' Y2K Coordination Plan
for the
Electricity Production and
Delivery Systems of North America
Phase 1: June-September 1998
Initial Assessment and Coordination
June 12, 1998
Department of Energy
Request
The U.S. Department of Energy
has asked the North American
Electric Reliability Council
(NERC) to assume a leadership role in preparing the electricity production and delivery systems of the United States for
the transition to the Year 2000 (Y2K). This transition effort is necessary because certain software and hardware in use in
the electric and other industries use a two-digit code to represent the last two digits of the year. As a result, these
software and hardware may misinterpret the change from 1999 to the Year 2000 as they process data. DOE's request is
part of a broad initiative by the President of the United States to ensure that infrastructure essential to the nation's
security and well being remains operational during critical Y2K transition periods. The letter to NERC from the Secretary
and Deputy Secretary of Energy is provided in Appendix A. DOE requests a status report and coordination plan by
September 1998 and a full status report by July 1999. The status reports will review the measures that are being taken to
prepare the electric power production and delivery systems for the transition to Y2K. Because NERC is an international
organization and the electricity systems of the United States are interconnected with those of Canada and a part of
Mexico, NERC's plan, of necessity, must include all of these interconnected systems. Thus, this document defines
NERC's initial plan for coordinating the Y2K preparedness plans of the electric utilities that operate the electricity systems
of North America.
Consolidating the Prior Work of the Industry
Y2K is not a new issue to the electric industry. NERC, its ten Regional Reliability Councils, and their members recognized
the threat posed by Y2K several years ago and have been working toward solutions at several levels. Although the effort
to date has not been entirely consistent across the industry, most electric utilities have established Y2K programs and
invested substantial personnel and technical resources in identifying and resolving Y2K problems. The industry has been
testing critical software, and embedded digital controllers, and working with vendors to find solutions. NERC and the ten
Regional Reliability Councils have been providing high-level coordination of Y2K efforts, principally through technical
committee activities and information sharing through the NERC web site at www.nerc.com.
Nearly all of the detailed problem identification and resolution to date has been performed by the individual electric
utilities. Those electric utilities that have attacked the problem aggressively are to be commended. However, NERC's
concern is that all electric utilities with a direct reliability impact on North American electrical Interconnections must
address the Y2K problem in a coordinated manner. This concern is due to the high degree of interdependence of electric
systems within an electrical Interconnection. One unprepared system has the potential to adversely impact the operation
of the rest of the Interconnection.
In response to the DOE letter, the NERC Y2K program will focus activities in three principal areas: a) sharing of Y2K
solutions, b) identifying potential weaknesses in interconnected system security, and c) operational preparedness. DOE's
request provides NERC with an opportunity and a challenge to coordinate the efforts of individual Regions and electricity
providers across North America toward a collective goal of maintaining secure operation of the electric systems through
critical Y2K transition periods.
Importance of Meeting the Challenge
More than any other element of the North American economic and social infrastructure, the electricity production and
delivery systems must be dependable during the transition to Y2K. Every other critical element of infrastructure depends
on the availability of an interconnected, reliable supply of electrical power. There is no doubt that cascading or even
localized outages of generators and transmission facilities could have serious short- and long-term consequences.
The Weakest Link Concept
The electric systems of North America are connected within four large Interconnections The largest, the Eastern
Interconnection, covers the eastern two-thirds of North America, including the United States and Canada. The second
largest, the Western Interconnection, covers the western one-third of the U.S. and Canada, as well as a portion of the
Baja California Norte region of Mexico. The other two Interconnections include 1) most of the state of Texas - also
known as the ERCOT Region - and 2) the Quebec Interconnection, which covers the province of Quebec, Canada.
Each of these four Interconnections is a highly connected network. A major disturbance within one part of an
Interconnection will rapidly have an impact throughout the Interconnection and has the potential to cascade the effect to
the entire Interconnection. The four Interconnections are for the most part independent from each other, because they
are connected by comparatively small high voltage direct current (HVDC) electrical ties and do not interconnect
synchronously. The one notable exception is the major HVDC tie lines from Hydro-Quebec into the Northeastern United
States. Loss of these facilities and the power supply from Quebec can have a substantial impact on power delivery
systems in the Northeastern portion of the United States.
Within each Interconnection, power production and delivery systems are highly interdependent. In general, systems are
operated such that the loss of one facility, or in some cases two or three facilities, will not cause cascading outages. Y2K
poses the threat that common mode failures (such as all generator protection relays of a particular model failing
simultaneously) or the coincident loss of multiple failures may result in stressing the electric system to the point of a
cascading outage over a large area.
This high level of interdependence within an Interconnection means that the robustness of the overall system needs to be
tested against this new "contingency." An individualistic approach to the problem may not cover all potential problem
areas, e.g., coordination with neighboring utilities, and, thus, could adversely affect operations within an Interconnection.
An individual electric utility that invests tens of millions of dollars in solving Y2K problems could be affected in a major
way by an outage initiated in neighboring systems that have not been as diligent. Therefore, preparation of the electricity
power production and delivery systems in North America must be a coordinated team effort by those entities responsible
for system reliability. All preventive programs do not have to be the same, but they do have to be coordinated. The
industry will succeed or fail together in its readiness for Y2K.
Although the written request that sparked initiation of the NERC coordination program was received from the U.S.
Department of Energy, NERC recognizes that maintaining grid security during the Y2K transition is an international issue
requiring coordination with the United States, Canadian, and Mexican governments.
Nature of the Y2K Problem in Electricity Production and Delivery
Maintaining a reliable supply of electricity during the Y2K transition is not an insurmountable task. There are four critical
areas that pose the greatest direct threat to power production and delivery:
Power production - Generating units must be able to operate through critical Y2K periods without
inadvertently tripping off-line. The threat is most severe in power plants with digital control systems (DCSs).
Numerous control and protection systems within these DCS use time-dependent algorithms that may result
in unit trips. Most older plants operating with analog controls will be less problematic. Digital controllers
built into station equipment, protection relays, and communications also may pose a threat.
Energy management systems - Control computer systems within the electric control centers across
North America use complex algorithms to operate transmission facilities and control generating units. Many
of these control center software applications contain built-in time clocks used to run various power system
monitoring, dispatch, and control functions. Many energy management systems are dependent on time signal
emissions from Global Positioning Satellites, which reference the number of weeks and seconds since
00:00:00 UTC January 6, 1980. In addition to resolving Y2K problems within utility energy management
systems, these supporting satellite systems, which are operated by the U.S. government, must be Y2K
compliant.
Telecommunications - Electric supply and delivery systems are highly dependent on microwave,
telephone, and VHF radio communications. The dependency of the electric supply on facilities leased from
telephone companies and commercial communications network service providers is a crucial factor. With
telecommunications systems being the nerve center of the electric networks, it is important to address the
dependencies of electric utility systems on the telecommunications industry during critical Y2K transition
periods.
Protection systems - Although many relay protection devices in use today are electromagnetic, newer
systems are digital. The greatest threat here is a common mode failure in which all the relays of a certain
model fail simultaneously, resulting in a large number of coincident transmission facility outages.
Scope is Electric Power
Production and Delivery
Systems
Several key elements are identified
in this goal statement. First, the
initial focus is on power production
and transmission facilities. The goal is to maintain the "backbone" of the electricity supply infrastructure. As such, NERC
will work closely with entities responsible for the operation and security of electric systems. These entities include:
NERC Regional Reliability Councils
Control Areas within the four major electrical Interconnections in North America
NERC Security Coordinators
Independent System Operators
Owners/operators of high voltage transmission facilities
Owners/operators of bulk power generating facilities
Owners/operators of distribution supply system not included in the other categories
NERC will initially focus on the bulk electric systems because distribution systems are generally radial from the bulk
supply network and cannot function without a robust bulk supply network or Interconnection. The Interconnection can
function without reliable radial distribution systems. Maintaining the operability of this electric supply backbone may be
the single most important step toward supporting our North American infrastructure during the Y2K transition. The Y2K
needs of distribution systems will become understandable as bulk power supply issues are resolved.
As discussed in the next section, NERC is likely to work closely with other organizations to address the coordination of
electricity distribution aspects of the Y2K problem. Likely participants in this joint effort include DOE, the Electric Power
Research Institute, Edison Electric Institute, the National Rural Electric Cooperative Association, the American Public
Power Association, and others.
Defense in Depth
The second key element of the goal statement is that NERC is focused on operational security through a
"defense-in-depth" concept, which has been well developed in the design and operation of nuclear facilities. The
defense-in-depth concept assumes that although one has taken all reasonable and necessary preventive steps, there can
never be one hundred percent assurance that major system failures cannot cause a catastrophic outcome. Instead,
multiple defense barriers are established to reduce the risk of catastrophic results to extremely small probability levels and
to mitigate the severity of any such events.
It is certain that not all Y2K problems have been or will be identified, fixed, and tested in the time remaining. Also, it
would not be prudent to expend unlimited resources on potential problems in search of one hundred percent avoidance of
component failures. The cornerstone of the NERC Y2K plan, therefore, is to coordinate industry actions in implementing
the following defense-in-depth strategy:
1.Identify and fix known Y2K problems.
NERC is providing a vehicle for sharing of information on known and suspected Y2K problem areas and solutions
associated with the operation, control, and protection of bulk power generation and transmission facilities. From
this information exchange, a master list of critical Y2K problem areas and solutions will be developed and made
widely available. NERC will initiate a reporting process for key entities to report progress against specific criteria
designed to address a known list of Y2K problem areas. Through its Regional Reliability Councils, NERC will
review the progress of these entities to verify that appropriate measures are being taken by all responsible parties.
This identification of problem areas, solutions, and testing of the solution is a process that will continue into the
millenium.
2.Identify worst case conditions.
NERC will coordinate the conduct of Regional and individual system simulations to identify moderate and
worst-case scenarios in response to various classes of Y2K failures. Specific classes of failures that result in the
worst conditions will be examined further to determine possible fixes and preventive or mitigation measures.
3.Prepare for the worst.
NERC will coordinate efforts to prepare for safe operation of the electric systems under potential worst-case
conditions. Preparations will include development of special operating procedures and conducting training and
system-wide drills.
4.Operate systems in a precautionary posture during critical Y2K transition periods.
NERC will coordinate efforts to operate transmission and generation facilities in precautionary configurations and
loadings during critical Y2K periods. Examples of precautionary measures may include reducing the level of
planned electricity transfers between utilities, placing all available transmission facilities into service, bringing
additional generating units on-line, and rearranging the generation mix to include older units with analog controls.
Another example is increased staffing at control centers, substations, and generating stations during critical
periods. Fortunately, from an electric reliability perspective, New Year's Eve falls on Friday, December 31, 1999,
and January 1 is a Saturday. Therefore, electric system conditions are likely to be favorable with the level of
electricity transfers at light levels and extra generating capacity available during the most critical period.
NERC's Y2K program
depends on cooperation by
the electric utilities of North
America. NERC does not
currently have the authority
in its Bylaws to order
electric utilities to take Y2K
corrective actions. Nor does NERC currently have the authority to conduct inspections or enforce compliance. The
binding obligations of electric utilities are embodied in state and federal laws, filed transmission tariffs, and contractual
agreements. Electric utility legal responsibilities are to shareholders, customers, the public, and state and federal
regulators. NERC's role is to facilitate North American-wide coordination so that the collective efforts of the industry
will minimize risks imposed by Y2K to a reliable supply of electricity.
The roles and responsibilities of participants in the NERC Y2K program are defined below:
NERC - NERC staff and support contractors will coordinate the NERC Y2K efforts defined within this
plan. This activity includes collecting, consolidating, and distributing information on Y2K problems and
solutions, and it includes coordination of system studies and preparedness plans. The information collected
will be compiled into a report that will periodically be presented to the NERC Board of Trustees and DOE.
NERC Regional Reliability Councils - Regional staff will coordinate NERC Y2K activities within their
Regions. Responsibilities are similar to those listed above for NERC, but at the Regional level.
NERC Operating and Security Entities - Operating entities, such as Control Area Operators, Security
Coordinators, Independent System Operators, high voltage transmission system operators, and power
producers, are on the front line of Y2K preparations. The NERC Y2K program provides these operating
entities with an opportunity to share in Y2K solutions and prepare coordination plans with neighboring
systems and Regions. The responsibilities of these operating entities within the NERC Y2K program are to
share information on known Y2K problems and solutions and to report their progress according to the
schedule established by the NERC Y2K program. These entities are expected to participate in system
studies, coordinated system preparations, and precautionary system operating measures.
NERC Y2K Coordination Task Force - NERC is forming a Y2K Coordination Task Force to focus
on implementing this plan. The focus of the task force is on maintaining the reliable operation of bulk
electricity production and delivery systems during Y2K transitions. The task force will facilitate coordination
among the ten NERC Regional Reliability Councils. The task force will be organized around the four key
technical areas identified in the previous section: Power Production, Energy Management Systems,
Telecommunications, and Protection Systems.
Coordination with External Agencies
NERC Y2K efforts are closely aligned with those of many other government and private agencies. Key partners with the
NERC Y2K program are identified below.
Department of Energy - DOE is the principal federal agency with oversight responsibility for Y2K
issues in electricity supply systems. As such, NERC will report the results of the NERC Y2K program to
DOE and work in close coordination with broader DOE efforts.
Edison Electric Institute - EEI has established a program to address Y2K technical, regulatory, and
liability issues. NERC is committed to full cooperation with EEI in identification of Y2K technical problem
areas and solutions. The NERC Y2K program does not, however, address regulatory requirements or legal
liabilities. As such, NERC defers to EEI's leadership in resolving these issues. NERC is particularly
concerned that efforts to obtain full disclosure by electric utilities of potential Y2K problems and solutions
may be met with resistance due to the liabilities of exposing this information publicly. Public exchange of
information is a cornerstone of NERC's Y2K program and must not be viewed by participants as feeding
information to potential litigants. NERC expects full support of EEI in defining and promulgating industry
needs for protection in this area.
Electric Power Research Institute - EPRI has a well established Y2K program to identify Y2K
problems and solutions in embedded systems. EPRI's program spans a full spectrum of electricity
production, delivery, and end use. NERC is committed to full cooperation with EPRI in the exchange of
information related to electric power production and delivery. NERC encourages all elements of the electric
power industry to participate in EPRI's Y2K embedded systems program.
Nuclear Regulatory Commission and Nuclear Energy Institute - There is an obvious need to prepare
nuclear facilities for Y2K and the remote, but real possibility of interruptions of off-site power. NERC will
be coordinating efforts to maintain a reliable transmission network capable of providing continuous off-site
power for nuclear facilities. However, NERC expects that the NRC, NEI, DOE, and others will take the
leadership role in coordinating the Y2K activities of nuclear facilities.
Electric Power Supply Association - NERC expects to work closely with EPSA in coordinating the
resolution of Y2K problems in power production facilities.
American Public Power Association - NERC will coordinate directly with APPA's larger members who
operate control areas and high-voltage transmission systems. APPA is expected to be the primary way of
coordinating with electric distribution systems that are not members of a Regional Council to resolve Y2K
problems in state/municipal electric distribution systems.
National Rural Electric Cooperative Association - NERC will coordinate directly with NRECA's larger
members who operate control areas and high-voltage transmission systems. NRECA is expected to be the
primary way of coordinating with electric distribution systems that are not members of a Regional Council
to resolve Y2K problems in cooperative electric distribution systems.
Canadian Electricity Association - NERC will work closely with CEA to assure coordination of Y2K
efforts among electric power producers and delivery systems in Canada as well as electrical ties that
connect Canada and the United States.
Additional Coordination - NERC will cooperate fully with other federal and state government agencies
and trade associations working toward Y2K solutions.
Phase 1 (May-September
1998)
NERC will mobilize coordination
and information sharing efforts
and perform a preliminary review
of Y2K readiness of electricity power production and delivery systems. Detailed plans for Phases 2 and 3 will be
developed. Phase 1 will culminate with an initial report to the NERC Board of Trustees (BOT) and to DOE covering the
preliminary situation report and a detailed work plan for Phases 2 and 3.
Phase 2 (September 1998-July 1999)
NERC will facilitate efforts by the Regional Reliability Councils and responsible operating entities to resolve the known
Y2K technical problems. A process will be established for periodic progress reports using an established list of reporting
criteria. System simulations and engineering studies will be conducted during this phase to understand likely and
worst-case scenarios. This Phase will culminate in July 1999 with a report to the NERC BOT and to DOE on measures
being taken to prepare electric power production and delivery systems for operation during the Y2K transition.
Phase 3 (July 1999-January 2000)
During this period, NERC will review the preparation of contingency plans and operating procedures. NERC will assist
Regions in the conduct of drills and final arrangements to prepare for critical Y2K periods. Although the most critical
period is expected to be on the dates of December 31, 1999 and January 1, 2000, configuring systems in a precautionary
posture and then restoring normal conditions afterward are expected to require several weeks.
Phase 1 Tasks and Schedule
Task 1. Establish an Internet Web Site for sharing of information on known Y2K problem areas
and solutions related to electric power production and delivery systems.
Task 2. Prepare a list of bulk electric system Y2K key entities and contacts.
This list will identify key personnel in each Region and note areas of expertise, such as generation,
protection, communications, energy management systems, etc. As stated previously, the key entities
include Regional Reliability Councils, Control Area Operators, Security Coordinators, Independent System
Operators, selected Transmission Operators, and selected power producers. The lists of entities and
contacts will be posted on the Web Site. The key entities identified will be responsible for participating in
the reporting requirements below. [List posted by June 30, 1998 with continued updates through Phase 3.]
Task 3. Establish a NERC Y2K Coordination Task Force.
This task force will have at least one representative from each Region who is knowledgeable about Y2K
technical issues and the activities within his or her Region. The task force will establish four technical
subgroups to focus on identifying known Y2K technical problems and solutions in the areas of power
production (generation), energy management systems, telecommunications, and system protection. System
vendors and manufacturers will be asked to participate with the technical subgroups. The task force and
subgroups will coordinate through frequent telephonic meetings to ensure high levels of information
exchange and coordination of efforts. [Task force will be established and populated by July 1 and will
function until the end of Phase 3.]
Task 4. Consolidate known Y2K problems and solutions into a master checklist.
The NERC Y2K Coordination Task Force will develop and post publicly a master list of Y2K problem areas
and solutions related to electric power production and delivery. The master checklist will be categorized for
efficient reference. The list will identify down to the component or software module level any known or
suspected Y2K problems. Fixes, available resources, and contacts will be identified for each problem area
as the information becomes known. The solutions posted will draw from "best practices" of organizations
that have had the greatest success in resolving a Y2K bug. Known problems will be rated by a simple
numbering scheme denoting the criticality of the component to Interconnection reliability. This effort is
focused on consolidating known information into a common reference file for all impacted parties to use.
[The initial outline of the master checklist will be posted by June 30, 1998. The goal is to have a completed
list by September 15, 1998, but the list will continue to be updated as additional knowledge is gained.]
Task 5. Coordinate a preliminary review of Y2K activities by key entities.
NERC, along with the Regional Reliability Councils, will facilitate reporting of a preliminary status of Y2K
activities by key operating entities. This report will be consolidated into an industry report to DOE in
September 1998. [Reporting criteria will be established by July 31, 1998, entity reports completed by
August 31, 1998, and the consolidated report completed by September 15, 1998. The report will be
presented to the NERC BOT and then to DOE.]
Task 6. Prepare a detailed plan for Phase 2.
NERC will prepare a detailed plan for implementing Phase 2 activities. [Presented to NERC BOT in
September 1998 followed by DOE.]
nerc.com |
