Dive Brief:

• Electric grid operators were forced to shed firm load for 22.4 hours in 2020 across the bulk power system (BPS), a significant increase over recent years and a potentially worrying trend as extreme weather events continue to impact the grid, according to an annual assessment issued Tuesday by the North American Electric Reliability Corp. (NERC).
• Operator-initiated firm load shedding "is one of the metrics that, to me, matters the most," John Moura, NERC's director of reliability assessment and performance analysis, said in a media briefing. "At the end of the day, it's really an indication that the system ran out of options."
• On the whole, however, the BPS "was reliable in 2020 despite unprecedented conditions," NERC said in its 2021 State of Reliability report. But while the grid "continued to perform well," the report also outlines concerns regarding energy adequacy and extreme weather, and recommends stricter cybersecurity standards for smaller assets.

Dive Insight:

NERC included a graph of its "Hours without Operator-Initiated Firm Load Shed" data in the reliability report, but it doesn't tell the whole story: Already in 2021, extreme cold in Texas means more than 70 hours of load shedding will be reflected in the next report.

Hurricane Laura and the California August heat wave were the cause of most of the load shedding in 2020.

"It is the most severe we've seen this type of metric, with the most significant firm load shedding" said Moura. And when you consider the load shedding seen already in Texas in 2021, "you can start thinking about where this metric will be next year."

The load-shedding metric is "indicative of some of the trends, both in how we've changed our resource mix very rapidly, but also how extreme weather is increasingly impacting the system," he said.

NERC's report addresses that changing resource mix, and among its recommendations says system planners "should evaluate the need for flexibility as conventional generation retirements are considered by industry and policymakers." The report also says retirement planning studies "should consider interconnection-level impacts, and sensitivity assessments associated with the loss of critical transmission paths and the loss of local generation in larger load pockets."

NERC also recommends that the power sector develop "comparative measurements and metrics" to better understand resilience, including measuring event management, recovery and preparation, and to improve modeling and planning capabilities, including studying the implications of frequency response under low inertia conditions.

NERC's report also highlights the need for grid security, in the face of increasing cyberattacks.

The utility sector "should significantly increase the speed and detail of cyber and physical security threat information sharing in order to counter the increasingly complex and targeted attacks by capable nation-state adversaries and criminals on critical infrastructure," the report recommends.

NERC's reliability assessment also hints at the possibility of stricter security standards for smaller grid assets.

Low impact security standards 'do not effectively mitigate the emerging threats,' expert warns

NERC's recommendations call for a review and risk assessment of cybersecurity standards and supply chain procurement, following the SolarWinds attack. That could have implications for smaller assets that are not now subject to some critical infrastructure protection standards (CIP) developed by NERC.

The SolarWinds attack "raises significant concerns about protection of any and all externally routable devices regardless of their individual scale or impact," the report says. "This suggests a review of the CIP standard's bright-line criteria between high, medium, or low impact assets should be initiated." The high-impact category, for instance, covers control centers balancing 3,000 MW or more.

Tobias Whitney, vice president of industry relations and regulatory affairs at Fortress Information Security, said NERC is taking the right approach because the grid risks are not isolated to a single system or vendor. And he added that industry should consider supply chains and the interconnected nature of critical systems "as the basis for standards enhancements."

"Low impact requirements today do not effectively mitigate the emerging threats like the SolarWinds example," Whitney said in an email. "NERC's consideration of connectivity for future enhancements is a strong step in the right direction."

NERC's 2021 [Electric Reliability Organization] Reliability Risk Priorities Report, published Friday, also points out the risk of hackers coordinating their efforts with "an extreme natural event" to increase the impact or complicate recovery.

"Exploitation could occur directly against equipment used to monitor, protect, and control the BPS or indirectly through supporting systems," the report warned.

"A coordinated cyber and physical attack scenario that is potentially targeted to occur simultaneously with an extreme natural event could further impact reliability and/or complicate recovery activities. A man-made [electromagnetic pulse] event targeted at the BPS may impact operations and result in damaged equipment that may require extensive time to replace."