TeamStation AI System Report LATAM IT Salaries 2024
Technologies for Security and Compliance by Ken McIntyre, Ercot
1. Page 1 Company Logo
2012
Technologies for
Security and
Compliance
Summit
August 2012
Austin, Texas
Ken McIntyre
Director Standards and Protocol
Compliance
Electric Reliability Council Of Texas
2. Page 2 Company Logo
2012 Technologies for Security and Compliance Summit
Presentation:
• Electric Reliability Council of Texas
• The Regulatory Challenge
• ERCOT Compliance Initiatives
3. Page 3 Company Logo
Electric Reliability Council Of Texas (ERCOT)
ERCOT Responsibilities
• System Reliability
• Open and Competitive Markets
• Congestion Management
• Network Modeling
4. Page 4 Company Logo
Electric Reliability Council Of Texas (ERCOT)
Key Features of the ERCOT Grid
• Represents 85% of Texas Load
• 74,000 MW of generation capacity
• 40,530 miles of transmission lines
• Electrical island with several DC Ties
• RC, BA, TOP (CFR), PC, IC, RP, TSP
ERCOT facilitates competitive markets
to help achieve reliability.
5. Page 5 Company Logo
Electric Reliability Council Of Texas (ERCOT)
ERCOT Compliance Department
• Centralized Compliance Program
• Increased from two to thirteen employees
• 693, CIP and all ERCOT Protocols
• Standards Development (ballots etc.)
• All things NERC e.g. CANs, TFEs, EA
ERCOT Compliance Mission Statement:
Promote ERCOT Reliability, Security and Compliance,
through Collaboration, Leadership and Expertise.
6. Page 6 Company Logo
The Regulatory Challenge
ERCOT
Public Utility
Commission of
Texas
PUCT
FERC / NERC
SSAE16 / SOX
ERCOT Board
F&A
(Internal Audits)
Texas Reliability
Entity
(Regional Entity)
DOE, DHS,
EPA, NAESB
10. Page 10 Company Logo
The Regulatory Challenge cont.
• Audits and Investigation Preparation
• Compliance burden on organization
• Standards Development
• Compliance with new standards and versions
• Internal Compliance and Monitoring Program
• Event Analysis Reporting and Lessons Learned
• Institutionalize recommendations
• Critical Infrastructure Protection
• Maintaining best practice / Defense in Depth
• SCADA System integrity / Smart Grid information / Mobile Devices
• CIP Standards and new versions
11. Page 11 Company Logo
ERCOT Compliance Initiatives
What should the Compliance Department do?
• Compliance ‘promotes’ Reliability and Security
• Allow Subject Matter Experts to focus on improving industry,
while still meeting compliance obligations (daily activities)
• Reduce duplication of regulatory efforts across the organization
(one activity meets multiple regulatory requirements)
• Active Policy Monitoring and Enforcement to allow early
detection and mitigation of issues, and avoid unnecessary
compliance burden
• Minimize ‘Drift’ from stated expectations
• Institutionalize Recommendations, ‘Normal Practice’
12. Page 12 Company Logo
ERCOT Compliance Initiatives cont.
What is the Compliance Department going to do?
• Consolidate PUCT/FERC/NERC Compliance Data Repositories
• Common regulatory evidence, sampling, reporting, event analysis, mitigation
• Implement AlertEnterprise ‘GRC’ Solution for Compliance
• NERC Reliability Standards, ERCOT Protocols, Corporate Policies, SSAE16
• Automate RSAW development, and other compliance activities
• Active Policy Monitoring and Enforcement (2013)
• Map requirements between multiple regulatory environments
• Provide Compliance Transparency
• AlertEnterprise Dashboards for Executives and Managers
• Risk/Gap/Impact analysis (AlertEnterprise ‘Risk Engine’ concept)
13. Page 13 Company Logo
ERCOT Compliance Initiatives cont.
Additional detail on some initiatives....
14. Page 14 Company Logo
ERCOT Compliance Initiatives cont.
AlertEnterprise/ERCOT mapping requirements between multiple regulatory
environments:
- Map requirements between NERC – Protocols – Guides – Policy
- Interactive display of Requirement and document associations with
master & transaction data,
- Displays Requirement association with transaction data
(Assessments, Investigation, Mitigation, Self Report, Action Items,
RSAW, Event Tracker) within a date range
15. Page 15 Company Logo
ERCOT Compliance Initiatives cont.
AlertEnterprise/ERCOT NERC RSAW functionality:
- Developed for NERC RSAW creation,
- Can be applied/formatted for other regulatory requirements
- Templates with requirements and placeholders for compliance actions,
SME and evidence tables
NERC
18. Page 18 Company Logo
ERCOT Compliance Initiatives cont.
AlertEnterprise/ERCOT ‘Risk Engine’ concept :
- Essentially a means to provide the association of a NERC ‘risk score’
or ‘risk categorization’ to framework items and controls
- Based on VRF, compliance history, enforcement history, NERC
ranking (Top 20), self reports, mitigation plans etc.
- Benefits of assigning a ‘risk score’ to a standard and requirement will be
the development of appropriate monitoring, reporting, dash-boarding,
frequency of assessments, focused training, resource allocation etc.
- ERCOT vision is one of a ‘real-time’ compliance monitoring tool. Are
we compliant today and what is the confidence that our controls in
place are adequate, how well are we prepared to demonstrate
compliance?