ERCOT has submitted a Nodal Protocol Revision Request (NPRR 928) to establish Market Participant notification responsibilities with respect to Cybersecurity Incidents.

Under this NPRR, a Market Participant must notify ERCOT of a malicious or suspicious act, "that compromises or disrupts a computer network or system, which could jeopardize the reliability or integrity of the ERCOT System or ERCOT market operations," according to a description of the NPRR

These notification requirements extend to malicious or suspicious acts that, "compromise or disrupt the computer network or system of a Market Participant’s agent that transacts with ERCOT," according to a description of the NPRR

The NPRR includes a requirement that each Market Participant designate and maintain a Cybersecurity Contact with ERCOT by utilizing the Notice of Change of Information form in Protocol Section 23.

Cybersecurity Incident information identifiable to a specific Market Participant is considered Protected Information under the NPRR. Although such information shall be considered Protected Information under the Protocols, if ERCOT determines that there is a need to inform a state or federal law enforcement agency for the purpose of ensuring the safety and/or security of the ERCOT System or ERCOT market operations, the NPRR allows ERCOT to disclose information concerning the Cybersecurity Incident, as well as the identity of the notifying Market Participant, as long as ERCOT obtains adequate assurance from the receiving law enforcement agency that it will maintain the confidentiality of the Cybersecurity Incident.

Finally, this NPRR provides that in the event ERCOT determines a Cybersecurity Incident could impact networks or systems of ERCOT or other Market Participants, ERCOT may, in its discretion, issue a Market Notice with information regarding the Cybersecurity Incident; any such Market Notice will not identify the notifying Market Participant or Critical Energy Infrastructure Information (CEII). Notably, this provision extends to Cybersecurity Incidents that ERCOT identifies on an ERCOT network or system. ERCOT proposes to maintain discretion concerning the issuance of a Market Notice concerning a Cybersecurity Incident to avoid revealing sensitive information that could compromise ongoing cybersecurity measures or investigations.

See the NPRR here

Tags:
ERCOT   Texas   Cybersecurity  

Comment on this story


ADVERTISEMENT
NEW Jobs on RetailEnergyJobs.com
TPV-SALES-EXECUTIVE -- Back Office Provider -- Other
Sr-Market-Risk-Analyst -- Wholesale Supplier/Trader -- New York - New York City Metro
Head-of-Retail-Operations -- Wholesale Supplier/Trader -- Other
Energy-Regulatory-Specialist -- Other -- Other
More Stories on RetailEnergyX.com:
Company Seeks Texas PUC Approval For 'HVDC' Converter Facilities Connecting ERCOT With WECC Grid
ENGIE Files Complaint Against ERCOT '
Energy Shopping Site Names 2021 'Best Texas Electricity Providers'
Texas Retail Provider Named 'Best Electricity Company In Houston'
Release: 'Most Trusted Brands' Among Texas Retail Electric Providers Named