Grid Protection

Threats to the Electric Grid and the Sense of Congress

Bipartisan agreement about threats to the electric grid

Threats to the Electric Grid

Rep. Yvette Clarke (D-NY)

There has been little bipartisan agreement in Congress about anything in the last decade. Healthcare, taxes, the budget – you name it, they disagree on it. There is one glaring exception: The threats to the electric grid from a variety of man-made and natural threats. They all seem to agree on that, but for some reason have come up with little legislation to actually protect it.

To be fair, Congress did finally pass the language of the Critical Infrastructure Protection Act (CIPA) in section 1913 of the National Defense Authorization Act for Fiscal Year 2017 (NDAA). But this legislation, while important, does not actually harden the electric grid. It orders more studies (and we already have two decades of studies), and perhaps most importantly, it requires the Department of Homeland Security to “include in national planning frameworks the threat of an EMP or GMD event.” While this is a critical step, it could take years for this to filter down have an impact on preparedness of communities for a catastrophic event.

Threats to the Electric Grid

Rep. Trent Franks

Also, hopefully, if the NDAA for 2018 (H.R. 2810: National Defense Authorization Act for Fiscal Year 2018) is signed by the President, section 1691 would reestablish the “Commission to Assess the Threat to the United States From Electromagnetic Pulse Attacks and Similar Events.” The previous EMP commission was allowed to expire this year and reestablishing it is another positive step – but again, a step that could take years to actually address threats to the electric grid in a concrete way.

The problem is, we need action now. If there was a nationwide power outage due to a cyber-attack, GMD, EMP or any other cause, we are not ready and we have no plan. We won’t be ready a month from now or two years from now.

Even if comprehensive legislation to protect and harden the grid was passed today, it could take years for adequate protection to actually happen. The rule making process is complex and time consuming. The thousands of companies that comprise “the grid” aren’t going to be able to immediately press a button and give us a hardened grid – meaningful action to address threats to the electric grid will take time – perhaps years. And, there is no such comprehensive legislation currently pending anyway.

So notwithstanding the above positive developments, what we have today is a country that is still vulnerable to existential threats that would kill millions of Americans.

The sense of Congress: failed bipartisan efforts to address threats to the electric grid

I’d like to highlight a few of the current bipartisan efforts – both House and Senate – which have keyed into this issue and, to their credit, tried to protect us. (For a comprehensive study of documents, click here.)

Senate

• Senator Ron Johnson (R-WI), chairman of the Senate Homeland Security and Governmental Affairs Committee has been vocal about threats to the electric grid [http://www.washingtonexaminer.com/top-senator-electric-grid-at-risk-of-attack-would-disrupt-our-way-of-life/article/2635772].

House of Representatives

These are just a few recent examples – I can show you (click here) two decades of other examples. It is clear that there is bipartisan agreement and concern about the threats to the electric grid.

So what’s the problem in getting grid protecting legislation passed? Good question and I wish I had an easy answer. For some reason, a top-down solution from Congress has been elusive.

Perhaps we need a bottom-up solution

Let me go back to a bipartisan effort in 2012. This was, in my opinion, the most important piece of failed legislation – and it was only a resolution – not even a proposed law. Maybe best way of addressing threats to the electric grid isn’t a top-down approach. If for whatever reason, Congress can’t do that (and for two decades they have tried), perhaps there is another way: from the bottom-up.

If individuals and communities were more resilient, the threats to the electric grid can be mitigated. In other words, the reason that millions of people will die if the grid goes down for a long period of time is because we are not ready. We are not resilient. We are 100% dependent on the electric grid for everything that makes life possible – food, water, fuel, transportation, medical systems, etc.

What if we made communities in America more resilient? What if communities across America were thinking about and planning for survival in a worst case scenario? Believe it or not, there is a lot that a community can do to prepare and mitigate – even if we can’t depend on the federal or state government to save us.

Threats to the Electric GridA bipartisan group in the 112th Congress thought of this. On August 2, 2012 Rep. Roscoe Bartlett (R-MD) along with Rep. Trent Franks (R-AZ), Rep. Yvette Clarke (D-NY) and Rep. Hank Johnson Jr. (D-GA) introduced H. Res. 762: Expressing the sense of the House of Representatives regarding community-based civil defense and power generation.

This resolution, if passed, would have told communities across America that they need to be prepared to be on their own for a long period of time without outside help in the event of a “nationwide collapse of critical infrastructure that could last months or longer.” It further:

(1) encourages every community to develop its own “civil defense program” working with citizens, leaders, and institutions ranging from local fire halls, schools, and faith-based organizations, to create sustainable local infrastructure and planning capacity so that it might mitigate high-impact scenarios and be better prepared to survive and recover from these worst-case disaster scenarios and be better able to affordably and sustainably meet the needs of the community in times of peace and tranquility;

(2) encourages every citizen to develop an individual emergency plan to prepare for the absence of government assistance for extended periods;

(3) encourages each local community to foster the capability of providing at least 20 percent of its own critical needs such as local power generation, food, and water, while protecting local infrastructure whenever possible from the threats that threaten centralized infrastructure, and do so with the urgency and importance inherent in an all-of-nation civil defense program developed by citizens and their local communities; and

(4) encourages State governments and Federal agencies to support the ability of local communities to become stronger, self-reliant, and better able to assist neighboring communities in times of great need.

The reason that this is such an important resolution is that we can’t wait years for a top-down solution that may or may not ever come. (After two decades of Congressional failure to protect the electric grid many of us have our doubts.) Unfortunately, H. Res. 762 was never acted upon and is now buried in the annals of failed legislation. Few people even know that it exists.

We can start protecting our communities now. A Congressional resolution like H. Res. 762 would wake many communities up to the facts. Presently, most, if not all, communities, towns and cities across America believe that if something bad happens, somebody (e.g., the federal or state government) will come and rescue them. The fact is, in a national scale disaster, communities will be on their own. The cavalry will not be coming.

Emergency preparedness begins with individuals and families – then communities, towns and cities. We can no longer sit idly by while Congress sits idly by.

Congress: if you want to protect America against threats to the electric grid, let’s start from the bottom-up. Reintroduce, and pass, a Congressional resolution “expressing the sense of [Congress] regarding community-based civil defense and power generation.”

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone

GridEx: Is This Exercise Enough to Protect Critical Infrastructures?

GridEx bottom line upfront

GridEx is a biennial exercise run by North American Electric Reliability Corporation (NERC). The latest iteration, GridEx IV, was held on November 15-16, 2017. Most Americans have never heard of GridEx and didn’t even know it was taking place. If fact, most people don’t really have a clear understanding of what “the grid” is and what role NERC (a private not-for-profit corporation) and the federal government play in regulating the grid.

Bottom line up front:

  • GridEx is a voluntary exercise designed to test the grid’s response to large-scale power outages.
  • GridEx lacks transparency – very little public information is available. NERC says: “Due to the sensitive nature of the scenario discussion, this exercise program is not open to the general public or the media. A public report will be available after the exercise concludes.”
  • GridEx is held for two days every two years.
  • Very limited overview reports are available to the public for the last three GridEx exercises. They don’t say much.

GridEx is too little, not often enough and with little transparency. While any exercise involving testing the bulk power system’s capabilities, resilience and response is admirable and seemingly useful, it seems to me that GridEx is the minimum necessary for the bulk power industry to avoid having the federal government step in – which no industry wants.

But is GridEx sufficient to protect the United States from the catastrophic, existential threats to the power grid? Unfortunately, the answer is no.

What is the grid?

NERC GridEx

The bulk power system – or “the grid” – is not really one thing. The grid is actually thousands of companies, both public and private sector, that operate in an interconnected system to facilitate the generation, transmission and distribution of electrical power. The grid is made up of power generation – such as power plants, wind turbines and solar farms, high voltage transmission lines that span long distances across the country and local distribution lines which bring the power from the street to your house.

This interconnected (and vulnerable) patchwork is what allows the United States to support her human population. Everything that enables 325 million people in the country to survive is wholly reliant on the grid. All of our critical infrastructures – food, water, fuel, transportation and medical systems are all 100% dependent on the grid.

How is the grid regulated?

GridEx FERCThe grid is self-regulated (similarly to Wall Street). The federal government under current law can’t tell “the grid” what to do. The North American Electric Reliability Corporation (NERC) is a not-for-profit corporation. It acts as the self-regulatory organization “whose mission is to assure the reliability of the bulk power system (BPS) in North America.” The Federal Energy Regulatory Commission (FERC) is an independent federal agency that regulates the interstate transmission of electricity, natural gas, and oil. FERC’s specific authority over the electric grid is to “oversee the reliability of the bulk power system.” The regulatory scheme of the grid between NERC and FERC is mind-numbingly complex. (Just the way most industries prefer their relationship with the federal government to be.)

The Energy Policy Act of 2005 added Section 215 to the Federal Power Act. This gave FERC the authority to certify an organization as an “Electric Reliability Organization” (ERO) which would develop reliability standards for the industry, subject to FERC’s approval. Yes, you read that right – the industry writes its own reliability standards.

On July 20, 2006, FERC certified NERC as the ERO. Other entities objected and administrative appeals and litigation ensued. Section 215 does give FERC the authority to “upon its own motion or upon complaint, may order the Electric Reliability Organization to submit to the Commission a proposed reliability standard or a modification to a reliability standard that addresses a specific matter if the Commission considers such a new or modified reliability standard appropriate to carry out this section.” In English, FERC can order NERC to develop a particular standard and submit it for FERC’s review and approval, but this again is very time consuming.

Thus, FERC (the government) can’t easily tell NERC (the industry) what to do: There is a convoluted and time consuming rule making process involved. Before FERC can order NERC to take any action, they have to issue a proposed rule, solicit and consider any public comments (including those of the regulated entities and their representatives) and then issue a final rule (which is subject to industry lawsuit). This can take an incredibly long time. In terms of “sausage making” this rule making process is no way to get anything done quickly. A final rule can literally take years to issue. In some contexts, perhaps this regulatory scheme makes sense, but the protection of the grid and the dependent critical infrastructures is a national security issue – an issue of survival for families and the country. But it gets worse.

There is no federal law that says that the grid has to protect itself from hazards and threats. In fact, as previously noted, “itself” is thousands of separate companies that regulate themselves through NERC. Our very survival is dependent on the industry’s willingness to do the right thing. They are not required to do the right thing. This is why, in my estimation, GridEx is the bare minimum that the industry felt they had to do to avoid the government getting off its slow and lumbering buttocks and doing something drastic to protect the grid – and the United States – from catastrophe.

GridEx is not sufficient to protect the United States from Catastrophe

The only thing standing between America and catastrophe are thousands of moving parts, a self-regulatory organization (NERC) and a regulator (FERC) with little actual power to protect us. Moreover, as we saw from the Great Northeast Blackout of 2003, a weakness in one of these thousands of moving parts can have cataclysmic consequences for the whole. In 2003, untrimmed foliage in Ohio started a chain of failures which resulted in a blackout for over 50 million people in the U.S. and Canada.

So, with the United States facing increasing threats from cyberattack, terrorism, electromagnetic pulse (EMP), geomagnetic disturbance (GMD) as well as the traditional threats to the grid, is a biennial (once every two years) two-day voluntary exercise enough? In the last GridEx (2015), only “364 organizations across North America participated in GridEx III, including industry, law enforcement, and government agencies.” 364 organizations out of thousands voluntarily participated.

The public reports from the three past GridEx exercises are not confidence inspiring. They lack detail about how the exercises were conducted. They are all spun to make each exercise seemingly a “success.” All objectives were met. Perhaps they were, but there is not enough detail to really assess how effective these exercises actually were. If you want to decide for yourself, here are the public reports.

In order for GridEx to be more meaningful, here is what should happen.

  • GridEx participation should be mandatory – this is an issue of national security.
  • GridEx should be held annually.
  • “Lessons Learned” should be turned to action items for NERC, FERC and DHS.
  • More information should be available to the public and press – In the GridEx III report, it actually said that they constructed the exercise reporting to thwart Freedom of Information Act requests!
  • The Department of Homeland Security should use this opportunity to implement the provision of the National Defense Authorization Act for FY 2017 that requires DHS to “include in national planning frameworks the threat of an EMP or GMD event.”
  • Congress should insist that the results of future GridEx events be reported to the House and Senate Homeland Security Committees.
  • Finally, local emergency management organizations across the country need to participate.

In sum, I am not against GridEx by any stretch of the imagination. I just think in its present form, GridEx is a paper tiger. And we live in a real jungle.

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone

Critical Infrastructure Protection – Two Decades of Failure

Why has so little critical infrastructure protection passed congress?

 

I just don’t get it.

I mean, I understand why Congress is struggling on health care and tax reform. The reds and the blues have different opinions and different philosophies and apparently nobody wants to compromise. I get that. It’s the same on a lot of issues, and I understand the inability of Congress to make the sausage in terms of its lack of compromising and sharing. Watching the news out of DC, it seems like we are dealing with a bunch of adults behaving like kindergarteners. I can wrap my head around all of that.

Here is what I don’t get: there is strong bipartisan agreement – and has been for decades – that critical infrastructure protection is needed. Yet, so little has been done.

Despite bipartisan efforts, in the last two decades, there have only been a few laws passed that touch on critical infrastructure protection. All three that I can name came seemingly as “afterthoughts” to the yearly National Defense Authorization Acts (NDAAs). The 2001 NDAA established the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack. The 2016 NDAA extended the EMP Commission until June 30, 2017. (Note that the EMP Commission has now unbelievably been disbanded.) Finally, the 2017 NDAA  implemented the “Critical Infrastructure Protection Act” (CIPA). This is the first meaningful legislation that requires the federal government to do something. It requires that the Department of Homeland Security:

  • Develop and report on “a recommended strategy to protect and prepare the critical infrastructure of the homeland against threats of EMP and GMD.”
  • Conduct “research and development to mitigate the consequences of threats of EMP and GMD.”
  • Identify “the critical utilities and national security assets and infrastructure that are at risk from threats of EMP and GMD.”
  • Conduct “an evaluation of emergency planning and response technologies that would address the findings and recommendations of experts, including those of the Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack, which shall include a review of the feasibility of rapidly isolating one or more portions of the electrical grid from the main electrical grid.”
  • Conduct “an analysis of technology options that are available to improve the resiliency of critical infrastructure to threats of EMP and GMD, including an analysis of neutral current blocking devices that may protect high-voltage transmission lines.”
  • Assess “the restoration and recovery capabilities of critical infrastructure under differing levels of damage and disruption from various threats of EMP and GMD, as informed by the objective scientific analysis conducted under paragraph (1).”
  • Conduct “an analysis of the feasibility of a real-time alert system to inform electrical grid operators and other stakeholders within milliseconds of a high-altitude nuclear explosion.”
  • To “include in national planning frameworks the threat of an EMP or GMD event.”
  • Conduct “outreach to educate owners and operators of critical infrastructure, emergency planners, and emergency response providers at all levels of government regarding threats of EMP and GMD.”

Don’t get me wrong – CIPA is awesome and a long time coming. But experts argue that it could be too little too late. The problem is that it will literally take years for CIPA to have a meaningful impact. It is a great start that will protect us years down the road (if the federal agencies and private sector entities do their jobs). But in the meantime, we are vulnerable. And, don’t expect everybody to trip over themselves over the next few years to protect the grid.

 

“The Grid” Strikes Back

What is “the grid”? The grid is over 3000 companies involved in generation, transmission and distribution of electrical power. “The grid” is not one thing. In fact, in the U.S., there are three “grids” which involve thousands of public and private sector utility companies. The federal government does not regulate “the grid” – it is self-regulated. Hmmm. Self-regulation worked out pretty well on Wall Street in 1929, 1987, 2000 and 2008.

So, the federal government can’t tell “the grid” to harden itself. It can make suggestions. The Federal Energy Regulatory Commission (FERC) can make suggestions to the industry’s “lobbyist” The North American Electric Reliability Corporation (NERC). Remember, NERC’s constituents are companies that are either trying to make a profit (private sector utilities) or at least trying not to lose money (public sector utilities). Convincing NERC to adopt rules requiring its constituents to spend money hardening the grid is a tough sell. “The grid” does not want to be regulated. It enjoys the current slow and lumbering bureaucracy.

I’m not saying that FERC is impotent or that NERC is evil (although I would not argue these points). What I am saying is that critical infrastructure protection is an immediate and exigent national security issue. Threats to the electric grid are existential threats to the United States. What we have needed from Congress for two decades are meaningful and immediate actions – actions that have had two decades of bipartisan support and two decades of failure to act.

 

Two Decades of Critical Infrastructure Protection Failure

I have been researching these issues for years. I have found that there are two decades of hearings, reports and failed legislation to protect the power grid from real and acknowledged threats. What are some of the threats?

  • Weather (e.g., Hurricane Maria in Puerto Rico and the U.S.V.I.)
  • Solar Flare or Geomagnetic disturbance (e.g., Quebec blackout of 1989)
  • Cyber-attack (e.g., Ukraine Blackout of 2015)
  • Terrorism (e.g., Metcalf sniper attack in 2013 and 9/11 Lower Manhattan)
  • Earthquake (e.g., 1989 Loma Prieta quake in California)
  • Pandemic (listed by FERC and DOE as a threat to the power grid)
  • EMP weapon (threatened by North Korea – possible from Russia, China and Iran)
  • Human / computer error (there are numerous examples of this)
  • A tree branch (e.g., Great Northeast Blackout of 2003)

Even if you don’t believe that one or more on this list “could ever happen to us,” it is beyond debate that all have either happened or are possible. So we can all agree that there are threats to the power grid.

Critical Infrastructure ProtectionSo what if the worst happened? According to a March 2017 Senate report, up to 90% of the population of the United States could perish. How is this not a matter of exigent national security? How does this not constitute an existential threat the United States?

Yet, Congress over the last two decades has failed to protect us. Instead, we are at the mercy of “the grid” which has larger concerns (money) than our meager lives and deaths.

 

What Congress Must Do

 

What We Can Do

Make no mistake. Your family’s survival is at stake. We can no longer sit passively while Congress sits passively. We need action to protect our families and communities.

 

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone