NAESB - PKI
Matt Darcangelo
Manager, Stakeholder Services
New York Independent System Operator
Digital Certificate Transmission Webex
January 5, 2016
10 Krey Blvd, Rensselaer
DRAFT – FOR DISCUSSION PURPOSES ONLY
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.

 Required by FERC Order 676-H
 Update to Presentation on June 30, 2015
 Digital certificates unique to the individual AND organization
 North American Energy Standards Board, Public
Key Infrastructure (NAESB – PKI)
 Original deadline February 2015
 NYISO granted extension until May 15, 2017
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.
DRAFT – FOR DISCUSSION PURPOSES ONLY 2

 Digital Certificate, User Name and
Password required to access NYISO
Markets and Applications
 NYISO Stakeholder Services issues digital certificates to Market Participants
 NYISO is the Certificate Authority
 Certificates valid for 1 year periods
 New users validated by MP Main Contact or
MIS Administrator
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.
DRAFT – FOR DISCUSSION PURPOSES ONLY 3

 Digital Certificate issued by 3 rd Party NAESB
Authorized Certificate Authority (ACA)
 Certificates are unique to the user and the organization
 Individual certificates for each organization a user represents
 A certificate can be obtained by certified 3 rd Party provider of the MPs choosing
 Certificates validation period may differ based on provider
DRAFT – FOR DISCUSSION PURPOSES ONLY 4
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.

 MPs must be registered on NAESB
Electric Industry Registry (EIR)
 Certificates must be linked to the
User’s account though MIS
 User passwords will expire after 13 months
DRAFT – FOR DISCUSSION PURPOSES ONLY 5
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.

Certificates and NYISO Systems - Future
Registered NYISO MP
Organization
Organization listed on
Electric Industry
Registry (EIR) https://www.naesbwry.oati.com/NAESB
WRY/sys-index.wml
Certificate is linked to User
Account in Market
Information System
NYISO Market
Application User
DRAFT – FOR DISCUSSION PURPOSES ONLY 6
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.

Applications To Use NAESB Certs
Acronym
CBM
CMS
CSI
Name
Consolidated Bid Management / Marketplace2
Credit Management System
Customer Settlements Interface
DRIS
DSS
Demand Response Information System
Decision Support System
GADS Portal Generation Attribute Data System
GFER Generator Fuel and Emissions Reporting
ICAP AMS
IRS
ICAP Automated Market System
ICAP Reference System
Business Area
Energy Markets
Finance
Finance
Demand Response
Multiple/IT
Capacity Markets
Energy Markets
Capacity Markets
Capacity Markets
JESS
RLS
SDX
TCC
TOA
Joint Energy Scheduling System
References Level Software
Settlement Data Exchange
TCC Automated Market
Outage Scheduling Application
Wind Forecaster
Energy Markets
Energy Markets
Finance
TCC
Energy/ Capacity
Energy Markets
DRAFT – FOR DISCUSSION PURPOSES ONLY
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.
7

Feedback
 Portability to/from Other Markets
 Certificates currently used in MISO and SPP will likely meet NYISO’s Future Requirements
 Cost and Administrative Burden
 NYISO Developing plan for eConnect and other applications
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.
DRAFT – FOR DISCUSSION PURPOSES ONLY 8

4 th
Quarter
2014
2 nd
Quarter
2015
4 nd
Quarter
2015
1 st /2 nd
Quarter
2016
3 rd
Quarter
2016
2 nd
Quarter
2017
(May 15)
FERC Order
676-H
NYISO
Granted
Extension
Monthly
Technical
Calls with MPs
Start DEC 1
NYISO
Development
Complete
Individual
Applications
Deployed
All Apps
Transitioned to accept ACA and
NYISO Certs
Only NAESB
ACA Certs
Accepted
5 JAN
2016
DRAFT – FOR DISCUSSION PURPOSES ONLY 9
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.

Costs through Globalsign




GlobalSign will issue 2 year validity certificates only (this reduces user and GS help desk usage)
A flat rate of $150/cert would be charged no matter what band was purchased through EPKI NAESB platform
GlobalSign will put a dedicate page on www.globalsign.com
for NYISO entities with support documentation around both how to enroll and use the service as well as Security Officer obligations specified in the NAESB standard (we would expect NYISO to re-direct market participants needing
NAESB certificate to this page)
Certificates can only be purchased in packs of 5, 10, 25, 50,
100, & 250 (we have higher pack sizes if needed) knowing that even mom and pop entities with single user would need to order a 5 pack
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.
DRAFT – FOR DISCUSSION PURPOSES ONLY 10

Costs through GlobalSign
Promotion offering discount for those who converted their old certificates to GS NAESB certs to encourage adoption.
Consider coupon codes for single users
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.
DRAFT – FOR DISCUSSION PURPOSES ONLY 11

 Currently, GlobalSign, Systrends,
Shift Systems and OATI provide
NAESB ACA product offerings
 https://www.naesb.org/materials/certif ication.asp
 NAESB Electric Industry Registry
 https://www.naesbwry.oati.com/NAES
BWRY/sys-index.wml
DRAFT – FOR DISCUSSION PURPOSES ONLY 12
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.

 Monthly Technical Calls / WebEx to discuss transition and IT requirements
 Next Call Scheduled for 2:00 PM February 2, 2016
 Provide MIWG updates throughout 2016 and 2017
© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.
DRAFT – FOR DISCUSSION PURPOSES ONLY 13

© 2000 - 2015 New York Independent System Operator, Inc. All Rights Reserved.
DRAFT – FOR DISCUSSION PURPOSES ONLY 14