- Home
- Market Rules
- Issues
NPRR928
Summary
| Title | Cybersecurity Incident Notification |
|---|---|
| Next Group | |
| Next Step | |
| Status | Approved on 12/10/2019 |
| Effective Dates |
03/13/2020
Sections 2.1 (partial), 16.18 (partial), 23A, 23B, 23E, 23G, 23I, 23J, 23M, and 23O 04/03/2020
All remaining sections |
Action
| Date | Gov Body | Action Taken | Next steps |
|---|---|---|---|
| 12/10/2019 | BOARD | Approved | |
| 11/20/2019 | TAC | Recommended for Approval | Revision Request Consideration |
| 11/13/2019 | PRS | Recommended for Approval | Revision Request Consideration |
| 10/10/2019 | PRS | Recommended for Approval | Impact Analysis Consideration |
| 04/11/2019 | PRS | Deferred/Tabled | Language Consideration |
Voting Record
| Date | Gov Body | Motion | Result |
|---|---|---|---|
| 12/10/2019 | BOARD | to approve NPRR928 as recommended by TAC in the 11/20/19 TAC Report | Passed |
| 11/20/2019 | TAC | to recommend approval of NPRR928 as recommended by PRS in the 11/13/19 PRS Report | Passed |
| 11/13/2019 | PRS | to endorse and forward to TAC the 10/10/19 PRS Report and Impact Analysis for NPRR928 | Passed |
| 10/10/2019 | PRS | to recommend approval of NPRR928 as amended by the 9/27/19 MSCGI comments | Passed |
| 04/11/2019 | PRS | to table NPRR928 | Passed |
Background
| Status: | Approved |
|---|---|
| Date Posted: | Mar 20, 2019 |
| Sponsor: | ERCOT |
| Urgent: | No |
| Sections: | 1.3.1.1, 1.3.4, 1.3.5, 1.3.6, 2.1, 16.19, 23A, 23B, 23E, 23G, 23I, 23J, and 23N |
| Description: | This Nodal Protocol Revision Request (NPRR) establishes Market Participant notification responsibilities with respect to Cybersecurity Incidents. Market Participant notification of Cybersecurity Incidents will provide ERCOT with awareness of cybersecurity impacts and vulnerabilities to networks and systems that interface with ERCOT, which will help ERCOT mitigate and prevent injury to the ERCOT System and ERCOT market operations. Notification of Cybersecurity Incidents will also give ERCOT the ability to analyze acts and behaviors to identify and deflect future cybersecurity threats and existing vulnerabilities. Specifically, this NPRR: (1) defines Cybersecurity Incident and Cybersecurity Contact; (2) classifies Cybersecurity Incident information as Protected Information; (3) establishes a Market Participant notice requirement; (4) creates a form for notifying ERCOT of a Cybersecurity Incident; (5) provides that ERCOT can, for purpose of ensuring the safety or security of the ERCOT System or ERCOT market operations, notify state or federal law enforcement of a Cybersecurity Incident; and (6) allows ERCOT to notify Market Participants of general information concerning a Cybersecurity Incident in order to mitigate further impact. Under this NPRR, a Market Participant must notify ERCOT of a malicious or suspicious act that compromises or disrupts a computer network or system, which could jeopardize the reliability or integrity of the ERCOT System or ERCOT market operations. These notification requirements extend to malicious or suspicious acts that compromise or disrupt the computer network or system of a Market Participant’s agent that transacts with ERCOT. This NPRR includes a requirement that each Market Participant designate and maintain a Cybersecurity Contact with ERCOT by utilizing the Notice of Change of Information form in Protocol Section 23. This NPRR also provides Market Participants with a process for submitting information concerning a Cybersecurity Incident, including a standard form for reporting a Cybersecurity Incident – Notice of Cybersecurity Incident. Should a notifying Market Participant wish for ERCOT to communicate with an individual other than the Cybersecurity Contact for a particular Cybersecurity Incident, it may designate a temporary Cybersecurity Contact in the Notice of Cybersecurity Incident form. Cybersecurity Incident information identifiable to a specific Market Participant is considered Protected Information under this NPRR. Although such information shall be considered Protected Information under the Protocols, if ERCOT determines that there is a need to inform a state or federal law enforcement agency for the purpose of ensuring the safety and/or security of the ERCOT System or ERCOT market operations, this NPRR allows ERCOT to disclose information concerning the Cybersecurity Incident, as well as the identity of the notifying Market Participant, as long as ERCOT obtains adequate assurance from the receiving law enforcement agency that it will maintain the confidentiality of the Cybersecurity Incident. In the event that ERCOT determines that disclosure to a law enforcement agency is appropriate to ensure the safety and/or security of the ERCOT System or market operations, this NPRR requires ERCOT to provide the notifying Market Participant with notice of the disclosure, as well as the identity of the law enforcement agency to which the information was disclosed. Finally, this NPRR provides that in the event ERCOT determines a Cybersecurity Incident could impact networks or systems of ERCOT or other Market Participants, ERCOT may, in its discretion, issue a Market Notice with information regarding the Cybersecurity Incident; any such Market Notice will not identify the notifying Market Participant or Critical Energy Infrastructure Information (CEII). Notably, this provision extends to Cybersecurity Incidents that ERCOT identifies on an ERCOT network or system. ERCOT proposes to maintain discretion concerning the issuance of a Market Notice concerning a Cybersecurity Incident to avoid revealing sensitive information that could compromise ongoing cybersecurity measures or investigations. |
| Reason: | Other |
Key Documents
Mar 20, 2019 - doc - 1.1 MB
Mar 20, 2019 - doc - 54.5 KB
Apr 10, 2019 - doc - 1.1 MB
Apr 16, 2019 - doc - 1.1 MB
Jul 17, 2019 - doc - 1.1 MB
Aug 9, 2019 - doc - 1.1 MB
Aug 13, 2019 - doc - 1.1 MB
Aug 27, 2019 - doc - 1.1 MB
Sep 27, 2019 - doc - 958.5 KB
Oct 14, 2019 - doc - 1019 KB
Nov 13, 2019 - doc - 923.5 KB
Nov 20, 2019 - doc - 926 KB
Dec 12, 2019 - doc - 924 KB