MIS LOG IN

NPRR928

Summary

Title Cybersecurity Incident Notification
Next Group
Next Step
Status Approved on 12/10/2019
Effective Dates
03/13/2020

Sections 2.1 (partial), 16.18 (partial), 23A, 23B, 23E, 23G, 23I, 23J, 23M, and 23O

04/03/2020

All remaining sections

Action

Date Gov Body Action Taken Next Steps
12/10/2019 BOARD Approved
11/20/2019 TAC Recommended for Approval Revision Request Consideration
11/13/2019 PRS Recommended for Approval Revision Request Consideration
10/10/2019 PRS Recommended for Approval Impact Analysis Consideration
04/11/2019 PRS Deferred/Tabled Language Consideration

Voting Record

Date Gov Body Motion Result
12/10/2019 BOARD to approve NPRR928 as recommended by TAC in the 11/20/19 TAC Report Passed
11/20/2019 TAC to recommend approval of NPRR928 as recommended by PRS in the 11/13/19 PRS Report Passed
11/13/2019 PRS to endorse and forward to TAC the 10/10/19 PRS Report and Impact Analysis for NPRR928 Passed
10/10/2019 PRS to recommend approval of NPRR928 as amended by the 9/27/19 MSCGI comments Passed
04/11/2019 PRS to table NPRR928 Passed

Background

Status: Approved
Date Posted: Mar 20, 2019
Sponsor: ERCOT
Urgent: No
Sections: 1.3.1.1, 1.3.4, 1.3.5, 1.3.6, 2.1, 16.19, 23A, 23B, 23E, 23G, 23I, 23J, and 23N
Description: This Nodal Protocol Revision Request (NPRR) establishes Market Participant notification responsibilities with respect to Cybersecurity Incidents. Market Participant notification of Cybersecurity Incidents will provide ERCOT with awareness of cybersecurity impacts and vulnerabilities to networks and systems that interface with ERCOT, which will help ERCOT mitigate and prevent injury to the ERCOT System and ERCOT market operations. Notification of Cybersecurity Incidents will also give ERCOT the ability to analyze acts and behaviors to identify and deflect future cybersecurity threats and existing vulnerabilities. Specifically, this NPRR: (1) defines Cybersecurity Incident and Cybersecurity Contact; (2) classifies Cybersecurity Incident information as Protected Information; (3) establishes a Market Participant notice requirement; (4) creates a form for notifying ERCOT of a Cybersecurity Incident; (5) provides that ERCOT can, for purpose of ensuring the safety or security of the ERCOT System or ERCOT market operations, notify state or federal law enforcement of a Cybersecurity Incident; and (6) allows ERCOT to notify Market Participants of general information concerning a Cybersecurity Incident in order to mitigate further impact. Under this NPRR, a Market Participant must notify ERCOT of a malicious or suspicious act that compromises or disrupts a computer network or system, which could jeopardize the reliability or integrity of the ERCOT System or ERCOT market operations. These notification requirements extend to malicious or suspicious acts that compromise or disrupt the computer network or system of a Market Participant’s agent that transacts with ERCOT. This NPRR includes a requirement that each Market Participant designate and maintain a Cybersecurity Contact with ERCOT by utilizing the Notice of Change of Information form in Protocol Section 23. This NPRR also provides Market Participants with a process for submitting information concerning a Cybersecurity Incident, including a standard form for reporting a Cybersecurity Incident – Notice of Cybersecurity Incident. Should a notifying Market Participant wish for ERCOT to communicate with an individual other than the Cybersecurity Contact for a particular Cybersecurity Incident, it may designate a temporary Cybersecurity Contact in the Notice of Cybersecurity Incident form. Cybersecurity Incident information identifiable to a specific Market Participant is considered Protected Information under this NPRR. Although such information shall be considered Protected Information under the Protocols, if ERCOT determines that there is a need to inform a state or federal law enforcement agency for the purpose of ensuring the safety and/or security of the ERCOT System or ERCOT market operations, this NPRR allows ERCOT to disclose information concerning the Cybersecurity Incident, as well as the identity of the notifying Market Participant, as long as ERCOT obtains adequate assurance from the receiving law enforcement agency that it will maintain the confidentiality of the Cybersecurity Incident. In the event that ERCOT determines that disclosure to a law enforcement agency is appropriate to ensure the safety and/or security of the ERCOT System or market operations, this NPRR requires ERCOT to provide the notifying Market Participant with notice of the disclosure, as well as the identity of the law enforcement agency to which the information was disclosed. Finally, this NPRR provides that in the event ERCOT determines a Cybersecurity Incident could impact networks or systems of ERCOT or other Market Participants, ERCOT may, in its discretion, issue a Market Notice with information regarding the Cybersecurity Incident; any such Market Notice will not identify the notifying Market Participant or Critical Energy Infrastructure Information (CEII). Notably, this provision extends to Cybersecurity Incidents that ERCOT identifies on an ERCOT network or system. ERCOT proposes to maintain discretion concerning the issuance of a Market Notice concerning a Cybersecurity Incident to avoid revealing sensitive information that could compromise ongoing cybersecurity measures or investigations.
Reason: Other

Key Documents

Related Content