Application No.: Exhibit No.: SCE-05, Vol. 02, Pt. 1 Witnesses: J. Bubb C. Carazo J. Castleberry G. Haddox C. Hu G. Huckaby J. Kelly L. Miller R. Park J. Pespisa J. Shotwell J. Tran (U 338-E) 2015 General Rate Case Information Technology (IT) Volume 2, Part 1 – Capitalized Software Before the Public Utilities Commission of the State of California Rosemead, California November 2013
270
Embed
Information Technology (IT) Volume 2, Part 1 – Capitalized ......Summary Information Technology Operating Unit’s (IT) request includes support for a total of $986.05 million of
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Application No.: Exhibit No.: SCE-05, Vol. 02, Pt. 1 Witnesses: J. Bubb
C. Carazo J. Castleberry G. Haddox C. Hu G. Huckaby J. Kelly L. Miller R. Park J. Pespisa J. Shotwell J. Tran
(U 338-E)
2015 General Rate Case
Information Technology (IT) Volume 2, Part 1 – Capitalized Software
Before the
Public Utilities Commission of the State of California
Rosemead, CaliforniaNovember 2013
Summary
Information Technology Operating Unit’s (IT) request includes support for a total of
$986.05 million of capitalized software expenditures for the forecast period 2013-2017.
Operating Software is primarily used to manage and monitor the health of mainframe
servers, midrange servers, storage, and personal computers.
Information Security requests are for requirements to protect critical SCE systems and
sensitive information from cyber attacks and thefts.
Our Expanded Capabilities help implement the technology to develop, run, maintain and
expand services, primarily in the Software-as-a-Service and Development/Platform-as-a-
Service categories.
NERC CIP request is to develop and implement systems and processes that will help
ensure that SCE sustains compliance with NERC’s mandated set of Cyber Security Critical
Infrastructure Protection standards.
Also included are 39 specific capitalized software projects from SCE’s other Operating
Units. Our review and prioritization of our requests ensure that these are the projects most
beneficial to our ratepayers.
SCE-05: Information Technology Volume 2, Part 1 – Capitalized Software
Table Of Contents
Section Page Witness
-i-
I. OPERATING SOFTWARE ..............................................................................1 C. Carazo
A. Background ............................................................................................1
B. Business Requirements ..........................................................................1
C. Recorded and Forecast Expenditures .....................................................2
D. Recorded Expenditures ..........................................................................2
E. Forecast Expenditures ............................................................................3
F. Conclusion .............................................................................................4
II. CYBERSECURITY AND IT COMPLIANCE .................................................6 G. Haddox
A. Introduction ............................................................................................6
B. Information Security ..............................................................................8
SCE-05: Information Technology Volume 2, Part 1 – Capitalized Software
Table Of Contents (Continued)
Section Page Witness
-xi-
5. Digital Experience Program ...................................................125 L. Miller
a) Overview ....................................................................125
(1) SCE’s Customer Engagement Model Continues to Evolve .......................................125
(2) Technology in Customer Self-Service Options Has Advanced Rapidly ...........................................................126
(3) An Investment in Integrated Technology Is Required .................................126
(4) The Digital Experience Program Provides Long Term Benefits ........................126
(5) Shifting Customer Experience towards Broader Access .................................128
(6) Shifting Customer Experience Impacts SCE’s Self-Service Model ...............128
(7) Investment in Technology is Required to Meet Customer’s Shifting Expectations .....................................130
b) Digital Experience – Systems Overview ...................130
(1) Upgrade the Interactive Voice Response to Utilize Advanced Speech Recognition (ASR) and Text to Speech (TTS) Technologies .......................130
(2) Alerts and Notification System ......................132
(3) Outage Communication System ....................136
(4) Build Out the Customer Data Warehouse ......................................................138
(5) SCE.com/Customer Service Relationship (CRM) Integration ....................140
SCE-05: Information Technology Volume 2, Part 1 – Capitalized Software
Table Of Contents (Continued)
Section Page Witness
-xii-
c) Digital Experience Overall Project Schedule ............141
14. Home Area Network (HAN) Future Upgrades and Standards ................................................................................183 L. Miller
a) Background ................................................................183
WBS ID DescriptionCIT-00-OP-CS-000030 Operating Software & MiddlewareCIT-00-OP-CS-000023 Microsoft Enterprise Agreement License and DeploymentCIT-00-OP-CS-000046 Domain Name Services (DNS)
A. Background 3
Operating Software is primarily used to manage and monitor the health, performance, capacity, 4
and configuration of mainframe servers, midrange servers, storage, and personal computers. This 5
section of testimony also includes upgrades of operating system software and desktop applications. 6
Examples of Operating Software are Microsoft Windows 7 and the Office 2010 suite of products 7
including Excel, Word, and PowerPoint. Other examples of Operating Software include CMDB 8
(Configuration Management Database), Capacity Management and DCIM (Datacenter infrastructure 9
Management) software. 10
B. Business Requirements 11
Operating Software is indispensable to SCE’s daily operations. It allows SCE to operate 12
effectively in a highly complex computing environment. Operating Software requirements are dictated 13
by the number, type, and size of computing hardware components maintained by SCE, as well as by 14
business needs. Business needs can be classified into three groups: 15
Hardware and Software Additions – necessary to add additional software licenses 16
incrementally as growth occurs and service levels warrant 17
New Capability – necessary to support requirements of new products 18
Vendor Specified End of Life (i.e., vendor obsolescence) – necessary to keep SCE in 19
compliance with vendor software licensing, support and security requirements at a level 20
consistent with business needs1 21
1 See IBM Software Support Lifecycle available at http://www-01.ibm.com/software/support/lifecycle/ for IBM’s software
product lifecycles.
2
C. Recorded and Forecast Expenditures 1
SCE recorded $85.497 million for the period 2008-2012 for Operating Software and middleware 2
and estimates $53.835 million, a 52.2 percent decrease, for the period 2013-2017,as depicted in the 3
In 2008, we recorded $6.628 million of capital expenditures for operating software, primarily for 6
additional mainframe software licenses and other Operating Software driven by the refresh of 7
mainframes servers at the end of useful life and system capacity performance increases for Customer 8
Service System (CSS) transaction processing needs. In 2009, we recorded $32.259 million, primarily 9
comprised of $17.400 million for the new Microsoft Enterprise License Agreement (ELA) for Microsoft 10
operating system products (we replaced the Microsoft products used in our server and desktop 11
environments prior to Microsoft’s published end-of-support date at the end of 20132), and $7.860 12
million for data backup and storage management software to reduce the complexity of managing our 13
server and storage environments by centralizing, simplifying, and automating tasks. Another $2.463 14
2 See Microsoft support Lifecycle Index available at http://support.microsoft.com/gp/lifeselectindex for software end of
support information. (Last visited July 1, 2013).
3
million was spent for electronic messaging and collaboration licenses to support the growth of the 1
workforce, and $1.511 million for enterprise configuration management software licenses and 2
implementation, which was used to integrate our data center configuration into a coherent database. 3
In 2010 we recorded $18.199 million of capital expenditures, primarily for an IBM Enterprise 4
License Agreement (ELA) for Operating Software, which was needed to upgrade our server and storage 5
environments prior to IBM’s published end of product life and end of support.3 6
In 2011 we recorded $2.806 million, primarily for CMDB (Configuration Management 7
Database) Operating Software to simplify the management of our server and storage infrastructure and 8
application interfaces. Another $23.750 million was primarily for Microsoft Windows Desktop 9
Operating Software deployment and to procure Incident Management and Enterprise Application 10
Performance Monitoring Operating Software. 11
E. Forecast Expenditures 12
For the forecast period 2013 to 2017, total forecast expenditures are $53.835 million, or 51.2 13
percent less than the recorded period total. SCE uses a standard methodology to forecast capitalized 14
expenditures for most new capital projects and refreshes of existing applications. Our preliminary cost 15
estimates are developed by a team of SCE employees who have experience with previous capital 16
technology projects. The software and vendor estimates are based on experience from similar projects 17
that IT has successfully implemented. With certain exceptions, competitive bidding and rigorous 18
screening of the vendors and the products is conducted, which includes issuing a request for proposal 19
(RFP). The workpapers included with this Volume provide the details used to develop the costs for each 20
of our capital forecasts. To develop our forecast, we identified specific types of Operating Software by 21
evaluating business requirements based on the following drivers: (1) hardware and software additions, 22
(2) new capabilities, and (3) vendor specified end of life. We used pricing agreements negotiated in 23
2012 with Microsoft4 to estimate Operating Software costs. We plan to make these purchases through 24
our strategic business partners, Edge Solutions and Zones. Both suppliers were selected as strategic 25
business partners representing IBM and Microsoft respectively. These companies provide solutions 26
meeting our business requirements, and also are Diverse Business Enterprise (DBE) suppliers, helping 27
to fulfill SCE’s supplier diversity requirements as established in CPUC’s General Order 156. For all 28
other vendor products, we used estimated costs based on previous projects with similar scope. 29
3 Id.
4 See workpaper entitled “Microsoft ELA.”
4
In 2013 we forecast $7.200 million: (a) to procure additional mainframe software licenses 1
driven by refresh of the new mainframe servers, which replaced older mainframe computers at the end 2
of their useful life (year-end 2012); (b) to upgrade server Operating Software due to vendor published 3
end of life (end of support); and (c) to expand ERP licenses and software infrastructure and to continue 4
the Solution Manager implementation. 5
In 2014 we forecast $3.390 million for the new Cisco and VMware Enterprise License 6
Agreements (ELA) and Domain Name Servers (DNS) software for Operating Software needed to 7
upgrade our server and storage environment prior to vendor published end of life (end of support) in 8
2015.5 9
In 2015 we forecast $2.500 million for the new Cisco and VMware Enterprise License 10
Agreements (ELA) for Operating Software needed to upgrade our server and storage environments prior 11
to vendor published end of life (end of support) by year-end 2016.6 12
In 2016 we request $27.500 million for the new Microsoft, Cisco and VMware Enterprise 13
License Agreements (ELA) for Operating Software needed to upgrade our server, storage and desktop 14
environments prior to vendor published end of life (end of support).7 15
In 2017 we forecast $13.245 million for the new Microsoft, Cisco and VMware Enterprise 16
License Agreements (ELA) for Operating Software needed to upgrade our server, storage and desktop 17
environments prior to vendor published end of life (end of support).8 18
F. Conclusion 19
Operating Software is indispensable in the daily operations at SCE. It allows SCE to remain 20
proactive in a highly complex computing environment. The expenditures forecast are needed to manage 21
computing resources as they grow in size and complexity, while mitigating the ongoing potential risk to 22
critical business functions due to technology obsolescence and vendor obsolescence. Technology 23
obsolescence results when the underlying technology that an application uses is identified by its vendor 24
to be phased out (no longer approved for use). The reasons for technology obsolescence include, but are 25
not limited to, security flaws, unstable technology platforms, and operating system changes. Vendor 26
5 See Cicso Product Support Publications available at http://www.cisco.com/en/US/products/products_end-of-
life_policy.html (Last visited July 1, 2013).
6 Id.
7 Id.
8 Id.
5
obsolescence (also known as Vendor Specified End of Life for products) results when a Commercial-1
Off-The-Shelf (COTS) application or version of an application is no longer supported by the vendor. 2
Products, versions and support dates are published on most vendor websites. 3
6
II. 1
CYBERSECURITY AND IT COMPLIANCE 2
A. Introduction 3
The importance of cybersecurity to the utility industry and to SCE has expanded as systems and 4
data have become more integral to business operations, and as the electric infrastructure has become 5
more essential to national commerce and communications capabilities. Cyber attacks are continually 6
growing in number and sophistication, and the availability of cyber weapons is on the rise as well. 7
Therefore, maintaining a strong defense against cyber attack requires a continually evolving set of 8
strategies. 9
Recent examples of cyber attack are well documented in the news media and the intelligence 10
community. In August 2012, a virus attack delivered by e-mail compromised more than 30,000 11
computers at the Saudi Arabian Oil Co., also known as Saudi Aramco. In this attack, the virus destroyed 12
data on servers and erased hard drives on individual computers.9 In June 2010, a computer worm called 13
Stuxnet was discovered, which attacked and damaged nuclear facilities in Iran.10 Within the U.S., 14
President Obama recognized the growing cyber threat to critical infrastructure when he issued policy 15
directive PPD-21 in February 2013.11 16
Most recently, Mandiant Corporation released its report “APT1: Exposing One of China’s Cyber 17
Espionage Units.” In this report, Mandiant cites evidence for its conclusion that APT1 (Advanced 18
Persistent Threat 1) is a cyber-espionage arm of the Chinese government, which “has systematically 19
stolen hundreds of terabytes of data from at least 141 organizations” and which “focuses on 20
compromising organizations across a broad range of industries in English-speaking countries.”12 In fact, 21
SCE’s monitoring and analysis of intrusion attempts found that over 25 percent of attacks on SCE 22
networks and systems in 2012 originated from China.13 This conclusion by Mandiant that cyber-23
espionage is sponsored and funded by the Chinese government reinforces our conviction that SCE must 24
maintain a strong defensive posture against cyber attack. 25
9 See workpaper entitled “Saudi Aramco Oil Giant recovers from virus attack,” BBC News, August 27, 2012.
10 See workpaper entitled “The Real Story of Stuxnet,” by David Kushner, IEEE Spectrum, March 2013.
11 See workpaper entitled “Presidential Policy Directive PPD-21,” February 12, 2013.
12 See workpaper entitled “APT1: Exposing One of China’s Cyber Espionage Units,” Mandiant Corporation, 2013.
13 See workpaper entitled “Cyber attacks on SCE by Country of Origin.”
7
The Cybersecurity & IT Compliance Division (C&C) oversees SCE’s Corporate Cybersecurity 1
Program to maintain the confidentiality, availability, integrity, and accountability of SCE’s information 2
technology systems and operations through security engineering and risk management. C&C also 3
oversees regulatory compliance activities across IT and develops programs to ensure compliance with 4
emerging federal and state legislative and regulatory mandates regarding cybersecurity. 5
SCE employs a defense-in-depth strategy for security, which utilizes multiple layers of 6
protection to prevent unauthorized access to its systems. As a result, IT sponsors a number of capital 7
projects in the area of information security. These projects fall into three primary categories: Perimeter 8
Defense, Interior Defense, and Data Protection. SCE also anticipates the need to respond to new 9
legislation in the cybersecurity arena, and thus IT sponsors a fourth category of work referred to as 10
Solutions for Emerging Legislative Mandates. Finally, in a fifth project category, Common 11
Cybersecurity Services, IT is developing a means to allow devices on the smart grid to securely 12
communicate with grid control centers. 13
Perimeter Defense: Perimeter Defense includes the processes, procedures, personnel, 14
hardware and software designed to protect SCE’s information and systems from external 15
attacks. Perimeter Defense is especially critical to systems that are accessible via the 16
Internet. 17
Interior Defense: The goal of the Interior Defense program is to secure SCE’s internal 18
business systems from unauthorized users, devices and software. Advanced and integrated 19
real time monitoring of SCE’s internal business network makes it more difficult for 20
unauthorized users to gain access to our systems and for rogue devices or software to cause 21
business disruption. 22
Data Protection: The objective of the Data Protection program is to protect SCE customers, 23
employees, contractors, and other personnel from identity theft, as well as to protect 24
confidential SCE information residing on all computing devices from unauthorized use, 25
distribution, reproduction, alteration, or destruction. 26
Solutions for Emerging Legislative Mandates: Cybersecurity legislation and regulation 27
continue to evolve with a great deal of activity. The Presidential Executive Order Improving 28
Critical Infrastructure Cybersecurity,14 dated February 12, 2013, has increased focus in these 29
14 See workpaper entitled “Executive Order – Improving Critical Infrastructure Cybersecurity,” February 12, 2013.
8
areas. As a large electric utility that is a part of the critical national infrastructure, SCE 1
strives to protect shareholder interests through shaping cybersecurity legislation and 2
regulation, and through early compliance planning. 3
Common Cybersecurity Services: Common Cybersecurity Services is an architecture that 4
allows any device in the smart grid network to securely access common services (e.g., 5
cybersecurity, network monitoring, etc.) in utility control centers. This architecture is needed 6
because the level of automation and connectivity introduced through grid modernization has 7
also increased its vulnerability. 8
IT also sponsors a category of cybersecurity projects for SONGS 9
SONGS Cybersecurity: In February 2012, SONGS’ Cyber Security Program underwent an 10
inspection by the NRC. As a result of the inspection, SONGS is required to remediate any 11
issues identified in the inspection and advance its Cyber Security Program.15 In 2015, 12
SONGS will be re-inspected to validate that the improvement areas identified are remediated 13
and the SONGS Cyber Security Program is integrated into the plant’s operations. 14
B. Information Security 15
1. Background 16
In today’s evolving corporate environment, the once structured and clearly defined 17
business network has all but vanished. Moreover, it has been extended to include the public internet 18
with its unstructured boundaries. This trend has resulted in the creation of business services outside the 19
once protected business network, and the need to grant entities outside the business network access to 20
resources within this network. This increasingly broad accessibility to SCE’s network presents a need 21
for a flexible process to access these systems balanced by stronger security controls.16 22
Within SCE, the C&C group is responsible for preventing cyber attacks from impeding 23
SCE’s business and electric power operations. According to the Director of National Intelligence of the 24
United States, cyber threats pose a critical national and economic security concern due to the continued 25
advances in, and growing dependency on, information technology.17 The dependence on mobile 26
15 See workpaper entitled “SONGS Critical Digital Asset (CDA) Remediation” for more information on SONGS CDA
Remediation project.”
16 See workpaper entitled “Security without Boundaries: Managing Your Multi-Perimeter World with Security Intelligence,” IBM Institute for Advanced Security, 2012.
17 See workpaper entitled “Worldwide Threat Assessment of the US Intelligence Community,” James R. Clapper, January 2012.
9
technologies, wireless communications and cloud computing, and the use of personal devices to access 1
business systems, has further exposed business systems to known and yet to be discovered cyber threats. 2
According to the Director, one of the greatest strategic challenges is “providing timely, actionable 3
warning of cyber threats and incidents, such as identifying past or present security breaches.”18 Threats 4
to critical infrastructure continue from various entities including nation states, terrorist networks, 5
organized crime organizations and individuals. Corporate networks, business systems, and critical 6
infrastructure also may be threatened by insiders within the business environment itself. 7
Cybersecurity is critical to the reliability and resiliency of the nation’s electric grid, and 8
equally, to SCE’s electric grid. This is particularly important since the electric grid is arguably the most 9
complex and critical infrastructure that various business sectors depend upon to deliver essential 10
on the grid for essential services (e.g., voice communications, commerce) are driving the interest. 23
More agencies are being formed to focus on cyber threats, (e.g., Office of Energy 24
Infrastructure Security), and more cyber focus in existing agencies is evident (e.g., National 25
Infrastructure Advisory Council and National Association of Regulatory Utility Commissioners). Any 26
significant new events will likely foster emergency action including legislation. 27
SCE views cyber attacks as a matter of national security and has long been a 28
proponent of legislative reform that supports a secure cyber environment. The White House, with a 29
22 See workpaper entitled “Senate Bill No. 1386,” September 26, 2002.
23 See workpaper entitled “U.S. Eyes Pushback On China Hacking.”
16
Presidential Executive Order on Cybersecurity, clearly demonstrated its belief that cyber attacks are a 1
threat to national security and gave the Department of Homeland Security broad authority to unify the 2
fragmented approach that exists across the nation today.24 In addition, the California Public Utilities 3
Commission issued a white paper expressing its concern over cybersecurity and the distribution 4
network,25 and is contemplating an Order Instituting Rulemaking (OIR). The ever-increasing cyber 5
threats faced by the nation and SCE will likely lead to increased levels of regulation and legislation, 6
increasing the need for collaboration with business partners and external entities.26 7
SCE’s approach is to plan and act early. SCE needs to do this with sufficient 8
comprehensiveness to respond proactively to changing regulations, ensure compliance, allow for risk 9
mitigation, and maintain the trust of the public, regulators, and customers. Legislation and regulations 10
can necessitate accelerated action, with deadlines which may be expensive and more difficult to meet. 11
Moreover, new threats may surface (e.g., zero-day threats) which can drive mandates that require SCE 12
to react and respond very quickly. Cyber legislation and regulation can affect every aspect of SCE 13
business and technology. 14
Based on legislation and regulations already drafted, and the discussions 15
underway in the legislative and regulatory arenas, action is expected to be required in three to five years 16
in the following areas: 17
Cybersecurity and critical infrastructure protection: Past bills (112th session) 18
focus on information sharing and critical infrastructure regulations, private 19
and public partnerships, cost recovery, protection from civil liability in 20
handling government-issued information, and emergency authority. With the 21
White House Presidential Policy Directive/PPD-21 on Critical Infrastructure 22
Security and Resilience,27 and the Executive Order – Improving Critical 23
Infrastructure Cybersecurity,28 both released on February 12, 2013, the 24
executive branch is adjusting its approach to cybersecurity. The approach is 25
24 See workpaper entitled “Executive Order – Improving Critical Infrastructure Cybersecurity,” February 12, 2013.
25 See workpaper entitled “Cybersecurity and the Evolving Role of State Regulation,” State of California, September 19, 2012.
26 External entities include: the White House; Congress; federal agencies and national standards bodies (e.g., NRC, NEI, DOE, FERC/NERC, DOD, DHS, NAESB, NIST); and state government agencies (e.g., CPUC, CEC)
27 See workpaper entitled “Presidential Policy Directive PPD-21,” February 12, 2013.
28 See workpaper entitled “Executive Order – Improving Critical Infrastructure Cybersecurity,” February 12, 2013.
17
causing a need for realignment in policy and jurisdiction among federal 1
agencies, as well as changes across critical infrastructure industries. 2
Data Privacy: Data privacy legislation has been proposed at the federal and 3
state levels, and through the CPUC via an Order Instituting Rulemaking 4
(OIR). State data privacy laws vary among states. Federal legislation lags in 5
this area because data privacy has been coupled with other concerns. 6
More specifically, the following activities are likely to come to fruition and could 7
require very complex solutions: 8
Intelligence gathering and information sharing capabilities with private and 9
public organizations 10
Privacy bills require data protection controls as well as notification processes 11
when personal information is breached or exposed (e.g., California SB 1386, 12
Section 2(b)).29 13
Electromagnetic pulse (EMP) and geomagnetic disturbance (GMD) threats 14
that particularly impact cybersecurity and business recovery 15
Project Kaleidoscope capability for monitoring network activities for a 16
targeted geographic area 17
Smart Grid NISTIR guidelines have potential for being adopted and becoming 18
mandates 19
History has shown that new mandates can be very disruptive (e.g., NERC CIP). 20
Proactive planning and action is being taken now to address foreseeable mandates, enabling potentially 21
less expensive solutions. 22
29 See workpaper entitled “Senate Bill No. 1386,” September 26, 2002.
18
3. Recorded and Forecast Expenditures 1
a) Perimeter Defense Expenditures 2
Table II-2 Perimeter Defense Expenditures
(Nominal $000)
Recorded Costs (2015 case)2008 2009 2010 2011 2012
$478.9 $3,029.4 $3,639.7 $4,037.8 $7,063.1
For 2010, expenditures covered the following activities: 3
Implementation of new firewalls to protect critical computing infrastructure 4
Initiation of SSL/VPN project to enhance remote access security 5
Implementation of enhanced web security controls which included new 6
monitoring and network web proxy technology 7
For 2011, expenditures covered the following activities: 8
Completion of SSL/VPN implementation to enhance remote access security 9
Replacement/upgrades of web firewalls protecting SCE’s external public 10
internet access 11
Implementation of security appliances required to support internal web 12
applications 13
For 2012, expenditures covered the following activities: 14
Implementation of network security vulnerability testing technology 15
Acquisition and initial implementation of technology to strengthen user access 16
controls 17
Acquisition and implementation of technology to protect SCE from new and 18
more advanced security threats. 19
19
Table II-3 Capital Cost Forecast
(Nominal $000)
$6,519.0 $5,508.0 $5,673.0 $4,949.0 $5,000.0
Capital Cost Forecast (2015 case)
2013 2014 2015 2016 2017
The Perimeter Defense project costs shown in Table II-3 (also see estimate 1
summary workpaper)30 contains cost estimates and assumptions for forecast costs in 2013 through 2017. 2
Costs in 2013 and 2014 include hardware, software and labor costs related to enhancing Perimeter 3
Defense security. This includes the installation and consolidation of technologies, enabling of necessary 4
activity logging capabilities, and development of integration with a unified security monitoring 5
capability. 6
SCE uses a standard methodology to forecast capitalized expenditures for most 7
new capital projects and refreshes of existing applications as discussed in the testimony SCE-05, Vol. 1 8
entitled “IT-Overview, O&M and Capital”, page 6. In order to forecast projects in 2015 through 2017, a 9
combination of publicly available quotes and direct vendor quotes was used. Firms selected are 10
identified industry leaders who provide solutions that will meet the business requirements for SCE’s 11
Perimeter Defense project. Costs obtained provide the basis for the cost forecast. In order to provide 12
the best forecast, where possible, projects are broken into components and when available, price quotes 13
have been requested to substantiate each of the components. 14
Virtual Private Network (VPN) is a security control allowing SCE to better 15
manage secure remote access to internal business systems. The costs represented are based upon 16
internal recorded costs as well as publicly available quotes and reflect the need to expand this capability 17
to better support our mobile workforce.31 18
To provide increased security in support of the business drivers as outlined in the 19
business requirements, SCE must remain diligent in maintaining Advanced Persistent Threat (APT) 20
protection. The costs represent the acquisition of network appliances.32 Based upon the anticipated 21
30 See workpaper entitled “Perimeter Defense Cost Breakdown.”
31 See workpaper entitled “Purchase Order, Dyn Tek Services.”
32 See workpaper entitled “Scanner Quote.”
20
requirements, three network appliances will be required in 2015 with an additional four network 1
appliances in 2016. 2
Firewalls are the first layer of defense on networks and control access to protected 3
business networks. Estimated costs were obtained via a publicly available quote from a leader in the 4
network security industry.33 The costs were obtained to help estimate reasonable project costs. The 5
costs represent the acquisition of two firewalls in 2015, six additional firewalls in 2016, and an 6
additional six in 2017. 7
For the grid control network, expansion of the intrusion detection and prevention 8
systems will begin in 2015 and complete in 2016. This expansion for control center and substations is 9
needed to introduce additional sensor points in the network that will enable more sensitive detection of 10
cyber threats. 11
Security log collection and analysis is a key capability for SCE to achieve its 12
objective of unified cybersecurity monitoring. In 2017, SCE will upgrade the current technology used 13
for log collection and analysis due to technology obsolescence. The cost represented is based upon 14
internal recorded costs for existing technology acquisition. 15
b) Interior Defense Expenditures 16
Table II-4 Recorded Costs (Nominal $000)
Recorded Costs (2015 case)2008 2009 2010 2011 2012
$3,389.0 $5,988.5 $5,740.2 $8,203.5 $3,925.9
For 2010, expenditures covered the following activities: 17
Implementation of a security key management system to support encryption 18
certificates utilized on SCE’s internal business network 19
Initial phase of activity to improve UNIX operating system user access 20
controls by externalizing UNIX access management 21
Initial phase of implementation of newer generation network access controls 22
to address security threats relating to non-SCE devices attempting 23
unauthorized access to the internal business network 24
33 See workpaper entitled “Firewall Quote.”
21
Implementation of a newer generation intrusion prevention system to protect 1
against software-based security threats 2
Enhancements to Identity and Access Management capabilities 3
For 2011, expenditures covered the following activities: 4
Upgrade of the Identity and Access Management system due to technology 5
obsolescence 6
Continuation of activity to improve UNIX operating system user access 7
controls by externalizing UNIX access management 8
Implementation of new generation network access control technology 9
Implementation of upgraded wireless network controls 10
For 2012, expenditures covered the following activities: 11
Completion of technology upgrade to the Identity and Access Management 12
system 13
Continuation of implementation of system to improve UNIX user access 14
controls 15
Expansion of network access control technology implementation 16
Acquisition and implementation of technology required to secure access to 17
business systems by individuals with elevated access rights 18
Table II-5 Capital Cost Forecast
(Nominal $000)
$9,529.0
Capital Cost Forecast (2015 case)
2013 2014
$9,345.0 $3,220.0
2015
$9,036.0
2016
$7,729.0
2017
Costs associated with the Interior Defense project34 are attributed to planning, 19
construction and implementation of solutions to strengthen controls for identity management and access 20
management. This will include enhancements to key identity and access management components as 21
well as establishing a unified cybersecurity monitoring capability. This is part of a long term strategy to 22
34 See workpaper entitled “Interior Defense Cost Breakdown.”
22
continually ensure that only authorized individuals and devices have access to the SCE business systems 1
and data, and to continuously monitor for malicious activity that may occur. 2
In order to develop accurate forecasts for planned projects in 2015-2017, costs 3
were obtained from vendors with extensive experience in IT Security, from publicly available quotes, 4
and, where possible, from internal costs as identified within previous efforts. SCE uses a standard 5
methodology to forecast capitalized expenditures for most new capital projects and refreshes of existing 6
applications as discussed in Chapter I, Section E of this Volume. A summary of forecast costs based on 7
the estimates is described below. 8
The Active Directory infrastructure is a key component of SCE’s identity and 9
access management security controls. As stated in the Business Requirements section, SCE’s business 10
environment is evolving and security controls must be strengthened to support new business demands. 11
SCE will be expanding the Active Directory infrastructure and implementing security tools to manage 12
and monitor activity within this infrastructure. Expansion will include extending the internal Active 13
Directory infrastructure to support externally hosted business systems. This will require implementation 14
of integration technology allowing multiple Active Directory infrastructures to behave as a single 15
directory. The integration capability is required to enable SCE to maintain single user information and 16
associated access privileges across multiple environments. Implementing this capability will also 17
require enhancements to monitoring capabilities and security precautions to protect this highly critical 18
function. 19
Cybersecurity tools will improve visibility into network and server activity, and 20
will also enable monitoring of newer, more advanced threats. Information collected by these tools will 21
be retained within a central information repository to be used in support of a unified security monitoring 22
capability. The technologies to be implemented will include: 23
Security analytics technology 24
Vulnerability assessment technology 25
Anti-virus technology to support a virtualized environment 26
Security policy compliance monitoring and enforcement. 27
Expenditures for next generation firewalls in 2015 for Interior Defense address 28
the need to replace existing firewalls with next generation technology.35 This implementation will 29
35 See workpaper entitled “Firewall Quote.”
23
complement the Perimeter Defense implementation. Firewalls are utilized both on the perimeter and in 1
the interior network, with firewalls at the perimeter normally being more restrictive in relation to access 2
controls. 3
For the grid control network, implementation of new firewalls and gateways will 4
begin in 2015 and continue in 2016, and will be completed in 2017. This upgrade is required to add 5
needed protection to substation systems to mitigate the risk of a man-in-the middle attack, whereby a 6
communication between two systems is intercepted by an intruder. 7
For 2015 through 2017, SCE will be implementing an upgraded identity and 8
access management technology. New communication, collaboration and consumer technologies in the 9
business environment are transforming the way we work. Use of smart phones, social media, and cloud 10
computing in the workplace raise complex identity and access management challenges to security 11
controls relating to validation of user and device identities and controlling access to business systems. 12
This makes it imperative that SCE’s identity solutions are standardized inside and 13
outside of SCE’s business network. Imagine if electric plugs didn’t operate the same at work as at 14
home. A business environment without common secure identity processes across the extended business 15
network introduces many risks and inefficiencies. 16
In response to these challenges, SCE will implement a newer generation of 17
Identity and Access Management capabilities which will include biometrics,36 securing identity and 18
access controls in externally hosted systems (business systems in the cloud), expanding support for use 19
of personal devices for access to business systems and information, and integration of the Identity and 20
Access Management capability into SCE’s unified cybersecurity monitoring capability. 21
c) Data Protection Expenditures 22
Table II-6 Recorded Costs (Nominal $000)
Recorded Costs (2015 case)2008 2009 2010 2011 2012
$847.2 $3,886.7 $1,383.6 $3,638.9 $437.3
For 2010, expenditures covered the following activities: 23
36 See workpaper entitled “The Role Of Biometrics In Enterprise Security,” by Catherine J. Tilton, Dell Power Solutions,
February 2006.
24
Initial acquisition and implementation of technology to support data loss 1
protection 2
Initial acquisition of technology to encrypt data files on laptops and desktops 3
Acquisition and implementation of technology to protect against viruses and 4
malware on desktops and laptops 5
For 2011, expenditures covered the following activities: 6
Acquisition and expanded implementation of technology to enhance data loss 7
protection 8
Acquisition and expanded implementation of technology to encrypt data files 9
residing on laptops and desktops 10
For 2012, expenditures covered the following activities: 11
Expanded implementation of technology to enhance data loss protection. 12
Table II-7 Capital Cost Forecast
(Nominal $000)
Capital Cost Forecast (2015 case)
2013 2014 2015 2016 2017
$4,092.0 $6,272.0 $5,150.0 $6,213.0 $3,777.0
Costs associated with the Data Protection project37 are attributed to planning, 13
construction, and implementation of solutions related to strengthening SCE’s ability to protect access to 14
business information and protect critical business information from being compromised. To accomplish 15
this objective, SCE will: 16
Implement technology to protect business information that resides on personal 17
devices, mobile devices and externally hosted systems 18
Implement technology to prevent business information from being copied to 19
personal removable media 20
Implement technology to discover business information residing across the 21
business network in order to implement appropriate access controls. 22
37 See workpaper entitled “Data Protection Cost Breakdown.”
25
This is part of a long-term strategy to limit access to SCE business information to 1
authorized individuals and prevent that information from being transferred outside of the business 2
network by unauthorized individuals and channels. 3
In order to forecast project costs for 2015-2017, published costs were obtained 4
from vendors with extensive experience in IT security. SCE uses a standard methodology to forecast 5
capitalized expenditures for most new capital projects and refreshes of existing applications as described 6
in Chapter I, Section E of this Volume. When SCE initiates specific project activities as described 7
below, the competitive bidding process will be initiated to ensure the most cost-effective solution is 8
selected using a request for proposal (RFP). Outlined below is a summary of forecast costs based on the 9
cost estimates.38 10
In 2015 SCE will replace the existing anti-virus technology with newer and more 11
advanced anti-virus technology. This change is not merely an upgrade to new technology, but is needed 12
to replace software which will have reached both vendor and technology obsolescence39 and will help 13
ensure threats introduced by new consumer platforms do not introduce malicious technology on SCE’s 14
business network. 15
In 2015 SCE will also expand technology needed to enable secure remote access 16
to business information. As SCE’s workforce continues to become more mobile, the need is expanding 17
for secure remote access to support personnel utilizing company-issued devices as well as personal 18
devices. This will be accomplished through expansion of SCE’s SSL/VPN technology. Expansion will 19
require additional SSL/VPN appliances, expansion of user directory capacity and expansion of 20
application virtualization. The cost estimate is based upon SCE’s prior acquisition and implementation 21
costs for SSL/VPN technology.40 A competitive bidding process will be followed when the project is 22
initiated to help ensure the most cost-effective solution is selected. 23
From 2015 through 2017, SCE will be implementing technology to manage ports 24
(physical connectors/plugs) on mobile devices that allow connection with external storage devices. This 25
technology is required to ensure business information accessed by user devices is not lost through the 26
ability to copy this information to external storage devices such as memory sticks or disk drives. 27
38 See workpapers entitled “Greenlight Internet Quote,” “Purchase Order, Zones, Inc.,” “Purchase Order, Accuvant, Inc.,”
“Purchase Order, Dyn Tek Services.”
39 See Chapter 1, Section B and Section F of this Volume for further discussion about technology obsolescence and vendor obsolescence.
40 See workpaper entitled “Purchase Order, Dyn Tek Services.”
26
From 2015 through 2017, a significant investment will be required to implement 1
technology to identify locations where business information is stored, determine information criticality 2
and manage access to this information. These locations can reside internally on SCE’s business network 3
or at external locations such as externally hosted systems. To accomplish this goal, SCE will be 4
implementing data asset discovery technology. 5
For the grid control network, two major efforts are planned for the 2016-2017 6
timeframe. First, we will upgrade the Security Information and Event Management (SIEM) software. 7
This effort is needed because the existing SIEM product is reaching the end of its life, and some desired 8
new functionality (e.g., Compliance Manager) is only supported on newer versions of the software. 9
Second, the anti-virus software will be replaced, since the current anti-virus software is nearing 10
obsolescence.41 It is critical to maintain the latest anti-virus solution to adequately protect the grid 11
control network from the latest brand of malware attacks. 12
d) Common Cybersecurity Services (CCS) Expenditures 13
Table II-8 Recorded Costs (Nominal $000)
$0.0 $0.0 $0.0 $0.0 $6,860.0
Recorded Costs (2015 case)2008 2009 2010 2011 2012
For 2012, expenditures covered the following activities: 14
Completed Common Cybersecurity Services (CCS) Phase 2 Factory 15
Acceptance Test 16
Completed testing at vendor site 17
Completed Installation of CCS product (server and clients) in the SCE test 18
environment 19
41 See McAfee Product & Technology Support Lifecycle vendor support website for product end-of-life information
available at http://www.mcafee.com/us/support/support-eol-siem.aspx (Last visited July 1, 2013).
27
Table II-9 Project Capital Cost Forecast
(Nominal $000)
$8,680.0
Capital Cost Forecast (2015 case)
2013 2014
$9,900.0 $5,339.3
2015
$8,232.0
2016
$8,459.0
2017
On the Common Cybersecurity Services (CCS) development plan for 2015-2017, 1
the following activities are of strategic importance and will be carried out:42 2
Roll-out CCS to substations in synchronization with the roll-out of Substation 3
Automation Phase 3, Centralized Remedial Action Scheme (CRAS) and 4
Phasor programs 5
Implement CCS to secure the Energy Management System SCADA 6
(supervisory control and data acquisition), back-office application, network 7
components, and field components 8
Implement CCS client on field area network devices, including but not limited 9
to Netcomm radio security upgrades. 10
Refresh CCS central services servers in 2017 11
e) Solutions for Emerging Legislative Mandates Expenditures 12
Table II-10 Recorded Costs (Nominal $000)
Recorded Costs (2015 case) 2008 2009 2010 2011 2012
NA NA NA NA NA
42 See workpaper entitled “Common Cybersecurity Services (CCS).”
28
Table II-11 Project Capital Costs Forecast
(Nominal $000)
$6,000.0
Capital Cost Forecast (2015 case)
2013 2014
$0.0 $0.0
2015
$6,000.0
2016
$6,000.0
2017
The cost forecast above is based upon estimates for implementing technology and 1
capabilities that emerging legislation will likely require. The California Public Utilities Commission 2
(CPUC) and the White House, through Presidential Policy Directive 21 (PPD-21), have begun to define 3
the areas of proposed legislation for reliable national critical infrastructure protection and reliable energy 4
delivery to individuals, industry and emergency services. 5
In order to forecast43 for these emerging legislative mandates, SCE reviewed past 6
costs incurred for similar efforts, such as NERC CIP, which involved the implementation of cyber 7
standards. This forecast includes hardware, software, and labor costs relating to implementation of 8
systems and enhancements we anticipate will be required to meet emerging compliance requirements. 9
The goal of this project is for SCE to comply with emerging requirements in a 10
timely, cost effective manner. For 2015 through 2017, we anticipate the following strategic capabilities 11
will be needed to address the foreseeable legal and regulatory mandates: 12
Secure exchange of security incident data with service providers, in and out of 13
the energy sector, and with federal and state agencies. This will require 14
secure network connections and a high level of data protection due to the 15
confidential and critical nature of the information transmitted. 16
Isolated and secure information repository where security incident information 17
is tightly protected due to the critical nature and confidentiality of the 18
information. 19
Monitoring for critical assets and subsequent alerting to provide an enhanced 20
level of situational awareness. 21
Enhanced vulnerability assessment capabilities to allow for proactive 22
remediation of vulnerabilities to minimize threats to critical assets. 23
43 Our forecast is based on our historical annual expenditures required to address the NERC CIP mandate.
29
Enhanced forensics and security analytics to identify questionable activity and 1
allow for more timely remedial action. This will address insider threats and 2
unauthorized access initiated by various devices and individuals. 3
4. Analysis 4
a) Alternatives Considered 5
One potential alternative is to allow each SCE Operating Unit and project to 6
select and implement individual cybersecurity solutions. This would be the most basic approach. If 7
adopted, information security cohesion across the enterprise would be lost. This would result in 8
disparate information security solutions being implemented that may not be compatible. In addition, 9
dissemination of security alerts would become difficult to perform, causing timeliness of mitigation to 10
be reduced. This would result in excessive exposure to critical risks. Based upon internal experience 11
integrating disparate technologies, this approach is likely to result in higher implementation and 12
operating cost and will increase exposure to non-compliance with regulatory mandates. Fines for non-13
compliance with regulatory mandates vary depending upon severity and can reach up to $1million per 14
day, depending on the situation and SCE’s ability to rapidly respond to implementation of remedial 15
actions.44 16
Another alternative is to simply maintain the existing information security 17
technology and defer new investments to a later date. This approach would make SCE highly 18
vulnerable to cyber attacks, since our defenses could over time be penetrated by attackers. This could 19
result in potentially high levels of business disruption while remedial efforts are executed. SCE would 20
be placed in a continuously reactive state when cyber attacks occur, expending significant resources 21
first, to identify and block unauthorized access, and second, to restore business operations and recover 22
damaged business information. 23
The third alternative is the approach described in the foregoing testimony. By 24
proactively managing cybersecurity from a central environment, SCE will benefit from a common 25
cybersecurity function that is capable of protecting the entire organization. 26
5. Conclusion 27
SCE has seen increases in use of externally hosted business systems, personnel mobility 28
and the use of remote access to SCE’s business information. The continuing dependence on the Internet 29
44 See workpaper entitled “Sanction Guidelines,” Section 3.21, North American Electric Reliability Corporation, Appendix
4B, p. 9, January 31, 2012.
30
for accessing both internal and externally hosted business systems demands that SCE maintain a robust 1
Identity and Access Management capability to help ensure a secure and trusted environment to support 2
the changing business environment. 3
As SCE continues to move away from a single centralized network, the traditional 4
approach for cybersecurity is no longer sufficient. Newer cybersecurity technologies are needed to 5
address the rapidly growing sophistication of threats to our business systems and associated data, and to 6
help ensure systems utilized to manage delivery of power to our customers are also properly protected. 7
Implementing technology for cybersecurity protection and controls is only a portion of 8
the challenge facing SCE’s cybersecurity capability. To confirm that the controls implemented are 9
working, SCE needs to establish a robust unified monitoring capability. This capability will allow SCE 10
to collect cybersecurity information from across the business network and externally hosted 11
environments and establish a central point where the information will be analyzed. Due to the large 12
volume of data and the need for timely identification of potential threats, this unified monitoring 13
capability will utilize information analysis technology. 14
In the area of critical infrastructure, the proposed defense-in-depth strategy will increase 15
end-point and cyber asset security in grid control centers and substations through new and improved 16
controls which are integrated with existing controls. 17
The consequence of not moving in the planned direction will be a fragmented, more 18
complex set of cybersecurity controls and technologies, which will not effectively protect against the 19
evolving threat landscape. The growing sophistication of new threats is rapidly outpacing the capability 20
of current tools and technologies to defend against them. Without new technology, it will be necessary 21
to apply additional human resources to manual monitoring activities due to the limited ability of current 22
technology to perform automated monitoring. This will increase the administrative overhead of 23
manually monitoring for unauthorized access to SCE networks. It may also expose SCE to non-24
compliance with regulatory mandates to protect the confidentiality, integrity, and auditability of critical 25
business information, in the event that a security breach occurs. 26
C. SONGS Cybersecurity 27
1. Background 28
SONGS is operating in a challenging business environment, a rapidly evolving threat 29
environment, and an active regulatory environment. The need for additional cybersecurity measures 30
will be re-examined when SCE has formulated a detailed plan for plant decommissioning. Until all 31
31
systems are off-line, we will continue to address current and potential threats to the SONGS systems as 1
well as the need for additional cybersecurity measures during the shutdown period. 2
In February 2012, SONGS was one of the first nuclear power plants to undergo an NRC 3
Inspection of the plant’s Cyber Security Program. The NRC required nuclear power plants to add 4
specific provisions within their licenses to demonstrate their commitment to cybersecurity. 5
As a result of the inspection, SONGS is required to remediate any issues identified in the 6
inspection as well as advance the plant’s Cyber Security Program. In 2015 SONGS will be re-inspected 7
to validate that the improvement areas identified are remediated and the SONGS Cyber Security 8
Program is integrated into the plant’s operations. Further, the NRC will include cybersecurity 9
inspections on its inspection schedule and will return to inspect the program on a regular basis.45 10
The major Internet security companies all report that targeted cyber attacks and suspected 11
state-sponsored cyber attacks are increasing. As a part of the critical infrastructure, SCE, and by 12
extension SONGS, will be a focus of such efforts. 13
SONGS and the nuclear industry are integrating operating experiences from other plants 14
to improve the effectiveness of the SONGS Cyber Security Program to address issues such as portable 15
media, aging equipment, and other cybersecurity issues. 16
2. Business Requirements 17
SONGS strategic objectives are to deliver electricity safely and securely to our 18
communities and maintain a high level of emergency preparedness. As a high profile nuclear power 19
plant with 8.4 million people (2010 Census Data) living within 50 miles of the plant, SONGS must 20
maintain a high level of security to its digital systems to achieve these objectives. 21
The SONGS Cyber Security Program vision is to achieve excellence by leveraging SCE’s 22
existing cybersecurity assets and licensing agreements, while addressing cyber issues specific to the 23
plant. The 2015 GRC will further integrate the SONGS Cyber Security Program into the SCE Corporate 24
Cybersecurity Program46 providing a unified security program where resources are leveraged as 25
appropriate. 26
Further, SONGS-specific cyber issues will also be addressed to increase the overall 27
security posture of SONGS. These specific issues include addressing improvement areas found during 28
45 See workpaper entitled “SONGS Critical Digital Asset (CDA) Remediation” for more information on SONGS CDA
Remediation project.
46 See SCE-05, Vol. 01, Chapter II, Section D on Cybersecurity & IT Compliance.
32
the 2012 NRC inspections, and the continuing assessment of Critical Digital Assets (CDAs) under the 1
plant’s Cyber Security Program. Further, the plant’s Cyber Security Program will help drive projects to 2
lower SONGS’ risk profile by implementing plant-specific technologies and remediating risks (e.g., data 3
diode updates). 4
3. Recorded and Forecast Expenditures 5
Table II-12 Recorded Costs (Nominal $000)
Recorded Costs (2015 case) 2008 2009 2010 2011 2012
NA NA NA NA NA
Table II-13 Capital Cost Forecast
(Nominal $000)
$2,500.0
Capital Cost Forecast (2015 case)
2013 2014
$0.0 $0.0
2015
$2,500.0
2016
$2,500.0
2017
CDA Cyber Security Enhancements – Projecting the results of the Cyber Security 6
Assessments performed under the SONGS Cyber Security Program, projects will need to be initiated to 7
remediate any issues identified in the assessments.47 8
Cybersecurity Alignment – Projects in this category include: 9
Replace SONGS Network Intrusion Detection System (IDS) 10
Re-assess data diodes (one-way security appliances used to support SONGS safety 11
functions) 12
Build new mobile media security capabilities 13
Secure ports and network access controls, to prevent unauthorized devices within the 14
secure area from connecting to the network 15
47 See workpaper entitled “Forecast Expenditures for SONGS Cybersecurity” for detail on costs.
access controls, shared and privileged account controls, and BES information access controls.55 17
CIP Version 5 includes language requiring implementation of a Continuous Improvement 18
concept.56 In an expert’s opinion, this means “that there must not only be security, but mechanisms in 19
place to ensure that security be maintained” over time.57 To sustain security over time, processes and 20
other mechanisms will be needed for continuous security performance monitoring, which requires 21
detecting, analyzing, and reporting deficiencies; planning and implementing effective remedies; and 22
auditing the effectiveness of the remedies or corrections. Because CIP Version 5 strives to address the 23
52 2012 FERC LEXIS 2245.
53 See workpaper entitled “Definition of Bulk Electric System,” Federal Energy Regulatory Commission (FERC) Reliability Standards Glossary of Terms, 2012.
54 NERC submitted CIP Version 5 to FERC for regulatory approval on January 31, 2013.
55 See workpaper entitled “Secure Interactive Remote Access,” North American Electric Reliability Corporation, November 2010.
56 See workpaper entitled “A Focus on Correcting Deficiencies,” North American Electric Reliability Corporation, Industry Webinar (1 of 2) for Version 5 CIP Standards – Project 2008-06 Cyber Security Order 706, September 11, 2012.
57 See workpaper entitled “Self-Correcting Cyber Policies,” by Stephen Flanagan, December 2012
36
balance of FERC Order 706 directives, the number and type of assets covered in the project scope driven 1
by Version 5 will be broad and deep, with additional processes and controls.58 The number of facilities 2
and assets in-scope for compliance is estimated to be nine to ten times compared to that of Version 4.59 3
The White House, Congress, and state governments are increasingly focused on 4
cybersecurity. Coupled with the concern that coordinated physical and cybersecurity attacks may have a 5
nationwide impact, it is reasonable to anticipate that the evolving and increasingly sophisticated 6
cybersecurity threats will compel further development and expansion of the NERC CIP standards 7
beyond CIP Version 5 during the 2015 GRC period.60 Based on regulatory history and our 8
understanding of standards implementation requirements, we believe existing cybersecurity tools and 9
processes will need to be upgraded, replaced, and expanded. 10
3. Request Summary 11
SCE will require additional capital funding to meet and sustain compliance with the 12
increasing scope of NERC CIP regulations and mandates. To comply with the expanded requirements 13
of CIP Version 5 and the revised BES definition, SCE will need to implement additional technologies 14
and technical controls including: 15
Technical controls for BES information storage, transit, and use 16
Configuration monitoring, configuration change detection, logging, and unauthorized 17
configuration change alerting 18
Interactive remote access controls including remote desktop controls, encrypted 19
communication tunnels, proxy systems, malware prevention, and network access 20
quarantine 21
Remote access to role-based NERC CIP training for contractors, consultants, vendor 22
support personnel, and SCE employees in outlying service areas 23
Role-based training registration, tracking, compliance alerts, and reporting 24
58 2008 FERC LEXIS 145.
59 See workpaper entitled “Expected Impacts – Transmission.”
60 See workpapers entitled “Testimony of Gerry Cauley,” - President and Chief Executive Officer, North American Electric Reliability Corporation Before The Energy and Power Subcommittee of the House Energy and Commerce Committee Hearing on Discussion Draft Legislation to Improve Cybersecurity of the Electric Grid, May 31, 2011, and “Testimony of Joseph McClelland,” - Director, Office of Electric Reliability Federal Energy Regulatory Commission Before the Committee on Energy and Natural Resources, United States Senate, May 5, 2011.
37
Inbound and outbound traffic monitoring, logging, and security events alerting for 1
electronic security perimeters 2
Advanced access controls (e.g., biometrics) 3
Shared and privileged account management systems 4
Monitoring of physical access control systems, logging, and security events alerting 5
Secured and non-shared test systems for BES cyber systems 6
4. Business Requirements 7
a) Detailed NERC mandated Business Requirements 8
CIP Version 5 includes 10 standards: CIP-002-5 through CIP-011-1 (see table 9
below). In the published CIP versions, all of the CIP standards include specifications for Applicability, 10
Requirements, Measures of Compliance, Violation Risk Factors, Violation Severity Level, and 11
additionally in Version 5, there are specifications for Guidance and Technical Bases. 12
38
Table III-15 NERC CIP Standards Requirements
CIP 002 CIP 003 CIP 004 CIP 005 CIP 006
Cyber Systems Impact Rating
Security
Management Controls
Personnel and
Training
Electronic Security
Perimeters
Physical Security
Controls
Identify Cyber Systems/Assets
Identify High Impact
cyber assets
Identify Medium Impact cyber assets
Identify Low Impact
cyber assets
Annual Review
Annual Approval by CIP Senior Manager
High & Medium Impact Cyber
Security Policy
Low Impact Cyber Security Policy
Leadership
Identification
Delegation of leadership authority
Quarterly Awareness Training
Annual Role-based
Training
Personnel Risk Assessment
Access Authorization
Access Review
Access Revocation
Define Electronic Security Perimeter(s)
Define Electronic Security Access
Points
Access Controls to Cyber Assets
Interactive Remote
Access Controls
Physical Security Plan
Two or more Physical
Access Controls
Physical Access Monitoring, logging
& Alarms
Visitor Control Program
Access Control
Systems Testing & Maintenance
CIP 007 CIP 008 CIP 009 CIP 010 CIP 011
Systems Security
Controls
Incidents
Reporting & Response Planning
Recovery Plans For
Cyber Systems
Configuration
Management & Vulnerability Assessment
Information Protection
Physical & Logical Ports Protection
Security Code
Upgrades
Malicious code prevention
Access logging &
monitoring
Strong Access Authentication
Shared & Generic Access Accounts
Management
Identify, Classify, and Respond to Cyber Security Incidents
Report Cyber
Security Incidents to NERC
Cyber Security Response Team
Test Cyber Security
Response Plans Annually
Recovery Plans
Data for Recovery & Backups
Preserve Data for
Forensics
Test Recovery Plan(s) Annually
Manage Changes to Recovery Plans and
Team
Monitor & Manage Changes to Cyber Systems baseline
Configuration
Investigate Unauthorized
Changes to Baseline Configuration
Test Configuration
Changes
Assess Cyber Systems
Vulnerabilities Annually
Develop & Execute Remediation Plans
Identify Cyber Systems Information Requiring Protection
Protect & Securely
Handle Cyber Systems Information
including storage, transit, & use
Prevent Unauthorized
Retrieval of Information in Reuse or Disposal of Cyber
Systems
In contrast to CIP Version 3, which includes 8 standards, CIP-002-4 through CIP-1
009-4, CIP Version 5 has 2 additional standards: CIP-010-1 and CIP-011-1.61 CIP-010-1 mandates 2
additional, specific and stringent configuration management controls and processes, while CIP-011-1 3
61 See workpaper entitled “CIP-010-1 – Cyber Security and CIP-011-1 – Cyber Security – Information Protection,” 2012.
39
mandates additional and broad protection and secure handling of BES Cyber System Information, 1
including storage, transit, and use. CIP Version 5 requires the identification of BES assets to be 2
categorized into high, medium and low impact ratings for which appropriate controls will be applied as 3
specified by the detailed requirements in each standard. 4
CIP Version 5 includes the following major new requirements: 5
Delegation of authority from the CIP Senior Manager governing the 6
implementation and compliance of CIP standards shall be documented and 7
updated in a timely manner 8
Policies governing the implementation and compliance of the CIP 9
requirements shall correspond to the categorization ratings of the assets 10
Access (electronic and/or physical) will be provisioned only after meeting all 11
pre-requisites, e.g., personnel risk assessment, cyber security training and/or 12
role-based training, and authorization by designated resources 13
Periodic audit of authorization records vs. provisioned access in the BESs 14
Periodic audit of implemented access of all users accounts, user account 15
groups, or user role categories, and audit that their specific, associated 16
privileges are correct and are those that the company determines to be 17
necessary 18
Interactive remote access to BESs will need to be protected by intermediate 19
devices or proxy systems62 20
Inbound and outbound traffic permissions are required for network traffic 21
traversing through electronic access points 22
Two or more different physical access control methods are required for 23
high/medium impact rated BESs and associated assets 24
Inventory and manage default, shared, or privileged accounts, including 25
individuals who have authorized access, and enforce periodic password 26
changes 27
Implement and monitor baseline configuration; authorize, test, and verify 28
configuration changes prior to operational implementation 29
62 For the definition of “intermediate device,” see workpaper entitled “Secure Interactive Remote Access,” North American
Electric Reliability Corporation, November 2010.
40
Implement controls for the protection of BES system information including 1
storage, transit, and use. 2
b) Program Approach 3
The program will utilize cross functional teams from SCE’s Regulatory 4
Operations, Transmission & Distribution, Operations Support, Information Technology, Generation, and 5
Power Procurement Operating Units so the appropriate stakeholders, staffing resources, and 6
management are included in the compliance activities. All SCE personnel that support, maintain, or 7
manage the in-scope assets must be trained and adhere to the controls as mandated by NERC. 8
In addition, this program focuses on developing and implementing new or 9
enhanced business processes and systems as well as organizational roles and responsibilities to manage 10
and sustain NERC CIP compliance within SCE. 11
5. Recorded and Forecast Expenditures 12
Table III-16 Recorded Costs (Nominal $000)
Recorded Costs (2015 case)2008 2009 2010 2011 2012
$3,726.2 $2,787.6 $4,806.1 $7,242.2 $1,092.2
The recorded costs from 2010 to 2012 included the following projects: 13
NERC CIP Document Management Work Flow Project (2010-2011) – This project 14
implemented functions automating work flow for evidence generation, attestation, 15
storage, and audit preparation. ($ 4.89 million). 16
Total NERC CIP Capital 4,800 6,526 7,000 4,800 5,100
6. Conclusion 1
To date, SCE has been successful in keeping its NERC CIP cyber assets secure. We have 2
also effectively maintained compliance with the current NERC CIP standards. In 2012 SCE 3
successfully completed its first CIP audit with the Western Electricity Coordinating Council (WECC). 4
One lesson learned from this audit was the need to strengthen our shared and privileged accounts 5
management processes. Compliance with the new NERC CIP mandates (Revised Definition of BES and 6
CIP Version 5) will require us to further improve our organizational capabilities for the management of 7
shared and privileged accounts. This section requests approval for $28.2 million in total incremental 8
capital funding for the period 2013-2017. Due to the delays in regulatory proceedings we deferred a 9
major portion of our capital funding from the previous period (2010-2014) to this period (2013-2017).67 10
These funds will allow SCE to continue to develop, implement, and enhance its systems, tools, physical 11
and electronic security access controls, related business processes, policies, and training programs to 12
improve the management of SCE’s BES cyber systems and assets (currently known as critical cyber 13
67 Capital funding requested in the 2012 GRC for period 2010-2014 was $39.8 million. Recorded 2010-2012 capital costs
were $13.1 million compared to 2010-2012 forecast of $26.3 million, with a difference of ($13.2 million). This capital funding request for 2013-2017 is $28.2 million.
45
assets), and maintain compliance with the standards as mandated by FERC and NERC. Our estimates of 1
required work and costs are reasonable and are based on the best available information.68 2
Maintaining compliance with current and future NERC CIP standards is a critical part of 3
protecting the reliability of the Bulk Electric System. Non-compliance could result in significant fines 4
of up to $1,000,000 per incident per day,69 may compromise reliability and security of the 5
interconnected Bulk Electric System (designated by Department of Homeland Security as part of the 6
Energy Sector National Infrastructure), and loss of credibility with our federal and state regulators and 7
our customers. 8
68 For labor costs estimates we use a lower blended rate than the one we used for our past period ($90/hour for this period
as compared to $105/hour for the past period) due to efficiencies gained as more internal resources are now proficient with NERC CIP compliance and implementation.
69 See workpaper entitled “Sanction Guidelines,” Section 3.21, North American Electric Reliability Corporation, Appendix 4B, p. 9, January 31, 2012.
46
IV. 1
EXPANDED CAPABILITIES 2
A. Service Management System 3
1. Background 4
The Service Management System leverages a business view of IT services, enabling the 5
IT support organization to quickly resolve or escalate issues and problems, improve root cause isolation, 6
and provide higher levels of business user satisfaction. The Service Management System also helps to 7
establish the basis for effective IT service management by documenting the unique attributes of each 8
configuration item (CI) in the infrastructure, including applications. 9
2. Business Requirements 10
The technology for controlling configuration management is evolving rapidly in support 11
of more complex systems. Currently SCE has installed the product called HP Service Manager Version 12
7.10, which has several problems: 13
1. By the end of 2013, we will require a significant product upgrade or replacement to 14
enable supporting the maturity of IT business processes for enterprise change and 15
release management along with the underlying configuration management capability. 16
2. The HP product line does not support a detailed level of application discovery for 17
applications running on servers and mainframes located in SCE’s data centers. 18
3. The HP product lacks the automatic application discovery capability that is required 19
in our new data center when running 24X7 operations where the server environment 20
is changing due our capability to virtualize70 the server configurations. 21
After our initial application installation in 201171 using HP Service Manager Version 22
7.10, SCE planned on upgrading this version to the latest supported version by HP when it became 23
available. Also, the 24x7 operation of complex data centers located in Rosemead, Irvine and Alhambra 24
require maintaining the HP Service Management System on the vendor supported versions of the 25
product in order to ensure continued reliability. However, after further analysis, SCE determined that it 26
would be more cost effective and strategically beneficial to move away from the current HP product and 27
replace it with the industry leading integrated Service Management suite by BMC consisting of the 28
70 A virtualized server configuration provides an environment for a user to run several software-created “virtual” machines,
each with its own separate operating system, on a single hardware server.
71 The Configuration Management Database Project (CIT-00-DM-DM-000001) was forecast in the 2012 GRC.
47
products Remedy ITSM 8.0 and Atrium CMDB (Configuration Management Database).72 In addition, 1
the BMC products will bring all ITIL73 processes into one tool, simplify process integration and simplify 2
the use of the tool at SCE where many of the data center processes are based on ITIL. 3
The BMC products Remedy ITSM 8.0 and Atrium CMDB (Configuration Management 4
Database), which are integrated together by BMC, support a detailed level of application discovery for 5
applications running on servers and mainframes located in SCE’s data centers. This capability is 6
especially needed for discovering where at any moment the applications are being housed using our 7
virtualized server configurations. This information is needed for solving computer and application 8
problems and planning server maintenance. 9
3. Recorded and Forecast Expenditures 10
The table below illustrates the recorded and forecast expenditures for the Service 11
Management System. SCE recorded $2.11 million for the period 2008-2012 as depicted in the table 12
below. 13
Table IV-19 Service Management System Expenditures
(Nominal $000)
2008 2009 2010 2011 2012
$0.00 $0.00 $0.00 $0.00 $2,110.00
Recorded Cost (2015 Case)
a) Recorded Expenditures 14
In 2012 we spent $2.11million to purchase BMC’s Remedy ITSM 8.0 and Atrium 15
CMDB to replace the aging Service Management System, HP Service Manager Version 7.10, in order to 16
address the business requirements outlined above. The BMC products integrate various ITIL processes 17
using the configuration management database and discovery technology as the central repository of data 18
center asset information. This allows users an end-to-end view of all the technology assets, and the 19
workflow needed to support the assets, throughout their lifecycle. As such, the new Service 20
72 See workpaper entitled “Remedy ITSM 8.0 and Atrium CMDB ROI Analysis for Supporting ITIL Processes.”
73 The Information Technology Infrastructure Library (ITIL) is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business.
48
Management System will include the following capabilities from BMC, which also align with our work 1
practices: 2
Remedy Service Desk (Incident & Problem Management) 3
Subtotals for CC, CS and PS in SCE-05, Vol. 2, Part 1 87,754.8 73,094.0 68,998.8 100,567.5 90,700.0 421,115.1 Note: SCE has included several Customer Service capital software projects in the 2015 GRC revenue requirement that have been requested in other proceedings or were approved in earlier non-GRC Commission decisions. These projects are not included in the table above. Please refer to Workpapers SCE-05, Vol 02, Book D. pp 179A-179E.
77
B. Safety, Security & Compliance 1
1. Master Access Project 2
a) Background 3
The Safety Security and Compliance Operating Unit is requesting a total of $12.4 4
million in capital expenditures for a capitalized software project to enhance compliance tasks for the 5
current NERC CIP-004 Version 3 (CIP-004-3) standard and meet future compliance requirements 6
required under NERC CIP-004 Version 5 (CIP-004-5) standard by October 1, 2015.101 Standard CIP-7
004 pertains to the management of electronic and physical access and mandatory, time bound 8
qualifications such as training and background checks.102 9
The Master Access Project (MAP) is intended to enable SCE’s compliance with 10
the upcoming CIP-004-5 pursuant to the established policy direction determined by SCE in alignment 11
with NERC reliability standards. MAP will implement: (1) an enterprise-wide master repository of 12
personnel data with access, specific access rights, training, and background check qualifications; and (2) 13
enforce common controls to enable SCE to meet mandatory compliance requirements of NERC standard 14
CIP-004. The master repository will include the storage of access authorizations, records of access 15
provisioning, de-provisioning, scheduled reviews, completion dates of qualifications such as training 16
and background checks, as well as other information required to prove compliance. Common controls 17
such as workflows to enable system administrators to complete access revocations in real-time within 18
mandated timeframes,103 track the status of qualifications, and apply mandated actions104 on 19
qualifications prior to the expiration of their validity will be implemented as a part of MAP. 20
102 Pursuant to NERC standard CIP-004-3, all person who have been granted access to SCE’s facilities and systems that have been determined to be in scope for the NERC CIP standards must meet certain prerequisites prior to being granted such access and must maintain these qualifications on an ongoing basis. Training courses must be completed in advance of being granted access and must be completed once a calendar year in order to maintain a valid qualification to retain access. In addition, a 7 year back ground check must be passed by all individuals prior to being granted such access, and the background check must be conducted every 7 years hence.
103 Pursuant to NERC standard CIP-004-3, access has to be removed within 24 hours when an individual with access to NERC facilities and systems is terminated for cause and within 7 calendar days when SCE determines that such access is no longer needed for reason other than a termination. Pursuant to NERC standard CIP-004-5, access revocation has to be completed within 24 hours or the end of the next calendar day under certain conditions.
104 Training has to be completed within 15 calendar months of prior completion and the background check has to be refreshed every 7 years. The MAP project will send reminders to affected personnel to complete these actions or will automatically take alternative action such as removal of access.
78
The project is divided in phases whereby the project planning, process blue print 1
work, and system design will be completed in 2013. Development, testing, and training will be 2
completed in 2014. The Master Access Project is scheduled to be implemented for a pilot group by June 3
2014. 4
b) Business Requirements 5
SCE’s NERC-related access management compliance has thus far been performed 6
by means of numerous stand-alone systems and manual processes. Further, the number of facilities in 7
scope for SCE’s Transmission and Distribution Operating Unit is expected to increase from 8
approximately 17 in 2013 to approximately 120 in 2015. While all these new facilities are not manned 9
by SCE personnel 24 hours a day, the number of personnel impacted by this substantial increase in 10
number of facilities is expected to grow. The management of multiple qualifications as well as access 11
revocation rules mandated in CIP-004-5 will render current methods to maintain compliance 12
unsustainable. SCE utilizes SAP as its Governance Risk and Compliance management system. The 13
MAP project is designed to bring these compliance tasks into the SAP Governance, Risk, and 14
Compliance management system. The systems and processes currently in use will be challenged 15
primarily due to: 16
Stricter regulations and near real-time capability demands of NERC: Access 17
revocations have to be performed immediately on multiple systems when 18
personnel with access to certain NERC impacted facilities or systems have 19
been separated from the company. 20
Inefficient current system design: Approximately 30 different data sources, 21
each requiring access to authorized personnel, results in incompatible 22
processes and manual tasks, which cause delays and limit our ability to scale. 23
The new changes with CIP-004-5 will further affect people, processes, and 24
technology, as described below. 25
People: SCE compliance personnel will have to apply the new controls 26
mandated in CIP-004-5. Support personnel across SCE responsible to 27
maintain training and background check records will have qualifications to 28
ensure compliance. System administrators responsible for the provisioning 29
and de-provisioning of NERC access will have to include workflows from 30
MAP into their tasks. Managers of personnel with NERC access will use this 31
79
system to actively manage and monitor tasks that will enable SCE to maintain 1
compliance. 2
Processes: Changes to compliance processes will result in new or modified 3
controls that will affect systems across SCE within the scope of the NERC 4
CIP standards. Areas impacted include the time it takes to revoke access to 5
NERC protected systems for terminated personnel, to automate the 6
provisioning of access for new and existing employees to NERC protected 7
systems, and to consolidate all NERC CIP personnel evidence (training and 8
access) into a single data repository. Moreover, having the consolidation of 9
access management will provide the capability to more frequently monitor 10
near real-time access to NERC CIP assets. In addition to MAP, SCE will 11
develop new or modified internal processes to leverage the efficiencies of the 12
new capabilities offered by MAP and comply with NERC CIP standards. 13
Technology: Changes to information systems include: (1) the consolidation 14
of access management functions into a single system; (2) automation of 15
physical and electronic access by provisioning/de-provisioning access to 16
NERC CIP source systems; (3) the ability to allow managers to initiate 17
revocation of access when needed; (4) near real-time integration between 18
Human Capital Management105 and access management that will provide the 19
latest personnel training information to access management; and (5) 20
integration with the Enterprise Compliance Management System (ECMS) for 21
controls monitoring and evidence collection. 22
c) Recorded and Forecast Expenditures 23
Funding needs for the MAP are expected to be $12.4 million.106 This forecast is 24
based on the internal IT application costing model and the details are available in the workpaper cited 25
above. The Master Access Project is underway in 2013 and is expected to be implemented for a pilot 26
group in June 2014 with the general roll out by January 2015. 27
105 Human Capital Management is an SAP module that tracks training, qualifications, and other personnel data.
106 See workpaper entitled “Forecast Expenditures Master Access Project.”
80
d) Conclusion 1
Implementing the MAP involves changes to the current system design and 2
business processes at SCE, as described above. This will allow SCE to automate processes, build a 3
centralized data repository, consolidate access management, and allow for real time automated 4
provisioning/de-provisioning to NERC CIP source systems. This will assure that SCE is in compliance 5
with CIP-004-5 in accordance with NERC standards. 6
spreadsheets. With respect to regulatory compliance matters, CRE manually monitors and tracks facility 25
permitting and building code requirements. These are highly labor-intensive and inefficient processes. 26
In order to manage SCE’s facility portfolio in a more productive and effective manner, CRE needs an 27
integrated work management system (IWMS) employing and consolidating accurate and current data 28
115 “Non-electric facilities” refers to all facilities that are not directly used in generating, transmitting, or distributing
electricity. Examples of non-electric facilities include business offices, warehouses, customer call centers, customer service centers, and computing centers.
90
and CAD drawings about SCE’s non-electric facility portfolio and equipment, workforce and 1
operational needs. IWMS would execute the following facility related functions: (1) Strategic Master 2
Planning; (2) Work Management; (3) Facility Asset Management; (4) Facility Condition Indexing; and 3
(5) Sustainability Review. IWMS will result in bi-directional integration with SAP Human Capital 4
Management (HCM) module to the existing CAFM system. 5
(1) Strategic Master Planning 6
In order to accurately align space optimization with SCE’s operating unit 7
needs, CRE requires IWMS to support Strategic Master Planning by providing detailed space inventory 8
information and related analysis functions. IWMS will allow CRE to more proactively manage growth 9
and consolidation by gaining the ability to: (a) develop program requirements based on department 10
inventories and space requirements, (b) summarize costs associated with changes in occupant headcount, 11
(c) develop a space requirements program for merged departments, (d) generate reports that graphically 12
document space usage trends by department, (e) reduce “churn” rate through proactive space planning, 13
(f) reveal gaps between business demands and space availability and (g) analyze best fit facility planning 14
scenarios. IWMS will also increase SCE’s ability to efficiently allocate space by: (a) implementing 15
space plans that will improve our organization’s operational effectiveness, (b) recording how much 16
space each employee or department should be allocated and creating potential layouts, (c) comparing 17
layouts using summary reports, (d) mapping space availability with forecasted future demand (by 18
headcount, equipment or on a project basis), (e) tracking overall inventory of space and current and 19
planned occupancy, (f) allocating costs according to specific business rules, (g) visually exploring space 20
planning scenarios with interactive supply and demand analysis, and (h) addressing facility modification 21
impacts (e.g., lease terminations and renewals, new facilities or demand-side actions such as headcount 22
reductions). 23
(2) Work Management 24
CRE is currently utilizing SAP Enterprise Asset Management (EAM) 25
notification process to capture, track, and dispatch maintenance tasks, and create work orders. Although 26
the process is a centralized, self-service portal, the form is not tailored to properly identify specific 27
maintenance or change requests. This results in a manual effort to translate a maintenance or change 28
request into a more detailed notification to implement the maintenance or change request. With IWMS, 29
CRE would be able to coordinate work schedules, resource allocation and cost assessments. IWMS 30
would allow for (a) automated dispatch of urgent maintenance or change requests to the appropriate 31
91
service provider or SCE personnel without the need for manual intervention, (b) identification of 1
available service and projected response and completion time, (c) creation and maintenance of damage 2
code selections that assigns requests based on need and required resources, (d) automated routing and 3
transmission of requests for required approvals, and (e) automated conversion of maintenance requests 4
into work orders through SAP ERP to capture costs and process of invoices. 5
(3) Facility Asset Management 6
CRE does not have an effective tool in place to track and manage 7
compliance requirements of facilities and facility equipment and systems and to maintain and utilize 8
facility equipment data such as historical maintenance and service activities, specifications, purchase 9
date, expected lifetime, warranty information, service contracts, and spare parts. IWMS would allow for 10
centralized monitoring of regulatory and other compliance requirements and automated alerts and 11
reminders (both to CRE and other responsible organizations within SCE) regarding compliance 12
activities needed to address those requirements. Implementation of IWMS would also manage 13
preventative maintenance programs for facility equipment by: (a) capturing and tracking facility 14
equipment details (including warranty information), (b) capturing and tracking work and cost history to 15
help maximize productivity and extend asset life, (c) monitoring asset and location conditions to enable 16
proactive, rather than reactive, maintenance that helps avoid unplanned downtime, (d) developing 17
preventative maintenance programs and corresponding maintenance work schedules, (e) automatically 18
creating maintenance notification and route for scheduled maintenance jobs. 19
(4) Facility Condition Index 20
CRE’s Facility Managers lack a tool to capture and track the operation, 21
condition and strategic value of SCE non-electric facilities and facility equipment. Having a common 22
repository of condition assessments will help evaluate the risks and financial impact of the condition of 23
our facility and equipment assets. This data can provide a comprehensive view of the necessary 24
maintenance items and associated costs across the facility portfolio. It can then serve as the basis for 25
CRE’s strategic facilities capital plan. With IWMS, Facility Managers could: (a) record and track key 26
information about facility equipment including state of repair, required maintenance, safety issues, and 27
adverse conditions, (b) create an objective, systematic framework for prioritizing work on buildings, 28
systems, and equipment, (c) rate how each asset performs in areas, such as life safety, regulatory 29
demands, and operational support, to objectively identify assets in need of immediate responsive action, 30
92
(d) utilize assessments to trigger corrective and preventive work orders and (e) generate multi-year 1
capital budgets based on corporate risk mitigation strategy and operational priorities. 2
(5) Sustainability 3
SCE’s energy efficiency goals require CRE to manage critical information 4
on energy performance or water usage of facilities, and sustainability projects like energy retrofits. CRE 5
needs the ability to collect and analyze critical workplace asset information that integrates energy 6
consumption and emission data and unearths opportunities for improved energy efficiency and energy 7
savings at the building level and across the facility portfolio. IWMS would allow CRE to accurately 8
measure the environmental impacts of SCE facilities and opportunities to improve environmental 9
performance. This system can integrate with other rating systems to calculate and score certification 10
credits and assess the environmental performance against internal and industry benchmarks to identify 11
underperforming facilities. 12
c) Recommended Approach 13
SCE plans to acquire a Commercial Off The Shelf (COTS) Integrated Work 14
Management software package, which integrates the various business needs and data as described in the 15
Business Requirements section above. In recent years, the commercial software industry has made 16
significant advances in the design and production of software packages designed for the management of 17
extensive corporate facility portfolios. These software packages integrate data from SAP ERP and other 18
systems and provide real estate specific functionality for the analysis, use and reporting of this data. 19
As described in greater detail above, IWMS would give CRE an critical tool to 20
assign and track facility and equipment needs by (a) integrating the SAP ERP functionality currently 21
utilized for maintenance requests and work orders, (b) supporting workflow routing, (c) providing 22
customized user interface to support corporate personnel changes and moves, (d) collecting and 23
reporting data contained in maintenance and change requests to better tackle staffing and preventative 24
maintenance needs, (e) ensuring data integration from various sources, and (f) providing an interactive 25
database housing information relating to SCE’s facilities and their major systems and equipment to 26
enable more productive and efficient facility asset management. IWMS also provides an automated 27
process to monitor and track regulatory requirements and records of compliance for those facilities and 28
facility equipment and systems. 29
93
d) Forecast Expenditures 1
Funding needs for IWMS are anticipated to be $3.36 million.116 This forecast is 2
based on the internal IT application costing model. The implementation of IWMS will require one year 3
(2014) during which the COTS IWMS package would be selected, acquired and installed, IWMS will 4
then be configured and integrated with SAP and other existing software, and the conversion of existing 5
data from multiple sources into the new system will be accomplished. 6
As of March 2013, CRE reduced its overall employee headcount by 42 FTEs due 7
in part to anticipated productivity benefits arising from proposed implementation of IWMS. Although 8
the number of CRE employees has decreased, the overall workload has not and is greatly burdened by 9
the lack of IWMS. As set forth in greater detail below, implementation of IWMS allows for retention of 10
certain cost savings associated with CRE’s reduction in force without the detrimental productivity loss 11
that would ordinarily result. 12
Planning: Strategic Master Planning over the past several years has relied on a 13
combination of FTEs and outside consultants whose master plans and survey-related services incur costs 14
in the hundreds of thousands of dollars. IWMS would allow this task to be performed with just FTE 15
resources and avoid costs associated with retention of outside consultants. Labor associated with 16
Annual Space verification surveys would also no longer be needed as our data would be housed in a 17
central database and maintained internally. IWMS would also greatly reduce the Planning cycle time for 18
employee moves since it would be automated through IWMS, instead of having to manually retrieved 19
the information from other systems. CRE estimates the planning-related cost savings to be 20
approximately $950,000 over 3 years reflected in CRE’s non-labor forecast and the aforementioned 21
CRE reductions in force. 22
Work Management: IWMS’s enhancements to CRE’s maintenance and change 23
request forms will reduce the time employees spend to manually enter the request by prefilling available 24
existing information that is pertinent to completing the form. CRE estimates work management related 25
cost savings of $520,000 over the next 3 years reflected in CRE’s reductions in force made in 26
anticipation of IWMS implementation. 27
Facilities Management: IWMS will enhance warranty tracking of equipment and 28
reduce unneeded payments tied to such equipment. CRE estimates a savings of $525,000 over the next 29
3 years. 30
116 See workpaper entitled “Forecast Expenditures Integrated Work Management System/CAD/CAFM Upgrade.”
94
Reporting: Regular, integrated reporting would be one of the greatest benefits 1
from IWMS. Currently, reporting of facility condition and compliance requirements are gathered from 2
multiple sources of data and is a highly labor intensive effort. CRE personnel time spent monitoring and 3
recording compliance with regulatory requirements and gathering and normalizing the facility condition 4
data taking them away from time needed for other important functions, including analysis of facility 5
condition data. IWMS would allow for the centralization of relevant data for specified reports and 6
establish automated and periodic outputs for methodical analysis. CRE estimates the reporting-related 7
efficiencies gained through IWMS would yield a savings of approximately $780,000 over the next 3 8
years reflected in CRE’s reductions in force made in anticipation of IWMS implementation. 9
Table VI-36 below summarizes SCE’s projected costs and benefits for IWMS 10
The company’s enterprise tool for managing “unstructured content” is the 10
Electronic Document Management and Records Management (eDMRM) system. Unstructured content 11
refers to documents (work-in-progress) and completed records that are not part of a structured database 12
and are created using office productivity products such as word processing or spreadsheet software. 13
Unstructured content includes all types of documents and records related to public safety, transmission 14
and distribution operations, engineering and construction documentation, equipment and apparatus 15
specifications, employee files, and customer billing. Trading, regulatory, and compliance records are 16
also considered part of unstructured content. Unstructured content includes file types such as MS Word, 17
MS Excel, “.pdf,” “.jpeg,” “.tiff,” “.awd,” and “.avi.” These file types are managed in eDMRM, with 18
appropriate indexing and security permissions assigned. 19
While day-to-day operations have become increasingly dependent on electronic 20
records and documents, the unstructured content lacks a pre-defined structure of information that allows 21
for effective search and retrieval. The documents and records do not contain, for example, metadata 22
tags to identify who the author is, what the version number is, or who has access privileges to the 23
document or record. Additionally, the unstructured content does not contain information that would 24
allow periodic deletion in accordance with a systematic Company-wide records retention policy. 25
Finally, the content lacks information that allows it to be linked to previous versions, and therefore lacks 26
a sound audit trail. 27
The lack of an organized structure for unstructured content has created a 28
challenging environment where it is increasingly less feasible to manage documents and records for both 29
operational and compliance purposes. Unless we implement additional technology, even relatively 30
straightforward tasks such as (a) gaining access to the latest design specification or a safety checklist, or 31
99
(b) searching through a list of a thousand MS Word documents for litigation support purposes, or (c) 1
answering a regulatory data request, become a very long, inefficient, and error-prone process. 2
To add the required structure to these records and documents, we must implement 3
an incremental technology, called a “managed repository.” eDMRM is such a managed repository. 4
Managed repositories provide: 5
Custom metadata tagging, such as title and author information, so that we can 6
reduce time and error rate when searching for and retrieving documents, 7
records, and information; 8
Enforcement of access privileges and prevention of unauthorized access or 9
modification; 10
Version control capabilities; 11
Enforcement of automated records retention policies; 12
Secured document collaboration, with both internal parties and external 13
vendors; 14
Efficient document routing and approvals; and 15
Credible audit trail when creating and modifying documents. 16
In 2009, the Company purchased the OpenText software, which is the commercial 17
name for the eDMRM. We have implemented OpenText on a limited basis to manage documents and 18
records related to major transmission and distribution projects, NERC CIP evidence, Federal Aviation 19
Administration compliance, Transmission & Distribution Advanced Technology, and Power 20
Procurement Finance. Based on our experience with this limited deployment, we believe the OpenText 21
software provides a solid foundation for our management of unstructured content. 22
b) Business Requirements 23
SCE’s Transmission and Distribution, Engineering Design Construction 24
Standards organizational unit conducted a survey in 2010 to identify opportunities for improving 25
operations and directly contributing to enhancing reliability of operations. Among the issues identified 26
in the survey, several were related to problems with unstructured content. These issues include the lack 27
of a single, centralized repository for quickly and easily storing and retrieving engineering standards, 28
specifications, and safety checklists. The survey indicated that lack of access to the latest versions of 29
these records can increase non-conformance of construction standards to specifications. The availability 30
of a central repository was cited as a critical success factor in improving productivity of operations. 31
100
Table VI-38 below is a table summarizing the various business problems and risks 1
associated with managing unstructured content and the mitigating capabilities of eDMRM. 2
Table VI-38 Mitigating the Risk Associated With Managing Unstructured Content
Problems and Risks Mitigation Through eDMRM (OpenText)
Operational Delays - Critical reliability operations are potentially delayed due to lack of immediate accessibility to important documentation (e.g., equipment specifications, engineering drawings and job routines/procedures) for performing operations.
Enhance accessibility and speed of retrieval by implementing, custom metadata tags and advanced search capabilities of eDMRM.
Public Safety/Inflated Costs - Field construction and engineering jobs currently depend on manual access to the latest engineering drawings and specifications of the impacted asset, resulting in delays, inaccurate retrieval, and increased costs. The delay in retrieving documentation may impact public safety.
eDMRM Drawing Management solution provides: (1) the ability to consistently check-out and check-in logical grouping of assets and related sub-components; (2) controls for security, versioning, and access; and (3) audit trails to ensure transparency and ability to retrieve history.
Emergency Response – The ability to respond to emergencies or disasters events in an accurate and precise manner is less than optimal due to lack of required controls and accessibility to vital records
eDMRM supports the Company’s business resiliency plans, with its ability to operate on redundant failover architecture. eDMRM’s version management capabilities ensure the latest and best versions are retrievable on an expedited basis in emergency scenarios.
Security and Access controls – One of the key compliance requirements of NERC CIP Privacy, CEII is to ensure appropriate security and access protection to documentation related to Critical Cyber Assets, Personally Identifiable Information and Critical Energy Infrastructure Information. The current system of managing these documents in shared drives and document libraries without basic controls and assurance poses a high degree of compliance risk.
Implementation of eDMRM’s Security Clearance module provides the Company with the ability to apply an appropriate access permission model to protect these records from unauthorized access and possible tampering.
Evidence Management – Although the evidence of a completed inspection can be found in the ERP/SAP system, the actual readings or diagnostic tests are located in file shares, document libraries, and “My Documents.” Lack of visibility of the entire Maintenance and Inspection record impedes the Company’s ability to quickly respond to regulatory data requests.
OpenText extended ECM solution with SAP provides the ability to link SAP data to the actual diagnostic record to so that we have a complete and accurate record. The solution also provides for cross-functional workflow (through SAP or OpenText), including managing all security access permission consistently across ERP/SAP.
Legal Hold Management - Potential for mismanagement or tampering of critical business records that exist on file shares or document libraries, due to lack of controls or tools to apply Legal Holds.
OpenText’s Legal Hold management capabilities enable SCE to apply necessary controls to manage documents/records that are subject to a Legal Hold.
101
(1) eDMRM Benefits Over Alternatives 1
The Company has extensively implemented SAP as the enterprise-wide 2
platform to systematically manage business operations. While SAP comprehensively captures business 3
transactional data, it does not have the ability to capture related unstructured content. For example, the 4
SAP system captures utility pole loading inspection information, but does not have the ability to capture 5
the associated diagnostic checklist that the field worker has completed. Integrating SAP transactions 6
with the associated unstructured content – the actual diagnostic record in this example – will eliminate 7
operational inefficiencies and expedite responses to regulatory data requests. SAP has announced that 8
OpenText is the product of choice for integrating electronic documents with its transactional data. The 9
Company will benefit from implementing the OpenText capabilities to enable integration with our 10
current and widespread use of SAP. 11
The Company’s core operations are highly reliant on engineering 12
drawings. Effectively managing and mitigating the unstructured nature of these drawings will result in 13
operational efficiencies. It is imperative that the document and records management solution we select 14
possesses the capability to support the unique requirements for the engineering drawings. Very few 15
document and records management products have this capability. OpenText’s Drawing Management 16
capabilities satisfy the majority of SCE’s complex requirements. 17
There are a number of products that provide document and record 18
management capabilities. However, there are very few vendor products that comply with the rigorous 19
requirements of the United States Department of Defense (DOD) Standard 5015.2, which is an industry 20
benchmark for electronic Records Management capabilities. OpenText has been certified to meet the 21
rigorous DOD 5015.2 standards. 22
Additionally, Gartner, a leading information technology research and 23
advisory company, has identified OpenText as an industry leader (in Gartner’s “magic quadrant” rating) 24
when comparing leading Enterprise Content Management providers.119 25
Several utilities and major corporations across North America have 26
successfully implemented OpenText for managing unstructured content. Below is a representative list 27
of companies using OpenText: 28
Duke Energy 29
119 See workpaper entitled “Gartner Study” for further details.
102
Public Works and Services - Government of the Northwest Territories 1
Santee Cooper 2
Conoco Phillips 3
Central Vermont Public Service 4
Missouri River Energy Services 5
Tennessee Valley Authority 6
As discussed above, the Company initially purchased OpenText enterprise 7
licenses in 2009, and established hardware and software server infrastructure along with limited 8
implementation of OpenText libraries. Because of this limited deployment, the Company is not yet 9
obtaining the full benefits of its investment. By implementing eDMRM across the Company to manage 10
all unstructured content, the Company will be well-equipped to mitigate risks associated with managing 11
unstructured content, and reap the benefits (including cost avoidance) of improving operations. 12
(2) Additional Benefits 13
The primary reasons for fully implementing eDMRM are to improve the 14
Company’s operations, improve regulatory compliance, and mitigate risks. In addition, full 15
implementation provides several “soft” benefits for the Company. With full implementation, search and 16
retrieval of documents and records should be greatly enhanced, resulting in significant improvement for 17
typical knowledge workers’ productivity. According to a study performed in 2001 by the International 18
Data Corporation, a leading intelligence and advisory firm that analyzes technology trends: 19
wastes $48,000 per week, or nearly $2.5 million per 21
year, due to an inability to locate and retrieve 22
information.”120 23
Additionally, eDMRM will improve the Company’s ability to enforce 24
legal holds on documents and records subject to pending litigation or investigations. Implementing 25
eDMRM will result in migrating documents and records from uncontrolled file shares and document 26
libraries into eDMRM, where we can protect relevant documents and records from being deleted or 27
altered. As part of the implementation, “Redundant, Obsolete, and Trivial” data (or ROT data) that has 28
accumulated in Company file shares and document libraries will be identified and deleted. This culling 29
120 See workpaper entitled “International Data Corporation Study,” The High Cost of Not Finding Information – An IDC
White Paper, p. 7, July 2001.
103
of data helps mitigate the risk of inaccurate data being presented during e-discovery efforts and reduces 1
the costs of e-discovery. For every gigabyte of ROT data deleted, approximately $7,500 in legal review 2
costs can be avoided. This figure is calculated as follows: 3
1 GB = 7,500 to 10,000 documents 4
Average attorney can review 50-100 documents per hour 5
Attorney review of 1 GB = 75 – 200 hours 6
Average attorney’s billing rate is $100 - $150/hour 7
Once stored in eDMRM, SCE can more systematically and timely dispose 8
of documents and records pursuant to the Company’s Records Retention Schedule. 9
By migrating documents and records from file shares, document libraries, 10
and My Documents, cost savings are achieved by transferring documents and records from high-cost 11
Storage Area Network (SAN) storage to low-cost Write Once Read Many (WORM) storage. This 12
represents an additional cost savings of approximately 20 percent per year related to SAN storage. 13
c) Implementation Overview 14
The full implementation of eDMRM company-wide is planned as a multi-phased 15
effort from 2013 through 2017. The implementation plan is based on a combination of factors, 16
including risk, change management, and operational priorities. Discuss below the key components of 17
the implementation. 18
d) Key Steps of Implementing Project 19
(1) Basic Document/Records Management 20
The first phase is providing users company-wide access to basic features 21
of eDMRM. This phase includes identifying and training content managers. This is a critical role for 22
providing day-to-day administration of document and records management activities. In addition, this 23
phase includes developing computer-based training material and change management workshops, and 24
establishing service desk and problem-solving processes and personnel. Additional activities include 25
development and training with respect to Active Navigation, a software product that will help clean up 26
Redundant Obsolete Trivial (ROT) data. 27
(2) Public Safety 28
Public Safety documents and records are related to operations that may 29
impact Public Safety. These are critical documents and records that need to be managed diligently so 30
that appropriate personnel can readily and securely access the material. This phase includes identifying 31
104
all the repositories that contain Public Safety documents and records, preparing the data for migration 1
into eDMRM, and preparing data migration strategies. Additionally, we will develop a metadata 2
schematic to “tag” these documents for quick and easy retrieval. 3
(3) External Access Collaboration 4
This phase includes establishing a secure infrastructure and process for 5
enabling document collaboration with external vendors and partners. 6
(4) Auto-Classification Proof of Concept 7
This phase involves conducting a proof of concept to evaluate the 8
feasibility of implementing auto-classification (to automatically classify documents and records). Auto-9
classification can potentially reduce the need for manual intervention on a day-to-day basis. 10
(5) Email Management 11
Emails carry important business records for the organization. This phase 12
of implementation will include setting up technical integration between the Company email system and 13
eDMRM. It also includes migrating individual email archives into eDMRM and integrating each 14
department’s folder structure into email. 15
(6) Engineering Drawing Management 16
Implementation of eDMRM will include converting three obsolete 17
engineering drawing legacy systems, migrating drawings into eDMRM, standardizing the lifecycle 18
process for drawings, developing a hierarchy to organize components of engineering drawings, and 19
enhancing search capabilities. The implementation also encompasses putting in standard viewers for 20
opening drawings maintained in different file formats, including PLS-CADD (Power Line Systems-21
Computer-Aided Design and Drafting), AutoCAD (a computer-aided design software product), and 22
TIFF (tagged image file format). We must also migrate over 800,000 construction and engineering 23
drawings (identified as critical) into eDMRM. 24
(7) Company-wide Library Implementation 25
This phase includes a comprehensive Company-wide implementation of 26
approximately 200 document libraries. Implementation will involve, for each library, analyzing current 27
business operations, establishing a user-friendly document folder structure, gathering security 28
requirements, and developing an access permission model for the identified folder structure. 29
Additionally, it will be necessary to scope the migration effort for every library, cleansing these 30
documents of ROT data, and mapping the cleansed documents to the newly-identified folder structure. 31
105
Basic workflows will be implemented for document routing and approval. We will develop Records 1
Series Identifiers to enforce the Company’s Records Retention Schedule. We will also develop the 2
metadata configuration based on specific business needs to help simplify the process of searching for 3
and retrieving documents. To help smooth adoption of these capabilities by users, we will train users 4
and implement change management strategies. Below, we provide a “snapshot” of the key components 5
involved in a typical library implementation effort. 6
Table VI-39 Typical eDMRM Library Implementation
1. SONGS Implementation – This phase includes decommissioning two existing legacy 7
document management systems, including the SAP Document Management module that 8
SAP no longer supports. We will also migrate documents from those legacy systems into 9
eDMRM. 10
2. My Documents – This phase includes migrating MS Windows-based My Documents over to 11
eDMRM, for every employee of the Company, desktop by desktop. The phase includes 12
implementing e-discovery and Legal Hold controls, and addressing change management and 13
user training. 14
e) Forecast Expenditures 15
(1) Cost Reasonableness 16
Based on information provided by Gartner, a leading information 17
technology research and advisory company, it appears that the approximate cost to implement a 18
document and records management system for 20,000 users is $60 million.121 The current estimate for 19
121 See A.10-11-015. SCE-04, Vol. 4, pp. 75-87, Customer Service Business Unit.
106
implementing eDMRM Company-wide is $32.604 million. That investment, coupled with the $16 1
million that the Company has already invested in OpenText, is in line with the Gartner estimate , 2
particularly when, as here, our estimate includes implementing complex Engineering Drawing 3
Management, cleaning up legacy data, migrating data and records, and integrating with and leveraging 4
SAP capabilities. 5
(2) Forecast Cost by Year 6
Table VI-40 below provides the estimated costs of completing the 7
implementation of eDMRM through 2017. 8
Table VI-40 eDMRM Implementation Cost Summary
(2013-2017)
5 year Summary 2013 2014 2015 2016 2017 TOTAL
Basic DM/RM $1,200,000 $1,400,000 $2,600,000
Public Safety $610,000 $900,000 $1,510,000
External Access $240,038 $240,038
Auto Class POC $50,000 $50,000
eMail $1,500,000 $1,900,000 $3,400,000
Drawing Mgmt $904,048 $850,000 $1,754,048
All OUs $4,633,000 $4,644,000 $4,633,000 $13,910,000
SONGS $2,850,000 $2,850,000 $5,700,000
My Documents $1,167,011 $1,106,035 $1,167,580 $3,440,626
Total $2,100,038 $4,704,048 $11,400,011 $8,600,035 $5,800,580 $32,604,712
f) Conclusion 9
Through the implementation and expanded deployment of eDMRM, SCE will put 10
in place reasonable processes and information infrastructures to mitigate the challenges of ever-11
proliferating information in the electronic age. This will promote appropriate information-sharing 12
across the Company, while providing more accurate and complete information. This project will also 13
put appropriate controls in place to secure sensitive information. Ratepayer interests are served when 14
information critical to system reliability, security, and safety is managed in a sound manner. Ratepayers 15
also have an interest in data privacy and appropriate control of access to data. By prudently spending on 16
records management capabilities, we serve these vital ratepayer interests. 17
107
E. Customer Service 1
1. Dynamic Pricing 2
a) Background 3
(1) Project Overview 4
In D.09-08-028, the Commission adopted a number of dynamic pricing 5
rates, effective October 1, 2009. SCE was required to propose additional default and opt-in dynamic 6
pricing options for residential, small commercial, and agricultural customers by January 1, 2012, 7
contingent upon the Commission’s approval of the rates no later than October 1, 2011. Due to various 8
delays, the Commission agreed to the new effective date of April 1, 2013 for the dynamic rates. The 9
rates are currently available. However, due to defaulting requirements, some classes of customers may 10
not default to these rates until as late as first quarter, 2015. 11
With the knowledge these rates needed to be implemented, in the 2012 12
GRC, CS requested and received approval for the Dynamic Pricing project.122 Because of the delay in 13
approving the additional default and dynamic pricing options, part of the Dynamic Pricing 14
implementation schedule has shifted into 2013 and 2014, necessitating SCE to request funding for the 15
Dynamic Pricing project again. 16
(2) Scope 17
The Dynamic Pricing project has several different applications in its 18
scope. While systems had to be enhanced to allow for the changes in rates and default options, new 19
energy cost tools were developed to provide customers with better understanding of their rates and the 20
relationship between their usage patterns and their electricity costs. The scope of this project includes: 21
Enabling calculation and billing of new rates in CSS; 22
Automating the rate change default process; 23
Developing and implementing customer opt-out and Capacity 24
Reservation Level (CRL)123 change capability; 25
Developing and implementing an on-line rate analysis tool; 26
Enhancing and expanding the current My Account Billing tools; 27
122 In D.12-11-051, p.855, the Commission approved the Dynamic Pricing project. The Results of Operation (RO) model
authorized $34.10 million for the expenditure and inflation adjustment.
123 In D.09-08-028, Attachment H, the CRL allows customers to pay a fixed charge for a predetermined portion of their load, and pay the dynamic price for usage above the CRL.
108
Developing online customer support tools, such as Web Chat, to assist 1
customers with billing, rate and other inquiries; 2
Developing and implementing reporting capabilities; 3
Enhancing and expanding the CSS training region; 4
Updating Electric Service Planning’s DM System, Energy Analytics, 5
and Encost Systems to include the new rates; and 6
Developing and implementing a common back-end for all rate analysis 7
tools.124 8
(3) Implementation Schedule 9
The Dynamic Pricing project began in 2010 with the blueprinting of the 10
project. Work on the dynamic pricing rates, defaults, and online rate comparison and analysis tools 11
started in 2011, but were not completed until 2013. Customer service tools such as Web Chat, Web 12
Collaboration, and Web Call-back as well as a mobile application customers can access on smart phones 13
were initiated in 2011 and implemented initial scope in 2012, with expanded scope to be delivered in 14
2013 and 2014. The CSS training region for customer contact employees to learn the components of the 15
new dynamic rates, rate tools, and respond to customer inquiries will implement in 2014. 16
b) Recorded and Forecast Expenses 17
SCE is requesting $10.4 million in 2013 and $600,000 in 2014 to complete the 18
work started and already underway for the Dynamic Pricing project. These dollars are not incremental 19
to the $33.06 million already approved by the Commission but rather spend that was pushed into 2013 20
and 2014 primarily because of regulatory delays.125 21
The following table, Table VI-41, shows the total recorded and forecast costs for 22
the Dynamic Pricing project. 23
124 See A.10-11-015, SCE-04, Customer Service Business Unit, Vol. 04, pp. 75-87.
125 The estimated cost of the Dynamic Pricing is $1.5 million below what the Commission originally approved in D.12-11-051.
109
Table VI-41 Dynamic Pricing Project Costs by Year
Recorded 2010-2012 and Forecast 2013-2014 (Nominal $ Millions)
First Call Resolution (Total CCO Calls) CCC call reductions 2018 First Call Resolution 80% 80% 86.6%
Payment Arrangement/Extension CCC deflection to SS 2017 Self Service % 25% 49% 60%
Outage Transactions CCC deflection to SS 2016 Self Service % 57% 73% 81%
TOTAL
*HEER benefits are non‐O&M, non‐GRC
Key Metric
Avoided Costs are costs that will likely occur if we do not implement the full 7
Digital Experience Program. In particular, there is substantial risk associated with failure to comply 8
with Federal and State privacy laws dealing with electronic communications.144 Based on lawsuits both 9
pending and settled, fines of several million dollars have been levied on major companies.145 We 10
estimated that in 2015 about 70.5 million emails, alerts and notifications will be sent to customers. The 11
financial risk to SCE of not implementing the Digital Experience Program has been estimated at $11.7 12
million in 2015 and increasing to nearly $24.0 million in 2020 as customers increase their use of digital 13
144 FCC 47 CFR Telephone Consumer Act of 1991; California Business & Professional Code Div.7, Part 3, Ch 1; Public
Law 108-187 108th Congress – To regulate interstate commerce by improving limitations and penalties on the transmission of unsolicited commercial electronic mail via the internet.
145 Class Actions for CAN SPAM, text and robo calling:Wells Fargo Text Message Class Action Lawsuit - $17.1M Settlement; LuckyBrand Spam Texts Class Action Lawsuit – $9.9M, Settlement – November 28, 2012; Google Slide Disco Test Class Action Lawsuit – $6M, Settlement – December 19, 2012; Target Spam Class Action Filed – no settlement; Papa John’s Class Action Filed - $250M, (pending) – November 14, 2012; AllianceOne Robocalls and Auto Dialer Settlement - $9.9M – May 2012 (The company is now facing a text messaging lawsuit).
145
channels to conduct business with SCE. This estimate is based on assuming $500 per incident and a 1
three percent risk of occurrence both of which were based on Wells Fargo and other companies’ 2
experience. 3
Full Investment will yield benefits by 2020, which are displayed on the Figure VI-4
9 below. These benefits, when compared to the cost to implement the Digital Experience Program, yield 5
a benefit cost ratio of 1.96. This benefit is further enhanced by the advancement of public policy in 6
meeting the State’s Energy Action Plans goals by increasing the expected enrollments in various DSM 7
programs. Customer Value is improved substantially by opening multiple channels for communication 8
both by the customer and by SCE. 9
Figure VI-9 Full Investment Yields Hard Benefits by 2020
f) Recorded and Forecast Expenditures 10
Labor, hardware, licensing and contingency costs comprise the forecast 11
capitalized software costs of $91.5 million for the Digital Experience Program.146 Estimates for IT 12
support are based upon prior experience in initial implementation of system upgrades. Various types of 13
146 See workpaper entitled “Forecast Expenditures Digital Experience.”
146
developmental or commercial off-the-shelf (COTS) projects, labor rates, contingency levels, and cost 1
components are utilized to develop the overall cost estimate of the project.147 2
g) Conclusion 3
The Digital Experience Program is a continuation of the strategy that was first 4
described in the 2012 GRC Policy testimony and supports the current Customer Engagement Model 5
discussed in Exhibit SCE-04, Vol. 1. Initial implementation of SCE.com has laid the technological 6
foundation for a digital experience that will meet customers’ growing needs. Channel parity will 7
improve customers’ interaction with SCE and enable SCE to provide personalized basic customer 8
service. This development and implementation will produce economic and non-economic benefits to 9
our customers. 10
6. Prepayment Program 11
a) Background 12
(1) Project Overview 13
The Prepayment Program will allow residential customers the option of 14
paying for their electric use prior to consuming it. This pay-as-you-go concept allows customers to 15
make multiple payments throughout each month to maintain a prepay balance used to pay for electricity 16
as it is consumed. Customers benefit by not being required to pay a deposit when establishing service, 17
and they are not tied to a monthly bill due date. 18
With the implementation of Edison SmartConnect®, SCE is able to offer 19
customers a program that allows them to better manage their energy use and personal finances. With the 20
Remote Service Switch (RSS), SCE can turn customers on or off easily without the need to send an FSR 21
into the field. SCE’s Prepayment Program will be available to Edison SmartConnect®-metered 22
residential customers with RSS capability. See Exhibit SCE-04, Vol. 2, Ch. IV.A, pp. 115-120, for 23
further details on the Prepayment Program. 24
(2) Scope 25
To facilitate customer participation in the Prepayment Program, system 26
enhancements are necessary to enable verification of eligibility, online customer enrollment, web 27
presentment of account status and usage, customer payment management, and alerts and notifications. 28
Additional integration is required to automate the operational processes affected by the Prepayment 29
147 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE
v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
147
Program such as connect and/or disconnect of service. The systems within scope for this project are as 1
follows: 2
Customer Call Work Optimization (CWO) and CSS Workstation – Create a prepayment 3
enrollment/de-enrollment screen and create a detail screen showing all prepayment events and 4
balances for use by the Customer Service Representative (CSR) handling customer inquiries, to 5
verify eligibility and process enrollments. 6
Customer Service System (CSS) – Create prepayment service modules to accept enrollment from 7
the workstations and Interactive Voice Response (IVR) system and pull information from Budget 8
Assistant data (i.e., Bill to Date, Daily Average). 9
Dispatcher – Modify Service Order dispatchers for the following: 10
o Cancel pending prepayment enrollment, and 11
o Change the prepayment enrollment event status upon completion. 12
Database Changes – Create a back-end table to store prepayment data (e.g., minimum transaction 13
amount, low balance amount, and de-enrollment). 14
Front End/Back End Static Data Changes – Define new event types, eligible prepayment rates, 15
and ineligible profile. 16
Payment Channels – Current payment channels will be available to accept payment (e.g., APA, 17
EDI, SCE.com, credit/debit, or mail). 18
Account Receivable & Collection – The system will allow for multiple payments, accept triggers 19
for alerts to notify customers that payments have been received, and trigger disconnect alerts 20
when balances fall below requirements. 21
Alerts and Notifications – Add new templates for each alert and notification in Varolii for 22
enrollments, payments, low balance, disconnection alert, etc. 23
SCE.com – Existing interface between Varolii and CSS will be used for notifications and alerts; 24
all CSS service interactions will be managed through the software product Datapower; and all 25
CSS transactions that require interaction with SCE.com, CWO, and IVR will be a web service. 26
Within MyAccount, existing web presentment of bill to date, usage, and account status will be 27
changed for those customers on the Prepayment Program, and enrollment via SCE.com will be 28
offered. 29
148
(3) Implementation Schedule 1
The Prepayment Program implementation is scheduled to start in 2014 and 2
end by 2015. 3
b) Business Requirements 4
This is a new payment program being requested in this rate case. There are no 5
current systems or processes. See Exhibit SCE-04, Vol. 2, Ch. IV, pp. 115-120, for further details on the 6
Prepayment Program. 7
(1) Alternatives Considered 8
An alternative to automating the prepayment program is to have the CSR 9
in the Customer Contact Center (CCC) manually enroll all customers electing this option. Even the 10
manual process would require some system automation, as this is not an existing payment program. The 11
cost-benefit analysis below in Section (2) illustrates why automating this process will have a positive 12
Net Present Value (NPV). 13
Another feasible option for automating this payment program would be to 14
use a vendor COTS. 15
(2) Cost-Benefit Analysis 16
For the capital software cost-benefit analysis, the costs of construction and 17
any incremental O&M post-implementation were compared against up to five years of benefits post-18
implementation. For this analysis, all future costs and benefits were escalated to year-of-expenditure, 19
then discounted to 2012 NPV using a 10 percent discount rate. Finally, the sum of present-value 20
benefits was divided by the sum of present-value costs to derive the Benefit-Cost ratio for the project. 21
Because of the construction period required for software capital projects and the ensuing five-year 22
benefit window, many projects have substantial benefits after 2017, which are not reflected in this GRC; 23
benefits between 2018-2020 will be reflected in SCE's next 2018 Test Year GRC through avoided costs. 24
A cost-benefit analysis was performed to determine if the automation project would be more cost-25
effective than performing the work manually. The benefits incurred from automating this project 26
include reducing the bad debt (uncollectible) expense, reducing postage costs, and reducing energy 27
procurement costs. The analysis indicates a positive Benefit-Cost Ratio of 1.11 where the benefits are 28
associated with the Prepayment program and not the automation of the system.148 29
148 See workpaper entitled “Cost-Benefit Analysis for Prepayment Program.”
149
c) Recorded and Forecast Expenditures 1
The forecast capitalized software costs of $1.6 million for the Prepayment 2
Program project is comprised of labor, hardware, licensing and contingency costs.149 Estimates for IT 3
support are based upon prior experience with similar projects. Based upon various types of 4
developmental or COTS projects, labor rates, contingency levels, and cost components are utilized to 5
develop the overall cost estimate of the project.150 This project is expected to be of medium complexity 6
and an internally developed solution based on IT’s estimating method. 7
Table VI-47 below illustrates the forecast expenditures of the Prepayment 8
Program project by year. 9
Table VI-47 Capital Forecast Expenditures for the Prepayment Program Project
The Prepayment Program will allow eligible customers to pay in advance for 11
anticipated energy consumption. This will allow customers to make multiple payments throughout each 12
month to maintain a prepayment balance that is used to pay for energy as it is consumed. By SCE 13
automating this new offering, customers will be able to determine their eligibility, enroll in the 14
Prepayment Program, receive alerts and notifications, and manage their payment plan. 15
7. GRC Rate Design Phase II 16
a) Background 17
(1) Project Overview 18
At the conclusion of each General Rate Case, new rates are developed in 19
Phase II of the GRC to be implemented in SCE’s billing system. These new rates result from the 20
changes in rate design developed in Phase II of the GRC. The purpose of this project is to modify 21
various systems, including the billing systems in order to implement these new rates, and the project is 22
required to be completed for a 2015 Test Year implementation. 23
149 See workpaper entitled “Forecast Expenditures for Prepayment Program.”
150 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
150
(2) Scope 1
Because the exact scope of this project will not be determined until the 2
conclusion of the 2015 GRC Phase II, the preliminary basis for the project scope is based upon the 3
Residential Rate Structure OIR R.12-06-013 (Filed June 21, 2012), the Rate Design Workshop for R.12-4
06-013 (Held December 5, 2012), and the 2012 GRC Phase 2 (A.11-06-007) Final Decision D.13-03-5
031. These provide for several rate design options, including: 6
Tiered Rates, which set rate levels relative to some baseline volumetric 7
usage; 8
Non-Volumetric Charges, such as fixed customer charges, basic 9
service fees and minimum bill charges, and demand charges; 10
Time-of-Use (TOU) Rates setting different rate levels depending upon 11
the time period during which energy is used; 12
California Alternate Rates for Energy (CARE) Program, an alternative 13
mechanism for providing assistance for low-income customers; 14
Small Commercial and Agricultural customers’ further transition to 15
152 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
152
Table VI-48 below illustrates the forecast expenditures of the GRC Rate Design 1
Phase II project by year. 2
Table VI-48 Capital Forecast Expenditures for the General Rate Design Phase II Project
Edison SmartConnect® relies on COTS products from SCE’s vendor for meter 22
usage data collection from the NMS and the MDMS. To keep the software up-to-date for support and 23
153 See workpaper entitled “Forecast Expenditures Enhanced Metering and Usage.”
154 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
156
availability of the latest features, these products require upgrades by the vendor on a regular basis (12-18 1
month cycle). The new enhancement packages are available to SCE via their licensing agreements with 2
the vendor. These enhancements must be made to ensure the reliability of the Meter and 3
Communications System. 4
9. Edison SmartConnect® Monitoring and Analysis System (SCMAS) Phase 2 5
a) Background 6
(1) Project Overview 7
The Edison SmartConnect® Monitoring and Analysis (SCMAS) was 8
implemented during the Edison SmartConnect® deployment. The SCMAS is used to facilitate the 9
monitoring and analysis of the Meter and Communications System. This project will enhance the 10
SCMAS by implementing requirements that were originally taken out of scope during the Phase 1 11
implementation of SCMAS because of project time constraints, as well as provide upgrades to improve 12
the current system. The SCMAS is the main interface for the Meter and Communications System. It 13
acts as an umbrella for a single point of entry and control for NMS, SEM, CRA, security and 14
visualization. This is illustrated in Figure VI-10 below. 15
157
Figure VI-10 Edison SmartConnect® Monitoring and Analysis (SCMAS) System Diagram
(2) Scope 1
By implementing the additional functionality of the SCMAS Phase II 2
project, the SOC will improve operational efficiency as well as enable functionality required to support 3
the following programs: the HAN program, the Daily Non Responding Devices (NRD) and Radio 4
Frequency (RF) Mitigation, and the Opt-Out program. 5
(a) HAN Program 6
The SOC needs access to HAN data and diagnostic functionality 7
delivered with Network Management System (NMS) to support automated and more timely manual 8
identification and mitigation of HAN-related issues associated with the 200,000 Customers with HAN 9
devices155 (i.e., ability to enable SOC to identify potential issues before they are realized). The SOC 10
will have access to data associated with all accounts with HAN devices by device type and status 11
(registered vs. not registered). Customer and HAN data will be available for the SOC to interrogate and 12
155 See Resolution E-4527, September 27, 2012.
158
identify problems or incidents. The system will provide workflow notifications and minimize the 1
systems needed to track incident and the work management process through to resolution. 2
(b) Daily NRD and RF Mitigation 3
The SOC performs daily identification and mitigation of non-4
responding devices and RF-challenged accounts (customer accounts without a signal). This upgrade 5
will provide for data and functionality required to strengthen analytics necessary to expand monitoring 6
scope and further automate the identification of problems. Today, the SOC manually conducts RF 7
desktop analysis to rule out account-based issues (e.g., no power, no access, Meter Order Processing 8
(MOP), outstanding Basic Work Request (BWR), and outstanding Trouble Orders that cannot be 9
resolved by a field visit). Automating the RF desktop analysis will reduce the significant manual effort 10
and reduce the number of truck rolls (i.e., FSRs and meter technicians being sent out to a location to 11
manually inspect a device), returned devices requiring MSO testing, and “No Trouble Found” results. 12
(c) Remote Re-Programming 13
The SOC will have the functionality to process requests from RSO 14
to perform Over the Air Remote Reprogramming of meters and to interrogate results from within a 15
single tool, SCMAS. Remote reprogramming functionality allows the SOC to change the meter 16
configuration to support various billing programs and the Load Research Program over the air. 17
(d) Opt Out 18
The SOC continuously monitors the impacts of the Opt-Out 19
Program on the overall network performance. The enhancements to the system will provide visibility to 20
all accounts moving out of and back into the Edison SmartConnect® program, transactions, and their 21
statuses to ensure timely remediation of issues. (For more details on the Opt-Out Program, see SCE-04, 22
Vol. 2, Ch. IV.A) As smart meters are removed or added to the network, the SOC will need to analyze 23
the effect of the movement on the network signal. Depending on the location of the analog meter, RF 24
Mitigation actions and solutions may be required (i.e., installation of range extenders, satellite solutions, 25
or pole mounted cell relays). 26
(3) Implementation Schedule 27
The SCMAS Phase 2 project is scheduled to start and end by 2015. 28
159
b) Business Requirements 1
(1) Current Systems and Processes 2
The SCMAS system is the main interface used to facilitate the monitoring 3
and analysis of the Edison SmartConnect® Meter and Communications System. It acts as an umbrella 4
for a single point of entry and control for NMS, SEM, CRA, security, and visualization. Currently the 5
process of monitoring the network and transitioning between systems is manual. Significant data reports 6
are maintained to identify threats to the Meter and Communications System. An additional eight 7
positions are required within the SOC to perform analytics and reporting required identifying and 8
mitigating issues. These reports are then analyzed and reviewed for trends. The approach is a very 9
reactive one for monitoring such a complex system. The data must be received, reported on and then 10
analyzed all before the SOC is aware there is a problem with the network. Once a potential problem is 11
identified, manual desktop analysis is conducted; multiple individuals are required to run a series of 12
reports and search CSS to determine if the problem resides in the Meter and Communications System or 13
CSS with synchronization issues. The manual mitigation process can take up to eight hours to 14
determine the source of the problem. The duration varies significantly depending upon the size of the 15
population being analyzed. SOC analyzes between 500 to 1,000 devices per day based on currently 16
defined incidents. This does not include the time to actually fix the problem. 17
(2) Alternatives Considered 18
An alternative to the systems enhancements described in this section 19
would be to continue with the manual processes performed by the SOC. If SCE is unable to implement 20
these system enhancements, the SOC will need to increase their incremental forecast by approximately 21
eight FTEs. Refer to the next section (3) Cost-Benefit Analysis for support as to why the status quo is 22
not the most beneficial option. 23
(3) Cost-Benefit Analysis 24
This project provides benefits to the department through avoided costs. 25
For the capital software cost-benefit analysis, the costs of construction, and any incremental O&M post-26
implementation, were compared against up to five years of benefits post-implementation. For this 27
analysis, all future costs and benefits were escalated to year-of-expenditure, then discounted to 2012 28
NPV using a 10 percent discount rate. Finally, the sum of present-value benefits was divided by the sum 29
of present-value costs to derive the Benefit-Cost ratio for the project.156 Because of the construction 30
156 See workpapers entitled “Cost-Benefit Analysis for SmartConnect Monitoring and Analysis Systems.”
160
period required for software capital projects, and the ensuing five-year benefit window, many projects 1
have substantial benefits after 2017, which are not reflected in this GRC; benefits between 2018-2020 2
will be reflected in SCE's next (TY 2018) GRC. 3
The Benefit-Cost ratio for the SCMAS project is 0.84. With an additional 4
year of benefits, the Benefit-Cost ratio is greater than one. The avoided costs for the SCMAS project 5
include: 6
Not hiring an additional eight FTEs to run Desktop analytics; 7
Reducing the number of truck rolls, returned devices requiring MSO 8
testing, and No Trouble Found in MSO test through the automation of 9
Non-responding Device Desktop analysis; 10
Timely identification and mitigation of HAN-related issues associated 11
with 200,000 customers with HAN devices to ensure that the customer 12
is able to take advantage of the HAN related programs; 13
Some additional customer benefits not included in the cost-benefit 14
analysis, including faster resolution of customer-reported problems, as 15
well as resolution of problems before customers realize there is an 16
issue; 17
Improved storm response time in correlation with the priority and 18
volume of storm issues; 19
Timely remediation of issues related to Opt-Out and Opt-In 20
transactions; and 21
Reducing the overall number of customer-facing problems and 22
speeding resolution of those issues that customers do report, which 23
will further the state policy goal of faster, more widespread customer 24
adoption of HAN technology and resulting DSM benefits. 25
After the project implementation in 2015 and starting in 2016, we 26
anticipate the benefit will be shown in the net savings in the O&M request (through a reduced forecast) 27
for the corresponding department. 28
161
c) Recorded and Forecast Expenditures 1
The forecast cost of $5.1 million for the SCMAS Phase 2 project is comprised of 2
labor, hardware, licensing and contingency costs.157 Estimates for IT support are based upon prior 3
experience with similar projects. Based upon various types of developmental or COTS projects, labor 4
rates, contingency levels, and cost components are utilized to develop the overall cost estimate of the 5
project.158 This project is expected to be a medium complex, internally developed solution. Therefore, 6
the added functionalities will be considered a medium developmental project under IT’s estimating 7
method. 8
Table VI-50 below illustrates the forecast expenditures of the SCMAS Phase II 9
project by year. 10
Table VI-50 Capital Forecast Expenditures for the SCMAS Phase II Project
The Meter and Communications System will be exposed to higher risks of 12
catastrophic Edison SmartConnect® failure if not implemented. Failures of the system would cause 13
higher delayed billing rates and an increase in field visits to probe the meter and manually capture usage 14
information. Without the additional SCMAS functionality, the SOC would be unable to identify new 15
issues and offer timely analysis, thus increasingly the risk of failure of the interim Edison 16
SmartConnect® analysis platform used for daily non-responding meter analytics and mitigation. 17
10. Hiperwall Refresh 18
a) Background 19
(1) Project Overview 20
A hiperwall is a video wall display technology consisting of a series of 21
LED devices affixed to a wall and linked together through an ordinary Local Area Network (LAN) or a 22
157 See workpaper entitled “Forecast Expenditures for SmartConnect Monitoring and Analysis System (SCMAS) Project.”
158 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
162
wireless network. A hiperwall displays any combination of content types, such as large graphic images 1
or streaming content from a camera or other source. 2
The hiperwall is currently located in the SOC and was installed in October 3
2010. The wall is a visualization tool used to track the performance of SCE’s Advanced Metering 4
Infrastructure (AMI). The hiperwall is used 24 hours a day, 7 days a week for real-time monitoring of 5
SCE’s smart meter security and communication performance. The hiperwall provides for concurrent, 6
real-time access to all the data required to ensure timely identification and resolution of problems 7
affecting the ESC operations. 8
It is vitally important to maintain this display for continuous viewing of 9
the AMI communication system, as this display translates usage information into billing for our five 10
million customers. The hiperwall also has the capability of displaying connectivity related to Home 11
Area Network (HAN) devices and tracking the remote service switch for turn-ons, turn-offs, and credit-12
related activity. The SOC has a partnership role in outage management with the Transmission & 13
Distribution Organization Unit (T&D). Through the hiperwall, the SOC can view voltage and load 14
information on five million devices and is able to determine if a customer is receiving electricity. This 15
information is relayed back to T&D and used to deploy repair resources more effectively. 16
(2) Scope 17
The project will refresh the current hiperwall located in the SOC, as well 18
as any hardware fixes. The project also includes the creation of a maintenance plan with scheduled 19
refreshes and software upgrades to maintain long-term operations. Because the hiperwall is utilized 24 20
hours a day, 7 days a week, any system or hardware update needs to be well planned to minimize the 21
outage time of the hiperwall. The maintenance plan will also include training of SCE’s IT department to 22
maintain the hiperwall. 23
The project will include replacing twenty 46” LED displays with a 5.5mm 24
combined bezel (the distance between the display screens). Each display has an internal windows 25
computer assisting in the visualization. The narrow bezel, or edge, allows the displays to be aligned 26
closely together for the appearance of a smooth continuous surface. Also within the scope of the 27
Hiperwall Refresh, are the 20 individual computers that support the back-end of the hiperwall. Because 28
of the work performed, these computers need to be powerful with large memory and small form factor to 29
fit together within a rack. The hiperwall controller node computer links the 16 different computer 30
applications together for visualization on the wall. Three additional computers are used for AV control, 31
163
playing video or DVDs, or transferring the hiperwall display into conference rooms. No new interfaces 1
will be necessary between the applications and the hiperwall controller. 2
SCE’s IT department will be responsible for the development of a robust 3
maintenance plan that will allow for scheduled refreshes and software upgrades with minimal down- 4
time. SCE’s IT department will also develop processes and undergo training to maintain the hiperwall. 5
(3) Implementation Schedule 6
The capitalized software component of the Hiperwall Refresh project is 7
scheduled to start in 2015 and end by 2017. 8
b) Business Requirements 9
(1) Current Systems and Processes 10
The current hiperwall is approximately 8 feet high and 17 feet wide (4 11
displays high and 5 displays wide). An application can be viewed on one display, blown up to be 12
viewed on all 20 displays, or any combination in between. Four SOC operators view the hiperwall 13
concurrently to track and monitor the Meter and Communications System. The LED displays are 14
controlled by a hiperwall controller. The hiperwall controller links several SOC applications together 15
that can then be displayed either individually or concurrently on the LED displays as shown below in 16
Figure VI-11. 17
164
Figure VI-11 Hiperwall Configuration Diagram
The SOC applications that are viewed on the hiperwall include: 1
Security Event Management (SEM) System – This application is used to 2
conduct security monitoring by capturing meter logs and event data and interrogating the data to identify 3
cyber security alerts. The cell relays send encrypted secure text files to the SEM system. SEM reads 4
these files to determine if there was any type of security alert on the system. 5
Edison SmartConnect® Monitoring & Analysis System (SCMAS) – The 6
SCMAS is used to facilitate the monitoring and analysis of the Edison SmartConnect® meter and the 7
communication network. The SCMAS is the main interface for the Meter and Communications system. 8
It acts as an umbrella for a single point of entry and control for NMS, SEM, CRA, security and 9
visualization. 10
165
Cell Relay Configuration Management System (CGM) – CGM ensures 1
configuration management of the new devices. This system is used to push out any needed upgrades to 2
the cell relay devices while they are installed in the field. The upgrade is pushed out over the CGM 3
system through the air and received by the cell relays. 4
Network Management System (NMS) – The NMS is the gateway to all 5
Edison SmartConnect® meters and field infrastructure. All commands sent to and all data received 6
from the Edison SmartConnect® meters and network field infrastructure must pass through the NMS. 7
Cell Relay Availability (CRA) – CRA is used to monitor the over-the-air 8
communication and availability of the 14,000 cell relay cellular data devices. 9
BMC Patrol –This system is used to monitor the Edison SmartConnect® 10
system IT servers for their real time status, health and performance. 11
Outage Management System – This system is used to monitor system 12
power outages for impact to meter and communications operations and provides support to T&D related 13
to power outages and restoration. 14
(2) Alternatives Considered 15
Due to the necessary flexibility needed to display multiple applications in 16
a variety of configurations, viewable by multiple operators simultaneously, the hiperwall is the only 17
technology solution at this time. 18
The hiperwall is purchased and supported through authorized and 19
approved Audio Video (AV) Integrators only. SCE’s current vendor is an authorized and approved AV 20
Integrator. If SCE were to consider alternate vendors, the cost of replacing the hiperwall would increase 21
as supporting infrastructure (such as the wall and brackets) would need to be removed and replaced by 22
the new vendor. The lowest cost option was to remain with the current vendor. 23
Within the video monitor industry, five years is the standard lifecycle for 24
monitors that operate 24 hours a day, 7 days a week. The same is true for the computers that deliver and 25
control the content of the hiperwall. Because the hiperwall was installed in 2010, it needs to be 26
refreshed in 2015. It is not feasible to allow the hiperwall to extend beyond the five-year lifecycle and 27
to incur additional expenses for repair and maintenance. Over the last six months, the vendor has been 28
called for service three different times. The wall is constantly in use and cannot be down without 29
affecting the metering system operations, system monitoring, and incident identification and resolution 30
processes. 31
166
c) Cost-Benefit Analysis 1
This project is required for SCE to maintain 24- hours- a- day, 7-days- a-week 2
visibility of the Meter Communication System. Therefore, the decision to undertake the project cannot 3
be appropriately analyzed using a cost-benefit analysis. As discussed in the prior section, the lowest 4
cost option will be selected. The project will not create incremental O&M. SCE’s IT department will 5
require training to support the hiperwall and its maintenance plan, but this will be included in regular 6
training time. 7
d) Recorded and Forecast Expenditures 8
The forecast capitalized software costs of $1.9 million for the Hiperwall Refresh 9
project is comprised of labor, systems hardware, licensing and contingency costs.159 The project is 10
divided into two components: the IT software modifications and the hardware, such as the LED 11
monitors. Based upon various types of developmental or COTS projects, labor rates, contingency levels, 12
and cost components are utilized to develop the overall cost estimate of the project.160 The work 13
necessary for the modifications to the systems required for the Hiperwall Refresh project is considered a 14
small developmental project based on IT’s estimating method. The hardware component of the project 15
is based upon vendor quotes and costs for similar equipment procured by SCE. 16
Table VI-51 below illustrates the forecast expenditures of the Hiperwall Refresh 17
project by year. 18
Table VI-51 Capital Forecast Expenditures for the Hiperwall Refresh Project
SCE relies on the functionality of the hiperwall 24 hours a day, 7 days a week. 20
The visualization wall needs to be refreshed every five years. The Hiperwall Refresh project is 21
necessary to avoid hardware and software obsolescence and to maintain reliability. The wall is used for 22
159 See workpaper entitled “Forecast Expenditures Hiperwall Refresh.”
160 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
167
real-time monitoring of SCE’s smart meter security and communication performance of the AMI 1
system. 2
11. Plug-In Electric Vehicle (PEV) Support Systems 3
a) Background 4
(1) Project Overview 5
As the adoption of light duty Plug-In Electric Vehicles (PEVs) scales,161 6
Customer Service seeks to streamline the process by which customers enroll in dynamic rates for fueling 7
their vehicles. The current semi-manual enrollment process leverages, as much as possible, automation 8
of existing systems to enable customers to charge at their chosen EV rate but still requires significant 9
manual intervention and is not scalable. A more efficient and transparent process is needed to better 10
support SCE’s growing number of PEV customers. This testimony describes the work to streamline and 11
automate the current processes and the systems that will provide one-stop, online service solution for 12
SCE’s PEV customers.162 13
Providing the growing population of PEV customers with reliable service 14
requires coordination among a number of SCE departments, including contact center representatives, 15
electrical service planning, distribution system construction crews, meter services, and billing. Some of 16
SCE’s current work management systems are organization-specific with limited cross-organization 17
integration and few, if any, PEV-specific data fields. This approach was adequate for the original intent 18
of those systems and was manageable, with manual workarounds, for the current volume of PEVs. 19
However, future PEV volume projections dictate that more efficient processing will be required for SCE 20
to meet customer expectations for timeliness, efficiency, and accuracy of order tracking and status 21
reporting. 22
In D.12-11-051, SCE’s 2012 GRC Decision, the Commission stated that, 23
because PEV is integrated with other major technology projects, SCE should “slow down the 24
implementation [of the PEV System Support] to assure that the inevitable glitches and problems be 25
161 See SCE-09, Chapter V, Figure V-7, where SCE forecasts that annual PEV sales will continue to significantly grow,
reaching approximately 151,000 PEVs in its service territory by 2017.
162 For example, today, approximately one percent of SCE’s EV customers select the separately metered, TOU-EV-1 rate. These customers will typically call SCE multiple times to finalize their rate decisions and provide SCE with the required information to service their accounts. A one-stop online service would greatly improve the efficiency of that interaction, as well as improve the overall customer experience.
168
worked out in the key systems then complete the software development and other steps.”163 Edison 1
SmartConnect® and Customer Relationship Management (CRM) have now been implemented and 2
integrated into SCE systems and processes. Since SCE’s 2012 GRC Decision, SCE has streamlined the 3
PEV process and seeks to develop a PEV Self-Service Solution that will provide customers a one-stop, 4
online service solution. This PEV System Support project is now ready to be implemented. 5
(2) Scope 6
Customer Service seeks to develop a multi-year program that will address 7
and implement PEV self-service solutions in a phased approach during 2015-2017. This overall 8
solution will provide SCE’s customers with one-stop, online, end-to-end service solutions through 9
access in SCE.com or by contacting the Customer Contact Center. These services would allow the 10
customers to do the following: 11
Access SCE’s web site for PEV information and education; 12
Perform a rate analysis using the last twelve months of a customer’s 13
actual usage information and incorporating the EV load; 14
Determine which rate best fits the customer’s need; and 15
Request rate changes. 16
Back-end system integration would allow SCE.com to create and transmit 17
service requests initiated through SCE.com to TD service planners to verify customer infrastructure 18
needs and Basic Work Requests (BWR) to the Revenue Services Organization (RSO) to complete rate 19
changes for the customer as requested. Capabilities needed include: 20
System logic to determine (based upon EV information supplied by the 21
customer) if customer’s site requires infrastructure verifications and, if 22
so, routing a Design Manager service request to TD; 23
A Customer Contact Center (CCC) representative to run rate (TOU-D-24
TEV, TOU-EV-1) analyses for customers and the ability to request 25
rate plan changes (based on a series of questions required to calculate 26
kWhs per month); leveraging the Online Rate Calculation Analysis 27
Tool (ORCAT) infrastructure by adding PEV specific information to 28
that analysis; and 29
163 D.12-11-051, p. 375.
169
Similar interfaces for program/services selection and EV rate (TOU-D-1
TEV, TOU-EV-1, or domestic rate) analysis offered through 2
SCE.com. Customers requesting TOU-EV-1 could request an 3
additional meter and service using upgrades to the Design Manager 4
system in order to take advantage of the TOU-EV-1 rate provided by 5
SCE. This may be an additional smart meter on a separate service or a 6
third-party sub-meter. (PEV submetering is not within the scope for 7
this project.) 8
Additional information that would be collected for further analysis would 9
include tracking of customers that have acquired or are planning to acquire a PEV vehicle, changes in 10
their service to support these vehicles, and usage patterns. 11
The PEV Support System’s high level process requirements include: 12
Set up PEV service, including all activities from the initial customer 13
request, to establishment of service, to billing the customer; 14
Online SCE.com-My Account or contact center registration/enrollment 15
and program/service selection; 16
Initiate service request to TD service planners through the Design 17
Manager systems for verification of customer infrastructure needs, 18
creation of BWR rate change for CS’s Revenue and Billing department 19
to change and enroll customer on new PEV rates (TOU-D-TEV); 20
Provide customer rate choice inquiries and forecast billing options 21
based on current interval usage data (ORCAT for TOU-D-TEV and 22
TOU-EV-1) (provide real forecast pricing based on current and 23
modeled usage information); 24
Support PEV Customers; 25
Provide end-to-end services to PEV customers through self-service 26
and CSR directed options, such as account information on usage, 27
rate/program options, infrastructure set-up requests; and 28
Integrate tracking, reporting and analytics across all organizational 29
systems and processes. 30
These changes will impact the following systems: 31
170
SCE.com – self-service for service and program enrollment; 1
Dynamic Pricing – business requirements and additional functionality 2
for the Online Rate Analysis (ORCAT) project for PEV rates; 3
CRM – Customer account information updates and changes; 4
CSS – Enhancements to customer data fields, PEV work process 5
information, program options and enrollment, and integration to 6
Design Manager (TD), Clicksoft, and FATS (CS MSO). 7
Currently, tracking and reporting are done manually. With a growing 8
PEV customer base and regulatory mandates (PEV submetering),164 automated systems will be required 9
for accurate tracking and reporting and for efficient, effective service for our customers. These system 10
upgrades are essential to facilitate and streamline SCE processes associated with proper installation of 11
customer charging equipment and metering hardware. In addition, these system changes support SCE’s 12
ability to effectively implement PEV-specific rate structures and programs as mandated by the 13
Commission in R.09-08-009. 14
(3) Implementation Schedule 15
The PEV project will be reviewed on a regular basis at project status 16
meetings for adherence with budget, schedule, and technical objectives. Standard project management 17
tools and techniques will be used to manage the project. Certain planning aspects of this project may 18
begin earlier due to specifications necessary for concurrent development in other related systems. Such 19
concurrent development allows for establishment of requirements across multiple projects, which can 20
minimize rework when projects have differing implementation schedules. 21
Implementation for the PEV project will be scheduled to start in the third 22
quarter 2015 and is expected to complete by the end of the third quarter 2016. The first phase will 23
consist of implementing Customer Contact Center enrollment and workflow status tracking. This status 24
will be visible to Customer Service Representatives and internal departments. The systems affected will 25
be the Customer Service System, Design Manager, and Field Automated Test System. The second 26
phase of implementation will affect the customer facing systems. This implementation will allow 27
customers to evaluate and enroll in SCE’s PEV rates online through SCE.com. The systems affected by 28
the second phase will be SCE.com, CRM, and the Customer Data Warehouse. 29
164 See R.09-08-099.
171
b) Business Requirements 1
(1) Current Systems and Processes 2
The scope of this project is to enhance the overall PEV process and system 3
solution to enable SCE to provide their customers with a seamless PEV experience. As PEV sales 4
continue to grow in the market, automated system integration between internal existing systems is 5
needed to deliver simple solutions for customers to be able to select rates, programs and services. 6
Current programs are offered to customers through contact with a customer service representative (CSR) 7
in the Customer Contact Center (CCC), but there are limits to what a CSR is able to provide to the 8
customer; a CSR cannot forecast what the customer’s bill would be on other programs based on the 9
customer’s current usage. 10
The current process has seven steps and requires numerous hand-offs 11
among four SCE organizational units and departments using seven disparate systems. Figure VI-12 12
below illustrates the current PEV enrollment process. 13
Figure VI-12 Current PEV Seven Stage Process
Because the PEV-related system changes will result in an enrollment 14
process that is simple for customers to use, it may facilitate the growth of PEV use in SCE’s territory, 15
which will help reduce greenhouse gas emissions and create opportunities for optimizing use of utility 16
assets. 17
172
PEV Self Service Solution will also reduce costs while improving 1
customer service as EV volume grows by doing the following: 2
Reducing the number of customers contacting the CCC, 3
Reducing errors through automation, 4
Decreasing customer time and effort to make a rate choice, and 5
Reducing manual support role to monitor and support process. 6
(2) Alternatives Considered 7
Maintaining the status quo would be one alternative to developing new 8
functionality to support the increased rate of PEVs that are expected to be in service. The existing 9
systems and manual interactions would not allow SCE to provide an adequate level of customer service 10
to the growing number of PEV owners and might even serve as a disincentive to the adoption of PEVs. 11
SCE also considered developing a stand-alone system to support PEVs but 12
determined that it would be more expensive to implement and maintain without providing any 13
significant additional benefits over the proposed approach. 14
(3) Cost-Benefit Analysis 15
For the capital software cost-benefit analysis, the costs of construction and 16
any incremental O&M post-implementation were compared against up to five years of benefits post-17
implementation. For this analysis, all future costs and benefits were escalated to year-of-expenditure, 18
then discounted to 2012 NPV using a 10 percent discount rate. Finally, the sum of present-value 19
benefits was divided by the sum of present-value costs to derive the Benefit-Cost ratio for the project. 20
Because of the construction period required for software capital projects and the ensuing five-year 21
benefit window, many projects have substantial benefits after 2017, which are not reflected in this GRC; 22
benefits between 2018-2020 will be reflected in SCE's next GRC Test Year 2018. 23
The PEV Support System has a Cost-Benefit Ratio of 1.32.165 This is 24
achieved by reducing PEV operational costs by $1.7 million over a five-year period. This includes 25
reducing PEV tracking and reporting costs by 40 percent and reducing the number of EV customer calls 26
to the CCC by 50 percent in 2017 and 60 percent in 2020. There may be additional benefits that were 27
not included, such as reduced errors due to automation and increased customer satisfaction because of a 28
more efficient process. 29
165 See workpaper entitled “Cost-Benefit Analysis for Plug-In Electric Vehicle (PEV) Support Systems.”
173
c) Recorded and Forecast Expenditures 1
The forecast capitalized software costs of $2.5 million for the PEV Support 2
System project is comprised of labor, hardware, licensing and contingency costs.166 Estimates for IT 3
support are based upon prior experience with similar projects. Based upon various types of 4
developmental or COTS projects, labor rates, contingency levels, and cost components are utilized to 5
develop the overall cost estimate of the project.167 The system changes and enhancements discussed 6
above are incremental to existing functions delivered as part of the Edison SmartConnect® program and 7
in other GRC requests. The current estimate is based on experience associated with system development 8
projects in similar size and scope. 9
Table VI-52 below illustrates the forecast expenditures of the PEV Support 10
System project by year. 11
Table VI-52 Capital Forecast Expenditures for the PEV Support System Project
The PEV Support System was proposed in SCE’s 2012 GRC. The Commission 13
stated, because of the slower than expected adoption of PEVs, SCE should wait for other system 14
implementations before implementing the PEV Support System. Those systems have been 15
implemented, and the adoption of PEVs in SCEs territory is growing. The system upgrades discussed in 16
this testimony will support SCE’s goal to provide efficient and effective support for its PEV customers 17
and has a positive cost-benefit ratio of 1.32. The modifications will also provide SCE with information 18
to help it effectively implement, manage and refine its PEV support program. Multiple systems will be 19
enhanced to integrate and automate systems and processes to create an efficient workflow. 20
166 See workpaper entitled “Forecast Expenditures for Plug-In Electric Vehicle (PEV) Support Systems.”
167 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
174
12. Customer Service System (CSS) Enhancements 1
a) Background 2
(1) Project Overview 3
CSS was developed in the early 1990s, and certain capabilities built into 4
the system are becoming obsolete and in need of replacement. In general, CSS contains the following 5
five major capabilities: (1) Cashiering and Payment Options, (2) Credit and Collections, (3) Event 6
Scheduling, (4) Billing, and (5) Metering. These sub-systems are treated as a single project because of 7
the multiple and complex interrelationships, common problems, and interfacing with SAP when 8
addressing the inherent technology obsolescence in each module. 9
SCE’s current evaluation requires an expenditure of $12 million during the 10
2015 GRC window specifically to (1) replace the obsolete Cross-System Product (CSP) tool, which is 11
no longer supported by IBM, and (2) to complete the conversion to CSS workstation, which will 12
eliminate the Green Screen technology for displaying customer information. 13
(2) Scope 14
The scope of work involved with this project is as follows: 15
(a) Green Screens 16
The green screens currently being used for a variety of interfaces 17
with CSS, including accounts receivables, collections, early warning system, field systems, the metering 18
equipment system, and the revenue protection system, among others need to be replaced. The green 19
screens are old and rule-based and are both technologically and functionally obsolete based on 20
technology of the 1990s used to display mainframe generated information on Cathode Ray Tube (CRT) 21
displays. 22
(b) Cross-System Product (CSP) 23
Systematically replace the obsolete IBM development tool, Cross-24
System Product (CSP). CSP is comprised of a set of source code generators. The last supported version 25
of CSP was version 4.1 which went out of support at the end of 2001. SCE needs a new tool to perform 26
what CSP has been doing, and remediate the existing code that was generated by CSP. This requires a 27
migration of the CSP-generated code to another format of currently-supported code. 28
CSS has a significant amount of unsupported CSP code, which can 29
be divided into three categories of required replacement. 30
175
(i) Applications fully implemented with CSP 1
Shared Subsystems – Provide common software 2
processes to be used by application sub-systems within 3
168 See workpaper entitled “Forecast Expenditures for Customer Service System (CSS) Enhancements.”
169 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
177
d) Conclusion 1
The CSS Enhancement project will replace critically important portions of CSS 2
that were built on platforms that are obsolete and are no longer supported by the vendor. Technology 3
has advanced. The green screens used to display main-frame data first deployed in the 1990s are 4
outdated and obsolete, making it difficult to enhance the system. This investment in replacing this 5
portion of the CSS application will keep CSS running and will allow for further exploration of a longer-6
term solution. 7
13. Cell Relays Replacement Project 8
a) Background 9
(1) Project Overview 10
Cell relays work in conjunction with smart meters to collect interval data 11
from customers and relay that data back to the Network Management System (NMS). One cell relay 12
device can transmit data for up to 500 smart meters. 13
The cell relays that SCE purchased for the Edison SmartConnect® 14
implementation approved in D.08-09-039 have a useful life period of seven years due to technical 15
obsolescence of the product. Once the devices extend beyond their useful life, the vendor will no longer 16
support the device. We are contractually obligated to remain within two system updates behind the 17
current release. Many of the devices that were installed early in the program will be coming to the end 18
of their lifecycle during this GRC period. SCE will be working with vendors to identify the next 19
generation of communication devices required to support the changing technological landscape of smart 20
meters and will replace the cell relay devices as they approach the end of their lifecycle and support 21
period. 22
The Meter and Communications System is a series of systems and 23
applications that comprise the communication channel through which SCE bills its customers, and 24
provides critical customer services such as remote turn-on and turn-offs, near real-time energy 25
information, and power outage and restoration information. This system is required in order to bill SCE 26
customers accurately and on a timely basis. In 2020, software and firmware enhancements made to the 27
Meter and Communications System will no longer be supported. This system requires a formal 28
contractual support agreement with SCE’s suppliers. 29
The Cell Relay Replacement project will be a two-phase project. The first 30
phase includes modifications to and testing of the Metering and Communication System to ultimately 31
178
support the new hardware. The second phase of the project will be the purchase and installation of the 1
new devices. 2
(2) Scope 3
In addition to the Meter and Communications System, there are several 4
individual applications that interact with the cell relay devices. 5
Cell Relay Configuration Management System (CGM) – CGM ensures 6
configuration management of new devices. This system is used to push out any needed upgrades to cell 7
relay devices while they are installed in the field through the air and received by cell relays. 8
Network Management System (NMS) – The NMS is the gateway to all 9
Edison SmartConnect® meters and field infrastructure. All commands sent to and all data received 10
from smart meters and network field infrastructure must pass through the NMS. The NMS will need to 11
be modified and tested to ensure it can communicate with new devices. 12
Customer Service System (CSS) – This application contains the following 13
six major capabilities: (1) Cashiering and Payment Options, (2) Credit and Collections, (3) Event 14
Scheduling, (4) Meter Data Acquisitions, (5) Billing, and (6) Metering. 15
Meter Equipment System (MES) – The MES is the system of record for 16
asset management to track assets and track Advance Shipping Notice (ASN). The MES is the inventory 17
management system. The various locations of the meter are tracked through MES from the time the 18
meter is purchased to when it is received in the warehouse to when it is installed in the field. 19
Security Event Management (SEM) system – This application is used to 20
conduct security monitoring by capturing meter logs and event data and interrogating the data to identify 21
cyber security alerts. Cell relays send encrypted secure text files to the SEM system every minute. 22
SEM reads these files to determine if there are any types of security alerts on the system. 23
Cell Relay Availability (CRA) – The CRA monitors the health and 24
operations of the cell relay signal effectiveness. The CRA polls the cell relay device every five minutes 25
to ensure the cell relay is active. 26
Edison SmartConnect® Monitoring & Analysis System (SCMAS) – The 27
SCMAS is used to facilitate the monitoring and analysis of the ESC meter and communication system. 28
The SCMAS is the main interface for the Meter and Communications System. It acts as an umbrella 29
and a single point of entry and management for NMS, security, and visualization. 30
179
System updates to these applications are required before deployment of 1
new cell relay devices to ensure compatibility. A systemic problem with one or more of these 2
applications may affect the ability to communicate with the entire meter population and impact business 3
operations and customer service. 4
Phase two of the Cell Relay Replacement project extends from 2017 to 5
2019. The project will include the replacement of 14,000 cell relays. The necessary equipment will be 6
procured over three years to perform approximately 20 percent of the work in 2017, 40 percent in 2018, 7
and 40 percent in 2019. Because this project spans two GRC cycles, only the costs associated with the 8
2017 year will be included in this 2015 GRC. 9
The new cell relay devices will replace the cell relays currently installed at 10
the base of the meter socket on customer premises, poles, pedestals, or pad-mounted. Because 20 11
percent of the total 14,000 cell relays will be replaced in 2017, SCE needs to purchase 2,800 new cell 12
relays along with the appropriate poles, pedestals, or pad-mount hardware. An existing meter with a cell 13
relay socket will also need to be replaced with a new end point meter. There are necessary field design 14
costs related to determining which SCE utility poles or pad-mounts should be used and identifying 15
transformers already located near existing cell relay installations. 16
Without this capital project, cell relays will reach the end of their useful 17
lifecycle and contract supported period. The devices will begin to fail at a faster rate, and SCE may be 18
unable to bill its customers. The firmware and software will no longer be supported by the vendor and 19
may not even be procured, which would lead to a shutdown of the entire Meter and Communications 20
System. 21
(3) Cost-Benefit Analysis 22
This project is required for SCE to continue uninterrupted collection of 23
operating revenue; the decision to undertake the project cannot be appropriately analyzed using a cost-24
benefit analysis. There are other operational functions that would also be lost, such as the use of the 25
remote service switch (RSS), web presentment of customer usage data, programs and rates that rely 26
upon hourly usage data, and power outage information. Cell relays transmit customer usage data back to 27
the NMS system. The MDMS sits between the NMS and CSS and is the system of record for meter 28
data. MDMS uses meter data to create billing determinants that are passed to CSS to calculate the actual 29
customer bill. Each time a cell relay fails, the communication for approximately 500 meters associated 30
with the device is interrupted. The duration of the interruption will depend on whether the meter can 31
180
attach to another cell relay in the area and how long it takes the meter to find another cell relay to 1
reestablish communication. If a meter cannot connect with a cell relay, manual meter reading is required 2
to read the meter, as was done before ESC deployment. The project will not create incremental O&M as 3
the Business Intelligence Organization (technology used for data analysis), Edison SmartConnect® 4
Operations Center (SOC), and Meter Service Organization (MSO) are currently staffed to handle 5
ongoing product testing and support as part of their business-as-usual engineering function. 6
(4) Implementation Schedule 7
The capitalized software component of the Cell Relays Replacement 8
project is scheduled to commence in June 2016 with the selection of the product and vendor and will be 9
completed by July 2017 with the testing of the system update to accommodate the new products. The 10
non-systems capital component of the project, the actual removal and replacement of the cell relays, is 11
scheduled from 2017–2019 and targeted to replace 14,000 cell relay devices. 12
b) Business Requirements 13
(1) Current Systems and Processes 14
The current Meter and Communications System as shown below in Figure 15
VI-13 consists of six different systems and applications all coordinated to bring 15-minute interval data 16
from the individual meter into the Customer Service System, which contains software to calculate and 17
bill SCE’s customers for their energy usage. 18
The smart meters collect the usage data and transmit it to the cell relay. 19
From the cell relay, the information is sent to three different systems. NMS receives the usage data in 20
15-minute intervals. After it receives information, it sends data to the MES system to verify the meter 21
inventory. The CRA and SEM systems receive information every minute from the cell relays. These 22
systems check for the validity of a signal and ensure there are no security alerts on the system, 23
respectively. The CGM system is used as needed to send software updates to the cell relays. These 24
systems send the information they receive to a large data warehouse, which can be utilized through a 25
reporting application. 26
181
Figure VI-13 Meter and Communications System
(2) Alternatives Considered 1
There is no alternative to the replacement project. The cell relays are the 2
backbone of the Meter and Communications System. If the vendor is not supporting the cell relays, 3
SCE will be limited in its ability to implement future releases and updates of the NMS system. If SCE 4
does not stay within specified releases of the system and firmware software, SCE will be in violation of 5
its maintenance contract agreement with its vendor. If SCE were simply to maintain the current system, 6
SCE would eventually lose its capability to bill its customers because of equipment failure and 7
obsolescence. The current failure rate of the cell relays is seven percent. The end of the effective life of 8
a cell relay is approaching in 2017. SCE expects this failure rate would increase as the existing cell 9
relays reach and exceed their effective lives. When these existing relays fail, there is no guarantee that 10
the same cell relays will be available. The existing model will not be supported by the vendor, and the 11
182
vendor will not guarantee it will be making these models as technology advances. Allowing these 1
devices to go out of warranty and fail will directly affect SCE’s ability to collect its operating revenue 2
and provide customers usage information. 3
c) Recorded and Forecast Expenditures 4
The forecast capitalized software costs of $17.3 million for the Cell Relays 5
Replacement project is comprised of labor, hardware, licensing and contingency costs.170 The project is 6
divided into two components: the IT software modifications and the cell relay procurement process. 7
The $5.8 million estimate for IT software modifications is based upon prior experience with similar 8
kinds of projects. Various types of developmental or COTS projects, labor rates, contingency levels, 9
and cost components are utilized to develop the overall cost estimate of the project.171 The system 10
modifications required for these enhanced products are considered of “medium complexity” under IT’s 11
estimating method. The $11.5 million estimate for the cell relay procurement process was derived from 12
the cost of procuring and installing a cell relay device multiplied by the number of devices to be 13
replaced.172 14
Table VI-54 below illustrates the forecast expenditures of the Cell Relay 15
Replacement project by year. 16
Table VI-54 Capital Forecast Expenditures for the Cell Relay Replacement Project
The Meter and Communications System allows for the continuous collection of 18
meter usage data by which SCE bills and provides usage information to its customers. The cell relay 19
equipment has a useful life of seven years. Current equipment initially installed in 2010 with the Edison 20
SmartConnect® deployment falls out of warranty in 2017. Likewise, support for the current software 21
and firmware enhancements ends in 2020. By beginning implementation of the necessary system 22
170 See workpapers entitled “Forecast Expenditures Cell Relays Replacement Project” and “Cell Relay Procurement Costs.”
171 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
172 See workpaper entitled “Cell Relay Procurement Costs.”
183
upgrades to support the new cell relay devices in 2016, SCE will be able to complete the installation of 1
14,000 cell relays and system updates by 2020. This project is critical to support continuous billing of 2
customers and the generation of operational revenue. 3
14. Home Area Network (HAN) Future Upgrades and Standards 4
a) Background 5
(1) Project Overview 6
The Edison SmartConnect® deployment represents a critical milestone for 7
implementation of the HAN and demand-side management capabilities. During the 2013-2014 period, 8
SCE expects growth in this emerging market with widespread availability of standardized HAN devices 9
through retail distribution channels to consumers and the implementation of SCE programs that utilize 10
HAN devices (e.g., Summer Discount Plan with Smart Thermostats). The CPUC has ordered that SCE 11
be able to support up to 200,000 HAN devices within its service territory by the end of 2014—including 12
in-home displays, programmable communicating thermostats, and other smart appliances.173 13
(2) Scope 14
As the HAN technology advances, customer adoption is expected to 15
increase. To meet customer needs and regulatory mandates, SCE plans to build upon the foundation to 16
expand HAN capabilities and programs. The continued evolvement and development of HAN 17
functionality will be required to fully exploit smart meter technologies. There is a significant 18
opportunity to integrate HAN technology into SCE’s existing programs and services to deliver 19
additional value to customers. HAN technology can be leveraged as SCE educates and informs 20
customers to actively respond to dynamic pricing signals, demand response events, and energy 21
efficiency programs. These advanced capabilities include the following functionalities: 22
(a) Enable Enhanced or New Customer Program Offerings 23
A key benefit of the HAN is that it allows SCE to enhance existing 24
and offer new and innovative customer programs and services. These programs can result in energy 25
conservation and demand response benefits. In this GRC period, SCE expects to see continued 26
innovation and growth in HAN enabled technologies. SCE intends to evolve its program portfolio to 27
include additional customer offerings that capitalize on this product innovation. System capabilities will 28
be needed in order to successfully implement and deliver these programs and services. These 29
capabilities will address new or modified rates, customer enrollment via multiple channels, and new 30
173 Resolution E-4527, September 27, 2012.
184
technology registration and troubleshooting. SCE will leverage the existing processes to the extent 1
possible when building the processes for the new programs. However, new capabilities and 2
enhancements will be needed to effectively support these new programs. 3
(b) Enable Billing, Payment and Energy Efficiency Messaging 4
This functionality will expand SCE's ability to send a broader set 5
of text messages to registered HAN devices. Some of the additional text messages include billing and 6
payment messages, such as “Your bill is ready,” “Your payment is due in X days,” and “Thank you for 7
your payment.” Enabling this ability leverages an additional channel to provide customers with timely 8
information about their SCE bill and their payments. 9
Likewise, Energy Efficiency messaging will provide SCE with the 10
ability to send reminder text messages to change energy consumption behavior. The messages may 11
include “Raise your thermostat to reduce your bill,” “Turn off lights in vacant rooms,” “Charge your 12
PEV after 8:00 p.m.,” “Use light-sensing fixtures outside,” etc. Providing customers with real-time 13
actionable messages may contribute to energy conservation behaviors. 14
The system changes and enhancements discussed in this messaging 15
section are incremental to functions delivered as part of the Alerts and Notification project also 16
requested in this GRC. The Alerts and Notification project will establish the system so that alerts and 17
notifications can be sent. The HAN Future Upgrades and Standards will enable the development of the 18
functionality for HAN to become a channel for targeted messages from the Alerts and Notifications 19
System and deliver messages to HAN devices. 20
(c) Third-Party Registration of HAN Device 21
SCE anticipates that many of the HAN devices purchased by 22
customers will be installed by third-party service providers (e.g., cable, telecom, security, etc.). SCE 23
also expects that these customers will want the device registered as part of a comprehensive service 24
package. SCE has enabled eligible end-use customers to submit HAN device registrations request via 25
the SCE portal (My Account), which requires the customer to enter an ID and password to authenticate 26
the requestor. To enable a third party to submit a request on behalf of the customer, SCE would require 27
the customer to provide authorization for the third party to act on the customer’s behalf, as well as make 28
system changes to provide a mechanism for the third party to submit the request. This will provide the 29
customer and third party a more seamless, positive experience and reduce the possibility of a customer 30
abandoning the program enrollment process with the third party. 31
185
(d) Solar Inverter Control Via HAN 1
This functionality would provide customers with energy 2
production (kW and kWh) data of their PV system. Customers could use PV system production data to 3
better manage their overall energy consumption, resulting in reduced customer costs. Furthermore, 4
advanced controls via HAN would give SCE the ability to directly manage smart inverter output for 5
increased system safety and reliability. 6
(e) Gross Generation within Distributed Generation Display 7
This display will provide a single source of information from SCE 8
to the customers regarding total generation and net energy returned to SCE. This will improve customer 9
service and support better and more reliable data for SCE forecasting. 10
(f) PEV Charging Control Via HAN 11
SCE's service territory is host to one of the nation’s leading PEV 12
adoption areas. Currently, most PEV customers charge their vehicle at home. Depending on the type of 13
vehicle and the charging level, PEV charging load could be one of the largest loads in the house, far 14
exceeding any other load, including air conditioning. PEVs should be treated as any other smart device 15
in the home. 16
Customers who purchase charging equipment will have the ability 17
to enroll in advanced programs that would allow them to take advantage of technology to better manage 18
their PEV charging. This would include provisioning of customer infrastructure. To assist customers 19
with their PEV charging management, tariff information, in conjunction with user preferences, will 20
provide customers the ability to reduce cost and maximize charging. For charging control, SCE could 21
develop a PEV-specific load management program similar to the legacy Summer Discount Program. In 22
return, customers would receive an incentive for allowing SCE to interrupt or curtail their charging 23
session (with the ability to opt out). For residential and light commercial customers, both tariff and 24
control messages could be delivered using either the Edison SmartConnect® meter or via the customer’s 25
internet connection. 26
(g) Third-Party PEV Charging Controls within HAN 27
Product manufacturers are quickly moving toward cloud-based 28
control systems. In order to reduce the chance of stranded assets, it is recommended that SCE establish 29
an OpenADR2.0 system to leverage third party controls. In such a scenario, SCE does not have control 30
over the end-use device. Rather, SCE prompts the third party to reduce load in a targeted region or 31
186
provides pricing tariff info to the third party to enable the third party to manage its customers’ loads. As 1
an aggregator, the third party is responsible for the enrollment of customers and establishing 2
communications with the end-use device. 3
(3) Implementation Schedule 4
The Smart Meter HAN implementation plan (phases III and IV) will be 5
completed in 2014 and is being funded through the Edison SmartConnect® Balancing Account 6
(ESCBA). The HAN enhancements defined in this GRC are expected to be completed after funding 7
through the ESCBA has closed. 8
b) Business Requirements 9
(1) Current Systems and Processes 10
The current text messaging capabilities with the HAN are very limited. 11
Pricing signals, cost-to-date forecasts, and Save Power Days are some of the only text messages that can 12
be sent over the HAN. Many of the other capabilities described in the scope section do not yet exist. 13
The HAN device is new technology, which is just beginning to be utilized. 14
(2) Alternatives Considered 15
The alternative is to do nothing, but doing nothing would contradict many 16
of the Commission’s past wishes. In Ordering Paragraph 11 of D.11-07-056, the Commission ordered 17
SCE to develop a Smart Meter HAN implementation plan. The plan has been completed and is being 18
implemented with HAN implementation Phases III and IV being completed in 2014. In this Decision, 19
the Commission also requested utilities make HAN functionality and benefits generally accessible to 20
customers on a consistent and statewide basis. SCE has laid its HAN foundation, and this project will 21
provide additional functionality and benefits. SCE has shared its HAN Roadmap (which includes these 22
additional functionalities) with Commissioners and received no negative comments. 23
(3) Cost-Benefit Analysis 24
This project is an anticipated compliance project as SCE feels this is the 25
direction in which its customers and the Commission want the HAN to be developed. As such, a cost-26
benefit analysis was not used in determining the need for this project. This project is necessary for SCE 27
to implement based on the evidence stated above in Section (2) Alternatives Considered. 28
187
c) Recorded and Forecast Expenditures 1
The forecast costs of the HAN Future Upgrades and Standards project is $6.00 2
million.174 Estimates for IT support are based upon prior experience with similar projects. Based upon 3
various types of developmental or COTS projects, labor rates, contingency levels, and cost components 4
are utilized to develop the overall cost estimate of the project.175 This project is expected to be an 5
internally developed solution. Therefore, the added functionalities will be considered a small 6
developmental project based on IT’s estimating method. 7
Table VI-55 below illustrates the forecast expenditures of the HAN Future 8
Upgrades and Standards project by year. 9
Table VI-55 Capital Forecast Expenditures for the HAN Future Upgrades and Standards Project
The objective of the HAN Future Upgrades and Standards project is to ensure 11
SCE is aligned with the latest HAN Standards to remain consistent with the market evolution of HAN 12
technology, to enable third parties to provide customers energy management and demand reduction 13
services, and to fulfill SCE’s regulatory requirements. 14
F. Power Supply 15
1. Data Management Platform Upgrade Phase 3 16
a) Background 17
The Common Data Store (CDS) is a data hub that serves as the central repository 18
and exchange for California Independent System Operator (CAISO) market-related operational data. 19
The CDS transfers forecasts of load, gas and power prices, various generation resource output (including 20
output from hydro-electric and QFs), meter data, and weather data to Power Supply’s176 operating 21
systems. The CDS also receives the results of market operations, including published prices, schedules, 22
174 See workpaper entitled “Forecast Expenditures for HAN-Future Upgrades/Standards.”
175 See SCE-05, Vol. 1, Ch. II; and workpapers in the same volume entitled “2015 GRC IT Capital Estimates TEMPLATE v1.doc” and “GRC Estimation Worksheet TEMPLATE v1.1.xls.”
176 See SCE-02, Vol. 4, where O&M cost related to Power Supply’s capital software requests are described in more detail.
188
transfers, deal data, and outages. The CDS transfers this information to the Power Supply Data and 1
Reporting system for operational and regulatory reporting purposes. 2
The implementation of Market Redesign and Technology Upgrade (MRTU) 3
resulted in significant increases in the complexity and volume of data that Power Supply needs to 4
process and store. The current interfaces between CDS and the source and target systems were 5
developed before MRTU was implemented. SCE’s post-MRTU operating experience reveals the need 6
for data operations improvement. In addition, while meeting the basic needs for MRTU startup, the 7
CDS does not contain all of the data necessary to efficiently meet the ongoing and developing trading, 8
operations, risk management and transaction settlement data requirements. 9
b) Business Requirements 10
Power Supply needs to enhance its outdated data management infrastructure to 11
reflect changing market needs. The Data Management Platform Upgrade Phase 3 project will do the 12
following: 13
Upgrade CDS in order to handle increased CAISO data flows. While the CDS 14
was designed to capture pricing information on the 8th day following the trade 15
day, CAISO has been re-publishing its data at varying and increasing 16
frequencies. This has resulted in higher-than- planned data storage and 17
transfer requirements, which are taxing Power Supply’s ability to efficiently 18
handle the data flow. Likewise, the large increase in the amount of data 19
managed by Power Supply resulting from MRTU, ongoing CAISO market 20
enhancements, and Edison SmartConnect® program, will require Power 21
Supply’s data management capabilities to be continually improved to ensure 22
that the vast quantity of data is useful to Power Supply users.177 23
Enable CDS to collect more types of data: The platform should be expanded 24
to include transmission outage data, pricing data, forecast data, awards, and 25
other data currently stored within a variety of operating systems. 26
Make the interfaces that transfer data from CAISO more efficient by going 27
directly to CAISO to get the source data rather than relying on an 28
177 See workpaper entitled “Forecast Expenditures CDS/PDR Enhancement Project.”
189
intermediary system to download data from CAISO before transferring the 1
data to CDS. 2
Power Supply determined that, by the end of 2012, SCE had enough experience in 3
operations in the post-MRTU market to allow the project to proceed and be able to provide valuable 4
capabilities for managing SCE’s energy resource requirements. 5
c) Recorded and Forecast Expenditures 6
Table VI-56 Capital Forecast Expenditures for Data Management Platform Update Phase 3
(Nominal $000)
2013 2014 2015 2016 2017Total
Forecast
1,270$ -$ -$ -$ -$ 1,270$
We forecast costs of the Data Management Platform Update Phase 3 project to be 7
$1.270 million for 2013. This cost estimate is based on the forecasted costs to complete the scope of 8
project. For detailed cost information of this initiative, see attached workpaper.178 9
This project was included as part of the 2012 GRC and was scheduled to be 10
completed by 2012. This project is now scheduled to be implemented in 2013. 11
d) Conclusion 12
The Data Management Platform Update Phase 3 project will simplify interfaces 13
between the CAISO and SCE systems in order to improve data operations. 14
2. CAISO Market Enhancements in 2013 15
a) Background 16
The MRTU program was implemented on March 31, 2009. Following MRTU 17
implementation, CAISO implemented several enhancements to the MRTU program during 2009-2012. 18
CAISO has further enhancements planned for 2013 and beyond. SCE replaced many of our systems in 19
preparation for MRTU implementation and we are enhancing these systems to keep up with new and 20
changing CAISO requirements. The objective of the CAISO Market Enhancements project is to 21
enhance existing systems and processes to implement CAISO 2013 market initiatives in order to meet 22