Grid Security Now!

Grid Security Now!

Michael Mabee – Author of The Civil Defense Book

Menu
  • Home
  • Library
    • Grid Security Library
      • Government Documents on Grid Security
      • OE-417 Electric Disturbance Events Database
      • CIP Violation Database
      • Database of Chinese Transformers and Equipment in the U.S. Electric Grid
      • Why Haven’t We Secured the Grid?
      • What is the Electric Grid and How is it Regulated?
      • Grid Protection Posts
      • Video (EMP and Grid Security)
    • Civil Defense Library
      • The cavalry is not coming
      • Civil Defense Posts
      • Video (Preparedness)
      • Civil Defense Checklists
  • In the Press
  • Take Action!
  • Fund The Fight!
  • About Me
    • About Michael
    • Interviews – Michael Mabee
    • Subscribe to Mike’s Blog
    • Contact Me
  • My Book
Menu
Senator Lisa Murkowski

Dear Senators Murkowski and Manchin…

Posted on January 31, 2019February 23, 2019 by Michael Mabee

.

CLICK FOR PDF COPY


January 30, 2019

The Honorable Lisa Murkowski, Chairman
The Honorable Joe Manchin III, Ranking Member
U.S. Senate Committee on Energy and Natural Resources
304 Dirksen Senate Building
Washington, DC 20510

Dear Senators Murkowski and Manchin

I am writing in regard to the systemic coverup of electric grid standard violations by the utility industry and their self-regulatory body, the North American Electric Reliability Corporation (NERC). This coverup has been enabled by the Federal Energy Regulatory Commission (FERC).

I am a regular citizen who has discovered the magnitude of this betrayal of the public trust. I ask that your committee open a formal investigation. With continuing wildfires caused by utilities in the Western Interconnection, and the names of vegetation management violators being hidden, many lives are at risk. A cybersecurity attack and resulting long-term blackout could also cause widespread casualties.

In February of 2018, I read about a “white hat” security researcher who found confidential records of PG&E’s network configuration, including passwords, on the public internet. Checking the FERC library, I found a record of a cybersecurity standard violation in about the same timeframe. However, FERC and NERC did not name the violator, instead calling the utility an “Unidentified Registered Entity.”

I filed a Freedom of Information Act (FOIA) request – and an appeal when my request was denied – in order to obtain the identity of the violator.[1] To this day, further details are still withheld from public examination.

On August 24, 2018, the Wall Street Journal ran a story titled: “PG&E Identified as Utility That Lost Control of Confidential Information.” Subtitle: “As a result of 2016 failure, 30,000 records about PG&E’s cyber assets were exposed on the internet.”[2] This was the first time the public found out about PG&E’s massive cyber breach and that PG&E was the violator subjected to a 2.7 million dollar regulatory fine. I was quoted in the Wall Street Journal article and cited as the source of the information.

I did further research and discovered that since July of 2010, NERC has routinely been withholding the identities of regulated entities that violate Critical Infrastructure Protection (CIP) Standards even when there is no reasonable “national security” reason to do so. FERC has allowed this odious practice to continue, even though the agency has a regulation clearly stating that the Notices of Penalty will be disclosed to the public after the vulnerability is remedied.[3]

My research has uncovered that FERC has hidden information in 243 dockets involving at least 1465 registered entities between 2010 and 2018. Attached is a list of these dockets for your review. I have filed FOIA request for these records, but I expect, as happened previously, NERC will oppose the release of this information and FERC will deny my request. I believe that without the intervention of your oversight committee, this FERC/NERC cover up will likely continue.

A review of the publicly available information on these dockets reveals troubling issues, however, without the disclosure of the names of the entities and the text of settlement agreements, it is impossible for the public to fully appreciate how standards violations by utilities place lives at risk. Here are some examples:

  • Since the Metcalf substation attack on April 16, 2013, one would think that there would be utility focus on physical security for high voltage transformers – most of which are guarded only by a chain link fence and crossed fingers. So exactly how many enforcement actions would you guess there have been in the last 5 years for “CIP-014” physical security? Only one. (FERC Docket NP18-14-000.) 
  • Many of the “penalties” result from settlement agreements (e.g., the “Unidentified Registered Entity” agreed to pay the “penalty” and in many cases does not admit fault for the violation). Without knowing the details of the settlement agreements, the public cannot adequately analyze the terms and penalties, or even identify offending utilities.
  • In some of the cases that were “settled,” the regulated entities were “uncooperative” (FERC Docket NP16-12-000) or “not fully transparent and forthcoming” (FERC Docket NP18-7-000). “Settling” with such actors raises many regulatory red flags and the public needs to analyze these FERC-approved transactions in more detail.
  • I have found numerous examples of non-CIP violations that have been redacted. For example, I have found at least 4 violations of vegetation management standards for transmission lines in the Western Interconnection – the same region where over 86 deaths occurred in the “Camp Fire” – the deadliest and most destructive wildfire in California history. This is the same region where a “regulated entity” (PG&E) has significant liability for wildfires. The public has a right to know who standard violators are.

After this FERC/NERC cover up started in July of 2010, there has been less incentive to fix the grid security problems. That’s why disclosure is important. Why should utilities spend money to fix grave cybersecurity issues if they know that 1) if caught, the friendly regulator will “settle” the violation privately, 2) the utility can negotiate a trivial fine, and 3) the utility’s name will not be disclosed to the public?

I request that your Committee hold a hearing on this critical matter. I am willing to testify as to my findings and research, as well, as why this conduct by NERC and FERC is endangering the U.S. electric grid and the public safety.

Respectfully,

Michael Mabee

Attachment: FERC Dockets where identities of CIP violators were withheld from the public

CC:         Senator Maggie Hassan (NH)
               Senator Jeanne Shaheen (NH)
               Representative Ann McLane Kuster (NH)


[1] See FERC docket number NP18-7-000.

[2] Smith, Rebecca. The Wall Street Journal. August 24, 2018. https://www.wsj.com/articles/pg-e-identified-as-utility-that-lost-control-of-confidential-information-1535145850 (accessed November 22, 2018).

[3] 18 CFR § 39.7 (b)(4) provides that: “Each violation or alleged violation shall be treated as nonpublic until the matter is filed with the Commission as a notice of penalty or resolved by an admission that the user, owner or operator of the Bulk-Power System violated a Reliability Standard or by a settlement or other negotiated disposition.” [Emphasis added.] Further, 18 CFR § 39.7(d)(1) provides that a notice of penalty by the Electric Reliability Organization shall consist of, inter alia: “The name of the entity on whom the penalty is imposed.”


CLICK FOR PDF COPY


Further Information:

  • Click here to read my first FOIA Request
  • Click here to read my second FOIA Request
  • Download List of “Unidentified Registered Entity” Dockets

Related Reports:

  • NERC Coverup Investigation Report
  • Transmission Vegetation Management Cover Up?
  • FERC Commissioner Cheryl LaFleur: Step Up on Grid Security or Step Down!
  • Electric Grid Cyber Cover-Up: More Details Emerging
  • These “Unidentified Registered Entities” Endangered the Electric Grid
  • PG&E endangered the grid – and tried to cover it up


Senator Joe Manchin
Senator Joe Manchin
Senator Lisa Murkowski
Senator Lisa Murkowski

News

  • How to Fix Electric Grid Security
  • U.S. Continues to Import Large Transformers from China
  • 60 Minutes – How secure is America’s electric grid?
  • COVERUP UPDATE: CIP Violation Database and FOIA Lawsuit
  • Q: How Did We Become So Vulnerable?
  • Rate Recovery: How Electric Customers Fund Industry Lobbying
  • Energy Sector Supply Chain Review – U.S. Department of Energy
  • Criminally Negligent Homicide in February 2021 Texas Blackout Deaths?
  • Chinese Transformer Threat Now Confirmed by Two Administrations
  • Secretary of Energy Advisory Board: Comments of Michael Mabee
  • Electricity Advisory Committee: Comments of Michael Mabee
  • How the electric utility industry torpedoed grid security
  • Chinese Transformer Complaint Filed with U.S. Government
  • U.S. Electric Grid Imports More Chinese Transformers in 2020 and 2021
  • Recent Grid Threats: Frank Gaffney and Michael Mabee Break It Down
  • Secret Penalties: The Electric Grid Is Making You Pay Their Fines
  • Government Misses the Boat on Grid Security – Again
  • Critical Electric Infrastructure – The Government Must Step Up
  • FERC Dismisses Texas Grid Collapse Complaint
  • FERC Office of Public Participation: End the Electric Industry Coverup
  • Testimony of Michael Mabee on SB 1606 – All Hazards Grid Security
  • Federal Complaint Filed on Texas Grid Collapse
  • We Are Plugged In To Life Support
  • Texas Blackout: The Unacceptable Outcome of a Foreseeable Event
  • Chinese Transformers in the Electric Grid: Lights Out For NYC?
  • Message to Governor Jennifer Granholm and the Department of Energy
  • Chinese Transformers in the Electric Grid
  • The U.S. Has 300 Chinese Large Power Transformers
  • Senator Murkowski Questions Cybersecurity Order Suspension
  • Grid Supply Chain Cybersecurity Order “Suspended”

Fund The Fight!


Subjects

Search Website

Subscribe for Updates!

Follow me on Twitter

Tweets by CivilDefenseBK

Click To Get Prepared!

The Civil Defense Book: Emergency Preparedness for a Rural or Suburban Community
The Civil Defense Book Get it now!

Subscribe for updates

Follow Me On Facebook

The Civil Defense Book

9 months ago

The Civil Defense Book
Bradford Clark Freeman, the last surviving member of Easy Company's Band of Brothers, dies at 97apple.news/AkFt2MfXqTCWTe4KGOFDOPg ... See MoreSee Less

Bradford Clark Freeman, the last surviving member of Easy Company's Band of Brothers, dies at 97 — CNN

apple.news

Bradford Clark Freeman, believed to be the last surviving original member of the historic World War II parachute infantry regiment of the US Army known as Easy Company, died Sunday in Columbus, Missis...
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

The Civil Defense Book

9 months ago

The Civil Defense Book
Here Comes the Sun—to End Civilizationwww.wired.com/story/sun-storm-end-civilization/ ... See MoreSee Less

Here Comes the Sun—to End Civilization

www.wired.com

Every so often, our star fires off a plasma bomb in a random direction. Our best hope the next time Earth is in the crosshairs? Capacitors.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Fund The fight!


©2023 Grid Security Now! | Theme by SuperbThemes