The URL can be used to link to this page

Home My WebLink AboutRESO 9985 6055477RV3 Resolution No. 9985 Resolution of the Council of the City of Palo Alto Approving the City of Palo Alto’s 2021 Electric Utility Physical Security Plan R E C I T A L S A. On January 10, 2019, the California Public Utilities Commission (“CPUC”) approved Decision (D.) 19-01-018 (“Decision”) requiring all electric utilities to develop and implement a plan that (1) identifies electric distribution assets that require greater protection; and (2) specifies measures to reduce the identified risks and threats to those facilities (“Physical Security Plan”). B. While City of Palo Alto Utilities (CPAU), like other publicly owned utilities (POUs), is not subject to CPUC jurisdiction, safety is a top priority for POUs, so in the spirit of continued voluntary cooperation, CPAU and other POUs agreed to draft Physical Security Plans. C. The Physical Security Plan attached is the public report on CPAU’s physical security program for the electric distribution-level facilities that require evaluation under the Decision. D. The CPAU’s Physical Security Plan includes the following self-evaluation steps: a. Identifies covered distribution facilities by analyzing all distribution-level facilities in CPAU’s service territory, using seven screening factors. b. Assesses the potential risks associated with a successful physical attack on each covered facility and determines whether existing resiliency and/or physical security measures appropriately mitigate identified risks. c. Develops mitigation plans for any individual covered facilities as needed, using reasonable and cost-effective measures. E. The Plan also details ongoing maintenance practices and planned additions that will ensure the physical safety of the identified facilities. This includes descriptions of workforce training and imminent updates to facility designs, as needed. F. Independent review steps follow CPAU’s self-evaluation: a. Qualified Third-Party review. The Decision requires an entity independent of CPAU with law enforcement and physical security expertise, such as the Palo Alto Police Department, to evaluate and analyze the Physical Security Plan. The Palo Alto Police Department’s Office of Emergency Services (OES) performed the Qualified Third-Party review for this Plan in May, 2021, and supported the Plan’s findings. It asserted that the Plan’s proposed actions would increase overall DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF 6055477RV3 resilience. It listed a few specific areas that CPAU could focus on for additional resiliency in the future, such as local generation and storage. CPAU agreed, also noting the importance of local generation and storage. b. Qualified Authority Validation. CPAU must submit its Utility Security Plan to a Qualified Authority for validation on the overall adequacy of the Plan. The Qualified Authority must have sufficient familiarity with relevant federal, state and local standards regarding critical asset protection and emergency response. The City’s Fire Department agreed to serve as the Qualified Authority for this validation step, provide additional feedback and evaluation of CPAU’s Utility Security Plan, and determine the Utility Security Plan’s adequacy. The Palo Alto Fire Department performed the Qualified Authority Validation for this Plan in August, 2021, and found that the plan logically identified known risks and provided reasonable mitigation plans. CPAU accepted this conclusion and restated its commitment to maintaining and improving its security measures. G. With the completion of the Qualified Third-Party review and Validation, staff is presenting the Physical Security Plan to Council for approval, and upon approval will provide notice to the CPUC. NOW, THEREFORE, the Council of the City of Palo Alto RESOLVES as follows: SECTION 1. The Council hereby adopts a resolution approving CPAU’s 2021 Electric Utility Physical Security Plan, as shown in Exhibit A, enabling CPAU to submit an executed copy of this Resolution as notice of the Plan’s approval to CPUC. SECTION 2. The Council directs CPAU staff to continue ongoing evaluation of the Physical Security Plan as appropriate and necessary to preserve the Plan’s integrity, with a goal of renewed evaluation every five years, as encouraged by CPUC guidelines. // // // // // // // DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF 6055477RV3 // SECTION 3. The Council finds that the adoption of this resolution does not meet the definition of a project under Public Resources Code Section 21065, thus, no environmental assessment under the California Environmental Quality Act is required at present. Individual upgrades or changes at utility facilities, if needed as a result of the City’s implementation of the Plan, will be analyzed under CEQA. INTRODUCED AND PASSED: September 13, 2021 AYES: BURT, CORMACK, DUBOIS, FILSETH, KOU, STONE, TANAKA NOES: ABSENT: ABSTENTIONS: ATTEST: __________________________ _____________________________ City Clerk Mayor APPROVED AS TO FORM: APPROVED: __________________________ _____________________________ Assistant City Attorney City Manager _____________________________ Director of Utilities DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CITY OF PALO ALTO ELECTRIC UTILITY SECURITY PLAN PUBLIC REPORT ON CITY OF PALO ALTO’S PHYSICAL SECURITY PROGRAM FOR ELECTRIC DISTRIBUTION- LEVEL FACILITIES May 5, 2021 DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF TABLE OF CONTENTS I. Overview .............................................................................................................................................. 4 A. Goal of Utility Security Plan ............................................................................................................ 4 B. Description of CPAU ....................................................................................................................... 4 C. Results of Utility Security PLan Assessment ................................................................................... 4 II. Background .......................................................................................................................................... 6 III. Plan development process ................................................................................................................ 8 A. Physical Security Principles ............................................................................................................. 8 B. Utility Security Plan Development Process ................................................................................... 8 STEP 1: Assessment/Plan Development ............................................................................................. 8 STEp 1A: Identify Covered Distribution Facilities ............................................................................... 8 STEP 1B: Perform risk assessment ........................................................................................................ 9 STEP 1C: Develop mitigation plan ..................................................................................................... 9 STEP 2: Independent review ............................................................................................................... 9 STEP 3: Validation ................................................................................................................................. 9 STEP 4: Adoption ................................................................................................................................ 10 STEP 5: Maintenance ......................................................................................................................... 10 STEP 6: Repeat process ..................................................................................................................... 10 IV. Identification of covered distribution faciliites (Step 1A) .............................................................. 10 A. Identification Factors .................................................................................................................... 10 B. Identification analysis ................................................................................................................... 11 V. Risk assessment (Step 1B) .................................................................................................................. 13 A. Methodology ................................................................................................................................. 13 B. Mitigation Measures ..................................................................................................................... 13 C. Risk Assessment ............................................................................................................................. 15 DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF VI. Covered Distribution Facility Mitigation plans (Step 1C) .............................................................. 18 VII. Independent evaluation and Response (Step 2) .......................................................................... 19 A. Requirements for qualified third party review ........................................................................... 19 B. Identification of third party reviewer .......................................................................................... 19 C. Public results of third party evaluation ....................................................................................... 19 D. CPAU REsponse ............................................................................................................................. 19 VIII. Validation (Step 3) ............................................................................................................................. 20 A. Selection of qualified authority ................................................................................................... 20 B. Results of qualified authority review ........................................................................................... 20 C. CPAU Response to Qualied authority review ............................................................................ 20 IX. Narrative Descriptions for Utility Security Plan ................................................................................ 21 A. Asset Management program ...................................................................................................... 21 B. Workforce training and retention program ............................................................................... 21 C. Preventative maintenance plan ................................................................................................ 21 D. Physical security Event Training ................................................................................................... 21 E. Communication infrastructure risk assessment ......................................................................... 22 F. Facility design Features ................................................................................................................ 22 DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 4 I. OVERVIEW A. GOAL OF UTILITY SECURITY PLAN Ensuring the safety of its facilities is a top priority for City of Palo Alto Utilities (CPAU), and CPAU prioritizes safety in all aspects of its design, operation, and maintenance practices. The overarching goal of this Utility Security Plan is to describe CPAU’s risk management approach toward distribution system physical security, with appropriate consideration of resiliency, impact, and cost. CPAU recognizes the importance of securing the safety and reliability of its electric system and, therefore, CPAU voluntarily participated in the California Public Utilities Commission’s (CPUC) Physical Security proceeding and has undertaken this assessment. In the spirit of continued voluntary cooperation, CPAU offers the following in response to CPUC Decision 19-01-018. B. DESCRIPTION OF CPAU CPAU is a municipal utility that operates in the charter city of Palo Alto, California. CPAU serves approximately 30,000 customers in an urban setting via 9 distribution substations consisting of 9 miles of subtransmission lines and 307 distribution lines across 26 square miles. Nine of these substations meet the definition of Distribution Substation1 as each is considered an electrical power substation associated with the distribution system and the primary feeders for supply to residential, commercial and/or industrial loads. C. RESULTS OF UTILITY SECURITY PLAN ASSESSMENT CPAU applied the methodology described in Section 3B of this document to identify Covered Distribution Facilities2, assess the risk of a successful physical attack, identify preliminary mitigation measures, secure Third Party Verification, and develop and implement a Final Security Plan, consistent with D.19-01-018. Three Covered Distribution Facilities’ loads, which serve a wastewater treatment facility and Level 1 trauma centers, are served by 2 substations. Based on this assessment, additional mitigation measures are recommended at 1 substation, to reduce the effective risk level from MID to LOW. The mitigation projects identified within this Plan will reduce this level from MID to LOW, including enhanced physical security protections to reduce the likelihood of 1 Per D.19-01-018 at 23, “The Joint Utility Proposal defines Distribution Substation as an electric power substation associated with the distribution system and the primary feeders for supply to residential, commercial and/or industrial loads. 2 Per D.19-01-018 at 25, note 49, “Distribution Facilities” include “A Distribution Substation or Distribution Control Center.” DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 5 attack, and site improvement projects to eliminate access. All other Distribution Facilities have LOW or negligible risk and, consistent with the Joint Utility Proposal described in D.19-01-018, were not further evaluated. The City’s Office of Emergency Services (OES), on behalf of the Palo Alto Police Department, is the third party reviewing entity. The OES Chief is a sworn law enforcement officer. Palo Alto OES supports the internal risk and threat profiles identified by CPAU and the proposed mitigation measures and corrective actions. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 6 II. BACKGROUND On April 16, 2013, one or more individuals attacked equipment located within Pacific Gas and Electric Company’s (PG&E) Metcalf Transmission Substation, ultimately damaging 17 transformers. These individuals also cut nearby fiber-optic telecommunication cables owned by AT&T. In response to the attack, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to develop new physical security requirements, resulting in the creation of CIP-014. At the state level, Senator Jerry Hill authored SB 699 (2014), directing the CPUC to “consider adopting rules to address the physical security risks to the distribution systems of electrical corporations.” In response to SB 699, the CPUC’s Safety and Enforcement Division, Risk Assessment and Safety Advisory Section (RASA) prepared a white paper proposing a new requirement for investor owned utilities (IOUs) and publicly owned utilities (POUs) to develop security plans that would identify security risks to their distribution and transmission systems, and propose methods to mitigate those risks. The CPUC hosted a series of workshops to better understand the state of utility physical security protections and to seek input on refining their proposal. In order to support a statewide improvement of how utilities address distribution level physical security risks, the California Municipal Utilities Association (CMUA), which is the statewide trade association for POUs, coordinated with the state’s IOUs to develop a comprehensive Straw Proposal3 (Joint IOU/POU Straw Proposal) for a process to identify at-risk facilities and, if necessary, develop physical security mitigation plans. As a member of CMUA, CPAU staff participated in the development of the Joint IOU/POU Straw Proposal through a CMUA working group as well as through direct meetings with the IOUs. The Joint POU/IOU Straw Proposal set out a process for the following: (1) identifying if the utility has any high priority distribution facilities; (2) evaluating the potential risks to those high priority distribution facilities; (3) for the distribution facilities where the identified risks are not effectively mitigated through existing resilience/security measures, developing a mitigation plan; (4) obtaining third party reviews of the mitigation plans; (5) adopting a document retention policy; (6) ensuring a review process established by the POU governing board; and (7) implementing information sharing protocols. RASA filed a response4 to the Joint IOU/POU Straw Proposal that recommended various modifications and clarifications, including a six-step process. Additionally, RASA recommended that the utility mitigation plans include: (1) an assessment of supply chain vulnerabilities; (2) training programs for law enforcement and utility staff to improve communication during physical security events; and (3) an assessment of any nearby communication utility infrastructure that supports priority distribution substations. 3 Straw Proposal available at: https://www.cpuc.ca.gov/uploadedFiles/CPUCWebsite/Content/Safety/Risk_Assessment/physicalsecurity/R1506009- Updated%20Joint%20Straw%20Proposal%20and%20Cover%20083117%20Filing.pdf. 4 RASA Response available at: https://www.cpuc.ca.gov/uploadedFiles/CPUCWebsite/Content/Safety/Risk_Assessment/physicalsecurity/Final%20Staff%20Recommendation%20for%20Commission%20Consideration%20010318.pdf. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 7 In early 2019, the CPUC approved Decision (D.) 19-01-018, which adopted the Joint IOU/POU Straw Proposal as modified by the RASA proposal, with additional clarifications and guidance. D.19-01-018 clarified that where there is a conflict between the Straw Proposal and the RASA proposal, then it is the rule in the RASA proposal that controls.5 D.19-01-018 asserted that the POUs should utilize the Utility Security Plan process described therein. CPAU is following the process and issuing this report at this time to reflect its existing commitment to safety and to protecting its ratepayers’ investment by taking reasonable and cost-effective measures in an effort to safeguard key assets of its distribution system. 5 D.19-01-018 at 43, footnote 58 (“Should there be any question of which shall predominate should there be any incongruity or conflict between a utility or SED RASA recommended rule, the SED RASA rule shall apply.”). DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 8 III. PLAN DEVELOPMENT PROCESS A. PHYSICAL SECURITY PRINCIPLES The Joint IOU/POU Straw Proposal seeks to support the creation of a risk management approach toward distribution system physical security, with appropriate considerations of resiliency, impact, and cost. In order to accomplish this risk-based approach, the Joint IOU/POU Straw Proposal identifies several principles to guide the development of each individual utility’s program. These principles are the following: 1. Distribution systems are not subject to the same physical security risks and associated consequences, including threats of physical attack by terrorists, as the transmission system. 2. Distribution utilities will not be able to eliminate the risk of a physical attack occurring, but certain actions can be taken to reduce the risk or consequences, or both, of a significant attack. 3. A one-size-fits-all standard or rule will not work. Distribution utilities should have the flexibility to address physical security risks in a manner that works best for their systems and unique situations, consistent with a risk management approach. 4. Protecting the distribution system should consider both physical security protection and operational resiliency or redundancy. 5. The focus should not be on all Distribution Facilities, but only those that risk dictates would require additional measures. 6. Planning and coordination with the appropriate federal and state regulatory and law enforcement authorities will help prepare for attacks on the electrical distribution system and thereby help reduce or mitigate the potential consequences of such attacks. B. Utility Security Plan Development Process CPAU utilized a multi-step process to develop this Utility Security Plan that is consistent with the Joint IOU/POU Straw Proposal and D.19-01-018. The relevant six steps of that process are the following: STEP 1: ASSESSMENT/PLAN DEVELOPMENT CPAU staff prepares a Draft Utility Security Plan through the process set forth in Steps 1A, 1B, and 1C. STEP 1A: IDENTIFY COVERED DISTRIBUTION FACILITIES DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 9 CPAU will evaluate all distribution-level facilities in its service territory that are subject to its control to determine if any facility meets D.19-01-018’s definition of a “Covered Distribution Facility”6 using the seven factors identified in the Joint IOU/POU Straw Proposal. STEP 1B: PERFORM RISK ASSESSMENT For every individual Covered Distribution Facility identified pursuant to Step 1A, CPAU will perform an evaluation of the potential risks associated with a successful physical attack on that Covered Distribution Facility, and whether existing grid resiliency, back-up generation, and/or physical security measures appropriately mitigate identified risks. STEP 1C: DEVELOP MITIGATION PLAN If there are any individual Covered Distribution Facilities where the Risk Assessment performed pursuant to Step 1B finds that the existing mitigation and/or resiliency measures do not effectively mitigate the identified risks, then CPAU will develop a Mitigation Plan for that Covered Distribution Facility. The Mitigation Plan will use a risk-based approach to select reasonable and cost-effective measures that can either be security focused (e.g., walls or alarms) or resiliency focused (e.g., adequate spare parts). STEP 2: INDEPENDENT REVIEW For every Utility Security Plan cycle, CPAU will document the results of the identification process, risk assessment, and Mitigation Plan development performed pursuant to Steps 1A, 1B, and 1C. This documentation in combination with narrative description in Section IX below, constitutes CPAU’s Draft Utility Security Plan. Each Draft Utility Security Plan is submitted to a Qualified Third Party for Independent Review. The Qualified Third Party Reviewer will then issue an evaluation that identifies any potential deficiencies in the Draft Utility Security Plan as well as recommendations for improvements. CPAU will then modify its plan to address any identified deficiencies or recommendations, or will document the reasons why any recommendations were not adopted. The combination of the Draft Utility Security Plan, the non-confidential conclusions of the Qualified Third Party Reviewer, and CPAU’s responses to the Qualified Third Party Review will constitute CPAU’s Utility Security Plan. STEP 3: VALIDATION 6 Per D.19-01-018 at 26, “covered is the utility working group term employed to describe those assets that are applicable, or that should be subject to physical security.” For purposes of this Plan, CPAU has determined that Covered Distribution Facilities include Distribution Substations, but not Distribution Control Centers, since analysis of Distribution Control Centers is applicable to Investor Owned Utilities only (see pages 35 and 49 of D. 19-01-018.)” DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 10 CPAU will submit its Utility Security Plan to a qualified authority for review. Such entity will provide additional feedback and evaluation of CPAU’s Utility Security Plan and, to the extent that this entity is authorized, such entity may deem the Utility Security Plan as adequate. STEP 4: ADOPTION CPAU’s Utility Security Plan will be presented to and adopted by City of Palo Alto Council at a public meeting. STEP 5: MAINTENANCE CPAU will refine and update the Utility Security as appropriate and as necessary to preserve plan integrity. STEP 6: REPEAT PROCESS CPAU will repeat this six step process at least once every five years. IV. IDENTIFICATION OF COVERED DISTRIBUTION FACILIITES (STEP 1A) As described in Section III, Step 1A of the Utility Security Plan process involves assessing all distribution-level facilities that are subject to the control of CPAU to determine which facilities are “Covered Distribution Facilities” subject to the need for a risk assessment. This Section describes the factors that CPAU used to evaluate its distribution facilities and the results of its evaluation. A. IDENTIFICATION FACTORS The Joint IOU/POU Straw Proposal defines seven screening factors to determine if a facility is a “Covered Distribution Facility.” Some factors require additional definitions and/or clarifications in order to be applied to CPAU’s facilities. The following Table provides the Joint IOU/POU Straw Proposal’s Factors as modified/clarified by CPAU. Factor Joint IOU/POU Straw Proposal Description Facilities Covered with Additional Clarifications 1 Distribution Facility necessary for crank path, black start or capability essential to the restoration of regional electricity service that are not subject to the California Independent System Operator’s (CAISO) operational control and/or subject to North American Electric Reliability Corporation (NERC) Reliability Standard CIP-014-2 or its successors CPAU has no black start facilities within its service territory. 2 Distribution Facility that is the primary source of electrical service to a military installation essential to national security and/or There are no military installations as defined here essential for national DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 11 emergency response services (may include certain airfields, command centers, weapons stations, emergency supply depots) security or emergency response within CPAU’s service territory. 3 Distribution Facility that serves installations necessary for the provision of regional drinking water supplies and wastewater services (may include certain aqueducts, well fields, groundwater pumps, and treatment plants) CPAU has a regional Water Quality Control Plant in its service territory that provides wastewater services to the City of Palo Alto and surrounding cities with a combined population of over 100,000. See https://www.cleanbay.org/regional-water-quality-control-plant/regional- water-quality-control-plant 4 Distribution Facility that serves a regional public safety establishment (may include County Emergency Operations Centers; county sheriff’s department and major city police department headquarters; major state and county fire service headquarters; county jails and state and federal prisons; and 911 dispatch centers) There are no regional public safety establishments as defined here in CPAU’s service territory. 5 Distribution Facility that serves a major transportation facility (may include International Airport, Mega Seaport, other air traffic control center, and international border crossing) There are no major transportation facilities as defined here in CPAU’s service territory. 6 Distribution Facility that serves as a Level 1 Trauma Center as designated by the Office of Statewide Health Planning and Development CPAU identified two Level 1 Trauma Centers in its service territory – the Stanford Hospitals at two locations within Palo Alto. See https://stanfordhealthcare.org/for-patients-visitors/locations-and- parking.html 7 Distribution Facility that serves over 60,000 meters CPAU does not have a Distribution Facility that serves over 60,000 meters. CPAU serves 29,136 meters. See https://www.cityofpaloalto.org/civicax/filebank/documents/16777/ B. IDENTIFICATION ANALYSIS In performing this identification analysis, CPAU assessed all distribution level facilities that are subject to its exclusive control. The specific types of facilities include substations. Based on this scope, CPAU has identified 9 facilities that are subject to this identification analysis. Of these 9 facilities, 3 fall within 1 of the categories listed above. These 3 facilities listed below constitute CPAU’s “Covered Distribution Facilities.” The following table summarizes the results of CPAU’s identification analysis. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 12 Facility ID 1. Crank Path, Black Start 2. Military Installation 3. Regional Drinking Water/ Wastewater Services 4. Regional Public Safety 5. Major Transportation Facility 6. Level 1 Trauma Center 7. Over 60,000 Meters Substation 1 New Stanford Hospital at 500 Pasteur Drive Substation 2 Old Stanford Hospital at 300 Pasteur Drive Substation 3 Water Quality Control Plant at 2501 Embarcadero Way DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 13 V. RISK ASSESSMENT (STEP 1B) A. METHODOLOGY Pursuant to the process identified in the Joint IOU/POU Straw Proposal and D.19-01-018, CPAU assessed the potential risks associated with a successful physical attack on each of the Covered Distribution Facilities identified in Section IV above. For purpose of this analysis, a physical attack is limited to the following: (1) theft; (2) vandalism; and (3) discharge of a firearm. A “successful physical attack” is limited to circumstances where a theft, vandalism, and/or the discharge of a firearm has directly led to the failure of any elements of the Covered Distribution Facility that are necessary to provide uninterrupted service to the specific load identified in Section IV. In order to perform this risk analysis, CPAU evaluated the relative risk that (1) a physical attack on a Covered Distribution Facility will be successful considering the protective measures in place; or (2) that the impacts of a successful attack will be mitigated due to resiliency and other measures in place. B. MITIGATION MEASURES D.19-01-018 identifies the specific mitigation measures that a utility should consider when performing this risk analysis. The following table lists these mitigation measures and provides CPAU’s additional clarifications that are necessary to apply these measures to CPAU’s territory. Measure D.19-01-018 Description Additional Clarification 1 The existing system resiliency and/or redundancy solutions (e.g., switching the load to another substation or circuit capable of serving the load, temporary circuit ties, mobile generation and/or storage solutions). CPAU evaluated the existing system’s resiliency and redundancy options. CPAU determined that no additional mitigation measures are needed, because all three CPAU Covered Distribution Facilities are fed from circuit feeders that are redundant or can be switched to another circuit feeder from another substation bank. 2 The availability of spare assets to restore a particular load. CPAU evaluated the type and number of compatible spare units available for the 3 Covered Distribution Facilities. CPAU determined that no additional mitigation measures are needed, because if primary circuit feeder breakers, switchgear, power transformers, bus, and/or bus equipment are damaged, the backup substation bank could be switched to the respective Covered Distribution Facility to restore service and prevent an extended outage. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 14 3 The existing physical security protections to reasonably address the risk. CPAU evaluated the site-specific physical security barriers and deterrents above and beyond standard physical security measures, such as remotely monitored alarm, lighting, camera systems, and security walls and fences on the Distribution Facility perimeters. Some of these measures, including minimal cameras and lighting, a secure fence at one of the facilities, and one door alarm, are currently in place for the 3 Covered Distribution Facilities. To enhance their physical security an upgrade is planned for 2022-2023. The construction set for the remaining security measures will be issued for bid in the Summer of 2021 (See 2021.0305 CPA PACKAGE 1 SUBSTATION LTG BID SET (1)). 4 The potential for emergency responders to identify and respond to an attack in a timely manner. CPAU evaluated each Covered Facility and determined that no additional mitigation measures are needed, based on the likelihood that a law enforcement officer could arrive at the Covered Distribution Facility within 15 minutes of a report from the public or from CPAU Utilities Dispatch that a facility alarm had been triggered.7 5 Location and physical surroundings, including proximity to gas pipelines and geographical challenges, and impacts of weather. CPAU evaluated this element based on the proximity of the Covered Distribution Facility to populated areas and the extent to which the interior of the facility is shielded from view and access due to walls, vegetation, or other physical obstructions. Only Substation 3’s physical surroundings may potentially be subject to added risk, due to the adjacent creek. To mitigate access from the creek adjacent to Substation 3, a concrete security wall is planned to be constructed in 2022. 6 History of criminal activity at the Distribution Facility and in the area. CPAU evaluated the property crime rates in the immediate vicinity of the 7 The City’s Police Department confirmed these response time estimates on March 10, 2021. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 15 Covered Distribution Facilities and compared those crimes rates to property crime rates for the county and the state to determine if the area is subject to a higher than average incidence of property related crimes. Based on this evaluation, a concrete security wall is planned to be constructed in 2022 surrounding Substation 3. 7 The availability of other sources of energy to serve the load (e.g., customer owned back-up generation or storage solutions). Of the three Covered Distribution Facilities, one, the New Stanford Hospital has full customer-owned back-up generation capability.8 8 The availability of alternative ways to meet the health, safety, or security. The risk levels and mitigation measures assessed as part of this Plan are sufficient to meet the needs served by CPAU’s critical load. 9 Requirements served by the load (e.g., back up command center or water storage facility). Inherent to the identification methodology considered, the critical loads and corresponding Covered Distribution Facilities were selected based on criteria above and lack of alternatives available to provide that service. Therefore, the requirements served by the load were already considered in the identification and not further contemplated as part of this assessment. C. RISK ASSESSMENT Based on the process described in the Joint IOU/POU Straw Proposal and the direction provided in D.19-01-018, CPAU has determined that existing programs and measures effectively mitigate the risks of a physical attack to LOW for 2 of the 3 Covered Distribution Facilities in Section IV. CPAU’s overall approach to security at all of these substations is to detect, delay or deter most potential adversaries in the timeframe needed to initiate a response that has a reasonable expectation of preventing or containing a catastrophic, negative event. CPAU’s overall prudent utility management and system resiliency measures already in place also serve as mitigation against any impacts of an attempted or successful attack. Physical security is accomplished through perimeter fence, electronic security, and lighting improvements. This applies to all three Covered Distribution Facilities. However, Substation 3 is 8 Confirmed by Stanford’s Assistant Chief Engineer on 4/8/21. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 16 assessed a risk level of MID due to its location and a modest level of increased criminal activity in that area compared to the others. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 17 The following table provides a summary of CPAU’s assessment of each mitigation measure for each Covered Distribution Facility. Facility ID 1. Existing Resiliency 2. Spare Assets 3. Existing Physical Security 4. Emergency Responders 5. Location 6. Criminal History 7. Back up Generation 8-9. Alternate Solution Risk Level Substation 1 Fully Effective Fully Effective In Place / Partly Effective PAPD, primary responder.9 Fully Effective Fully Effective Fully Effective N/A LOW Substation 2 Fully Effective Fully Effective In Place / Partly Effective PAPD, primary responder9 Fully Effective Fully Effective Fully Effective N/A LOW Substation 3 Fully Effective Fully Effective In Place / Partly Effective PAPD, primary responder9 In Place / Partly Effective In Place / Partly Effective Fully Effective N/A MID As identified above, based on the existing protection and control mitigation measures in place, 2 of the 3 Distribution Facilities have a LOW effective risk level. As it is CPAU’s goal to operate the distribution system at as low a risk level as practical, the risk of a successful physical security breach on these Distribution Facilities was determined to be properly mitigated at these 2 locations. However, one Covered Facility was assessed to be a MID level of risk, indicative that additional mitigation measures may be needed to properly reduce the effective risk level to LOW. This facility is discussed in Section VI. 9 While Palo Alto’s Police Department staff will be the primary responder in an emergency, the City of Palo Alto has mutual aid agreements in place with other local agencies that could be called upon as a backup if necessary. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 18 VI. COVERED DISTRIBUTION FACILITY MITIGATION PLANS (STEP 1C) Pursuant to the process identified in the Joint IOU/POU Straw Proposal and D.19-01-018, CPAU has determined that for 1 of the Covered Distribution Facilities that is subject to CPAU’s control, the existing mitigation measures may not effectively reduce the risk of a physical security attack to LOW. This section describes the Mitigation Plan that CPAU has developed for this Covered Distribution Facility. To protect the primary Distribution substation Facilities providing power to the Water Quality Control Plant wastewater facility, additional physical security matters could be taken at Substation 3 to mitigate the risk of attack to LOW. The Distribution Facilities at risk from vandalism and discharge of firearm are circuit feeder breakers, switchgear, power transformer, bus, and/or bus equipment. The risk level is due in part to potential access to the site from the adjacent creek. Thus, the mitigation plan is to enhance the remotely monitored alarms, lighting, and camera systems and add security walls on the Distribution Facility perimeters. A bid for construction of these security measures will be issued in the Spring of 2021. (See 2021.0305 CPA PACKAGE 1 SUBSTATION LTG BID SET (1)). The cost of the alarms, lighting, and camera systems at these Covered Distribution Facilities is estimated to be $500,000, with an estimated completion in 2023. The security walls are an additional $1,500,000 with an estimated completion in 2023. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 19 VII. INDEPENDENT EVALUATION AND RESPONSE (STEP 2) A. REQUIREMENTS FOR QUALIFIED THIRD PARTY REVIEW D.19-01-018 specifies the following criteria for a Qualified Third Party Reviewer: Independence: A Qualified Third Party Reviewer cannot be a division of the POU. A governmental entity can select as the third-party reviewer another governmental entity within the same political subdivision, so long as the entity has the appropriate expertise, and is not a division of the POU that operates as a functional unit, i.e., a municipality could use its police department as its third-party reviewer if it has the appropriate expertise. Adequate Qualifications: A Qualified Third Party Reviewer must be an entity or organization with electric industry physical security experience and whose review staff has appropriate physical security expertise, which means that it meets at least one of the following: (1) an entity or organization with at least one member who holds either an ASIS International Certified Protection Professional (CPP) or Physical Security Professional (PSP) certification; (2) an entity or organization with demonstrated law enforcement, government, or military physical security expertise; or (3) an entity or organization approved to do physical security assessments by the CPUC, Electric Reliability Organization, or similar electrical industry regulatory body. B. IDENTIFICATION OF THIRD PARTY REVIEWER CPAU has selected as its Third Party Reviewer the Palo Alto Police Department. The Palo Alto Police Department is a department of the City of Palo Alto, independent of CPAU. Both CPAU and the Palo Alto Police Department operate as independent functional units of the City of Palo Alto. The Palo Alto Police Department has demonstrated law enforcement and physical security expertise. C. PUBLIC RESULTS OF THIRD PARTY EVALUATION The City’s Office of Emergency Services (OES) has reviewed this document and supports the findings herein. OES further asserts that many of the proposed actions will also increase resilience to other threats and hazards, such as outlined in the Threat Hazard Identification and Risk Assessment (THIRA) report available on www.cityofpaloalto.org/thira. OES suggests that CPAU continue work to support local generation (renewables) and storage (battery systems), especially for key loads and systems, including: micro grids, distributed energy resources (DER), mobile/portable solar-battery systems, and so on. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 20 D. CPAU RESPONSE CPAU agrees with OES’ conclusions and recommendations. CPAU looks forward to continuing to enhance the safety and reliability of its electric distribution system, including continued emphasis on local generation, microgrids and distributed energy resources to support resiliency. VIII. VALIDATION (STEP 3) A. SELECTION OF QUALIFIED AUTHORITY As an additional level of review, the Utility Security Plan of any publicly owned utility (POU) must be submitted to a “qualified authority,” which must make a recommendation on the overall adequacy of the plan. CPAU has determined that the Palo Alto Fire Department has sufficient familiarity with relevant federal, state, and local standards relating to critical asset protection and emergency response in order to serve as the “qualified authority” for the review of CPAU’s Utility Security Plan. The Palo Alto Fire Department has relevant experience in its role as public safety. On August 6, 2021, CPAU received the Palo Alto Fire Department’s review of its draft Utility Security Plan. The scope of the Palo Alto Fire Department’s review is to assess the overall adequacy of plan, considering any relevant federal, state, local, and industry standards with which the Palo Alto Fire Department is familiar. B. RESULTS OF QUALIFIED AUTHORITY REVIEW The Palo Alto Fire Department’s level of review involved checking the Plan for basic adequacy. The Palo Alto Fire Department cannot opine on whether the Plan complies with the CPUC Order or other specific laws or standards. The Palo Alto Fire Department opinion is limited to “validating” the plan’s adequately in addressing key physical security risks to the CPAU substations, and the perceived effectiveness of the mitigation measures identified in the plan. The Palo Alto Fire Department has concluded that the plan appears logical and identifies known risks associated with the Substations of Palo Alto Utilities and provides reasonable mitigation plans to address those risks. C. CPAU RESPONSE TO QUALIED AUTHORITY REVIEW CPAU accepts the Palo Alto Fire Department’s conclusion and will endeavor to maintain and improve its security measures. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 21 IX. NARRATIVE DESCRIPTIONS FOR UTILITY SECURITY PLAN A. ASSET MANAGEMENT PROGRAM It is not feasible to maintain a stock of the wide variety of potential parts needs for the 3 Covered Facilities described here, due to the custom nature of most pieces and impracticality of managing that extensive and expensive stock. CPAU has one spare breaker that is lightly used and could serve as a spare; and CPAU’s fabrication shop could potentially remake a damaged bus. CPAU has determined that the best option for locating spare parts in an emergency is to contact the original equipment vendors via nameplate data. Securing a spare part via original vendors would occur within one day, if the part is currently manufactured or available via resellers. The process would begin with research to identify the part and manufacturer, then contact with the manufacturer’s representative for an emergency lead-time quote. For material that is currently manufactured, CPAU can typically source from the manufacturer’s spare stock or from a neighboring utility within 1 day. However, many of CPAU’s breakers, transformers, and switchgear are no longer manufactured. In this case, CPAU would contact resellers. If the part is available, it can be shipped within 1 day. If the part is not found, CPAU would do an emergency replacement of the entire system with an available material. This would take longer, perhaps weeks for a breaker and months for a transformer or switchgear lineup. B. WORKFORCE TRAINING AND RETENTION PROGRAM CPAU provides workforce training through apprentice programs,10 2000 hours of on the job training per year, 2 weeks of in classroom and practical field instruction training per year. CPAU staff also attend internal programs consisting of substation and distribution switching clearance procedures, and job briefings, to retain and share knowledge. As CPAU’s territory and staffing is small, the same staff that performs maintenance is cross-trained to effectively make repairs, with the addition of potentially available contractors. C. PREVENTATIVE MAINTENANCE PLAN CPAU’s primary mitigation plan is to use field switches to switch loads to alternative circuit feeders when one substation is inoperable. Staff executes special switching orders, moving the load around to deenergize switches and feeders, which present opportunities to exercise the switches. In addition, the alternative circuit feeders are currently energized with other loads, essentially placing them in standby mode, meaning the conductors and switches are warm and free of moisture and therefore readily available for use. D. PHYSICAL SECURITY EVENT TRAINING 10 Curriculum may be found here: https://lineman.edu/business/2021-lineman-apprenticeship-program-catalog/. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF CPAU Utility Security Plan May 5, 2021 – Step 2; Independent Review - Complete 22 CPAU ensures staff readiness through the regular workforce training programs described above, rather than through special event trainings. E. COMMUNICATION INFRASTRUCTURE RISK ASSESSMENT CPAU’s primary operation method for its distribution system is physical, in-person field operation of its infrastructure. Therefore, CPAUs vulnerability to communication threats is LOW. F. FACILITY DESIGN FEATURES CPAU is focusing on features that highlight potential attackers with outward facing lighting and accompanying infrared pan/tilt/zoom (PTZ) cameras, removing vegetation that provides hiding areas, and replacing climbable fence sections. In addition, CPAU will staff substations to the extent feasible during high threat situations, such as an elevated recommendation from the federal government regulatory agency, NERC. This could consist of a 24/7 presence, or a nightly presence, depending on the recommendation and severity of the threat. DocuSign Envelope ID: 06EF7791-BC02-4614-A6FF-FC46470025DF Certificate Of Completion Envelope Id: 06EF7791BC024614A6FFFC46470025DF Status: Completed Subject: Please DocuSign: RESO 9985 Attachment Electirc Utility Security Plan.pdf, RESO 9985 Physical Se... Source Envelope: Document Pages: 25 Signatures: 5 Envelope Originator: Certificate Pages: 5 Initials: 0 Danielle Kang AutoNav: Enabled EnvelopeId Stamping: Enabled Time Zone: (UTC-08:00) Pacific Time (US & Canada) 250 Hamilton Ave Palo Alto , CA 94301 Danielle.Kang@cityofpaloalto.org IP Address: 199.33.32.254 Record Tracking Status: Original 9/23/2021 1:08:01 PM Holder: Danielle Kang Danielle.Kang@cityofpaloalto.org Location: DocuSign Security Appliance Status: Connected Pool: StateLocal Storage Appliance Status: Connected Pool: City of Palo Alto Location: DocuSign Signer Events Signature Timestamp Amy Bartell Amy.Bartell@CityofPaloAlto.org Assistant City Attorney City of Palo Alto Security Level: Email, Account Authentication (None) Signature Adoption: Pre-selected Style Using IP Address: 199.33.32.254 Sent: 9/23/2021 1:09:37 PM Viewed: 9/23/2021 1:14:05 PM Signed: 9/23/2021 1:14:17 PM Electronic Record and Signature Disclosure: Accepted: 7/16/2015 5:52:40 AM ID: d8ecb53d-ef81-4016-8886-1560c48de42a Dean Batchelor Dean.Batchelor@CityofPaloAlto.org Director of Utilities Security Level: Email, Account Authentication (None)Signature Adoption: Pre-selected Style Using IP Address: 199.33.32.254 Sent: 9/23/2021 1:14:20 PM Viewed: 9/23/2021 1:16:59 PM Signed: 9/23/2021 1:17:36 PM Electronic Record and Signature Disclosure: Not Offered via DocuSign Ed Shikada Ed.Shikada@CityofPaloAlto.org Ed Shikada, City Manager City of Palo Alto Security Level: Email, Account Authentication (None) Signature Adoption: Pre-selected Style Using IP Address: 199.33.32.254 Sent: 9/23/2021 1:17:38 PM Viewed: 9/23/2021 2:40:38 PM Signed: 9/23/2021 2:40:56 PM Electronic Record and Signature Disclosure: Not Offered via DocuSign Tom DuBois tomforcouncil@gmail.com Security Level: Email, Account Authentication (None) Signature Adoption: Pre-selected Style Using IP Address: 24.5.55.204 Sent: 9/23/2021 2:40:59 PM Viewed: 9/24/2021 3:00:54 PM Signed: 9/24/2021 3:01:05 PM Electronic Record and Signature Disclosure: Not Offered via DocuSign Signer Events Signature Timestamp Lesley Milton Lesley.Milton@CityofPaloAlto.org City Clerk Security Level: Email, Account Authentication (None)Signature Adoption: Pre-selected Style Using IP Address: 199.33.32.254 Sent: 9/24/2021 3:01:07 PM Resent: 9/29/2021 9:20:07 PM Viewed: 9/30/2021 3:19:39 PM Signed: 9/30/2021 3:19:42 PM Electronic Record and Signature Disclosure: Not Offered via DocuSign In Person Signer Events Signature Timestamp Editor Delivery Events Status Timestamp Agent Delivery Events Status Timestamp Intermediary Delivery Events Status Timestamp Certified Delivery Events Status Timestamp Carbon Copy Events Status Timestamp Witness Events Signature Timestamp Notary Events Signature Timestamp Envelope Summary Events Status Timestamps Envelope Sent Hashed/Encrypted 9/23/2021 1:09:37 PM Certified Delivered Security Checked 9/30/2021 3:19:39 PM Signing Complete Security Checked 9/30/2021 3:19:42 PM Completed Security Checked 9/30/2021 3:19:42 PM Payment Events Status Timestamps Electronic Record and Signature Disclosure CONSUMER DISCLOSURE From time to time, City of Palo Alto (we, us or Company) may be required by law to provide to you certain written notices or disclosures. Described below are the terms and conditions for providing to you such notices and disclosures electronically through your DocuSign, Inc. (DocuSign) Express user account. Please read the information below carefully and thoroughly, and if you can access this information electronically to your satisfaction and agree to these terms and conditions, please confirm your agreement by clicking the 'I agree' button at the bottom of this document. Getting paper copies At any time, you may request from us a paper copy of any record provided or made available electronically to you by us. For such copies, as long as you are an authorized user of the DocuSign system you will have the ability to download and print any documents we send to you through your DocuSign user account for a limited period of time (usually 30 days) after such documents are first sent to you. After such time, if you wish for us to send you paper copies of any such documents from our office to you, you will be charged a $0.00 per-page fee. You may request delivery of such paper copies from us by following the procedure described below. Withdrawing your consent If you decide to receive notices and disclosures from us electronically, you may at any time change your mind and tell us that thereafter you want to receive required notices and disclosures only in paper format. How you must inform us of your decision to receive future notices and disclosure in paper format and withdraw your consent to receive notices and disclosures electronically is described below. Consequences of changing your mind If you elect to receive required notices and disclosures only in paper format, it will slow the speed at which we can complete certain steps in transactions with you and delivering services to you because we will need first to send the required notices or disclosures to you in paper format, and then wait until we receive back from you your acknowledgment of your receipt of such paper notices or disclosures. To indicate to us that you are changing your mind, you must withdraw your consent using the DocuSign 'Withdraw Consent' form on the signing page of your DocuSign account. This will indicate to us that you have withdrawn your consent to receive required notices and disclosures electronically from us and you will no longer be able to use your DocuSign Express user account to receive required notices and consents electronically from us or to sign electronically documents from us. All notices and disclosures will be sent to you electronically Unless you tell us otherwise in accordance with the procedures described herein, we will provide electronically to you through your DocuSign user account all required notices, disclosures, authorizations, acknowledgements, and other documents that are required to be provided or made available to you during the course of our relationship with you. To reduce the chance of you inadvertently not receiving any notice or disclosure, we prefer to provide all of the required notices and disclosures to you by the same method and to the same address that you have given us. Thus, you can receive all the disclosures and notices electronically or in paper format through the paper mail delivery system. If you do not agree with this process, please let us know as described below. Please also see the paragraph immediately above that describes the consequences of your electing not to receive delivery of the notices and disclosures electronically from us. Electronic Record and Signature Disclosure created on: 10/1/2013 8:33:53 AM Parties agreed to: Amy Bartell How to contact City of Palo Alto: You may contact us to let us know of your changes as to how we may contact you electronically, to request paper copies of certain information from us, and to withdraw your prior consent to receive notices and disclosures electronically as follows: To contact us by email send messages to: david.ramberg@cityofpaloalto.org To advise City of Palo Alto of your new e-mail address To let us know of a change in your e-mail address where we should send notices and disclosures electronically to you, you must send an email message to us at david.ramberg@cityofpaloalto.org and in the body of such request you must state: your previous e-mail address, your new e-mail address. We do not require any other information from you to change your email address.. In addition, you must notify DocuSign, Inc to arrange for your new email address to be reflected in your DocuSign account by following the process for changing e-mail in DocuSign. To request paper copies from City of Palo Alto To request delivery from us of paper copies of the notices and disclosures previously provided by us to you electronically, you must send us an e-mail to david.ramberg@cityofpaloalto.org and in the body of such request you must state your e-mail address, full name, US Postal address, and telephone number. We will bill you for any fees at that time, if any. To withdraw your consent with City of Palo Alto To inform us that you no longer want to receive future notices and disclosures in electronic format you may: i. decline to sign a document from within your DocuSign account, and on the subsequent page, select the check-box indicating you wish to withdraw your consent, or you may; ii. send us an e-mail to david.ramberg@cityofpaloalto.org and in the body of such request you must state your e-mail, full name, IS Postal Address, telephone number, and account number. We do not need any other information from you to withdraw consent.. The consequences of your withdrawing consent for online documents will be that transactions may take a longer time to process.. Required hardware and software Operating Systems: Windows2000? or WindowsXP? Browsers (for SENDERS): Internet Explorer 6.0? or above Browsers (for SIGNERS): Internet Explorer 6.0?, Mozilla FireFox 1.0, NetScape 7.2 (or above) Email: Access to a valid email account Screen Resolution: 800 x 600 minimum Enabled Security Settings: •Allow per session cookies •Users accessing the internet behind a Proxy Server must enable HTTP 1.1 settings via proxy connection ** These minimum requirements are subject to change. If these requirements change, we will provide you with an email message at the email address we have on file for you at that time providing you with the revised hardware and software requirements, at which time you will have the right to withdraw your consent. Acknowledging your access and consent to receive materials electronically To confirm to us that you can access this information electronically, which will be similar to other electronic notices and disclosures that we will provide to you, please verify that you were able to read this electronic disclosure and that you also were able to print on paper or electronically save this page for your future reference and access or that you were able to e-mail this disclosure and consent to an address where you will be able to print on paper or save it for your future reference and access. Further, if you consent to receiving notices and disclosures exclusively in electronic format on the terms and conditions described above, please let us know by clicking the 'I agree' button below. By checking the 'I Agree' box, I confirm that: • I can access and read this Electronic CONSENT TO ELECTRONIC RECEIPT OF ELECTRONIC CONSUMER DISCLOSURES document; and • I can print on paper the disclosure or save or send the disclosure to a place where I can print it, for future reference and access; and • Until or unless I notify City of Palo Alto as described above, I consent to receive from exclusively through electronic means all notices, disclosures, authorizations, acknowledgements, and other documents that are required to be provided or made available to me by City of Palo Alto during the course of my relationship with you.