METROPOLITAN EDISON COMPANY - Pennsylvania Public Utility ...

More documents

Recommendations

Info

Finding and Conclusion No. VIII-1 – The FE-PA Companies have developed andmaintain comprehensive emergency response, physical security, cyber securityand business continuity plans.FirstEnergy maintains an electronic version of the Emergency Response Plan(ERP) which it utilizes for system outages and responding to other emergency eventssuch as natural disasters, terrorist threats, vandalism, etc. The ERP is FirstEnergy wideand covers all three FE-PA Companies. State, local, and emergency contact numbersare maintained in the plans. Met-Ed, Penelec and Penn Power perform summer andwinter readiness drills annually. Network and tabletop exercises are also performed onan annual basis.FirstEnergy’s Corporate Security maintains a combined or Corporation widePhysical Security Plan (PSP) for Penelec, Met-Ed, and Ohio Edison/Penn Power. ThePSP includes cyber asset identification, maintenance and testing programs, NorthAmerican Electric Reliability Corporation critical infrastructure protection computersecurity training, and Federal Energy Regulatory Commission standards of conducttraining. The Penelec and Met-Ed PSP’s are similar to the FirstEnergy Corporate PSP.The Met-Ed PSP includes plans for the Regional Dispatch Office (RDO) and the SystemControl Center (SCC). All facilities inspected by the Audit Staff appeared to beadequately secured. Additionally, as indicated in Finding and Conclusion No. IX-3,FirstEnergy has implemented a computer based training program to educate itsemployees regarding IT security issues.FirstEnergy has a corporate wide Cyber Security Disaster Recovery Plan. Theplan includes procedures for every application in the system (approximately 183).FirstEnergy has a separate plan for different functions such as Geographic InformationSystem (GIS), customer outage reporting system, energy management system, etc. Allplans are reviewed and updated annually. FirstEnergy also has a Disaster RecoveryPlan for the Information Security Operations Center which is located approximately fivemiles from the Akron headquarters.The Company has a corporate wide Business Continuity Plan (BCP) but alsomaintains individual BCP’s for Met-Ed’s Reading SCC and RDO, and Penelec’s RDO.All the BCP’s cover business recovery and business resumption and includecontingency planning. Each of the BCP’s also includes a Pandemic Health EmergencyResponse Plan. All BCPs and related plans are reviewed and updated annually.In 2009, a consultant performed a Critical Infrastructure Protection (CIP)assessment of FirstEnergy’s cyber and physical security. A total of 119 substationswere reviewed in three states. Vulnerability Assessments (VA’s) were performed onfour substations in Penn Power’s service territory, 25 substations in Met-Ed’s serviceterritory and 22 substations in Penelec’s service territory. There were three substationsthat had security issues at the time of the assessment, but upon review by the AuditStaff it appeared that all security issues have been appropriately rectified.- 52 -
Routine periodic updating of the emergency response, physical security, cybersecurity and business continuity plans is a crucial aspect of emergency preparednessand is something FirstEnergy is doing well. By maintaining up-to-date plans, theCompany has help to ensure that they are prepared to respond to emergency situationsin a timely and organized manner. Additionally, testing the plans and performingreadiness drills with emergency personnel and the Commission is also a significantaspect of emergency preparedness and goes to show that the FE-PA Companies areprepared to respond to emergencies when they occur.Staff’s Follow-up Recommendation – None.- 53 -
Page 5:
METROPOLITAN EDISON COMPANYPENNSYLV
Page 8 and 9: • Support Services• Human Resou
Page 10 and 11: • Developed and implemented forma
Page 12 and 13: FIRSTENERGY PENNSYLVANIA COMPANIESM
Page 24 and 25: III. AFFILIATE INTERESTSBackground
Page 26 and 27: In addition, subsidiary or related
Page 28 and 29: BWG recommended that a detailed, wr
Page 30 and 31: management. Other potential uses of
Page 32 and 33: IV. CORPORATE GOVERNANCEBackground
Page 34 and 35: V. FINANCIAL MANAGEMENTBackground -
Page 36 and 37: the internal audit was to determine
Page 38 and 39: Committee citing the internal contr
Page 40 and 41: VI. ELECTRIC RELIABILITYBackground
Page 42: Exhibit VI-1Metropolitan Edison Com
Page 45 and 46: provide additional details to the C
Page 47 and 48: Exhibit VI-6FirstEnergy Pennsylvani
Page 49 and 50: All three FE-PA Companies have had
Page 51 and 52: FirstEnergy is following the right
Page 53 and 54: Company, and The Toledo Edison Comp
Page 55 and 56: technicians. These strategies are u
Page 57: VIII. EMERGENCY PREPAREDNESSBackgro
Page 61 and 62: Follow-up Finding and Conclusion No
Page 63 and 64: old excess inventory. Spare invento
Page 65 and 66: controls were automated. Moreover,
Page 67 and 68: Exhibit IX-6FE-PA CompaniesPercenta
Page 69 and 70: FE-PA Companies were unable to iden
Page 71 and 72: Staff’s Follow-up Recommendation
Page 73 and 74: Exhibit X-6Metropolitan Edison Comp
Page 75 and 76: Prior Recommendation - Develop a co
Page 77 and 78: Therefore, BWG suggested that First
Page 79 and 80: XI. CUSTOMER SERVICEBackground - Th
Page 81 and 82: Exhibit XI-2FE-PA CompaniesPercenta
Page 83 and 84: Exhibit XI-5FE-PA Companies Compare
Page 85 and 86: Exhibit XI-7FE-PA Companies Compare
Page 87 and 88: Follow-up Finding and Conclusion No
Page 89 and 90: uilding, in an effort to protect re
Page 91 and 92: Companies would submit a supplement
Page 93 and 94: 3. The "four-fifths" rule (underuti
Page 95 and 96: Met-Ed has female underutilization
Page 97 and 98: Exhibit XII-4Page 1 of 2FirstEnergy
Page 99 and 100: The number of years that FirstEnerg
Page 101 and 102: FE-PA Companies do track purchases
show all

METROPOLITAN EDISON COMPANY - Pennsylvania Public Utility ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?