This comment form is no longer interactive because the comment period is closed.

2020-04 Modifications to CIP-012 | Draft 2

Description:

Start Date: 11/30/2021
End Date: 01/24/2022

Associated Ballots:

Ballot Name Project Standard Pool Open Pool Close Voting Start Voting End
2020-04 Modifications to CIP-012 CIP-012-2 AB 2 ST 2020-04 Modifications to CIP-012 CIP-012-2 04/26/2021 05/25/2021 01/14/2022 01/24/2022
2020-04 Modifications to CIP-012 CIP-012-2 Non-Binding Poll AB 2 NB 2020-04 Modifications to CIP-012 CIP-012-2 Non-Binding Poll 04/26/2021 05/25/2021 01/14/2022 01/24/2022
2020-04 Modifications to CIP-012 Implementation Plan AB 2 OT 2020-04 Modifications to CIP-012 Implementation Plan 04/26/2021 05/25/2021 01/14/2022 01/24/2022

Filter:

Hot Answers

OPG supports the NPCC Regional Standards Committee no NGrid‘s comments.

Constantin Chitescu, Ontario Power Generation Inc., 5, 1/24/2022

- 0 - 0

Southern Company strongly disagrees with asking for Availability to be defined.  We are aligned with EEI in most of our comment that follows, but please note some important differences in the proposed language.  

We feel additional modifications are needed to ensure that entities have adequate flexibility to demonstrate that availability is fully addressed and provides responsible entities with results-based requirements that are achievable and clearly defined. For this reason, we suggest that the SDT consider splitting Requirement R1, subpart 1.1 (as indicated below) and substitute “availability protection” with the term “availability provisions”.  Such a change, in the context of availability, is important because protections for availability are subjective whereas making availability provisions is something that, regardless of the approach, is achievable and clearly understood.  To address the above concern, we suggest that R1.1 could be split.  Note the following suggested Language:

R1.1 Identification of security protection used to mitigate the risks posed by unauthorized disclosure and unauthorized modification of Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers;

R1.2 (new)  Identification of availability provisions used to mitigate the risk posed by loss of availability of Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers;

Additionally, the use the Measures supporting these two Requirements provided above would alleviate the regulatory certainty concerns many companies are facing with the proposed language used in the 2nd Draft.  As examples of Measures that could be developed to support the two requirement above are as follows:

M1.  Examples of evidence may include, but are not limited to:

(1.1) Security Protections

  • Identification of points where encryption/decryption of the data occurs at either a transport, network, or application layer.
  • Physical access restrictions to unencrypted portions of the network 

(1.2) Availability Provisions

  • Network diagrams showing redundancy of paths between Control Centers
  • Procedures explaining the use of alternative systems or methods for providing for the availability of the data
  • Service-level agreements with carriers containing high availability provisions

(1.3)     <and the rest>

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Other Answers

DTE Energy - DTE Electric, Segment(s) 3, 5, 4, 12/8/2021

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 10/18/2018

- 0 - 0

Manitoba Hydro agrees with the language in R1. The language could be simplified by eliminating sub-requirement R1.3 and combining with R1.1 directly. Current language: R1.3 "Identification of where the Responsible Entity applied security and availability protection(s) as required in Part 1.1" . Proposed modification to R.1.1: Identification of security and availability protection(s), including where protections are applied,  used to mitigate the risks posed by unauthorized disclosure and, unauthorized modification, and loss of availability of data used for Real-time Assessment and Real-time monitoring data while such data is being transmitted between Control Centers

Jay Sethi, On Behalf of: Manitoba Hydro - MRO - Segments 1, 3, 5, 6

- 0 - 0

While the language in R1 may address security and availability, the availability portion of this proposed standard is better suited for IRO-010, TOP-003, TOP-001 or any other applicable standard within the Operations and Planning suite of standards.  Ensuring availability of communication links through redundancy and/or diversity is a significant departure in scope from the CIP standards.  The CIP standards generally require controls and protections to be applied at the device level.  This proposed language involves protections outside of the device and, in this case, the Entity’s Electonic Security Perimeter.

Patricia Lynch, NRG - NRG Energy, Inc., 5, 1/17/2022

- 0 - 0

There is currently no definition of "availability".  AEPCO agrees with ACES comments of adding a NERC definition for "availability" or adoption a NIST definition.

 

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 1/18/2022

- 0 - 0

Duke Energy does not believe the SDT revised CIP-012-1 in a way that best meets the directives outlined in FERC Order No. 866. The SDT’s use of “availability protections” is unclear and would require further definition of this term versus referring to the NIST definition of availability defined as “ensuring timely and reliable access to and use of information”. Using the language “security and availability protections” leaves us with questions. We prefer the language of FERC Order No. 822 specifically directing NERC to modify the Reliability Standards to require entities to implement controls to protect communication links and data communicated between BES Control Centers. FERC Order No. 866 conveys FERC’s assertion that NERC did not address availability. We think that availability should be addressed using language that references controls to protect availability of communication links and data.  Please see Question 5 below and our suggested rewording of sub requirement 1.2.

Katie Connor, On Behalf of: Duke Energy - SERC, RF - Segments 1, 3, 5, 6

- 0 - 0

While the language in R1 may address security and availability, the availability portion of this proposed standard is better suited for IRO-010, TOP-003, TOP-001 or any other applicable standard within the Operations and Planning suite of standards.  Ensuring availability of communication links through redundancy and/or diversity is a significant departure in scope from the CIP standards.  The CIP standards generally require controls and protections to be applied at the device level.  This proposed language involves protections outside of the device and, in this case, the Entity’s Electonic Security Perimeter. 

Martin Sidor, NRG - NRG Energy, Inc., 6, 1/18/2022

- 0 - 0

The proposed language states that entities are to have a plan to mitigate the risks of a loss of availability of data while being transmitted between control centers.  As worded, this does not direct entities to implement redundant or highly avaialble communications infrastructure, which we believe is the intent of Order No. 866, but rather it directs entities to have a plan for mitigating the risks of a loss of avaialbility of the data.  We would recommend making the availability directive a stand alone requirement.    

Jennifer Malon, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 3 - 0

Matthew Jaramilla, On Behalf of: Salt River Project, WECC, Segments NA - Not Applicable

- 0 - 0

Tim Kelley, On Behalf of: Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6

- 0 - 0

- 0 - 0

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 0 - 0

Consumers Energy Company, Segment(s) 1, 3, 4, 5, 11/29/2017

- 0 - 0

MGE does not support the defining of the word "availability", as the NIST definition is sufficient.  

Joseph DePoorter, 1/19/2022

- 0 - 0

Ronald Bender, Nebraska Public Power District, 5, 1/19/2022

- 0 - 0

Reclamation recommends that communications paths between Control Centers be on physically separated, redundant communications paths where feasible. Reclamation also recommends third-party vendors be included to ensure all parties are covered.

Richard Jackson, U.S. Bureau of Reclamation, 1, 1/19/2022

- 0 - 0

Texas RE appreciates the Standard Drafting Team’s (SDT) modifications to proposed CIP-012-2, R 1.1 to better address the identification of security and availability protections to mitigate the risks posed by, among other things, the loss of availability of data used for Real-time Assessments and Real-time monitoring.  Texas RE further appreciates the proposed changes to CIP-012-2, R 1.2 requiring “[i]dentification of methods to be used for the recovery of communication links used to transmit Real-time Assessment and Real-time monitoring data between Control Centers.”  Texas RE notes, however, that CIP-012-2, R1.2’s focus on “recovery” may not encompass the full range of proactive scenarios to ensure communications link availability.  For instance, entities may need to consider eliminating single points of failure in their communication links to ensure “communication link availability” rather than simply focusing on recovery from a link outage.  Texas RE recommends the SDT consider adopting explicit language requiring strategies to implement communication link availability in CIP-012-2, R 1.2 similar to that proposed by FERC in Order No. 866, paragraph 3. 

Rachel Coyne, Texas Reliability Entity, Inc., 10, 1/19/2022

- 1 - 0

We do not recommend adding availability to the scope of CIP-012, since availability of operational data is already addressed in other NERC Reliability Standards. This may be creating a conflict with other standards by including availability of data when we feel it is already included in other standards

FE Voter, Segment(s) 1, 3, 5, 6, 4, 12/20/2021

- 0 - 0

Although BPA supports the revisions made in the latest draft, the additional availability requirement is added into the standard with an ‘and’ statement and not clearly distinguished. Because availability requires significantly different controls than confidentiality or integrity, BPA recommends:

1. R1.1 should be maintained, as it is currently written, limited to confidentiality/integrity.

a) The Drafting Team should insert a new subpart (R1.2) for the availability requirement.  This will assist both entities and auditors in a cleaner approach to implementation and assessing compliance.

b) The Drafting Team should insert a new subpart (R1.2) for the availability requirement.  This will assist both entities and auditors in a cleaner approach to implementation and assessing compliance.

2. BPA appreciates that the SDT has clarified the definition of the term “availability” in the Technical Rationale and Implementation Guidance.  However, the Requirement is confusing, and it is inconsistent with the approach taken for the existing confidentiality/integrity requirement:

a. The terms “confidentiality” and “integrity” are not used in R1.1; rather, they are described as “unauthorized disclosure” and “unauthorized modification”, respectively.  They are only linked to the cybersecurity terms of Confidentiality and Integrity in the Technical Rationale, for clarity. The Drafting Team should use the same approach for Availability.

b. “Availability” means different things to cybersecurity professionals and communications professionals (who will be interpreting and implementing this Requirement): 

i. Availability in cybersecurity circles is ‘Ensuring timely and reliable access to and use of information.’  BPA agrees that this definition meets the intent of the FERC Order.

ii. Availability in communications circles is a ‘Quantitative measurement of the expected desirable performance criteria of a communications link/channel/system.’ (i.e., Block Error Rate < 10^-6, < 2 Serverly Error Seconds in 24 hours, 99.9999% uptime in any given year period, etc.) This definition doesn’t meet FERC’s intentions, but will be the first thing that comes to mind in telecom engineers who read it.

c. Because of this important and potentially confusing difference, BPA recommends that the SDT:

i. Replace “availability” in the new proposed subpart (R1.2, proposed above): “Identification of protection(s) used to ensure timely and reliable access to, and use of, Real-time Assessment and Real-time monitoring data while such data is being transmitted between Control Centers.”  

ii. The term availability should only appear in the Technical Rationale and Implementation Guidance for additional clarity, as is already done for confidentiality and integrity.

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

What exactly are “availability protections”?  Can examples be provided?

Steve Toosevich, NiSource - Northern Indiana Public Service Co., 1, 1/20/2022

- 0 - 0

The MRO NSRF (“NSRF”) generally agrees revised CIP-012-2 meets the FERC Order 866 directives;  however, to be useful the term “availability” must be clarified in the requirements.  While the NSRF appreciates the NIST definition of “availability” contained in the proposed Implementation Guidance, it is not certain that the Implementation Guidance will be endorsed by the ERO. Therefore, the NSRF recommends the SDT draft a formal definition of “Availability” for inclusion in the CIP-012-2 Standard, which could be the adoption of the NIST definition, or something similar.  The NSRF recognizes the challenges and unintended consequences associated with “availability” being added as a new definition to the NERC Glossary of Terms since “availability” is used in other standards which could be impacted. In light of that, the NSRF suggests a definition be added (and limited in scope) to the CIP-012 standard itself. 

 

Additionally, clarification of “availability” could also be included in the Technical Rationale for CIP-012. The benefits of a definition include formalization within the Standard’s vernacular, thereby reducing potential ambiguity and likelihood of different interpretations by registered entities and audit teams.   The NSRF also believes that the Measure M1 should provide examples of what types of evidence would meet the availability requirement (e.g., an entity executing plans in support of the recovery of compromised communications links and the use of back-up communications capability when primary communications are unavailable). This would provide additional clarity to the industry.

 

Similarly, while having the concepts of “diversity, redundancy, or a combination of both” in the Implementation Guidance is needed, the NSRF recommends the SDT consider including the concepts in M1 to achieve a clearer measure of what constitutes meeting the requirement.

 

Proposed R1.2 requires identification of methods used for recovery, but the SDT fails to provide any examples of methods to recover a loss of a data link.  The information currently contained in the Implementation Guidance is very broad and it would be helpful if examples are provided.  Also, CIP-009 deals with CIP assets and restoration in the event of a loss but does not contain requirements regarding communications links and, therefore, is not applicable to CIP-012. The NSRF recommends clarifying language be added to show the relation between CIP-012 and CIP-009.

 

The NSRF recommends the SDT clarify within the Implementation Guidance at Identification of Methods Used for the Recovery of Communication Links (R1.2) the phrase “This objective is consistent with TOP and IRO O&P Standards”  by identifying which standards are are being referenced.   

 

The term “recovery” as used in R1.1.2 is very broad, and, as many entities will be dependent on telecommunication companies to restore communications, the NSRF recommends the SDT consider including a clause to mitigate compliance issues if a line goes down and it is not the entity’s fault.

 

Additionally, the task of restoring availability predominantly resides with the telecommunication provider. In the event a communication link goes down, electric reliability entities are reliant on  telecommunication provider  to restore service.  The NSRF requests the SDT add an exemption for links and equipment owned by telecommunication providers.

Kendra Buesgens, On Behalf of: MRO - MRO - Segments 1, 2, 3, 4, 5, 6

- 1 - 0

Marcus Bortman, APS - Arizona Public Service Co., 6, 1/20/2022

- 0 - 0

Dominion Energy supports the comments from EEI. In addition, we would like to emphasize particular concern around the term "availability". This should be a defined term to eliminate ambiguity and reduce confusion.  The current NIST definition used in the Technical Rational and the Implementation Guidance could be used as a basis for a definition.

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

Daniela Hammons, CenterPoint Energy Houston Electric, LLC, 1, 1/21/2022

- 0 - 0

While CHPD supports revisions made in the latest draft and appreciates the effort that went into consolidating R2 into R1, CHPD does not believe this revision best meets the directives of FERC Order No. 866.  Because availability requires significantly different controls than confidentiality and integrity, CHPD recommends the SDT insert a new subpart (R1.2) for the availability protections requirement.  This will assist both entities and auditors in a cleaner approach to implementing and assessing compliance.

CHPD appreciates that the SDT clarified the definition of the term “availability” in the Technical Rationale.  However, R1 is confusing with regards to availability and inconsistent with the approach taken for the existing confidentiality/integrity requirement.  The current revision remains ambiguous with the term “availability”.  Availability should be addressed using language that references controls to protect availability of communication links and data.  The Technical Rationale is helpful, and including its clear examples (e.g., “redundant communication links and data paths”) or adding a requirement table with a measures column with similar evidence examples would minimize inconsistent interpretations among Registered Entities and Regional Entities.

CHPD, Segment(s) 5, 6, 3, 1, 1/21/2022

- 0 - 0

The scope of ‘availability’ is not clear and should be furher clairified in R1 or in the Technical Rationale and/or Implmenation Guidance. Noting on page 2 of the TR the SDT does reference TOP-001 and IRO-002 (“diversity, redundancy, or a combination of both”), but it is not clear what scope of availability is also required in R1. 

Steven Rueckert, Western Electricity Coordinating Council, 10, 1/21/2022

- 0 - 0

While the NSRF appreciates the NIST definition of “availability” contained in the proposed Implementation Guidance, the NSRF recommends the SDT draft a formal definition of “availability” for inclusion in the NERC Glossary of Terms, even if it entails adoption of the NIST definition, or something similar.  By doing so, the new definition would be formalized within NERC’s vernacular and within the Standard, thereby reducing potential ambiguity and likelihood of different interpretations by registered entities and audit teams.  

 

Similarly, while having the concepts of “diversity, redundancy, or a combination of both” in the Implementation Guidance is needed, the NSRF recommends the SDT consider including the concepts in R1 to achieve a clearer requirement.

 

Proposed R1.2 requires identification of methods used for recovery, but the SDT fails to provide any examples of methods to recover a loss of a data link.  The information currently contained in the Implementation Guidance is very broad and it would be helpful if examples are provided.  Also, CIP-009 deals with CIP assets and restoration in the event of a loss but does not contain requirements regarding communications links and, therefore, is not applicable to CIP-012. The NSRF recommends clarifying language be added to show the relation between CIP-012 and CIP-009.

 

The NSRF recommends the SDT clarify within the Implementation Guidance at Identification of Methods Used for the Recovery of Communication Links (R1.2) the phrase “This objective is consistent with TOP and IRO O&P Standards”  by identifying which standards are are being referenced.   

 

The term “recovery” as used in R1.1.2 is very broad, and, as many entities will be dependent on telecommunication companies to restore communications, the NSRF recommends the SDT consider including a clause to mitigate compliance issues if a line goes down and it is not the entity’s fault.

 

Additionally, much availability relies on Telecommunication Providers that in the event they go down, we are reliant on them to bring it back up. In the event a line or their telecommunication equiptment goes down, the Registered Entity does have to rely on them to bring it back up.  The NSRF requests the SDT to add an exemption for links and equipment used by telecommunication providers.

Dwanique Spiller, On Behalf of: Berkshire Hathaway - NV Energy, WECC, Segments 5

- 0 - 0

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 1/21/2022

- 0 - 0

While IESO supports the comments submitted by the ISO/RTO Council SRC and NPCC, we further amend those comments by suggesting that “availability” be considered “as defined by the Responsible Entity” within the proposed standard. This is already implied in the proposed wording, thus IESO supports the proposed standard, however an explicit statement would further clarify this

Leonard Kula, Independent Electricity System Operator, 2, 1/21/2022

- 0 - 0

While AEP agrees that R1 addresses both security and availability concerns as identified in FERC Order No. 866, potential scope creep could exist within Requirement R1.1, as it is not explicity stated that loss of data availability is due to communication link failure. Data loss can occur for a variety of of reasons, and as such, AEP recommends that R1.1 specify that data loss is due to communication link unavailability.

JT Kuehne, AEP, 6, 1/21/2022

- 0 - 0

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 6

- 0 - 0

Joseph Amato, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 1/21/2022

- 0 - 0

N&ST believes the proposed language in R1 does not fully address FERC Order 866. The Order directs NERC to modify CIP-012 to address availability of communications links and the data they carry while it’s in transit. The proposed “combination” requirement to address data confidentiality, integrity, and availability fails to identify communications links between in-scope Control Centers as requiring availability protections. The need to do so is implied in R1.2, but N&ST believes this should be made explicit. In addition, R1’s proposed language does not identify any requirement for a Responsible Entity’s CIP-012 plan(s) to include provisions for continuity of operations, as directed by the FERC Order.

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

BC Hydro appreciates the opportunity to comment and provides the following comments.

Although the Requirement 2 wording from Draft 2 of CIP-012-2 is removed however it appears that the wording of the Requirement 2 from Draft 1 has only been moved or merged into Requirement 1 of Draft 2. BC Hydro's previous concerns raised on CIP-012-2 Draft 1 appear to  still hold valid. The changes in Requirement 1 in Draft 2 of CIP-012-2 still imply a possible reliance on redundancy, which does not align with the approach taken in the other existing CIP standards, particularly CIP 002-5.1a. As availability is the purview of operations, it would be better suited to other MRS standards (e.g., IRO-010, TOP-003, TOP-001) or other applicable Standard(s) within the Operations and Planning (O&P) domain..

BC Hydro recommends removing the 'availability' requirement from CIP-012-2 and revising other MRS standards to address this need as appropriate.

Alternatively BC Hydro suggests providing a clear understanding of the term 'availability' and a clarity that it does not imply the use of redundant setups. For most of the entities, 'availability' of communication networks depends on 3rd party telecommunication providers and in the event of a line or telecommunication equipment going down, the entity is reliant on the 3rd party telecommunication providers to fix the problems. BC Hydro suggests that SDT include an exemption for the links and equipment used by 3rd party telecommunication providers as changing or enhancing the third party telecommunication infrastructure to support 'availability' may not be feasible for many entities.

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

Jennie Wike, On Behalf of: John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6

- 0 - 0

We believe it is unclear what controls are required to protect the availability associated with communication of real-time assessment and real-time monitoring data, as this is not a defined term in the NERC CIP glossary of terms. In addition, examples of protections are not provided in the revision of this standard. Is the expectation of the SDT that there be redundant paths of communication between control centers, as well as a plan for failure or loss of both of those communication paths?

David Jendras, Ameren - Ameren Services, 3, 1/24/2022

- 0 - 0

Availability should be handled as part of the TOP or EOP series of standards and does not belong in the CIP Standards.  In fact, response to unavailability is already built into standards of the TOP/EOP series.  

Larry Watt, Lakeland Electric, 1, 1/24/2022

- 0 - 0

While we agree the proposed language in R1 addresses the availability modifications being proposed in this draft to meet FERC Order No. 866, the definition of “availability” is not a NERC defined term. Providing an alternative standard’s term definition does not provide an avenue to meet strict NERC CIP compliance. To aid Entities, a formal definition of “availability” should be adopted to the NERC Glossary. By defining “availability”, it alleviates the potential of differing interpretations of the term.

R1.1.2 is too broad in using the term “recovery”.  Entities are more often  dependent on telecommunication providers to restore communications when a circuit goes down between Control Centers. This is due to the number of physical mediums and cyber assets data traverses from Control Center to Control Center. There should be an exception in the requirement allowing for restoration issues outside of the control of the entity being required to comply.

Susan Sosbe, Wabash Valley Power Association, 3, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Daniel Gacek, Exelon, 1, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Kinte Whitehead, Exelon, 3, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Cynthia Lee, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Becky Webb, 1/24/2022

- 0 - 0

No: As mentioned by others and NCPA agress that availability is not well defined and can have multi meanings and expectations relating to the standards.

Chris Carnesi, On Behalf of: Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6

- 0 - 0

Eversource  supports the comments of EEI.

Eversource Group, Segment(s) 1, 3, 9/1/2021

- 0 - 0

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

Donna Wood, Tri-State G and T Association, Inc., 1, 1/24/2022

- 0 - 0

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

The NAGF recommends that the SDT either define availability or integrate language into the Standard that addresses how availability is to be accomplished.

Wayne Sipperly, On Behalf of: North American Generator Forum, MRO, WECC, Texas RE, NPCC, SERC, RF, Segments 5

- 0 - 0

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 1/24/2022

- 0 - 0

Gail Golden, On Behalf of: Entergy - Entergy Services, Inc., , Segments 1, 5

- 0 - 0

MPC supports comments submitted by the MRO NERC Standards Review Forum.

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

SCPSA believes that the previous version of the CIP-002-2 draft addressed FERC Order No. 866 more effectively.  Integrating the security and availability components into a single requirement potentially leads to confusion because the methods of implementation for security and availability protections are different.  Furthermore, the term “availability protections” is unclear.

Santee Cooper, Segment(s) 1, 3, 5, 6, 1/24/2022

- 0 - 0

LCRA believes that the term “Availability” in this context, offers unnecessary opaqueness. Similarly, the NIST definition provided in the Technical Rational which states “Ensuring timely and reliable access to and use of information” is vague and lacks actionable direction. Furthermore, entities have little to no control over the availability of communication networks. Entities can, however, provide redundancy. The SDT may benefit from using explicit terms that cannot be misinterpreted by the different industry segments.

James Baldwin, Lower Colorado River Authority, 1, 1/24/2022

- 0 - 0

LCRA believes that the term “Availability” in this context, offers unnecessary opaqueness. Similarly, the NIST definition provided in the Technical Rational which states “Ensuring timely and reliable access to and use of information” is vague and lacks actionable direction. Furthermore, entities have little to no control over the availability of communication networks. Entities can, however, provide redundancy. The SDT may benefit from using explicit terms that cannot be misinterpreted by the different industry segments.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

While we agree the proposed language in R1 addresses the availability modifications being proposed in this draft to meet FERC Order No. 866, the definition of “availability” is not a NERC defined term.  Providing an alternative standard’s term definition does not provide an avenue to meet strict NERC CIP compliance.  To aid entities, ACES believes a formal definition of “availability” be adopted to the NERC Glossary.  By defning “availability”, it alieves the potential of differing interpretations of the term. 

 

Further, ACES believes R1.1.2 is too broad in using the term “recovery”.   Entities, are more often dependent on it’s telecommunication providers to restore communications when a circuit goes down between Control Centers.  This is due to the number of physical mediums and cyber assets data traverses from Control Center to Control Center.  There should be an exception in the requirement allowing for restoration issues outside of the control of the entity being required to comply. 

ACES Standard Collaborations, Segment(s) 1, 3, 4, 5, 1/24/2022

- 0 - 0

Availability should be handled as part of the TOP or EOP series of standards and does not belong in the CIP Standards.  In fact, response to unavailability is already built into standards of the TOP/EOP series.  

LaKenya VanNorman, On Behalf of: Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3

- 0 - 0

The inclusion of “availability” in R1 is not well defined. R1’s availability is subtly but importantly different than the question. The question adds “data while in transit between control centers.” We recommend adding this language to R1.

 

Per previous feedback, in most cases, communications between Control Centers are handled by a third party. If that third party cannot provide communications, the Service Level Agreement provides compensation but does not guarantee availability. IRO-002 and TOP-001 already have Requirements that mandate diversity and redundancy as they pertain to communications. It is not clear that diversity and redundancy equate to availability. We recommend removing availability from CIP-012 since other Standards cover this topic OR moving availability to other Standard(s)

NPCC Regional Standards Committee no NGrid, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 1/24/2022

- 0 - 0

PG&E supports the comments provided by the Edison Electric Institute (EEI) related to the undefined term “availability” and the proposed modifications to R1.  As EEI indicated in their comments, dividing R1 into two (2) sub-parts and changing “availability protection” with “availability controls, or another term that better aligns with NERC’s results based standards philosophy and does not inappropriately cause confusion with entity internal controls” helps remove the subjectiveness of just “availability protections”.  This would allow the entity to indicate the “controls” to meet “availability” which could be measured more easily than “protections”,

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

GTC finds the term ‘availability protections,’ as used in the proposed language to be lacking in specificity or unsupported by industry standard terminology.  For the purposes of clarity, in order to eliminate the need for the inexact term ‘availability protections,’ while still capturing the requirements of Order 866, GTC proposes the following alternate language for Requirement 1.1:


“Identification of protections used to mitigates risks posed by: (1) unauthorized disclosure and unauthorized modification of Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers; and (2) loss of availability of Real-time Assessment and Real time monitoring data while being transmitted between Control Centers.”

 

GTC has identified similar use of the term ‘availabiltiy protections’ in Requirement 1.4, and similarly proposes the following alternate language:

 

“If the Control Centers are owned or operated by different Responsible

Entities, identification of the responsibilities of each Responsible Entity for

applying the protections as required in Part 1.1.”

Greg Davis, Georgia Transmission Corporation, 1, 1/24/2022

- 0 - 0

See EEI Comments.

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

While EEI appreciates the changes made to CIP-012, Requirement R1; additional modifications are still needed to ensure that entities have adequate flexibility to demonstrate that availability is fully addressed and provides responsible entities with results-based requirements that are achievable and clearly defined.  For this reason, we suggest that the SDT consider splitting Requirement R1, subpart 1.1 (as indicated below) and substitute “availability protection” with the term “availability controls”.  Such a change, in the context of availability, is important because protections for availability are subjective whereas making availability controls is something that is regardless of the approach is achievable and clearly understood.

R1.1 Identification of security protection used to mitigate the risks posed by unauthorized disclosure and unauthorized modification of Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers;

R1.2 (proposed new)  Identification of availability controls used to mitigate the risk posed by loss of availability of Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers;

Additionally, the use of Measures supporting these two requirements provided above would alleviate the regulatory certainty concerns many companies are facing with the proposed language used in the 2nd Draft.  As examples of measures that could be developed to support the two requirement above are as follows:

(1.1)          Security Protectiion

  • Identification of points where encryption/decryption of the data occurs at either a transport, network, or application layer.
  • Physical access restrictions to unencrypted portions of the network

(1.2)         Availability Controls

  • Network diagrams showing redundancy of paths between Control Centers
  • Procedures explaining the use of alternative systems or methods for providing for the availability of the data
  • Service-level agreements with carriers containing high availability provisions

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

ERCOT agrees with the IRC SRC comments regarding a common understanding of the use of “availability” within the standard.  ERCOT notes, however, that promoting availability consists of actions and measures to provide redundancy and diversity rather than a specific metric.

In Paragraph 16 of Order No. 866, FERC identified a gap concerning the availability of communication links and data communicated between bulk electric system Control Centers. In Paragraph 33, FERC clarifies the intent of its directive to NERC to “address the risks associated with the availability of communication links and data communicated between all bulk electric system Control Centers . . . .” As stated in its previous comments, ERCOT believes FERC’s intent of “availability” is to identify a proactive approach to promote the continuity of operations through availability of communication links and, relatedly, the data passing through those links. The technical guidance provides similar insight to understanding “availability” where, on page 2 (pdf page 10), the technical guidance explains availability and states that this standard should mitigate the risk posed by the loss of “data flow.”  However, the proposed standard revisions may not achieve that same level of understanding of “availability” within the standard itself, as explained in the IRC SRC comments. Availability is not necessarily an object to be measured, but rather a process illustrated by providing redundancy and diversity to provide for the continuity of operations if the primary communication link is lost or compromised.

ERCOT provides the following language (with explanations in brackets at the end of each paragraph/part), which leaves the security protection of data the same as in the current version of the standard and addresses the concept of promoting availability as well as establishing an identification/recovery process as noted by FERC in Paragraph 35 of Order No. 866.

R1. The Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more documented plan(s) to mitigate the risks posed by unauthorized disclosure, unauthorized modification, and loss of availability of data used for Real-time Assessment and Real-time monitoring while such data is being transmitted between any applicable Control Centers. The Responsible Entity is not required to include oral communications in its plan. The plan shall include: [same language as provided in Nov 2021 Draft]

1.1. Identification of security protection used to mitigate the risks posed by unauthorized disclosure and unauthorized modification of data used for Real-time Assessment and Real-time monitoring data while such data is being transmitted between Control Centers; [identical to approved CIP-012-1, Part 1.1]

1.2. Identification of measures to promote the availability of communication links used to transmit Real-time Assessment and Real-time monitoring data between Control Centers, including use of redundant or backup communication capability between Control Centers in the event of an unavailable or compromised communication link between Control Centers; [new Part to address availability]

1.3. Identification of a process to identify and recover unavailable or compromised communication links used to transmit Real-time Assessment and Real-time monitoring data between Control Centers; [from Nov 2021 Draft Part 1.2, with some modifications to address recovery as a process]

1.4. Identification of where the Responsible Entity applied security protection as required in Part 1.1; and [from Nov 2021 Draft Part 1.2, modified to be consistent with CIP-012-1, Part 1.2]

1.5. If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for applying security protection as required in Part 1.1, identifying availability measures as required in Part 1.2, and identifying of a process to identify and recover communication links as required in Part 1.3. [similar to and consistent with CIP-012-1, Part 1.3]

Dana Showalter, Electric Reliability Council of Texas, Inc., 2, 1/24/2022

- 0 - 0

PNMR supports EEI comments and proposed lanuguage for CIP-012-2 R1. If the STD rejects the proposed EEI language, PNMR recommends defining availability and a restoration metric. 

Amy Wesselkamper, On Behalf of: PNM Resources - Public Service Company of New Mexico, , Segments 1, 3

- 0 - 0

GSOC finds the term ‘availability protections,’ as used in the proposed language to be lacking in specificity or unsupported by industry standard terminology.  For the purposes of clarity and to eliminate the need for the inexact term ‘availability protections,’ while still capturing the requirements of Order 866, GSOC proposes the following alternate language for Requirement 1.1:


“Identification of protections used to mitigates risks posed by: (1) unauthorized disclosure and unauthorized modification of Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers; and (2) loss of availability of Real-time Assessment and Real time monitoring data while being transmitted between Control Centers.”

 

GSOC has identified similar use of the term ‘availabiltiy protections’ in Requirement 1.4, and, similarly, proposes the following alternate language:

 

“If the Control Centers are owned or operated by different Responsible

Entities, identification of the responsibilities of each Responsible Entity for

applying the protections as required in Part 1.1.”

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

CIP-012-2 Comment Form (Final Draft).docx

- 0 - 0

I support the comments submitted by Sean Erickson (WAPA). 

Erin Green, On Behalf of: Erin Green, , Segments 1, 6

- 0 - 0

A. We do not agree with the draft language proposed. Once RTA/RTm data has left the physical Control Center or associated data center equipment, an entity relies on intermediary companies such as Telecom carriers to ensure availability of data communication paths for RTA/RTm data between Control Centers. Therefore they have no control over the operation, maintenance or availability of such equipment nor the availability.

Identifying methods used to recover communication links does not at all ensure the availability of those paths – which is the intent of the requirement. Entities already have to comply to TOP-001-5 R20 to R24 to ensure said data exchange protections of RTA/RTm exists. Secondly, entity’s must protect BES Cyber System Information in CIP-011 and CIP-004.

 

We recommend the SDT remove or revise the term availability,  or add a requirement to have “at lease 2 or more communications paths between Control Centers.” We also recommend the SDT provide technical guidance related to RTA/RTm being BES Cyber System Information.

 

B. Without prescribing encryption of RTA/RTm and key management, entities have no control of such RTA/RTm data beyond the last managed and maintained communication equipment interface. Therefore entities will not be able to meet the requirements of confidentiality and integrity as they are giving information to others beyond the entity’s control. This becomes a zero defect situation because an entity will not be able to guarantee that RTA/RTm data was compromised.

 

We Recommend that the SDT change the language to include the word “potential” confidentiality and integrity. This would allow entities to determine, implement and document a best effort set of security controls and clarify for industry and regulators that encryption and key management is or is not required.

 

 

sean erickson, Western Area Power Administration, 1, 1/24/2022

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 1.  Evergy would also suggest that the drafting team consider including their final definition of “availability” in the standard itself.  Given that Implementation Guidance represents one way to meet compliance, a definition that is fundamental to the interpretation of the standard is not appropriately captured in Implementation Guidance.  documents have not been approved by NERC for over a year, including it in the standard itself would provide the clarity that entities will need to implement this change.

- 0 - 0

Hot Answers

OPG supports the NPCC Regional Standards Committee no NGrid‘s comments.

Constantin Chitescu, Ontario Power Generation Inc., 5, 1/24/2022

- 0 - 0

Southern Company is concerned that Requirement R1.3 as currently proposed would create compliance problems, however, replacing the term availability protections with availability provisions would resolve this concern.  (See our response to Question 1.)

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Other Answers

DTE Energy - DTE Electric, Segment(s) 3, 5, 4, 12/8/2021

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 10/18/2018

- 0 - 0

Jay Sethi, On Behalf of: Manitoba Hydro - MRO - Segments 1, 3, 5, 6

- 0 - 0

Patricia Lynch, NRG - NRG Energy, Inc., 5, 1/17/2022

- 0 - 0

Entities are dependent on telecommunicatino carriers to maintain availability which makes R1.3 almost impossible to meet compliance with.  Providing entities with an exception in this scenario should be considered.

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 1/18/2022

- 1 - 0

Duke Energy takes issue with the term “availability protections” and not with the concept of availability. We prefer addressing the “where” in our rewording of sub requirement 1.4 as provided in Question 5 below.

Katie Connor, On Behalf of: Duke Energy - SERC, RF - Segments 1, 3, 5, 6

- 1 - 0

Martin Sidor, NRG - NRG Energy, Inc., 6, 1/18/2022

- 0 - 0

Black Hills Corporation has concerns with R1.1 with regards to the scenario where vendors like CAISO and SPP are providing the communications infrastructure.  Entities would be relying on the vendors to implement the security (and avaialbility) protections and the entity will not have direct access to evidence that it is in place and functional.    

Jennifer Malon, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 1 - 0

Matthew Jaramilla, On Behalf of: Salt River Project, WECC, Segments NA - Not Applicable

- 0 - 0

Tim Kelley, On Behalf of: Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6

- 0 - 0

- 0 - 0

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 0 - 0

Without access to the equipment CE doesn’t own, CE cannot definitively demonstrate that the compliance has been achieved.

Consumers Energy Company, Segment(s) 1, 3, 4, 5, 11/29/2017

- 1 - 0

Joseph DePoorter, 1/19/2022

- 0 - 0

Ronald Bender, Nebraska Public Power District, 5, 1/19/2022

- 0 - 0

Richard Jackson, U.S. Bureau of Reclamation, 1, 1/19/2022

- 0 - 0

Texas RE believes registered entities should be able to demonstrate compliance with the Requirement Part 1.3.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 1/19/2022

- 0 - 0

We do not recommend adding availability to the scope of CIP-012, since availability of operational data is already addressed in other NERC Reliability Standards. Concept of availability between control centers would need to be clarified.

FE Voter, Segment(s) 1, 3, 5, 6, 4, 12/20/2021

- 0 - 0

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

What exactly are “availability protections”?  Can examples be provided?

Steve Toosevich, NiSource - Northern Indiana Public Service Co., 1, 1/20/2022

- 0 - 0

The NSRF requests the SDT add an exemption for the links and equipment owned by telecommunication providers. In many instances, availability resides with telecommunication providers; and in the event service is interrupted, Registered Entities are reliant on the telecommunication provider(s) to restore service. Similarly, in the event a telecommunication line or other piece of telecommunication equipment goes down, the Registered Entity is again reliant on the Telecommunication Provider(s) to address the issue(s). 

 

The term “availability” is subjective and should be clearly defined prior to approving CIP-012-2.

 

Kendra Buesgens, On Behalf of: MRO - MRO - Segments 1, 2, 3, 4, 5, 6

- 1 - 0

Marcus Bortman, APS - Arizona Public Service Co., 6, 1/20/2022

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

Demonstrating compliance will be difficult to prove if the communication link is provided by a third party.

Daniela Hammons, CenterPoint Energy Houston Electric, LLC, 1, 1/21/2022

- 0 - 0

CHPD has concerns demonstrating compliance for “security protections” in the common scenario where the Reliability Coordinator contracts with a telecommunications company for communication links between Control Centers operated by different Registered Entities.  These Registered Entities depend on the telecommunication company to implement the security protections and do not have direct access to evidence that it is in place and functioning.

With more descriptive “availability protections” requirement language, CHPD could more confidently demonstrate “availability protections” compliance.  Possible ways of clarifying include using alternate wording from the Technical Rationale (e.g., “redundant communication links and data paths”) or adding a requirements table with a measures column with evidence examples to minimize inconsistent interpretations among Registered Entities and Regional Entities.

CHPD, Segment(s) 5, 6, 3, 1, 1/21/2022

- 0 - 0

The scope identification of availability protections is not clear for entities using 3rd party telecommunction networks. This should be further clarified in R1 or the Technical Rationale and/or Implmentation Guidance.

Steven Rueckert, Western Electricity Coordinating Council, 10, 1/21/2022

- 0 - 0

In many instances, availability relies on telecommunication providers; and in the event service is interrupted, Registered Entities are solely reliant on the telecom providers to bring service back up. Similarly, in the event a line or telecommunication equiptment goes down, the Registered Entity is again reliant on the telecommunication providers to fix the issues.  NSRF requests the SDT add an exemption for the links and equipment used by telecommunication providers.

Dwanique Spiller, On Behalf of: Berkshire Hathaway - NV Energy, WECC, Segments 5

- 0 - 0

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 1/21/2022

- 0 - 0

While IESO supports the comments submitted by the ISO/RTO Council SRC and NPCC, we further amend those comments as follows: If the “availability” be considered “as defined by the Responsible Entity” within the proposed standard, then this gives IESO the flexibility in the application of availability protections. This is already implied in the proposed wording, thus IESO supports the proposed standard, however an explicit statement would further clarify this.

Leonard Kula, Independent Electricity System Operator, 2, 1/21/2022

- 0 - 0

AEP believes it could demonstrate compliance with Requirement R1.3 if the language from the Techincal Rationale document on page 9 under General Considerations for Requirement R1 is added to the the R1 measurement language.

AEP recommends M1 read as follows:

Evidence may include, but is not limited to, documented plan(s) that meet the mitigation objective of Requirement R1 and documentation demonstrating the implementation of the plan(s). Identification of where the Responsible Entity applied security and availability protection(s) as required in Part 1.1. can be accomplished with a document describing the locations of the components, diagrams indicating the locations or a combination of both, within the plan.

JT Kuehne, AEP, 6, 1/21/2022

- 0 - 0

Demonstrating compliance will be difficult to prove if the communication link is provided by a third party.

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 6

- 0 - 0

Joseph Amato, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 1/21/2022

- 0 - 0

N&ST believes this could be a difficult question to answer for some Responsible Entities, depending on their approach(s) to addressing availability protection. If the mainstay of an Entity’s CIP-012 availability protection plan is a service level agreement with a wide-area communications carrier (an option the FERC Order suggests but appears to have been ignored by the SDT), the “where” of that Entity’s protections would be in its contractual document. Similarly, the “where” might be within an Entity’s disaster recovery procedures defined for its communications and networking infrastructure. N&ST believes it is neither practical nor necessary to compel Responsible Entities to identify the “where” of its availability protections, and we therefore recommend that it be removed from R1.3. We believe R1.1’s requirement to identify and describe availability protections is sufficient.

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

CIP-012-1 is not yet in effect in British Columbia and BC Hydro has not implemented a solution to comply with CIP-012-1 yet. This question on compliance will be difficult to address at this stage and will be best answered once CIP-012-1 has been designed and implemented. As identified in response to Question # 1, BC Hydro suggests that SDT add an exemption for the links and equipment used by 3rd party telecommunication providers.

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

Jennie Wike, On Behalf of: John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6

- 0 - 0

For us this would be dependent on the SDT response to our commnets in Question 1. 

David Jendras, Ameren - Ameren Services, 3, 1/24/2022

- 0 - 0

Availably protections seem to boil down to 'redundant and divergently routed' connectivity. As it is common to use the limited number of commercial paths between Control Centers and a customer cannot be 100% sure of the current path it will be difficult to prove compliance.

Larry Watt, Lakeland Electric, 1, 1/24/2022

- 0 - 0

Again, most often Entities depend on external communication providers for availability of data between Control Centers. This further supports the need for an exception when communication provider’s links fail. A Registered Entity has no control over how or when a communication path will be restored in this case and therefore strict compliance is difficult or impossible to achieve.

Susan Sosbe, Wabash Valley Power Association, 3, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Daniel Gacek, Exelon, 1, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Kinte Whitehead, Exelon, 3, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Cynthia Lee, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Becky Webb, 1/24/2022

- 0 - 0

No: As mentioned above NCPA does not believe this can be answers until availability has been better defined.

Chris Carnesi, On Behalf of: Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6

- 0 - 0

Eversource  supports the comments of EEI.

Eversource Group, Segment(s) 1, 3, 9/1/2021

- 0 - 0

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

When a third party is providing the availability protections, the specific components/details may be unknown and the monitoring / troubleshooting /resolution of availability issues would be outside of the registered entity's purview.

Donna Wood, Tri-State G and T Association, Inc., 1, 1/24/2022

- 0 - 0

The term "availability" is subjective in the context in which it is used and may create confusion for registered entities leading to inconsistent compliance enforcement. ITC recommends a definition for the term "availability" be developed within the Reliability Standard itself.

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

Without further clarity on the definition of “availability”, organizations will have issues with consistently scoping the controls to be applied and the documentation to demonstrate compliance.

Wayne Sipperly, On Behalf of: North American Generator Forum, MRO, WECC, Texas RE, NPCC, SERC, RF, Segments 5

- 0 - 0

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 1/24/2022

- 0 - 0

Gail Golden, On Behalf of: Entergy - Entergy Services, Inc., , Segments 1, 5

- 0 - 0

MPC supports comments submitted by the MRO NERC Standards Review Forum.

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

Santee Cooper, Segment(s) 1, 3, 5, 6, 1/24/2022

- 0 - 0

LCRA has similar concerns to what was raised in response to Question 1.

James Baldwin, Lower Colorado River Authority, 1, 1/24/2022

- 0 - 0

LCRA has similar concerns to what was raised in response to Question 1.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

Again, most often entities depend on external communication providers for availabity of data between Control Centers.  This further supports the need for an exceptmption when communication provider’s links fail.  A Registered Entity has no control over how or when a communication path will be restored in this case and therefore strict compliance is difficult or impossible to achieve.  

ACES Standard Collaborations, Segment(s) 1, 3, 4, 5, 1/24/2022

- 0 - 0

Availably protections seem to boil down to 'redundant and divergently routed' connectivity. As it is common to use the limited number of commercial paths between Control Centers and a customer cannot be 100% sure of the current path it will be difficult to prove compliance.

LaKenya VanNorman, On Behalf of: Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3

- 0 - 0

“Availability” is not well defined. Availability of data? Availability of the application? See feedback to question 1

 

The double jeopardy question with IRO and TOP Standards needs addressing. The SDT’s December 8, 2021 webinar raised this question.

 

We recommend removing availability from CIP-012 since other Standards cover this topic OR moving availability to other Standard(s)

 

How does CIP-012 distinctly cover any gaps that are not covered in other Standards?

NPCC Regional Standards Committee no NGrid, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 1/24/2022

- 0 - 0

PG&E supports the comments submitted by the Edison Electric Institute (EEI) comments that indicated the term “availability” is subjective in the context in which it is used and may create confusion for registered entities leading to inconsistent compliance enforcement actions.  Refer to our response to Q1 for more details.

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

Greg Davis, Georgia Transmission Corporation, 1, 1/24/2022

- 0 - 0

See EEI Comments.

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

EEI is concerned that Requirement R1.3 as currently proposed would create compliance problems, however, replacing the term availability protections with availability controls would resolve this concern.  (See our response to Question 1.)

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

As stated in comments to question 1, availability is not an object to be measured, but rather a process illustrated by providing redundancy and diversity to provide for the continuity of operations if the primary communication link is lost or compromised.

Dana Showalter, Electric Reliability Council of Texas, Inc., 2, 1/24/2022

- 0 - 0

PNMR supports EEI comments. Protections should be replaced with controls. Or "Identify methods to address the risk of loss of RTA and RTm data between contorls centers.

Amy Wesselkamper, On Behalf of: PNM Resources - Public Service Company of New Mexico, , Segments 1, 3

- 0 - 0

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

I support the comments submitted by Sean Erickson (WAPA). 

Erin Green, On Behalf of: Erin Green, , Segments 1, 6

- 0 - 0

Requirement 1.3 is is redundant to requirement 1.1 and not needed. Producing evidence to show overall compliance of requirement 1 more specifically requirement 1.1 will always lead to the identifications of where the responsible entity applied the appropriate controls.

In addition,  the language is requiring an entity to ensure availability beyond the Control Center. An entity will not be able to demonstrate compliance to availability beyond an entities physical equipment and contract language with carriers. Most entities communication links are managed by Telecom carrier companies. Entities have no control over the availability of  the paths. It is recommended that the SDT remove the language.  

sean erickson, Western Area Power Administration, 1, 1/24/2022

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 2.

- 0 - 0

Hot Answers

Constantin Chitescu, Ontario Power Generation Inc., 5, 1/24/2022

- 0 - 0

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Other Answers

DTE Energy - DTE Electric, Segment(s) 3, 5, 4, 12/8/2021

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 10/18/2018

- 0 - 0

Jay Sethi, On Behalf of: Manitoba Hydro - MRO - Segments 1, 3, 5, 6

- 0 - 0

NRG does not believe that these modifications meet the FERC directives in a cost effective manner.  A more cost effective solution would be to include such modifications in IRO-010, TOP-003, TOP-001, or other applicable Operations and Planning standards.  Including this verbiage in the CIP standards means the same or similar compliance activities have to be documented for multiple standards and represented in more audits (i.e. 693 and 706 standards).

Patricia Lynch, NRG - NRG Energy, Inc., 5, 1/17/2022

- 0 - 0

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 1/18/2022

- 0 - 0

Katie Connor, On Behalf of: Duke Energy - SERC, RF - Segments 1, 3, 5, 6

- 0 - 0

NRG does not believe that these modifications meet the FERC directives in a cost effective manner.  A more cost effective solution would be to include such modifications in IRO-010, TOP-003, TOP-001, or other applicable Operations and Planning standards.  Including this verbiage in the CIP standards means the same or similar compliance activities have to be documented for multiple standards and represented in more audits (i.e. 693 and 706 standards).

Martin Sidor, NRG - NRG Energy, Inc., 6, 1/18/2022

- 0 - 0

Black Hills Corporation does not anticipate a significant expense to achieve compliance. 

Jennifer Malon, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 0 - 0

Matthew Jaramilla, On Behalf of: Salt River Project, WECC, Segments NA - Not Applicable

- 0 - 0

Tim Kelley, On Behalf of: Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6

- 0 - 0

- 0 - 0

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 0 - 0

Consumers Energy Company, Segment(s) 1, 3, 4, 5, 11/29/2017

- 0 - 0

Joseph DePoorter, 1/19/2022

- 0 - 0

Ronald Bender, Nebraska Public Power District, 5, 1/19/2022

- 0 - 0

Reclamation observes there is an environment of constant churn with reliability standards. This results in ineffective use of resources associated with the planning and adjustments required to achieve compliance with frequently changing standard versions. NERC should foster a compliance environment that allows entities to fully implement technical compliance with current standards before moving to subsequent versions.

Richard Jackson, U.S. Bureau of Reclamation, 1, 1/19/2022

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 1/19/2022

- 0 - 0

We do not recommend adding availability to the scope of CIP-012, since availability of operational data is already addressed in other NERC Reliability Standards. Protection of availability implies physical actions to protect the communications between control centers. This is impractical given the distance between control centers.

FE Voter, Segment(s) 1, 3, 5, 6, 4, 12/20/2021

- 0 - 0

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Without having a more thorough understanding as to what “availability protections” are, it is inderterminant as to the impact of what costs would be.

Steve Toosevich, NiSource - Northern Indiana Public Service Co., 1, 1/20/2022

- 0 - 0

The NSRF suggests the SDT identify which TOP and IRO O&P Standards are referenced in the Implementation plan at Identification of Methods Used for the Recovery of Communication Links (R1.2). If the objectives are consistent, identification may help with cost effectiveness by allowing an entity to leverage current practices of compliance with those standards.

Kendra Buesgens, On Behalf of: MRO - MRO - Segments 1, 2, 3, 4, 5, 6

- 1 - 0

Marcus Bortman, APS - Arizona Public Service Co., 6, 1/20/2022

- 0 - 0

Dominion Energy does not have enough information to make a determination.

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

Daniela Hammons, CenterPoint Energy Houston Electric, LLC, 1, 1/21/2022

- 0 - 0

CHPD, Segment(s) 5, 6, 3, 1, 1/21/2022

- 0 - 0

Steven Rueckert, Western Electricity Coordinating Council, 10, 1/21/2022

- 0 - 0

The NSRF suggests the SDT identify which TOP and IRO O&P Standards that are referenced in the Implementation plan at Identification of Methods Used for the Recovery of Communication Links (R1.2). If the objectives are consistent, identification may help with cost effectiveness by allowing an entity to leverage current practices of compliance with those standards.

Dwanique Spiller, On Behalf of: Berkshire Hathaway - NV Energy, WECC, Segments 5

- 0 - 0

Where new technology will be required to support availability, we have no basis to determine the cost effectiveness of implementing this standard.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 1/21/2022

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 1/21/2022

- 0 - 0

JT Kuehne, AEP, 6, 1/21/2022

- 0 - 0

SIGE does not agree that the modification meets FERC directives in a cost effective manner.  The proposed language for CIP-012, Requirement R1 does not provide guidance on what are acceptable measures for a Registered Entity to take to meet the requirement. There are not sufficient measures, guidelines, or technical rationale documented in the draft for a Registered Entity to design a solution that meets security goals and is cost effective. 

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 6

- 0 - 0

Where new technology will be required to support availability, we have no basis to determine the cost effectiveness of implementing this standard.

Joseph Amato, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 1/21/2022

- 0 - 0

N&ST believes that as written, the draft Implementation Guidance document strongly implies that Responsible Entities should employ redundant communication links between Control Centers to address availability, even while noting FERC’s acknowledgement that in some suburban and rural areas, this could be prohibitively expensive, of only marginal incremental benefit to availability (no options for path diversity), or both. While we agree that redundant links should be considered, we recommend the document be revised to acknowledge this may not be a viable approach to mitigating availability risks in all cases. The SDT might also consider adding some examples of emergency back-up communications links an Entity might be able to utilize if its primary communications link is down or otherwise unavailable.

N&ST notes, further, that while FERC Order 866 suggests it might be possible for a Responsible Entity to establish availability-related service level agreements with one or more network service providers, the Implementation Guidance document makes no mention of this option.

Finally, N&ST believes the scope of CIP-012’s proposed availability requirements is unclear and open to interpretation, which has the potential to have significant cost implications for some entities, especially those without fully redundant Control Center network and computing infrastructures.

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

Please refer to BC Hydro's comments on Question #2.

CIP-012-1 is not yet in effect in British Columbia and BC Hydro has not implemented a solution to comply with CIP-012-1 yet; therefore, it is not yet feasible to identify the additional costs related to the Project 2020-04 CIP-012-2 changes.

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

Jennie Wike, On Behalf of: John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6

- 0 - 0

David Jendras, Ameren - Ameren Services, 3, 1/24/2022

- 0 - 0

Larry Watt, Lakeland Electric, 1, 1/24/2022

- 0 - 0

Susan Sosbe, Wabash Valley Power Association, 3, 1/24/2022

- 0 - 0

Daniel Gacek, Exelon, 1, 1/24/2022

- 0 - 0

Kinte Whitehead, Exelon, 3, 1/24/2022

- 0 - 0

Cynthia Lee, 1/24/2022

- 0 - 0

Becky Webb, 1/24/2022

- 0 - 0

No: NCPA does not agree the proposed language is considered cost effective until there is expectation of what availability would be defined as with regards to the standard.

Chris Carnesi, On Behalf of: Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6

- 0 - 0

No Comment

Eversource Group, Segment(s) 1, 3, 9/1/2021

- 0 - 0

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

Donna Wood, Tri-State G and T Association, Inc., 1, 1/24/2022

- 0 - 0

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

GO/GOPs will need more information to adequately assess the cost effectiveness of the proposed approach.

Wayne Sipperly, On Behalf of: North American Generator Forum, MRO, WECC, Texas RE, NPCC, SERC, RF, Segments 5

- 0 - 0

Where new technology will be required to support availability, we have no basis to determine the cost effectiveness of implementing this standard.

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 1/24/2022

- 0 - 0

Gail Golden, On Behalf of: Entergy - Entergy Services, Inc., , Segments 1, 5

- 0 - 0

MPC supports comments submitted by the MRO NERC Standards Review Forum.

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

Santee Cooper, Segment(s) 1, 3, 5, 6, 1/24/2022

- 0 - 0

LCRA is unclear exactly what these modifications will entail and is unsure what will constitute as sufficient availability.

James Baldwin, Lower Colorado River Authority, 1, 1/24/2022

- 0 - 0

LCRA is unclear exactly what these modifications will entail and is unsure what will constitute as sufficient availability.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

ACES Standard Collaborations, Segment(s) 1, 3, 4, 5, 1/24/2022

- 0 - 0

LaKenya VanNorman, On Behalf of: Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3

- 0 - 0

NPCC Regional Standards Committee no NGrid, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 1/24/2022

- 0 - 0

At this time PG&E cannot determine if the proposed modifications are cost-effective in meeting the FERC directive.

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

Greg Davis, Georgia Transmission Corporation, 1, 1/24/2022

- 0 - 0

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

Dana Showalter, Electric Reliability Council of Texas, Inc., 2, 1/24/2022

- 0 - 0

It depends on the final version of this standard. PNMR is concerned that this feels like an all or nothing requirement. What are the restoration requirements? What if we lose connection and ability to transmit RTA and RTm data for 10 seconds, 30 seconds, 30 minutes? Do we have a potential non compliance? There should be some timedriven measure. Availability, like confidentiality and integrity, is a risk and methods to address the risk should be implemented.

Amy Wesselkamper, On Behalf of: PNM Resources - Public Service Company of New Mexico, , Segments 1, 3

- 0 - 0

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

I support the comments submitted by Sean Erickson (WAPA). 

Erin Green, On Behalf of: Erin Green, , Segments 1, 6

- 0 - 0

Implementation will increase costs for Responsible Entities. The changes will have unforeseen consequences.  For responsible entities these consequences will be incurred in terms of additional equipment,software licensing, contract modifications and man hours involved in planning, implementation,processes, maintenance and monitoring.

sean erickson, Western Area Power Administration, 1, 1/24/2022

- 0 - 0

- 0 - 0

Hot Answers

OPG supports the NPCC Regional Standards Committee no NGrid‘s comments.

Constantin Chitescu, Ontario Power Generation Inc., 5, 1/24/2022

- 0 - 0

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Other Answers

Compliance with the availability requirement may involve the installation of back-up communications.  We are current experiencing delays in obtaining equipment necessary to install a dedicated line (six months from time of order).  This type of delivery challenge may necessitate an extension in the enforcement date for CIP-012-2.

DTE Energy - DTE Electric, Segment(s) 3, 5, 4, 12/8/2021

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 10/18/2018

- 0 - 0

Jay Sethi, On Behalf of: Manitoba Hydro - MRO - Segments 1, 3, 5, 6

- 0 - 0

Patricia Lynch, NRG - NRG Energy, Inc., 5, 1/17/2022

- 0 - 0

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 1/18/2022

- 0 - 0

Katie Connor, On Behalf of: Duke Energy - SERC, RF - Segments 1, 3, 5, 6

- 0 - 0

Martin Sidor, NRG - NRG Energy, Inc., 6, 1/18/2022

- 0 - 0

Black Hills Corporation agrees that a 24 month implementation time is reasonable, however where vendors are involved that timeframe could become challenging.    

Jennifer Malon, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 0 - 0

Matthew Jaramilla, On Behalf of: Salt River Project, WECC, Segments NA - Not Applicable

- 0 - 0

Tim Kelley, On Behalf of: Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6

- 0 - 0

- 0 - 0

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 0 - 0

Consumers Energy Company, Segment(s) 1, 3, 4, 5, 11/29/2017

- 0 - 0

Joseph DePoorter, 1/19/2022

- 0 - 0

Ronald Bender, Nebraska Public Power District, 5, 1/19/2022

- 0 - 0

Richard Jackson, U.S. Bureau of Reclamation, 1, 1/19/2022

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 1/19/2022

- 0 - 0

We do not recommend adding availability to the scope of CIP-012, since availability of operational data is already addressed in other NERC Reliability Standards, specifically the provisions of TOP-001 and IRO-002, which require redundant and diversely routed data exchange infrastructure implementation and testing. 

FE Voter, Segment(s) 1, 3, 5, 6, 4, 12/20/2021

- 0 - 0

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Steve Toosevich, NiSource - Northern Indiana Public Service Co., 1, 1/20/2022

- 0 - 0

The need for a 24 month implementation plan is paramount to reliably and securely implement this standard.  If the standard is implemented as written, 24 months will be needed to apply the recovery procedures as outlined.  Registered Entities will need to work with their neighbors on the development of recovery plans; for example, an RTO/ISO will need to ensure recovery plans are in place for the availability of communications links with each of its members.  Also, this standard involves more than just developing a recovery plan.  Since these assets are not owned by Functional Entities subject to CIP-002, the utilization of CIP-008 and CIP-009 plans may not be relevant, and entities will have to develop their own recovery plans from scratch.  Entities will have to work with telecommunication providers to set up new links and test them for recovery if they have not already done so.  Finally, if supply chain issues cause delays in obtaining the required components needed for industry to fully implement V1 of this standard, then extra time will be needed for implementation until the supply chain issues are mitigated and resources are available.

Kendra Buesgens, On Behalf of: MRO - MRO - Segments 1, 2, 3, 4, 5, 6

- 0 - 0

Marcus Bortman, APS - Arizona Public Service Co., 6, 1/20/2022

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

Daniela Hammons, CenterPoint Energy Houston Electric, LLC, 1, 1/21/2022

- 0 - 0

CHPD, Segment(s) 5, 6, 3, 1, 1/21/2022

- 0 - 0

WECC proposes the SDT consider changing to a 12 or 18-month Implementation Plan.

Steven Rueckert, Western Electricity Coordinating Council, 10, 1/21/2022

- 0 - 0

Dwanique Spiller, On Behalf of: Berkshire Hathaway - NV Energy, WECC, Segments 5

- 0 - 0

Consider current supply chain landscape impacts to procuring technology to support this implementation 

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 1/21/2022

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 1/21/2022

- 0 - 0

JT Kuehne, AEP, 6, 1/21/2022

- 0 - 0

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 6

- 0 - 0

Joseph Amato, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 1/21/2022

- 0 - 0

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

As identified in answers to Questions above, at this time BC Hydro does not have sufficient information to affirm whether 24 months will be adequate to implement the solutions to comply with the changes proposed in Project 2020-04 for CIP-012.

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

Jennie Wike, On Behalf of: John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6

- 0 - 0

David Jendras, Ameren - Ameren Services, 3, 1/24/2022

- 0 - 0

Larry Watt, Lakeland Electric, 1, 1/24/2022

- 0 - 0

Susan Sosbe, Wabash Valley Power Association, 3, 1/24/2022

- 0 - 0

Daniel Gacek, Exelon, 1, 1/24/2022

- 0 - 0

Kinte Whitehead, Exelon, 3, 1/24/2022

- 0 - 0

Cynthia Lee, 1/24/2022

- 0 - 0

Becky Webb, 1/24/2022

- 0 - 0

No: NCPA does not agree that 24 months is long enough to implement other solutions.  Many of these implementations require 3rd party ISPs to install circuits.  In many cases it can take 6 months or more to get a circuit installed when it is available, however depending on location it can be years before circuitry is locally available.  

Chris Carnesi, On Behalf of: Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6

- 0 - 0

Eversource  supports the comments of EEI.

Eversource Group, Segment(s) 1, 3, 9/1/2021

- 0 - 0

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

Donna Wood, Tri-State G and T Association, Inc., 1, 1/24/2022

- 0 - 0

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

The NAFG supports the proposed implementation plan timeframe. GO/GOPs needing to procure equipment to demonstrate compliance must navigate both organizational system development life cycle processes and national supply chain constraints.

Wayne Sipperly, On Behalf of: North American Generator Forum, MRO, WECC, Texas RE, NPCC, SERC, RF, Segments 5

- 0 - 0

Consider current supply chain landscape impacts to procuring technology to support this implementation.

 

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 1/24/2022

- 0 - 0

Gail Golden, On Behalf of: Entergy - Entergy Services, Inc., , Segments 1, 5

- 0 - 0

MPC supports comments submitted by the MRO NERC Standards Review Forum.

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

Santee Cooper, Segment(s) 1, 3, 5, 6, 1/24/2022

- 0 - 0

This standard involves technology and protocol changes. More time is warranted to effectively implement these changes.

James Baldwin, Lower Colorado River Authority, 1, 1/24/2022

- 0 - 0

This standard involves technology and protocol changes. More time is warranted to effectively implement these changes.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

ACES Standard Collaborations, Segment(s) 1, 3, 4, 5, 1/24/2022

- 0 - 0

LaKenya VanNorman, On Behalf of: Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3

- 0 - 0

We cannot answer until we understand what “availability” means and the availability’s scope. Scope refers to how deeply an entity must depend on other companies. We request clarification on 1) what availability means and 2) what is availability’s scope.

NPCC Regional Standards Committee no NGrid, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 1/24/2022

- 0 - 0

PG&E supports the 24-month implementation plan.

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

Greg Davis, Georgia Transmission Corporation, 1, 1/24/2022

- 0 - 0

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

Dana Showalter, Electric Reliability Council of Texas, Inc., 2, 1/24/2022

- 0 - 0

PNMR recommends 36 month implementation guidance due to supply chain challenges

Amy Wesselkamper, On Behalf of: PNM Resources - Public Service Company of New Mexico, , Segments 1, 3

- 0 - 0

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

I support the comments submitted by Sean Erickson (WAPA). 

Erin Green, On Behalf of: Erin Green, , Segments 1, 6

- 0 - 0

We do not believe the implementation time frame is adequate because it is unclear whether encryption is or is not required, nor can we predicte the length of time to it will take to plan necessary changes, implementation of the changes,management and development of processes and procideures.

sean erickson, Western Area Power Administration, 1, 1/24/2022

- 0 - 0

- 0 - 0

Hot Answers

OPG supports the NPCC Regional Standards Committee no NGrid‘s comments.

Constantin Chitescu, Ontario Power Generation Inc., 5, 1/24/2022

- 0 - 0

If the SDT’s intent was to point to Operations standards (TOP/IRO) to explain the “Availability timeframes” or server redundancy or site redundancy then our suggestion is that they spell that out or point to other standards.  

Southern Company, Segment(s) 1, 3, 6, 5, 1/14/2021

- 0 - 0

Other Answers

DTE Energy - DTE Electric, Segment(s) 3, 5, 4, 12/8/2021

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 10/18/2018

- 0 - 0

Jay Sethi, On Behalf of: Manitoba Hydro - MRO - Segments 1, 3, 5, 6

- 0 - 0

Please see comments provided above

Patricia Lynch, NRG - NRG Energy, Inc., 5, 1/17/2022

- 0 - 0

Thank you for the opportunity to comment.

Jennifer Bray, Arizona Electric Power Cooperative, Inc., 1, 1/18/2022

- 0 - 0

Following is Duke Energy’s suggested rewording of the SDT’s proposed draft sub requirements for R1. We appreciate the effort that went into consolidating R2 into R1 and the opportunity to provide feedback.

1.1  Identification of security protection(s), the Responsible Entity applied to mitigate the risks posed by unauthorized disclosure or unauthorized modification of data used for Real-time Assessment and Real-time monitoring while such data is being transmitted between Control Centers.

1.2 Identification of controls, the Responsible Entity implemented to protect the availability of communication links used to transmit data between Control Centers for Real-time Assessment and Real-time monitoring as to ensure timely and accurate data communication.

1.3  Identification of methods by the Responsible Entity, to be used for the recovery of communication links to transmit Real-time Assessment and Real-time monitoring data between Control Centers.

1.4 Identification of where the Responsible Entity has applied the protections and controls identified in Parts 1.1 and 1.2; and

1.5  If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for applying protections and controls to data being transmitted between Control Centers as required in Parts 1.1 and 1.2.

FERC Order No. 866 spoke directly to recovery. Recovery in the standard aligns with this; however, restoration and recovery are both used in the Implementation Guidance. We are requesting clarification if “recovery and restoration” are meant to be interchangeable. We recommend that the Implementation Guidance solely reference the term recovery, since recovery and restoration have different technical implications

Katie Connor, On Behalf of: Duke Energy - SERC, RF - Segments 1, 3, 5, 6

- 1 - 0

Martin Sidor, NRG - NRG Energy, Inc., 6, 1/18/2022

- 0 - 0

Jennifer Malon, On Behalf of: Black Hills Corporation - MRO, WECC - Segments 1, 3, 5, 6

- 0 - 0

Matthew Jaramilla, On Behalf of: Salt River Project, WECC, Segments NA - Not Applicable

- 0 - 0

Tim Kelley, On Behalf of: Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Goi, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Nicole Looney, Sacramento Municipal Utility District, 1,3,4,5,6; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Kevin Smith, Balancing Authority of Northern California, 1; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Charles Norton, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6; Foung Mua, Sacramento Municipal Utility District, 1,3,4,5,6

- 0 - 0

- 0 - 0

ATC supports the SDT’s approach to permit each Registered Entity to define availability within a CIP-012 plan, as opposed to having this term defined in the glossary of terms. Defining “availability” in the glossary of terms would be too prescriptive an approach especially considering the prevalent use of this word is in other Reliability Standards, and the broad ranging impacts and unintended consequences that a definition could have on other mandatory regulations outside the scope of this SDT’s SAR. ATC appreciates the flexibility this draft provides entities and supports objective-based requirements that steer away from one-size-fits-all definitions.

LaTroy Brumfield, On Behalf of: American Transmission Company, LLC, , Segments 1

- 3 - 0

Consumers Energy Company, Segment(s) 1, 3, 4, 5, 11/29/2017

- 0 - 0

NONE

Joseph DePoorter, 1/19/2022

- 0 - 0

NPPD supports the SDT’s approach to permit each Registered Entity to define availability within a CIP-012 plan, as opposed to having this term defined in the glossary of terms. Defining “availability” in the glossary of terms would be too prescriptive an approach. NPPD appreciates the flexibility this draft provides entities and supports objective-based requirements that steer away from one-size-fits-all definitions.

Ronald Bender, Nebraska Public Power District, 5, 1/19/2022

- 2 - 0

The terminology continues to be confusing, especially for those unfamiliar with the underlying FERC Order. The concepts could be explained in R1 using simple, plain language.

The changes proposed are a significant increase in the scope of the standard, which will have a substantial impact on affected entities and should not be taken without appropriate consideration. Some communications paths are already covered under other NERC standards.

Proposed R1.2 recovery plans should be included under CIP-009 instead of CIP-012-2.

To minimize churn among standard versions, Reclamation recommends the SDT fully scope each project before developing proposed modifications to ensure all of FERC’s desired requirements are included, thereby precluding the need for FERC to order approval with additional modifications. For CIP-012, Reclamation recommends the SDT coordinate changes with Projects 2016-02 and Project 2019-03. This will reduce the chance that standards conflict with one another and will better align related standards.

Richard Jackson, U.S. Bureau of Reclamation, 1, 1/19/2022

- 0 - 0

Texas RE noticed a potential reliability gap between proposed CIP-012-2 and CIP-008-6.  CIP-008-6 seeks to “mitigate the risk to the reliable operation of the BES as a result of a Cyber Security Incident by specifying incident response requirements” (CIP-008-6 Purpose Statement).  The definitions of Cyber Security Incident and Reportable Cyber Security Incident may not cover cyberattacks targeted toward disrupting the confidentiality, integrity, or availability of Control Center communications.  Texas RE recommends the definitions of Cyber Security Incident, Reportable Cyber Security Incident, and the applicable systems column of CIP-008-6 be modified to explicitly include situations where the confidentiality, integrity, or availability of Control Center communications is targeted.  

Rachel Coyne, Texas Reliability Entity, Inc., 10, 1/19/2022

- 0 - 0

There is nothing in Guidance Document that provides information on protections for availability of data.  The guidance deals with confidentially and integrity of data.

FE Voter, Segment(s) 1, 3, 5, 6, 4, 12/20/2021

- 0 - 0

Andrea Jessup, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Steve Toosevich, NiSource - Northern Indiana Public Service Co., 1, 1/20/2022

- 0 - 0

Kendra Buesgens, On Behalf of: MRO - MRO - Segments 1, 2, 3, 4, 5, 6

- 0 - 0

Marcus Bortman, APS - Arizona Public Service Co., 6, 1/20/2022

- 0 - 0

As mentioned above, Dominion Energy supports EEIs comments. In addition, Dominion Energy has the following suggestion for language in R1.2 that would allow this requirement to be actionable by industry:

Identification of methods to be used for the recovery of communication link components controlled by each Responsible Entity and response plans used for the recovery of communication links not controlled by the Responsible Entity used to transmit Real-Time Assessment and Real-time monitoring data between Control Centers.

Dominion, Segment(s) 3, 5, 1, 9/19/2019

- 0 - 0

Daniela Hammons, CenterPoint Energy Houston Electric, LLC, 1, 1/21/2022

- 0 - 0

With the content of the previous R1.2 moved to R1.3, the updated R1.2 deals with recovery methods that appear to go beyond the FERC Order No. 866 directive and aren’t applicable to many Registered Entities.  Communications links between Control Centers operated by different Registered Entities are dependent on telecommunication companies.  For many Registered Entities, the method to recover a link is a support call to their region’s contracted telecommunication provider.

CHPD, Segment(s) 5, 6, 3, 1, 1/21/2022

- 0 - 0

The Implmentation Guidance and Technical Rationale appear to infer encryption is the only method to meet the security objectives to mitigate the risks posed by unauthorized disclosure, unauthorized modification of applicable data. Consider providing examples an entity could altnatively consider to also meet the security objectives.

For example:

1.      An entity owned, operated and managed communication link.

2.      Monitoring, detecting, alerting and response to any possible unauthorized disclosure or unauthorized modification of applicable data transmitted on a ­­­communication link between Control Centers.

Steven Rueckert, Western Electricity Coordinating Council, 10, 1/21/2022

- 0 - 0

None at this time.

Dwanique Spiller, On Behalf of: Berkshire Hathaway - NV Energy, WECC, Segments 5

- 0 - 0

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 1/21/2022

- 0 - 0

The current wording of the proposed standard gives IESO the flexibility to address the availability controls of the data itself in addition to the just the availability controls associated with solely with the communications link.

 

IESO recommends that that the definition of term “availability” be futher clarified with the addition of the wording “as determined by the Responsible Entity”

Leonard Kula, Independent Electricity System Operator, 2, 1/21/2022

- 0 - 0

AEP appreciates the efforts of the SDT on this project. Please see below for additional comments.

While AEP agrees that creating a plan to account for the security and availability of Real-time Assessment and Real-time monitoring data is crucial as part of FERC Order No. 866, we believe the revisions to CIP-012-2 need to be more prescriptive to capture the expected contents of the plan. For example, page 4 of the Technical Rationale document lays out an expectation and relationship with CIP-008 and CIP-009 plans, “The SDT recognized that Responsible Entities may already have plans to address these contingencies in their CIP-008 and CIP-009 plan(s) and these could be referenced as part of their CIP-012 plan to meet the requirement and avoid duplication of effort.”

However, the applicable systems for CIP-008 and CIP-009 are different than the devices that would receive protections for CIP-012. With that in mind, AEP suggests that NERC take either of the following action:

(1)  Create the desired components of CIP-008 and CIP-009 as explicit requirements and sub-requirements within CIP-012; or

(2)  Create a new classification for CIP-012 devices (e.g., “associated networking equipment”) and determine the specific requirements within the other CIP standards that apply to that classification.

JT Kuehne, AEP, 6, 1/21/2022

- 0 - 0

Bryan Koyle, On Behalf of: Southern Indiana Gas and Electric Co., RF, Segments 6

- 0 - 0

No comments.

Joseph Amato, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 1/21/2022

- 0 - 0

N&ST believes that both the proposed availability language of CIP-012 R1 and the accompanying draft Implementation Guidance lack sufficient clarity regarding the scope of a Responsible Entity’s CIP-012 availability obligations: Where do they begin and end? The Implementation Guidance document seems to suggest that inter- Control Center communications channels subject to CIP-012 should include literally everything either utilizing or comprising those channels, including the sending and receiving hosts. Evidence supporting this opinion includes the statement, “The SDT also recognizes that the availability components within the plan may or may not be applied to Cyber Assets identified as BES Cyber Assets.” Should Entities include ICCP servers, which are almost always identified as BES Cyber Systems and, for High and Medium Impact, located within Electronic Security Perimeters, in their CIP-012 availability plans? If so, will Entities with only single ICCP servers be expected to procure additional ones for redundancy? N&ST is concerned that by discussing endpoint hosts, the SDT may be expanding the scope of CIP-012 beyond FERC’s mandate. At the very least, the draft Implementation Guidance raises questions we believe the SDT should answer. If it does not, experience suggests to us that NERC and/or the Regions will.

Additional Guidance document statements and phrases that N&ST believes need clarification include:

“Availability protection can be shown with network diagrams showing multiple circuits, redundant systems, application details or other documentation describing the protections used.”

What kind of systems? Switches? Routers? Endpoint hosts? The SDT should provide examples.

The phrase, “entire communications link” is used several times. The SDT should define what this means, as well as whether or not endpoints are subject to CIP-012.

Roger Fradenburgh, On Behalf of: Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1; Nicholas Lauriat, Network and Security Technologies, 1

- 0 - 0

BC Hydro suggests adding more clarity to term 'availability' by providing a more detailed definition. Although the SDT has proposed the use of the NIST definition of "Ensuring timely and reliable access to and use of information" for defining the term 'availability' in the Technical Rationale document, a more detailed and specific definition concerning the application and use, specifically at NERC entities, will help improve a clear understanding and easier implementation. BC Hydro also suggests including some pertinent use cases and examples.

BC Hydro, Segment(s) 3, 5, 1, 12/18/2018

- 0 - 0

Jennie Wike, On Behalf of: John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; John Merrell, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Marc Donaldson, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Hien Ho, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Terry Gifford, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6; Ozan Ferrin, Tacoma Public Utilities (Tacoma, WA), 1,3,4,5,6

- 0 - 0

David Jendras, Ameren - Ameren Services, 3, 1/24/2022

- 0 - 0

This 'availability' requirement should be moved to the O&P standards.

Larry Watt, Lakeland Electric, 1, 1/24/2022

- 0 - 0

Thank you for your hard work and allowing Entities to provide feedback. 

Susan Sosbe, Wabash Valley Power Association, 3, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Daniel Gacek, Exelon, 1, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Kinte Whitehead, Exelon, 3, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Cynthia Lee, 1/24/2022

- 0 - 0

Exelon has chosen to align with EEI in response to this question.

Becky Webb, 1/24/2022

- 0 - 0

N/A

Chris Carnesi, On Behalf of: Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6; Dennis Sismaet, Northern California Power Agency, 3,4,5,6; Marty Hostler, Northern California Power Agency, 3,4,5,6; Jeremy Lawson, Northern California Power Agency, 3,4,5,6

- 0 - 0

Eversource  supports the comments of EEI.

Eversource Group, Segment(s) 1, 3, 9/1/2021

- 0 - 0

N/A

Amy Jones, On Behalf of: Public Utility District No. 2 of Grant County, Washington, , Segments 1, 4, 5, 6

- 0 - 0

The phrase “and components used to provide availability protections” was added to both the technical rationale document and the implementation guidance for R1.3. As mentioned in our comment to question 2, if we contract with a 3rd party for security and availability (such as CAISO's AT&T DMVPN solution), we may not be privy to the specific component(s) where the availability protection is being applied. Additionally, this seems to be unnecessarily prescriptive. We recommend this phrase be removed from both documents.

Also, the implementation guidance doesn’t acknowledge that not all entities involved are Registered Entities (such as a common carrier like AT&T). We recommend adding language to acknowledge those situations may exist, at a minimum.

Donna Wood, Tri-State G and T Association, Inc., 1, 1/24/2022

- 0 - 0

None at this time.

Gail Elliott, On Behalf of: Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1; Michael Moltane, International Transmission Company Holdings Corporation, 1

- 0 - 0

The NAGF has no additional comments.

Wayne Sipperly, On Behalf of: North American Generator Forum, MRO, WECC, Texas RE, NPCC, SERC, RF, Segments 5

- 0 - 0

Lindsay Wickizer, Berkshire Hathaway - PacifiCorp, 6, 1/24/2022

- 0 - 0

Is this not an overlap with TOP-001-5 R20, R23? Or is the gap due to the communication links between control centers / data centers?

TOP-001-5 R20. Each Transmission Operator shall have data exchange capabilities, with redundant and diversely routed data exchange infrastructure within the Transmission Operator's primary Control Center, for the exchange of Real‐time data with its Reliability Coordinator, Balancing Authority, and the entities it has identified it needs data from in order for it to perform its Real‐time monitoring and Real‐time Assessments.  

Same question but in regards to EOP-008-2. Would this not fall under “Loss of Control Center Functionality”? Or is FERC / NERC focused on the dealing with impacts to the specific processes associated with the Real-time Assessment and Real-time Monitoring tasks?

Finally – how far does this extend? Is this limited to the loss of availabliity of data associated with the security protections applied between control centers/ data centers? Or would it also stretch to wider data losses, such as external measurements sourced via ICCP, substation data sourced via RTU, or system-to-system communications within a control center / data center? The requirement as written, seems overly broad in scope when accounting for all of the data required to perform Real‐time monitoring and Real‐time Assessments.

Gail Golden, On Behalf of: Entergy - Entergy Services, Inc., , Segments 1, 5

- 0 - 0

Andy Fuhrman, On Behalf of: Minnkota Power Cooperative Inc. - MRO - Segments 1, 5

- 0 - 0

Santee Cooper, Segment(s) 1, 3, 5, 6, 1/24/2022

- 0 - 0

Throughout the supporting documentation there are references to CIP-008 and CIP-009; however, these standards are not applicable to communication between control centers. By including CIP-008 and CIP-009 in the implementation of CIP-012, there may be unintended scope creep of CIP-008 and CIP-009.

James Baldwin, Lower Colorado River Authority, 1, 1/24/2022

- 0 - 0

Throughout the supporting documentation there are references to CIP-008 and CIP-009; however, these standards are not applicable to communication between control centers. By including CIP-008 and CIP-009 in the implementation of CIP-012, there may be unintended scope creep of CIP-008 and CIP-009.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

We would like to thank the SDT for all their hard work and allowing us to provide feedback.

ACES Standard Collaborations, Segment(s) 1, 3, 4, 5, 1/24/2022

- 0 - 0

This 'availability' requirement should be moved to the O&P standards.

LaKenya VanNorman, On Behalf of: Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3; Neville Bowen, Ocala Utility Services, 3

- 0 - 0

We request that future posting of all CIP Standards include a redline to the last approved. This redline will help SMEs determine the change and thereby complete comment forms faster.

 

The Implementation Guidance refers to a NIST definition of availability. NIST could change its definition without notifying entities. NIST’s definition is generic. We request clarification of CIP-012 availability.

 

In the fourth paragraph of the introduction in the Technical Rational, the following sentence needs to be corrected as there is no R2 in CIP-012-1. “CIP-012-1 Requirements R1 and R2 protect the applicable data during transmission between two separate Control Centers.”.  We believe the text should read R1 and R1.2.

NPCC Regional Standards Committee no NGrid, Segment(s) 10, 2, 4, 7, 3, 1, 5, 6, 1/24/2022

- 1 - 0

PG&E agrees with the Edison Electric Institute (EEI) comments related to the Introduction section having a reference to R2 that was removed in the most recent draft – the sections should be updated with the removal of R2.

PG&E All Segments, Segment(s) 1, 3, 5, 2/10/2020

- 0 - 0

GTC is concerned that the revisions to the technical rationale significantly alter the potential flexibility intended to be offered in requirements such as requirement 1.3.  In addition, the inclusion of infeasible alternatives to availability such as backing up ICCP data with DNP3 is problematic, and GTC recommends that the SDT review the proposed revisions to the technical rationale and implement revisions to retain the original flexibility of implementation and to better ensure that suggested methods for compliance are actionable.

Greg Davis, Georgia Transmission Corporation, 1, 1/24/2022

- 0 - 0

See EEI Comments.

Clay Walker, On Behalf of: Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6; Robert Hirchak, Cleco Corporation, 1,3,5,6; Stephanie Huffman, Cleco Corporation, 1,3,5,6; Wayne Messina, LaGen, 4; Maurice Paulk, Cleco Corporation, 1,3,5,6; John Lindsey, Cleco Corporation, 1,3,5,6

- 0 - 0

The Introduction section has a reference to R2 that should be removed now that R2 has been deleted by the SDT (see below):

“Although the Commission directed NERC to develop modifications to CIP-006, the SDT determined that modifications to CIP-006 would not be appropriate for securing the data. There are differences between the plan(s) required to be developed and implemented for CIP-012-1 and the protection required in CIP-006 Requirement R1 Part 1.10. CIP-012-1 Requirements R1 and R2 protect the applicable data during transmission between two separate Control Centers. CIP-006 Requirement R1 Part 1.10 protects nonprogrammable communication components within an Electronic Security Perimeter (ESP) but outside of a Physical Security Perimeter (PSP). The transmission of applicable data between Control Centers takes place outside of an ESP. Therefore, the protection addressed in CIP-006 Requirement R1 Part 1.10 does not apply.

Mark Gray, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

The VSL table appears incomplete. ERCOT would encourage the drafting team to ensure there is consistency among standards with plans that are documented versus implemented, perhaps by identifying documentation versus implementation separately within the VSL matrix. Further, the VSLs refer to Requirement R2, which was removed in the Nov 2021 Draft.

Dana Showalter, Electric Reliability Council of Texas, Inc., 2, 1/24/2022

- 0 - 0

Amy Wesselkamper, On Behalf of: PNM Resources - Public Service Company of New Mexico, , Segments 1, 3

- 0 - 0

GSOC is concerned that the revisions to the Technical Rationale significantly alter the potential flexibility intended to be offered in requirements such as Requirement 1.3.  In addition, the inclusion of infeasible alternatives to availability such as backing up ICCP data with DNP3 is problematic, and GSOC recommends that the SDT review the proposed revisions to the Technical Rationale and implement additional revisions to retain the original flexibility of implementation and to better ensure that suggested methods for compliance are actionable.

Benjamin Winslett, On Behalf of: Georgia System Operations Corporation, , Segments 3, 4

- 0 - 0

Erin Green, On Behalf of: Erin Green, , Segments 1, 6

- 0 - 0

We do not agree with the draft language proposed. The standard purpose and requirements are to protect the confidentiality, availability and integrity (CIA) of Real-time Assessmentand Real-time monitoring data transmitted between Control Centers. While this language maps to the standard tenents of information assurance controls, the requirements and miigation of risk cannot be achieved unless an entity uses encryption and manages the encryption keys.  

Once data packets carrying RTA/RTm data have egressed the physical Control Center or associated data center equipment/technology, an entity is relying on non-entity controlled or maintained  communicatition paths such as telecom carriers to transmit and route RTA/RTm data between Control Centers.

 

How is an entity able to “mitigate risks” of unauthorized disclosure and/or modification when RTA/RTm data is no longer in possession or control of the systems which transmit and carry such data?

 

Secondly, the phrase “while it is being transmitted” in context with availability requires an entity to only address entity owned and maintained equipment. This is because an entity cannot ensure the availability of RTA/RTm data beyond its possession. This phrase adds no value to the protection of data.

 

Because of this, industry and regulators alike will not be able to establish a clear understanding of what meets or what does not meet compliance, it may lead to additional administrative overhead, potential findings or self-reports or others issues. This position was also validated in the recent 12/8 Industry Webinar whereas the SDT’s Lead related that an entity is not required to implement encryption, but an auditor would ask for it.

 

We ask the SDT to:

a.      Remove or change the confidentiality and integrity language, and revise R1 to add the phrases “potential disclosure, potential modification and availability.”

b.      Remove the phrase “while being transmitted".

c.       Remove the term “links.” There is no such term and this may apply to many different things.

d.      Clarify if RTA/RTm data is BES Cyber System Information.

e.      Instead of relying on a one size fits all definition for the CIA triad the SDT would be better suited in defining a list of controls that responsibilities can implement and if used in concert with each other mitigate the risks posed by unauthorized disclosure and unauthorized modification of Real-time Assessment and Real-time Monitoring Data.

sean erickson, Western Area Power Administration, 1, 1/24/2022

- 0 - 0

Evergy supports and incorporates by reference Edison Electric Institute’s (EEI) response to Question 5.

- 0 - 0