• be_ixf; php_sdk; php_sdk_1.4.11
  • 16 ms
  • iy_2023; im_12; id_02; ih_04; imh_59; i_epoch:1.70152196712E+12
  • ixf-compiler; ixf-compiler_1.0.0.0
  • py_2018; pm_11; pd_14; ph_12; pmh_14; p_epoch:1.54222645072E+12
  • link-block; link-block_link-block; bodystr
  • pn_tstr:Wed Nov 14 12:14:10 PST 2018; pn_epoch:1.54222645072E+12
  • 0 ms
  • be_ixf; php_sdk; php_sdk_1.4.11
  • https://www.naes.com/news/cyber-incident-response-recovery-best-practices/
  • https://www.naes.com/news/cyber-incident-response-recovery-best-practices/
Skip to content
NAES
  • Twitter
  • LinkedIn
  • Services
    • Power Services
    • Compliance & Fleet Services
      • Engineering
      • E3 Consulting
      • O&M Services
      • Regulatory Compliance Services
      • Maximo Services
      • Field Engineering and Research
    • Fabrication, Maintenance, & Construction
    • Staffing Services
  • About Us
    • Subsidiaries
    • Leadership
  • Communications
    • News
    • Case Studies
    • Press Releases
  • Careers
  • Contact
    • Contact a Location
    • NAES Login Center
Solar Panels

In the News

Home Communications In the News Cyber Incident Response & Recovery Best Practices

10.7.2020

Cyber Incident Response & Recovery Best Practices

by Sean Thompson, NERC Services Supervisor

 

Cyber Incident ResponseStaff of the Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) on September 14, 2020 published a report on cyber planning for response and recovery that outlines best practices for the electric utility industry. The joint staffs of FERC and NERC, and the NERC Regional Entities, developed the report after interviewing subject matter experts from eight electric utilities of varying size and function. The report includes observations on their defensive capabilities and on the effectiveness of their Incident Response and Recovery (IRR) plans. The report identifies common elements among the IRR plans, and identifies best practices, finding that effective IRR plans: 

  • Contain well-defined personnel roles, promote accountability and empower personnel to act without unnecessary delays, and use supporting technology and automated tools while recognizing the importance of human performance;  
  • Require well-trained personnel who are constantly updating their skills and incorporate lessons learned from past incidents or tests;  
  • Use baselining so personnel can detect significant deviations from normal operations, and flowcharts or decision trees to determine quickly when the utility reaches a predefined risk threshold and a suspicious set of circumstances qualifies as an event; 
  • Remove all external connections when activated, and consider the possibility that a containment strategy may trigger predefined destructive actions by the malware, and employ evidence collection and continued analysis to determine whether an event indicates a larger compromise;
  • Consider the resource implications of incident responses of indeterminate length; and 
  • Implement lessons learned from previous incidents and simulated activities. 

The report concludes that effective IRR plans are important resources for addressing cyber threats, and that effective IRR plans should be in place and response teams should be prepared to detect, contain, and, when appropriate, eradicate cyber threats before they can harm utility operations. 

 

The report can be found at:  https://naes.news/Cyber-Response-Report

Join the Conversation

  • Twitter
  • LinkedIn
NAES

© Copyright 2023 NAES. All rights reserved.

  • Privacy Policy
  • Terms of Use
  • Do Not Sell My Personal Information

Website design by Jordan Crown

  • Services
    • Power Services
    • Compliance & Fleet Services
      • Engineering
      • E3 Consulting
      • O&M Services
      • Regulatory Compliance Services
      • Maximo Services
      • Field Engineering and Research
    • Fabrication, Maintenance, & Construction
    • Staffing Services
  • About Us
    • Subsidiaries
    • Leadership
  • Communications
    • News
    • Case Studies
    • Press Releases
  • Careers
  • Contact
    • Contact a Location
    • NAES Login Center

‹ › ×
    Manage Cookie Consent
    We use cookies to optimize our website and our service.
    Functional cookies Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    Manage options Manage services Manage vendors Read more about these purposes
    View preferences
    {title} {title} {title}
    CAISO Generator Modeling Process and Data Requirements

    Don’t wait until the last minute. You should allow time for at least one iteration with CAISO so that you are complete and deemed compliant before your deadline.

    On August 1, 2018, CAISO introduced a revised Business Practice Manual for Transmission Planning Process (BPM), which includes new data requirements for interconnected generation resources within the ISO’s footprint. Section 10 of the BPM establishes revised data requirements and compliance procedures for all participating generators including non-NERC registered entities. While additional requirements have been placed on larger NERC registered facilities, these changes may pose an even greater burden to entities that have been exempt from NERC mandated modeling and protection requirements.

    New data requirements include voltage and frequency protection models, power flow models, and in some cases, sub-synchronous resonance models. These models must be verified using criteria listed in the BPM, which can only be performed by entities with modeling software and knowledge of modeling practices.

    NAES is prepared to assist entities with data aggregation, modeling, and testing to ensure compliance with CAISO’s data requests. The following links will allow entities to determine when to expect their individual data requests (phase) and what data will be required (category).

    Business Practice Manual (BPM)

    Entity Category and Phase Listing

    CAISO Transmission Planning Website

    TPL-007

    TPL-007 establishes planning criteria for induced currents caused by geomagnetic disturbances. The standard is applicable to facilities using transformer(s) with a high side, wye grounded winding operated above 200 kV and can require both submittal of general geomagnetic data (R2) and thermal impact assessments (R6) depending on results of Planning Coordinator analysis.

    VOLTAGE AND REACTIVE (VAR) STANDARDS

    VAR-501-WECC

    VAR-501-WECC requires applicable entities within the WECC region to confirm performance settings and characteristics of Power System Stabilizers (PSS). NAES provides physical testing and reporting services to address WECC’s specific PSS requirements.

    PERSONNEL PERFORMANCE, TRAINING AND QUALIFICATIONS

    PER-006

    PER-006 requires Generator Operators to provide training to personnel who are responsible for the Real-time control of a generator. NAES has developed specific protection system training materials suitable for compliance with the Standard and provides this training both on and off site

    PROTECTION AND CONTROL (PRC) STANDARDS

    PRC-001

    PRC-001 requires entities to coordinate protection system changes with other affected parties. NAES offers both procedural documentation and engineering services to establish the required coordination for both PRC-001 and PRC-027.

    PRC-002

    PRC-002 requires the installation and operation of disturbance monitoring equipment (DME) for applicable entities. NAES can assist with the design and installation of DME as well as ongoing compliance support.

    PRC-019

    PRC-019 requires applicable entities to show coordination between voltage regulating controls, limiters, equipment capabilities, and protection settings. NAES produces PRC-019 specific coordination studies for both traditional generators and renewable projects to establish compliance with the Standard.

    PRC-023

    PRC-023 requires load responsive protective relays be set according to criteria within the Standard to ensure settings do not limit transmission loadability. NAES provides full engineering analyses to maintain compliance with this Standard.

    PRC-024

    PRC-024 requires applicable entities to ensure generator protective relays do not trip within predefined frequency and voltage limits. NAES can complete protection settings analyses and provide compliance documentation that clearly identifies protection settings as they relate to NERC’s “no trip” zones.

    PRC-025

    PRC-025 establishes minimum settings requirements for load-responsive relays protecting generators, step up transformers, and auxiliary transformers. NAES utilizes predefined calculation options as well as simulations to determine a facility’s compliance status and development of new relay settings if required.

    PRC-026

    PRC-026 requires applicable entities to perform load responsive relay settings analyses based on criteria identified within the Standard. Entities are typically notified by the Planning Coordinator when an analysis is required. NAES performs all required studies to establish compliance.

    MODELING, DATA, AND ANALYSIS (MOD) STANDARDS

    MOD-025

    MOD-025 requires Real and Reactive Power capability testing for individual generating units over 20 MVA or facilities with over 75 MVA of generation capacity. NAES offers site specific test procedures and/or complete onsite testing services to meet the requirements of this standard.

    MOD-026

    MOD-026 requires verification of excitation or volt/var control dynamic models through utilization of either system disturbances or physical testing. NAES offers full testing and modeling services to meet the requirements of this standard.

    MOD-027

    MOD-027 requires verification of governor or active power/frequency control dynamic models through utilization of either system disturbances or physical testing. NAES offers full testing and modeling services to meet the requirements of this standard.