Commission Chairman Neil Chatterjee held a press conference on March 19 to discuss FERC’s work during the current pandemic, provide updates regarding the coronavirus (COVID-19), and respond to questions from the media. According to today’s announcements, FERC plans to keep operating as usual but will provide extensive flexibility to the regulated industry in addressing the effects of the pandemic on FERC-jurisdictional activities.
FERC and NERC issued a joint notice on Wednesday providing compliance flexibility on certain key reliability standard requirements during the ongoing coronavirus (COVID-19) pandemic. Although this guidance can allow utilities to avoid findings of noncompliance for certain requirements where timely compliance activities could be difficult due to personnel shortages and other limitations, this is not a blanket waiver. Instead, utilities must provide written notices of their intent to use this guidance. The content of those notices must be drafted carefully as they will be necessary to demonstrate compliance in future reviews.
The new flexibility is as follows:
- Due to the limited availability of NERC-certified operators, if a utility cannot provide sufficient certified operators to comply with PER-003 due to COVID-19, the use of noncertified operators is permitted through the end of 2020. In order to take advantage of this flexibility, utilities will need to notify their Regional Entities and Reliability Coordinators (ISO-NE and NYISO). Training requirements, such as those in PER-005, continue to apply.
- Because of the resource limitations during this time period, periodic actions required by the reliability standards that must occur between March 1, 2020, and July 31, 2020, can be missed on a case-by-case basis if the activities cannot be performed due to COVID-19. To use this flexibility, utilities will need to notify their regional entities of the specific actions that will be missed. These periodic requirements exist in both the Operating & Planning standards (such as protection system maintenance and testing) and the Critical Infrastructure Protection standards (such as patching and vulnerability assessments).
Following the increased spread of COVID-19 within the United States, the North American Electric Reliability Corporation (NERC) issued a Level 2 Alert on March 10 to all users, owners, and operators of the bulk-power system, outlining a series of recommendations and requiring certain responses from each entity about their plans for continued reliable operation under pandemic circumstances.
Although the Alert focuses on certain practical steps for maintaining electric reliability, it should also prompt electric utilities to consider the way in which that can ensure that the tasks necessary for compliance with mandatory reliability standards can continue to be performed if large percentages of a utility’s workforce cannot be physically in control centers, generation control rooms, or field locations. Thinking through and planning for the compliance program implications of the COVID-19 pandemic in advance of significant outbreaks can assist utilities in maintaining compliance under these circumstances.
Recommended Steps: Maintaining Electric Reliability
The NERC Alert notes that the spread of the virus is likely to increase in the near future, and to address those threats provides six recommendations:
- Utilities should maintain situational awareness of the spread of COVID-19 and follow Centers for Disease Control and Prevention (CDC) advisories in determining whether travel and attendance at events and conferences is appropriate.
- Personnel working at utilities should follow good hygiene practices and implement social distancing. As part of these efforts, utilities should enhance their cleaning practices, with a focus on those areas where utility personnel may be enclosed for extended periods of time, such as control rooms, conference rooms, and vehicles. The Alert also notes that utilities should consider reducing access to their facilities by visitors, and segregating work crew who are on different schedules.
- Business continuity plans should be reviewed to address and prepare for disruptions such as significant staffing constraints and loss of contractor personnel. Notably, the Alert encourages utilities to establish thresholds for implementing remote work and similar workplace flexibility arrangements.
- Utilities should assess their ability to demonstrate resilience in the event they cannot receive ready resupply from supply chains that are often global in nature, particularly where procurement strategies rely in part on “just-in-time” logistics systems. The Alert recommends a review of current inventories, including what is likely to be available from suppliers.
- Utilities should consider whether their planned maintenance and construction activities should go forward on the same schedule, or whether certain projects should be prioritized in light of the ability to schedule outages, reduce the consumption of inventory, and work through workforce limitations.
- Utilities should be aware of a number of cyber-risks related to COVID-19, including the heightened risk that phishing and similar social engineering attacks could take advantage of the heightened anxiety surrounding the pandemic and the need to maintain cyber asset availability in the event of staffing disruption and widespread remote work needs.
The Alert requires utilities to respond to several questions, with responses due on March 20, 2020. The questions ask whether the utility
- has a pandemic response plan;
- has reviewed staffing requirements and resources in preparation for a pandemic emergency from COVID-19;
- would be able to provide mutual aid to other companies if the company’s region is not affected;
- has reviewed supply chains and services for potential disruptions; and
- anticipates other risks to reliability and security from the event.
Compliance Planning Implications
Although the Alert does not directly address compliance planning under pandemic conditions, utilities subject to NERC reliability standards should consider the steps they may need to take to achieve continued compliance in circumstances where personnel shortages may be acute, remote working arrangements may be required, and resupply of key inventory could be difficult to achieve.
Although each utility’s circumstances differ, considering the following issues may be helpful in ensuring compliance during this difficult period and avoiding the expense and time required to resolve instances of noncompliance.
- Stress-Test Your Remote Working. Consider the ability of company networks to handle nearly all of the utility’s personnel working remotely, including through stress-testing remote work capabilities. If there are limitations, consider providing prioritized access to personnel whose access is necessary for achieving compliance, such as personnel responsible for reviewing access logs, trouble-shooting operator and energy management system issues, installing patches, and configuration management.
- Assess the Ability to Supply Sufficient Personnel. Evaluate the ability of the utility’s supply chain to supply needed parts and personnel. For example, if protection system maintenance activities require the replacement of certain parts, consider whether an adequate supply exists without significant resupply. Similarly, if vegetation management requires significant personnel, including contractor personnel, consider how those tasks can be completed within the time frame with a smaller workforce.
- Analyze Changes to Tasks at Remote Sites. For tasks that require significant travel to remote locations, such as patching systems without interactive remote access, consider whether the workforce would be able to support those time-intensive tasks and, if not, consider whether alternatives are available (e.g., the use of patch mitigation plans) or if tasks could be pushed up or pushed out while staying within the necessary time frame.
- Protect Key Teams. Consider methods to separate and protect teams such as restoration teams, construction teams, control center shifts, and the like that are necessary to maintain day-to-day operations for the reliability coordinator, transmission operator, balancing authority, and generator operator functions.
- Determine Minimum Staffing Levels. Consider identifying the minimum staffing level at which certain operational assets can continue to operate safely and in compliance, and below which that asset would be taken offline.
- Expand the Pool of Qualified Personnel. Consider expanding the pool of personnel who have received personnel risk assessments and background trainings for working with assets subject to critical infrastructure protection reliability standards.
- Communicate with Audit Teams. If your utility has an in-person audit or spot check scheduled in the near future, consider outreach to the audit or spot-check team lead to discuss moving to remote reviews that avoid large in-person meetings and travel. For example, audit interviews could be conducted by phone, with evidence presented electronically.
Note that although the NERC Sanction Guidelines would allow NERC and the Regional Entities to considering the extenuating circumstances of a pandemic in assessing a penalty—or foregoing a financial penalty entirely—NERC cannot waive noncompliance, and in many cases the true cost of resolving noncompliance is the reporting, enforcement resolution, and mitigation expense.
As your utility continues its preparation for COVID-19, consider reviewing the additional federal and NERC guidance linked below:
- NERC’s Influenza Pandemic Planning, Preparation, and Response Reference Guide
- Joint NERC-DOE High-Impact, Low-Frequency Event Risk to the North American Bulk Power System
- DHS’s Pandemic Influenza Preparedness, Response, and Recovery Guide for Critical Infrastructure and Key Resources
If you have any questions about reliability compliance or other utility operational or commercial issues under pandemic circumstances, please reach out to any of the authors of this post.
The Pipeline and Hazardous Materials Safety Administration (PHMSA) will hold a two-day public meeting on February 26–27, 2020, to discuss with pipeline safety stakeholders the implementation of two final rules published in the Federal Register on October 1, 2019: the Safety of Gas Transmission Pipelines final rule (published at 49 CFR Parts 191–192) and the Safety of Hazardous Liquid Pipelines final rule (published at 49 CFR Part 195). PHMSA has made available for comment and discussion in Docket PHMSA-2019-0225 the meeting agenda draft, frequently asked questions (FAQs), and answers for both rules.
According to PHMSA, “the FAQs are intended to assist in the implementation of these final rules by providing clarification, guidance, information sources, and affirmation to operators as they strive to comply with the new safety regulations.” During the first day of the meeting, PHMSA also is planning to discuss the benefits of pipeline operators developing an effective safety culture. The agenda, however, is less clear on this portion of the meeting.
The US Court of Appeals for the Fourth Circuit resolved a question of first impression on February 11 on when the statute of limitations period commences for civil enforcement claims brought by the Federal Energy Regulatory Commission (FERC) under the Federal Power Act (FPA or the Act) when the alleged violator opts for adjudication in federal district court instead of an administrative proceeding. Siding with FERC, the Fourth Circuit held in FERC v. Powhatan Energy Fund that when an alleged violator decides to pursue adjudication in court, FERC’s claim accrues, and thus the statute of limitations commences, when the alleged violator fails to pay within 60 days the amount set forth in FERC’s Penalty Assessment Order. The decision means that when an alleged violator opts for the district court, FERC can enforce civil penalties for an FPA violation up to 10 years after the date of alleged unlawful conduct.
The FPA creates two procedural options by which FERC can assess civil penalties. Under one option, the “Default Option,” a FERC Administrative Law Judge (ALJ) will hear the dispute. Under the second option, the “Alternate Option,” adjudication occurs in federal district court. The alleged violator may chose the path.
The Commodity Futures Trading Commission (CFTC) recently released its Annual Report on the Whistleblower Program and Customer Education Initiatives for fiscal year (FY) 2019. The report, which details the operation of the whistleblower program and the CFTC’s initiatives to educate consumers about fraud or other violations of the Commodity Exchange Act (CEA), showed that during FY 2019, the CFTC awarded more than $15 million in five whistleblower awards. These whistleblowers had provided information that prompted the CFTC to open an investigation and/or provided substantial assistance to the CFTC during the course of the investigation. The report results serve as a reminder to energy companies to review and assess their compliance programs and policies to ensure that employees are encouraged to bring compliance concerns to management’s attention, and that such concerns are addressed in a timely manner.
The Commodity Futures Trading Commission (CFTC) filed and settled charges on October 24 against Upstream Energy Services LLC (Upstream Energy) for acting as an unregistered futures commission merchant. The Commission’s order raises several important points for energy companies. First, while energy companies may view the Federal Energy Regulatory Commission (FERC) as their primary federal regulatory agency, certain types of transactions involving energy resources may fall under the purview of another regulatory authority, such as the CFTC. Second, a company that accepts and places futures and options order on behalf of another party must register as a futures commission merchant. Third, voluntary and full cooperation with an enforcement action can reduce greatly the nature and severity of any penalty sought.
President Donald Trump signed a pair of executive orders on October 9 that may limit the impact of an agency’s use of informal guidance documents. The executive orders express concern that agency guidance, which includes policy statements, memoranda, and letters, has become a backdoor for regulators to change the laws and expand their scope and reach.
FERC Staff issued an October 4 report on Commission-led critical infrastructure protection (CIP) reliability audits completed during fiscal year 2019. The report provides lessons learned and identifies voluntary practices that FERC Staff observed during those audits that could improve the protection of electric infrastructure from cyberattacks.
Currently at issue before the US Court of Appeals for the First Circuit is whether the filed rate doctrine prevents a court from assessing the reasonableness of a utility’s rates in the retail market. Under the filed rate doctrine, any rate that is approved by the governing regulatory agency is per se reasonable in judicial proceedings. FERC holds exclusive authority to determine whether wholesale rates filed by utilities are just and reasonable. Therefore, if FERC determines that a rate is just and reasonable, a court does not approve a departure from that wholesale rate.