NOTICE DATE: June 9, 2026

NOTICE TYPE: W-A060926-01 Operations

SHORT DESCRIPTION: Data Confidentiality, Integrity, and Availability on the ERCOT WAN

INTENDED AUDIENCE: ERCOT Wide Area Network (WAN) Participants and NERC-Registered Transmission Owners (TOs), Transmission Operators (TOPs), Generator Owners (GOs), and Generator Operators (GOPs) in the ERCOT Region 

DAYS AFFECTED: June 9, 2026

LONG DESCRIPTION: This is an update to notice W-A051822-01, which was originally distributed on May 18, 2022 , addressing encryption on the ERCOT WAN in support of NERC Reliability Standard CIP-012-1. A new version of the NERC Reliability Standard, CIP-012-2, will become effective on July 1, 2026.

CIP-012-2, Cyber Security - Communications between Control Centers, requires the development and implementation of protection against the risks posed by unauthorized disclosure, unauthorized modification, and loss of availability of Real-time Assessment and Real-time Monitoring data while being transmitted between Bulk Electric System Control Centers. 

The encryption ERCOT has in place for data sent across the ERCOT WAN is designed to support compliance with CIP-012-2. Encryption is enabled between ERCOT's Control Centers and each WAN router located at WAN Participant sites. 

CIP-012-2 compliance is also supported by the revisions made in Nodal Operating Guide Revision Request (NOGRR) 239, WAN Data Protection Responsibilities, which revised Nodal Operating Guide Section 7.1 to clarify that the "handoff" of data transmitted between ERCOT and each WAN Participant occurs at each ERCOT-managed router located at the WAN Participant's WAN demarcation point. NOGRR239 was approved by the Public Utility Commission of Texas on May 12, 2022, and became effective on June 1, 2022. 

Additionally, ERCOT has implemented measures to mitigate the risk posed by loss of availability of data and initiate the recovery of communication links for the paths between the ERCOT Control Centers and the handoff mentioned above at the ERCOT-managed router located at the WAN Participant's WAN demarcation point. 

ACTION REQUIRED: Each NERC-registered TO, TOP, GO, and GOP in the ERCOT Region subject to CIP-012-2 is responsible for providing appropriate security protections and loss-of-availability mitigations for data transmitted from the handoff point at each ERCOT-managed router to its own Control Center(s), as applicable. WAN Participants are also required to comply with Nodal Operating Guide Section 7.1.2(1)(j) by allowing physical access to the ERCOT-managed routers when required, as well as providing appropriate physical access protections for the ERCOT-managed routers. 

CONTACT: If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at ClientServices@ercot.com.

If you are receiving email from a public ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.

dg