NERC FFT Reports: Reliability Standard CIP-001-1

Alert

26 min read

 

APX Power Markets, Inc. (APX), Docket No. RC13-7-000 (March 27, 2013)

Reliability Standard: CIP-001-1

Requirement: 1

Region: TRE

Issue: While conducting a compliance audit in January 2013, TRE found APX, a registered GOP, to have been non-compliant with CIP-001-1 in that for a period of 13 weeks APX had no procedures in place to recognize sabotage events nor did it have procedures for making its employees aware of sabotage events to its facilities and multi-site sabotage events to broader portions of the Interconnection. The period of non-compliance was from May 3, 2010, the date APX registered with NERC, until August 10, 2010, the date APX began its sabotage recognition and reporting procedure.

Finding: The issue was deemed to pose minimal risk to BPS reliability and not serious or substantial risk because of the short time period involved, during which APX was drafting its procedure. In addition, during the relevant time frame, APX did not own or directly operate generators connected to the BPS.

California Department of Water Resources (CDWR), Docket No. RC12-12 (May 30, 2012)

Reliability Standard: CIP-001-1

Requirement: R3

Region: WECC

Issue: While conducting an audit of CDWR, the Audit Team found that although CDWR had existing procedures for the recognition of, and for making operating personnel aware of, sabotage events on its facilities; however, CDWR could not show that it provided its operators with those procedures, including contact information.

Finding: The issue was found to pose minimal risk to BPS reliability because CDWR operating staff knew how to identify a sabotage event and the parties to be contacted in the event of a sabotage.

City of Gardner, FERC Docket No. RC12-11 (April 30, 2012)

Reliability Standard: CIP-001-1

Requirement: R1

Region: SPP

Issue: During a compliance audit, SPP found that the City of Gardner (Gardner), as a LSE, did not possess sabotage reporting procedures to recognize and make operating personal aware of sabotage events on facilities as well as multi-site sabotage events that affect larger portions of the Interconnection.

Finding: SPP found that this issue constituted only a minimal risk to the BPS as a result of Gardner’s small size and insignificant ownership interest in the BPS. Gardner is a small municipal electric utility, which has a generation capacity of less than 30 MW and with fewer than 7000 electric customers. In addition, Gardner does not have any CAs or CCAs. The issue lasted from December 20, 2007 through December 31, 2008.

City of Gardner, FERC Docket No. RC12-11 (April 30, 2012)

Reliability Standard: CIP-001-1

Requirement: R1, R2, R3, R4

Region: SPP

Issue: During a compliance audit, SPP found that the City of Gardner (Gardner), as a LSE, did not possess sabotage reporting procedures to recognize and make operating personal aware of sabotage events on its facilities as well as multi-site sabotage events that affect larger portions of the Interconnection (R1). Gardner’s sabotage reporting procedures also did not contain provisions about communicating information on sabotage events to the appropriate parties in the Interconnection (R2) or procedures detailing how Gardner’s operating personnel should report disturbances from sabotage events (R3). In addition, Gardner had not established contacts with the local FBI officials or developed other needed reporting procedures (R4).

Finding: SPP found that the issues constituted only a minimal risk to the BPS as a result of Gardner’s small size and insignificant ownership interest in the BPS (as any sabotage on Gardner’s system would have minimal effect on the BPS). Gardner is a small municipal electric utility, which has a generation capacity of less than 30 MW and with fewer than 7000 electric customers. In addition, Gardner does not have any CAs or CCAs. The issues lasted from December 20, 2007 through December 31, 2008.

EnerNOC, Inc. (EnerNOC), Docket No. RC12-16 (September 28, 2012)

Reliability Standard: CIP-001-1

Requirement: 1

Region: Texas RE

Issue: During an audit, Texas RE found that EnerNOC, as an LSE and demand response provider in the ERCOT service region, failed to incorporate a definition of sabotage events or include contingency plans to recognize sabotage events in its security plans (Disaster Recovery procedures, Crisis Management Plan, Computer Security Incident Response Team, and Business Contingency Plans). Furthermore, procedures were not in place for alerting its operating personnel of any such sabotage events until March 26, 2012, when revised sabotage event plans and procedures were finalized.

Finding: Texas RE found the issue posed a minimal risk to the reliability of the BPS because EnerNOC had existing procedures in place to address cyber and physical emergency events. In addition, EnerNOC's largest emergency interruptible load service in this area is 12.8 MW, while its maximum total capability of demand response is 150 MW. Furthermore, EnerNOC does not have large physical structures or facilities interconnected to the grid that would be susceptible to sabotage. Also, the risk to the BPS was mitigated by the fact EnerNOC utilizes multiple data and dispatch centers, which are less susceptible to cyber attacks.

EnerNOC, Inc. (EnerNOC), Docket No. RC12-16 (September 28, 2012)

Reliability Standard: CIP-001-1

Requirement: 2

Region: Texas RE

Issue: During an audit, Texas RE found that EnerNOC, as an LSE and demand response provider in the ERCOT service region, failed to incorporate a definition of sabotage events or include appropriate procedures for disseminating information concerning sabotage events in its security plans (Disaster Recovery procedures, Crisis Management Plan, Computer Security Incident Response Team, and Business Contingency Plans). EnerNOC failed to comply with the Standard until March 26, 2012, when it revised its plans and procedures.

Finding: Texas RE found the issue posed a minimal risk to the reliability of the BPS because EnerNOC had existing procedures in place to address cyber and physical emergency events. In addition, EnerNOC's largest emergency interruptible load service in this area is 12.8 MW, while its maximum total capability of demand response is 150 MW. Furthermore, EnerNOC does not have large physical structures or facilities interconnected to the grid that would be susceptible to sabotage. Also, the risk to the BPS was mitigated by the fact EnerNOC utilizes multiple data and dispatch centers, which are less susceptible to cyber attacks.

EnerNOC, Inc. (EnerNOC), Docket No. RC12-16 (September 28, 2012)

Reliability Standard: CIP-001-1

Requirement: 3

Region: Texas RE

Issue: During an audit, Texas RE found that EnerNOC, as an LSE and demand response provider in the ERCOT service region, failed to incorporate a definition of sabotage events or include sabotage response guidelines for operating personnel reporting disturbances in its security plans (Disaster Recovery procedures, Crisis Management Plan, Computer Security Incident Response Team, and Business Contingency Plans). EnerNOC failed to comply with the Standard until March 26, 2012, when it revised its plans and procedures.

Finding: Texas RE found the issue posed a minimal risk to the reliability of the BPS because EnerNOC had existing procedures in place to address cyber and physical emergency events. In addition, EnerNOC's largest emergency interruptible load service in this area is 12.8 MW, while its maximum total capability of demand response is 150 MW. Furthermore, EnerNOC does not have large physical structures or facilities interconnected to the grid that would be susceptible to sabotage. Also, the risk to the BPS was mitigated by the fact EnerNOC utilizes multiple data and dispatch centers, which are less susceptible to cyber-attacks.

Find, Fix and Track Entity, Docket No. RC11-6 (September 30, 2011)

Reliability Standard: CIP-001-1

Requirement: R1

Region: MRO

Issue: During a compliance audit, MRO found that FFT Entity and one of its members had not developed sabotage reporting procedures (which included procedures for recognizing sabotage) as required.

Finding: MRO found that this issue constituted only a minimal risk to BPS reliability since FFT Entity’s employees were knowledgeable about sabotage issues. FFT Entity’s member’s employees were trained to report all potential or suspected incidents. FFT Entity’s member also did not own, operate or maintain any CAs.

Find, Fix and Track Entity, Docket No. RC11-6 (September 30, 2011)

Reliability Standard: CIP-001-1

Requirement: R1, R2, R3

Region: SERC

Issue: During a compliance audit, SERC determined that FFT Entity failed to have procedures for the recognition and for making its operating personnel aware of sabotage events in violation of R1; failed to have a procedure for the communication of information concerning sabotage events to the proper parties in the Interconnection in violation of R2; and failed to provide its operating personnel with sabotage response guidelines, including personnel to contact, for reporting disturbances due to sabotage events.

Finding: SERC found that this issue constituted only a minimal risk and did not pose a serious or substantial risk to the reliability of the BPS because FFT Entity does not own or operate any BPS equipment, is a minimal size facility, and it did have a security policy in place, the policy just did not meet the requirements of CIP-001-1.

Find, Fix and Track Entity, Docket No. RC11-6 (September 30, 2011)

Reliability Standard: CIP-001-1

Requirement: R1, R2, R3

Region: TRE

Issue: During an audit, TRE found that FFT Entity’s previous emergency response plan did not properly address procedures for recognizing sabotage events and making operating personnel aware of sabotage events (R1), procedures for communicating about sabotage events (R2), and sabotage response guidelines (R3). FFT Entity’s emergency response plan did contain procedures for communicating information during an emergency to the appropriate parties in the Interconnection and emergency response guidelines and the personnel to contact to report emergencies.

Finding: TRE found that these issues constituted only a minimal risk to BPS reliability since FFT Entity does not own any bulk electric system equipment, transmission lines, substations, UFLS, UVLS or SPS equipment.

Find, Fix and Track Entity, Docket No. RC11-6 (September 30, 2011)

Reliability Standard: CIP-001-1

Requirement: R2

Region: TRE

Issue: During an audit, TRE found that FFT Entity did not have sufficient procedures in place regarding plant operators communicating information about sabotage events to its Qualified Scheduling Entity (who would then communicate sabotage events to the Reliability Coordinator).

Finding: TRE found that this issue constituted only a minimal risk to BPS reliability since FFT Entity’s sabotage reporting procedures did include procedures for immediately contacting the local area TO (who was also performing some of the TO functions). In addition, FFT Entity’s generation facility only produced 80 MW and its operating personnel had access to the reporting procedures.

Find, Fix and Track Entity, Docket No. RC11-6 (September 30, 2011)

Reliability Standard: CIP-001-1

Requirement: R2, R3, R4

Region: TRE

Issue: During an audit, TRE found that FFT Entity did not have procedures in place that satisfied the requirements of Reliability Standard CIP-001-1 R2, R3 and R4 and that were distributed to its personnel until 2010. TRE found that FFT Entity was using an emergency procedure that included awareness of only some sabotage events that covered terrorist attacks.

Finding: TRE found that these issues constituted only a minimal risk to BPS reliability. Even though FFT Entity had deficient procedures in terms of covering potential terrorist attacks, the procedures in place did incorporate the contact information for appropriate parties in the Interconnection and had an FBI phone number. FFT Entity was only responsible for 30 MW of generation on the system, minimizing its potential impact on the BPS.

Find, Fix and Track Entity, FERC Docket No. RC12-1 (October 31, 2011)

Reliability Standard: CIP-001-1

Requirement: R1, R2, R3, R4

Region: SPP

Issue: FFT Entity self-certified that it had not developed mechanisms to recognize and make operating personnel aware of sabotage events on its facilities, as well as of multi-site sabotage events affecting larger parts of the Interconnection (R1). FFT Entity also self-certified that it did not have provisions for communicating information about sabotage events to relevant parties in the Interconnection (R2), for providing its operating personnel with the sabotage response guidelines (R3), or for developing communication contacts with the local FBI office (R4).

Finding: SPP found that the issues constituted only a minimal risk to BPS reliability. Instead of developing its own sabotage reporting documentation, FFT Entity had relied on a third-party process for sabotage reporting and therefore FFT Entity actually had a sabotage reporting procedure in place.

Find, Fix and Track Entity, FERC Docket No. RC12-1 (October 31, 2011)

Reliability Standard: CIP-001-1

Requirement: R1, R2, R3, R4

Region: TRE

Issue: FFT Entity self-certified that its initial sabotage procedures did not satisfy all of the requirements of the Reliability Standard and that its sabotage procedures were not distributed to its operating personnel (R1). In addition, FFT Entity’s initial sabotage procedures did not include sufficient information regarding communicating information about sabotage events to the appropriate parties in the Interconnection (R2), adequate response guidelines (R3), or proper reporting procedures, such as an FBI contact (R4).

Finding: TRE found that the issues constituted only a minimal risk to BPS reliability since FFT Entity did have in place sabotage-related procedures that covered the reporting of hazardous conditions (even though these procedures did not satisfy the Reliability Standard’s criteria). In addition, FFT Entity’s operating personnel were verbally instructed to report suspected sabotage events to the appropriate authorities.

Find, Fix and Track Entity, FERC Docket No. RC12-1 (October 31, 2011)

Reliability Standard: CIP-001-1

Requirement: R2, R4

Region: TRE

Issue: FFT Entity self-reported that it had not developed a mechanism to disseminate information on sabotage events to the appropriate parties in the Interconnection (R2). FFT Entity also self-reported that it did not possess a documented procedure for contacting the FBI in response to sabotage events (R4).

Finding: TRE found that the issues constituted only a minimal risk to BPS reliability since FFT Entity only owns and operates a small distribution system with two radial lines. In addition, during the period of violation, no other incident occurred on FFT Entity’s system related to this Reliability Standard.

Find, Fix, Track and Report, Docket No. RC12-2 (November 30, 2011)

Reliability Standard: CIP-001-1

Requirement: R1, R2, R3, R4

Region: MRO

Issue: FFT Entity self-reported noncompliance with CIP-001-1 for a period of 29 months because it did not (1) have procedures for the recognition of and for making its operating personnel aware of sabotage events on its facilities and multi-site sabotage affecting larger portions of the Interconnection (R1); (2) have procedures for communicating information regarding sabotage events to appropriate parties in the Interconnection (R2); (3) provide its operating personnel with sabotage response guidelines, including personnel to contact, for reporting disturbances due to sabotage events (R3); or (4) establish contacts with the local FBI and develop reporting procedures as appropriate to its circumstances (R4).

Finding: The issues posed a minimal risk and did not pose a serious or substantial risk to the reliability of the BPS because FFT Entity does not own any CCAs and, further, its total generation is rated at less than 200 MVA.

Find, Fix, Track and Report, Docket No. RC12-2 (November 30, 2011)

Reliability Standard: CIP-001-1

Requirement: R1, R2, R3, R4

Region: SPP

Issue: FFT Entity self-reported that it did not have a documented procedure for the recognition of sabotage and for making its operating personnel aware of sabotage events and multi-site sabotage affecting larger portions of the Interconnection (R1). Because FFT Entity did not have a documented sabotage reporting procedure as required by CIP-001-1 R1, it did not have documented procedure for communicating information concerning sabotage to other parties in the Interconnection (R2). FFT Entity further self-reported that, because it did not have a documented sabotage reporting procedure as required by CIP-001-1 R1, it did not have sabotage response guidelines for its operating personnel, as required by R3 and it did not have procedures for communicating with or communications contacts for the local FBI office, as required by R4.

Finding: SPP RE determined the issues posed a minimal risk and did not pose a serious or substantial risk to the reliability of the BPS because FFT Entity does not own or operate transmission facilities over 100 kV and is a small municipal electric utility with fewer than 18,000 electric customers.

Find, Fix and Track Entity, Docket No. RC12-7-000 (January 31, 2012)

Reliability Standard: CIP-001-1

Requirement: R2

Region: MRO

Issue: MRO determined FFT Entity breached CIP-001-1 R2 by failing to designate procedures to notify appropriate parties in the Interconnection for communication of information concerning sabotage events.

Finding: The issue posed minimal risk to the BPS for three reasons. First, FFT Entity does not have any Critical Assets. Second, it has not had any sabotage events to report. Third, FFT Entity owns less than 20 miles of transmission line and has a peak load of less than 100 MW.

Find, Fix and Track Entity, FERC Docket No. RC12-8 (February 29, 2012)

Reliability Standard: CIP-001-1

Requirement: R1

Region: TRE

Issue: During an audit, TRE determined that FFT Entity’s sabotage awareness documents did not incorporate, as required, any procedures to notify its operating personnel of sabotage events on its facilities or multi-site sabotage affecting larger portions of the Interconnection.

Finding: TRE found that the issue constituted only a minimal risk to the BPS since FFT Entity is small with a limited number of operating personnel and it was included in the county’s emergency management plan. There was also only a short period of non-compliance.

Karnes Electric Cooperative, Inc. (KEC), Docket No. RC13-10, June 27, 2013

Reliability Standard: CIP-001-1

Requirement: R1; R2; R3; R4

Region: TRE

Issue: Further to a Compliance Audit of KEC, a Load Serving Entity, TRE found issues with CIP-001-1 R1, R2, R3 and R3. Regarding R1, TRE found that KEC’s electric service emergency operations plan manual lacked procedures pertaining regarding the recognition of sabotage events. Regarding R2, TRE found that the same manual lacked procedures regarding communication of sabotage events. Regarding R3, TRE found that the manual lacked procedures for reporting sabotage events and that KEC lacked sufficient evidence to show that it had provided the guideline material to operating personnel. Regarding R4, TRE found that KEC’s manual lacked procedures for reporting information to local FBI, and that KEC was unable to show that it had established communications with the FBI prior to implementing the manual.

Finding: TRE determined that the issues posed a minimal risk to the reliability of the BPS because KEC’s emergency plan that was in place at the time of registration did mention sabotage events, and KEC had a list of people to contact in the event of such emergencies. KEC further attested that its operators were trained in the emergency procedures in 2008. Finally, KEC has a peak demand of approximately 65 MW.

Mission Valley Power (MVP), Docket No. RC12-13 (June 29, 2012)

Reliability Standard: CIP-001-1

Requirement: R4

Region: WECC

Issue: MVP, an LSE, submitted a self-report in June 2007 explaining that its sabotage response plan and corresponding sabotage response checklist did not have the local FBI contact information included.

Finding: The violation was deemed by WECC to pose minimal risk to BPS reliability because MVP did have an existing procedure to report events or acts of sabotage. The procedure, however, did not include the local FBI contact number.

National Nuclear Security Administration - Los Alamos National Laboratory (NNSAL), Docket No. RC12-13 (June 29, 2012)

Reliability Standard: CIP-001-1

Requirement: R1, R2, R3, R4

Region: WECC

Issue: While conducted an internal compliance review, NNSAL discovered compliance issues related to its role as an LSE. First, NNSAL did not have documented procedures for sabotage recognition and reporting (R1). Second, NNSAL had no communication procedures for sabotage events (R2). Third, NNSAL had no established response procedures for its operations staff (R3). Fourth, NNSAL had no established guidelines for reporting sabotage events to the local FBI office (R4).

Finding: The violations were deemed by WECC to pose minimal risk to BPS reliability because NNSAL did have informal procedures for sabotage event actions and reporting during the time period it was creating formal procedures. In addition, an FBI agent is located in the NNSAL Laboratory, and that person has direct FBI contact. NNSAL informally followed the guidelines for sabotage reporting set forth in the Department of Energy’s manual “Safeguards and Security Program Planning and Management.”

Noble Altona Windpark, LLC (Altona), Docket No. RC13-1 (October 31, 2012)

Reliability Standard: CIP-001-1

Requirement: 1, 2, 3

Region: NPCC

Issue: While conducting an off-site compliance audit in 2011, NPCC found that Altona, in its role as a GOP, had no procedure for recognizing and alerting operating personnel to sabotage events on its facilities and multi-site sabotage affecting larger portions of the Interconnection in violation of CIP-001-1 R1. Regarding R2, Altona had no procedure for communicating information regarding sabotage events to other parties in the Interconnection. Regarding R3, Altona had no guidelines for its operating personnel to follow in the event of system sabotage, including who to contact for reporting disturbances caused by sabotage events. These conditions existed since August 14, 2009, when Altona registered on the NERC Compliance Registry.

Finding: The issues were deemed by NPCC to pose minimal risk to BPS reliability. Even though Altona had no procedure for identifying sabotage and alerting operating personnel of sabotage events to its facilities and multi-sabotage affecting larger portions of the Interconnection, its parent company, Noble Environmental Power did have an emergency response policy in place that was used by its affiliated wind generation units (including Altona). The policy discussed what action to take in the event of an emergency, including turbine equipment failure, fire detection, and other events that could possibly affect the delivery of electricity to the grid and that could occur as a result of sabotage. In addition, the facility is a wind-powered variable energy facility with a maximum capacity of 97.5 MW. The variable nature of the output from the facility prevents it from being dispatched to support base load or being deemed critical generation within the Interconnection.

Noble Bliss Windpark (Bliss), LLC, Docket No. RC13-1 (October 31, 2012)

Reliability Standard: CIP-001-1

Requirement: 1, 2, 3

Region: NPCC

Issue: While conducting an off-site compliance audit in 2011, NPCC found that Bliss, in its role as a GOP, had no procedure for recognizing and alerting operating personnel to sabotage events on its facilities and multi-site sabotage affecting larger portions of the Interconnection in violation of CIP-001-1 R1. Regarding R2, Bliss had no procedure for communicating information regarding sabotage events to other parties in the Interconnection. Regarding R3, Bliss had no guidelines for its operating personnel to follow in the event of system sabotage, including who to contact for reporting disturbances caused by sabotage events. These conditions existed since August 14, 2009, when Bliss registered on the NERC Compliance Registry.

Finding: The issues were deemed by NPCC to pose minimal risk to BPS reliability. Even though Bliss had no procedure for identifying sabotage and alerting operating personnel of sabotage events to its facilities and multi-sabotage affecting larger portions of the Interconnection, its parent company, Noble Environmental Power did have an emergency response policy in place that was used by its affiliated wind generation units (including Bliss). The policy discussed what action to take in the event of an emergency, including turbine equipment failure, fire detection, and other events that could possibly affect the delivery of electricity to the grid and that could occur as a result of sabotage. In addition, the facility is a wind-powered variable energy facility with a maximum capacity of 100.5 MW. The variable nature of the output from the facility prevents it from being dispatched to support base load or being deemed critical generation within the Interconnection.

Noble Chateaugay Windpark, LLC (Chateaugay), Docket No. RC13-1 (October 31, 2012)

Reliability Standard: CIP-001-1

Requirement: 1, 2, 3

Region: NPCC

Issue: While conducting an off-site compliance audit in 2011, NPCC found that Chateaugay, in its role as a GOP, had no procedure for recognizing and alerting operating personnel to sabotage events on its facilities and multi-site sabotage affecting larger portions of the Interconnection in violation of CIP-001-1 R1. Regarding R2, Chateaugay had no procedure for communicating information regarding sabotage events to other parties in the Interconnection. Regarding R3, Chateaugay had no guidelines for its operating personnel to follow in the event of system sabotage, including who to contact for reporting disturbances caused by sabotage events. These conditions existed since August 14, 2009, when Chateaugay registered on the NERC Compliance Registry.

Finding: The issues were deemed by NPCC to pose minimal risk to BPS reliability. Even though Chateaugay had no procedure for identifying sabotage and alerting operating personnel of sabotage events to its facilities and multi-sabotage affecting larger portions of the Interconnection, its parent company, Noble Environmental Power did have an emergency response policy in place that was used by its affiliated wind generation units (including Chateaugay). The policy discussed what action to take in the event of an emergency, including turbine equipment failure, fire detection, and other events that could possibly affect the delivery of electricity to the grid and that could occur as a result of sabotage. In addition, the facility is a wind-powered variable energy facility with a maximum capacity of 106.5 MW. The variable nature of the output from the facility prevents it from being dispatched to support base load or being deemed critical generation within the Interconnection.

Noble Clinton Windpark, LLC (Clinton), Docket No. RC13-1 (October 31, 2012)

Reliability Standard: CIP-001-1

Requirement: 1, 2, 3

Region: NPCC

Issue: While conducting an off-site compliance audit in 2011, NPCC found that Clinton, in its role as a GOP, had no procedure for recognizing and alerting operating personnel to sabotage events on its facilities and multi-site sabotage affecting larger portions of the Interconnection in violation of CIP-001-1 R1. Regarding R2, Clinton had no procedure for communicating information regarding sabotage events to other parties in the Interconnection. Regarding R3, Clinton had no guidelines for its operating personnel to follow in the event of system sabotage, including who to contact for reporting disturbances caused by sabotage events. These conditions existed since August 14, 2009, when Clinton registered on the NERC Compliance Registry.

Finding: The issues were deemed by NPCC to pose minimal risk to BPS reliability. Even though Clinton had no procedure for identifying sabotage and alerting operating personnel of sabotage events to its facilities and multi-sabotage affecting larger portions of the Interconnection, its parent company, Noble Environmental Power did have an emergency response policy in place that was used by its affiliated wind generation units (including Clinton). The policy discussed what action to take in the event of an emergency, including turbine equipment failure, fire detection, and other events that could possibly affect the delivery of electricity to the grid and that could occur as a result of sabotage. In addition, the facility is a wind-powered variable energy facility with a maximum capacity of 100.5 MW. The variable nature of the output from the facility prevents it from being dispatched to support base load or being deemed critical generation within the Interconnection.

Noble Ellenburg Windpark, LLC (Ellenburg), Docket No. RC13-1 (October 31, 2012)

Reliability Standard: CIP-001-1

Requirement: 1, 2, 3

Region: NPCC

Issue: While conducting an off-site compliance audit in 2011, NPCC found that Ellenburg, in its role as a GOP, had no procedure for recognizing and alerting operating personnel to sabotage events on its facilities and multi-site sabotage affecting larger portions of the Interconnection in violation of CIP-001-1 R1. Regarding R2, Ellenburg had no procedure for communicating information regarding sabotage events to other parties in the Interconnection. Regarding R3, Ellenburg had no guidelines for its operating personnel to follow in the event of system sabotage, including who to contact for reporting disturbances caused by sabotage events. These conditions existed since August 14, 2009, when Ellenburg registered on the NERC Compliance Registry.

Finding: The issues were deemed by NPCC to pose minimal risk to BPS reliability. Even though Ellenburg had no procedure for identifying sabotage and alerting operating personnel of sabotage events to its facilities and multi-sabotage affecting larger portions of the Interconnection, its parent company, Noble Environmental Power did have an emergency response policy in place that was used by its affiliated wind generation units (including Ellenburg). The policy discussed what action to take in the event of an emergency, including turbine equipment failure, fire detection, and other events that could possibly affect the delivery of electricity to the grid and that could occur as a result of sabotage. In addition, the facility is a wind-powered variable energy facility with a maximum capacity of 81 MW. The variable nature of the output from the facility prevents it from being dispatched to support base load or being deemed critical generation within the Interconnection.

Noble Great Plains Windpark, LLC (Noble GP), Docket No. RC12-15 (August 31, 2012)

Reliability Standard: CIP-001-1

Requirement: 1, 2

Region: SPP RE

Issue: On January 20, 2012, Noble GP, a GOP, self-certified a violation of CIP-001-1 R1 and R2 for failing to establish both a procedure to recognize and notify operating personnel of sabotage events on its facilities and multi-site sabotage events on larger portions of the Interconnection and a procedure to communicate information regarding such events.

Finding: SPP RE determined that both of these issues posed only a minimal risk to the reliability of the BPS because, while Noble GP did not have procedures to recognize or communicate information about sabotage events, it did have a widely disseminated Emergency Response Policy that identified many emergencies that could significantly affect the delivery of electricity to the grid, such as turbine equipment failure and fire detection, that could also be a form of sabotage. Additionally, the Emergency Response Plan directs Noble GP personnel to notify members of the Interconnection in case of an emergency. SPP RE also noted that because Noble GP is a wind-powered variable energy facility with a 114 MW maximum capacity, its supply is not dispatched to support base load and is not considered a critical generation within the Interconnection. Given Noble GP’s size, the role its facility plays in the grid, and the existence of its Emergency Response Policy, the risk posed by not having a procedure to recognize sabotage was minimal.

Noble Great Plains Windpark, LLC (Noble GP), FERC Docket No. RC12-15 (August 31, 2012)

Reliability Standard: CIP-001-1

Requirement: 3, 4

Region:SPP

Issue: In January 2012, Noble GP, as a GOP, self-certified that it did not have sabotage response guidelines for reporting sabotage related disturbances, as required, and therefore did not provide the guidelines to its operating personnel (3). Noble GP also self-reported that it had not established communication contacts with local FBI officials or developed the appropriate reporting procedures (4).

Finding: SPP found that the issues only constituted a minimal risk to BPS reliability since Noble GP did have an Emergency Response Policy in place that would raise awareness of emergencies that would significantly affect the delivery of the electricity to the grid (including sabotage related disturbances). The Emergency Response Policy was disseminated to all personnel at Noble GP and included contact information for local law enforcement officials. In addition, Noble GP, a wind facility with a maximum capacity of 114 MW, is not able to be dispatched to support base load and is not deemed critical generation within the Interconnection.

Silicon Valley Power (SNCL), Docket No. RC13-10, June 27, 2013

Reliability Standard: CIP-001-1

Requirement: R2

Region: WECC

Issue: SNCL, as a GOP, Load Serving Entity, and TOP, self-reported an issue with CIP-001-1 R2 to WECC when it found that it had an outdated email address for the WECC Reliability Coordinator (RC), and that it had therefore failed to update procedures for communicating information regarding sabotage events to appropriate parties in the Interconnection.

Finding: WECC determined that the issue posed a minimal risk to the reliability of the BPS because despite the incorrect email address, SNCL’s electric control center had the correct phone numbers for the WECC RC and maintained current contact information for appropriate parties in the Interconnection.

Top