Summary and background: WECC entities share operational and reliability data over a network commonly referred to as the WON, or the WECC Operations Network. In the past this has been a series of communication path connections through various utilities communications network. Over time this migrated to a commercial based communication method. This brings us to the current iteration. That being a commercial MPLS (Multi-protocol label switching) network. This network is contracted through AT&T and the contractor owner is the CAISO. This network is referred to as the ECN at the CAISO and the WON is a portion of the ECN. WECC entities contract directly with AT&T for a connection to the MPLS network and then the Data Exchange and EMS Workgroup (DEEMSWG) approves access to the WON portion of the MPLS network. Over the last few meetings the DEEMSWG has noticed a number of problems. These problems, listed below, do not have firm solutions and the Workgroup is requesting direction on the DEEMSWG’s role in granting access to the WON, future “ownership” of the WON, or equivalent and finally how to ensure proper reliable data integration across the Western interconnection. The options listed are not exhaustive and the workgroup will be discussing, in November, further options.
Problem #1: The WECC entities using the WON have seen a rise in network related issues and a lack of urgency to resolve these issues. Entities have been disconnected from the WON for extended periods of time (more than 24 hours). A major outage has occurred that disconnected many WECC entities for many hours.
Options:
- The Workgroup is currently working to improve issue resolution through the CAISO helpdesk and their interface with the AT&T commercial carrier. This option may address the sense of urgency but does not resolve the large scale outages and service level agreements.
- Redesign the AT&T network contract fit more in line with BES reliability data sharing requirements, specifically those stated in EOP-004 and various TOP standards.
- Change carriers to reliability based commercial carrier that integrates a higher level of availability into its network design.
Problem #2: As mentioned above, the DEEMSWG approves access to the WON portion of the overall MPLS network. This was seen as a method to restrict access to those entities that fall under CIP jurisdiction and therefore a share set of standards that provide a generic security policy that relies on those CIP standards. Recently a few WECC entities noticed traffic on the WON that was part of the non-WON MPLs network. This raised the concern that the WON and the rest of the ECN are not separated and therefore previous understanding of separate networks is not currently in place.
Options:
- Ask CAISO to ask AT&T to redesign the network to our previously understood design, that being the WON portion of the ECN to be separate and independent as to support a secure and reliable method for data sharing.
- Redesign the WON from the ground-up to ensure the design of only allowing utilities that are responsible for CIP standards and denying access to all others.
- Removed the assumption of security and put the onus onto each WECC entity to develop a secure communication method to for data sharing.
Problem #3: A discussion topic was has arisen and is need of resolution is the WECC DEMSWG’s authority over the WON and further the WECC members that connect to the WON. There are two items specifically that are of concern and that the WECC DEMSWG discussed during the November meeting. First, is the authority of the Workgroup to enforce guidelines and policies. An example of this is that the Workgroup has been trying to get the WON Data connection agreement signed by all entities. Too date this has only result in roughly 37% of the entities signing. Second is that with the standards coming into enforcement (CIP-012) the Workgroup feels that enforcement of a security posture is within it’s realm of influence, but is unsure if that has any teeth to it.
Asks of the workgroup to SASMS and beyond:
- The workgroup would like to further define/clarify it’s authority over the WON through the update of it’s charter and with the support of SASMS, the OC and possibly the board at WECC.
- The Workgroup is working to develop a common solution for CIP-012, which may result in a cost increases to the existing method and/or different a method to obtain connectivity.