National Energy Administration's Resolution on Improving the Cyber-related Security Capabilities of New Energy and New Grid-connected Entities

Notice to serve the high-quality development of new power systems

Energy Bureaus of all provinces (autonomous regions, municipalities directly under the central government), Development and Reform Commissions of relevant provinces (autonomous regions, municipalities directly under the central government) and the Xinjiang Production and Construction Corps, Beijing Municipal Commission of Urban Management, all dispatched agencies, and all enterprise members of the National Electric Power Safety Committee:

Under the guidance of the goals of carbon peak and carbon neutrality, the proportion of new energy installations has rapidly increased, and new types of grid-connected entities such as new energy storage, virtual power plants, and distributed smart grids have widely emerged, making significant progress in the construction of new power systems. However, due to the scattered nature of relevant regulations and standards for grid security management related to new energy and new grid-connected entities, some new grid-connected entities have not yet been included in unified dispatch, leading to partial vacuum in grid security management and affecting the safe and stable operation of the power system. To deeply implement the new energy security strategy of "four revolutions and one cooperation," and to carry out the "Guidance Opinions of the National Development and Reform Commission and the National Energy Administration on Strengthening the Stability Work of the Power System under New Situations" and the "Guidance Opinions of the National Development and Reform Commission and the National Energy Administration on Strengthening the Construction of Grid Peak Shaving Storage and Intelligent Dispatching Capabilities," in order to further enhance the grid security capabilities of new energy and new grid-connected entities, and to strengthen the rigid enforcement of existing security management regulations and standards, the following matters are hereby notified.

I. Accurately grasp the overall requirements of internet-related security management work.

(1) Attach great importance to internet-related safety management. Strengthening internet-related safety management for new energy sources and new grid-connected entities is the foundation and prerequisite for ensuring their safe and stable operation, which in turn serves the high-quality development of the new power system. Once a grid-connected entity experiences a grid safety incident, it not only harms immediate interests but also brings adverse effects to the long-term development of the industry. All units should align with the goals of energy transition and power supply security under the new situation, with a high sense of responsibility and mission, innovate safety management models, effectively control safety risks, and resolutely prevent grid safety incidents from occurring.

(2) Scientifically Define the Scope of Network Security Management Involving Grid-Connected Entities. The dispatched agencies of the National Energy Administration should collaborate with local power management departments to comprehensively consider system security needs, technical and economic feasibility, and the capacity of grid-connected entities. Based on the type, capacity, voltage level of connection, and system operational characteristics of new energy and new grid-connected entities, they should scientifically define the scope of network security management for these entities within their jurisdiction, ensuring that all necessary aspects are effectively managed. For existing new energy and new grid-connected entities that are already within the scope of network security management but do not yet meet the management requirements, the dispatched agencies of the National Energy Administration should work with local power management departments to scientifically develop transformation plans and implement them steadily.

(III) Strengthen the responsibilities of all parties involved in internet security management. Power dispatching institutions should enhance unified dispatch management of new energy and new types of grid-connected entities within the scope of internet security management, and conduct technical supervision of grid-connected secondary systems and monitoring systems in accordance with relevant laws, regulations, and standards. Grid enterprises should strengthen grid security risk control to ensure the safe grid connection of grid-connected entities. Owners (units) of new energy and new types of grid-connected entities within the scope of internet security management must strictly fulfill their main responsibilities, accept unified dispatch by power dispatching institutions, comply with internet security management regulations, and meet the requirements for safe and stable system operation.

II. Strengthen Internet-related security performance

(IV) Optimize Management Services Related to the Grid. Power dispatching agencies should strengthen professional training for grid-connected entities, helping them enhance the technical expertise and work capabilities of their personnel. They should proactively participate in the design and construction processes of grid-connected entities, facilitate communication channels, and provide timely guidance to resolve grid-related technical issues encountered by these entities. Before grid connection, power dispatching agencies must rigorously review the grid-related performance type test reports provided by grid-connected entities within the scope of grid security management. These reports should be issued by third-party institutions with qualifications (accredited by the China National Accreditation Service for Conformity Assessment or China Metrology Certification) or equivalent capabilities. Only after approval can the entities be connected to the grid. After grid connection, power dispatching agencies should intensify assessments of grid-related performance during operation, promptly propose improvement requirements, and ensure stable grid-related performance.

(V) Promote Friendly Grid Connection of Grid-Connected Entities. Owners (units) of new energy and new types of grid-connected entities should organize the implementation of project construction in accordance with the requirements of the "Electric Power System Safety and Stability Guide" (-), the "Technical Guide for Grid-Source Coordination in Electric Power Systems" (/ -), as well as national and industry standards related to wind power, photovoltaics, and energy storage. This ensures that the configuration of secondary systems such as relay protection, security and stability control devices, and communication equipment meets the requirements, preventing "illness upon grid connection." Specifically, centralized new energy sources (such as large bases) that are remotely aggregated should possess capabilities such as rapid voltage regulation and suppression of wide-frequency oscillations, and should, when necessary, be equipped with devices such as synchronous condensers to prevent large-scale disconnection from the grid.

(VI) Promote Technological Innovation and Revision of Network-Related Technical Standards. Actively carry out research, verification, and promotion of network-related technologies for new energy sources and new grid-connected entities, enhancing their safe substitution capabilities. Advance the revision of grid-connection standards for new technologies and equipment, gradually constructing network-related safety performance that aligns with the development of new power systems.

III. Strengthen the Management of Parameters Related to the Internet

(VII) Standardize the management process for internet-related parameters. Power dispatching agencies should strengthen the unified management of internet-related parameters of grid-connected entities that fall within the scope of internet-related safety management. The control logic and parameters of internet-related safety equipment, as well as internet-related protection settings, of grid-connected entities must not be adjusted without authorization. The upgrade or modification plans for key technical parameters should be fully demonstrated and submitted to power dispatching agencies for review and approval before implementation. After changes in control logic or parameters, internet-related performance re-verification tests should be conducted within the specified time to ensure compliance with internet-related performance requirements.

(VIII) Strengthen modeling and parameter measurement management. Power dispatching agencies should base their work on the actual measurement modeling of grid-connected entities, and conduct electromagnetic transient simulation or electromechanical-electromagnetic hybrid simulation verification for high-proportion power electronic equipment connected to the grid. Grid-connected entities should, in accordance with the requirements of power system stability calculation and analysis, carry out electromagnetic transient and electromechanical transient modeling and parameter measurement. Before grid connection, grid-connected entities should provide the corresponding electromagnetic transient and electromechanical transient models of the grid-connected power generation equipment to the power dispatching agencies. For new energy and new grid-connected entities not included in the scope of grid safety management, the equipment manufacturers may provide the models on their behalf.

(IX) Implement the requirement for retesting of grid-related parameters. Power dispatching agencies shall improve the full-cycle, refined management mechanism for grid-related parameters of grid-connected entities to ensure the scientific and accurate conclusions of power system stability analysis. Grid-related parameters such as primary frequency regulation of grid-connected entities should undergo regular retesting, with the retest cycle not exceeding one year. The testing should be conducted by a third-party organization with the appropriate qualifications or equivalent capabilities. The test plan, test results, and test report should be reviewed and confirmed by the power dispatching agency.

IV. Optimize Grid Connection Services

(Ten) Strengthen the assessment of grid access security risks. Grid enterprises should conduct in-depth research and analysis on the security risks associated with the integration of distributed new energy sources, cooperate in the assessment of grid capacity for distributed new energy integration, guide the scientific layout, safe integration, and efficient consumption of distributed new energy sources. Local power management departments, when conducting assessments of grid capacity for distributed new energy integration, should fully consider the impact of distributed new energy integration on grid security operations.

(Eleven) Implementation of Grid-Connected Dispatching Protocol Management. Power dispatching institutions should adhere to unified dispatching and hierarchical management, and organize new energy and new grid-connected entities within the scope of grid-connected safety management to sign grid-connected dispatching protocols. When power dispatching institutions sign grid-connected dispatching protocols with virtual power plants, they may, based on the different physical electrical partitions of the aggregated adjustable resources in the grid, divide the aggregated adjustable resources into one or multiple virtual power plant units. The power sources within the virtual power plant should be managed for grid-connected safety in accordance with the requirements for grid-connected power sources, and the overall operation management requirements of the virtual power plant should be implemented without involving grid-connected parameters and performance management.

(Twelve) Strengthen control over the grid connection process. New energy and new types of grid-connected entities that fall under the scope of grid security management should organize grid connection acceptance work to ensure that primary and secondary equipment and various systems meet grid connection requirements. Grid companies and their power dispatching institutions should confirm the configuration, parameters, performance, and control capabilities of grid-connected devices, and entities that do not meet the conditions should not be connected to the grid. After grid connection, all grid-connected entities should complete all grid-related tests and submit the qualified test results to the power dispatching institution within the specified time frame.

V. Strengthen the Management of Grid Integration Operations

(Thirteen) Strengthen capacity change management. Local power management departments should work with grid companies to establish a management mechanism for the application, review, and testing of capacity changes (including AC and DC sides) for new energy and new types of grid-connected entities. Grid companies should improve the management processes for grid-connected entities' outages and maintenance to ensure that the generation and regulation capabilities of grid-connected entities are effectively controlled during their grid-connected operation. Grid-connected entities must strictly follow the capacity change management process and are strictly prohibited from unilaterally changing capacity.

(XIV) Strengthen the construction of regulation capabilities and information collection capabilities. Grid-connected entities subject to cyber security management should have the ability to receive and execute control and regulation commands from power dispatching agencies, meeting the "adjustable and controllable" requirements for grid operation. Grid-connected entities should, in accordance with the "observable and measurable" requirements for grid operation, upload real-time information on the operation of major equipment, including but not limited to active power, reactive power, voltage, current, and other telemetry, as well as telemetry such as the position of major equipment and important protection signals, and other information required by the grid connection dispatching agreement. Information upload should meet the minute-level collection requirements, and relevant operational information and dispatching control functions should be integrated into the dispatching system. The communication methods and protocols should meet the requirements of power dispatching agencies.

(Fifteen) Strengthen the management of virtual power plant operations. Virtual power plants that fall within the scope of grid security management are required to submit a list of adjustable resources and change requests to power dispatching agencies on a monthly basis. Changes to adjustable resources and their capacities are generally not allowed within the month without prior notice. If adjustments are necessary, a change request must be submitted to the power dispatching agency before the adjustment is made. Virtual power plants must conduct real-time operation monitoring, have a real-time grasp of the operational status of aggregated adjustable resources, automatically receive and strictly implement market clearing results, and promptly report the execution status to market operators automatically. Tampering with various data is strictly prohibited.

(Sixteen) Strengthening Cybersecurity Management. Grid-connected entities must strictly comply with relevant cybersecurity laws, regulations, national standards, and industry standards, optimize the cybersecurity protection system for power monitoring systems, strengthen supply chain security controls, and prohibit the unauthorized setting or pre-provision of any external control interfaces. New energy and new grid-connected entities that use internet technologies such as cloud platforms for monitoring shall, in accordance with regulations and standards, install cybersecurity monitoring, isolation devices, and other cybersecurity facilities, and report to the corresponding dispatching agencies. The cybersecurity protection of the control-related functions of the technical support systems (or platforms) for virtual power plants must strictly adhere to the requirements of the "Regulations on the Security Protection of Power Monitoring Systems" (Order No. of the National Development and Reform Commission of the People's Republic of China).

(Seventeen) Strengthening Communication Operation Management. The operating conditions of new energy and new grid-connected entities' communication equipment accessing the power communication network should comply with the operational requirements of the power communication network, be maintained by dedicated personnel, and be integrated into the power communication network management system for unified management. Strict adherence to communication dispatching and maintenance management requirements must be enforced. The information uploaded to the power dispatching agencies should be complete, comprehensive, and accurate, with reliable and stable communication links.

Six, Creating a Safe Development Environment

(Eighteen) Strengthen supervision and management mechanisms. The National Energy Administration and its dispatched agencies, as well as local power management departments, should enhance supervision and management of grid security, improve coordination mechanisms for supervision and management, and regularly organize inspections of grid enterprises, power dispatching institutions, and grid-connected entities. Power dispatching institutions should strengthen management of grid-connected entities' involvement in grid security. For actions taken by grid-connected entities to evade power dispatching control, such as damaging communication equipment and facilities, strict dispatching discipline should be enforced and assessments made in accordance with relevant regulations. If necessary, the grid disconnection procedure should be carried out in accordance with regulations, and the situation should be reported to the National Energy Administration and its dispatched agencies, as well as local power management departments.

(Nineteen) Strengthen publicity and guidance efforts. Enhance the publicity and interpretation of policy documents, strengthen the awareness of joint governance for safety, consolidate the consensus on safe development, and create a secure environment conducive to the development of grid-connected entities. Actively publicize positive examples and promptly summarize and promote advanced experiences and effective practices explored in the field by various regions.

National Energy administration

date