Growing Recognition of U.S. Electric Grid Threat
The electric industry has long assured the public that it can handle keeping America’s power grid secure and that little change is needed to the status quo. A recent report by USA Today, however, indicates that the current grid security posture is unstable and in need of closer examination. The article illustrates how the electric grid is more vulnerable than the industry portrays it to be.
The USA Today report discusses the extent to which the electric grid is targeted around the country and how industry players have responded. The article points out that the security components meant to protect the U.S. from large-scale power outages are attacked more than once a week, and cyber attacks occur even more frequently. Furthermore, between 2011 and 2014, electric utilities reported 348 physical and 14 cyber attacks to the U.S. Department of Energy. The U.S. Department of Homeland Security (DHS) office that tracks cyber threats indicates an increasing number of cyber incidents – 31 in 2011, 111 in 2012, and 151 in 2013.
The most famous attack against the grid was the Metcalf Substation incident on April 16, 2013. Unidentified attackers orchestrated a sophisticated attack on the Pacific Gas & Electric (PG&E) substation in San Jose, California, which provides power for a large section of northern California, including Silicon Valley. Gunmen shot out 17 large transformers, causing $15 million in damage and PG&E to spend $100 million on security improvements. Very quick thinking by control room operators just prevented a blackout for millions of Americans, which would have had major economic implications.
Despite a high frequency of incidents targeting the grid, only fences and security cameras protect many transformers and other essential equipment. One can see these transformers in the open and can face relatively little resistance from sabotaging them.
Additionally, Jon Wellinghoff, former chairman of the Federal Energy Regulatory Commission (FERC), notes how the grid system is susceptible to a “domino effect,” describing the grid as a “very vulnerable system that will continue to be vulnerable until we figure out a way to break it out into more distributed systems.” Damage to one part will in turn damage another part of the grid, triggering a continuous process. This is because the electric grid is completely interconnected; if one or multiple parts are compromised, the whole system may be compromised.
Lax security, constant risk, and interdependence create an exposed environment where change is needed. After Metcalf, FERC wanted the power industry to write new rules for physical security. The industry created new rules, but its solution is questionable and indicative of a larger problem within the industry.
The new security plan after Metcalf did not give FERC authority to choose which facilities are “critical,” thus giving industry the power to make decisions. Wellinghoff asserted “the lack of authority for FERC ‘could be a loophole that could miss some aspects of the utility infrastructure that are critical.’” In short, many of the same weaknesses still remain.
Wellinghoff’s comment in the wake of Metcalf is a microcosm for the larger jurisdictional dynamic between federal departments and agencies and the industry, especially the latter’s lobby.
The industry lobby – primarily the North American Electric Reliability Corporation (NERC), a nonprofit trade association that lobbies to assure the reliability of the power system, and Edison Electric Institute (EEI), the industry funded lobby/think tank association that represents all U.S. investor-owned electric companies – portrays the grid situation as stable. Scott Aaronson, senior director of national security for EEI, said the nature of identifying what constitutes a threat is subjective and that no cyber attack has ever led to a power outage.
By that logic, the industry can regulate it’s own safety standards despite glaring conflicts of interest that do not exist in the safety regulation of the transportation or agricultural sectors.
Aaronson wants the industry to retain control of electrical grid safety standards and argues that the system is working since no major power outages have occurred after so many attacks.
Beyond EEI, NERC creates standards for the industry while FERC proposes standards and can approve or disapprove them. Therefore, the industry’s trade association is the one setting the rules; the Congressional Research Service described this relationship as “a conflict of interest.”
While the number of grid attacks has increased the past few years, NERC’s enforcement actions against utilities for not following critical infrastructure protection guidelines decreased by 30% from 2013 to 2014. The trade association also issued over $1 million less in penalties for related infractions. NERC president and CEO Gerry Cauley indicates that Fewer penalties may indicate greater adherence to the rules. It is more likely that they indicate weaker enforcement. The process is not open to public scrutiny.
DHS has shown concern over private utilities’ control of grid enforcement. Suzanne Spaulding, Under Secretary for National Protection & Programs Directorate, notes that private utilities control most of America’s critical infrastructure and that the government has very little authority or oversight over the grid.
The electric grid is vulnerable with attacks increasing each year, leaving critical infrastructure potentially open to harm. A successful attack on the grid could have unprecedented consequences, leaving large portions of the U.S. in the dark. The USA Today research suggests that the most fundamental roadblock to hardening the nation’s electrical grid from catastrophic failure is resistance from the privately owned utility lobby.
- Burundi’s Reign of Terror and the Upcoming Presidential Election - May 31, 2015
- Iran’s Goals in Iraq Directly Oppose Those of the United States - May 29, 2015
- No Good Choices in Burundi’s Upcoming Presidential Election - May 28, 2015