Positive Observations by Texas RE

By Rey Perez, O&P Compliance Engineer

As we begin the new year in 2025, Texas RE would like to highlight some positive observations from registered entities regarding Reliability Standards and Requirements. 2024 continued the trend of entities going above and beyond the written Standards, showing a commitment to reliability that strengthens and secures the Bulk Power System (BPS).

EOP-011-2 R7 and R8 are especially important during winter months that bring the possibility of extreme weather. In addition to required annual inspections and maintenance of freeze protection measures, some entities have developed internal controls including comprehensive winter preparedness plans that review previous events, forecasted conditions, and/or respond quickly to current conditions. These preparedness plans include well-documented maintenance logs and purchase orders, address supply issues, and outline plans of action. Texas RE also observed entities that provided detailed overviews for corporate and unit-specific responsibilities with freeze-level threshold protocols. Their checklists are performed monthly as an internal control and during severe winter weather events walkthroughs are conducted as frequently as every hour. Several entities also provide training for personnel to analyze winter preparedness plans, discuss lessons learned, address mitigation measures, and evaluate other actionable items.

Cybersecurity Standards such as CIP-003-8 R2 and CIP-014-3 R1 cover key BPS technology. For CIP-003-8 R2, Texas RE observed entities utilizing multiple physical security controls to protect Cyber Assets, such as regularly checking that the physical storage space for Cyber Assets is secure as a part of daily activities. Another observation included the implementation of additional internal controls to mitigate the risk of malicious code to low impact Bulk Electric System (BES) Cyber Systems (BCS) by using dedicated Transient Cyber Assets (TCA) for testing and maintenance only. The dedicated TCAs are scanned for viruses, updated prior to and after each use, and are kept physically secured between uses. In addition, entities have been using recuring task reminders to ensure that TCAs are scanned on at least a monthly basis. Entities performed a subsequent risk assessment for compliance with CIP-014-3 R1 for applicable stations before the 60-calendar month period (determined by the initial risk assessment) elapsed. This control is considered a best practice and ensures there is no gap in risk assessments due to changes in the interconnection.

By not only meeting but exceeding the Standards and Requirements, registered entities help to ensure electric reliability. The proactive steps being taken, such as comprehensive winter preparedness plans, thorough internal controls, and cybersecurity awareness initiatives, are clear indicators of how organizations are strengthening their resilience and safeguarding the BPS.

Helpful Links

Texas RE Info Sheet
Acronym Guide
Mailing Lists
Texas RE Welcome Packet
Ethics Hotline
OATI webPortal
Ask a Question

Follow Us

Contact Us

Email Us
  8000 Metropolis Drive, Building A, Suite 300 Austin, Texas 78744
512-583-4900

©2023 Texas Reliability Entity. All rights reserved.
Privacy Policy | Terms of Use