NPRR #928 · Revision Request
NPRR928 Cybersecurity Incident Notification
ReasonOther
Created2019-04-11
Approved2019-12-10
Sections Affected
1.3.1.11.3.41.3.51.3.62.116.1923A23B23E23G23I23Jand 23N
Summary
This Nodal Protocol Revision Request (NPRR) establishes Market Participant notification responsibilities with respect to Cybersecurity Incidents. Market Participant notification of Cybersecurity Incidents will provide ERCOT with awareness of cybersecurity impacts and vulnerabilities to networks and systems that interface with ERCOT, which will help ERCOT mitigate and prevent injury to the ERCOT System and ERCOT market operations. Notification of Cybersecurity Incidents will also give ERCOT the ability to analyze acts and behaviors to identify and deflect future cybersecurity threats and existing vulnerabilities. Specifically, this NPRR: (1) defines Cybersecurity Incident and Cybersecurity Contact; (2) classifies Cybersecurity Incident information as Protected Information; (3) establishes a Market Participant notice requirement; (4) creates a form for notifying ERCOT of a Cybersecurity Incident; (5) provides that ERCOT can, for purpose of ensuring the safety or security of the ERCOT System or ERCOT market operations, notify state or federal law enforcement of a Cybersecurity Incident; and (6) allows ERCOT to notify Market Participants of general information concerning a Cybersecurity Incident in order to mitigate further impact. Under this NPRR, a Market Participant must notify ERCOT of a malicious or suspicious act that compromises or disrupts a computer network or system, which could jeopardize the reliability or integrity of the ERCOT System or ERCOT market operations. These notification requirements extend to malicious or suspicious acts that compromise or disrupt the computer network or system of a Market Participant’s agent that transacts with ERCOT. This NPRR includes a requirement that each Market Participant designate and maintain a Cybersecurity Contact with ERCOT by utilizing the Notice of Change of Information form in Protocol Section 23. This NPRR also provides Market Participants with a process for submitting information concerning a Cybersecurity Incident, including a standard form for reporting a Cybersecurity Incident – Notice of Cybersecurity Incident. Should a notifying Market Participant wish for ERCOT to communicate with an individual other than the Cybersecurity Contact for a particular Cybersecurity Incident, it may designate a temporary Cybersecurity Contact in the Notice of Cybersecurity Incident form. Cybersecurity Incident information identifiable to a specific Market Participant is considered Protected Information under this NPRR. Although such information shall be considered Protected Information under the Protocols, if ERCOT determines that there is a need to inform a state or federal law enforcement agency for the purpose of ensuring the safety and/or security of the ERCOT System or ERCOT market operations, this NPRR allows ERCOT to disclose information concerning the Cybersecurity Incident, as well as the identity of the notifying Market Participant, as long as ERCOT obtains adequate assurance from the receiving law enforcement agency that it will maintain the confidentiality of the Cybersecurity Incident. In the event that ERCOT determines that disclosure to a law enforcement agency is appropriate to ensure the safety and/or security of the ERCOT System or market operations, this NPRR requires ERCOT to provide the notifying Market Participant with notice of the disclosure, as well as the identity of the law enforcement agency to which the information was disclosed. Finally, this NPRR provides that in the event ERCOT determines a Cybersecurity Incident could impact networks or systems of ERCOT or other Market Participants, ERCOT may, in its discretion, issue a Market Notice with information regarding the Cybersecurity Incident; any such Market Notice will not identify the notifying Market Participant or Critical Energy Infrastructure Information (CEII). Notably, this provision extends to Cybersecurity Incidents that ERCOT identifies on an ERCOT network or system. ERCOT proposes to maintain discretion concerning the issuance of a Market Notice concerning a Cybersecurity Incident to avoid revealing sensitive information that could compromise ongoing cybersecurity measures or investigations.
Action Log 5 milestones
-
Apr 11
PRSDeferred/Tabled→ Language Consideration
-
Oct 10
PRSRecommended for Approval→ Impact Analysis Consideration
-
Nov 13
PRSRecommended for Approval→ Revision Request Consideration
-
Nov 20
TACRecommended for Approval→ Revision Request Consideration
-
Dec 10
BOARDApproved
Amendments
| Date | Body | Motion | Result |
|---|---|---|---|
| Oct 10 '19 | PRS | to recommend approval of NPRR928 as amended by the 9/27/19 MSCGI comments | Passed |
Documents 13
| Name | Type | Posted | Classification |
|---|---|---|---|
| 928NPRR-01 Cybersecurity Incident Notification 032019 | doc | Mar 20 '19 | Revision Request |
| 928NPRR-02 Impact Analysis 032019 | doc | Mar 20 '19 | Staff Report |
| 928NPRR-03 ERCOT Comments 041019 | doc | Apr 10 '19 | Revision Request Comments |
| 928NPRR-04 PRS Report 41119 | doc | Apr 16 '19 | Committee Report |
| 928NPRR-05 ERCOT Comments 071719 | doc | Jul 17 '19 | Revision Request Comments |
| 928NPRR-06 Oncor Comments 080919 | doc | Aug 9 '19 | Revision Request Comments |
| 928NPRR-07 CNP Comments 081319 | doc | Aug 13 '19 | Revision Request Comments |
| 928NPRR-08 Oncor Comments 082719 | doc | Aug 27 '19 | Revision Request Comments |
| 928NPRR-09 MSCGI Comments 092719 | doc | Sep 27 '19 | Revision Request Comments |
| 928NPRR-10 PRS Report 101019 | doc | Oct 14 '19 | Committee Report |
| 928NPRR-11 PRS Report 111319 | doc | Nov 13 '19 | Committee Report |
| 928NPRR-12 TAC Report 112019 | doc | Nov 20 '19 | Committee Report |
| 928NPRR-13 Board Report 121019 | doc | Dec 12 '19 | Committee Report |
Meetings That Took It Up 19
| Date | Meeting | Committee | Status |
|---|---|---|---|
| Aug 11 '20 | Urgent Board of Directors Meeting – Teleconference Available by Webcast | BOARD | Concluded |
| Jun 24 '20 | TAC Meeting | TAC | Concluded |
| Jun 11 '20 | PRS Meeting | PRS | Concluded |
| May 13 '20 | PRS Meeting by Webex Only | PRS | Concluded |
| Apr 16 '20 | PRS Information Session - WebEx Only | PRS | Concluded |
| Apr 1 '20 | TAC INFORMATION SESSION – WebEx Only | TAC | Concluded |
| Mar 25 '20 | PRS Information Session - WebEx only | PRS | Concluded |
| Feb 13 '20 | PRS Meeting | PRS | Concluded |
| Dec 10 '19 | Board of Directors Meeting | BOARD | Concluded |
| Nov 20 '19 | TAC Meeting | TAC | Concluded |
| Nov 13 '19 | PRS Meeting | PRS | Concluded |
| Oct 10 '19 | PRS Meeting | PRS | Concluded |
| Sep 12 '19 | PRS Meeting | PRS | Concluded |
| Aug 15 '19 | PRS Meeting | PRS | Concluded |
| Jul 17 '19 | PRS Meeting | PRS | Concluded |
| Jun 25 '19 | NPRR928 Workshop I | Concluded | |
| Jun 13 '19 | PRS Meeting | PRS | Concluded |
| May 9 '19 | PRS Meeting | PRS | Concluded |
| Apr 11 '19 | PRS Meeting | PRS | Concluded |