Tuesday, June 10, 2014

An Interested Party Weighs In


It seems the Interested Party I referred to in the previous post is still interested, because he wrote me a lengthy email outlining his position on the “far-end” relay question.  And guess what?  He offers an interpretation of criterion 2.5 which has convinced me that 2.5 really does intentionally confine BCS “associated with” the Facilities referred to in that criterion to the substation itself – meaning that relays at the “far end” of the lines in question aren’t automatically Medium impact, unless they otherwise meet one of criteria 2.4 – 2.8.

Here is my summary of his argument, although I’ll reproduce his words below (with slight editing to protect the guilty):

  1. He agrees generally with how I interpret 2.5, but he points out something I missed: the words “at a single station or substation”.   This phrase is a modifier for “Transmission Facilities” (and he very helpfully points out that it is good to dust off your sentence-diagramming skills from eighth grade, although I’m pretty sure I learned that in fourth grade.  Perhaps I was in an – ahem! – higher performing class than he was), so it means the Facility has to reside within the substation. 
  2. I have all along been assuming that Facility mainly refers to entire lines in this criterion, but since an entire line isn't "within a substation", the "Facility" in question must be something else (of course, since “at a single station or substation” isn’t in the other substation criteria 2.4, 2.6, 2.7 and 2.8, those criteria can apply to entire lines, as well as to other Facilities).   In other words, the relay within the Medium substation is Medium because it supports a Medium Facility, while the relay within the Low substation is Low because the Facility that it supports is Low impact.
  3. So what are the Facilities that the two relays support?  The answer is the circuit breaker.  The relay is (usually) a BES Cyber System affecting the breaker, not the line.  And since the breaker is only in one substation, not two (as is a line), there can be no question of relays at neighboring substations becoming Medium impact.
The nice thing about this interpretation (as opposed to the one from a regional auditor that I discussed in the previous post) is that it doesn’t do violence to the term “Facilities” in the Medium bright-line criteria; it doesn’t re-interpret this term to mean something like “assets”.  So I take back what I said in the previous post about preferring that NERC arbitrarily rule that “far-end” relays aren’t Mediums; it seems there can be a direct interpretation of this wording that accomplishes that, without debilitating side effects.[i]

And another good point about the discussion below is that this person really knows about substations and provides some very good advice on classifying transformers and other topics.  I recommend that any transmission entity read this (and also anyone else who doesn’t have a life outside of NERC CIP). 

The Interested Party’s Tale (apologies to Chaucer)
First, here is the exact language of the Criterion, straight from the NERC website:

Transmission Facilities that are operating between 200 kV and 499 kV at a single station or substation, where the station or substation is connected at 200 kV or higher voltages to three or more other Transmission stations or substations and has an "aggregate weighted value" exceeding 3000...

Now, let’s all climb into Mr. Peabody’s Way Back Machine and revisit our sentence diagramming lessons from 8th grade.  Please pay attention to the strategically placed comma which, incidentally, was not in the earlier versions of the standard.  The comma separates two cogent thoughts and in this case provides crystal clear meaning.  OK, so now let’s break down the statement into three segments for clarity:

(1)  Transmission Facilities that are operating between 200 kV and 499 kV
(2)  at a single station or substation,
(3)  where the station or substation is connected at 200 kV or higher voltages to three or more other Transmission stations or substations and has an "aggregate weighted value" exceeding 3000...

As I have consistently asserted in the past, the asset itself is not categorized, only the BES Cyber Systems located at that asset.[ii]  The section (segment 3) that states “where the station or substation is connected at 200 kV or higher voltages to three or more other Transmission stations or substations and has an ‘aggregate weighted value’ exceeding 3000” defines the characteristics of the asset that this Criterion is applicable to.  In other words, the Criterion is only applied to BES Cyber Systems located at a Transmission station or substation connected at 200 kV or higher to three or more other Transmission stations or substations.  Unless that qualification is satisfied, the Criterion is not applicable at all.  And, if the Transmission station or substation is connected at 200 kV or higher to three of more other stations or substations, the Criterion still does not apply unless the aggregated weighted value exceeds 3000 per the referenced table.  The table awards 700 points per Transmission Line operated between 200 kV and 299 kV, and 1300 points for lines operated between 300 kV and 499 kV.  Interestingly, you get no points for lines connected at 500 kV or above, but that really makes sense because that condition is covered unconditionally by Criterion 2.4.  And you get nothing for Transmission Lines operated below 200 kV.  But, I digress.  The other thing you must understand is that if you have two or more parallel lines connecting substation A to substation B, that only counts as one connection for the “connected at 200 kV or higher voltages to three or more other Transmission stations or substations” provision of the Criterion but each line contributes its own value when calculating the “aggregate weighted value.”[iii]

OK, so now we know which stations or substations the candidate BES Cyber Systems must be located at.  Now, let’s go look at the first phrase (segment 1) in the Criterion statement.  The candidate BES Cyber Systems must be associated with “Transmission Facilities that are operating between 200 kV and 499 kV.”  That is how we can correctly state that any BES Cyber System associated with a Transmission Facility operating outside of the voltage range is not a Medium impacting BES Cyber System per this criterion.  That does not mean the BES Cyber System will not be categorized as Medium impacting by another Criterion, but it is not Medium impacting by the application of Criterion 2.5.  Transformers are a special case because they operate at two voltages; more on that later.

OK, but we are not done yet.  And this is what cements the correct reading of the Criterion as opposed to pulling a view “out of the blue.”  Look at the (segment 3) portion of the Criterion, above.  The Transmission Facility operating between 200 kV and 499 kV as referenced in the Criterion must be operated at “a single station or substation.”  You can also read this as “located at” if you prefer since the Transmission Facility is clearly operated at the place where it is physically located.  Why is this important?  It is important because this statement limits the application of Criterion 2.5 to only a subset of all possible Transmission Facilities.  It includes the transformer and shunt compensator declared in the NERC Glossary of Terms definition of Facility because they are physically located at and operated at a single station or substation.  It also includes the circuit breaker that connects one end of a Transmission Line to the Transmission System.  The circuit breaker is a Transmission Facility; the list in the definition is an example and is not all inclusive.  But, the Transmission Line, while a Transmission Facility per the Glossary definition, is not a Transmission Facility that Criterion 2.5 applies to.  The Transmission Line, by its very nature, is operated at more than one station or substation.  It has to be connected to at least two stations or substations or it cannot be a line.  And Criterion 2.5 clearly says operated at “a single station or substation.”

The relay in the substation control house operates the circuit breaker and is clearly “associated with” the circuit breaker for the purposes of applying the Criterion.  The protection schemes running in the relay (and coordinated between the near and far-end relays for certain types of schemes such as pilot relay and transfer-trip) are to protect the Transmission Line, but the relay does that by operating the circuit breaker.  The relay is technically not directly associated with the line and that issue is moot anyhow because the line is not operated at a single station or substation.

So, if the relay (the BES Cyber System) association is not applicable to a Transmission Line, then the categorization of the BES Cyber System must be based solely upon the Transmission Facility from the subset of applicable Transmission Facilities (the circuit breaker in this case) that it is associated with.  The far-end relay is associated with the circuit breaker located and operated at the single station or substation at the other end of the Transmission Line.  And, when you apply Criterion 2.5 to that candidate BES Cyber System, the station/substation qualifications (segment 3) are applied.

If there is an association at all between the two, it is a relay-to-relay association, not a relay-to-Transmission Facility association.  And, a relay-to-relay association is not an association that would make the far-end relay Medium impacting by default.

Now a word about transformers.  The transformer is unique in that it is operated at two voltages.  It is, however, operated at a “single station or substation.”  If either side of the transformer is operated between 200 kV and 499 kV, then it is a Transmission Facility that meets the qualifications of Criterion 2.5 and any BES Cyber System associated with the transformer, even those operating the side whose voltage is outside of the 200 kV to 499 kV range, is Medium impacting.
  
I wish to thank the Interested Party.  A very helpful discussion.

If you would like to know what happened with this controversy, you can find out in this post.

The views and opinions expressed here are my own and don’t necessarily represent the views or opinions of Honeywell. 


[i] Of course, this solution just applies to criterion 2.5.  I don’t think there are such easy solutions to all of the other wording problems in CIP-002-5 R1 and Attachment 1.

[ii] He’s right that he’s said this consistently in the past.  And I’ve consistently said that, while his take on this issue is probably closer to the wording of CIP-002-5 R1 and Attachment 1 than mine is, it’s a moot point – since literally every entity I’ve talked to so far has said they first classify assets/Facilities, not BES Cyber Systems; the latter get their rating through the former.  In practice, I know he advocates an intermediate step where the entity does in fact look at the asset/Facility and develops a “preliminary” classification for it; this then guides how the BCS at or associated with that asset/Facility will be classified.  So there isn’t much difference between what we both say in practice; I just feel his approach adds more verbiage and potential confusion.

[iii] He makes a good point here that I hadn’t realized.  However, this discussion also shows you how incredibly complicated the supposed “bright-line” criteria really are.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)