CIPA

Critical Infrastructure Protection – Two Decades of Failure

Why has so little critical infrastructure protection passed congress?

 

I just don’t get it.

I mean, I understand why Congress is struggling on health care and tax reform. The reds and the blues have different opinions and different philosophies and apparently nobody wants to compromise. I get that. It’s the same on a lot of issues, and I understand the inability of Congress to make the sausage in terms of its lack of compromising and sharing. Watching the news out of DC, it seems like we are dealing with a bunch of adults behaving like kindergarteners. I can wrap my head around all of that.

Here is what I don’t get: there is strong bipartisan agreement – and has been for decades – that critical infrastructure protection is needed. Yet, so little has been done.

Despite bipartisan efforts, in the last two decades, there have only been a few laws passed that touch on critical infrastructure protection. All three that I can name came seemingly as “afterthoughts” to the yearly National Defense Authorization Acts (NDAAs). The 2001 NDAA established the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack. The 2016 NDAA extended the EMP Commission until June 30, 2017. (Note that the EMP Commission has now unbelievably been disbanded.) Finally, the 2017 NDAA  implemented the “Critical Infrastructure Protection Act” (CIPA). This is the first meaningful legislation that requires the federal government to do something. It requires that the Department of Homeland Security:

  • Develop and report on “a recommended strategy to protect and prepare the critical infrastructure of the homeland against threats of EMP and GMD.”
  • Conduct “research and development to mitigate the consequences of threats of EMP and GMD.”
  • Identify “the critical utilities and national security assets and infrastructure that are at risk from threats of EMP and GMD.”
  • Conduct “an evaluation of emergency planning and response technologies that would address the findings and recommendations of experts, including those of the Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack, which shall include a review of the feasibility of rapidly isolating one or more portions of the electrical grid from the main electrical grid.”
  • Conduct “an analysis of technology options that are available to improve the resiliency of critical infrastructure to threats of EMP and GMD, including an analysis of neutral current blocking devices that may protect high-voltage transmission lines.”
  • Assess “the restoration and recovery capabilities of critical infrastructure under differing levels of damage and disruption from various threats of EMP and GMD, as informed by the objective scientific analysis conducted under paragraph (1).”
  • Conduct “an analysis of the feasibility of a real-time alert system to inform electrical grid operators and other stakeholders within milliseconds of a high-altitude nuclear explosion.”
  • To “include in national planning frameworks the threat of an EMP or GMD event.”
  • Conduct “outreach to educate owners and operators of critical infrastructure, emergency planners, and emergency response providers at all levels of government regarding threats of EMP and GMD.”

Don’t get me wrong – CIPA is awesome and a long time coming. But experts argue that it could be too little too late. The problem is that it will literally take years for CIPA to have a meaningful impact. It is a great start that will protect us years down the road (if the federal agencies and private sector entities do their jobs). But in the meantime, we are vulnerable. And, don’t expect everybody to trip over themselves over the next few years to protect the grid.

 

“The Grid” Strikes Back

What is “the grid”? The grid is over 3000 companies involved in generation, transmission and distribution of electrical power. “The grid” is not one thing. In fact, in the U.S., there are three “grids” which involve thousands of public and private sector utility companies. The federal government does not regulate “the grid” – it is self-regulated. Hmmm. Self-regulation worked out pretty well on Wall Street in 1929, 1987, 2000 and 2008.

So, the federal government can’t tell “the grid” to harden itself. It can make suggestions. The Federal Energy Regulatory Commission (FERC) can make suggestions to the industry’s “lobbyist” The North American Electric Reliability Corporation (NERC). Remember, NERC’s constituents are companies that are either trying to make a profit (private sector utilities) or at least trying not to lose money (public sector utilities). Convincing NERC to adopt rules requiring its constituents to spend money hardening the grid is a tough sell. “The grid” does not want to be regulated. It enjoys the current slow and lumbering bureaucracy.

I’m not saying that FERC is impotent or that NERC is evil (although I would not argue these points). What I am saying is that critical infrastructure protection is an immediate and exigent national security issue. Threats to the electric grid are existential threats to the United States. What we have needed from Congress for two decades are meaningful and immediate actions – actions that have had two decades of bipartisan support and two decades of failure to act.

 

Two Decades of Critical Infrastructure Protection Failure

I have been researching these issues for years. I have found that there are two decades of hearings, reports and failed legislation to protect the power grid from real and acknowledged threats. What are some of the threats?

  • Weather (e.g., Hurricane Maria in Puerto Rico and the U.S.V.I.)
  • Solar Flare or Geomagnetic disturbance (e.g., Quebec blackout of 1989)
  • Cyber-attack (e.g., Ukraine Blackout of 2015)
  • Terrorism (e.g., Metcalf sniper attack in 2013 and 9/11 Lower Manhattan)
  • Earthquake (e.g., 1989 Loma Prieta quake in California)
  • Pandemic (listed by FERC and DOE as a threat to the power grid)
  • EMP weapon (threatened by North Korea – possible from Russia, China and Iran)
  • Human / computer error (there are numerous examples of this)
  • A tree branch (e.g., Great Northeast Blackout of 2003)

Even if you don’t believe that one or more on this list “could ever happen to us,” it is beyond debate that all have either happened or are possible. So we can all agree that there are threats to the power grid.

Critical Infrastructure ProtectionSo what if the worst happened? According to a March 2017 Senate report, up to 90% of the population of the United States could perish. How is this not a matter of exigent national security? How does this not constitute an existential threat the United States?

Yet, Congress over the last two decades has failed to protect us. Instead, we are at the mercy of “the grid” which has larger concerns (money) than our meager lives and deaths.

 

What Congress Must Do

 

What We Can Do

Make no mistake. Your family’s survival is at stake. We can no longer sit passively while Congress sits passively. We need action to protect our families and communities.

 

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone

Civil Defense: Why We Need a Congressional Resolution

Civil Defense: Why We Need It

Here are two undisputed facts:

  1. FACT: The electric grid is extremely vulnerable to a variety of natural and man-made threats.
  2. FACT: A long-term loss of the electric grid would be catastrophic for the U.S.

The Civil Defense Book. Prepping for a Suburban or Rural Community: Building a Civil Defense Plan for a Long-Term CatastropheEverything depends on the electric grid. Food, water, fuel, sanitation, medical services, the economy and everything else that enables the United States to support its population of 314 million people. Without the grid, supporting this population would be impossible.  Any large scale power outage for any significant length of time (several weeks or more) would put millions of Americans at risk. In a long term national power outage, millions of Americans would die. We would die of starvation, disease and societal collapse. A danger of this magnitude threatens the security of the United States.

It is a fact that a long term power outage is possible – and the results of such an outage are predicable.  So there is a third fact to add to our list:

  1. FACT: The electric grid is extremely vulnerable to a variety of natural and man-made threats.
  2. FACT: A long-term loss of the electric grid would be catastrophic for the U.S.
  3. FACT: A danger of this magnitude is a national security concern.

If you are at all skeptical, I encourage you to do your own research. Congress certainly has. There are reams of federal reports and congressional hearings that discuss the threats to the grid and the ramifications of a long-term power outage (click here for a comprehensive list of these documents). 

I have not heard (nor can I imagine) any serious debate about the above three facts.

Despite the heroic efforts of a bi-partisan group in Congress, the U.S. has failed to pass any legislation to protect the electric grid since these vulnerabilities and dangers first started to come to light 15 years ago. There have been many bills introduced – all have failed so far. How is this possible? Well, let’s remember what “the grid” is. There are over 3000 electricity providers in the United States. And these companies and utilities make political contributions. As Judge Jeanine of Fox News recently reported:

There is one bill that can help us prevent this catastrophe and remedy our vulnerability. And make no mistake – it can be remedied.

And one person holds the keys to the kingdom. Congressman Fred Upton from Michigan is the chair of the House Energy Committee where these kind of laws are funneled. Bills that can protect us are bottled up in his committee.

Curiously though, almost 60 percent of Congressman Upton’s campaign contributions are from electric utilities, lobbyists, and oil and gas investors.

Of course the companies that comprise the electric grid don’t want government regulation.  They claim that the industry does not need congress to be involved – in other words they’ve got it (move along, there is nothing to see here.) For example, see this interview by the Wall Street Journal of Nick Akins, CEO of American Electric Power:  

So, the utility companies do not see the need for the government to get involved. But somehow, we are still vulnerable. They have failed to take action themselves to harden the grid from known threats. “Self-regulation” by the industry has failed here.

Moreover, many politicians receive generous campaign contributions from these companies. Draw whatever inference you will, but the end result is that Congress has been unsuccessful for years in enacting legislation to protect the electric grid – and the American people.

So let’s review what we know.

  1. FACT: The electric grid is extremely vulnerable to a variety of natural and man-made threats.
  2. FACT: A long-term loss of the electric grid would be catastrophic for the U.S.
  3. FACT: A danger of this magnitude is a national security concern.
  4. FACT: The companies that comprise the electric grid do not wish to be regulated.
  5. FACT: The companies that comprise the electric grid make substantial campaign contributions.
  6. FACT: Self-regulation by the industry has failed to address the vulnerabilities of the electric grid.
  7. FACT: Congress has not passed legislation to protect the grid.

Some in Congress get it

We still have some heroes in Congress such as Trent Franks (R-AZ), Yvette Clarke (D-NY) and the other members of the bi-partisan Congressional Electromagnetic Pulse (EMP) Caucus who have introduced the SHIELD Act and CIPA in the House. There are also Rep. Henry Waxman (D-CA) and Sen. Edward Markey (D-MA) who reintroduced the GRID Act into the House and Senate.

There are presently four bills pending in congress this session – three in the house and one in the Senate: 

Two of these bills would actually attempt to harden the grid from the known threats (the SHIELD Act and the GRID Act). One bill would simply include the threat of EMP (electromagnetic pulse) events in national planning scenarios (CIPA).

There are two possible outcomes:

  1. Congress will pass one or more of these bills (unlikely, in my view)
  2. Congress will again fail to pass any legislation (likely, in my view)

Even if legislation is passed this session, it would take years to actually harden the grid and actually be prepared on a national level for a long term power outage. The president’s ink on the bottom of the bill turning it into law does not immediately harden the grid. It could take years for regulations to be written, implemented and concrete results to take place. Remember, the utilities do not want to be regulated and will work vehemently to delay and soften any regulations that may come in the future from a new law. They are well organized. The same apparatus that opposed legislation for years will continue to resist. We can rest assured that the North American Electric Reliability Corporation (NERC), as the mouth piece of the electric industry, will work tirelessly to oppose, delay and soften regulations.

And that is the best case scenario! While we badly need this legislation in the interest of national security, it will not be an instant fix.

On the other hand, there is a strong possibility that legislation will not pass and America (and all of us) will remain at substantial risk to natural and man-made threats to the electric grid – threats that literally could kill us by the thousands and millions.

Does anybody think that the electric company is going to take care of you and your family if the grid gets taken down long term? Since the federal and state governments do not even drill for such a scenario (the purpose of the CIPA Act), we are unprepared as a nation to deal with a catastrophe of this magnitude.

Civil Defense: Why We Need a Congressional ResolutionThe fatal flaw in our emergency management system is that it depends on the ability to bring in outside resources if the scope of the emergency overwhelms the local capabilities. The problem is, in a national scale emergency where a large part of the country is in trouble at the same time, where are the resources going to come from? Who’s going to deliver them?  

This means that if the grid goes down for a long period of time, federal and state aid will not be coming any time soon to the tens of thousands of cities and towns across America. FEMA does not have a plan, or the capability, to helicopter in MREs, fuel, medicine and water to over 30,000 towns and cities (or even a fraction of that number).

Survival will be a local issue. The cavalry will not be coming.

So let’s add two final facts to our list:

  1. FACT: The electric grid is extremely vulnerable to a variety of natural and man-made threats.
  2. FACT: A long-term loss of the electric grid would be catastrophic for the U.S.
  3. FACT: A danger of this magnitude is a national security concern.
  4. FACT: The companies that comprise the electric grid do not wish to be regulated.
  5. FACT: The companies that comprise the electric grid make substantial campaign contributions.
  6. FACT: Self-regulation by the industry has failed to address the vulnerabilities of the electric grid.
  7. FACT: Congress has not passed legislation to protect the grid.
  8. FACT: The federal and state governments are unprepared for a national scale loss of the electric grid.
  9. FACT: In a national scale power outage, local governments (towns and cities) will be on their own for a long period of time.

This brings me to what I really want to say. We need legislation to protect the grid, but we also need our communities to be prepared, self-reliant and resilient.

We need a civil defense resolution from Congress

Perhaps my all-time favorite piece of failed legislation is House Resolution 762 (112th Congress).   It was one of the major inspirations for my book and I’ve written about it here on my website.

Communities need to be aware of the threat (which most are not) and work to be prepared and resilient. I would venture to guess that very few – if any – communities in the United States are prepared for a long term loss of our critical infrastructures.

A House Resolution that encourages communities to have a civil defense plan and to prepare for a worst case scenario is critical to those of us at the grass roots level who are trying to accomplish this. Presently, Emergency Managers across the country believe that outside resources will always be available to help “the disaster area.” Since we have never had a national-scale catastrophe, such as a long-term loss of the electric grid, nobody is planning for it. Nobody is prepared for it. Nobody is even thinking about it. The very strength of our present emergency management system is also a critical weakness: It only works when there are outside resources to call in. (I wrote about this here.

We need a civil defense Congressional Resolution to get the attention of our local governments and local emergency managers that a national scale catastrophe is a realistic scenario and it is the local communities that will be holding the bag if the grid goes down long term. (They really need to think about putting some long term preparedness and resilience in that bag.)

Note to Mr. Franks, Ms. Clarke and the House EMP Caucus:

Reintroducing and passing a resolution like the 112th Congress’ H. Res 762 is critical: While it won’t harden the grid, it will harden the country. Moreover, as communities start to think about how they can prepare for a long-term catastrophe, there is sure to be an outcry to Congress and the federal government to protect the grid so this never happens to begin with.

But if somehow it does happen, we need our communities to be prepared if America is to survive.

Civil Defense: Why We Need a Congressional Resolution

Yvette Clarke (D-NY)

Civil Defense: Why We Need a Congressional Resolution

Rep. Trent Franks (R-AZ)

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone

The Critical Infrastructure Protection Act (H.R. 3410) Introduced October 30, 2013

On October 30, 2013 Representative Trent Franks introduced a new bill: The Critical Infrastructure Protection Act (H.R. 3410)

On October 30, 2013 Representative Trent Franks introduced a new bill: The Critical Infrastructure Protection Act (or “CIPA”) (H.R. 3410 – read it here). The bill was co-sponsored by Representative Pete Sessions. The bill was referred to the House Committee on Homeland Security. If the history of grid protection legislation is any indication, the bill may die in committee like all the others. In a statement, Mr. Franks said:

“The Department of Homeland Security has the specific responsibility to secure the key resources and critical infrastructure in the United States, to include power production, generation and distribution systems. Yet, eleven years after this job description was enacted our nation’s most critical infrastructure – and the systems that more than 300 Million Americans depend upon every day for basic activities – are still very vulnerable to large scale blackouts.”

The Critical Infrastructure Protection Act bill is short and sweet. All it would do is require the Department of Homeland Security (DHS) to:

  1. Include the threat of EMP (electromagnetic pulse) events in national planning scenarios;
  2. Educate owners and operators of critical infrastructure, emergency planners, and emergency responders at all levels of government of the threat of EMP events;
  3. Conduct research and development to mitigate the consequences of EMP events;
  4. Prepare and submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a comprehensive plan to protect and prepare the critical infrastructure of the American homeland against EMP events, including  from acts of terrorism;
  5. Finally, to update this plan twice a year and submit the updates to the Committee.

The bill would require the Department of Homeland Security to report back to Congress on their progress 180 days after the law is enacted.

This bill, in my opinion, represents the absolute minimum necessary action that the DHS needs to take.

There have been several attempts by a bi-partisan group of House Representatives to do something about the threats to the power grid prior to this – all the previous attempts in previous sessions of Congress have died in committee. Presently, there are two active bills before the house. This one and the more comprehensive H.R. 2417 Secure High-voltage Infrastructure for Electricity from Lethal Damage (SHIELD Act), which was introduced (and referred to committee) on June 18, 2013.

Most Americans are unaware of these efforts by a few bi-partisan members of congress to protect our vulnerable electric grid. Most Americans are unaware that the treats to the electric grid are varied and real. (In addition to EMP, we need to worry about cyber attacks, physical attacks against facilities, and just a good ol’ fashioned cascading failure of our aging grid such as those we have seen in past regional outages.)

Finally, Most Americans are unaware that tens of millions of Americans will die if the electric grid goes down for a long period of time – a frighteningly plausible scenario. But these threats and consequences are real and well documented by the federal government (see the reports here).

What can we do? If the thought of millions of Americans being at risk due to the inaction of our federal government is unacceptable to you, take action:

1)     Tell your House Representatives to support these two bills: H.R. 2417 Secure High-voltage Infrastructure for Electricity from Lethal Damage (SHIELD Act), 113th Congress (introduced June 18, 2013) and H.R. 3410 To amend the Homeland Security Act of 2002 to secure critical infrastructure against electromagnetic pulses, and for other purposes. 113th Congress (October 30, 2013).

2)     Tell your state legislature to look at what the State of Maine has done to protect their infrastructure and follow suit. The State of Maine is the only state thus far to take the matter into their own hands by passing LD 131.

3)     Don’t wait for the federal government to act – prepare your town in the manner described by House Resolution 762 – 112th Congress. Nobody is coming to help your town in a national catastrophe – your town will need to help itself.

It is time that we citizens demand action on these threats to our very existence.

Share the knowledge...Tweet about this on TwitterShare on FacebookShare on LinkedInPin on PinterestShare on Google+Email this to someone