, APS - Arizona Public Service Co., 1, 6/8/2021

- 0 - 0

Larry Rogers, On Behalf of: Southern Indiana Gas and Electric Co., , Segments 3, 5, 6

- 0 - 0

At this time BC Hydro is unable to support the proposed 24-month implementation plan since, without plans in place, the timeframe required for implementation is currently unknown.

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

Joseph Amato, On Behalf of: Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1,3; Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1,3

- 0 - 0

We agree with the proposed 24-month implementation plan.

John Galloway, On Behalf of: Michael Puscas, ISO New England, Inc., 2; Michael Puscas, ISO New England, Inc., 2

- 0 - 0

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

Bruce Reimer, Manitoba Hydro , 1, 6/9/2021

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 3.

Alan Kloster, On Behalf of: Derek Brown, Evergy, 1,3,5,6; Derek Brown, Evergy, 1,3,5,6; Allen Klassen, Evergy, 1,3,5,6; Allen Klassen, Evergy, 1,3,5,6; Thomas ROBBEN, Evergy, 1,3,5,6; Thomas ROBBEN, Evergy, 1,3,5,6; Marcus Moor, Evergy, 1,3,5,6; Marcus Moor, Evergy, 1,3,5,6

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 3.

Derek Brown, Evergy, 5, 6/9/2021

- 0 - 0

NPCC: We agree with the proposed 24-month implementation plan.

Request clarification on unplanned changes. What is the implementation plan for unplanned changes?

Leonard Kula, Independent Electricity System Operator, 2, 6/9/2021

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 3.

Allen Klassen, Evergy, 1, 6/9/2021

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 3.

Thomas ROBBEN, Evergy, 6, 6/9/2021

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 3.

Marcus Moor, Evergy, 3, 6/9/2021

- 0 - 0

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/9/2021

- 0 - 0

Daniel Gacek, Exelon, 1, 6/9/2021

- 0 - 0

Kinte Whitehead, Exelon, 3, 6/9/2021

- 0 - 0

Cynthia Lee, Exelon, 5, 6/9/2021

- 0 - 0

Becky Webb, Exelon, 6, 6/9/2021

- 0 - 0

Byron Booker, On Behalf of: Lee Maurer, Oncor Electric Delivery, 1; Lee Maurer, Oncor Electric Delivery, 1

- 0 - 0

Alliant Energy supports the 24-month implementation plan.

Larry Heckert, Alliant Energy Corporation Services, Inc., 4, 6/9/2021

- 0 - 0

reference NCPA Chris Carnesi’s comments

Michael Whitney, Northern California Power Agency, 3, 6/9/2021

- 0 - 0

The NSRF supports the 24 month implementation plan.

MRO NSRF, Segment(s) 2, 4, 1, 6, 3, 5, 3/31/2021

- 1 - 0

Angela Wheat, Southwestern Power Administration, 1, 6/9/2021

- 0 - 0

Nurul Abser, NB Power Corporation, 1, 6/9/2021

- 0 - 0

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 6/9/2021

- 0 - 0

EEI supports a 24-month Implementation Plan.

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

I supports the 24 month implementation plan.

larry brusseau, Corn Belt Power Cooperative, 1, 6/9/2021

- 0 - 0

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/9/2021

- 0 - 0

Karie Barczak, DTE Energy - Detroit Edison Company, 3, 6/9/2021

- 0 - 0

It is difficult to judge at this point whether 24 months would be sufficient, as what would be required for compliance is not clear. Please note that it appears a solution to R2 may increase an entity's scope for R1. Therefore the implementation plan should also consider additional time for new R1 scope.

Donna Wood, Tri-State G and T Association, Inc., 1, 6/9/2021

- 0 - 0

ISO/RTO Council Standards Review Committee 2020-04 Modifications to CIP-012 (Draft 1), Segment(s) 2, 6/9/2021

- 0 - 0

sean erickson, Western Area Power Administration, 1, 6/9/2021

CIP-012 - 2020-04_Unofficial_Comment_Form_WAPA.docx

- 0 - 0

We agree with the proposed 24-month implementation plan.

Request clarification on unplanned changes. What is the implementation plan for unplanned changes?

NPCC Regional Standards Committee, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 5/5/2021

- 0 - 0

Seems reasonable with the 24 month implementation allowing for potential contract modifications when vendor provided evidence may be required.

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 0 - 0

NV Energy believes the 24 month implementation timeline is appropriate. 

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 6/9/2021

- 0 - 0

David Jendras, Ameren - Ameren Services, 3, 6/9/2021

- 0 - 0

Southern agrees with the 24-month implementation plan.

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

OPG supports NPCC RSC’s comments.

Constantin Chitescu, Ontario Power Generation Inc., 5, 6/9/2021

- 0 - 0

We believe 24 months is an appropriate timeframe to implement the new requirement.

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 6/9/2021

- 0 - 0

Hot Answers

None.

Brandon Gleason, 6/9/2021

- 0 - 0

Russell Noble, Cowlitz County PUD, 3, 6/9/2021

- 0 - 0

Other Answers

CPS Energy does not have any additional comments.

Gladys DeLaO, CPS Energy, 1, 5/26/2021

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

If an entity owns the entire physical and logical communication path from its own primary Control Center to its own backup Control Center and it is not encrypted, does this satisfy the requirement for R2? Does the entity have to encrypt from the primary Control Center to the backup Control Center? This might be an example within the Guidelines and Technical Basis.

Joshua Andersen, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

Glenn Barry, Los Angeles Department of Water and Power, 5, 6/1/2021

- 0 - 0

Duke Energy additional comment is as follows: the technical rationale describes monitoring for when data is ‘unavailable and is no longer updating’. While ‘heartbeat monitoring and monitoring” is presented as an option, it is the only option presented which may push auditors to only accept this. Furthermore, notification methods also seem to be intended to be required, however operational systems may have the capability to operate effectively with temporarly data loss or occasional malfunction of a field sensor or RTU which are out of the scope of CIP-012. It would help to make clear that CIP-012 monitoring is limited to successful data flow between control centers, and the content or completeness of that data is not the subject of R2.

 

Duke Energy, Segment(s) 1, 5, 6, 3, 12/13/2019

- 0 - 0

The SSRG recommends the drafting team consider the COM Standards be included in the CIP-012-1 Technical Rationale, where alignment with other standards is discussed (see Page 4 of the Technical Rationale at “Alignment with IRO and TOP standards”).

The SSRG recommends the drafting team review the alignment with other standards section where TOP-001-4 R32 is referenced. The current version should be TOP-001-5 and there is no R32, and R22 is identified as “Reserved.” This is most likely a typo from a previous Technical Rationale drafting team.

The SSRG would like to thank the drafting team for their efforts.

 

Southwest Power Pool Standards Review Group (SSRG), Segment(s) 2, 9/4/2019

- 0 - 0

BPA believes that availability related to CIP-012 would best be included under the CIP-009 standard which already incorporates strategies, plans and details of bringing BES Systems back online under Recovery Plans. If instead the SDT intends for redundancy to accomplish the goal of availability, BPA believes that would best be accomplished by expanding the scope of redundancy required under TOP-001 R20/R23 and IRO-001 R2 to include “between Control Centers.” Under either option, BPA recommends these standards be expanded instead of having different standards with very similar requirements.

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Chris Carnesi, On Behalf of: Marty Hostler, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6

- 0 - 0

The SDT stated in the 5/18/2021 webinar that R2 possibly could only apply to a primary Control Center and not a backup Control Center. This does not seem consistent with the definition of Control Center as a backup Control Center is still a Control Center and would be in scope of CIP-012 if applicable data is traversing the communication links to another Control Center (primary or backup).

WECC CIP, Segment(s) 10, 2/17/2021

- 0 - 0

Additional information should be referenced in the technical rationale document discussing the relationships between CIP-012-2, TOP-001-5, and IRO-002-7. 

Anthony Jablonski, ReliabilityFirst , 10, 6/7/2021

- 0 - 0

Texas RE noticed the Technical Rationale for Reliability Standard CIP-012-2 defines Availability, in accordance with NIST, as “Ensuring timely and reliable access to and use of information” (page 12).  While Texas RE agrees with the definition provided in the Technical Rational, Texas RE believes that the term “Availability” should likewise be specifically defined within the requirement language itself.  Texas RE recommends the SDT incorporate the proposed language Technical Rationale directly into the CIP-012-2 Requirement R2 as follows:

 

“The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to provide for the availability of communications links and data used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers. Availability is defined as ensuring timely and reliable access to and use of information.  The Responsible Entity is not required to include oral communications in its plan.”

 

Texas RE notes that this approach is similar to how the SDT incorporated the definition of “Access” developed in Project 2019-02 BCSI Access Management into the proposed CIP-004-X standard language. 

 

Additionally, Texas RE noticed “control centers” in the Overview of availability section of the Technical Rational is not capitalized.  Texas RE recommends the term be capitalized since it is defined in the NERC Glossary of Terms.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 6/7/2021

- 0 - 0

Kelsey Settle, On Behalf of: Nova Scotia Power Inc., NPCC, Segments NA - Not Applicable

- 0 - 0

Stacy Lee, On Behalf of: City of College Station, , Segments 1

- 0 - 0

Dan Bamber, On Behalf of: ATCO Electric, , Segments 1

- 0 - 0

n/a

Aidan Gallegos, 6/7/2021

- 0 - 0

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

Scott McGough, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 0 - 0

OKGE, Segment(s) 6, 1, 3, 5, 3/22/2021

- 0 - 0

No addtional comments.

Oliver Burke, Entergy - Entergy Services, Inc., 1, 6/7/2021

- 0 - 0

N/A

FE Voter, Segment(s) 1, 3, 5, 6, 4, 2/23/2021

- 0 - 0

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

We ask the SDT to consider adding additional bounds around the use of “availability”. In current form, there is significant room for interpretation as to the desired state of “availability”. Specifically in R2.2, “data flow restoration to maintain continuity of operations” seems to imply that the design of availability would require a zero-defect solution such that there would be zero impact to operations. This seems counter to current thresholds established in CIP-002 (15-minute impact) and/or other Ops & Planning criteria. 

Similarly, with regard to documentation, we ask that the SDT provide and/or incorporate the language of the standard into expected components documentations. If there are specific components desired, it would be helpful to lay out in a manner similar to the Baseline requirements of CIP-010 R1.1.

JT Kuehne, AEP, 6, 6/8/2021

- 0 - 0

FERC Order No. 866 specifies that Requirements are needed to ensure availability between Control Centers, but Entities do not have control of communication systems or lines outside of their footprint. Tacoma Power recommends that the scope of CIP-012 R2 be limited to the infrastructure Entities control within its own footprint, similar to TOP-001. However, this would then exacerbate the double jeopardy between TOP-001 and CIP-012. 

Tacoma Power, Segment(s) 1, 3, 4, 5, 6, 3/9/2021

- 1 - 0

Eli Rivera, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments NA - Not Applicable

- 0 - 0

CHPD recommends that the drafting team add language that clarifies CIP-012-2 monitoring is intended to be the successful data flow between control centers, and the content or completeness of that data is not the focus of R2. 

In addition, CHPD recommends removal of “restoration” from requirement R2.2.  Restoration of data does not apply to communication links, and restoration of data is most likely associated with BES systems or BES cyber assets (e.g., SCADA servers, RTUs, etc.) covered by CIP-009.

CHPD, Segment(s) 3, 1, 6, 5, 6/8/2021

- 0 - 0

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 3, 5, 6

- 0 - 0

LCRA is concerned that this requirement is subjective, which may yield inconsistent audits. The Technical Rationale document notes that “when identifying the methods used to provide availability, Responsible Entities should implement in a manner best fitting their individual circumstances.” Yet, there is not any indication on what level of risk reduction or availability achieved is sufficient. Does the desired result need to achieve a certain metric associated with undefined term “availability”?

James Baldwin, Lower Colorado River Authority, 1, 6/8/2021

- 0 - 0

PG&E appreciates the work of the CIP-012-2 SDT and has no additional comments at this time.

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

LCRA is concerned that this requirement is subjective which may yield inconsistent audits. The Technical Rationale document notes that “when identifying the methods used to provide availability, Responsible Entities should implement in a manner best fitting their individual circumstances.” Yet, there is not any indication on what level of risk reduction or availability achieved is sufficient. Does the desired result need to achieve a certain metric associated with undefined term “availability”?

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

We would like to thank the SDT for all their hard work and allowing us to provide feedback.

ACES Standard Collaborations, Segment(s) 1, 5, 3, 4, 6/8/2021

- 0 - 0

AZPS has no additional comments for the standard drafting team to consider. 

Daniela Atanasovski, APS - Arizona Public Service Co., 1, 6/8/2021

- 0 - 0

Larry Rogers, On Behalf of: Southern Indiana Gas and Electric Co., , Segments 3, 5, 6

- 0 - 0

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

Please consider adding examples of acceptable protections to the measure or Technical Rationale, especially when encryption isn’t an available option.

Joseph Amato, On Behalf of: Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1,3; Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1,3

- 0 - 0

Availability is defined as “Ensuring timely and reliable access to and use of information” (per Technical Rationale document). We request that the drafting team include in guidance or technical rationale some description of factors that should drive Responsible Entity definition of “timely” in the context of availability of data for RTA/RTM.

John Galloway, On Behalf of: Michael Puscas, ISO New England, Inc., 2; Michael Puscas, ISO New England, Inc., 2

- 0 - 0

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

Bruce Reimer, Manitoba Hydro , 1, 6/9/2021

- 0 - 0

Alan Kloster, On Behalf of: Derek Brown, Evergy, 1,3,5,6; Derek Brown, Evergy, 1,3,5,6; Allen Klassen, Evergy, 1,3,5,6; Allen Klassen, Evergy, 1,3,5,6; Thomas ROBBEN, Evergy, 1,3,5,6; Thomas ROBBEN, Evergy, 1,3,5,6; Marcus Moor, Evergy, 1,3,5,6; Marcus Moor, Evergy, 1,3,5,6

- 0 - 0

Derek Brown, Evergy, 5, 6/9/2021

- 0 - 0

Request clarification / example of a CIP Exceptional Circumstance for R2 since this Requirement seems focused on contingencies

Leonard Kula, Independent Electricity System Operator, 2, 6/9/2021

- 0 - 0

Allen Klassen, Evergy, 1, 6/9/2021

- 0 - 0

Thomas ROBBEN, Evergy, 6, 6/9/2021

- 0 - 0

Marcus Moor, Evergy, 3, 6/9/2021

- 0 - 0

 Please consider adding examples of acceptable protections to the measure or Technical Rationale, especially when encryption isn’t an available option.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/9/2021

- 0 - 0

R1 speaks to Confidentiality and Integrity, while R2 relates to Availability to complete the CIA triad.  One question that’s not clear is…. what does the exemption mean that is listed in section A. 4.2.3? 

“4.2.3. A Control Center that transmits to another Control Center Real-time Assessment or Real-time monitoring data pertaining only to the generation resource or Transmission station or substation co-located with the transmitting Control Center.”

We’ll need to make sure we understand that “exclusion” so that we can provide clear guidance each time we are asked about it.

·         2.3 - Who determines who takes ownership of the said communication links, when ownership is different between two control centers?

There are some concerns around what “data” is. The protections for the availability of communications links…” isn’t a concern but what is implied by data availability? Are we defining the amount of data that can be available during the plan? There is a level of ambiguity there and more clarity would assist responsible entities when developing plans.

Daniel Gacek, Exelon, 1, 6/9/2021

- 0 - 0

R1 speaks to Confidentiality and Integrity, while R2 relates to Availability to complete the CIA triad.  One question that’s not clear is…. what does the exemption mean that is listed in section A. 4.2.3? 

“4.2.3. A Control Center that transmits to another Control Center Real-time Assessment or Real-time monitoring data pertaining only to the generation resource or Transmission station or substation co-located with the transmitting Control Center.”

We’ll need to make sure we understand that “exclusion” so that we can provide clear guidance each time we are asked about it.

·         2.3 - Who determines who takes ownership of the said communication links, when ownership is different between two control centers?

There are some concerns around what “data” is. The protections for the availability of communications links…” isn’t a concern but what is implied by data availability? Are we defining the amount of data that can be available during the plan? There is a level of ambiguity there and more clarity would assist responsible entities when developing plans.

Kinte Whitehead, Exelon, 3, 6/9/2021

- 0 - 0

R1 speaks to Confidentiality and Integrity, while R2 relates to Availability to complete the CIA triad.  One question that’s not clear is…. what does the exemption mean that is listed in section A. 4.2.3? 

“4.2.3. A Control Center that transmits to another Control Center Real-time Assessment or Real-time monitoring data pertaining only to the generation resource or Transmission station or substation co-located with the transmitting Control Center.”

We’ll need to make sure we understand that “exclusion” so that we can provide clear guidance each time we are asked about it.

·         2.3 - Who determines who takes ownership of the said communication links, when ownership is different between two control centers?

There are some concerns around what “data” is. The protections for the availability of communications links…” isn’t a concern but what is implied by data availability? Are we defining the amount of data that can be available during the plan? There is a level of ambiguity there and more clarity would assist responsible entities when developing plans.

Cynthia Lee, Exelon, 5, 6/9/2021

- 0 - 0

R1 speaks to Confidentiality and Integrity, while R2 relates to Availability to complete the CIA triad.  One question that’s not clear is…. what does the exemption mean that is listed in section A. 4.2.3? 

“4.2.3. A Control Center that transmits to another Control Center Real-time Assessment or Real-time monitoring data pertaining only to the generation resource or Transmission station or substation co-located with the transmitting Control Center.”

We’ll need to make sure we understand that “exclusion” so that we can provide clear guidance each time we are asked about it.

·         2.3 - Who determines who takes ownership of the said communication links, when ownership is different between two control centers?

There are some concerns around what “data” is. The protections for the availability of communications links…” isn’t a concern but what is implied by data availability? Are we defining the amount of data that can be available during the plan? There is a level of ambiguity there and more clarity would assist responsible entities when developing plans.

Becky Webb, Exelon, 6, 6/9/2021

- 0 - 0

No additional comments.

Byron Booker, On Behalf of: Lee Maurer, Oncor Electric Delivery, 1; Lee Maurer, Oncor Electric Delivery, 1

- 0 - 0

Alliant Energy supports the comments submitted by the MRO NSRF.

Larry Heckert, Alliant Energy Corporation Services, Inc., 4, 6/9/2021

- 0 - 0

reference NCPA Chris Carnesi’s comments

Michael Whitney, Northern California Power Agency, 3, 6/9/2021

- 0 - 0

Suggested Language with R2.3 removed.

 R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to identify the available communications links and data transmitted between Control Centers and used for Real-time Assessment and Real-time monitoring The Responsible Entity is not required to include oral communications in its plan. The plan shall: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

2.1. Identify the available communications links and data transmitted between Control Centers and used for Real-time Assessment and Real-time monitoring while being transmitted between Control Centers;

2.2. Identify restoration and continuity of operations to maintain and restore available communications links and data transmitted between Control Centers.

Suggested Language with R2.3 remaining

R2. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to provide for the availability of communications links used to transmit data between Control Centers and data used for the purpose of Real-time Assessment and Real-time monitoring. The Responsible Entity is not required to include oral communications in its plan. The plan shall include: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

2.1. The actions taken to provide for the availability and recovery of communication links used to transmit data between Control Centers for the purpose of Real-time Assessment and Real-time monitoring, for which the use of redundant, diversely routed or backup communication capability is allowed but not required.

2.2.       Identification of the roles for personnel involved in implementing the Responsible Entity’s plan.

2.3. If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for providing availability of communications links used to transmit data between Control Centers for the purpose of Real-time Assessment and Real-time monitoring.

 COMMENTS ON TECHNICAL RATIONALE

NSRF Member Recommended Technical Rational (TR) - for the following items and also requiring ERO approval of the TR in order to assist applicable Entities in complying with these proposed changes.  This is part of the SDT’s compliance outreach.

a.That “communication links” are the medium (copper wire pairs, fiber lines, etc.) in which data is transmitted between Control Centers, and that the “data” is the set of information that is needed for Real-time Assessments and Real-time monitoring.

b. The TR should clearly address the applicability proposed in R1 and R2 to clearly state that the required plan addresses Real-time Assessment data between Control Centers (as in R1) and not data ingress or egress non-Control Center locations – such as from field devices communicated to Control Centers, notwithstanding, GOP Control Centers.

MRO NSRF, Segment(s) 2, 4, 1, 6, 3, 5, 3/31/2021

- 1 - 0

The Technical Rationale states (PDF pg 5, top paragraph) that, “the SDT drafted requirements to provide Responsible Entities the latitude to protect the communication links, the data, or both...” However, this language uses “or” while R2 uses “and”. The use of “and” is understood to indicate that all elements must be addressed. It is clear that links and data (exchange infrastructure) are separate so stating that the Requirement’s intent is satisfied by only protecting one or the other (or both) is confusing.

Angela Wheat, Southwestern Power Administration, 1, 6/9/2021

- 0 - 0

Nurul Abser, NB Power Corporation, 1, 6/9/2021

- 0 - 0

We would like to thank the SDT for all their hard work and allowing us to provide feedback.

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 6/9/2021

- 0 - 0

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

MPC agrees with comments from Duke.

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

I agree with the NSRF's comments for #4 as uploaded.

larry brusseau, Corn Belt Power Cooperative, 1, 6/9/2021

Project 2020-04 Comment_Form_MRO NSRF_CIP-012.docx

- 0 - 0

N&ST noted that during the May 18, 2021 SDT CIP-012 webinar, a question was asked about whether “endpoint” devices, such as ICCP servers and nodes, would be in scope for R2. An SDT representative responded by saying he did not believe so. N&ST agrees with this opinion but strongly believes this exclusion should be made explicit in R2. The last sentence could be modified to say,

“The Responsible Entity is not required to include (1) oral communications, or (2) endpoint devices such as ICCP servers and nodes in its plan.”

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

Reclamation recommends that CIP-012 include requirements to review, test, use, and update the required plans similar to CIP-008/CIP-009 requirements. The requirement to implement a plan may convey these things, but is vague and could be confusing. Reclamation recommends the SDT modify CIP-012 to follow the predictable approach of:

R1 – Identify risks that could allow unauthorized disclosure, unauthorized modifications, or unacceptable availability.

R2 – Identify controls to minimize risks to acceptable levels.

R3 – Document a plan to implement and maintain controls identified in R2.

R4 – Annually (not to exceed 15 months) test and validate the R3 plan and controls.

It is not clear how a CIP Exceptional Circumstance would impact the mitigation of the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data; therefore, Reclamation recommends that a provision for CIP Exceptional Circumstances is not necessary in CIP-012.

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/9/2021

- 0 - 0

Karie Barczak, DTE Energy - Detroit Edison Company, 3, 6/9/2021

- 0 - 0

As detailed above, high availability would likely require redundancy. To keep costs manageable for the industry, we suggest allowing a non-encrypted redundant link for high availability when the primary link is down and/or under emergency situations.

Donna Wood, Tri-State G and T Association, Inc., 1, 6/9/2021

- 0 - 0

ISO/RTO Council Standards Review Committee 2020-04 Modifications to CIP-012 (Draft 1), Segment(s) 2, 6/9/2021

- 0 - 0

sean erickson, Western Area Power Administration, 1, 6/9/2021

- 0 - 0

Request clarification/example of a CIP Exceptional Circumstance for R2 since this requirement seems focused on contingencies.

NPCC Regional Standards Committee, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 5/5/2021

- 0 - 0

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 0 - 0

Some implementations of CIP-012- R1 are including the use of third party providers to establish, manage and maintain integrity and confidentiality of the data transported on the communication links.The third party’s obligation will be to maintain availability of the communication links, therefore, how the third party approaches communications link availability may not be visible to the Responsible Entity. So a requirement to “identify” how this is done might be outside our ability legally or otherwise to obtain.

At some point in the process when the communication link goes down, the Responsible Entity might have an obligation to call a service desk to open up an emergency repair ticket with the Third Party provider. Then from there responsibility is transferred. The only information we’d have to audit is a time stamp when the “network” went down, and documentation of the call or email to the Third Party’s service desk. Then a timestamp when the “network” is restored. We don’t believe this is the intent of the SDT to create an audit of the administrative dealings between the Responsible Entity and third party service provider.

However, where the Responsible Entity manages and operates the infrastructure to support CIP-012 requirements, then we believe “addressing” how the Responsible Entity is maintaining communication links availability makes more sense, but not be required to “identify” the components and operations of how that communications infrastructure works to accomplish this.

NV Energy also would like to provide the O&P requirements that do address to some extent the availability of communication paths to interconnected Entities: 

TOP-001-5

R20. Each Transmission Operator shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Transmission Operator’s primary Control Center, for the exchange of Real-time data with its Reliability Coordinator, Balancing Authority, and the entities it has identified it needs data from in order for it to perform its Real-time monitoring and Real-time Assessments.

R21. Each Transmission Operator shall test its primary Control Center data exchange capabilities specified in Requirement R20 for redundant functionality at least once every 90 calendar days. If the test is unsuccessful, the Transmission Operator shall initate action within two hours to restore redundant functionality.

R23. Each Balancing Authority shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Balansing Authority’s primary Control Ceneter, for the exchange of Real-time data with its Reliablity Coordinator, Transmission Operator, and the entities it has identified it needs data from in order for it to perform its Real-time monitoring and analysis functions.

R24. Each Balancing Authority shall test its primary Contorl Center data exchange capabilities specified in Requirement R23 for redundant functionality at least once every 90 calendar days. If the test is unsuccessful, the Balancing Authority shall initiate action within two hours to restore redundant functionality.

 

IRO-002-7

R2. Each Reliability Coordinator shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Relaibility Coordinator’s primary Control Center, for the exahnge of Real-time data with its Balancing Authorities and Trasnmission Operators, and with other entities it deems necessary, for performing its Real-tiem monitoring and Real-time Assessments.

R3. Each Reliability Coordinator shall test its primary Control Center data exhchange capabilities specified in Requirement R2 for redundant functionality at least once every 90 calendar days. IF the test is unsuccessful, the Reliability Coordinator shall intiate action within two hours to restore redundant functionality.

 

EOP-008-2

R1. Each Relibility Coordinator, Balancing Authority, and Transmission Operator shall have a current Operating Plan describing the manner in which it continures to meet its functional obligations with regard to the reliable operations of the BES in the event that its primary control center functionality is lost. This Operating Plan for backup functionality shall include:

1.1.T he location and method of implementation for providing backup functionality.

1.2. A summary description of the elements required to support the backup functionality, These elements shall include:

1.2.1.      Tools and applications to ensure that System Operators have situational awareness of the BES.

1.2.2.      Data exchange capabilities.

1.2.3.      Interpersoanl Communications.

1.2.4.      Power source(s).

1.2.5.      Physical and cyber security.

1.3.An Operating Process for keeping the backup functionality consistent with the primary control center.

1.4.Operating Procedures, including decision authority, for use in determining when to implement the Operating Plan for backup functionality.

1.5.A transition period between the loss of primary control center functionality and the time to fully implement the backup functionality that is less than or equal to two hours.

1.6 An Operating process describing the actions to be taken during the transition period between the loss of primary control center functionality and the time to fully implement backup functionality elements identified in Requiement R1, Part 1.2. The Operating process shall include:

1.6.1.      A list of all entities to notify when there is a change in operating locations.

1.6.2.      Actions to manage the risk to the BES during the transition from primary to backup functionality, as well as during outages of the primary or backup functionality.

1.6.3 Identificaiton of the roles for personnel involved during the initiation and implementation of the Operating Plan for bakup functionality.

Kevin Salsbury, Berkshire Hathaway - NV Energy, 5, 6/9/2021

- 0 - 0

David Jendras, Ameren - Ameren Services, 3, 6/9/2021

- 0 - 0

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

OPG supports NPCC RSC’s comments.

Constantin Chitescu, Ontario Power Generation Inc., 5, 6/9/2021

- 0 - 0

Some implementations of CIP-012 R1 are including the use of third party providers to establish and manage the communication links to maintain integrity and confidentiality of the data transported on the communication links. Part of the third party’s obligation will be to maintain availability of the communication links. How the third party approaches communications link availability may not be visible to the Responsible Entity, therefore a requirement to “identify” how this is done might be outside our ability legally or otherwise to obtain.

For Example: At some point in the restoration process when the communication link goes down, the Responsible Entity might have an obligation to call a service desk to open up an emergency repair ticket with the Thrid Party provider. From there the restoration responsibility is transferred. The only information the Responsible Entity would have to audit is a time stamp when the “network” went down, and documentation of the call or email to the Thrid Party’s service desk. Then possibly a timestamp when the “network” is restored if the right technology is implemented to capture this. We don’t believe this is the intent of the SDT to create an audit of the administrative dealings between the Resonsible Entity and third party service provider. However, describing this process in the Responsible Entity’s CIP-012 Plan, would demonstrate how the Responsible Entity addresses the suggested R2.2 language in Question 1 above.  Any documented correspondence between the Third Party and Responsible Entity could be used to demonstrate implementation of R2.2.

However, where the Responsible Entity manages and operates the infrastructure to support CIP-012 requirements, then we believe adding more details to “addressing” how the Responsible Entity is protecting communication links availability makes more sense, but still not being required to “identify” the specific components and operations of how that communications infrastructure works to accomplish this

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 6/9/2021

- 0 - 0