What to know about NERC reliability standards to meet compliance

By Contributing Author October 8, 2024
Radian Generation NERC compliance

By Kellie Macpherson | Radian Generation

The changes in the NERC IBR standards represent a significant shift for renewable power projects.

Previous NERC inverter-based resource (IBR) facilities connected to the bulk power system (BPS) had to meet NERC (North American Electric Reliability Corporation) Reliability Standards if producing 75 MVA or more. With the forecasted rapid expansion of renewable energy sources and IBRs connected to the BPS, there are potential increased risks to the grid if new technologies are not integrated properly.

In response to the growing demand for clean energy on the grid, NERC has now reduced the threshold for IBR registrations to 20 MVA interconnected to the grid at voltage levels of at least 60 kV. Projects must meet the new standards in May 2025 and the implementation will require 6-9 months, making it imperative that owners start the process towards compliance as soon as possible. This adjustment underscores the increasing importance of NERC IBR. The revisions are a response to a directive from the Federal Energy Regulatory Commission (FERC), emphasizing the growing significance of inverter-based generation and its impact on the BPS.

It is estimated that the implications of this change will require around one thousand renewable projects that previously were not required to comply, to take the necessary steps to become compliant. There will be no grandfathering of projects — all GOs (generator owner) and GOPs (generator operator) generating 20 MVA or above will need to get on board and register.

In addition, IBR sites were previously required to register for NERC at the commercial operation date (COD). With the new changes sites will need to register when the first electron flows to the grid or initial sync. This means while sites are under construction they will have to be compliant. This measure will improve the reliability of the electrical grid as NERC compliant sites are inherently dependable and consistent suppliers of power.

“There has not really been a change this big before. It will be challenging, but like everything else, it is all about planning and getting ahead of it early,” said Matt Murphy, chief operating officer at Greenbacker Renewable Energy Co., in a podcast interview discussing the NERC threshold changes for IBRs. “When everything is more thorough and organized that’s when you weed out the people that are not doing the right things. Our industry is due for that.”

What does compliance require?

For projects to meet the new NERC IBR standards, new equipment will likely be needed or in some cases retrofitted or upgraded. This may include inverters retrofitted or upgraded to provide grid support functionalities such as voltage regulation, frequency response, and reactive power control.  Identifying what equipment needs to be upgraded takes time and expertise to budget and purchase, and in some cases may require financing of some kind. As standards continue to evolve, making sound purchasing decisions to support future changes, is key.

GOs and GOPs need to start planning right away, in part because many people will be in the same situation which could lead to supply issues and if a facility is going to have difficulty with compliance, taking a proactive approach with NERC early, may help.

The first step is to assess the current situation, often termed a “fatal flaw assessment” to identify the current shortcomings for compliance. This will determine if you have equipment that is not working properly or is non-compliant. Equipment deficiencies can often be the longest time constraint to reaching compliance. In some cases, OEMs of service providers have gone out of business, or they cannot do the necessary upgrades to equipment or software updates, and so new suppliers or vendors need to be found.

It takes time to install equipment and software on-site, and it needs to be well coordinated to minimize operational impacts. Some equipment is expensive, and owners may not have it in their budgets and need to apply for a loan to fund the upgrades. Understanding these limitations and potential fatal flaws ahead of time is vital because it can take months, even a year in multi-projects organizations to meet new standards.

Reliability = protection against cyberattacks

All these components are crucial for NERC IBR compliance, as they protect GOs and GOPs against cybersecurity attacks. Modern software with security features such as firewalls plays a key role in this protection.

Configuring firewalls to deny all inbound traffic by default, with clear descriptions for all allowed traffic, is essential. As is establishing backup systems to ensure critical operations persist during failures and incorporate failover mechanisms to seamlessly switch to these backups during outages. Developing disaster recovery plans to enable the rapid restoration of services and implement robust security measures such as intrusion detection and prevention systems is important. GOs and GOPs should conduct regular security audits to identify and mitigate vulnerabilities and maintain redundant ISPs (Internet Service Providers) to ensure continuous connectivity.

Furthermore, GOs and GOPs should implement firmware and software management practices, ensuring regular updates to address vulnerabilities. Strong access control mechanisms should be in place to prevent unauthorized access to systems. To prevent the spread of cyber threats, network segmentation is recommended to isolate critical systems. Continuous monitoring and logging are essential for detecting anomalies and maintaining logs for auditing and incident response. Lastly, developing and regularly updating incident response plans tailored to the unique aspects of IBRs is crucial.

Checks and balances

Both GOs and GOPs serve critical roles in securing the bulk electric system. It is important to establish a clear set of checks and balances with the O&M (operations & maintenance). O&M providers are great at performing their day-to-day work, completing preventative maintenance, and maintaining overall site readiness but maintaining NERC Reliability Standards should not fall in the O&M scope. The Reliability Standards are there to ensure O&Ms, and other third-party vendors, are doing the work to meet compliance, but not for the O&M to confirm their own compliance. O&Ms are generally financially motivated by service guarantees to not have violations, thus creating an environment focused on financial incentives and site readiness rather than a culture of compliance.

Regulatory compliance is often complicated, time-consuming, and most importantly, mandatory. This requires dedicated focus on the respective NERC systems, alerts, bulletins, and other released information. Partnering with an experienced compliance firm with systems in place for managing the entire process and relationships with regulatory bodies, will ensure the culture of compliance. With an experienced compliance firm, GOs and GOPs can leave the ever-changing regulatory space, like the new NERC IBR reliability standards and evolving world of cyber security and focus on doing what they do best – harnessing nature to power the grid.

What should be in a Fatal Flaw Assessment

  1. Conduct a Preliminary Assessment to identify any non-compliant equipment or potential issues. This helps in understanding the current state and what needs attention.
  2. Understand NERC Reliability Standards
  3. Upgrade Inverters and Critical Equipment
  4. Implement Robust Cybersecurity Measures
  5. Establish Redundant Systems
  6. Develop a Disaster Recovery Plan
  7. Conduct Regular Security Audits
  8. Implement Access Control and Network Segmentation
  9. Continuous Monitoring and Logging
  10. Stay Updated with NERC Guidelines
  11. Engage with Consultants or firms specializing in NERC compliance and Security to get tailored advice and support throughout the registration

Kellie Macpherson is executive VP of compliance and risk management at Radian Generation. She oversees NERC compliance and managed security services. For over 15 years, she has been a noteworthy leader in the renewable asset space and has implemented 200+ compliance programs and completed 40+ NERC audits in all six NERC regions.

Tags: ,

Comments are closed here.

Read this next