Grid Security Now!

Grid Security Now!

Michael Mabee – Author of The Civil Defense Book

Menu
  • Home
  • Library
    • Grid Security Library
      • Government Documents on Grid Security
      • OE-417 Electric Disturbance Events Database
      • CIP Violation Database
      • Grid Protection Posts
      • Video (EMP and Grid Security)
      • What is the Electric Grid and How is it Regulated?
    • Civil Defense Library
      • Civil Defense Posts
      • Video (Preparedness)
      • Civil Defense Checklists
  • Fund The Fight!
  • Take Action!
  • About Me
    • About Michael
    • My Book
    • Michael in the Press
    • Subscribe to Mike’s Blog
    • Interviews
    • My Friends
    • Contact Me
Menu
Senator Lisa Murkowski

Dear Senators Murkowski and Manchin…

Posted on January 31, 2019February 23, 2019 by Michael Mabee
Share the knowledge...Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Pin on Pinterest
Pinterest
Share on Reddit
Reddit
Email this to someone
email
Print this page
Print

.

CLICK FOR PDF COPY


January 30, 2019

The Honorable Lisa Murkowski, Chairman
The Honorable Joe Manchin III, Ranking Member
U.S. Senate Committee on Energy and Natural Resources
304 Dirksen Senate Building
Washington, DC 20510

Dear Senators Murkowski and Manchin

I am writing in regard to the systemic coverup of electric grid standard violations by the utility industry and their self-regulatory body, the North American Electric Reliability Corporation (NERC). This coverup has been enabled by the Federal Energy Regulatory Commission (FERC).

I am a regular citizen who has discovered the magnitude of this betrayal of the public trust. I ask that your committee open a formal investigation. With continuing wildfires caused by utilities in the Western Interconnection, and the names of vegetation management violators being hidden, many lives are at risk. A cybersecurity attack and resulting long-term blackout could also cause widespread casualties.

In February of 2018, I read about a “white hat” security researcher who found confidential records of PG&E’s network configuration, including passwords, on the public internet. Checking the FERC library, I found a record of a cybersecurity standard violation in about the same timeframe. However, FERC and NERC did not name the violator, instead calling the utility an “Unidentified Registered Entity.”

I filed a Freedom of Information Act (FOIA) request – and an appeal when my request was denied – in order to obtain the identity of the violator.[1] To this day, further details are still withheld from public examination.

On August 24, 2018, the Wall Street Journal ran a story titled: “PG&E Identified as Utility That Lost Control of Confidential Information.” Subtitle: “As a result of 2016 failure, 30,000 records about PG&E’s cyber assets were exposed on the internet.”[2] This was the first time the public found out about PG&E’s massive cyber breach and that PG&E was the violator subjected to a 2.7 million dollar regulatory fine. I was quoted in the Wall Street Journal article and cited as the source of the information.

I did further research and discovered that since July of 2010, NERC has routinely been withholding the identities of regulated entities that violate Critical Infrastructure Protection (CIP) Standards even when there is no reasonable “national security” reason to do so. FERC has allowed this odious practice to continue, even though the agency has a regulation clearly stating that the Notices of Penalty will be disclosed to the public after the vulnerability is remedied.[3]

My research has uncovered that FERC has hidden information in 243 dockets involving at least 1465 registered entities between 2010 and 2018. Attached is a list of these dockets for your review. I have filed FOIA request for these records, but I expect, as happened previously, NERC will oppose the release of this information and FERC will deny my request. I believe that without the intervention of your oversight committee, this FERC/NERC cover up will likely continue.

A review of the publicly available information on these dockets reveals troubling issues, however, without the disclosure of the names of the entities and the text of settlement agreements, it is impossible for the public to fully appreciate how standards violations by utilities place lives at risk. Here are some examples:

  • Since the Metcalf substation attack on April 16, 2013, one would think that there would be utility focus on physical security for high voltage transformers – most of which are guarded only by a chain link fence and crossed fingers. So exactly how many enforcement actions would you guess there have been in the last 5 years for “CIP-014” physical security? Only one. (FERC Docket NP18-14-000.) 
  • Many of the “penalties” result from settlement agreements (e.g., the “Unidentified Registered Entity” agreed to pay the “penalty” and in many cases does not admit fault for the violation). Without knowing the details of the settlement agreements, the public cannot adequately analyze the terms and penalties, or even identify offending utilities.
  • In some of the cases that were “settled,” the regulated entities were “uncooperative” (FERC Docket NP16-12-000) or “not fully transparent and forthcoming” (FERC Docket NP18-7-000). “Settling” with such actors raises many regulatory red flags and the public needs to analyze these FERC-approved transactions in more detail.
  • I have found numerous examples of non-CIP violations that have been redacted. For example, I have found at least 4 violations of vegetation management standards for transmission lines in the Western Interconnection – the same region where over 86 deaths occurred in the “Camp Fire” – the deadliest and most destructive wildfire in California history. This is the same region where a “regulated entity” (PG&E) has significant liability for wildfires. The public has a right to know who standard violators are.

After this FERC/NERC cover up started in July of 2010, there has been less incentive to fix the grid security problems. That’s why disclosure is important. Why should utilities spend money to fix grave cybersecurity issues if they know that 1) if caught, the friendly regulator will “settle” the violation privately, 2) the utility can negotiate a trivial fine, and 3) the utility’s name will not be disclosed to the public?

I request that your Committee hold a hearing on this critical matter. I am willing to testify as to my findings and research, as well, as why this conduct by NERC and FERC is endangering the U.S. electric grid and the public safety.

Respectfully,

Michael Mabee

Attachment: FERC Dockets where identities of CIP violators were withheld from the public

CC:         Senator Maggie Hassan (NH)
               Senator Jeanne Shaheen (NH)
               Representative Ann McLane Kuster (NH)


[1] See FERC docket number NP18-7-000.

[2] Smith, Rebecca. The Wall Street Journal. August 24, 2018. https://www.wsj.com/articles/pg-e-identified-as-utility-that-lost-control-of-confidential-information-1535145850 (accessed November 22, 2018).

[3] 18 CFR § 39.7 (b)(4) provides that: “Each violation or alleged violation shall be treated as nonpublic until the matter is filed with the Commission as a notice of penalty or resolved by an admission that the user, owner or operator of the Bulk-Power System violated a Reliability Standard or by a settlement or other negotiated disposition.” [Emphasis added.] Further, 18 CFR § 39.7(d)(1) provides that a notice of penalty by the Electric Reliability Organization shall consist of, inter alia: “The name of the entity on whom the penalty is imposed.”


CLICK FOR PDF COPY


Further Information:

  • Click here to read my first FOIA Request
  • Click here to read my second FOIA Request
  • Download List of “Unidentified Registered Entity” Dockets

Related Reports:

  • NERC Coverup Investigation Report
  • Transmission Vegetation Management Cover Up?
  • FERC Commissioner Cheryl LaFleur: Step Up on Grid Security or Step Down!
  • Electric Grid Cyber Cover-Up: More Details Emerging
  • These “Unidentified Registered Entities” Endangered the Electric Grid
  • PG&E endangered the grid – and tried to cover it up


Senator Joe Manchin
Senator Joe Manchin
Senator Lisa Murkowski
Senator Lisa Murkowski
Share the knowledge...Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Pin on Pinterest
Pinterest
Share on Reddit
Reddit
Email this to someone
email
Print this page
Print

News

  • Grid Supply Chain Cybersecurity Order “Suspended”
  • A Billion Reasons We Do Not Have Grid Security
  • Money Talks, Grid Security Walks
  • Critical Infrastructure Attacks Expose Regulatory Failures
  • Lawsuit: The Federal Government Must Secure The Grid
  • COVERUP UPDATE: CIP Violation Database and FOIAs
  • Securing America with Frank Gaffney: Threats to the Electric Grid
  • FERC: Who Will Be Responsible For All The Deaths If The Grid Goes Down?
  • Federal Energy Regulatory Commission Lays Down On The Job!
  • EMP Progress Report – A National Disgrace
  • EMP Ignorance Is Bliss – Dr. Peter Vincent Pry
  • China: EMP Threat – A New Report by Dr. Peter Pry
  • FERC Denies Grid Physical Security Complaint, BUT…
  • Secure the Grid Coalition Opposes Senate Bill S.3688
  • Electric Industry Lobbyist’s China Ties Questioned
  • Supply Chain Cybersecurity Complaint Filed with FERC
  • Executive Order 13920: Securing the United States Bulk-Power System
  • Electric Industry Wants to Defer Implementation of Cybersecurity
  • Electric Sector Protests Effective Grid Physical Security
  • Emergency Preparedness: Souhegan and Derry CERT
  • Coronavirus: Don’t Panic, Prepare!
  • New Hampshire Rep. David Testerman on Grid Physical Security
  • Former CIA Director James Woolsey on Grid Physical Security
  • Loopholes in Grid Physical Security Identified
  • FEMA’s Strategic Plan and the NDAA: A Perfect Fit
  • Greg Allison and Michael Mabee Talk Grid Security On YouTube
  • Complaint Filed About Inadequate Electric Grid Physical Security
  • Is the Tail Wagging The Dog in Grid Security?
  • Video: EMP Threat (KSNV News Las Vegas)
  • Why Thomas Popik should be a FERC Commissioner

Fund The Fight!


Subjects

Search Website

Subscribe for Updates!

Follow me on Twitter

Tweets by CivilDefenseBK

Click To Get Prepared!

The Civil Defense Book: Emergency Preparedness for a Rural or Suburban Community
The Civil Defense Book Get it now!

Subscribe for updates

Follow Me On Facebook

The Civil Defense Book

4 hours ago

The Civil Defense Book
China Flies Warplanes Near Taiwan in Show of Force, Prompting U.S. Warningwww.wsj.com/articles/china-flies-warplanes-near-taiwan-in-show-of-force-prompting-u-s-warning-116... ...

China Flies Warplanes Near Taiwan in Show of Force, Prompting U.S. Warning

www.wsj.com

The sorties, on both Saturday and Sunday, come in President Biden’s first week in office, a likely warning from Beijing to the new administration over its support for the island.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

The Civil Defense Book

4 hours ago

The Civil Defense Book
The Chinese Communist Party Has No Business in America’s Critical Infrastructurewww.centerforsecuritypolicy.org/2021/01/25/the-chinese-communist-party-has-no-business-in-america... ...

The Chinese Communist Party Has No Business in America's Critical Infrastructure - Center for Security Policy

www.centerforsecuritypolicy.org

An initial Biden Executive Order clears the way for the Chinese to increase the presence in our electric grid...
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Fund The fight!


©2021 Grid Security Now! | Theme by SuperbThemes