Agenda

Board of Trustees Standards Oversight and Technology Committee February 5, 2014 | 7:30–9:00 a.m. Mountain

Arizona Grand Resort & Spa 8000 S. Arizona Grand Parkway Phoenix, AZ 85044 602-659-6356 Call to Order and Chair’s Remarks NERC Antitrust Compliance Guidelines and Public Announcement Agenda

1. Minutes* — Approve

a. November 6, 2013 Meeting

2. SOTC Self-Assessment Results* — Review

3. Operating Personnel Communication Protocols* — Information

4. CIP Version 5 Response to FERC Order No. 791 and Implementation* — Information

5. Actions in response to TOP/IRO NOPR* — Information

6. Assessment of 2013 Process Reforms and Resolution to August 9, 2013 Appeal* — Information

7. Status of Reliability Standard Audit Worksheet (RSAW) Development* — Information

8. Reliability Standards Quarterly Status Report (including Standards Committee Report)* — Review

*Background materials included.

Antitrust Compliance Guidelines I. General It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant and employee who may in any way affect NERC’s compliance with the antitrust laws to carry out this commitment. Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another. The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC’s antitrust compliance policy is implicated in any situation should consult NERC’s General Counsel immediately. II. Prohibited Activities Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions):

• Discussions involving pricing information, especially margin (profit) and internal cost information and participants’ expectations as to their future prices or internal costs.

• Discussions of a participant’s marketing strategies.

• Discussions regarding how customers and geographical areas are to be divided among competitors.

• Discussions concerning the exclusion of competitors from markets.

• Discussions concerning boycotting or group refusals to deal with competitors, vendors or suppliers.

NERC Antitrust Compliance Guidelines 2

• Any other matters that do not clearly fall within these guidelines should be reviewed with NERC’s General Counsel before being discussed.

III. Activities That Are Permitted From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition. Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system. If you do not have a legitimate purpose consistent with this objective for discussing a matter, please refrain from discussing the matter during NERC meetings and in other NERC-related communications. You should also ensure that NERC procedures, including those set forth in NERC’s Certificate of Incorporation, Bylaws, and Rules of Procedure are followed in conducting NERC business. In addition, all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup, as well as within the scope of the published agenda for the meeting. No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants. In particular, decisions with respect to setting, revising, or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations. Subject to the foregoing restrictions, participants in NERC activities may discuss:

• Reliability matters relating to the bulk power system, including operation and planning matters such as establishing or revising reliability standards, special operating procedures, operating transfer capabilities, and plans for new facilities.

• Matters relating to the impact of reliability standards for the bulk power system on electricity markets, and the impact of electricity market operations on the reliability of the bulk power system.

• Proposed filings or other communications with state or federal regulatory authorities or other governmental entities.

Matters relating to the internal governance, management and operation of NERC, such as nominations for vacant committee positions, budgeting and assessments, and employment matters; and procedural matters such as planning and scheduling meetings.

Draft Minutes Standards Oversight and Technology Committee November 6, 2013 | 8:45-10:45 a.m. Eastern Westin Buckhead 3391 Peachtree Road, NE Atlanta, GA 30326

Introductions and Chair’s Remarks Chair Kenneth G. Peterson convened a duly noticed open meeting of the Standards Oversight and Technology Committee (the “Committee”) of the North American Electric Reliability Corporation (“NERC”) on November 6, 2013 at 8:45 a.m. Eastern, and a quorum was declared present. The agenda is attached as Exhibit A. Present at the meeting were: all Committee members, being Chair Peterson, Paul F. Barber, Frederick W. Gorbet, David Goulding, Douglas Jaeger, and Bruce A. Scherr; NERC Board of Trustees members Janice B. Case, Gerry W. Cauley, Robert G. Clarke, Jan Schori, and Roy Thilly; NERC staff members Valerie Agnew, Charles A. Berardesco, Thomas Burgess, Tina Buzzard, Howard Gugel, Holly A. Hawkins, Mark G. Lauby, Mark Olson, Mark Rossi, and Michael Walker.

NERC Antitrust Compliance Guidelines Chair Peterson directed the participants’ attention to the NERC Antitrust Compliance Guidelines included in the agenda, and stated that any additional questions regarding these guidelines may be directed to himself or to Mr. Berardesco, senior vice president and general counsel.

Minutes The August 14, 2013 meeting minutes were approved in the form as presented to the Committee at the meeting.

Status on Operating Personnel Communications Protocols – COM-003-1 Mr. Gorbet provided an overview of the actions that had been taken to date, and those that still need to be taken, with respect to COM-003-1, noting the closed meeting of the Committee held on September 30, 2013, during which time the Committee received legal advice from Mr. Berardesco as NERC general counsel, and made a set of recommendations to the Board, which were then communicated to the Standards Committee (“SC”) and included as part of the policy input letter distributed by the Board to the Member Representatives Committee (“MRC”). He noted that NERC had failed to properly notice the closed meeting, but also emphasized that he believed it was nonetheless appropriate to conduct that meeting in closed session, given the legal advice the Committee was receiving, the overall confidential nature of the matters being discussed at that point, and the fact that the Committee was not taking any binding action. Mr. Gorbet acknowledged the

Standards Oversight and Technology Committee Draft Meeting Minutes November 6, 2013

2

actions and efforts of the SC after the Committee meeting, but noted that the SC’s actions were not the result of a directive by the Board, but in response to the Committee’s public recommendation to the Board that it take action at a future open meeting. He reiterated that he believed the Board should take appropriate actions regarding COM-003-1 at its open meeting tomorrow, and that he looked forward to the discussion at this meeting and at the upcoming MRC meeting in order to continue to inform the Board, together with the input received in response to the Board’s policy input letter. Chair Peterson asked if there were any questions or comments regarding the process by which COM-003-1 had come before the Committee or the Board, and several participants offered comments. Mr. Lauby, vice president and director of standards, and Mr. Gugel, director of standards development, reported on the history and progression of COM-003-1, offered to answer questions posed by the Committee, Board members, or other participants, and received comments from participants.

Geomagnetic Disturbance Standard Mr. Peterson stated that there would be a slight change to the discussion agenda, and that the Committee would like to address the policy input that had been received on the Geomagnetic Disturbance (“GMD”) standard. Mr. Olson, standards developer for the GMD project, provided an overview of the development of the GMD Reliability Standard and described some of the policy input and concerns that had been received from the Foundation for Resilient Societies and other stakeholders. After his presentation, he offered to answer any questions posed by the Committee, Board members, or other participants, and received comments.

Review of Standards Process Effectiveness Mr. Brian Murphy, chair of the SC, provided an overview of improvements to the Reliability Standards development process. Mr. Murphy discussed the status of the appeal filed on August 9, 2013 regarding simultaneous posting of draft Standard Authorization Requests and Reliability Standards with ballot. After his presentation, Mr. Murphy offered to answer any questions posed by the Committee, Board members, or other participants, and received comments.

Reliability Standards Quarterly Status Report Mr. Lauby presented the Reliability Standards Quarterly Status Report. In his presentation, Mr. Lauby thanked the SC, NERC staff, and in particular NERC Legal, for helping to improve various processes within the standards department. Mr. Murphy outlined the SC’s response to a resolution approved by the Board at its August 15, 2013 meeting relating to the Independent Experts Review Panel Report. After their presentations, both Mr. Lauby and Mr. Murphy offered to answer any questions posed by the Committee, Board members, or other participants, and received comments.

Standards Oversight and Technology Committee Draft Meeting Minutes November 6, 2013

3

Information Technology Update/SOTC Subgroup Report Mr. Jaeger provided an update to the Committee on enterprise-wide information technology developments, and on the structure and activities of the IT Enterprise Integration Subgroup. After his presentation, Mr. Jaeger offered to answer any questions from the Committee, Board members, or other participants, and received comments.

Adjournment There being no further business, and upon motion duly made and seconded, the meeting was adjourned at 10:30 a.m. Eastern. Submitted by,

Charles A. Berardesco Corporate Secretary

Summary of 2013 Board of Trustees Standards Oversight and Technology Committee Survey

RELIABILITY | ACCOUNTABILITY2

Overview

• NERC engaged TalentQuest to conduct its annual Board of Trustees Standards Oversight and Technology Committee (SOTC) survey through an online methodology

• The SOTC survey was administered from November 13 to December 20, 2013, to a total of six Committee members

• Six Committee members responded to the survey

100 percent response rate

RELIABILITY | ACCOUNTABILITY3

Rating Scale

• Respondents were asked to rate items on a 1 to 3 point scale to indicate their evaluation for each rated item

1= Below Expectations (“performance area with opportunity for improvement”)

2= Meets Expectations (“meets required standard of performance”)

3 = Above Expectations (“exceeds the required standard of performance”)

• For any item rated “1” (Below Expectations) or “No”, mandatory comments were required to explain the rationale for the rating or selection

RELIABILITY | ACCOUNTABILITY4

Results Summary

• The overall SOTC survey average was 2.3, with item averages ranging from 2.0 to 2.7

• Given the lowest item averages are 2.0, the SOTC is seen to be operating at expectations or higher

• Lowest Rated Items (2.0):

The Committee effectively serves as the Level 2 Appeals Panel as set forth in the NERC Standard Processes Manual, Appendix 3A to the NERC Rules of Procedure.

The Committee effectively periodically reviews NERC’s status with the American National Standards Institute.

The Committee effectively reviews with management company computer systems environment, security procedures, and contingency plans.

RELIABILITY | ACCOUNTABILITY5

Results Summary

• Review of cross-committee survey items finds the SOTC rated all items at a 2.2, except the following:

The Committee Chair manages meetings efficiently to allow for open, equal, and sufficient discussion and constructive input on important issues. (2.7)

RELIABILITY | ACCOUNTABILITY6

Committee Comparison

1.0 1.5 2.0 2.5 3.0

The Committee Chair manages meetings efficiently to allow foropen, equal, and sufficient discussion and constructive input

on important issues.

The number of Committee meetings is appropriate.

The size of the Committee is appropriate.

The information provided in support of the agenda isappropriate and available in a timely manner in advance of

Committee meetings.

Nominating Committee Standards Oversight and Technology Committee

Finance and Audit Committee Compliance Committee

Corporate Governance and Human Resources Committee

Agenda Item 3 SOTC Meeting February 5, 2014

Operating Personnel Communication Protocols—COM-002-4

Action

Information Background

The purpose of this project is to require that Real-time System Operators and operators use predefined communications protocols during Emergency and non-Emergency operations to enhance the clarity of communications, improve situational awareness, shorten response time, and ultimately serve reliability. The proposed standard is designed to ensure that reliability-related information is conveyed effectively, accurately, consistently, and in a timely manner to ensure mutual understanding by all key parties when issuing or receiving Emergency and non-Emergency Operating Instructions. On November 7, 2013, the NERC Board of Trustees approved a resolution on Operating Personnel Communications Protocols. In response to this resolution, the standard drafting team (SDT) developed a new draft of COM-002-4. The SDT posted this new draft on December 30, 2013, for a 30-day comment period with a 10-day concurrent ballot. The COM-002-4 standard combines previously separated communication standards (COM-002-3 and COM-003-1) into one communications protocols standard for operating personnel in Emergency, alert, and non-Emergency situations. The standard requires entities to develop specific documented communication protocols for the issuance and reception of Operating Instruction by operating personnel. It also requires entities to train on the protocols, and requires the entities to provide feedback to their operators on how they used the protocols. Entities are also required to evaluate their protocols periodically for effectiveness and add protocols, as necessary. Finally, entities are required to always use three-part communication when issuing and receiving oral Operating Instructions during Emergencies. The proposed standard also provides requirements for single-party to multiple-party burst Operating Instruction issued during an Emergency. Pertinent FERC Order No. 693 directives

Paragraph 512

The Commission finds that, during both normal and emergency operations, it is essential that the transmission operator, balancing authority and reliability coordinator have communications with distribution providers…we adopt our proposal to require the ERO to modify COM-002-2 to apply to distribution providers through its Reliability Standards development process.

Paragraph 531

We adopt our proposal to require the ERO to establish tightened communication protocols, especially for communications during alerts and emergencies, either as part of COM-002-2 or as a new Reliability Standard. We note that the ERO’s response to the Staff Preliminary Assessment supports the need to develop additional Reliability

Standards addressing consistent communications protocols among personnel responsible for the reliability of the Bulk-Power System.

Paragraph 532 While we agree with EEI that EOP-001-0, Requirement R4.1 requires communications protocols to be used during emergencies, we believe, and the ERO agrees, that the communications protocols need to be tightened to ensure Reliable Operation of the Bulk-Power System. We also believe an integral component in tightening the protocols is to establish communication uniformity as much as practical on a continent-wide basis. This will eliminate possible ambiguities in communications during normal, alert and emergency conditions. This is important because the Bulk-Power System is so tightly interconnected that system impacts often cross several operating entities’ areas.

Paragraph 535 Accordingly, we direct the ERO to either modify COM-002-2 or develop a new Reliability Standard that requires tightened communications protocols, especially for communications during alerts and emergencies.

Paragraph 540 While the Commission identified concerns regarding COM-002-2, the proposed reliability standard serves an important purpose by requiring users, owners and operators to implement the necessary communications and coordination among entities. Accordingly, the Commission approves Reliability Standard COM-002-2 as mandatory and enforceable. In addition, pursuant to section 215(d)(5) of the FPA and § 39.5(f) of our regulations, the Commission directs the ERO to develop a modification to COM-002-2 through the Reliability Standards development process that: (1) expands the applicability to include distribution providers as applicable entities; (2) includes a new Requirement for the reliability coordinator to assess and approve actions that have impacts beyond the area view of a transmission operator or balancing authority and (3) requires tightened communications protocols, especially for communications during alerts and emergencies. Alternatively, with respect to this final issue, the ERO may develop a new Reliability Standard that responds to Blackout Report Recommendation No. 26 in the manner described above. Finally, we direct the ERO to include APPA’s suggestions to complete the Measures and Levels of Non-Compliance in its modification of COM-002-2 through the Reliability Standards development process. (emphasis added)

Standard Development Process

COM-002-4, draft two (which was the eighth posting of a communications standard) was posted on December 30, 2013, for a 30-day comment period ending January 29, 2014. The results of the ballot, along with a summary of comments received, will be presented at the meeting. Additional Information A link to the project history and files is included here for reference: [http://www.nerc.com/pa/Stand/Pages/Op_Comm_Protocol_Project_2007-02.aspx]

Agenda Item 4 SOTC Meeting February 5, 2014

CIP Version 5 Response to FERC Order 791 and Implementation

Action

Information Background

On November 22, 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791, Version 5 Critical Infrastructure Protection Reliability Standards. In this order, FERC approved Version 5 of the Critical Infrastructure Protection (CIP) standards and directed the following modifications:

1. Modify or remove the “identify, assess, and correct” (IAC) language in 17 CIP Version 5 requirements.

2. Develop modifications to the CIP standards to address security controls for Low Impact assets.

3. Develop requirements that protect transient electronic devices.

4. Create a definition of “communication networks” and develop new or modified Reliability Standards that address the protection of communication networks.

NERC must submit new or revised standards responding to the directives related to the IAC language and communication networks by February 3, 2015, one year from the effective date of Order No. 791. FERC did not place any timeframe on responding to the other directives. FERC also directed NERC to survey responsible entities to gain a better understanding of the Bulk Electric System (BES) Cyber Asset definition and submit an informational filing on the results from this survey by February 3, 2015. The order also directs FERC staff to convene a technical conference, within 180 days from the date of the final rule to address the technical issues identified in the Notice of Proposed Rulemaking (NOPR) concerning communications security, remote access, and the National Institute of Standards and Technology (NIST) Risk Management Framework. Lastly, FERC approved both the implementation approach to bypass CIP Version 4 and move directly to CIP Version 5, as well as the implementation timeframes proposed by NERC. Possible Approaches to Respond to Directives

While Order No. 791 approved Version 5 of the CIP standards and closed out the work remaining from FERC Order No. 706, responding to the new directives will require continued refinement of the CIP Version 5 standards. NERC staff is committed to addressing the “zero-tolerance” concerns of the industry related to high frequency security obligations in the CIP Reliability Standards, but it may require an approach involving compliance and enforcement mechanisms instead of including compliance language within the standards.

As discussed further below, NERC staff recommends removal of the IAC language in order to address FERC’s directives swiftly and provide increased certainty for the industry in moving toward implementation of CIP Version 5. NERC staff is forming a new standard drafting team (SDT) to pursue a timely resolution of the directives. A single team is recommended as convening more than one SDT risks an unnecessary possibility of conflict or divergence in approaches, especially given the timelines to respond to the directives. The nomination period for SDT candidates was open until January 10, 2014. NERC staff also prepared a Standards Authorization Request (SAR) focused on the directives from Order No. 791, which was presented to the Standards Committee for acceptance at its January 15, 2014 meeting. NERC staff will provide an update on the formation of the SDT and acceptance of the SAR at the February 5 SOTC meeting. NERC staff will host two NERC-led technical conferences to discuss with industry participants possible approaches to the directives. These conferences will occur on January 21, 2014, in Atlanta, GA, and on January 23, 2014, in Phoenix, AZ. Because the SDT will not be formed at that point, the conferences are intended to help promote early discussion with industry participants on the issues from the order. The SDT will be provided with the input and advice from these conferences for its consideration. “Identify, Assess, and Correct” Language FERC directed NERC to remove or modify the IAC language found in 17 Requirements in the CIP Version 5 standards that requires Responsible Entities to implement the Requirements in a manner to “identify, assess, and correct” deficiencies. The IAC language was originally added to the standards to address “zero tolerance” compliance concerns regarding high frequency security obligations inherent to cyber-security. While FERC expresses support for NERC’s transition from a “zero-tolerance” approach to compliance, it explains that the IAC language is overly vague and lacking basic definition and guidance. FERC stated that its preference is to remove the language from the Requirements, but indicates that NERC may propose modifications to the language so long as the modifications address FERC’s concerns. NERC must address this directive within one year from the effective date of the Final Rule. In Order No. 791, FERC states that it may be more appropriate for NERC to achieve its goal of transition from a “zero-tolerance” approach by articulating defined goals in the compliance and enforcement process and identifying clear expectations that would justify the exercise of enforcement discretion. As an example, FERC cites the Reliability Assurance Initiative (RAI) as a process that could, when fully developed, afford a consistent and informed approach to compliance that provides incentives for entities to develop robust internal control programs. FERC states that it would prefer approaches that would not involve the placement of compliance language within the text of the Reliability Standards to address these issues. NERC staff remains committed to a compliance approach that transitions from “zero tolerance” and focuses on the activities that have the greatest impact on Bulk-Power System (BPS) reliability. NERC staff agrees that addressing “zero-tolerance” concerns for high frequency

security obligations can be achieved without inclusion of the IAC language in the standards. Notably, the RAI had not formally begun when the IAC language was first developed. Given the progress of RAI, NERC staff believes that it can most effectively address the principles underlying the IAC language through compliance approaches rather than language in a standard. Therefore, NERC staff supports SDT removal of the IAC language and will work to develop a compliance approach in a timely manner that is consistent with the principles underlying the IAC language. Given FERC’s support for removal of IAC and NERC staff’s development of compliance approaches designed to empower entities to develop strong internal controls to successfully address reliability risks, removal of the IAC language is the approach NERC staff anticipates is most likely to gain quick FERC approval, and, in turn, allow industry to focus squarely on transition activities without uncertainty related to potential modifications to the IAC language. Further discussion of possible compliance approaches is discussed below under “Managing the Transition to Version 5.” Controls for Low Impact Assets Next, FERC directed NERC to develop modifications that address security controls for Low Impact assets. FERC explained that the CIP Version 5 standards do not require specific controls for Low Impact assets or objective criteria from which to judge the sufficiency of the controls ultimately adopted by Responsible Entities for Low Impact assets. In the current CIP Version 5 standards, Low Impact assets are covered by one requirement in CIP-003-5. NERC staff supports continued discussion with a SDT and industry to find a solution that is most appropriate, whether that is in expanding the current requirement, adding “Low Impact” applicability in certain places within CIP-004-5 through CIP-009-5, CIP-010-1, and CIP-011-1, or through development of a new standard. FERC stated that in responding to this directive, NERC could either define a set of appropriate control objectives for Low Impact assets or define the specific controls that would apply to Low Impact Assets. Transient Devices and Survey on BES Cyber Assets Third, FERC directed certain actions in connection with its approval of the definition of BES Cyber Asset. FERC directed NERC to develop requirements that protect transient electronic devices (e.g., thumb drives and laptop computers) that fall outside of the approved BES Cyber Asset definition. Additionally, FERC directed NERC to conduct a survey of Responsible Entities during the CIP Version 5 Standards implementation periods to determine the number of assets, by type, that fall outside the definition of BES Cyber Asset because the assets do not satisfy the “15-minute” parameter specified in the definition. NERC’s BES Cyber Asset definition includes Cyber Assets that “if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment…”. FERC directed NERC to submit an informational filing one year from the effective date of the Final Rule that assesses, based on the survey results, whether the BES Cyber Asset definition will, with the 15-minute parameter, cover the assets that are necessary to ensure the reliable operation of the BPS. With respect to the transient devices directive, NERC staff looks forward to the new SDT’s proposals on this issue, as there are several possible ways to meet the directive, including

adding a “Transient Devices” entry to the Applicable Systems column of certain Requirements, drafting additional Requirements or parts, or a combination of those approaches. For the survey for the “15-minute” parameter, NERC staff recommends working with industry participants to create a meaningful survey that is focused on asset type (as opposed to numbers of individual assets) to support completing the survey, possibly through a section 1600 data request. Communication Networks Finally, FERC approved the definition of Cyber Asset, but directed NERC to create a definition of communication networks and to develop new or modified Reliability Standards that address the protection of communication networks. The definition of communications networks must define what equipment and components should be protected, in light of the statutory inclusion of communication networks for the reliable operation of the BPS. The new or modified Reliability Standards also should require appropriate and reasonable controls to protect the nonprogrammable aspects of communication networks. NERC must submit a proposal for FERC’s approval within one year from the effective date of the Final Rule. NERC staff understands that there are divergent opinions on the preferable approach to meeting this directive. The new SDT will ultimately make a determination, based on its expertise, as to whether to develop a new standard or modify existing CIP Version 5 standards to address protections for communication networks consistent with FERC’s directive. The approach to meeting the directives must appropriately balance security and reliability objectives in a manner that is consistent with CIP Version 5’s approach. NERC staff also notes that the subject of communications security is a topic of the FERC Staff-led conference, and the outcome of the conference may further inform the approach used to resolve this directive. Managing the Transition to Version 5

As part of the ongoing implementation study1 to support transition to CIP Version 5, NERC staff selected six entities to help identify transition issues and address many industry concerns in the early phases of the Implementation Plan for Version 5. In summary, the study has three primary goals:

The study will help identify potential challenges to implementation of CIP Version 5 and help anticipate specific problem areas and potential solutions for the ERO enterprise and industry in order to ease the transition process.

The study will help identify instances in which entities may not be able to maintain compliance with both CIP Version 3 and CIP Version 5 standards and inform NERC’s compliance and enforcement during the transition period.

1http://www.nerc.com/pa/CI/tpimplementstudy/Informational%20Filing%20CIP%20Implementation%20Study.pdf

Based on the Final Order and resulting directives, the study will help refine the compliance and enforcement mechanisms to be used in place of the IAC language as well as with respect to implementing any other changes directed by the Order.

While NERC staff understands that adoption of the IAC language informed industry’s approval of the CIP Version 5 standards in order to allow for entities to demonstrate internal controls to correct issues effectively and swiftly, NERC staff is also working to complete efforts to streamline compliance and enforcement processes through the RAI. NERC staff is also working to complete the implementation study and will provide lessons learned to the industry based on the results of the implementation study. Integration with RAI NERC staff will continue to work with Industry to identify methods to reduce unnecessary compliance burdens, maintain regulatory obligations, and increase the ability to assess and improve the reliability of the grid. To this end, NERC staff will introduce an internal controls-based model to the implementation study participants that works under the RAI design to evaluate self-corrective processes. The model chosen for evaluation is the Department of Energy’s Electricity Subsector Cyber Security Capabilities Maturity Model (ES-C2M2).2 The ES-C2M2 is an industry-created approach that enables entities to perform a voluntarily assessment of their security programs through the evaluation of various control and process-based security domains. The domains map closely to RAI’s management control concepts and are similar to the policy and procedure-based requirements of CIP Version 5. In its ideal state, as a framework that is consistent with the RAI, the ES-C2M2 model will help NERC staff and Industry more effectively use voluntary security programs that can be leveraged by compliance and enforcement to tailor risk assessment, audit and spot-check processes, and resolution of noncompliance by providing a clearer and more accurate picture of an entity’s overall security program. The highlights of this approach are summarized below:

NERC staff is proposing that a voluntary security model be used as an approach consistent with RAI principles. Specifically, for CIP Version 5 standards, the ES-C2M2 model would be used as a reference for the risk assessment, internal control evaluation, and other processes contemplated under RAI.

The ES-C2M2 Model is scalable so that large and small entities using the model are given the level of scrutiny commensurate with their level of risk.

If a model like ES-C2M2 is used and assessed by qualified 3rd parties, NERC staff believes that the scope of an entity’s CIP compliance monitoring activities can be decreased. The result of the assessment would also inform the evaluation and disposition of noncompliance.

2http://energy.gov/sites/prod/files/Electricity%20Subsector%20Cybersecurity%20Capabilities%20Maturity%20Model%20(ES-

C2M2)%20-%20May%202012.pdf

The implementation study participants will be provided an ES-C2M2 assessment and their controls will be mapped to the Version 5 Standards via the Version 5 RSAWs. The results will be provided as part of the implementation study’s final report.

CIP Version 5 Transition Study Timeline Summary

Study begins: October 2013

Study completed: End of first quarter 2014

Alternative Approach to IAC: April 2014

Study Report completed: End of second quarter 2014

Updated Cyber Security Standards Transition Guidance published: First quarter 2014

Agenda Item 5 SOTC Meeting February 5, 2014

Plan to Address Proposed Remand of Transmission Operations (TOP) and

Interconnection Reliability Operations (IRO) Standards

Action

Information Background

On April 16, 2013, NERC submitted two petitions requesting Federal Energy Regulatory Commission (FERC) FERC approval of proposed TOP and IRO standards. The first petition addresses three revised TOP Reliability Standards: TOP-001-2 (Transmission Operations), TOP-002-3 (Operations Planning), TOP-003-2 (Operational Reliability Data), and one Protection Systems (PRC) Reliability Standard, PRC-001-2 (System Protection Coordination) (collectively, the “TOP Standards”) to replace the eight currently-effective TOP standards. The TOP Standards address the important reliability goal of ensuring that the transmission system is operated within operating limits. The second petition addresses four revised IRO Reliability Standards: IRO-001-3 (Responsibilities and Authorities), IRO-002-3 (Analysis Tools), IRO-005-4 (Current Day Operations), and IRO-014-2 (Coordination Among Reliability Coordinators) (collectively, the “IRO Standards”) to replace six currently-effective IRO standards.1 The IRO standards ensure that the interconnected transmission system is operated in a coordinated manner and responsibilities of Reliability Coordinators and Transmission Operators are clearly delineated. On November 21, 2013, FERC issued a Notice of Proposed Rulemaking (NOPR) in response to these petitions and a separate petition concerning TOP-006-3. The NOPR proposes to approve the proposed TOP-006-3 standard but remand the proposed TOP and IRO Standards.2 In the NOPR, FERC raises a concern that NERC “has removed critical reliability aspects that are included in the currently-effective standards without adequately addressing these aspects in the proposed standards.”3 For example, FERC cites the fact that the proposed TOP Standards do not require Transmission Operators to plan and operate within all System Operating Limits (“SOLs”), which is a requirement in the currently effective standards.4 On December 20, 2013, NERC filed a motion requesting that FERC defer action on the proposed standards until January 31, 2015 to provide NERC and the industry the opportunity to thoroughly examine the technical concerns identified in the NOPR. This deferral would provide an opportunity for the industry, NERC, and FERC to work toward a common understanding and afford time to review the proposed TOP and IRO Standards through the NERC standards development process to ensure that a technically justified set of solutions is in place for reliability.

1 A related petition was filed on April 5, 2013. In that petition, NERC proposed revisions to Reliability Standard TOP-006-3 to

clarify that Transmission Operators are responsible for monitoring and reporting available transmission resources and that Balancing Authorities are responsible for monitoring and reporting available generation resources. This clarification is addressed in the revisions contained in TOP-001-2, TOP-002-3, and TOP-003-2.

2 Monitoring System Conditions- Transmission Operations Reliability Standard Transmission Operations Reliability Standards Interconnection Reliability Operations and Coordination Reliability Standards, 145 FERC ¶ 61,158 (2013) (“NOPR”).

3 NOPR at P 4. 4 NOPR at P 4.

Next Steps As explained in the motion, NERC will hold two technical conferences (one in the Eastern and one in the Western regions of North America) to identify and evaluate concerns identified in the NOPR, such as the monitoring of SOLs, unknown operating states, and outage coordination. Concurrently, NERC will work with the Standards Committee to re-formulate a standard drafting team to begin development work on revisions to the proposed standards, which would be informed by the technical conferences. Conforming changes to standards outside of the scope of this proceeding may be required depending on the extent of the changes made to the proposed TOP and IRO Standards.5 Additionally, FERC expressed concerns in the NOPR regarding the need to establish a minimum set of analytical tools (analysis and monitoring capabilities) to ensure that a Reliability Coordinator has the tools it needs to perform its functions (“Real-Time Tools”). In response, NERC will continue development of Reliability Standards that address Real-Time Tools as they relate to the proposed TOP and IRO Standards, which could either continue to be included as part of Project 2009-02, Real-time Monitoring and Analysis Capabilities, or in revisions to the proposed TOP and IRO Standards.6 NERC will re-file the petition for approval of the proposed TOP-006-3 standard. Additional Information Links to the relevant files and project pages are included here for reference:

[NERC Petition on TOP Standards]

[NERC Petition on IRO Standards]

[FERC NOPR]

[NERC Motion to Defer Action]

[Project 2009-02 Real-time Monitoring and Analysis Capabilities project page]

5 For example, in order to address FERC’s concerns with respect to the requirement in the proposed standards that a

Transmission Operator must only provide notification of SOLs identified in a next-day Operational Planning Analysis rather than in the same-day or real-time operational time horizon, changes may need to be made to other IRO standards outside the scope of this proceeding.

6 Project 2009-02 Real-time Monitoring and Analysis Capabilities is part of NERC’s 2014-2016 Reliability Standards Development Plan, and informal stakeholder outreach was initiated in 2013.

Agenda Item 6 SOTC Meeting February 5, 2014

Assessment of 2013 Process Reforms and Resolution to August 9, 2013 Appeal

Action

Information Assessment of Process Reforms and Resolution to August 9, 2013 Appeal

On August 9, 2013, an appeal was filed1 by the Canadian Electricity Association, Essential Power, LLC, and the Midcontinent Independent System Operator, Inc. challenging the Standards Committee’s (SC) actions on July 10 and July 18, 2013 as a violation of process steps required in the Standards Processes Manual. As part of the September 24, 2013 Resolution,2 the SC Chair and NERC’s Vice President of Standards are to report to the Board of Trustees (Board) on reforms made to respond to the appeal. In addition, at its February 2013 meeting, the Board approved the 2013 SC reforms, requesting a report on their effectiveness and need for additional reforms in one year. The SC evaluated the 2013 reforms during the Fall of 2013, and along with consideration of the resolution to the August 9, 2013 appeal, developed process and charter enhancements to address needed improvements. In response to both the resolution of the August Appeal and the Board’s approval of the 2013 SC reforms, the new 2014 reforms include:

1. Revisions to the SC Charter.

2. A 2014 consensus building approach that:

a. More actively uses the Reliability Issues Steering Committee (RISC) to triage new and emerging issues, prior to consideration of the issue in the standards development process;

b. Instead of the ad hoc groups used in 2013, the reform proposes to use the existing Standards Authorization Request (SAR) drafting teams to build consensus, balancing equal and effective approaches, including standards, to address known reliability gaps; and

c. Encourages the use of consensus building tools throughout the standards development process.

3. The parallel combination of SAR and Standard for comment and ballot will be limited to uses covered by Section 16 – waivers (consistent with September Resolution).

1 See Attachment 1 of Item 20 of September 19, 2013 Standards Committee agenda 2 See Resolution of the August 9, 2013 Appeal

Agenda Item 7 SOTC Meeting February 5, 2014

Reliability Standards and RSAW Parallel Development

Action

Information Background

Industry has asked for, and NERC supports, the alignment of timelines for the development of Reliability Standards and the Reliability Standard Audit Worksheet (RSAW) processes. For example, the Standards Process Input Group (SPIG), organized by the NERC Member Representatives Committee, issued five recommendations to improve the NERC Standards Development Process in its April 2012 report. In Recommendation 4, the SPIG suggested that the standards development process address the alignment of standards requirements and measures with RSAWs. Specifically, the SPIG proposed that compliance staff develop RSAWs during standards development and post them for comment. Under the current process, RSAWs are developed after regulatory approval of a Reliability Standard. This occurs approximately six months before the enforcement date of the Reliability Standard, but after industry stakeholders and the NERC Board of Trustees have reviewed and adopted the standard. Recently, NERC has made an effort to prepare RSAWs during standards development for certain projects. For instance, Reliability Standards VAR-001-4, MOD-001-2, and MOD-032-1 posted draft RSAWs as part of their supporting materials during comment periods. Although RSAWs are not subject to a ballot, posting the RSAWs in those instances allowed entities to review proposed RSAWs associated with the Reliability Standards early in the process. VAR-001-4, MOD-001-2, and MOD-032-1 went to Final Ballot in December 2013. 2014 Enhancements

Building on the positive response to early efforts to align the timelines of the RSAW and Reliability Standards development processes, along with the SPIG’s recommendations, NERC staff developed the following enhancements to the Reliability Standards and RSAW development processes that not only synchronize the timelines but also support increased compliance and standards staff input and collaboration early on in the processes:

1. NERC compliance staff and standards staff will more formally coordinate input between standard drafting teams and compliance staff.

2. NERC compliance staff will post a draft RSAW during a Reliability Standard’s formal comment period and ballot, approximately 15 days from the start of the comment period. As before, the draft RSAW is not subject to a ballot, though stakeholders will be able to provide comments or raise concerns. NERC compliance staff will also continue to involve Regional Entity compliance staff in drafting RSAWs to strengthen compliance consensus throughout the Electric Reliability Organization and capture additional subject matter expertise.

These enhancements will provide the following benefits:

1. Ensure language and intent of Reliability Standards are accurately reflected in the RSAWs to reduce the need for Interpretations and Compliance Application Notices

2. Strengthen collaboration and communication of expectations between standard drafting teams and compliance activities

3. Provide industry early information on compliance aspects of a Reliability Standard

4. Enable input on the draft RSAW prior to approval of the Reliability Standard

5. Produce RSAWs that are thoroughly vetted by NERC and the Regional Entities while being transparent with industry.

NERC will implement these enhancements for Reliability Standards projects that begin in 2014. NERC standards staff will lead the coordination between departments. As part of this implementation, NERC compliance staff has been assigned to Reliability Standards projects and drafting teams. For existing projects, NERC will seek to develop RSAWs in parallel with standards development as the facts and circumstances of the project permit.

Agenda Item 8 SOTC Meeting February 6, 2014

Reliability Standards Quarterly Status Report

Attached is the Reliability Standards Quarterly Status Report. Key points of the report include:

2014-2016 Reliability Standards Development Plan (RSDP)

Continues to emphasize transforming NERC’s Reliability Standards to steady-state, which includes addressing outstanding regulatory directives along with the application of Paragraph 81 (P81) Phase 2 recommendations and results-based concepts to all existing and future Reliability Standard projects.

Standards Development Forecast

Provides a forecast for May and August NERC Board of Trustees (Board) meetings.

Paragraph 81 Phase 2 Recommendations and Independent Experts Quarterly Update

Standard Drafting Teams are continuing to apply P81 criteria and consider the retirement recommendations from the Independent Expert Review Panel (IERP). As a consequence, many individual projects are resulting in a net reduction in the number of standards and requirements.

A total of 83 candidate requirements were recommended for retirement by both the IERP and P81 Phase 2. Following the February NERC Board meeting, 49 of those will have been addressed through standard development projects.

Regulatory Directives Update

At year end 2012, there were 191 FERC directives and guidances to be resolved. At the end of 2013, 118 (62 percent) of those have been addressed. The attached report includes a summary of progress to date.

Standards Committee (SC) Report

The SC has revised its Charter and will present it to the Board at its February meeting.

The SC Chair and NERC’s Vice President of Standards are to report to the Board at the February meeting on reforms made in response to the August 9, 2013 Appeal and the Board’s 2013 Resolution.

Additional Information for Selected Projects

Project 2013-03 Geomagnetic Disturbance Mitigation (GMD).

SOTC | Quarterly Reliability Standards Status Report | February 2014 1 of 11

Reliability Standards Standards Oversight and Technology Committee Quarterly Status Report

February 6, 2014

3353 Peachtree Road NE Suite 600, North Tower

Atlanta, GA 30326 404-446-2560 | www.nerc.com

SOTC | Reliability Standards Quarterly Status Report | February 2014 2 of 11

Table of Contents Preface ........................................................................................................................................................................3 2014-2016 Reliability Standards Development Plan ..................................................................................................4 Standards Development Forecast (Continent-wide) ..................................................................................................5

Board Forecast for Standard Projects in Active Development ...............................................................................5 February 2014 .....................................................................................................................................................5 May 2014 .............................................................................................................................................................5 August 2014 ........................................................................................................................................................5 Additional Information for Selected Projects – See Addendum 1 ......................................................................5

Paragraph 81 and Independent Experts Quarterly Update .......................................................................................6 Progress to Date ..................................................................................................................................................6 Planned Schedule for Board Action ....................................................................................................................7

Regulatory Directives Update .....................................................................................................................................8 Summary of Directives ............................................................................................................................................8 Additional Directives ...............................................................................................................................................8

Standards Committee Report .................................................................................................................................. 10 Addendum 1 ............................................................................................................................................................ 11

Additional Information for Selected Project ........................................................................................................ 11 Project 2013-03 Geomagnetic Disturbance Mitigation (GMD) ........................................................................ 11

SOTC | Reliability Standards Quarterly Status Report | February 2014 3 of 11

Preface

The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to ensure the reliability of the Bulk-Power System (BPS) in North America. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the BPS through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the electric reliability organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the BPS, which serves more than 334 million people. The North American BPS is divided into several assessment areas within the eight Regional Entity (RE) boundaries, as shown in the map and corresponding table below.

FRCC Florida Reliability Coordinating Council

MRO Midwest Reliability Organization

NPCC Northeast Power Coordinating Council

RFC ReliabilityFirst Corporation

SERC SERC Reliability Corporation

SPP-RE

Southwest Power Pool Regional Entity

TRE Texas Reliability Entity

WECC Western Electric Coordinating Council

SOTC | Quarterly Reliability Standards Status Report | February 2014 4 of 11

2014-2016 Reliability Standards Development Plan

The NERC Board of Trustees (Board) approved the 2014-2016 Reliability Standards Development Plan (RSDP) on November 7, 2013, and NERC staff filed the RSDP with the Federal Energy Regulatory Commission (FERC) on November 8, 2013. NERC staff and a group of Standards Committee (SC) members developed the RSDP, which was presented to the SC for endorsement on October 17, 2013. The 2014-2016 RSDP continues the approach set forth in the 2013-2015 RSDP, with several significant incremental improvements to facilitate the transformation of NERC Reliability Standards to a “steady-state.”1 By addressing ongoing work along with new prioritizations, NERC expects to be at steady-state by the end of 2017. The RSDP provides a prioritization of Reliability Standards projects by considering several specific elements, such as: (i) Reliability Issues Steering Committee (RISC) Category Rankings; (ii) regulatory directives; (iii) regulatory deadlines; (iv) Reliability Standard requirement candidates for retirement, (v) the Independent Experts Review Panel (IERP) content and quality assessments; and (vi) additional considerations (i.e., fill-in-the-blank status, five year assessment commitments). The application of these elements resulted in prioritization of each Reliability Standard project as High, Medium, Low, or Pending Technical Committee input. To schedule and implement the Reliability Standard projects in the RSDP, NERC standards staff collaborated with the SC and the PMOS to incorporate the projects and their corresponding projected milestones into the PMOS Project Tracking Spreadsheet for 2014 and beyond. The Project Tracking Spreadsheet will continue to track the projected and actual progress of each project, and as new projects are added (whether in response to regulatory directives, emerging issues, etc.), they will be prioritized using the criteria explained above and added to the spreadsheet.

1 For purposes of the RSDP, “steady state” means a stable set of clear, concise, high quality, and technically sound Reliability Standards that

are results-based, including retirement of requirements that do little to promote reliability.

SOTC | Reliability Standards Quarterly Status Report | February 2014 5 of 11

Standards Development Forecast (Continent-wide)

Board Forecast for Standard Projects in Active Development

February 2014

• Project 2012-05 ATC Revisions (MOD A)—MOD-001-2

• Project 2010-03 Modeling Data (MOD B)—MOD-032-1, MOD-033-1

• Project 2013-04 Voltage and Reactive Control—VAR-001-4

• Project 2010-01 Training—PER-005-2

• Project 2008-12 Coordinate Interchange Standards—INT-004-2, INT-006-4, INT-009-2, INT-010-2, INT-011-1 and 11 definitions

• Affirmation of four standards resulting from periodic reviews—FAC-003-3, FAC-008-3, FAC-013-2, and IRO-006-5

May 2014

• Project 2007-02 Operating Personnel Communications Protocols—COM-002-4

• Project 2007-06 System Protection Coordination—PRC-027-12

• Project 2010-14.1 Phase 1 of Balancing Authority Reliability-Based Controls: Reserves—BAL-002-23

• Project 2013-04 Voltage and Reactive Control—VAR-002-3

• Project 2010-04 Demand Data (MOD C)—MOD-031-1

• Project 2010-05.1 Phase 1 of Protection Systems: Misoperations—PRC-004-34

August 2014

• Project 2012-13 Revisions to NUC-001-2.1 from Five-Year Review – NUC-001-3

• Project 2008-02 Under Voltage Load Shedding – PRC-010, PRC-020, PRC-021 and PRC-022

• Project 2009-03 Emergency Operations (Revisions to EOP-001-2.1b, EOP-002-3.1, and EOP-003-2 from Five-Year Review)

• Project 2010-02 Connecting New Facilities to the Grid (Revisions to FAC-001-1 and FAC-002-1 from Five-Year Review)

• Project 2007-11 Disturbance Monitoring – PRC-002, PRC-018

Additional Information for Selected Projects – See Addendum 1

• Project 2013-03 Geomagnetic Disturbance Mitigation

2 Rescheduled to the May Board meeting to address comments received during the formal comment period and successive ballot. 3 Rescheduled to the requested December Board call to address comments received during the formal comment period and additional

ballot that ended on September 17, 2013 with a 58.23 percent approval rating. 4 Rescheduled to the May Board meeting to address comments received during the formal comment period and additional ballot.

SOTC | Reliability Standards Quarterly Status Report | February 2014 6 of 11

Paragraph 81 and Independent Experts Quarterly Update

Progress to Date On November 21, 2013, FERC issued Order No. 788 approving the retirement of all of the requirements proposed for retirement under Phase 1 of the Paragraph 81 (P81) project. In addition, through Q1 2014, 159 of the 217 requirements recommended by stakeholders as Phase 2 P81 candidates and 80 of the 147 requirements recommended for retirement by the IERP will have been addressed5 by the assigned drafting team, revisions balloted and approved by stakeholders, and the revised standards adopted by the Board and filed with regulatory authorities. A key component of the drafting team assessments is ensuring that no reliability gap results from elimination of requirements, and this is also part of the criteria used by both the Paragraph 81 and IERP. The following figure and discussion provides a more detailed analysis of these numbers.

Eighty-three candidate requirements were recommended for retirement by both the IERP and P81 Phase 2. Of these, 49 have been addressed and are either affirmed by the periodic review drafting team, are pending NERC Board adoption at the February meeting, or are pending regulatory approval. Fifteen of the candidates are currently being addressed in a standards development project, and 17 are in a periodic review that will be concluded with a standard development project in 2014. The periodic reviews were deferred for two additional candidates to 2014 pending FERC approval of an interdependent standard. Analysis of the remainder of P81 and IERP is as follows:

Stakeholders recommended a total of 217 requirements for retirement in P81 Phase 2, including the 83 requirements that were also recommended for retirement by the IERP (shown in the intersection chart, above). These 217 requirements included candidates that were deferred from P81 Phase 1 as well as candidates submitted for P81 Phase 2. Of the 134 requirements that the IERP did not also recommend, 109 have been addressed, 20 are in current projects (either a standards development project or a periodic review project) and five are not currently assigned to a project.

The IERP recommended retirement of 147 requirements, including the 83 requirements recommended for retirement by both the IERP and P81 Phase 2. Of those requirements recommended for retirement by the IERP that were not also recommended as a P81 candidate, 21 requirements have been addressed, 27

5 Note: For the purpose of this analysis, “addressed within a project” means that each Standard Drafting Team assigned to revise a particular

standard or standards has considered the P81 Phase 2 and IERP recommendations, documented this consideration, and posted their work products for stakeholder comment and ballot through the normal standard development process. A drafting team may either have agreed with the recommendation and eliminated the requirement from the standard, or pursued an alternate course (i.e., retained the requirement, modified it, or consolidated it with one or more other requirements).

Paragraph 81 and Independent Experts Quarterly Update

SOTC | Quarterly Reliability Standards Status Report | February 2014 7 of 11

are in current projects (either a standards development project or a periodic review project), and 16 are not currently assigned to a project.

Planned Schedule for Board Action Progress in addressing the IERP and P81 Phase 2 recommendations is ongoing through individual standards projects. The projects being presented for Board adoption in February include adoption of 10 standards, and retirement of 23 standards, for a net reduction of 13 standards. The standards in these projects also represent a significant reduction in the number of requirements, from a total of 96 requirements in the standards that are being retired to 38 requirements in the new standards. In addition, four standards that underwent periodic review during 2013 were reaffirmed by the review team and the SC as not requiring revision, and are being presented for the Board for re-adoption. Drafting teams for each of the standards being presented for Board adoption or re-adoption have considered recommendations from stakeholders on candidates for retirement under P81 criteria as well as recommendations of the IERP. The following chart has been updated to show progress in revising standards against the 2013 work plan.6

6 The information for 2014 is subject to change since final project schedules for the 2014 work plan were still being finalized when these

materials were prepared

0

5

10

15

20

25

30

35

Q4 -2013 Q1 -2014 Q2 -2014 Q3 -2014

Planned Standards to Board (All Projects)

Actual/Projected Standards

SOTC | Reliability Standards Quarterly Status Report | February 2014 8 of 11

Regulatory Directives Update

Summary of Directives At year-end 2012, there were 191 directives and FERC guidance to be resolved; at the end of the third quarter of 2013, 58 of those have been addressed. Progress year to date is:

Nine directives were filed in Q1

Project 2007-12 (Frequency Response): 2

Project 2007-17 (Protection Systems): 5

Project 2010-11 (TPL Footnote B): 2

Forty-six directives were filed in Q27

Project 2012-08 (Phase 1 Glossary): 3

Project 2006-06 (IRO): 8

Project 2007-03 (TOP): 29

Project 2007-09 (Generator Verification): 6

One directive was filed in Q3 and two additional directives were resolved:

Project 2010-13.2 (Generator Relay Loadability; PRC): 1

Resolved: Project 2012-08 (Regional Glossary Definition): 1

Resolved: Project 2007-06 (System Protection Coordination): 1

Eleven directives were resolved by FERC in Q48 as having been addressed in some other manner, are redundant with another directive, or provide general guidance as opposed to a specific directive, and forty-nine additional directives passed final ballot:

Project 2012-05 (ATC Revisions): 20

Project 2008-12 (Coordinate Interchange Standards): 6

Project 2010-03 (Modeling Data MOD-032-1): 13

Project 2013-04 (Voltage and Reactive Control): 10

Resolved: FERC Order 788: 11 Therefore, 191 directives reduced by 118 directives completed in 2013, resulting in seventy-three directives yet to be addressed in 2014.

Additional Directives NERC’s goal in 2013 and through the first half of 2014 is to address the 191 directives that remained in December 2012. Since that time, FERC issued 44 additional directives during 2013, many of which NERC has already begun to address. The directives that FERC issued include:

Four directives and 11 FERC guidances over Stage 1 and Stage 2 of the Geomagnetic Disturbance Mitigation Project in FERC Order No. 779.9

7 The second report stated that 49 directives were filed in Q2. This included three directives that were filed in December 2012 (BES and

PRC-006-SERC-1) 8 FERC Order 788, Electric Reliability Organization Proposal to Retire Requirements in Reliability Standards, 145 FERC ¶ 61,147 (November

21, 2013) 9 Reliability Standards for Geomagnetic Disturbances, Final Rule, 143 FERC ¶ 61,147 (May 16, 2013)

Regulatory Directives Update

SOTC | Quarterly Reliability Standards Status Report | February 2014 9 of 11

Five directives for the Definition of the Bulk Electric System in FERC Order No. 773 issued on December 20, 2012.10

Five directives in FERC Order No. 777 approving FAC-003-2.11

Two directives in FERC Order No. 772 approving the SERC Regional Standard PRC-006-SERC-01.12

Thirteen directives in FERC Order No. 791 regarding CIP V5.

Four directives in FERC Order No. 786 approving TPL-001-4. Of these, ten directives have been filed with FERC:

Bulk Electric System: 5

FAC-003-2: 2

PRC-006-SERC-01: 2

Stage 1 GMD standard (EOP-010-1): 1

10These directives were issued in Revisions to Electric Reliability Organization Definition of Bulk Electric System and Rules of Procedure, 141

FERC ¶ 61,236 (December 20, 2012), after the 2012 year-end number of directives was established. One of the directives was resolved in the April 4, 2013 NERC Compliance Filing.

11FERC Order No. 777, Revisions to Reliability Standard for Transmission Vegetation Management (March 21, 2013). 12These directives were issued by FERC in Order No. 772, Regional Reliability Standard PRC-006-SERC-01 – Automatic Underfrequency Load

Shedding Requirements (December 20, 2012), after the 2012 year-end number of directives was established and were resolved in the March 11, 2013 NERC Compliance Filing in response to FERC Order No. 772.

SOTC | Reliability Standards Quarterly Status Report | February 2014 10 of 11

Standards Committee Report

This report highlights key activities of the SC and its associated subcommittees.

SC Charter The SC has revised its Charter and will present it to the Board for approval at its February 7, 2014 meeting. The following changes have been made to the Charter:

[SC Charter – Redline]

1. General clean up.

2. Additional mention of the SC’s working relationship with NERC Standards Staff.

3. Recognition of the SC’s role on communication issues related to the Standards development process now that the SC’s communication subcommittee has been retired.

4. As requested by the Operating Committee, language that more prominently recognizes the role of NERC technical committees during the authorization and monitoring of field tests conducted by standard drafting teams.

Resolution of the August 9, 2013 Appeal On August 9, 2013, an appeal was filed13 by the Canadian Electricity Association, Essential Power, LLC, and the Midcontinent Independent System Operator, Inc. challenging the SC’s actions on July 10, 2013, and July 18, 2013, as a violation of process steps required in the Standards Processes Manual. As part of the September 24, 2013 Resolution,14 the SC Chair and NERC’s Vice President of Standards are to report to the Board on reforms made to respond to the appeal.

2014 Reforms At its February 2013 meeting, the Board approved the 2013 SC reforms, requesting an SC report in 2014 on the reforms’ effectiveness and the need for additional reforms. A report on these reforms will be presented to the Standards Oversight and Technical Committee (SOTC) at the February 6, 2014 meeting. In response to both the resolution of the August Appeal and the Board’s approval of the 2013 SC reforms, the new 2014 reforms include:

1. Revisions to the SC Charter.

2. A 2014 consensus building approach that:

a. More actively uses the Reliability Issues Steering Committee (RISC) to triage new and emerging issues, prior to consideration of the issue in the standards development process;

b. Instead of the ad hoc groups used in 2013, the reform proposes to use the existing Standards Authorization Request (SAR) drafting teams to build consensus, balancing equal and effective approaches, including standards, to address known reliability gaps; and

c. Encourages the use of consensus building tools throughout the standards development process.

3. The parallel combination of SAR and Standard for comment and ballot will be limited to uses covered by Section 16 – waivers (consistent with September Resolution).

The SC Chair and NERC’s Vice President of Standards will be present to address questions on the above-mentioned items.

13 See Attachment 1 of Item 20 of the September 19, 2013 Standards Committee Agenda 14 See Resolution of the August 9, 2013 Appeal

SOTC | Reliability Standards Quarterly Status Report | February 2014 11 of 11

Addendum 1

Additional Information for Selected Project15

Project 2013-03 Geomagnetic Disturbance Mitigation (GMD) On May 16, 2013, FERC issued Order No. 779 directing NERC to develop Reliability Standards addressing the potential impact of GMDs in two stages:

Stage 1 Standard requiring applicable entities to implement Operating Procedures. EOP-010-1 was adopted by the Board and filed with regulatory authorities in November 2013.

Stage 2 Standard(s) requiring applicable entities to conduct assessments of the impacts of benchmark GMD events on their systems and requiring the development and implementation of a plan to mitigate the risk of instability, uncontrolled separation, or cascading, if impacts are identified. FERC established a filing deadline of January 21, 2015 for Stage 2.

FERC further directed that NERC identify, through its standards development process, the benchmark GMD event (including a technical justification for the selected benchmark) that entities will use in their vulnerability assessments. In December 2013, the Planning Committee approved the GMD Planning Guide that was developed by the GMD Task Force (GMD TF). The guide provides a general approach for planners to use in studying the effects of GMD and evaluating mitigation measures. Several members of the standard drafting team (SDT) are also leaders in the GMD TF which enhances coordination on technical issues. The SDT is concluding development of the initial draft Stage 2 standard, benchmark GMD event and technical justification, and supporting material in preparation for conducting informal stakeholder outreach and soliciting feedback. As part of its outreach, the SDT will discuss its work at the GMD TF meeting in March 2014. The SDT will consider stakeholder feedback and revisions before posting the standard for an initial formal comment period and ballot (currently planned for April 2014).

Potential Issues The schedule for completing development of the Stage 2 Standard(s) and achieving stakeholder approval to meet the January 2015 filing deadline is aggressive. Additionally, while the draft Stage 2 response to the directives to "evaluate the primary and secondary effects of geomagnetically-induced currents (GICs)" could initially exceed industry's capabilities as some assessment tools, such as a transformer thermal screening tool, are not commercially available, the proposed standard and implementation plan will reflect the availability of tools and models, which is consistent with the directives in FERC Order No. 779.16 Additionally, the SDT plans to engage in an aggressive outreach effort early in the process to inform stakeholders on the technical details of the proposed Standard(s). Planned Schedule for Board Action Board action on Stage 2 Standard(s) is planned for the November 2014 Board meeting.

15 Note: COM, TOP/IRO/2009-02 and CIP Reliability Standards are separate items on the SOTC’s February agenda. 16 See Order No. 779 at P 91. While NERC should propose an implementation plan, the Commission "does not direct or suggest a specific

implementation plan" but rather expects that "the implementation plan will take into account the availability of validated tools, models, and data that are necessary for responsible entities to perform the required GMD vulnerability assessments."