Christi ,

 I  completely agree with Dave .In addition to the levels of redundancy he states  it is important to note that the Central Control Centers are more of a communication and dispatch hub but the actual control of  the circuit breakers , transformers, phase angle regulators and  voltage control devices(the reliability backbone) resides within the "sub control centers " of the Transmission Operators like Con Edison, Florida Power &Light  etc etc..The destruction of one of the major RTO control centers will not shut down transmission lines or trip generators off line .There would be loss of communication to the region or local control centers and there may be some out of merit generation moves but it would not be a disaster . With the  redundancy of control centers, computers ,communications and data acquisition along with the proper protocols and procedures the loss should  not severely effect the security or reliability of the transmission grid .This redundancy will be an important part of the RTO development but there is no valid reason to slow up the present pace of progress because of this issue.

I believe there are much more vulnerable areas within the Transmission grid that NERC should be concerned about and address . I am open to continue this discussion off line .   Dan  

        
 -----Original Message-----
From: 	Perrino, Dave  
Sent:	Wednesday, September 26, 2001 12:53 PM
To:	Nicolay, Christi L.; Shapiro, Richard; Steffes, James D.; Robertson, Linda; Shelk, John; Yeung, Charles; Ingersoll, Richard; Rodriquez, Andy; Novosel, Sarah; Fulton, Donna; Alvarez, Ray; Roan, Michael; Maurer, Luiz; Connor, Joe; Walton, Steve; Comnes, Alan; Staines, Dan; Fromer, Howard; Allegretti, Daniel; Hoatson, Tom; Twiggs, Thane; Shortridge, Pat
Subject:	RE: NERC Statements on Impact of Security Threats on RTOs

Christi,

The NERC statements clearly seem to indicate they feel threatened by the RTO formation process and EISB.

Frankly, nothing stated anywhere in the attachments hasn't already been thought out and handled by the three ISOs in the East and the CAISO as well.  All four of these entities have fully functional back-up facilities in other parts of their regions and NERC is fully aware of them.  I would assume ERCOT also has a fully functional, redundant control scheme in place as well.

In the case of NY there is another site physically apart from the main control center which has a fully redundant computer and communications system.  They have (or used to have) plans which in the event neither center is available, can revert control back to the TOs (heaven forbid)  until ISO personnel can resume control of the grid.  So they have 3 sets of redundancy, in addition to radio and satellite communications if necessary.

Earlier RTO West discussions all contained similar concerns and plans for redundancy and the DSTAR preliminary design documents also plan on redundancy.  NERCs assertion that they would "slow-down" the RTO formation process is absurd (geez, it's going too slow now!!!). 

Running distributed, synchronized computer networks is not rocket science...how do the folks at NERC explain the NYSE quick recovery from a ground zero attack?  There was no report of crippling loss of financial information...at least that I am aware of.  Even a small operation like APX operates their systems using distributed computing and synchronized data.

For NERC to use the NIMDA virus as a specific attack on the electrical grid operation and the compromising of reliability is preposterous and the resulting "service denials" cited are probably refusal(s) of tags, which from what I understand, the utilities probably cause much more self-inflicted havoc than this virus!

The press release you refer to just confirms NERC's position of maintaining status quo.  Should we "call" NERC on these statements?  The remarks made in these public statements seem irresponsible.

Kind Regards,

Dave 

-----Original Message-----
From: Nicolay, Christi L. 
Sent: Wednesday, September 26, 2001 9:11 AM
To: Shapiro, Richard; Steffes, James D.; Robertson, Linda; Shelk, John;
Yeung, Charles; Ingersoll, Richard; Rodriquez, Andy; Novosel, Sarah;
Fulton, Donna; Alvarez, Ray; Roan, Michael; Maurer, Luiz; Connor, Joe;
Walton, Steve; Comnes, Alan; Perrino, Dave; Staines, Dan; Fromer,
Howard; Allegretti, Daniel; Hoatson, Tom; Twiggs, Thane; Shortridge, Pat
Subject: FW: NERC Statements on Impact of Security Threats on RTOs


Our NERC folks should be able to shed more light on why NERC is making statements that on their face look anti-large RTO (the other emails and comments in these document look more like "this should be reviewed".)
Do we (and other market participants) need to have a computer systems group perform a study that includes redunancy issues, etc. to counter this?  Certainly, Pat Wood and Nora Brownell's testimony to Congress indicate that they believe that large RTOs will bring more security and reliability (we have included this in our SE RTO mediation comments.)

-----Original Message-----
From: Michael Reddy [mailto:Mreddy@epsa.org]
Sent: Tuesday, September 25, 2001 4:09 PM
To: acomnes@enron.com; Hawkins, Bernadette; Nersesian, Carin; Yeung,
Charles; Nicolay, Christi L.; Fulton, Donna; Scheuer, Janelle; Hartsoe,
Joe; Shelk, John; Jsteffe@enron.com; Noske, Linda J.; Robertson, Linda;
Alvarez, Ray; Shapiro, Richard; Novosel, Sarah; Mara, Susan; Lindberg,
Susan; Hoatson, Tom
Subject: NERC Statements on Impact of Security Threats on RTOs


MEMORANDUM

TO: Legislative Affairs Committee
       Regulatory Affairs Committee
       NAERO Working Group

FROM: Scott Weiner, Legislative Affairs Committee Chair
             Jim Steffes, Regulatory Affairs Committee Chair
             Mark Bennett, Senior Manager of Policy
             Donn Salvosa, Manager of Government Affairs

DATE: September 25, 2001

RE: NERC Statements on Impact of Security Threats on RTOs

The attached e-mail in Microsoft Word form contains statements that NERC made during a recent meeting with members of the national press.  The statements concern NERC's view of the implications of terrorist threats for FERC's " Four RTO policy" set forth in its July 12th Order.  The statements also may bear upon the effort to establish a new standards setting organization, particularly the possibility that NERC's responsibilities could be shifted to EISB.  Also attached is an article containing the views of R.J. Rudden Associates, Inc. that discusses the risks associated with centralizing control center operations.

Specifically, NERC representatives informed the press that on September 11 "the grid was the target of an insidious cyber attack that shut down some facilities...from an information administration standpoint."  They noted that this resulted in service denials, although it is not clear whether they indicated where or how much.  This event was attributed to the so-called "NIMBA virus".

NERC's statements suggest a new strategy to preserve the role they've played not only in security matters, but possibly other aspects pertaining to "reliability standards."  They warn against any immediate transition to fewer RTOs as envisioned in FERC's July 12th Order.  Moreover, it is likely that NERC will argue that, given its expertise and experience, recent events make transitioning to a new standards organization (EISB?) ill advised.  

It is unclear what, if any, impact all this may have on RTO development, the legislative effort to establish a new reliability standards body or the NERC Board's consideration of pending reform proposals at its October meeting.  However, we can expect security related issues to be included in future discussions of these matters. 

Please provide your reactions to the NERC statements to Mark Bennett at 202-628-8200 or mbennett@epsa.org