Cybersecurity and the Aftermath of the 2003 Blackout: An Alternate History

Do you think of NERC as big brother and the reliability standards as micromanaging your business. Imagine, if you will, something really sinister. Imagine a response to the blackout that included the takeover and centralized control of all transmission and distribution networks, as well as other infrastructure systems.

That is what Ubisoft has imagined in the company’s upcoming video game, Watch Dogs. Check it out:

High-Altitude Tethered Wind Turbine

In the video below, Altaeros Energies uses a scale prototype to demonstrate the ability of wind-turbine generators lifted 1,000 feet high (about three times the height of typical wind turbines) to produce twice the power output. Lift is provided by a helium-filled, inflatable shell. The technology is being developed for military, offshore, and other remote needs.

[via Greentech Media]

Find Your Energy Avatar

At Mediamatic in Amsterdam, a new exhibit allows visitors to meet their animal energy avatars. Part of the New Order series exploring energy consumption in a world fully supplied by renewable resources, the installation displays animal forms representing the actual energy consumption of human participants.

The exhibitors explain that once-upon-a-time human energy consumption was directly related to metabolic rate.* For example, asleep, humans require 90 watts. Hunter gatherers in the Amazon require 250 watts. With modern technology, though, middle-class humans in the developed world consume around 11,000 watts—more than a blue whale.

* Plus shelter and heat requirements, I think. But we get the idea.

5 Tips for Surviving a NERC Audit with Your Sanity Intact

Fear, uncertainty, and doubt—nearly 5 years into mandatory electric reliability standards and there’s still plenty of it to go around. Some people seem to want it that way. But with regard to compliance audits, it’s just not necessary. I’ve been through a few. Follow these five tips and you too can come out the other end of a NERC audit calm, cool, and collected.

1. Ignore the audit

Perhaps that’s a bit of an exaggeration, but the point is that the audit should not be your focus. Put your attention on reliable operations. Be diligent at maintaining compliance. Keep proper documentation always. If you’re doing what you’re supposed to be doing all along, then the audit becomes no big deal.

2. Remember, it’s just an audit

Uncertainty and doubt breed fear. “What if we can’t find all the maintenance records in time?” “What if the auditor disagrees with our interpretation of that standard?”

Relax! It’s just an audit. The worst thing that can happen is the audit team issues findings of possible violations. You still have time to address those during the enforcement process before they become official alleged violations. After that, you can contest a violation and request a hearing. And you even have an opportunity to appeal a notice of penalty to FERC.

I’m not saying the audit is meaningless, just keep it in perspective. It’s the first step in an enforcement process with multiple opportunities to demonstrate compliance. Documents that take time to locate can be submitted later. Interpretations of standards can be argued at hearing.

3. Complain

Auditors asking for confidential records or showing up at your door (sometimes even with FERC representatives in the group) can be very intimidating. Don’t be afraid, though. Speak up! NERC and regional entity auditors aren’t always right and, in my experience, they usually could do a better job of explaining why they’re asking for something. Now, be careful about refusing to answer a question or provide a requested document. However, don’t hesitate to ask an auditor the basis for his or her request if it seems to imply an assumption or interpretation with which you disagree. At NERC’s recent seminar on audits, Michael Moon, Director of Compliance Operations, said, “This is not a gotcha game. It’s an open book test.” Throughout the seminar, the presenters also encouraged entities to ask questions of their auditors and provide feedback on the audit experience.

4. Shut up

While you should not hesitate to speak up for yourself during an audit, in general, I counsel people to be quiet. With nerves on edge and outsiders questioning one’s work product, there’s a natural tendency to talk—to explain, to justify, to relate interesting stories. This is even more the case when auditors, as they are trained to do, refrain from the personal smalltalk common in business meetings.

Don’t. An audit is not a typical business meeting. You and the auditors are not on the same team. These people are there to determine if you are being compliant with the reliability standards. Answer their questions. But stick to the facts.

5. Do what you say, say what you do

This is both the easiest thing to get wrong and the easiest thing to get right. A number of NERC standards require entities to develop procedures and then follow them. Examples of this include vegetation management plans, maintenance intervals, emergency operations plans, and facility ratings. But besides some general guidelines or limited criteria, the exact procedures or policies are left up to the entities themselves. What could be easier than writing your own standards?

Unfortunately it seems that many entities take this flexibility further than it was intended. They seem to think that because they get to write the procedures themselves, their practices can vary from the procedures if “within reason” or “for the purpose of maintaining reliability.”

Similarly, for many standards a specific procedure document isn’t required, yet an entity may have one for its own reasons. In such a case, there appears even less need to follow the procedure exactly.

Not true! With all due respect to the technical expertise of the engineers and technicians, you need to understand that what we’re dealing with are federal regulations. To be compliant, you must follow the standard exactly as written. If the standard says that you must write a procedure and then implement it, then that is what you must do. Sure, you could have written the procedure differently, but you didn’t. On the other hand, if what you’re doing is better, then change the procedure to match. Even if a procedure document wasn’t required, inconsistencies may lead auditors to question compliance in practice. Don’t let that happen.