Mike’s Blog

GridEx: Is This Exercise Enough to Protect Critical Infrastructures?

GridEx bottom line upfront

GridEx is a biennial exercise run by North American Electric Reliability Corporation (NERC). The latest iteration, GridEx IV, was held on November 15-16, 2017. Most Americans have never heard of GridEx and didn’t even know it was taking place. If fact, most people don’t really have a clear understanding of what “the grid” is and what role NERC (a private not-for-profit corporation) and the federal government play in regulating the grid.

Bottom line up front:

  • GridEx is a voluntary exercise designed to test the grid’s response to large-scale power outages.
  • GridEx lacks transparency – very little public information is available. NERC says: “Due to the sensitive nature of the scenario discussion, this exercise program is not open to the general public or the media. A public report will be available after the exercise concludes.”
  • GridEx is held for two days every two years.
  • Very limited overview reports are available to the public for the last three GridEx exercises. They don’t say much.

GridEx is too little, not often enough and with little transparency. While any exercise involving testing the bulk power system’s capabilities, resilience and response is admirable and seemingly useful, it seems to me that GridEx is the minimum necessary for the bulk power industry to avoid having the federal government step in – which no industry wants.

But is GridEx sufficient to protect the United States from the catastrophic, existential threats to the power grid? Unfortunately, the answer is no.

What is the grid?

NERC GridEx

The bulk power system – or “the grid” – is not really one thing. The grid is actually thousands of companies, both public and private sector, that operate in an interconnected system to facilitate the generation, transmission and distribution of electrical power. The grid is made up of power generation – such as power plants, wind turbines and solar farms, high voltage transmission lines that span long distances across the country and local distribution lines which bring the power from the street to your house.

This interconnected (and vulnerable) patchwork is what allows the United States to support her human population. Everything that enables 325 million people in the country to survive is wholly reliant on the grid. All of our critical infrastructures – food, water, fuel, transportation and medical systems are all 100% dependent on the grid.

How is the grid regulated?

GridEx FERCThe grid is self-regulated (similarly to Wall Street). The federal government under current law can’t tell “the grid” what to do. The North American Electric Reliability Corporation (NERC) is a not-for-profit corporation. It acts as the self-regulatory organization “whose mission is to assure the reliability of the bulk power system (BPS) in North America.” The Federal Energy Regulatory Commission (FERC) is an independent federal agency that regulates the interstate transmission of electricity, natural gas, and oil. FERC’s specific authority over the electric grid is to “oversee the reliability of the bulk power system.” The regulatory scheme of the grid between NERC and FERC is mind-numbingly complex. (Just the way most industries prefer their relationship with the federal government to be.)

The Energy Policy Act of 2005 added Section 215 to the Federal Power Act. This gave FERC the authority to certify an organization as an “Electric Reliability Organization” (ERO) which would develop reliability standards for the industry, subject to FERC’s approval. Yes, you read that right – the industry writes its own reliability standards.

On July 20, 2006, FERC certified NERC as the ERO. Other entities objected and administrative appeals and litigation ensued. Section 215 does give FERC the authority to “upon its own motion or upon complaint, may order the Electric Reliability Organization to submit to the Commission a proposed reliability standard or a modification to a reliability standard that addresses a specific matter if the Commission considers such a new or modified reliability standard appropriate to carry out this section.” In English, FERC can order NERC to develop a particular standard and submit it for FERC’s review and approval, but this again is very time consuming.

Thus, FERC (the government) can’t easily tell NERC (the industry) what to do: There is a convoluted and time consuming rule making process involved. Before FERC can order NERC to take any action, they have to issue a proposed rule, solicit and consider any public comments (including those of the regulated entities and their representatives) and then issue a final rule (which is subject to industry lawsuit). This can take an incredibly long time. In terms of “sausage making” this rule making process is no way to get anything done quickly. A final rule can literally take years to issue. In some contexts, perhaps this regulatory scheme makes sense, but the protection of the grid and the dependent critical infrastructures is a national security issue – an issue of survival for families and the country. But it gets worse.

There is no federal law that says that the grid has to protect itself from hazards and threats. In fact, as previously noted, “itself” is thousands of separate companies that regulate themselves through NERC. Our very survival is dependent on the industry’s willingness to do the right thing. They are not required to do the right thing. This is why, in my estimation, GridEx is the bare minimum that the industry felt they had to do to avoid the government getting off its slow and lumbering buttocks and doing something drastic to protect the grid – and the United States – from catastrophe.

GridEx is not sufficient to protect the United States from Catastrophe

The only thing standing between America and catastrophe are thousands of moving parts, a self-regulatory organization (NERC) and a regulator (FERC) with little actual power to protect us. Moreover, as we saw from the Great Northeast Blackout of 2003, a weakness in one of these thousands of moving parts can have cataclysmic consequences for the whole. In 2003, untrimmed foliage in Ohio started a chain of failures which resulted in a blackout for over 50 million people in the U.S. and Canada.

So, with the United States facing increasing threats from cyberattack, terrorism, electromagnetic pulse (EMP), geomagnetic disturbance (GMD) as well as the traditional threats to the grid, is a biennial (once every two years) two-day voluntary exercise enough? In the last GridEx (2015), only “364 organizations across North America participated in GridEx III, including industry, law enforcement, and government agencies.” 364 organizations out of thousands voluntarily participated.

The public reports from the three past GridEx exercises are not confidence inspiring. They lack detail about how the exercises were conducted. They are all spun to make each exercise seemingly a “success.” All objectives were met. Perhaps they were, but there is not enough detail to really assess how effective these exercises actually were. If you want to decide for yourself, here are the public reports.

In order for GridEx to be more meaningful, here is what should happen.

  • GridEx participation should be mandatory – this is an issue of national security.
  • GridEx should be held annually.
  • “Lessons Learned” should be turned to action items for NERC, FERC and DHS.
  • More information should be available to the public and press – In the GridEx III report, it actually said that they constructed the exercise reporting to thwart Freedom of Information Act requests!
  • The Department of Homeland Security should use this opportunity to implement the provision of the National Defense Authorization Act for FY 2017 that requires DHS to “include in national planning frameworks the threat of an EMP or GMD event.”
  • Congress should insist that the results of future GridEx events be reported to the House and Senate Homeland Security Committees.
  • Finally, local emergency management organizations across the country need to participate.

In sum, I am not against GridEx by any stretch of the imagination. I just think in its present form, GridEx is a paper tiger. And we live in a real jungle.

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone

What is Civil Defense and why don’t we have it?

Civil defense gradually morphed into emergency management.

There are several good documents that give us the history of civil defense in the United States. Here is one from FEMA and here is an interesting manual (FEMA 107) from 1986. (Thank you to the Civil Defense Museum for making this available to us!)

Civil Defense: Why We Need a Congressional ResolutionIt can be hard to parse out the many reasons and policy shifts that gradually moved us from “civil defense” to “emergency management” but today the term “civil defense” has fallen into disuse. Is there a difference? Strictly speaking, perhaps not as the definition and principles of emergency management cover many of the elements of making a community resilient (e.g., civil defense). According to FEMA, the vision is that “emergency management seeks to promote safer, less vulnerable communities with the capacity to cope with hazards and disasters.” The mission is that “Emergency Management protects communities by coordinating and integrating all activities necessary to build, sustain, and improve the capability to mitigate against, prepare for, respond to, and recover from threatened or actual natural disasters, acts of terrorism, or other man-made disasters.”

Civil defense is defined variously as the organization and training of civilians for the protection of lives and property during and after an attack, sabotage or natural disaster. (See Merriam-Webster, Dictionary.com and Collins English Dictionary.)

Arguably, everything in the definition of civil defense can be extrapolated deep within in the mission and vision of emergency management – but are we doing it? Specifically, are we organizing and training civilians to play key roles in a community’s survival?

The fatal flaw of our emergency management system.

The strength of our emergency management system is its ability to call in outside resources. When an incident – be it a structure fire, accident or tornado – overwhelms the local resources, we call in surrounding towns. For a larger regional disaster, like a hurricane or earthquake, we can call in state and federal resources.

We can argue the efficiency of the state or federal responses in particular historical disasters, but generally the system works as advertised in local and regional disasters. This makes incidents like Hurricane Katrina and Hurricane Maria actually “best case scenarios” – best case meaning that outside resources were immediately available to deploy into the disaster area.

However, our emergency management system has one fatal flaw: it always assumes that outside resources will soon be available.

What if the “disaster area” was the United States?

But what happens in a national scale disaster where outside resources are not available and may not be available for a long period of time (like weeks or months)? In this scenario – let’s say a nationwide blackout from a GMD or cyberattack – your town is on its own. All you have is what you have now, and you face immediate life-threatening problems. After one week, there you sit in the EOC, powered by a generator that will soon run out of gas.

  • The power is completely out for the foreseeable future.
  • Your local ham radio operator reports that the entire country is in turmoil.
  • People are panicking – the stores and pharmacies have been looted.
  • The police don’t have the resources to maintain order.
  • Water and sewer service is out. Well pumps don’t work without electricity.
  • People will soon run out of whatever food they have.
  • There are reports of numerous fires – the fire department can’t respond.
  • The medical facilities are overwhelmed, have no power and limited supplies.
  • People are at risk of exposure to the elements and disease.
  • There is no help coming – your town is on its own.

This worst nightmare has become even worse – everybody is looking to you, the emergency manager, for answers. Whether you like it or not, you own this mess.

This worst case scenario could happen. The federal government over the last two decades has studied this issue and held multiple hearings on the existential threat to the U.S. that the loss of the power grid poses. However, no action has been taken to harden the grid from these threats. The only meaningful legislation that has passed, the Critical Infrastructure Protection Act (section 1913 of the NDAA, December 23, 2016) only requires more federal studies and that the Department of Homeland Security “include in national planning frameworks the threat of an EMP or GMD event.” While this is a positive step, it will take years to have an impact.

Q: What are we missing? A: Civil Defense

Take the emergency management vision and mission statements and eliminate any outside resources – just focus on your town or jurisdiction and its inherent capabilities and assets. Your vision becomes the need to promote [a] safer, less vulnerable community with the [internal] capacity to cope with hazards and disasters. Your mission becomes to protect [your] community by coordinating and integrating all [internal] activities necessary to build, sustain, and improve the capability to mitigate against, prepare for, respond to, and recover from threatened or actual natural disasters, acts of terrorism, or other man-made disasters.

Civil Defense LogoWhat we are missing is the “civil defense” component of organizing and training civilians to play key roles in a community’s survival. This is not a new concept. In August of 2012, a bipartisan group in Congress introduced House Resolution 762. The resolution never saw a vote and died with the 112th Congress.

The proposed resolution:

(1) encourages every community to develop its own “civil defense program” working with citizens, leaders, and institutions, ranging from local fire halls, schools, and faith-based organizations, to create sustainable local infrastructure and planning capacity, so that it might mitigate high-impact scenarios and be better prepared to survive and recover from these worst-case disaster scenarios and be better able to affordably and sustainably meet the needs of the community in times of peace and tranquility;

(2) encourages every citizen to develop an individual emergency plan to prepare for the absence of government assistance for extended periods;

(3) encourages each local community to foster the capability of providing at least 20 percent of its own critical needs, such as local power generation, food, and water, while protecting local infrastructure whenever possible from the threats that threaten centralized infrastructure; and to do so with the urgency and importance inherent in an all-of-nation civil defense program developed by citizens and their local communities; and

(4) encourages state governments and federal agencies to support the ability of local communities to become stronger, self-reliant, and better able to assist neighboring communities in times of great need.

I think this resolution speaks for itself, and it is unfortunate that it didn’t pass. However, a good idea does not need to pass Congress to be a good idea.

Your community needs a civil defense plan now

There is an existential threat to your community. We can no longer sit passively while Congress sits passively. If you don’t want to own the worst case scenario, you need to take action. Your community needs a civil defense plan. You can build it from scratch or start with these recommendations.

The basic concept is simple:

  • A civil defense organization in your town can be organized as a 501(c)(3) nonprofit.
  • Focus the organization on planning and education for the basics of survival:
    • Food
    • Water
    • Shelter
    • Security
  • Integrate the civil defense organization into all aspects of your emergency management efforts.

The problems that would threaten your community’s survival have solutions, but only if you act ahead of time. After the power goes out, an army of emergency managers in logo embossed golf shirts and cargo pants can’t help you.

It takes a village. Your village.

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone

Critical Infrastructure Protection – Two Decades of Failure

Why has so little critical infrastructure protection passed congress?

 

I just don’t get it.

I mean, I understand why Congress is struggling on health care and tax reform. The reds and the blues have different opinions and different philosophies and apparently nobody wants to compromise. I get that. It’s the same on a lot of issues, and I understand the inability of Congress to make the sausage in terms of its lack of compromising and sharing. Watching the news out of DC, it seems like we are dealing with a bunch of adults behaving like kindergarteners. I can wrap my head around all of that.

Here is what I don’t get: there is strong bipartisan agreement – and has been for decades – that critical infrastructure protection is needed. Yet, so little has been done.

Despite bipartisan efforts, in the last two decades, there have only been a few laws passed that touch on critical infrastructure protection. All three that I can name came seemingly as “afterthoughts” to the yearly National Defense Authorization Acts (NDAAs). The 2001 NDAA established the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack. The 2016 NDAA extended the EMP Commission until June 30, 2017. (Note that the EMP Commission has now unbelievably been disbanded.) Finally, the 2017 NDAA  implemented the “Critical Infrastructure Protection Act” (CIPA). This is the first meaningful legislation that requires the federal government to do something. It requires that the Department of Homeland Security:

  • Develop and report on “a recommended strategy to protect and prepare the critical infrastructure of the homeland against threats of EMP and GMD.”
  • Conduct “research and development to mitigate the consequences of threats of EMP and GMD.”
  • Identify “the critical utilities and national security assets and infrastructure that are at risk from threats of EMP and GMD.”
  • Conduct “an evaluation of emergency planning and response technologies that would address the findings and recommendations of experts, including those of the Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack, which shall include a review of the feasibility of rapidly isolating one or more portions of the electrical grid from the main electrical grid.”
  • Conduct “an analysis of technology options that are available to improve the resiliency of critical infrastructure to threats of EMP and GMD, including an analysis of neutral current blocking devices that may protect high-voltage transmission lines.”
  • Assess “the restoration and recovery capabilities of critical infrastructure under differing levels of damage and disruption from various threats of EMP and GMD, as informed by the objective scientific analysis conducted under paragraph (1).”
  • Conduct “an analysis of the feasibility of a real-time alert system to inform electrical grid operators and other stakeholders within milliseconds of a high-altitude nuclear explosion.”
  • To “include in national planning frameworks the threat of an EMP or GMD event.”
  • Conduct “outreach to educate owners and operators of critical infrastructure, emergency planners, and emergency response providers at all levels of government regarding threats of EMP and GMD.”

Don’t get me wrong – CIPA is awesome and a long time coming. But experts argue that it could be too little too late. The problem is that it will literally take years for CIPA to have a meaningful impact. It is a great start that will protect us years down the road (if the federal agencies and private sector entities do their jobs). But in the meantime, we are vulnerable. And, don’t expect everybody to trip over themselves over the next few years to protect the grid.

 

“The Grid” Strikes Back

What is “the grid”? The grid is over 3000 companies involved in generation, transmission and distribution of electrical power. “The grid” is not one thing. In fact, in the U.S., there are three “grids” which involve thousands of public and private sector utility companies. The federal government does not regulate “the grid” – it is self-regulated. Hmmm. Self-regulation worked out pretty well on Wall Street in 1929, 1987, 2000 and 2008.

So, the federal government can’t tell “the grid” to harden itself. It can make suggestions. The Federal Energy Regulatory Commission (FERC) can make suggestions to the industry’s “lobbyist” The North American Electric Reliability Corporation (NERC). Remember, NERC’s constituents are companies that are either trying to make a profit (private sector utilities) or at least trying not to lose money (public sector utilities). Convincing NERC to adopt rules requiring its constituents to spend money hardening the grid is a tough sell. “The grid” does not want to be regulated. It enjoys the current slow and lumbering bureaucracy.

I’m not saying that FERC is impotent or that NERC is evil (although I would not argue these points). What I am saying is that critical infrastructure protection is an immediate and exigent national security issue. Threats to the electric grid are existential threats to the United States. What we have needed from Congress for two decades are meaningful and immediate actions – actions that have had two decades of bipartisan support and two decades of failure to act.

 

Two Decades of Critical Infrastructure Protection Failure

I have been researching these issues for years. I have found that there are two decades of hearings, reports and failed legislation to protect the power grid from real and acknowledged threats. What are some of the threats?

  • Weather (e.g., Hurricane Maria in Puerto Rico and the U.S.V.I.)
  • Solar Flare or Geomagnetic disturbance (e.g., Quebec blackout of 1989)
  • Cyber-attack (e.g., Ukraine Blackout of 2015)
  • Terrorism (e.g., Metcalf sniper attack in 2013 and 9/11 Lower Manhattan)
  • Earthquake (e.g., 1989 Loma Prieta quake in California)
  • Pandemic (listed by FERC and DOE as a threat to the power grid)
  • EMP weapon (threatened by North Korea – possible from Russia, China and Iran)
  • Human / computer error (there are numerous examples of this)
  • A tree branch (e.g., Great Northeast Blackout of 2003)

Even if you don’t believe that one or more on this list “could ever happen to us,” it is beyond debate that all have either happened or are possible. So we can all agree that there are threats to the power grid.

Critical Infrastructure ProtectionSo what if the worst happened? According to a March 2017 Senate report, up to 90% of the population of the United States could perish. How is this not a matter of exigent national security? How does this not constitute an existential threat the United States?

Yet, Congress over the last two decades has failed to protect us. Instead, we are at the mercy of “the grid” which has larger concerns (money) than our meager lives and deaths.

 

What Congress Must Do

 

What We Can Do

Make no mistake. Your family’s survival is at stake. We can no longer sit passively while Congress sits passively. We need action to protect our families and communities.

 

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone