NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 I Critical Infrastructure Protection Committee (CIPC) Strategic Plan 2015-2018 CIPC Executive Committee December 9, 2014
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 I
Critical Infrastructure Protection Committee (CIPC) Strategic Plan 2015-2018CIPC Executive Committee
December 9, 2014
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 i
Contents
Introduction ................................................................................................................................................................ ii
Executive Summary ................................................................................................................................................... iii
Mission, Vision, and Guiding Principals ..................................................................................................................... 1
Areas of Strategic Focus in Support of ERO Goals ..................................................................................................... 2
Appendix 1: CIPC Structure .........................................................................................................................................I
Appendix 2: CIPC Executive Committee Structure .....................................................................................................II
Appendix 3: Proposed CIPC Work Plan..................................................................................................................... III
Appendix 4: ERO Strategic Plan ................................................................................................................................ VI
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 ii
Introduction This is a living document, meant to address the current and future Critical Infrastructure Protection Committee (CIPC) strategic issues. The landscape in which the entire electric industry operates within is dynamic and rapidly changing. Therefore, a bi‐annual review by the CIPC Executive Committee should take place to update the strategic plan to ensure that it remains current. Regular strategic plan updates from the CIPC Chair will be provided to the CIPC members, along with status reports being sent to the NERC Board of Trustees. Furthermore, if there are any key changes that emerge, CIPC will revisit the work plan to ensure alignment with the NERC Electric Reliability Organization (ERO) enterprise. This work plan addresses all activities, interests, and concerns of the NERC enterprise related to critical infrastructure planning of the interconnected Bulk Electric System. This document is created to identify strategic activities as well as highlight the alignment of CIPC activities from several perspectives, including:
Conforming to priorities of the NERC ERO enterprise, the Reliability Issues Steering Committee (RISC) and Federal, state/provincial regulators;
Providing a technical foundation for reliability issues;
Matching CIPC resources with priorities; and
Efficiently using CIPC resources.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 iii
Executive Summary The Executive Committee members developed the Critical Infrastructure Protection Committee Work Plan (Appendix: 3) and comprehensively reviewed the work activities and deliverables to be produced for each group. The executive committee members chair the subcommittee and, in some cases, its subgroups. This level of executive committee involvement promotes firsthand knowledge of group activity. CIPC Executive Committee engaged all subgroup leadership in appropriate discussion of deliverables to be produced by each group, and the expectations of the analysis and reports. Based upon that effort, and on comments received from the CIPC members, the current subgroup chairs, etc., the CIPC has continued with the below organizational structure with the addition of the Business Continuity Task Force created to address recommendations from the GridEx II Distributed Play Report and the removal of the Personnel Security Clearance Task Force since its work is completed.
Executive Committee David Revill, NRECA Chuck Abell, Chair, Ameren Melanie Seader, EEI David Grubbs, ERCOT Nathan Mitchell, Vice Chair, APPA Jack Cashin, EPSA Ross Johnson, CEA Jim Brenton, Vice Chair, ERCOT Marc Child, Great River
Laura Brown, Secretary
Physical Security Subcommittee (David Grubbs)
Cyber Security Subcommittee (Marc Child)
Operating Security Subcommittee (Jim Brenton)
Policy Subcommittee (Nathan Mitchell)
Physical Security WG
(Ross Johnson)
Security Training WG
(William Whitney)
Control System Security WG
(Mikhail Falkovich)
Cybersecurity Analysis WG (TBD)
ES Information Sharing
TF (Stephen Diebold)
Grid Exercise WG
(Tim Conway)
Cyber Attack Tree TF
(Mark Engels)
BES Security Metrics WG
(James Sample)
Physical Security Standard WG (Alan Wick)
Compliance and Enforcement Input
WG (Paul Crist)
Physical Security Guidelines
WG (John Breckenridge)
Business Continuity Guideline TF
(Darren Meyers)
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 1
Mission, Vision, and Guiding Principals NERC Mission Statement: The North American Electric Reliability Corporation’s (NERC) mission is to ensure the reliability of the North American bulk power system. NERC is the electric reliability organization (ERO) certified by the Federal Energy Regulatory Commission to establish and enforce reliability standards for the bulk‐power system. NERC develops and enforces reliability standards; assesses adequacy annually via a 10‐year forecast, and summer and winter forecasts; monitors the bulk power system; and educates, trains and certifies industry personnel. ERO activities in Canada related to the reliability of the bulk‐power system are recognized and overseen by the appropriate governmental authorities in that country.
CIPC Mission: The mission of the Critical Infrastructure Protection Committee (CIPC) is to advance the physical and cyber security of the critical electricity infrastructure of North America.
Vision: Foster information sharing, provide industry leadership and a forum for exchanging ideas and promote dialogue on key issues critical Infrastructure protection of the BES.
Guiding Principles: Continue to strive for excellence in:
Maintain relationship with and promote information sharing with other committees;
Maintain high level of expertise;
Align priorities with ERO and across the other standing committees;
Ensure CIPC resources are efficiently used.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 2
Areas of Strategic Focus in Support of ERO Goals
Advisory Panel to the NERC Board of Trustees ERO Strategic Plan Goal 4a and CIPC Charter Section 2.1 Serve as an expert advisory panel to the NERC Board of Trustees, Reliability Issues Steering Committee (RISC) and standing committees in the areas of physical and cyber security. Serve as an expert advisory panel to the Electricity Sector Information Sharing and Analysis Center (ES‐ISAC).
Cyber and Physical Security Guidelines and Technical Reports ERO Strategic Plan Goal 4a; CIPC Charter Section 2.5 CIPC will identify needed guidelines and technical reports on critical infrastructure security and reliability. CIPC will also provide technical support to standard drafting teams created by the Standards Committee.
NERC Standards Development and Compliance Input ERO Strategic Plan Goal 1a and CIPC Charter Section 2.6 CIPC will support NERC compliance initiatives, including NERC’s Reliability Assurance Initiative (RAI), CIP V5 transition guidance and CIP‐014 implementation, by providing timely topical expertise on matters related to cyber and physical security. The Compliance Enforcement Input Working Group (CEIWG) is established to solicit industry stakeholder for input to NERC staff while in draft format to assist and clarify compliance documents. CIPC will also develop and submit Standard Authorization Requests (SARs) on CIP matters as needed.
BES Security Metrics ERO Strategic Plan Goal 1 and 4c; CIPC Charter Section 2.5 CIPC will utilize the expertise of its members, NERC staff and others to provide direction, technical oversight, feedback on the collection of industry metrics, and reporting of BES security performance metrics. The BES Security Metrics Working Group (BESSMWG) is established to develop measureable security metrics of cyber and physical security threats to the BES. The BESSMWG will collaborate with the ES‐ISAC to produce an annual security assessment of the BES.
Coordination and Communications ERO Strategic Plan Goal 4c and 5a; CIPC Charter Section 2.3
a. CIPC coordinates and communicates with those responsible for both physical and cyber security in all industry segments, including (among others) the American Public Power Association (APPA), Canadian Electric Association (CEA), Edison Electric Institute (EEI), Electric Power Research Institute (EPRI) , Electric Power Supply Association (EPSA), ISO/RTO Council (IRC), National Rural Electric Cooperative Association (NRECA), North American Standards Board (NAESB), the Nuclear Energy Institute (NRC), and the NERC Regional Entities (REs).
b. Liaise with government on critical infrastructure protection matters.
Information Sharing ERO Strategic Plan Goals 4 and 5; CIPC Charter Section 2.4 CIPC will facilitate and advocate information sharing among industry segments and with governments.
a. CIPC will identify current information sharing protocols and improvements to facilitate actionable information sharing within industry and between government and industry.
b. CIPC will provide subject matter expertise to joint public‐private task forces as needed (such as Department of Energy Cybersecurity Capability Maturity Model (C2M2) the National Infrastructure Protection Plan (NIPP) and the National Institute of Standards and Technology (NIST) cyber security framework.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 3
Risks and Emerging Issues ERO Strategic Plan Goal 4; CIPC Charter Section 2.2 and 2.3 CIPC utilizes the expertise of its members and collaborates with NERC staff and the ES‐ISAC to identify risks and emerging issues and to recommend timely and appropriate action. CIPC nominates a representative to the NERC Board of Trustees’ (BOT) Reliability Issues Steering Committee (RISC) to assist in the analysis and prioritization of risks and emerging issues for BOT consideration. Additionally, CIPC takes action on the lessons learned from the bi‐annual NERC GridEx incident response exercise to improve industry’s security posture.
Analysis of Security Incidents Impacting the BES ERO Strategic Plan Goal 4 CIPC, assisting the ES‐ISAC as requested, will also coordinate with the Operating Committee and the Planning Committee (PC) on the identification and analysis of cyber and physical security incidents impacting BES facilities.
CIP Training and Educational Outreach ERO Strategic Plan Goal 4 and CIPC Charter Section 2.7 CIPC provides industry the opportunity to participate in physical, cyber and operational security training and educational outreach.
a. CIPC supports the activities and efforts for the annual Grid Security Conferences (GridSecCon). b. CIPC supports the planning, development and execution of the bi‐annual NERC GridEx incident response
exercise to validate the current readiness of the electricity industry. c. CIPC supports the training development through workshops and webinars.
CIPC Member Involvements ERO Strategic Plan Goal 4 and CIPC Charter Section 3 CIPC will utilize the expertise of the committee members by providing opportunities to participate in CIPC activities.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 I
Appendix 1: CIPC Structure
CIPC Voting Members: Twenty‐four members are put forth by the eight Regional Entities from three technical areas – cyber, physical, and operations – as well as policy. Two members are put forth by the American Public Power Association. Two members are put forth by the National Rural Electric Cooperative Association. Three members put forth by the Canadian Electricity Association. CIPC has 31 total voting members. This model has served CIPC and the industry well as it ensures that CIPC has diverse expertise in multiple areas related to critical infrastructure protection. APPA and NRECA are allocated two members each to ensure broad stakeholder involvement along with the appropriate expertise. CEA representation, while currently at three, requires a minimum of two voting representatives and was adjusted upward based on Canadian Net Energy for Load (NEL).
CIP Committee
(Total of 31 Voting Members)
Regional Entities
(24 Total Votes)
ERCOT
(3 votes)
FRCC
(3 votes)
MRO
(3 votes)
RFC
(3 votes)
SERC
(3 votes)
SPP
(3 votes)
WECC
(3 votes)
NPCC
(3 Votes)
APPA
(2 Votes)
NRECA
(2 Votes)
CEA
(3 votes)
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 II
Appendix 2: CIPC Executive Committee Structure
Executive Committee Members The CIPC shall have an Executive Committee (EC) with the following membership.
a. Chair
b. Two Vice‐Chairs
c. Secretary (non‐voting, NERC staff member)
Four Committee members elected by the Committee, who are subject‐matter experts (SME) in one of the
following expertise, Physical Security, Cyber Security, Operations or Policy.
Non-voting Members In addition, the EC includes, as non‐voting participants, the immediate past CIPC Chair who may serve one year, and named representatives from APPA, CEA, EEI, EPSA, IRC and NRECA. Other recognized and well‐established trade associations from the electricity sector that are involved in critical infrastructure protection issues will be considered for nonvoting membership if they are not all ready represented. Additional non‐voting members must be approved by the voting members of the EC.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 III
Appendix 3: Proposed CIPC Work Plan The Critical Infrastructure Protection Committee will deliver on this strategy by undertaking the following work plan activities:
Advisory Panel to Board of Trustees CIPC Charter Section 2.1 CIPC will fulfill this commitment with the following activities:
1. Provide reports of CIPC activities at the BOT meeting. 2. Chair will serve as a CIPC point of contact to the ES‐ISAC requests for input and assistance. 3. CIPC will provide a representative to serve on the NERC Board of Trustees’ Reliability Issues Steering
Committee (RISC). 4. Coordinate across all NERC committees and working groups to assure the highest degree of
collaboration possible. 5. Encourage and solicit CIPC engagement and assist NERC staff as appropriate.
Cyber and Physical Security Guidelines and Technical Reports ERO Strategic Plan Goal 3 and CIPC Charter Section 2.5 CIPC will continue to support the NERC reliability standards with the following activities:
1. CIPC will create and maintain appropriate Task Forces and Working Groups to develop, periodically review, and revise CIPC security guidelines.
2. Issue guidelines in accordance with the process described in Appendix 1 of the CIPC Charter. 3. Develop and issue technical reports that contribute to the reliable operation of the BES.
NERC Standards Development and Compliance Input ERO Strategic Plan Goal 1 and CIPC Charter Section 2.6 CIPC will continue to support the NERC reliability standards with the following activities:
1. Assist in the development and implementation of NERC standards. 2. Identify the need for new or revised critical infrastructure protection standards and initiate standards
actions by submitting standards authorization requests. 3. Assist the standards process by providing expertise in support of the development of critical infrastructure
protection standards authorization requests and standards. 4. Assist the standards process by providing a forum for education, sharing of views, and informed debate
of critical infrastructure protection standards. 5. Facilitate the implementation of critical infrastructure protection standards by developing reference
documents and performing other activities. 6. Provide requested support to standards development and implementation efforts upon direction by NERC
or the Standards Committee. 7. Contribute to standards work with the Operating and Planning Committees. 8. Contribute to the Compliance Operations and Enforcement initiatives at NERC through the Compliance
and Enforcement Input Working Group (CEIWG) by providing timely topical expertise on matters related to cyber and physical security.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 IV
BES Security Metrics ERO Strategic Plan Goal 3 The CIPC will provide technical insight and advice into the development and improvement of BES security metrics, and identify a set of security performance measures to benchmark BES security. CIPC will utilize the expertise of its members, NERC staff and others to provide direction, technical oversight, feedback on the collection of industry metrics, and reporting of BES security performance metrics. The CIPC will continue to deliver recommendations with the following actions:
1. CIPC established the BES Security Metrics Working Group (BESSMWG) to develop measureable security metrics of cyber and physical security threats to the BES and industry responses.
2. CIPC through the BESSMWG will provide BES security metrics to the NERC annual State of Reliability report.
Public-Private Partnership NERC ERO Strategic Plan Goal 4 and CIPC Charter Section 2 The protection of the Bulk Electric System requires the prompt dissemination of security‐related information between public and private stakeholders and across international boundaries. The CIPC will deliver recommendations by the following actions:
1. Contribute expertise to government initiatives (such as ES‐C2M2, NIST cyber security framework). 2. Act as a coordinating body for dissemination of information from government to the CIPC membership.
Information Sharing NERC ERO Strategic Plan Goal 4 and CIPC Charter Section 2 Common information‐sharing protocols will enhance passage of this information, ensuring that vital actionable information is disseminated quickly and accurately.
1. CIPC will support the Electric Sub‐sector Information Sharing Task Force (ESISTF) to study present protocols existing between industry and government. The ESISTF will continue to identify and research the information sharing structures, methods and requirements, and search for efficiencies and alternatives to improve or recommend changes in protocols.
2. The ES‐Information Sharing TF will present recommendations to CIPC, ES‐ISAC and NERC Board of Trustees for consideration and improvement of the Public‐Private Partnership, streamlining of the event reporting process for the industry with the ES‐ISAC and the sharing of actionable information between government and industry.
3. Propose solutions that will build on practices and tools already in place.
Risks and Emerging Issues NERC ERO Strategic Plan Goal 4 The NERC CIPC, utilizing the expertise of its members and NERC staff, will stay abreast of new and emerging issues related to Critical Infrastructure Protection of the BES and take action where appropriate to address these issues, provide expertise, and direction to NERC and the electric industry. CIPC will respond to the issues raised from the bi‐annual GridEx by developing CIPC actions to address lessons learned by tasking CIPC TF and WG to develop recommendations.
Analysis of Security Incidents Impacting the BES NERC ERO Strategic Plan Goal 4
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 V
CIPC will coordinate with OC and PC on developing a mechanism for identification and analysis of security incidents (physical and cyber) impacting BES facilities. The CIPC will deliver recommendations with the following actions:
1. These WGs will analyze events and recommend actions or activities to improve the security of BES facilities.
2. Develop Cyber and Physical expertise liaisons to assist the Events Analysis Subcommittee (EAS) and across NERC Committees as requested.
3. Develop a mechanism for evaluating malicious events while maintaining confidentiality of the compromised entity.
CIP Training and Educational Outreach NERC ERO Strategic Goal 4, CIPC Charter Section 2.7 The CIPC will deliver with the following actions:
1. CIPC will conduct exercises, forums and workshops related to the scope of CIPC and in cooperation with NERC.
2. CIPC established the Security Training Working Group (STWG) to: a. Identify and prioritize current topics related to the scope of CIPC. b. Coordinate by requesting NERC resources, if necessary, to support their activities for the forums
and workshops. c. Schedule security training and education.
CIPC Member and Industry Observer involvement CIPC Charter Section 4.2 The Critical Infrastructure Protection Committee will deliver on this strategy by:
1. Encouraging and engaging CIPC voting member active participation. 2. Encouraging and engaging CIPC alternate members as active participants. 3. Encouraging and engaging industry observers as active participants. 4. CIPC EC will identify potential leadership candidates for subgroups. 5. CIPC subcommittees will review Task Force and Work Group rosters to identify gaps in expertise. 6. CIPC subcommittees will review Task Force and Work Group deliverables 7. CIPC EC will encourage and recognize excellence.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 VI
Appendix 4: ERO Strategic Plan
Strategic Goals 2014–2017 The ERO Enterprise has identified five goals in the following strategic areas: standards; compliance, registration, and certification; risks to reliability; coordination; and collaboration.
Standards Goal 1: Develop clear, reasonable, and technically sound mandatory reliability standards in a timely and efficient
manner. These standards establish threshold requirements for ensuring the BES is planned, operated, and maintained in a manner that minimizes risks of cascading failures, avoids damage to major equipment, or limits interruptions of bulk electric supply.
Objectives and valued outcomes include: a. Standards are clear, responsive to reliability and security risks, practical to implement, and cost‐
effective. Key deliverables include:
Ensure all new standards meet quality‐ and results‐based criteria1 by 2017 with subsequent review every five years, including addressing quality and content issues identified in the 2013 Independent Expert Review Team Report and the work of the standing committees, the Reliability Issues Steering Committee (RISC), and others.
Evaluate significant BES events (Category 3 and above) to identify and address any gaps in standards.
Develop a BES risk profile and assess standards compared to the profile; address the most important unmitigated risks, including applicable high‐impact, low‐frequency risks.
Address all high‐priority risks designated for control by a standard within one or two years if technical study is required.
Address all new FERC directives within one or two years if technical study is required; close all pre‐2013 directives by 2015 (by filing or negotiated resolution).
Facilitate smooth transition of new standards (e.g., CIP Version 5).
Consolidate to a common set of RSAWs, or successors, for all standards.
Identify and file requirements to be retired (e.g., Paragraph 81 Phase 2), including addressing recommendations from the Independent Expert Review Team, the standing committees, the Reliability Issues Steering Committee (RISC) and others.
Develop and implement procedures for assessing the cost‐effectiveness of reliability standards, as needed.
Compliance, Registration, and Certification Goal 2: Be a strong enforcement authority that is independent, without conflict of interest, objective, and fair,
and promote a culture of reliability excellence through risk‐informed compliance monitoring and enforcement. The ERO retains and refines its ability to use standards enforcement when warranted and imposes penalties and sanctions commensurate with risk.
Objectives and valued outcomes include: a. The ERO registers and deregisters entities commensurate with risk to the BES and ensures all key
reliability entities are certified to have essential capabilities.
1 Quality criteria are the attributes of excellent reliability standards as stated in Section 300 of NERC’s Rules of Procedure. Results‐based criteria mean each requirement defines a performance outcome, risk mitigation, or essential competency necessary for a reliable BES.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 VII
Key deliverables include:
Implement the BES exception process.
Evaluate the certification program for sufficiency and effectiveness; modify as needed.
Develop a framework and implement criteria for registration based on risk to the BES.
Develop common and consistent registration and deregistration processes, information systems, and methods among regions.
b. The ERO holds industry accountable for violations that create serious risk to the BES; resulting actions are timely and transparent to industry.
Key deliverables include:
Develop and implement the enforcement reform component of the Reliability Assurance Initiative (RAI) which includes the objective of improving the efficiency and effectiveness of NERC and Regional Entity operations by focusing on serious risk violations. This will reduce unnecessary costs of compliance for registered entities while ensuring reliability objectives are achieved.
Develop and implement new caseload and mitigation aging curves and monitor caseload and mitigation performance.
Develop and implement enforcement strategies based on the RAI, including enhancements to Find, Fix, and Track (FFT).
Continue to expand use of enforcement discretion. Goal 3: Promote a culture of compliance that supports reliability excellence within industry. The ERO works with
industry to identify standards, procedures, practices, and controls to address reliability risks.
Objectives and valued outcomes include: a. Industry has effective procedures and programs to monitor, detect, correct, report, and prevent
compliance, reliability, and security issues. Key deliverables include:
Develop and implement the compliance reform component of the RAI; all Regions implement RAI techniques and principles consistently.
Make effective internal controls models and information available to industry.
Initiate compliance phase‐in learning periods for new standards. b. All ERO compliance activities are risk‐informed, efficient, and effective. Key deliverables include:
Develop and implement RAI (compliance reform).
Monitor registered entities and standards requirements commensurate with the risk to reliability and role of each type of registered entity.
Risks to Reliability Goal 4: Identify the most significant risks to reliability, be accountable for mitigating reliability risks, and promote
a culture of reliability excellence. The ERO identifies and prioritizes reliability risks, facilitates effective solutions and interventions, and monitors results. The ERO works with industry stakeholders and experts to ensure the mitigation of known risks to reliability and facilitates a learning environment by analyzing events, communicating lessons learned, tracking recommendations, and implementing best practices.
Objectives and valued outcomes include: a. Risks are identified and prioritized based on reliability impacts, cost and practicality of assessments,
projected resources, and emerging issues. Key deliverables include:
Continue RISC’s work to develop risk profiles and include high‐impact, low‐frequency (HILF) issues.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 VIII
Prepare an annual state of reliability report and associated reliability metrics.
Develop the BES risk profile to prioritize and rank reliability risks.
Develop project plans and business case assessments for high‐priority risks; implement or facilitate initiatives to address high‐priority risks.
b. Events and system performance are consistently analyzed for sequence, cause, and remediation to identify reliability risks and trends and lessons learned.
Key deliverables include:
Analyze significant events to identify gaps in standards, compliance effectiveness, registration, and risk controls effectiveness.
Make all BES event reports available to industry on a timely basis through a secure portal.
Provide lessons learned and recommendations from events and identified risks.
Merge event‐driven databases and cause codes into one (e.g., event analysis, TADS, GADS, relay misoperations).
c. ERO supports industry situational awareness and cybersecurity preparedness and provides independent reliability information to policy makers.
Key deliverables include:
Expand security maturity model assessments to be widely accessible across industry.
Issue and track physical security and cybersecurity recommendations to protect the BES.
Expand the use and value of physical security and cybersecurity threat and vulnerability information sharing, analytics, and analysis.
Implement periodic wide‐area security exercises (e.g., GridEx).
Increase security clearances available to industry and facilitate access to secured briefings through local fusion centers.
d. Reliability models and data accurately represent system behavior and are shared among stakeholders. Key deliverables include:
Assess data and modeling needs and develop recommendations to ensure quality planning and operating data and models are available to registered entities across each interconnection.
Evaluate event disturbances using phasor measurements and other methods to assess sufficiency of data and models.
Coordination and Collaboration Goal 5: Improve transparency, consistency, quality, and timeliness of results; operate as a collaborative
enterprise; and improve efficiencies and cost‐effectiveness. The ERO accomplishes this by working with the Regional Entities and registered entities to ensure effective coordination, collaboration, and process improvements. The ERO is an efficient steward of resources and leverages information systems to create efficiencies and process controls.
Objectives and valued outcomes include: a. The ERO acts in a coordinated and collaborative manner with stakeholders. Key deliverables include:
Maintain a list of suggestions and recommendations made by stakeholders (e.g., through policy input) and ERO responses to each.
Engage the support and expertise of stakeholders in prioritizing and resourcing reliability initiatives.
Communicate expectations clearly and foster collaboration to deliver important results in advancing system reliability.
Develop and implement ERO‐wide consensus IT solutions for common touch points with registered entities.
Implement collaborative governance by which ERO and Regions are bound by consensus decisions.
NERC | CIPC Strategic Plan 2015‐2018 | December 9, 2014 IX
Clearly delineate ERO and regional roles and responsibilities. b. The ERO acquires, engages, and retains highly qualified talent suited to the mission. Key deliverables include:
Implement employee climate surveys and succession planning and promote favorable hiring and retention of ERO staffs.
Develop ERO qualifications requirements for auditors and other key positions across the ERO and implement training as needed.
c. The ERO internal risks are understood and managed; ERO processes are effective, efficient, and continuously improved.
Key deliverables include:
Develop, test, and deploy ERO enterprise‐wide applications, platform, and database.
Implement an ERO‐wide internal risk management program.