Updates

January 20, 2022

January 2022 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

  • Annual Supply Chain Criteria and Questionnaire Revision Process Underway
  • Central Library for Supply Chain Risk Information
  • Facility Ratings
  • Value of NATF Peer Reviews
  • Redacted Operating Experience Reports

Read More

January 20, 2022

Annual Supply Chain Criteria and Questionnaire Revision Process Underway

The NATF is commencing the annual revision process for the “NATF Supply Chain Security Criteria” and the “Energy Sector Supply Chain Risk Questionnaire.” The revision process, the criteria, and the questionnaire are posted on the NATF’s public Supply Chain Cyber Security Industry Coordination site. The process is open to industry, suppliers, regulators, and other stakeholders.

Input on the criteria and questionnaire can be submitted to supplychain@natf.net until close of business February 18 for consideration in the 2022 review cycle.

As the criteria and questionnaire are mechanisms to drive convergence on the information needed to conduct supplier risk assessments and are expected to be the basis for information included in a potential central library, it is important that the information you need to conduct risk analyses is included!

As a reminder: The criteria and questionnaire capture supplier information important to the electric sector for conducting risk assessments while keeping the amount of data received to a manageable level. The criteria are also verifiable. They are mapped to the National Institute of Standards and Technology (NIST) framework; and while NIST does not have a third-party certification or assessment available, the criteria are also mapped to other security frameworks that are certified or assessed by a qualified third-party. Note that while there is not a single security framework that addresses all criteria, including NIST, most can be verified by obtaining a combination of certifications and/or assessments.

Read More

January 11, 2022

Survey for Suppliers of Products or Services for the Electric Industry

The North American Transmission Forum (NATF), working with the organizations identified below, is facilitating a survey to obtain initial input on the development of a central repository/library to support the efficient sharing of required supply-chain-related security information from companies that supply products or services for the electric system and energy sector.

The primary objective is to reduce supply chain risks; a repository could serve to significantly reduce the level of effort to achieve this objective—for both companies required to ensure adequate vendor security and for vendors supporting this sector by limiting the number of times they have to provide the same security information.

This survey provides you an opportunity to include your ideas and input in the development of this central library.

The survey can be accessed HERE and will be open through January 24. A pdf version of the survey is available for your convenience.

Background
Supply chain breaches continue to be a risk to operational reliability and national security. Entities looking to implement supply chain risk management—as well as government, insurers, and other interested parties—have begun requiring the submission of basic security and hygiene data to better assess risks across third-party vendors. The development of a central repository, or library, of this commonly and repeatedly requested data is an opportunity for the electric industry to forward the implementation of a vendor assessment solution mitigating supply chain risks rather than having a solution imposed upon the industry through an executive order, regulation, or other method.

A viable central library that can provide information to help all participants identify and mitigate supply-chain risks will significantly reduce the level of effort associated with these evolving requirements. However, developing and establishing this library in a manner that meets your needs and security objectives relies on your support/participation and the support/participation from industry companies. The first step is to obtain good input and feedback. Your responses to this supplier-side survey will be used to ensure the development of a central library will best support these efforts across all stakeholders. A parallel effort is also underway to obtain input from industry companies. Collectively, these will be used to build a leading practice library to enhance our ability to more efficiently conduct supplier risk assessments and supplement our approach to mitigating supplier risk.

The survey consists of 26 questions, with a free-form write-in option at the end of the survey for you to provide additional input. Please provide responses to as many of the questions as you can. Your feedback is important to guide the appropriate development of a central library.

If you have any difficulty in accessing the survey or questions, please contact Valerie Agnew at vagnew@natf.net.

We appreciate you taking the time to complete the survey!

Supporting Organizations
CNK Solutions
Exelon
Hitachi Power Grids
Hubbell
International Society of Automation (ISA)
Schneider Electric
Schweitzer Engineering Labs (SEL)
Siemens
US Chamber of Commerce

Read More

December 03, 2021

NATF Job Opening: Program Manager - Operating Experience and Surveys

The North American Transmission Forum (NATF) has posted an opening for a program manager - operating experience and surveys.

Please see the following link for the job description: program manager - operating experience and surveys

To apply, please send your resume to info@natf.net.

Read More

November 19, 2021

2021 EPRI-NERC-NATF Planning and Modeling Virtual Seminar

In November, the NATF partnered with the North American Electric Reliability Corporation (NERC) and the Electric Power Research Institute (EPRI) to host a planning and modeling seminar focused on planning for a decarbonized grid. Subject-matter experts from across the industry presented on topics such as planning aspects of hybrid plants and bulk electric system storage, use of climate information for assessing the impacts of extreme weather events, and technology impacting the industry.

Presentations from the seminar are posted on our Documents page under the “Presentation/Updates” section.

Read More

October 04, 2021

October 2021 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

  • NATF Posts Guidance for Entities Working with Solution Providers
  • 2021 EPRI-NERC-NATF Planning and Modeling Virtual Seminar
  • New Product for NATF Members
  • Redacted Operating Experience Reports
     

Read More

October 01, 2021

NATF Posts Guidance for Entities Working with Solution Providers

The NATF has posted the “NATF Industry Collaboration: Using Solution Providers for Third-Party Risk Management” guide for industry use. The document clarifies the role of a solution provider and provides guidance for entities that are considering a solution provider’s services to assist with evaluations of suppliers’ cyber security practices. These services, such as gathering supplier information and providing analysis, can provide significant support for an entity’s ongoing supply cyber security risk management.

The Industry Organization Team suppliers and solution providers jointly developed the document. They have provided entities with items to consider based on insights from both perspectives and, through the development of this document, strengthened the relationships between the two industries.

Read More

July 20, 2021

July 2021 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

  • NATF Posts Updated Supply Chain Documents for Industry
  • Response to U.S. Department of Energy (DOE) Request for Information (RFI)
  • Facility Ratings Practices Implementation

Read More

June 09, 2021

NATF Supply Chain Model, Criteria, and Risk Questionnaire Version 2.0 Posted for Industry Use

The “Supply Chain Security Assessment Model,” “NATF Supply Chain Security Criteria,” and “Energy Sector Supply Chain Risk Questionnaire” version 2.0 documents have been posted for industry use on the Supply Chain Cyber Security Industry Coordination page of the NATF public website.

Supported by the Industry Organizations Team, the model and complementary products provide a streamlined, effective, and efficient industry-accepted approach for entities to evaluate supplier supply chain security practices.

The five-step model provides a solid foundation for identifying, assessing, and mitigating supply chain risks; provides for inclusion of suppliers and solution providers depending upon each entity’s needs; and provides for flexibility of each entity’s implementation.

The criteria includes mapping to existing security frameworks and is categorized into two areas: (1) supplier’s organizational information and (2) supplier’s level of adherence to supply chain security practices.

A formatted and unformatted version of the questionnaire is provided. The formatted version includes guidance based upon answers to a series of “qualifier” questions that identifies optional questions for utilities to consider in a risk assessment. The unformatted version is text-only for easy incorporation into various toolsets or existing company spreadsheets.

Read More

April 05, 2021

April 2021 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:

  • NATF and NERC Host Webinar on Pandemic Planning and Response Activities
  • NATF Hosting Virtual Seminars for Members
  • Facility Ratings Practices Implementation
  • NATF Continues Work on Supply Chain Risk Management
  • Redacted Operating Experience Reports

Read More

March 05, 2021

NATF Questionnaire and Criteria Revisions Posted for Industry-Wide Comment through April 2

The NATF Questionnaire and Criteria revision team has reviewed suggestions for modifications to the Questionnaire and Criteria, and adopted changes have been posted for industry-wide comments through April 2.

Please review the Questionnaire and Criteria for: 

  • changes in the Questionnaire (formatted version) and Criteria
  • the questions and criteria in general for alignment to the information you collect from suppliers
  • the mapping to the security frameworks

Changes are indicated by red text and a summary of changes is available on the “Confidentiality” tab of each document. The redlines for the Questionnaire are provided in the formatted version only. Conforming final changes will be made to the unformatted version.

A webinar will be provided on March 19 from 11:30 am - 12:30 pm eastern. This webinar is open to industry. Register here.

The review team will review comments in April and will provide a summary for their determinations. The final changes will be provided to the NATF board for approval in May, and upon approval the revised Questionnaire and Criteria will be posted.

Main points to note:

  • The Questionnaire and Criteria have been reviewed by the E-ISAC and NERC for sufficiency in regards to the Solar Winds hack, and it was determined that no additional changes were needed.
  • The Questionnaire and Criteria were both reviewed to determine if they would obtain sufficient information regarding countries of origin. 
    • In the Questionnaire, mapping was added to the new supplier criteria
    • In the Criteria, three questions from the “Organizational Information” section were moved into the “Supplier Criteria” tab
  • The changes to the Questionnaire are denoted in the formatted version for comments; final changes will be included in the unformatted after approval.
 

Read More

March 05, 2021

NATF and NERC to Host Webinar on Pandemic Planning and Response Activities

On March 17, the North American Transmission Forum (NATF) and North American Electric Reliability Corporation (NERC) will host a webinar about pandemic planning and response activities as well as resources available to industry. Opening remarks will be provided by Commissioner Neil Chatterjee, Federal Energy Regulatory Commission (FERC); Tom Galloway, president and CEO of NATF; and Manny Cancel, senior vice president of NERC and CEO of the Electricity Information Sharing and Analysis Center (E-ISAC). The webinar will feature presentations on pandemic activities from the following organizations:

  • NATF
  • NERC
  • E-ISAC
  • Electricity Subsector Coordinating Council (ESCC)
  • Electric Power Research Institute (EPRI)
  • European Network of Transmission System Operators for Electricity (ENTSO-E)
  • European Commission (Directorate-General for Energy)

The webinar will be held from 9:00–11:00 a.m. eastern. For more information or assistance, please contact Ted Franks at tfranks@natf.net or 704-945-1949.

Agenda | Webinar Registration | NATF COVID-19 Page

Read More

January 11, 2021

January 2021 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, highlights the following topics:

  • Epidemic/Pandemic Resource Supplemented with Safety and Work-Environment Considerations
  • NATF-SERC-RF Pilot Collaborations on Supply Chain Risk Mitigation and Facility Ratings
  • NATF Begins Annual Revision Process for Supply Chain Criteria and Questionnaire
  • Protection System Misoperations Analysis Annual Report
  • Redacted Operating Experience Reports

Read More

January 11, 2021

Epidemic/Pandemic Resource Supplemented with Safety and Work-Environment Considerations

The Epidemic/Pandemic Response Plan Resource has recently been updated to include information on personal protective equipment use, a tertiary control center strategy, and configuration options for control centers and office space.

The resource—which focuses on planning/preparedness, response, and recovery activities for a severe epidemic/pandemic—was jointly developed by the NATF, the North American Electric Reliability Corporation, the U.S. Department of Energy, and the Federal Energy Regulatory Commission to help utilities create, update, or formalize their epidemic/pandemic plans in response to the COVID-19 pandemic.

Read More

October 30, 2020

NATF is hosting an Industry Organizations webinar for suppliers!

This webinar will be provided twice, on December 1 and January 12, to help suppliers understand the requests they are receiving from entities and how they can be prepared to provide entities will responses. The webinar will cover the NATF Criteria and Questionnaire, as well as how suppliers can work directly with entities and with solution providers. Just as the IO Team is working to converge industry on what information is necessary to obtain from suppliers, the Team is also working with suppliers so they will have the information you need readily available. The invitation to attend this webinar is provided on the Industry Organizations webpage. Click HERE for the Supplier Communication Webinar Invitation.

Many entities and solution providers involved in the Industry Organizations collaboration effort have agreed to distribute the letter invitation to their suppliers. We are also asking that you, as you are able, distribute the letter invitation to your organization’s suppliers.

You are also welcome to attend these webinars. Registration is required to join this event. If you plan to attend and have not registered, please do so now.

Click HERE to register for the December 1, 2020 webinar
Click HERE to register for the January 12, 2021 webinar

Read More

October 08, 2020

October 2020 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, highlights the following topics:

  • Transmission Resilience Maturity Model: Helps Utilities Improve Resilience
  • Virtual Peer Reviews
  • NATF Posts Revision Process for Supply Chain Criteria and Questionnaire
  • Coordination and Support Aspects Added to Epidemic/Pandemic Resource
  • Redacted Operating Experience Reports

Read More

October 08, 2020

Transmission Resilience Maturity Model Developed to Help Utilities Improve Resilience

The inaugural version (1.0) of the Transmission Resilience Maturity Model (TRMM) was released publicly this week on the TRMM website.  In addition to access to the TRMM tool, the website provides overview and background information, FAQs, a suite of supporting documentation, and more.

The TRMM (developed jointly by the NATF, the Pacific Northwest National Laboratory, the Electric Power Research Institute, and the Department of Energy) is a free, easy-to-use tool, with supporting documentation, designed for electric transmission system utilities to evaluate and benchmark the relative maturity of their transmission resilience programs.  The model can help identify gaps and prioritize actions and investments to improve the resilience of transmission systems.

The draft model was piloted by five NATF member companies in 2020, and improvements based on lessons learned were incorporated into version 1.0.  The NATF envisions incorporating aspects of the TRMM as additional service offerings for members, including facilitated self-assessments, metrics, and targeted assistance.

To obtain a passphrase for the tool, please register here.  Contact us at trmm@natf.net with any questions.

DOE Press Release

Read More

September 23, 2020

NATF Posts Revision Process for Supply Chain Criteria and Questionnaire

The NATF has posted the "Revision Process for the Energy Sector Supply Chain Risk Questionnaire and NATF Cyber Security Criteria for Suppliers" for industry use. 

The purpose of this process is to facilitate periodic reviews and modifications of the NATF “Energy Sector Supply Chain Risk Questionnaire” (Questionnaire) and the “NATF Cyber Security Criteria for Suppliers” (Criteria), which were developed for industry-wide use to drive consistency of information obtained from suppliers of bulk power system hardware, software, and services.  

Consistent with the NATF’s open, collaborative, and consensus-based approach, modifications via this process will be made with consideration of input from across industry and will include adding, deleting, or modifying individual questions in the Questionnaire or individual criterion in the Criteria as well as adding, deleting, or modifying mappings to security frameworks (e.g., SOC2, ISO27001, etc.).  

The process is available on the NATF Supply Chain Cyber Security Industry Coordination page. 

Read More

August 14, 2020

Epidemic/Pandemic Response Plan Resource Updated to Include Coordination and Support Aspects

The Epidemic/Pandemic Response Plan Resource has been updated to include details on cross-sector coordination, prioritized requests for government support, and misinformation.

The resource—which focuses on planning/preparedness, response, and recovery activities for a severe epidemic/pandemic—was jointly developed by the North American Transmission Forum, North American Electric Reliability Corporation, U.S. Department of Energy, and Federal Energy Regulatory Commission to help utilities create, update, or formalize their epidemic/pandemic-response plans in response to the COVID-19 pandemic.

Read More

July 02, 2020

July 2020 Newsletter Posted

The NATF's latest external newsletter, now available on our newsletters page, highlights the following topics:

  • Resource Developed to Help Organizations Update Pandemic Response Plans
  • NATF Continues Monitoring COVID-19 and Implementing Virtual Activities
  • Energy Sector Supply Chain Risk Questionnaire
  • Transmission Resilience Maturity Model (TRMM)
  • Redacted Operating Experience Reports

Read More