The CIP Coverup Can’t Be Hidden Any Longer
The CIP coverup—the over nine year old secret practice of permanently withholding the names of all Critical Infrastructure Protection (CIP) violators from the public—is now getting much needed public scrutiny. Just so you know we are (ahem) barking up the right tree, at the June 27, 2019 FERC Reliability Technical Conference, the issue of disclosure of the names of CIP violators and the FOIAs were discussed for about 10 minutes. Below is the video clip of the discussion:
(Click HERE for the transcript – the relevant discussion is on pages 67-76.)
A few items of interest:
- The “over two hundred FOIA requests” that are mentioned—Yep, that would be me. (Click HERE for details.)
- Commissioner Cheryl LaFleur mentions “an urban legend on the Twitterverse.” My article posted on Twitter by several people is likely what Commissioner LaFleur is referring to. Here is the Twitter activity on my blog article:
- Commissioner Glick nails it (and NERC admits) that releasing the names would give the industry incentive to comply:
COMMISSIONER GLICK: Wouldn’t you agree that part of the incentive for CIP compliance to get management to follow — to ensure the proper approach is that CIP requirements are complied with is that they don’t want to be embarrassed that they were fined?
MR. ROBB: Absolutely. Absolutely
In addition, in a filing submitted on August 22, 2019 by the American Public Power Association (“APPA”) and the Large Public Power Council (“LPPC”), these trade associations continue to push a misleading interpretation of Commission regulations to argue that the names of the CIP violators should continue to be withheld. (See pages 6-8 of this filing.) The industry trade associations note:
This discussion has been triggered by requests filed by Michael Mabee under FOIA in several hundred Notice of Penalty (“NOP”) dockets seeking the names of Unidentified Registered Entities (“UREs”), along with the non-public portions of the NOPs. As well, Mr. Mabee intervened in 192 of these dockets seeking the same information. Mr. Mabee’s efforts were opposed by APPA, EEI and the National Rural Electric Cooperative Association (“NRECA”) on March 28, 2019.
Gee. The entire electric utility industry is fighting my FOIAs! Of course, I filed reply comments rebutting these misleading assertions (see them HERE).
This is the second time in a month that the CIP coverup has received federal government attention.
Congress Has Caught On to the CIP Coverup
As we previously reported, The CIP coverup was the subject of Representative Ann Kuster’s questions to FERC at the hearing on Friday, July 12, 2019. (House Subcommittee on Energy cybersecurity hearing entitled “Keeping The Lights On: Addressing Cyber Threats To The Grid.”) Here is the video clip of that exchange:
We’re Not Letting Them Get Away With It
The electric utility industry intended for the CIP coverup to continue in perpetuity. Not one name of a regulatory violator since the CIP coverup began has been voluntarily released by either NERC or FERC. This means since July 0f 2010 in 253 FERC dockets to date, covering around 1,500 “Unidentified Registered Entities,” the only names that have been released were forced under the Freedom of Information Act. And to this day, these few names are only available on my website as neither NERC nor FERC has released the names to the public docket.
The battle is far from over and the entire industry is digging in for a fight.
The public has a right to know if their lives are being put in danger to protect corporations from embarrassment. The public has a right to know if a utility is a repeat violator of CIP standards. The public has a right to know if the regulatory regime is working. This is why the withholding of ALL the names of ALL the CIP regulatory violators for ALL TIME must cease.
Why is this one piece of information—the name of the regulatory violator—so sensitive to the industry? Because the name of a violator is the most essential piece of information to hold that utility accountable.
The only logical conclusion here is that the electric utility industry and the North American Electric Reliability Corporation (NERC) do not want to be held accountable for cybersecurity or physical security issues. They’d rather keep all of this dirty laundry hidden from public view.
UPDATE: August 27, 2019:
On August 27, 2019, the Federal Energy Regulatory Commission published a “white paper” on the issue of disclosing the names of CIP violators. In an email FERC noted:
The Commission has recently received an unprecedented number of FOIA requests for non-public information in CIP NOPs. Consistent with its regulations, Commission staff has released the identity of UREs in some limited cases where the Commission staff has determined that the release will not jeopardize the security of the Bulk-Power System if publicly disclosed. The significant increase in FOIA requests for non-public information in CIP NOPs has raised security and transparency concerns within industry and the general public, which has prompted Commission and NERC staffs to re-evaluate the format of CIP NOPs filed with the Commission. The current filing format, containing detailed violation information, when coupled with the potential release of URE identities, may not be achieving an appropriate balance of security and transparency. The White Paper proposes a revised format that is intended to improve this balance.
FERC is accepting comments on this white paper (FERC Docket No. AD19-18-000) until September 26, 2019. We need to all let the Federal Energy Regulatory Commission (FERC) know that the security of the electric grid is critical – secret regulation and coverups are unacceptable to the public. As a citizen, you have the right to file a comment in this docket and be heard!
The deadline to file on this docket is September 26, 2019 so write your letter today and submit it online to FERC Docket Number AD19-18-000, or mail it in to FERC (Be sure to include the Docket Number in your letter).
Submit to FERC online HERE (you need to register if this is your first time)
or, submit by mail:
Federal Energy Regulatory Commission
Kimberly D. Bose, Secretary
ATTN: Docket No. AD19-18-000
888 First Street, NE
Washington, DC 20426
###
Read More on the CIP Coverup:
- UPDATED: CIP Violation Database and FOIAs
- Regulatory Mutiny: The Grid Just Threatened FERC
- Physical Security: The Electric Grid’s Dirty Little Secret
- FERC Must Make A Choice
- Grid Coverup: NERC’s “Double Secret Probation” of CIP Violators Continues
- NERC’s “Cybersecurity Incident” Shell Game
- NERC Coverup Investigation Report
- Dear Senators Murkowski and Manchin…
- Transmission Vegetation Management Cover Up?
- FERC Commissioner Cheryl LaFleur: Step Up on Grid Security or Step Down!
- Electric Grid Cyber Cover-Up: More Details Emerging
- These “Unidentified Registered Entities” Endangered the Electric Grid
- PG&E endangered the grid – and tried to cover it up
- Now It’s a FERC Cover-Up
- A NERC Cover-Up? Who Put the Electric Grid at Risk?