Citizen Portal
Sign In

Kansas Corporation Commission review: NERC supply‑chain rules, virtualization and Southwest Power Pool resource adequacy

6403048 · October 23, 2025

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Justin Grady, director of the Kansas Corporation Commission Utilities Division, briefed the Joint Committee on Kansas Security about NERC critical‑infrastructure updates (supply‑chain risk, virtualization and low‑impact cyber systems), the KCC’s cybersecurity tracking, and Southwest Power Pool’s expedited resource adequacy steps to address looming

Justin Grady, director of the Kansas Corporation Commission’s Utilities Division, briefed the Joint Committee on Kansas Security on Oct. 24 about electric‑sector cyber and physical security standards and Southwest Power Pool (SPP) resource adequacy actions affecting Kansas reliability.

Grady began with federal and industry standards: the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards are under active revision and the Federal Energy Regulatory Commission (FERC) issued recent rulemaking directing NERC to add supply‑chain risk requirements (for example, controls to deter unauthorized or hidden remote access in industrial control systems and stronger vendor‑risk management). Grady also outlined NERC’s nascent rulemaking on virtualization of operational environments and proposed requirements for low‑impact cyber systems that would expand monitoring and user‑access knowledge even at lower‑impact devices.

Nut graf — why this matters: these CIP changes affect the compliance burden for utilities and can require additional audits, vendor due diligence and budgeting; the KCC is monitoring revisions and industry readiness.

KCC oversight and cyber trackers: Grady explained the KCC’s approach to oversight, including confidential executive‑session updates with regulated utilities, tracking of cyber/physical security costs, and encouraging utilities to participate in information‑sharing organizations (MS‑ISAC, EI‑ISAC) and DOE/NAIRUC baselines. The commission maintains a cost tracker so regulated utilities can recover compliance and cybersecurity operations and avoid disincentives for necessary investments.

Southwest Power Pool and resource adequacy: Grady reported that SPP has increased its planning reserve margin (PRM) requirements in response to reliability concerns since winter‑storm events and ongoing retirements. He said SPP’s summer PRM was set at 15% and will rise to 16% next summer; SPP is adopting a winter planning margin that will be 36% in the near term and rise further before leveling off, he said. Grady described SPP’s expedited resource adequacy process that allowed load‑serving entities to “jump the line” for generation interconnection to meet 2029 reliability needs, a controversial but, in Grady’s account, necessary step to avoid reliability shortfalls.

Ending: Grady asked the committee to consider the evolving standards and the budgetary implications for utilities and urged continued regulatory coordination on communications, cyber hygiene and resource adequacy in SPP.