System restoration and recovery plans maintained by nine utilities with regional bulk power grid responsibilities are thorough and highly detailed, finds a new report by staff at the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corp. (NERC). The report adds that broadly adopting the practices in these plans would enhance the industry’s preparation for recovering from major storms and physical or cyber attacks, and allow other entities to recover more quickly and efficiently when such events occur.
The joint review by FERC and NERC staff gathered information from a sample of regional bulk power system owners and operators, and found they have extensive incident response and recovery plans.
Effective system recovery and restoration plans are essential to a quick and orderly recovery from reliability events such as blackouts caused by weather, bulk power system disturbances or possible cyber/physical attacks. The purpose of the joint staff review was to assess and verify the utility industry’s recovery and restoration plans and to assess the effectiveness of related mandatory Reliability Standards in maintaining reliability. The review was not a compliance or enforcement initiative.
The staff team, which also included representatives from the NERC Regional Entities, also identified opportunities for improving system restoration and cyber security incident response and recovery planning and readiness. While industry engages in many of these practices to varying degrees, the report makes several recommendations, including that registered entities:
- Verify and test modifications to a system restoration plan;
- Plan for the potential loss of Supervisory Control and Data Acquisition computers and other data sources;
- Obtain insight from entities that have experienced widespread outages;
- Ensure that cyber security response plans identify the types of events that trigger a response and which types should be reported;
- Obtain independent technical review of recovery plans for critical cyber assets and cyber security incident response plans; and
- Participate in exercises and simulations to help develop robust cyber security response and recovery plans.
The report also discusses beneficial practices that participants use to enhance preparation for a major reliability event, such as conducting drills that involve the actual transfer of control center operations to an alternate site to test the functionality of the recovery resources. The staff team recommended that other entities consider incorporating these concepts into their own plans.