Grid Security Now!

Grid Security Now!

Michael Mabee – Author of The Civil Defense Book

Menu
  • Home
  • Library
    • Grid Security Library
      • Government Documents on Grid Security
      • OE-417 Electric Disturbance Events Database
      • CIP Violation Database
      • Database of Chinese Transformers and Equipment in the U.S. Electric Grid
      • Why Haven’t We Secured the Grid?
      • What is the Electric Grid and How is it Regulated?
      • Grid Protection Posts
      • Video (EMP and Grid Security)
    • Civil Defense Library
      • The cavalry is not coming
      • Civil Defense Posts
      • Video (Preparedness)
      • Civil Defense Checklists
  • In the Press
  • Take Action!
  • Fund The Fight!
  • About Me
    • About Michael
    • Interviews – Michael Mabee
    • Subscribe to Mike’s Blog
    • Contact Me
  • My Book
Menu
60 Minutes

60 Minutes – How secure is America’s electric grid?

Posted on February 28, 2022March 3, 2022 by Michael Mabee

60 Minutes Tackles Lack of Grid Security

On February 27, 2022, 60 Minutes Journalist Bill Whitaker reported on the disturbing lack of physical security requirements for the electric grid. Watch the full report here:

This report was produced by Graham Messick and Jack Weingart .

People interviewed:

  • Jon Wellinghoff, former FERC Chairman
  • Granger Morgan, Carnegie Mellon University
  • Michael Mabee, GridSecurityNow.org
  • Dr. Liz Sherwood-Randall, White House Homeland Security Advisor
  • Anne Neuberger White House Deputy National Security Advisor, Cyber & Emerging Tech, National Security Council

One of the remarkable admissions by the government was when Dr. Sherwood-Randall said:

“In my view as the government, we can’t impose the regulations you’re suggesting.”

Exactly. The problem is that the electric utility industry is self-regulated. They do not want to add security “requirements” themselves. Meanwhile, the government thinks it does not have the authority to mandate requirements. Historically the industry fights any push for legislation giving government the authority to issue requirements.

So what needs to be done? Here is my October 28, 2021 letter to the Office of the National Cyber Director in which I outline steps that we need to immediately take:

What Congress must do at the Administration’s urging:

  1. Congress must enact legislation mandating that reasonably prudent actions on cybersecurity, physical security, EMP/GMD protective measures and hardening for severe weather events be taken by all entities, public or private sector, that are part of the critical electric infrastructure. These measures must be certified periodically by the Chief Executive Officer of each such critical electric infrastructure entity.[10]
    • The Chief Executive Officer of each such critical electric infrastructure entity must be required to certify periodically to the Department of Energy (DOE) and the Department of Homeland Security (DHS) that they have reasonably prudent cybersecurity measures in place that have been reviewed and approved by the Chief Executive Officer of the entity.[11]
    • The Chief Executive Officer of each such critical electric infrastructure entity must be required to certify periodically to DOE and DHS that they have reasonably prudent physical security measures in place that have been reviewed and approved by the Chief Executive Officer of the entity.
    • The Chief Executive Officer of each such critical electric infrastructure entity must be required to certify periodically to DOE and DHS that they have reasonably prudent EMP/GMD measures in place that have been reviewed and approved by the Chief Executive Officer of the entity.
    • The Chief Executive Officer of each such critical electric infrastructure company must be required to certify periodically to DOE and DHS that they have reasonably prudent extreme weather hardening measures in place that have been reviewed and approved by the Chief Executive Officer of the entity.
  2. There must be civil and criminal penalties for false certification or failure to submit such certifications.
  3. These certifications should be made available to the public as well as state and federal authorities.

Photos from the 60 Minutes shoot in Texas:

60 Minutes

60 Minutes

Bill Whitaker and Michael Mabee

 

Bill Whitaker and Michael Mabee

Photo Credits: 60 Minutes

Self-taught U.S. electric grid expert Mike Mabee says he is both fascinated and horrified by the grid. Based on his analysis of Department of Energy data, “in the past decade there have been over 700 physical attacks against the U.S. electric grid.” https://t.co/uQaKkYJpwv pic.twitter.com/BXBb0kh82i

— 60 Minutes (@60Minutes) February 28, 2022

Transcript of Report:

(From 60 Minutes Website)

Ukrainians are facing the prospect of massive power outages, as Russian forces fight for control of areas that house vital parts of Ukraine’s electric grid. If Moscow shuts down the grid, millions could be left without light, heat, refrigeration, water, phones and internet. The White House is monitoring our own critical infrastructure after two Department of Homeland Security warnings last month about threats to our grid. One noted Russia has proven its ability to use cyber attacks to shut down electric grids, and “compromised U.S. energy networks.” We’ve been looking at the grid for months and were surprised to learn how vulnerable it is, and how often it’s deliberately targeted. One attack, nine years ago, was a wake-up call for industry and government.

On the night of April 16, 2013, a mysterious incident south of San Jose marked the most serious attack on our power grid in history.

For 20 minutes, gunmen methodically fired at high voltage transformers at the Metcalf Power substation. Security cameras captured bullets hitting the chain link fence.

Jon Wellinghoff: They knew what they were doing. They had a specific objective. They wanted to knock out the substation.

At the time, Jon Wellinghoff was chairman of FERC, the Federal Energy Regulatory Commission, a small government agency with jurisdiction over the U.S. high voltage transmission system.

Bill Whitaker: You were concerned enough that you flew out there?

Jon Wellinghoff: That’s correct. And I took two other individuals who train special forces, U.S. special forces. They train people to actually attack infrastructure.

gridscreengrabs01.jpg
  Jon Wellinghoff

And what the former commandos found looked familiar. They discovered the attackers had reconnoitered the site and marked firing positions with piles of rocks. That night they broke into two underground vaults and cut off communications coming from the substation.

Jon Wellinghoff: Then they went from these vaults, across this road, over into a pasture area here. There were at least four or five different firing positions.

Bill Whitaker: No real security?

Jon Wellinghoff: There was no security at all, really.

They aimed at the narrow cooling fins, causing 17 of 21 large transformers to overheat and stop working.

Jon Wellinghoff: They hit them 90 times, so they were very accurate. And they were doing this at night, with muzzle flash in their face.

Someone outside the plant heard gunfire and called 911. The gunmen disappeared without a trace about a minute before a patrol car arrived. The substation was down for weeks, but fortunately PG&E had enough time to reroute power and avoid disaster.

Bill Whitaker: If they had succeeded, what would’ve happened?

Jon Wellinghoff: Could’ve brought down all of Silicon Valley.

Bill Whitaker: We’re talking Google, Apple; all these guys–

Jon Wellinghoff: Yes, yes. That’s correct.

Bill Whitaker: Who do you think this could have been?

Jon Wellinghoff: I don’t know. We don’t know if they were a nation state. We don’t know if they were domestic actors. But it was somebody who did have competent people who could in fact plan out this kind of a very sophisticated attack.

The grid is a sprawling target. There are actually three in the U.S.: the eastern, western and Texas has its own. Most of us rarely notice substations. There are 55,000 across the country, each housing transformers, the workhorses of the grid. Inside these massive metal boxes, raw electricity is converted to higher or lower voltages.

Should a transformer explode, like this one in Manhattan during Superstorm Sandy, the system is designed to trigger a localized, grid-preserving blackout. But if several sections of the grid go down at the same time, the shutdowns can cascade like dominoes. That’s what set off the great Northeast Blackout in 2003, leaving 45 million Americans without power. A few months before the assault on Metcalf, Jon Wellinghoff of FERC commissioned a study to see if a physical attack on critical transformers could trigger cascading blackouts.

Jon Wellinghoff: It was actually a very shocking result to us that there’s very few number of substations you need to take out, in the entire United States, to knock out the entire grid.

Bill Whitaker: Knock out the entire grid?

Jon Wellinghoff: That’s correct.

Bill Whitaker: How many would it take to knock out putting the entire country in a blackout?

Jon Wellinghoff: Less than 20.

The report was leaked to the Wall Street Journal. It found the U.S. could suffer a coast-to-coast blackout if saboteurs knocked out just nine substations.

Bill Whitaker: You are relaying this in a very measured way. I would think this would be quite alarming.

Jon Wellinghoff: It was alarming. There’s no question. It is alarming.

gridscreengrabs03.jpg
  Dr. Granger Morgan

After the Metcalf attack, FERC pressed the utilities to harden defenses at their most critical substations – erect walls and sensors to prevent similar attacks – there’s now a wall around Metcalf. But many substations remain vulnerable targets, like one we found in southern California that serves more than 300,000 customers – huge transformers protected by a chain link fence.

Dr. Granger Morgan: Anybody who knows about power systems knows that the, the grid is physically spread all over the countryside. There are a lot of places that are vulnerable.

Dr. Granger Morgan is a Carnegie Mellon University professor of engineering who chaired three National Academy of Sciences reports on the power grid for the U.S. government – the most recent in 2021. An earlier report on terrorism was classified for five years.

Dr. Granger Morgan: We simply made a strong case that the grid was physically very vulnerable.

Bill Whitaker: Why was there a specific report on terrorism and the grid?

Dr. Granger Morgan: There were concerns about the possibility that a terrorist organization could attack the grid. And around the world there have been a fair number of attacks on grids.

They have attacked with bombs, planes and drones. Russia’s cyber attack on Ukraine’s grid in 2015 knocked about 60 substations offline, leaving 230,000 people in the dark. The U.S. secretary of energy has said Russia could do the same thing here.

Dr. Granger Morgan: In the report we did on the resilience of the power system we did argue that we needed an organization, probably DOE and Department of Homeland Security, to systematically look at all the kinds of vulnerabilities we have and then begin to figure out who could address each. In terms of resilience issues, there’s nobody in charge. I mean, there’s no single entity that has responsibility for everything.

Mike Mabee: The U.S. electric grid is the largest machine in the history of mankind. It is a marvel of modern engineering. No one person owns or controls it. It’s actually 3,000 different companies, both public and private sector, that own or operate little pieces of the electric grid.

Mike Mabee is an Iraq war vet, a former cop and a self-taught grid security expert. By day he works for the government. In his spare time, he uncovers public information electric utilities would rather not see the light of day and publishes them on a website called “Grid Security Now.” He is both fascinated and horrified by the grid.

gridscreengrabs04.jpg
  Mike Mabee

Mike Mabee: I think everybody needs to be as alarmed as I am. We’ve had disasters in the past but they’ve generally always been regional in scale. What we’ve never had is a national-scale blackout, which is completely possible under some known threats such as the cyber threat, the physical security threat, or even extreme weather. And the U.S. public is completely unprepared to survive without the electric grid for any period of time whatsoever.

So when he moved to Texas two years ago, he prepared for the worst, installing solar, wind and battery power.

Mike Mabee: The whole system’s 48 volts.

Mabee’s family survived last winter’s deadly storm, hundreds of Texans perished.

Mike Mabee: And the deaths were largely due to hypothermia, carbon monoxide poisoning because when people got cold they would do things like go into their car in the garage to try to stay warm.

Mabee has become a thorn in the side of the federal government and utility companies.

Mike Mabee: I filed a complaint about supply chain cybersecurity. I filed a complaint about physical security. I filed a complaint about the Texas blackout.

Bill Whitaker: The government and the industry. They think you’re an annoyance?

Mike Mabee: I’ve been termed a “grid security gadfly,” which I wear that as a badge of honor.

One frequent target: the Department of Energy. Mabee told us the grid information the DOE puts out is confusing and dispersed. He said he spends hours trying to make sense of it all.

Mike Mabee: There is a requirement that they report electric disturbance events. But the data from the Department of Energy is so bad. So, you know, I took it upon myself to do some data crunching. And what I found is that 38% of the electric disturbance events in the United States are due to physical attacks against the electric.

Bill Whitaker: 38%? That’s a lot.

Mike Mabee: So in the past decade, there have been over 700 physical attacks against the U.S. electric grid.

Many are copy cats of the Metcalf assault. In 2016, an eco terrorist in Utah shot up a large transformer, triggering a blackout. He said he’d planned to hit five substations in one day to shut down the West Coast. In 2020, the FBI uncovered a white supremacist plot called “lights out” to simultaneously attack substations around the country.

gridscreengrabs06.jpg
  Dr. Liz Sherwood-Randall and Anne Neuberger

Dr. Liz Sherwood-Randall: We’re seeing planning to disable the delivery of power to the American people.

Dr. Liz Sherwood-Randall is President Biden’s homeland security advisor. We met with her and Anne Neuberger, deputy national security advisor for cyber. They told us the administration’s infrastructure plans should help secure the grid, but acknowledge the threats are real.

Dr. Liz Sherwood-Randall: We have physical threats to the grid. We have natural threats to the grid. We have cyber threats to the grid.

Neuberger came to the White House from the secretive National Security Agency, where she battled Russian hackers in cyberspace.

Bill Whitaker: You said that you’ve been talking to private utility companies around the country about the potential for a cyber attack. What are you telling them?

Anne Neuberger: We’re sharing with them some of the context regarding how Russia and other countries use cyber in crisis or conflict. We’ve actively downgraded intelligence. We’ve taken any information we have about malicious software or tactics that the Russian government has used, shared that with the private sector with very practical advice of how to protect against it.

Bill Whitaker: Isn’t the problem that when it comes to the grid, there’s nothing like the FAA or the Food and Drug Administration or the Securities and Exchange Commission? There’s no one overall agency overseeing these, you said, 3,000 different utilities across the country?

Dr. Liz Sherwood-Randall: We don’t have one system. We have several grids. We also have individual energy ecosystems in regions and states. And that’s part of our strength because the resources for energy are different in different regions. And we have to acknowledge that we’re not going to have a one-size-fits-all system.

Bill Whitaker: You call it one of our strengths. But it also seems to be one of our vulnerabilities.

Dr. Liz Sherwood-Randall: Well, in my view, we can’t impose the regulations that would– you would be suggesting as a federal government. We can set standards and we are setting standards in a variety of arenas.

Carnegie Mellon’s Granger Morgan says what government, industry and law enforcement are doing doesn’t meet the magnitude of the threat.

Dr. Granger Morgan: What we need at this point is to get the White House to put all the key players together in a room to identify the biggest vulnerabilities and then take steps to reduce them.

Bill Whitaker: I’m surprised that’s not being done.

Dr. Granger Morgan: It has not been done. And it needs to happen now.

Produced by Graham Messick. Associate producer, Jack Weingart. Broadcast associates, Emilio Almonte and Eliza Costas. Edited by Craig Crawford.

Photo Credits: 60 Minutes

 




 

News

  • How to Fix Electric Grid Security
  • U.S. Continues to Import Large Transformers from China
  • 60 Minutes – How secure is America’s electric grid?
  • COVERUP UPDATE: CIP Violation Database and FOIA Lawsuit
  • Q: How Did We Become So Vulnerable?
  • Rate Recovery: How Electric Customers Fund Industry Lobbying
  • Energy Sector Supply Chain Review – U.S. Department of Energy
  • Criminally Negligent Homicide in February 2021 Texas Blackout Deaths?
  • Chinese Transformer Threat Now Confirmed by Two Administrations
  • Secretary of Energy Advisory Board: Comments of Michael Mabee
  • Electricity Advisory Committee: Comments of Michael Mabee
  • How the electric utility industry torpedoed grid security
  • Chinese Transformer Complaint Filed with U.S. Government
  • U.S. Electric Grid Imports More Chinese Transformers in 2020 and 2021
  • Recent Grid Threats: Frank Gaffney and Michael Mabee Break It Down
  • Secret Penalties: The Electric Grid Is Making You Pay Their Fines
  • Government Misses the Boat on Grid Security – Again
  • Critical Electric Infrastructure – The Government Must Step Up
  • FERC Dismisses Texas Grid Collapse Complaint
  • FERC Office of Public Participation: End the Electric Industry Coverup
  • Testimony of Michael Mabee on SB 1606 – All Hazards Grid Security
  • Federal Complaint Filed on Texas Grid Collapse
  • We Are Plugged In To Life Support
  • Texas Blackout: The Unacceptable Outcome of a Foreseeable Event
  • Chinese Transformers in the Electric Grid: Lights Out For NYC?
  • Message to Governor Jennifer Granholm and the Department of Energy
  • Chinese Transformers in the Electric Grid
  • The U.S. Has 300 Chinese Large Power Transformers
  • Senator Murkowski Questions Cybersecurity Order Suspension
  • Grid Supply Chain Cybersecurity Order “Suspended”

Fund The Fight!


Subjects

Search Website

Subscribe for Updates!

Follow me on Twitter

Tweets by CivilDefenseBK

Click To Get Prepared!

The Civil Defense Book: Emergency Preparedness for a Rural or Suburban Community
The Civil Defense Book Get it now!

Subscribe for updates

Follow Me On Facebook

The Civil Defense Book

8 months ago

The Civil Defense Book
Bradford Clark Freeman, the last surviving member of Easy Company's Band of Brothers, dies at 97apple.news/AkFt2MfXqTCWTe4KGOFDOPg ... See MoreSee Less

Bradford Clark Freeman, the last surviving member of Easy Company's Band of Brothers, dies at 97 — CNN

apple.news

Bradford Clark Freeman, believed to be the last surviving original member of the historic World War II parachute infantry regiment of the US Army known as Easy Company, died Sunday in Columbus, Missis...
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

The Civil Defense Book

9 months ago

The Civil Defense Book
Here Comes the Sun—to End Civilizationwww.wired.com/story/sun-storm-end-civilization/ ... See MoreSee Less

Here Comes the Sun—to End Civilization

www.wired.com

Every so often, our star fires off a plasma bomb in a random direction. Our best hope the next time Earth is in the crosshairs? Capacitors.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Fund The fight!


©2023 Grid Security Now! | Theme by SuperbThemes