Updates
July 06, 2023
July 2023 Newsletter Posted
The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:
- New Video Highlights NATF RESTORE Program (Equipment Sharing) Benefits
- NATF-EPRI-NERC Transmission Resilience Summit
- NATF Supply Chain Criteria and Risk Questionnaire Updated for Industry
-
Redacted Operating Experience Reports
June 14, 2023
NATF-EPRI-NERC 2023 Transmission Resilience Summit
Meeting materials from the NATF-EPRI-NERC 2023 Transmission Resilience Summit held May 17 in Tempe, Arizona, are now posted.
The theme for the summit was climate resilience, with topics focused on lessons learned from past extreme weather events, planning and preparing for future events, emerging technologies, and examples of how resilience is a team sport.
Thank you to Salt River Project for hosting the event.
June 06, 2023
NATF Supply Chain Criteria and Risk Questionnaire Version 4.0 Posted for Industry Use
The NATF Supply Chain Security Criteria and Energy Sector Supply Chain Risk Questionnaire version 4.0 documents have been posted for industry use on the Supply Chain Cyber Security Industry Coordination page of the NATF public website. The “Version History” link includes all prior versions and redlines of the NATF criteria and risk questionnaire.
The updates were reviewed and accepted by the ERO Enterprise to ensure its continued endorsement of the two NATF CIP-013 Implementation Guidance documents: NATF CIP-013 Implementation Guidance: Independence Assessments of Vendors and NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans.
Revisions for the 2023 annual cycle include a new detailed change log for the NATF criteria and risk questionnaire. In particular, the security frameworks identified in the NATF criteria were revised and one new supplier criteria was added. The questionnaire is now available in one format merging the previous unformatted, formatted, and scorable options. Other minor changes include additional notes, references, and terminology updates to provide clarity.
April 19, 2023
New Video Highlights NATF RESTORE Program (Equipment Sharing) Benefits
See our new video highlighting the benefits of the NATF RESTORE Program (at the bottom of our Programs page).
RESTORE, or Regional Equipment Sharing for Transmission Outage Restoration, is designed to enhance grid resilience and reliability by identifying sources and facilitating replacement of equipment following disastrous events. This optional, self-funded program is available to any transmission-owning NATF member.April 06, 2023
April 2023 Newsletter Posted
The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:
- NATF-EPRI-NERC Transmission Resilience Summit
- Supply Chain Criteria and Questionnaire Revisions
- Supplier Sharing Calls
- Redacted Operating Experience Reports
March 10, 2023
NATF Supply Chain Criteria and Questionnaire Revision Redlines Posted for Industry-Wide Comment through April 9
The NATF Criteria and Questionnaire Revision Team has reviewed suggested modifications to the “NATF Supply Chain Security Criteria” and the “Energy Sector Supply Chain Risk Questionnaire.” The proposed changes have been posted for industry-wide comment on the NATF Supply Chain Cyber Security Industry Coordination page. A summary of changes is available in the “Change Log” section of each document, and changes are indicated by red font.
Feedback on the proposed changes can be submitted to supplychain@natf.net through April 9.
The revision team will review comments in April and May and make any final determinations. The updated documents will be posted following NATF board approval in June.February 22, 2023
Registration Open for Upcoming NATF Supplier Sharing Calls
NATF supplier sharing calls are facilitated by suppliers and are typically held exclusively for the supplier community. The next two calls will bring suppliers together with potential customers from the NATF membership for constructive interchange. Supplier-only calls will resume in July.
The discussions will be led by representatives of the hosting suppliers: SEL, Siemens Energy, Hitachi Energy, Schneider Electric. In addition, the calls are supported by representatives from the International Society of Automation (ISA), the National Electrical Manufacturers Association (NEMA), and the US Chamber of Commerce.
Register today! All calls are from 1:00 p.m. – 2:30 p.m. eastern.
Wednesday, March 22, 2023
1:00 PM Eastern (US & Canada) | 1 hr 30 mins
Open to suppliers and NATF member companies
- Discussion on the information customers need, what constitutes “good” responses to questions, and the challenges for suppliers.
- Software bills of materials (SBOM) are becoming a hot topic in the industry. How are entities using, or would envision using, them?
Wednesday, May 24, 2023
1:00 PM Eastern (US & Canada) | 1 hr 30 minsOpen to suppliers and NATF companies
- What do regulations require of your customers? Overview of NERC CIP standards and CMMC (IEC 27001 & ISA/IEC 62443).
- How can suppliers partner with customers for efficient compliance management?
Wednesday, July 19, 2023
1:00 PM Eastern (US & Canada) | 1 hr 30 mins
This call will be exclusively for suppliers and serve as an opportunity to address areas identified on the March and May calls.
The intent of these calls is to encourage conversation among suppliers, provide a forum for suppliers to share forefront security concerns and how to address them, and discuss general security practices. These calls are applicable to suppliers of all sizes and security maturity.
January 20, 2023
NATF Supplier Sharing Call: January 25
Suppliers are invited to join the third in a series of NATF supplier sharing calls. These calls are facilitated by suppliers and are held exclusively for the supplier community.
Topics for this call:
- Being prepared for government actions
- Provenance concerns
- Supplier issues with software bills of materials (SBOMs)
Discussions will be led by representatives from the hosting suppliers (SEL, Siemens Energy, Hitachi-Power Grids, Schneider Electric). In addition, the calls are supported by representatives from the International Society of Automation (ISA), the National Electrical Manufacturers Association (NEMA), and the US Chamber of Commerce.
Wednesday, January 25, 2023
1:00 PM eastern (US & Canada) | 1 hr 30 mins
Register: https://natf.webex.com/weblink/register/rbf14c0903d4b7186ef4c72fe0c21da19
The intent of these calls is to encourage conversation among suppliers, provide a forum for suppliers to share forefront security concerns and how to address them, and discuss general security practices. The calls will be applicable to suppliers of all sizes and security maturity.
January 11, 2023
New NATF-EPRI Resilience Definition
The Resilience Steering Group, which includes representation from both the NATF and EPRI, has created a new NATF-EPRI definition of resilience. Development included a thorough review of available resilience definitions and frameworks with intentional incorporation of common terms and concepts. The new definition will guide NATF and EPRI collective and respective work in resilience and can serve as a point of convergence through use by organizations across the electricity subsector.
The original (2017) definition was limited to transmission resilience. While transmission entities are a special focus for the NATF, we recognize many of our members and other utilities include business units beyond transmission, including generation, distribution, or both. In addition, many entities approach resilience holistically, so an overall definition for the electricity subsector aligns with and realizes efficiencies from that approach.
New definition:
The ability of the system and its components (both equipment and human) to (1) prepare for, (2) anticipate, (3) absorb, (4) adapt to, and (5) recover from non-routine disruptions, including high impact-low frequency (HILF) events, in a reasonable amount of time
Where:
- Prepare involves both longer-term mitigation strategies (e.g., system hardening, sparing strategies/acquisition) and shorter-term preparations (e.g., reconfigurations, staging)
- Anticipate provides situational awareness before and during an event
- Absorb requires inherent robustness of the system and supporting processes during an event
- Adapt entails flexibility and scalability of the system and supporting processes during an event
- Recover relates to response and recovery activities during an event
January 10, 2023
January 2023 Newsletter Posted
The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:
- New NATF-EPRI Resilience Definition
- NATF-EPRI-NERC Transmission Resilience Summit
- NATF Framework for Addressing Grid Transformation
- Scorable Version of NATF Supply Chain Risk Questionnaire Now Available
- Annual Supply Chain Criteria and Questionnaire Revision Process Underway
- Supplier Sharing Calls
- EMS External Modeling Reference Document Posted for Industry
January 04, 2023
EMS External Modeling Reference Document Posted for Industry
The NATF has posted version 3.0 of the NATF EMS External Modeling Reference Document to our public website for the benefit of the industry.
The document provides guidance to improve performance of EMS external models. The document is intended for personnel with responsibility for development and maintenance of EMS models for real-time state estimator and real-time contingency analysis.December 22, 2022
Scorable Version of NATF Supply Chain Risk Questionnaire Now Available
Based on industry feedback, the NATF has developed a scorable version of the Energy Sector Supply Chain Risk Questionnaire to provide an optional format for entities to help assess supply chain risk. This optional format provides all the same questions as the existing questionnaire but adds the ability for entities to provide their own per-question score and weight to a completed questionnaire. This flexible approach allows entities to adjust weights to reflect their unique needs or priorities while allowing for the consistent evaluation of multiple responses. No prescribed thresholds or requirements are made by the NATF, and all scores are provided by the entities themselves.
This new version is posted on the NATF’s public Supply Chain Cyber Security Industry Coordination site. Use the “Scorable Option” link to the right of Energy Sector Supply Chain Risk Questionnaire V3.0.November 02, 2022
Annual Supply Chain Criteria and Questionnaire Revision Process Underway
The NATF is commencing the annual revision process for the “NATF Supply Chain Security Criteria” and the “Energy Sector Supply Chain Risk Questionnaire.” The revision process, the criteria, and the questionnaire are posted on the NATF’s public Supply Chain Cyber Security Industry Coordination site. The process is open to industry, suppliers, regulators, and other stakeholders.
Input on the criteria and questionnaire can be submitted to supplychain@natf.net until close of business February 17 for consideration in the 2023 review cycle.
As the criteria and questionnaire are mechanisms to drive convergence on the information needed to conduct supplier risk assessments, it is important that the information you need to conduct risk analyses is included!
As a reminder: The criteria and questionnaire capture supplier information important to the electric sector for conducting risk assessments while keeping the amount of data received to a manageable level. The criteria are also verifiable. They are mapped to National Institute of Standards and Technology (NIST) frameworks; and while NIST does not have a third-party certification or assessment available, the criteria are also mapped to other security frameworks that are certified or assessed by a qualified third-party. Note that while there is not a single security framework that addresses all criteria, including NIST, most can be verified by obtaining a combination of certifications and/or assessments.
October 21, 2022
NATF Congratulates Tony Eddleman
The NATF congratulates Tony Eddleman, director of NERC reliability compliance at Nebraska Public Power District, for receiving the 2022 E-ISAC Electricity Security Service Award in honor of Michael J. Assante. Manny Cancel, sr. vice president and CEO of the E-ISAC, presented the award to Tony during this week’s GridSecCon event. Tony’s commitment to excellence, work ethic, and tireless efforts have benefited industry and NATF progress in supply chain risk management.
October 17, 2022
October 2022 Newsletter Posted
The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:
- Facility Ratings Risk Construct
- FERC Order 881 (Ambient-Adjusted Ratings)
- Redacted Operating Experience Reports
October 06, 2022
NATF Facility Ratings Risk Construct Posted for Industry Use
The “NATF Risk Construct for Prioritizing Facility Ratings Reviews” document has been posted for industry use on the NATF public website. This document supplements the publicly posted “Key NATF Practices for Facility Ratings” document (a summary of the NATF member-confidential practices for facility ratings and how the practices address the issues and align with the controls identified by the ERO Enterprise in the November 1, 2019, ERO Facility Ratings Problem Statement) by providing a risk-based approach for prioritizing implementation of the practices, specifically baseline reviews and periodic reviews to confirm ongoing accuracy of ratings and effective operation of controls.
Given the magnitude of performing comprehensive reviews of all facilities, a Transmission Owner may want to consider a phased approach, with an emphasis on higher-risk facilities as the starting point. A good starting point is to conduct a review of a limited sample of facilities, evaluate the results, and, if necessary, expand the sample for review. This is best accomplished by initially targeting facilities with higher risk to BES reliability or higher likelihood for facility ratings error and continuing until all facilities have been reviewed.July 06, 2022
July 2022 Newsletter Posted
The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:
- NATF Posts Updated Supply Chain Criteria and Risk Questionnaire
- FERC Order 881 (Ambient-Adjusted Ratings)
- Return to In-Person Activities
- Grid Transformation
June 06, 2022
NATF Supply Chain Criteria and Risk Questionnaire Version 3.0 Posted for Industry Use
The “NATF Supply Chain Security Criteria” and “Energy Sector Supply Chain Risk Questionnaire” version 3.0 documents and associated revision process have been posted for industry use on the Supply Chain Cyber Security Industry Coordination page of the NATF public website. A new “Version History” link has been added, which includes all prior versions and redlines of the NATF criteria and risk questionnaire.
The updates have been reviewed and accepted by the ERO Enterprise to ensure its continued endorsement of the two NATF CIP-013 Implementation Guidance documents: “NATF CIP-013 Implementation Guidance: Independence Assessments of Vendors” and “NATF CIP-013 Implementation Guidance: Supply Chain Risk Management Plans.” This provision has been added to the revision process so the NATF does not need to resubmit the NATF Implementation Guidance documents to the ERO Enterprise for re-endorsement after each revision cycle. Specifically, the ERO has the ability to review the proposed changes and notify the NATF if any of the proposed revisions would cause the ERO to revoke its endorsement.
In addition to the updates to the revision process, revisions for the 2022 revision cycle include three new criteria, two new questions, and the removal of four questions that were determined to be duplicative. Other minor changes include additional notes and terminology updates to provide clarity.April 09, 2022
April 2022 Newsletter Posted
The NATF's latest external newsletter, now available on our newsletters page, includes the following articles:
- ERO Enterprise Endorses NATF Implementation Guidance for CIP-013
- NATF Criteria, Questionnaire, and Revision Process Updates Posted for Industry-Wide Comment through April 13
- FERC Order 881 (Ambient-Adjusted Ratings)
- NATF Resilience Work Continues with Roadmap
- Redacted Operating Experience Reports
March 14, 2022
NATF Criteria, Questionnaire, and Revision Process Revisions Posted for Industry-Wide Comment through April 13
The NATF Criteria and Questionnaire Revision Team has reviewed suggestions for modifications to the “NATF Supply Chain Security Criteria,” “Energy Sector Supply Chain Risk Questionnaire,” and associated revision process. The proposed changes have been posted for industry-wide comment through April 13 on the NATF Supply Chain Cyber Security Industry Coordination page. Input can be submitted to supplychain@natf.net.
Please review the criteria, questionnaire, and revision process for changes indicated by red text.
A summary of changes is available in the “Version History” notes section of each document. The redlines for the questionnaire are provided in the formatted version only; conforming final changes will be made to the unformatted version.
The revision team will review comments in April and May and provide a summary of its determinations. The updated documents will be posted following NATF board approval in June.