Grid Security Now!

Grid Security Now!

Michael Mabee – Author of The Civil Defense Book

Menu
  • Home
  • Library
    • Grid Security Library
      • Government Documents on Grid Security
      • OE-417 Electric Disturbance Events Database
      • CIP Violation Database
      • Grid Protection Posts
      • Video (EMP and Grid Security)
      • What is the Electric Grid and How is it Regulated?
    • Civil Defense Library
      • Civil Defense Posts
      • Video (Preparedness)
      • Civil Defense Checklists
  • Fund The Fight!
  • Take Action!
  • About Me
    • About Michael
    • My Book
    • Michael in the Press
    • Subscribe to Mike’s Blog
    • Interviews
    • My Friends
    • Contact Me
Menu
Duke Energy Take Action

Duke Energy Notice of Penalty Docket Shut Down!

Posted on August 30, 2019September 1, 2019 by Michael Mabee
Share the knowledge...Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Pin on Pinterest
Pinterest
Share on Reddit
Reddit
Email this to someone
email
Print this page
Print

 


Duke Energy was fined $10 million for cybersecurity violations – But you don’t have the right to know this!

Would the public be interested in knowing what company was issued a $10 million penalty for cybersecurity violations? Do we have a right to know if companies are endangering our lives, and if our government’s regulatory regime to protect us is effective?

Nope. Not according to the government.

The grid’s non-profit regulator, the North American Electric Reliability Corporation (NERC) imposed the $10 million penalty on January 25, 2019 against unnamed companies that committed 127 violations of Critical Infrastructure Protection (CIP) standards over several years. The press has since outed Duke Energy Corp. as the violator, but neither NERC nor the U.S. government have acknowledged this. The coverup remains.

Numerous citizens wrote to the Federal Energy Regulatory Commission (FERC) requesting the identity of just such a regulatory violator.  The answer from FERC? They refuse to listen to the citizens based on a technicality.

This means, the government has shut down the Duke Energy penalty case without officially revealing who the violator is. And this is not an isolated case.

Duke Energy is just one example in a massive coverup

Since  July of 2010 when the coverup began, there have been 255 regulatory penalty cases for violations of Critical Infrastructure Protection (CIP) standards. These cases have involved almost 1,500 violators and not one identity of a violator has been released to the public dockets. I have filed Freedom of Information Act (FOIA) requests for 253 of the 255 cases so far, but to date, FERC has only released the names of 4 of the violators to me under FOIA. For detailed information on my FOIA battle with all of the documents, click HERE. A few others have been outed by the press, but not one of the almost 1,500 CIP violators has been acknowledged by the government.

Why is this important to you? Because there is significant evidence that the regulatory system that protects our electric grid is broken. In order to determine whether they regulatory system is effective or not, the public, Congress, and state utility regulators need more information on who is violating CIP regulations – and what is being done about it.

Evidence that the regulatory system needs reform

Duke EnergyA review of the publicly available information on these dockets reveals troubling issues; however, without the disclosure of the names of the entities and the text of settlement agreements, it is impossible for the public to fully appreciate how standards violations by utilities place lives at risk. Here are some examples:

  • Since the Metcalf substation attack on PG&E on April 16, 2013, one would think that there would be utility focus on physical security for high voltage transformers – most of which are guarded only by a chain link fence and crossed fingers. So exactly how many enforcement actions would you guess there have been in the last 6 years for “CIP-014” physical security? Only four (4). (See this report for details.)
  • Many of the “penalties” result from settlement agreements (e.g., the “Unidentified Registered Entity” agrees to pay the “penalty” and in many cases does not admit fault for the violation). Without knowing the details of the settlement agreements, the public cannot adequately analyze the terms and penalties, or even identify offending utilities.
  • In some of the cases that were “settled,” the regulated entities were “uncooperative” (FERC Docket NP16-12-000) or “not fully transparent and forthcoming” (FERC Docket NP18-7-000). “Settling” with such bad actors raises many regulatory red flags and the public needs to analyze these FERC-approved transactions in more detail.
  • I have found numerous examples of non-CIP violations that have been redacted. For example, I have found at least four violations of vegetation management standards for transmission lines in the Western Interconnection – the same region where over 86 deaths occurred in the “Camp Fire” – the deadliest and most destructive wildfire in California history. This is the same region where a “regulated entity” (PG&E) has significant liability for wildfires. The public has a right to know who standard violators are, especially when the standards violations may have resulted in dozens of deaths.
  • The total penalties between July 2010 to August 2019 for CIP violations have been $35,825,920. Is this a large or small amount? Well, the electric utility industry spent $145,139,140 in lobbying and political contributions in 2018 alone. (So I’d say it is a small amount of penalties for a 9 year period.)

After this NERC cover up started in July of 2010, there has been less incentive to fix the grid security problems. That’s why disclosure is important. Why should utilities spend money to fix grave cybersecurity and physical security issues if they know that 1) if caught, the friendly regulator will “settle” the violation privately and the settlement agreement will be kept secret, 2) the utility can negotiate a trivial fine, and 3) the utility’s name will not be disclosed to the public?

We need citizen’s to take action!

Duke EnergyThe Secure The Grid Coalition is fighting to fix the electric grid’s broken regulatory scheme that is endangering all of us. We need your help.

On August 27, 2019, the Federal Energy Regulatory Commission published a “white paper” on the issue of disclosing the names of CIP violators. In an email FERC noted:

The Commission has recently received an unprecedented number of FOIA requests for non-public information in CIP NOPs.  Consistent with its regulations, Commission staff has released the identity of UREs in some limited cases where the Commission staff has determined that the release will not jeopardize the security of the Bulk-Power System if publicly disclosed.  The significant increase in FOIA requests for non-public information in CIP NOPs has raised security and transparency concerns within industry and the general public, which has prompted Commission and NERC staffs to re-evaluate the format of CIP NOPs filed with the Commission.  The current filing format, containing detailed violation information, when coupled with the potential release of URE identities, may not be achieving an appropriate balance of security and transparency.  The White Paper proposes a revised format that is intended to improve this balance.

FERC is accepting comments on this white paper (FERC Docket No. AD19-18-000) until September 26, 2019. We need to all let the Federal Energy Regulatory Commission (FERC) know that the security of the electric grid is critical – secret regulation and coverups are unacceptable to the public. As a citizen, you have the right to file a comment in this docket and be heard!

Tell the Commission in your letter that the public has the right to know the names of companies that violate the regulatory standards and we need sufficient details to make sure that the regulatory system is working!

The deadline to file on this docket is September 26, 2019 so write your letter today and submit it online to FERC Docket Number AD19-18-000, or mail it in to FERC (Be sure to include the Docket Number in your letter).

Submit to FERC online HERE (you need to register if this is your first time)

or, submit by mail:

Federal Energy Regulatory Commission
Kimberly D. Bose, Secretary
ATTN: Docket No. AD19-18-000
888 First Street, NE
Washington, DC 20426

###


Read More on the CIP Coverup:

  • CIP Coverup: The Proverbial Cat is Out of the Bag
  • UPDATED: CIP Violation Database and FOIAs
  • Regulatory Mutiny: The Grid Just Threatened FERC
  • Physical Security: The Electric Grid’s Dirty Little Secret
  • FERC Must Make A Choice
  • Grid Coverup: NERC’s “Double Secret Probation” of CIP Violators Continues
  • NERC’s “Cybersecurity Incident” Shell Game
  • NERC Coverup Investigation Report
  • Dear Senators Murkowski and Manchin…
  • Transmission Vegetation Management Cover Up?
  • FERC Commissioner Cheryl LaFleur: Step Up on Grid Security or Step Down!
  • Electric Grid Cyber Cover-Up: More Details Emerging
  • These “Unidentified Registered Entities” Endangered the Electric Grid
  • PG&E endangered the grid – and tried to cover it up
  • Now It’s a FERC Cover-Up
  • A NERC Cover-Up? Who Put the Electric Grid at Risk?



 

Share the knowledge...Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Pin on Pinterest
Pinterest
Share on Reddit
Reddit
Email this to someone
email
Print this page
Print

News

  • A Billion Reasons We Do Not Have Grid Security
  • Money Talks, Grid Security Walks
  • Critical Infrastructure Attacks Expose Regulatory Failures
  • Lawsuit: The Federal Government Must Secure The Grid
  • COVERUP UPDATE: CIP Violation Database and FOIAs
  • Securing America with Frank Gaffney: Threats to the Electric Grid
  • FERC: Who Will Be Responsible For All The Deaths If The Grid Goes Down?
  • Federal Energy Regulatory Commission Lays Down On The Job!
  • EMP Progress Report – A National Disgrace
  • EMP Ignorance Is Bliss – Dr. Peter Vincent Pry
  • China: EMP Threat – A New Report by Dr. Peter Pry
  • FERC Denies Grid Physical Security Complaint, BUT…
  • Secure the Grid Coalition Opposes Senate Bill S.3688
  • Electric Industry Lobbyist’s China Ties Questioned
  • Supply Chain Cybersecurity Complaint Filed with FERC
  • Executive Order 13920: Securing the United States Bulk-Power System
  • Electric Industry Wants to Defer Implementation of Cybersecurity
  • Electric Sector Protests Effective Grid Physical Security
  • Emergency Preparedness: Souhegan and Derry CERT
  • Coronavirus: Don’t Panic, Prepare!
  • New Hampshire Rep. David Testerman on Grid Physical Security
  • Former CIA Director James Woolsey on Grid Physical Security
  • Loopholes in Grid Physical Security Identified
  • FEMA’s Strategic Plan and the NDAA: A Perfect Fit
  • Greg Allison and Michael Mabee Talk Grid Security On YouTube
  • Complaint Filed About Inadequate Electric Grid Physical Security
  • Is the Tail Wagging The Dog in Grid Security?
  • Video: EMP Threat (KSNV News Las Vegas)
  • Why Thomas Popik should be a FERC Commissioner
  • “Wired for Greed: The Shocking Truth About America’s Electric Utilities”

Fund The Fight!


Subjects

Search Website

Subscribe for Updates!

Follow me on Twitter

Tweets by CivilDefenseBK

Click To Get Prepared!

The Civil Defense Book: Emergency Preparedness for a Rural or Suburban Community
The Civil Defense Book Get it now!

Subscribe for updates

Follow Me On Facebook

The Civil Defense Book

2 days ago

The Civil Defense Book
Kim Jong Un Offers a Rare Sneak Peek at North Korea’s Weapons Program: Leader says Pyongyang is developing military drones, a nuclear-powered submarine and surveillance satellites. apple.news/AEW8HnWOTS0Wk23aOI9fZ1g ...

Kim Jong Un Offers a Rare Sneak Peek at North Korea’s Weapons Program — The Wall Street Journal

apple.news

As President-elect Joe Biden prepares to take office, Kim Jong Un offered details on Pyongyang’s pipeline of military hardware during a rare Workers’ Party Congress meeting that ended this week.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

The Civil Defense Book

2 days ago

The Civil Defense Book
Iranian missiles land within 20 miles of ship, 100 miles from Nimitz strike group in Indian Ocean: officialsapple.news/AS2qoJtG7R2ewr5C5T7qYyw ...

Iranian missiles land within 20 miles of ship, 100 miles from Nimitz strike group in Indian Ocean: officials — Fox News

apple.news

EXCLUSIVE: Long-range missiles from Iran splashed down dangerously close to a commercial ship in the Indian Ocean Saturday and 100 miles from the Nimitz aircraft carrier strike group, Fox News has learned, in the latest example of rising tensions in the region.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Fund The fight!


©2021 Grid Security Now! | Theme by SuperbThemes