Technical Feasibility Exceptions from Critical Infrastructure Protection Standards in Ontario
The Market Assessment & Compliance Division (MACD) of the IESO processes assessments of exceptions to NERC’s Critical Infrastructure Protection (CIP) reliability standards for equipment which cannot comply with the standards primarily for reasons of “technical infeasibility”. These exceptions are referred to as “Technical Feasibility Exceptions” or TFEs.
MACD has the overall authority to approve or disapprove TFE applications. An approved TFE does not exempt the TFE applicant from compliance with the requirements; it authorizes temporary dispensation from compliance with the requirements through the use of approved compensating and/or mitigating measures.
In developing the Ontario-specific TFE process, MACD has primarily adopted the industry-stakeholdered NERC TFE process including:
- the criteria under which a TFE application can be submitted;
- information requirements in support of the TFE application; and
- obligations of both MACD and TFE applicants.
Who is Eligible to Submit a TFE
Those Ontario market participants as well as prospective market participants that own critical assets have the ability to apply for exceptions to CIP standards for equipment that is unable to meet the mandatory requirements for reasons specified in the NERC TFE Process.
Three key steps are involved in the TFE process: (i) Part A (initial screening); (ii) Part B (substantive review); and (iii) Maintenance. Follow the links in the TFE process diagram below for information on each specific step. A detailed description of each step is also outlined in the TFE Market Manual.
- Submitting a TFE Application
A separate TFE application (Part A Form) must be submitted by a TFE applicant through the IESO secure portal for each applicable cyber asset. Access to the portal can be obtained by contacting email@example.com. Note that TFE applications for certain cyber assets may be grouped together to allow for the assessment of multiple, similar cyber assets.
- TFE Part A Screening Assessment
A TFE Part A screening assessment is conducted by MACD with the applicant for each TFE application to ensure that the applicant has correctly interpreted the NERC CIP standard requirement and has adequately addressed the requirements of the Part A application process. To enable acceptance, the Part A screening assessment typically involves one or more conference calls and/or face-to-face meetings to provide the TFE applicant with recommendations regarding the resubmission of their Part A information.
- Part A Payment
The TFE applicant is required to submit to the IESO, along with the initial Part A screening application, a non-refundable application fee in the amount of $1350 per TFE (plus HST). This fee is subject to change based on future assessments and/or changes to initial screening costs.
- Acceptance or Rejection of Part A
A notification letter is sent to the TFE applicant informing them of their TFE acceptance or rejection. If the TFE is accepted, the applicant is then required to provide MACD with a proposed schedule of the Part B submissions and sign a cost recovery agreement. If the TFE is rejected, the applicant is notified in writing, along with an explanation and rationale for the rejection. Next steps are then discussed with the TFE applicant, as required.
- TFE Cost Recovery Agreement
Prior to commencing the Part B substantive review, the TFE applicant is required to submit an executed TFE Cost Recovery Agreement in which the applicant agrees to pay the IESO an amount equal to all reasonable costs incurred by the IESO in assessing the TFE application. The agreement becomes effective upon the date of signature by both the IESO and the TFE applicant.
- Part B Deposit
The cost of the Part B substantive review is based on an estimate of work provided in the contract to complete the TFE assessment. For typical applications, this amount is fixed across all TFE applications and based on an assessment of the average cost of conducting a TFE substantive review. This estimate may vary depending on the complexity of the assessment. Once a Part B invoice is issued, the applicant has 30 days to pay the invoice, from the invoice date. Should a delay in the Part B payment process occur, the TFE applicant is notified that assessment work on the Part B substantive review will not proceed unless the invoice is paid in full. If payment is not made, MACD will issue a notice disapproving all the applicant’s TFEs and notify the applicant that a referral to enforcement has occurred.
- Submission of Part B Information
Each TFE applicant is required to submit Part B information, as established in Appendix 4D of the NERC Rules of Procedure (section 4.3.2), through the IESO's secure protal. Although there is no specific form or format for Part B, it must contain all the necessary information requirements as specified in the NERC TFE Process. A template for Part B submissions is offered as a guide for TFE applicants. Once the Part B required information is received, MACD will review each application for completeness, assess whether the approval criteria are sufficiently substantiated and determine if one or more site visits are required to physically inspect the cyber assets.
- On-site Visits
To maximize the success of the application,on-site facility visits are conducted to allow for a collaborative exchange of information between MACD and the TFE applicant. On-site visits allow for viewings, demonstrations and physical inspections of equipment which assists in developing an understanding of the nature and context of the application. On-site visits also include the viewing of confidential information which is not permitted to leave the applicant’s site but is required for the TFE assessment.
- Preliminary TFE Assessment Report
A preliminary TFE assessment report contains the preliminary determinations by MACD’s management and includes preliminary determinations regarding the approval/disapproval of each TFE application. The report identifies those aspects of the TFE application that require certain actions for approval.
- Applicant’s Review of Preliminary Assessment Findings
Prior to a final determinations being made by MACD, the applicant is required to respond to the preliminary assessment report by verifying the validity, accuracy and completeness of the report’s technical information, as well as the applicant’s agreement to the terms, conditions and required actions for each TFE application.
- Final TFE Assessment Report
Following consideration of the written submissions, MACD will issue to the applicant the final TFE assessment report containing MACD’s final determinations and the applicant’s agreed-to terms, conditions and required actions for TFE approval. Any failure to fulfill the agreed-to terms, conditions and required actions will trigger a reconsideration of the approved TFE and may result in either an amendment or termination to the approved TFE, and/or the initiation of a compliance investigation and enforcement action, as the case may be.
Applicants receive approval for each TFE application on the condition that they agree to implement the conditions and complete the required action(s) specified in the assessment report. If they do not complete the required actions according to the timetable, the approved TFE may be terminated.
- Periodic Review for Approved TFEs
All approved TFE applications which remain in effect are subject to periodic review to verify their continued justification. MACD will define a reporting schedule for an approved TFE. The frequency and content of these reports is established by MACD and specified in the conditions of the approved TFE. MACD may determine that additional facility site visits are warranted as part of the periodic review to substantiate information submitted to support the TFE. Testing may also be performed during site visits to ensure that the measures implemented by the TFE applicant are consistent with the terms and conditions of the approved TFE.
- Verification of Compliance
The term of the TFE approval may contain a fixed date for achieving compliance. These dates may be dependent, for example, on when the vendor can provide the applicant with a compliant version of the devices in question. For those TFEs listed as “open-ended”, the applicant is required to conduct a review, according to the frequency noted in the report, to determine whether changes to vendor products and equipment covered by the approved TFE are now compliant with the CIP requirement. When a compliant version of the device or devices in question is available, then a fixed date for the term of TFE approval can be discussed and agreed to with the TFE applicant.”
Once the applicant can confirm that compliance has been achieved for equipment covered by an approved TFE, the applicant is required to notify MACD. Compliance can be verified by either submission of supporting documentation or by an on-site visit in which a visual inspection and/or testing of the equipment is performed.
- Termination of Approved TFE
An approved TFE will terminate on its expiration date, unless it is terminated by MACD on its own initiative or as result of the equipment becoming compliant.
Obligation to Provide Information
The TFE applicant shall provide the IESO with such information and documentation which the IESO considers reasonable and necessary in order to complete an assessment of the application. The IESO shall specify a time within which the applicant shall supply the requested information and documentation. Failure to provide requested information and documentation within the time specified by the IESO may result in the IESO issuing a notice terminating the assessment of the application.