Mike’s Blog

What You Can Do to Secure the Grid (#SecureTheGrid)

NOTE: The Deadline for comments is 2/26/2018

Citizens can help secure the grid

It is easy to feel helpless down at our level (and by “down at our level” I mean citizens). The electric grid is vulnerable to numerous threats and we know (because the Senate told us) that if the grid was to go down for a long period of time, millions of U.S. citizens could die. But what can we, regular citizens, do to secure the grid?

Here’s what we can do: The Federal Energy Regulatory Commission (FERC) is considering a new regulation on cyber security. The electric power industry is fighting it. Before FERC decides what to do, they are required by law (the Administrative Procedures Act) to seek and consider public comments.

What you can do is submit a comment to FERC urging them “to issue an order to direct the North American Electric Reliability Corporation (NERC), to develop and submit modifications to the NERC Reliability Standards to improve mandatory reporting of Cyber Security Incidents, including incidents that might facilitate subsequent efforts to harm the reliable operation of the bulk electric system.” The deadline for comments is February 26, 2018.

Secure the gridIf you are familiar with federal rulemaking and submitting comments on proposed rules, click here for the Notice of Proposed Rulemaking (NOPR) and have-at-it.

For those who are unfamiliar with the electric grid and it’s regulatory scheme and need a short primer, here is a little background.

What is the grid?

The bulk power system – or “the grid” – is not really one thing. The grid is actually thousands of companies, both public and private sector, that operate in an interconnected system to facilitate the generation, transmission and distribution of electrical power. The grid is made up of power generation – such as power plants, wind turbines and solar farms, high voltage transmission lines that span long distances across the country and local distribution lines which bring the power from the street to your house.

This interconnected (and vulnerable) patchwork is what allows the United States to support her human population. Everything that enables 325 million people in the country to survive is wholly reliant on the grid. All of our critical infrastructures – food, water, fuel, transportation and medical systems are all 100% dependent on the grid.

How is the grid regulated?

FERC Secure the Grid #SecureTheGridThe grid is self-regulated (similarly to Wall Street). The federal government under current law can’t tell “the grid” what to do. The North American Electric Reliability Corporation (NERC) is a not-for-profit corporation. It acts as the self-regulatory organization “whose mission is to assure the reliability of the bulk power system (BPS) in North America.” The Federal Energy Regulatory Commission (FERC) is an independent federal agency that regulates the interstate transmission of electricity, natural gas, and oil. FERC’s specific authority over the electric grid is to “oversee the reliability of the bulk power system.” The regulatory scheme of the grid between NERC and FERC is mind-numbingly complex. (Just the way most industries prefer their relationship with the federal government to be.)

The Energy Policy Act of 2005 added Section 215 to the Federal Power Act. This gave FERC the authority to certify an organization as an “Electric Reliability Organization” (ERO) which would develop reliability standards for the industry, subject to FERC’s approval. Yes, you read that right – the industry writes its own reliability standards.

Secure the Grid #SecureTheGrid

On July 20, 2006, FERC certified NERC as the ERO. Other entities objected and administrative appeals and litigation ensued. Section 215 does give FERC the authority to “upon its own motion or upon complaint, may order the Electric Reliability Organization to submit to the Commission a proposed reliability standard or a modification to a reliability standard that addresses a specific matter if the Commission considers such a new or modified reliability standard appropriate to carry out this section.” In English, FERC can order NERC to develop a particular standard and submit it for FERC’s review and approval, but this again is very time consuming.

Thus, FERC (the government) can’t easily tell NERC (the industry) what to do.  But the need to secure the grid and the dependent critical infrastructures is a national security issue – an issue of survival for families and the country. It gets worse.

There is no federal law that says that the grid has to protect itself from hazards and threats. In fact, as previously noted, “itself” is thousands of separate companies that regulate themselves through NERC. Our very survival is dependent on the industry’s willingness to do the right thing. They are not required to do the right thing. The industry will occasionally do the minimum that they feel they have to do to avoid the government getting off its slow and lumbering buttocks and doing something drastic to protect the grid – and the United States – from catastrophe.

But is the minimum enough to protect your family and the security of the United States?

Many of us in the Secure The Grid Coalition believe that it is not. It is time for the federal government (FERC) to step up and insure that we secure the grid from threats such as EMP, GMD, cyber-attacks, extreme weather and errant tree branches.

What is rulemaking?

Federal agencies are required by law to follow procedures when implementing or changing regulations. One requirement is the agency must allow public comments and must consider the comments they received. Also, interested persons can petition a federal agency to start the rulemaking process on an issue.

This is exactly what happened here. The Foundation for Resilient Societies  petitioned FERC on January 13, 2017 to institute rulemaking because the U.S. electric grid is vulnerable to cyber threats and the current regulations did not adequately address the threats. This petition was met with instant opposition from the electric industry. Not surprising.

A call to action to secure the grid

The Foundation for Resilient Societies is standing up for you and your family. We need to all step up and back The Foundation for Resilient Societies’ petition. We need to send in comments requesting that FERC secure the grid by making NERC accountable for robust cyber security standards. And we need to do this by February 26, 2018.

You can file a comment online (click here). You have to register first to file online. You can also mail comments to FERC at this address – make sure to mention in the letter that you are responding to Docket Number  RM18–2–000. Mail your comments to:

Federal Energy Regulatory Commission

Secretary of the Commission

888 First Street NE

Washington, DC 20426

Reference Materials:

Secure the Grid

Click here for more info


What Is Civil Defense? What Is Civil Defense Virginia?

Civil Defense Virginia


Guest Post:

By Preston Le Roy Schleinkofer

Introduction to Civil Defense

and Civil Defense Virginia

Ever since the demise of the U.S. Civil Defense Administration in the 1990’s, the community has been largely excluded from the process of emergency management. But since the terrorist attacks of September 11, 2001, and the increasingly serious threats to the U.S. from both state actors and non-state actors, there has been a growing call for the resurrection of some form of civil defense structure in the United States.

Among those calling for this resurrection was a bi-partisan group in the U.S. House of Representatives. In August of 2012 two Republicans and two Democrats introduced House Resolution 762: “Expressing the sense of the House of Representatives regarding community-based civil defense and power generation.” Even though the resolution never made it out of committee to see a vote, the sense of the Congress is still important. This bi-partisan group believed that a community-based civil defense program is a good idea for the modern community.

Proposed House Resolution 762:

  1. Encourages every community to develop its own “civil defense program” working with citizens, leaders, and institutions, ranging from local fire halls, schools, and faith-based organizations, to create sustainable local infrastructure and planning capacity, so that it might mitigate high-impact scenarios and be better prepared to survive and recover from these worst-case disaster scenarios and be better able to affordably and sustainably meet the needs of the community in times of peace and tranquility;
  2. Encourages every citizen to develop an individual emergency plan to prepare for the absence of government assistance for extended periods;
  3. Encourages each local community to foster the capability of providing at least 20 percent of its own critical needs, such as local power generation, food, and water, while protecting local infrastructure whenever possible from the threats that threaten centralized infrastructure; and to do so with the urgency and importance inherent in an all-of-nation civil defense program developed by citizens and their local communities; and
  4. Encourages state governments and federal agencies to support the ability of local communities to become stronger, self-reliant, and better able to assist neighboring communities in times of great need.
Civil Defense Virginia

Brock Long – Administrator, Federal Emergency Management Agency

FEMA Administrator Brock Long told a Congressional subcommittee in November 2017, “let’s hit the reset button” and “the nation needs to stop and take a deep breath and figure out how we can become more resilient.” He also said “I’m ready to change the face of emergency management and how we tackle resiliency.”

Most recently in an interview with EM Weekly, Administrator Long said:

“One thing I have been very vocal about is we’ve got to stop looking at citizens as liabilities and start looking at citizens as the true first responders. How are we training them to take actions that are low to no cost actions they can take to be better prepared? How are we actually going back to the old civil defense in the 1950s of incorporating them into our activities and response plans like basically putting CERT teams on steroids and teaching citizens practical skills?”

The answer to Administrator Long’s dilemma is in Resolution 762 – a local community civil defense organization. This is the answer FEMA has been looking for. By organizing and training the citizens in planning, preparedness, rescue and recovery, the community is more resilient, and the nation as a whole is stronger when each community takes the responsibility for themselves and their neighbors. The many heroes in Houston, Texas after Hurricane Harvey in 2017 is a perfect example. That was the spirit of continuity of community (civil defense) in action.

On January 18, 2018, Time magazine online published an article entitled “Hawaii’s False Alarm Exposes U.S. Civil Defense Gaps.” The article points out that civil defense programs are designed to limit panic in the population. But, as we saw, the false alarm created a lot of panic and exposed the vulnerable underbelly of our current emergency management programs and true lack of any continuity of community.

We must do better.

What is civil defense?

There isn’t a modern definition of “civil defense” and for many, the term harkens back to the cold war era. This is the definition that Civil Defense Virginia has created and uses:

Civil Defense VirginiaCivil Defense is the system of civilians and civilian government authorities within cities and counties partnering in protective measures and emergency relief activities conducted by community members for their own safety and protection in case of severe natural or man-made disasters, including:

a. protecting families, neighborhoods and communities,

b. training members in disaster preparedness, response and recovery measures,

c. maintaining Continuity of Community by preserving safety, security and constitutional governmental functions and, restoration and protection of critical infrastructure.

What is Civil Defense Virginia

Civil Defense Virginia (CDVA) is a 501(c)(3) tax-exempt education and training organization leading in civil defense thought and application. CDVA assists jurisdictions in developing their community-based civil defense organization. We can assist in developing the structure and organization for an effective community response to natural and man-made disasters. We can help tie the local emergency management plan to the residents of the community through a 501(c)(3) tax-exempt community organization or a coalition of organizations dedicated to building continuity of community. Whether there is one organization or a coalition of organizations participating, there should be a lead civil defense organization named for that jurisdiction.

The exact structure of the organization may differ somewhat between jurisdictions as they each will have different requirements, resources and challenges. In one model, the civil defense organization’s board of directors can reserve a permanent position for the emergency manager and possibly one other official from the jurisdiction (a County Supervisor, City Councilman, the Administrator’s office, Police department /Sheriff’s office, etc.). The board should have enough members (six to eight members) to insure a balance of members between the jurisdiction and its citizens for true collaboration.

There should be a leadership council to assist the board with the overall management of the CD organization. Most jurisdictions are divided into various political subdivisions, for which there are councilmen or supervisors, etc., that represent the citizens of their subdivision. The council will have representatives from each of the subdivisions (or districts). For example: Spotsylvania County Virginia is divided into 7 separate districts, each with supervisory representation. The leadership council of the “Spotsylvania County Civil Defense Association” should have a member representing each of the seven districts. Each district will in turn have a leadership contingent that actually works to build the continuity of community within their communities.

The key point is that, however it is structured, a non-profit civil defense organization in your town can provide solutions and resources in the event of an emergency – solutions and resources that you do not currently have in your budget. A non-profit civil defense organization is a resource multiplier for your community.

How can emergency managers prepare for civil defense?

Local emergency managers and their staff have a tough job in today’s environment. There are a number of potential threats, and some of the most devastating haven’t been considered or exercised – such as the local effects of a long-term national outage of the electric grid. If our cities and counties started planning and exercising for the worst-case scenarios, then we would have a better idea of how to prepare our jurisdictions and our citizens for them.

Civil Defense Virginia

Craig Fugate

Former FEMA Administrator Craig Fugate talks about what he calls “The Seven Deadly Sins of Emergency Management.” One of these is the common belief in the emergency management profession that “we think our emergency response system can scale up from emergency response to disasters.”

Unfortunately, as Mr. Fugate notes, this may not be how it works.

I am sure that most emergency managers have studied the man-made and natural threats for their geographical area and also consulted the state and federal lists to see what is advised for their plans. The problem is that most don’t include the worse-case scenarios in their list of threats.

The emergency management team needs to do a thorough analysis of all-hazards threats, to include high-impact, low-frequency (HILF) events like an electromagnetic pulse (EMP), coronal mass ejection (CME), cyber and physical attacks on the power grid that disables it for extended periods without state, federal or local mutual aid. Large multi-regional blackouts and entire nation blackout from these threats lasting months to years must be exercised in order to fully understand what such a threat could and would present to the community.

Without doing this we fail to see the reality of the threats. In fact, we commit another one of the 7 Deadly Sins by former Administrator Fugate: “we exercise to success.” We must not be afraid to “exercise to failure,” and then go further into the abyss to discover what we don’t know and how to prepare for it. We also should not worry about being politically correct in our assessment and response to the threat. We must organize and prepare for the true threats, no matter how dire they may be. Once that is accomplished, then all other threats are scalable downward. You cannot scale up to a point you have never known, but once you know the worst-case disaster (total national grid-down for 12-24 months with no outside assistance), then you can scale up or down to any point that is required to meet any threat.

There is a lot that can be done to mitigate the effects of disasters, including long-term cataclysmic disasters that could affect the community, region and nation. The answer lies in the citizens of the community partnering with their local government to work together on the answers. To do this, the jurisdiction would have to properly inform the community of the threats, why they should be concerned and what needs to be done to mitigate the threats, especially possible worse-case scenarios. The limitations of our budgets means we can only do so much with existing resources. The key is leveraging resources by participation of the citizenry. It can and must be done! The emergency management process needs a Civil Defense component as this is the way to focus on organizing the citizens to help themselves and their neighbors – and communities – during emergencies. This is a community-based approach, rather than a top-down, government controlled process that is limited by budgets and government manpower.

In future posts we will look more at ways the CD organization can be formed and their duties. We will also provide a reading list and websites that are helpful. One organization I will highly recommend here is InfraGard, especially their Electromagnetic Pulse Special Interest Group (EMP-SIG). Checkout their website and consider joining the chapter in your area.


For more information on Civil Defense Virginia, click here.

For the book on how to start a civil defense organization, click here.

For InfraGard’s book with table top exercises for a grid-down event, click here.


Civil Defense VirginiaPreston Le Roy Schleinkofer is a retired federal law enforcement officer who served 27 years in the U.S. Border Patrol and Immigration and Customs Enforcement (ICE). He is also a retired Army senior non-commissioned officer (NCO) with 22 years in the Army, Army Reserve and National Guard. He is the founding president of Civil Defense Virginia,  a tax-exempt 501(c)(3) organization, a member of InfraGard and an affiliate of the Secure The Grid Coalition. You can connect with him on LinkedIn, Facebook and Twitter.



What we should take from the Hawaii false missile alert

Hawaii false missile alert: “Nobody knew what to do”

CBS News, in its reporting of the Hawaii false missile alert, quoted a Honolulu resident:

“Clearly, there is a massive gap between letting people know something’s coming and having something for them to do. Nobody knew what to do.”

Well said.

Besides the fact that there was a catastrophic failure of the emergency alert system which caused widespread panic, this quote says something much deeper and quite painful. “Nobody knew what to do.”

And this message applies to our whole country. We don’t know what to do. The last time I was in a “nuclear attack drill” as a civilian was in the early 70’s when I was in grade school in Ohio. We called these “tornado drills” but I always suspected they were thinly veiled “duck and cover” drills. Yes, there are tornadoes in Ohio so perhaps I’ve never actually been in a nuclear attack drill as a civilian at all.

As an adult, I have owned houses in three states. Not once has anybody ever rang my bell to talk about emergency preparedness. I think in my adult life I might once have received an emergency preparedness pamphlet in the mail. Obviously because of my military and emergency response experience, I have a leg-up in terms of knowledge, but I am not most people.

As a country, we don’t know what to do

FEMA Administrator Brock Long told Congress on November 30, 2017 that “we do not have a true culture of preparedness in this country.” So let me ask you a question: Do your people know what to do?

Definition: the term “your people” means the people in your community. The civilians.

Hawaii false missile alertIf this message comes over everybody’s cell phones right now, do your people know what to do? Are they prepared?

And by the way, for those of you who are thinking “well we’re way up here in Northern ___ and there isn’t a target for hundreds of miles” do you think that nothing will happen to you? Likely you will lose power for months (or longer) and not see any food or fuel deliveries for months (or longer). Your community will possibly find itself host to hundreds or thousands of desperate, sick and starving refugees.  Are you prepared for that?

I have been writing about the need for us to return to having community level civil defense for several years now. I recently wrote more detailed articles (and a book) on this:

What if I told you that there is very little cost to starting a civil defense organization in your town? That it would not “cost” resources but multiply your resources? There are no downsides to preparing your community.

What we should take from the Hawaii false missile alert? It is unacceptable that in the U.S. we have an emergency alert and “nobody knew what to do.” We must fix this. Building a culture of preparedness – a civil defense culture – is a critical task for the national security of the country.