Techno-Regulation

Deck: 

The smart grid and the slippery business of setting industry standards.

Fortnightly Magazine - June 2011

By the time the curtain fell on the technical conference on smart grid interoperability standards January 31 at the Federal Energy Regulatory Commission (FERC), it was clear that the first five of those standards—a group of standards “families” proposed by the National Institute of Standards and Technology (NIST) and submitted to FERC for review the previous October—were dead in the water.

Beyond that, all was a muddle.

And confusion remained, after utilities, regulators, trade groups, and smart grid contractors and vendors had weighed in on the dozen or more questions that FERC had posed to follow up on problems discovered at the January session. For example, what did Congress intend in section 1305 of the Energy Independence and Security Act of 2007 (EISA), in which it tabbed NIST to develop a framework of protocols and model standards for smart grid devices and systems, and instructed FERC (upon finding a “sufficient consensus”) to adopt those standards, but only “as may be necessary” to assure functionality and interoperability of the smart grid?

At the conference, and again in follow-up comments, utilities and vendors alike urged the commission to go back to square one and define exactly what it would mean for FERC to “adopt” a smart grid standard in a formal rulemaking case.

As was stated by no less an authority than John McDonald, chair of NIST’s Smart Grid Interoperability Panel (SGIP)—the group that now heads the process to develop more standards—and more than 20 of his fellow board members and SGIP leaders, the relationship between NIST and FERC “is confusing.

“Compounding this situation,” wrote McDonald and his colleagues, “is a lack of a clear, actionable statement of interoperability. The current lack of clarity on purpose and process was brought to a head with the testimony presented at the … conference.” (See, Comments of Members of SGIP Governing Board and Plenary Leadership, FERC Docket RM11-2, filed April 8, 2011.)

There is some cause for optimism, however, in that virtually all agree that industry standard-setting isn’t amenable to point-in-time decisions and rulings. Rather, the process must be fluid and evolving, marked by collaboration and consensus-building, with no real end point. Regulators can’t set technical specifications in stone, but can only offer guidance, by approving a general framework and process calculated to lead eventually to workable standards. Think of the Internet, which has evolved without mandatory, government-approved technical standards. With the smart grid, utilities and vendors will have their choice of standards. They won’t “comply” with standards; they will elect to “use” them.

Smart grid technologies are developing at a furious pace: for equipment, devices, communications, data, and interfaces between the retail customer premises and power delivery systems—be they distribution, transmission, or wholesale market structures. As the SGIP leaders point out, national or regional smart grid standards efforts like the SGIP are underway in Australia, Brazil, Canada, China, European Union, India, Japan, Korea, and Russia.

“Regulators can help these processes,” they add, “by clearly defining the ‘how’ in terms of interoperability goals … and [not] specifying or adopting technical standards as mandatory.” (Reply comments, p. 5, filed, April 25, 2011.)

Alvin Pak, senior regulatory counsel at San Diego Gas & Electric, questioned in comments filed April 8 whether any set of standards can even hope to remain relevant:

“Every process with which SDG&E has been involved,” he wrote, “was governed by the abiding concession that commercial interests and the creativity that fathers technological innovation would outrun any written standards, no matter the level of expertise and effort the parties invested… [T]he commission can most effectively encourage the continuous and timely development of interoperability standards by resisting any temptation to adopt strict, mandatory regulations.”

NIST’s George Arnold, national coordinator for smart grid interoperability, said as much when he testified at the January conference: “If FERC says that the intent is to make the standards mandatory, we will have no standards.”

Maybe so, but then why did Congress instruct FERC to open a rulemaking to adopt standards?

It didn’t help to clarify the process that, during of the time that NIST project participants were reviewing the first five standards—checking them for relevance, syntax, semantics, organizational and business goals, interoperability, cyber security, and forth—it turns out that the actual text of the standards themselves was nearly inaccessible to a significant portion of stakeholders.

So said Andrew Wright, chief technology officer for N-Dimensions Solutions, Inc., who testified at the January conference:

“The standards … have significant limitations to access… These limitations … discourage open review that might otherwise uncover cyber security vulnerabilities.”

Access was controlled by the Swiss-based International Electrotechnical Commission (IEC), which NIST commissioned to develop the first five sets of standards, before the much-improved SGIP process was begun at NIST. That made for problems, as Wright testified at the January conference:

“A complete electronic set of these standards,” he explained, “cost 10,738 Swiss francs, or a little over $11,000. Furthermore that gets you access to a copy that is restricted to use by one person.”

Southern Company’s Transmission Policy and Services General Manager John Lucas later noted in January, “We went and downloaded them in the past week, and rallied our subject matter experts to say, okay, we need you to look at these… Our cost was $25,000.”

This difficulty of access cast serious doubt on whether the standards had been vetted adequately, especially among stakeholders in the regulated community, who have expertise in electric system reliability, cyber security, and utility needs for backward compatibility with legacy software and equipment. It played a large role in leading nearly every conference participant to conclude, often under direct questioning from FERC chairman Jon Wellinghoff, that a “sufficient consensus” on the first five standards had definitely not been reached.

And on top of that, NIST was soon to offer more than six dozen additional standards for FERC consideration. (And on April 19, NIST announced a new meter upgradability standard, along with new guidelines for wireless communications. See “Vendor Neutral.”)

The commissioners at the conference were left flummoxed.

Said FERC Commissioner Philip Moeller: “I think of Southern California Edison putting in 8,000 to 10,000 smart meters per day… Given that the standards development process is going to take a while—it may be infinite in one sense—what do we do in the meantime?”

Commissioner Cheryl LaFleur was of the same mind:

“One of the things I found most troubling … is just the sheer comprehensiveness and volume of the work. I mean … 3,500 pages and $25,000 just to look at them, and there’s 75 more coming.”

Potentially Dangerous

Darren Highfill, founder of Utilisec, and a self-professed active participant in the NIST SGIP Cyber Security Working Group, provided a picture at the January conference of what lawyers, regulators, and policymakers are up against in coming to grips highly technical engineering standards:

“As an example, some of the cyber suites specified in IEC 62351 (cyber security for communications protocols) already need to be updated to reflect recent changes in the cyber security landscape…

“In summary, the five IEC standards recommended by NIST to FERC are helpful and powerful … but potentially dangerous tools in the context of regulation if not implemented properly.”

IBM’s Ron Ambrosio suggested at the January conference that regulators seeking to insure interoperability should focus simply on interfaces.

Dan Delurey of the Demand Response and Smart Grid Coalition (DRSG) continued with that idea in comments he filed in April, pointing out that the three key smart grid interfaces—1) OpenHAN (open home area network), between the meter and customer premises appliances and in-home displays; 2) OpenADR (open automated demand response), at the back-office level between different market participants (such as between load-serving utilities and RTO or ISO grid operators); and 3) OpenADE (open automated data exchange), between the utility back office and third-party data centers—could be seen as corresponding roughly to the three primary benefits of the smart grid: 1) enabling automated control of thermostats, appliances, lighting, and related equipment; 2) providing detailed energy usage, cost, and price data to end users; and 3) enabling dynamic pricing options, such as time-of-use, critical-peak pricing, and peak-time rebates.

In general, the industry comments identified several possible definitions of smart grid interoperability, and appeared to favor the GridWise Architecture Council (GWAC)—Introduction to Interoperability and Decision-Maker’s Interoperability Checklist, version 1.5 (“the seamless, end-to-end connectivity of hardware and software … enhancing coordination of energy flows with real-time flows of information and analysis”).

In contrast to the first five NIST IEC standards, the new, revised SGIP process aims to develop a so-called “catalog” of standards, by which a given standard would progress through a series of graduated stages from birth to maturity, allowing regulators to know what they are dealing with in adopting a standard. The concept was explained at the January conference by Frances Cleveland, president of Xanthus Consulting and chairperson of the standards review subgroup of the SGIP’s Cyber Security Working Group.

As Cleveland described it, a purely informational standard might earn adoption category 0. Category 1 would indicate potential adoption. Category 2 would denote a completed specification. Category 3 would indicate completion of conformance testing and implementation by a vendor. Category 4 would represent interoperability testing (implementation by multiple vendors working together). Lastly, Category 5 would denote cyber security certification.

Jennifer Sanford, senior manager for smart grid policy at Cisco, pointed out that implementing interoperability standards might require licenses to file dozens, or even hundreds of patents per standard, meaning that stakeholders and participants in the standard-setting process should include information about possible licensing of intellectual property rights in their recommendations and evaluations.

As Sanford noted, standards development organizations generally have policies that specify that if patents are essential to the implementation of a standard, that the owners will agree to license the patents on reasonable and nondiscriminatory (RAND) terms, but that “unfortunately,” as she explained, “there’s no consensus on what licensing terms are reasonable.”

One last problem (on which FERC asked specifically for ideas in the follow-up comments) concerned so-called “normative references,” or lesser-included standards that are nested within larger standards, to save time or space. Such nested standards could be out of date or could lack the same degree of cyber security as the primary standard, thus undermining the entire construct.

Dr. Stanley Klein of Open Secure Energy Control Systems warned in his comments that any standards adopted without implementation and lab testing are merely “words on paper.” Experts, he noted, “are just like everyone else. They can word provisions vaguely as a compromise to cover up disagreements. However, you can’t be vague with a computer. The program will run precisely as written and translated into the internal bits and bytes of the machine, regardless of what the programmer intended.”

Stacking the Deck

At the January conference, longtime FERC staffer Kevin Kelly, a self-professed “movie buff,” admitted that when he wanted to replace his DVD player, he agonized over which technology to choose—HD or Blu-Ray—knowing that if he bought the wrong one he’d be stuck with an outdated player no one would want. And so, in musing about how the commission should go about adopting standards, he asked the witnesses whether FERC should go with a long-established and proven technology (but also likely out of date), or whether it should pick an up-and-coming technology known to be flawed, but on the assumption that “we will rally all the relevant industries around correcting those flaws.”

So far, the overwhelming industry majority seems to favor the collaboration-with-flaws approach. However, owing to what Ingersoll Rand termed the “unfortunate level of ambiguity in FERC’s EISA-created statutory obligations,” the vendor community appears to harbor an undercurrent of fear that the review process could lead to a rulemaking mandate that stifles innovation.

Or, as Cimetrics President Lee put it, “squelch” the voice of consumers and “marginalize the NIST process”—a process Lee said has so far “kept entrenched interests stacking the deck.”

Even National Coordinator George Arnold conceded such fears in his April 7 comment letter to FERC Chairman Wellinghoff.

In reality, evidence emerged at the January conference that stakeholder representation in the NIST process was perhaps skewed against the regulated community, with Highfill noting that in the NIST process, “someone who decides to open a one-person business has the same vote as a utility that is responsible for … serving millions of customers.”

The Edison Electric Institute, in comments filed April 8, argued that stakeholder voting wasn’t balanced, and suggested that the SGIP process should adopt sector-weighted voting, as is commonly used in RTOs and ISOs. Comments from FP&L and PJM advocated sector-weighted voting as well. However, the EEI comments also recommended two key important ideas.

First, EEI recommended the SGIP form two new working groups within its process—a Reliability Working Group (RWG) and an Implementation Review Group (IRG)—to heighten awareness of problems related to electric system reliability and smart grid implementation, including impacts on retail customers and especially the problem of still-serviceable but outdated legacy software at regulated utilities that might be left stranded by new smart grid standards (See Figure 1).

Second, EEI advocated a novel interpretation of FERC’s statutory obligation under EISA to institute a rulemaking and “adopt” standards developed by NIST “as necessary.”

Under EEI’s interpretation, FERC’s adoption of standards should come in the form of guidance—not an enforceable mandate. EEI argues that FERC may adopt only those standards that pertain directly to its traditional jurisdiction over interstate transmission, the bulk electric system, and wholesale power market structures. And even then, EEI urges that FERC should adopt only those standards that aren’t already catching on in the industry.

As EEI explains, FERC should “take regulatory action to encourage or promote the adoption of a standard needed for interoperability that, for whatever reason, is not otherwise being implemented by the industry.”

But EEI never really explains how an adoption by FERC rule without any enforceable mandate will spur implementation that was lacking previously under a voluntary standard that was never adopted.

Some agree with EEI that FERC’s powers of smart grid oversight must emerge, if at all, out if the commission’s traditional turf under the Federal Power Act. Others disagree, such as Jordan Doria, manager of stakeholder engagement for the Ingersoll Rand Center for Energy Efficiency and Sustainability:

One of the smart grid’s main goals, writes Doria, “is more efficient use of energy, both upstream and down.

“Facilitating interoperability only in interstate transmission and wholesale markets ignores the downstream entirely, but also, more importantly, ignores the notion of increased connectivity between the two.”

Cleveland from Xanthus agrees that FERC’s smart grid interest is far more extensive than interstate transmission and wholesale markets, as does FERC itself, which claimed authority in its July 2009 policy statement to adopt smart grid standards that affect all facilities, including meters and communications protocols at the distribution level.

But the last word belongs to PJM, which took a distinctly minority position in reply comments filed April 22 by vice president Craig Glazer and Counsel Robert Eckenrod:

“Congress” they wrote, “clearly intended the final standards to be adopted by FERC to have a legally binding effect.”

Otherwise, they explained, RTOs and other grid operators would be “powerless” and required to interact with “nonconforming entities” who can’t respond to grid operator reliability and market directives.

“Quite frankly,” argues PJM, “a finding that smart grid standards are always voluntary is shortsighted.”