Grid Security Now!

Grid Security Now!

Michael Mabee – Author of The Civil Defense Book

Menu
  • Home
  • Library
    • Grid Security Library
      • Government Documents on Grid Security
      • OE-417 Electric Disturbance Events Database
      • CIP Violation Database
      • Grid Protection Posts
      • Video (EMP and Grid Security)
      • What is the Electric Grid and How is it Regulated?
    • Civil Defense Library
      • Civil Defense Posts
      • Video (Preparedness)
      • Civil Defense Checklists
  • Fund The Fight!
  • Take Action!
  • About Me
    • About Michael
    • My Book
    • Michael in the Press
    • Subscribe to Mike’s Blog
    • Interviews
    • My Friends
    • Contact Me
Menu

Electric Grid Cyber Cover-Up: More Details Emerging

Posted on January 2, 2019January 6, 2019 by Michael Mabee
Share the knowledge...Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Pin on Pinterest
Pinterest
Share on Reddit
Reddit
Email this to someone
email
Print this page
Print

.

.

More Details Emerging on the Electric Grid Cyber Cover-Up

The deeper we dive into the electric grid cyber cover-up, the more disturbing it becomes. In the last 5 years (2014-2018), there have been 53 Federal Energy Regulatory Commission (FERC) dockets involving 81 “Unidentified Registered Entities.”  These all allege violations of Critical Infrastructure Protection Standards (CIP Standards). Such violations could endanger the electric grid, however, the identities of the violators are being kept from the public. Here is a comprehensive list of the CIP violations with some data on each one. CLICK HERE FOR LIST.

There is a lot to digest.

First of all, none of the violators are identified. The North American Electric Reliability Corporation (NERC) has created a loophole whereby they bend the regulations to “protect the guilty” so that these companies do not have to be embarrassed. They are all simply called “Unidentified Registered Entities” or “UREs.” And FERC has allowed this to happen.

Next, each violation has a “Violation Risk Factor” and a “Violation Severity Level.” These seem to be somewhat subjective and it is not easy to find and compare this information.  According to NERC:

“A Violation Severity Level (VSL) is a post-violation measurement of the degree to which a Reliability Standard Requirement was violated (Lower, Moderate, High, or Severe). To establish a Base Penalty for a violation, NERC considers the VSL, together with a Violation Risk Factor, which represents the potential risk to reliability.”

So they are supposed to consider both the “Violation Severity Level” and the “Violation Risk Factor.” This is not easy for the public to audit because the information is hard to find and only exists in a form that makes analysis difficult. Is this by design? I wonder.

Also, many of the “penalties” result from settlement agreements (e.g., the “URE” agreed to pay the “penalty” and in many cases do not admit fault for the violation. How convenient).

Clearly, something smells very foul in a regulatory system where the public does not have access to information about regulatory actions which are approved by the United States government – FERC has to at least passively rubber-stamp all of these actions.

It’s bad enough that we have an electric grid cyber cover-up, but when you look at some of these “enforcement actions”, it paints a very weak regulatory picture.

Physical Security? Nope.

Here’s one example. Since the Metcalf transformer attack on April 16, 2013, you would think that there would be some focus on physical security of the high voltage transformers – most of which are guarded by a chain link fence and crossed fingers. So exactly how many enforcement actions would you guess there have been in the last 5 years for “CIP-014” physical security? Only one. (FERC Docket NP18-14-000.) How can this possibly be? Moreover, this is very difficult to see if you are a member of the public due to the electric grid cyber cover-up .

Some Bad Actors

There are a lot of substantial fines here, but two fines are bigger than the others.

We know that PG&E Corp (identified by a Freedom of Information Act request) was fined $2.7 million dollars in Docket NP18-7-000. a great quote from that one is:

“URE was not fully transparent and forthcoming with all pertinent information detailing the data exposed in the incident. Specifically, URE did not provide WECC initially with all the data fields exposed in the incident”

In other words, they lied.

Another interesting one is the $1,700,000 fine of an “Unidentified Registered Entity” announced on February 29, 2016 – FERC Docket NP16-12-000.

“URE was not cooperative throughout the compliance enforcement process, and ReliabilityFirst considered URE’s lack of cooperation as an aggravating factor in the penalty determination.”

and

“ReliabilityFirst considered 21 of the instant violations as repeat noncompliance with the subject NERC Reliability Standards…”

Self regulation at its best. I would note that both of these “big fines” (actually, quite paltry when you consider the risk that these violations exposed us all to) were settlement agreements. In other words, these already uncooperative and not so forthcoming entities agreed to pay these fines. Doesn’t seem like they hurt too much. And they still get to be an “URE” and not have their name revealed to the public!

As you know, we have filed a Freedom of Information Act (FOIA) request with FERC for the identities of these “Unidentified Registered Entities” – stay tuned as this battle unfolds.

CLICK HERE FOR THE LIST OF “Unidentified Registered Entities”

How to Read the Electric Grid Cyber Cover-Up Chart

I’m including a list and links below to the CIP standards (as of 12/31/2018) – there are also links on the electric grid cyber cover-up document. If you need a primer on what the electric grid is and how it is regulated, click here.

Regions. NERC delegates its enforcement authority to regional entities. So, on the chart under “Region” you will see the initials for one of the below regional entities. The map helps narrow down the geographic area.

Electric Grid Cyber Cover-Up
Data Source:
U.S. Energy Information Administration
  • Florida Reliability Coordinating Council (FRCC)
  • Midwest Reliability Organization (MRO)
  • Northeast Power Coordinating Council (NPCC)
  • ReliabilityFirst Corporation (RFC)
  • SERC Reliability Corporation (SERC)
  • Southwest Power Pool RE (SPP)
  • Texas Reliability Entity (TRE)
  • Western Electricity Coordinating Council (WECC)

In addition to the regional entities, the new NERC reliability assessment areas are a mixture of NERC reliability entities, entity sub-regions, regional transmission organizations and system operators. The map below illustrates these:

Electric Grid Cyber Cover-Up

Data Source:
U.S. Energy Information Administration
  • BASN – Basin (WECC)
  • CALN– California – North (WECC)
  • CALS – California – South (WECC)
  • DSW– Desert Southwest (WECC)
  • ERCOT – Electric Reliability Organization of Texas (TRE)
  • FRCC – Florida Reliability Coordinating Council
  • ISO-NE – ISO New England Inc (NPCC)
  • MAPP – Mid-Continent Area Power Pool
  • MISO – Midwest Independent Transmission System Operator, Inc
  • NORW – Northwest (WECC)
  • NYISO – New York Independent System Operator (NPCC)
  • PJM – PJM Interconnection
  • ROCK – Rockies (WECC)
  • SERC-E – SERC – East
  • SERC-N – SERC – North
  • SERC-SE – SERC – Southeast
  • SERC-W – SERC – West
  • SPP – Southwest Power Pool Regional Entity

Each violation has a “Violation Risk Factor” listed. You have to dig and find the “Violation Severity Level” to get the full picture (although the categories seem rather subjective). You also have to dig through multiple layers of documents to find the information I cobbled together on this chart. It contains both the “Violation Risk Factor” and “Violation Severity Level” side by side. Normally, one has to do a “NERC treasure hunt” to find this information piece by piece. This is the first time this information has been compiled in one place for analysis.

Several of us from the Secure the Grid Coalition are actively analyzing and working this issue. Subscribe to my blog to stay informed of our progress.

###

Download Electric Grid Cyber Cover-Up Chart

Download Underlying Regulatory Filings (Huge 11 MB File)

Subscribe to my blog for updates:

[email-subscribers namefield=”YES” desc=”” group=”Public”]



CIP standards (as of 12/31/2018)

StandardTitleRelated InformationStatus
CIP-003-7Cyber Security — Security Management ControlsRelated InformationSubject to Future Enforcement
CIP-005-6Cyber Security — Electronic Security Perimeter(s)Related InformationSubject to Future Enforcement
CIP-010-3Cyber Security — Configuration Change Management and Vulnerability AssessmentsRelated InformationSubject to Future Enforcement
CIP-013-1Cyber Security – Supply Chain Risk ManagementRelated InformationSubject to Future Enforcement
CIP-002-5.1aCyber Security — BES Cyber System CategorizationRelated InformationSubject to Enforcement
CIP-003-6Cyber Security – Security Management ControlsRelated InformationSubject to Enforcement
CIP-004-6Cyber Security – Personnel & TrainingRelated InformationSubject to Enforcement
CIP-005-5Cyber Security – Electronic Security Perimeter(s)Related InformationSubject to Enforcement
CIP-006-6Cyber Security – Physical Security of BES Cyber SystemsRelated InformationSubject to Enforcement
CIP-007-6Cyber Security – System Security ManagementRelated InformationSubject to Enforcement
CIP-008-5Cyber Security – Incident Reporting and Response PlanningRelated InformationSubject to Enforcement
CIP-009-6Cyber Security – Recovery Plans for BES Cyber SystemsRelated InformationSubject to Enforcement
CIP-010-2Cyber Security – Configuration Change Management and Vulnerability AssessmentsRelated InformationSubject to Enforcement
CIP-011-2Cyber Security – Information ProtectionRelated InformationSubject to Enforcement
CIP-014-2Physical SecurityRelated InformationSubject to Enforcement
CIP-001-0Sabotage Reporting Inactive
CIP-001-1Sabotage Reporting Inactive
CIP-001-1aSabotage Reporting Inactive
CIP-001-2aSabotage ReportingRelated InformationInactive
CIP-002-1Cyber Security – Critical Cyber Asset Identification Inactive
CIP-002-2Cyber Security – Critical Cyber Asset Identification Inactive
CIP-002-3(i)Cyber Security – Critical Cyber Asset IdentificationRelated InformationInactive
CIP-002-3(i)bCyber Security – Critical Cyber Asset IdentificationRelated InformationInactive
CIP-002-3Cyber Security – Critical Cyber Asset IdentificationRelated InformationInactive
CIP-002-3aCyber Security – Critical Cyber Asset Identification Inactive
CIP-002-3bCyber Security – Critical Cyber Asset IdentificationRelated InformationInactive
CIP-002-4Cyber Security – Critical Cyber Asset IdentificationRelated InformationInactive
CIP-002-4aCyber Security – Critical Cyber Asset IdentificationRelated InformationInactive
CIP-002-5Cyber Security – BES Cyber System CategorizationRelated InformationInactive
CIP-002-5_1Cyber Security — BES Cyber System CategorizationRelated InformationInactive
CIP-003-1Cyber Security – Security Management Controls Inactive
CIP-003-2Cyber Security – Security Management Controls Inactive
CIP-003-3Cyber Security – Security Management ControlsRelated InformationInactive
CIP-003-3aCyber Security — Security Management ControlsRelated InformationInactive
CIP-003-4Cyber Security – Security Management ControlsRelated InformationInactive
CIP-003-4aCyber Security — Security Management ControlsRelated InformationInactive
CIP-003-5Cyber Security – Security Management ControlsRelated InformationInactive
CIP-004-1Cyber Security – Personnel & Training Inactive
CIP-004-2Cyber Security – Personnel & Training Inactive
CIP-004-3Cyber Security – Personnel & TrainingRelated InformationInactive
CIP-004-3aCyber Security – Personnel & TrainingRelated InformationInactive
CIP-004-4Cyber Security – Personnel & TrainingRelated InformationInactive
CIP-004-4aCyber Security – Personnel & TrainingRelated InformationInactive
CIP-004-5Cyber Security – Personnel & TrainingRelated InformationInactive
CIP-004-5_1Cyber Security — Personnel & TrainingRelated InformationInactive
CIP-005-1Cyber Security – Electronic Security Perimeter(s) Inactive
CIP-005-1aCyber Security – Electronic Security Perimeter(s) Inactive
CIP-005-2Cyber Security – Electronic Security Perimeter(s) Inactive
CIP-005-2aCyber Security – Electronic Security Perimeter(s) Inactive
CIP-005-3Cyber Security – Electronic Security Perimeter(s) Inactive
CIP-005-3aCyber Security – Electronic Security Perimeter(s)Related InformationInactive
CIP-005-4aCyber Security – Electronic Security Perimeter(s)Related InformationInactive
CIP-006-1Cyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-1aCyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-1bCyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-1cCyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-2Cyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-2aCyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-2bCyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-2cCyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-3Cyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-3aCyber Security – Physical Security of Critical Cyber Assets Inactive
CIP-006-3cCyber Security – Physical Security of Critical Cyber AssetsRelated InformationInactive
CIP-006-3dCyber Security – Physical Security of Critical Cyber AssetsRelated InformationInactive
CIP-006-4cCyber Security – Physical Security of Critical Cyber AssetsRelated InformationInactive
CIP-006-4dCyber Security – Physical Security of Critical Cyber AssetsRelated InformationInactive
CIP-006-5Cyber Security – Physical Security of BES Cyber SystemsRelated InformationInactive
CIP-007-1Cyber Security – Systems Security Management Inactive
CIP-007-2Cyber Security – Systems Security Management Inactive
CIP-007-2aCyber Security – Systems Security Management Inactive
CIP-007-3aCyber Security — Systems Security ManagementRelated InformationInactive
CIP-007-3bCyber Security — Systems Security ManagementRelated InformationInactive
CIP-007-4aCyber Security — Systems Security ManagementRelated InformationInactive
CIP-007-4bCyber Security — Systems Security ManagementRelated InformationInactive
CIP-007-5Cyber Security – System Security ManagementRelated InformationInactive
CIP-008-1Cyber Security – Incident Reporting and Response Planning Inactive
CIP-008-2Cyber Security – Incident Reporting and Response Planning Inactive
CIP-008-3Cyber Security – Incident Reporting and Response PlanningRelated InformationInactive
CIP-008-4Cyber Security – Incident Reporting and Response PlanningRelated InformationInactive
CIP-009-1Cyber Security – Recovery Plans for Critical Cyber Assets Inactive
CIP-009-2Cyber Security – Recovery Plans for Critical Cyber Assets Inactive
CIP-009-3Cyber Security – Recovery Plans for Critical Cyber AssetsRelated InformationInactive
CIP-009-4Cyber Security – Recovery Plans for Critical Cyber AssetsRelated InformationInactive
CIP-009-5Cyber Security – Recovery Plans for BES Cyber SystemsRelated InformationInactive
CIP-010-1Cyber Security – Configuration Change Management and Vulnerability AssessmentsRelated InformationInactive
CIP-011-1Cyber Security – Information ProtectionRelated InformationInactive
CIP-014-1Physical SecurityRelated InformationInactive
CIP-012-1Cyber Security – Communications between Control Centers Filed and Pending Regulatory Approval

Title: Electric Grid Cyber Cover-Up

Share the knowledge...Tweet about this on Twitter
Twitter
Share on Facebook
Facebook
Share on LinkedIn
Linkedin
Pin on Pinterest
Pinterest
Share on Reddit
Reddit
Email this to someone
email
Print this page
Print

News

  • A Billion Reasons We Do Not Have Grid Security
  • Money Talks, Grid Security Walks
  • Critical Infrastructure Attacks Expose Regulatory Failures
  • Lawsuit: The Federal Government Must Secure The Grid
  • COVERUP UPDATE: CIP Violation Database and FOIAs
  • Securing America with Frank Gaffney: Threats to the Electric Grid
  • FERC: Who Will Be Responsible For All The Deaths If The Grid Goes Down?
  • Federal Energy Regulatory Commission Lays Down On The Job!
  • EMP Progress Report – A National Disgrace
  • EMP Ignorance Is Bliss – Dr. Peter Vincent Pry
  • China: EMP Threat – A New Report by Dr. Peter Pry
  • FERC Denies Grid Physical Security Complaint, BUT…
  • Secure the Grid Coalition Opposes Senate Bill S.3688
  • Electric Industry Lobbyist’s China Ties Questioned
  • Supply Chain Cybersecurity Complaint Filed with FERC
  • Executive Order 13920: Securing the United States Bulk-Power System
  • Electric Industry Wants to Defer Implementation of Cybersecurity
  • Electric Sector Protests Effective Grid Physical Security
  • Emergency Preparedness: Souhegan and Derry CERT
  • Coronavirus: Don’t Panic, Prepare!
  • New Hampshire Rep. David Testerman on Grid Physical Security
  • Former CIA Director James Woolsey on Grid Physical Security
  • Loopholes in Grid Physical Security Identified
  • FEMA’s Strategic Plan and the NDAA: A Perfect Fit
  • Greg Allison and Michael Mabee Talk Grid Security On YouTube
  • Complaint Filed About Inadequate Electric Grid Physical Security
  • Is the Tail Wagging The Dog in Grid Security?
  • Video: EMP Threat (KSNV News Las Vegas)
  • Why Thomas Popik should be a FERC Commissioner
  • “Wired for Greed: The Shocking Truth About America’s Electric Utilities”

Fund The Fight!


Subjects

Search Website

Subscribe for Updates!

Follow me on Twitter

Tweets by CivilDefenseBK

Click To Get Prepared!

The Civil Defense Book: Emergency Preparedness for a Rural or Suburban Community
The Civil Defense Book Get it now!

Subscribe for updates

Follow Me On Facebook

The Civil Defense Book

4 days ago

The Civil Defense Book
Russia, Iran and China exploit Capitol Hill riot to push information operations, US intel concludeswww.cyberscoop.com/capitol-riot-russia-china-iran-biden-inauguration/ ...

Russia, Iran and China exploit Capitol Hill riot to push information operations, US intel concludes - CyberScoop

www.cyberscoop.com

As America reels from the deadly Capitol Hill insurrection, Russia, Iran and China are using their state media mouthpieces to exploit U.S. divisions and further their interests ahead of Joe Biden’s inauguration, according to a new U.S. intelligence analysis obtained by CyberScoop. The Jan. 14 inte...
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

The Civil Defense Book

6 days ago

The Civil Defense Book
Kim Jong Un Offers a Rare Sneak Peek at North Korea’s Weapons Program: Leader says Pyongyang is developing military drones, a nuclear-powered submarine and surveillance satellites. apple.news/AEW8HnWOTS0Wk23aOI9fZ1g ...

Kim Jong Un Offers a Rare Sneak Peek at North Korea’s Weapons Program — The Wall Street Journal

apple.news

As President-elect Joe Biden prepares to take office, Kim Jong Un offered details on Pyongyang’s pipeline of military hardware during a rare Workers’ Party Congress meeting that ended this week.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Fund The fight!


©2021 Grid Security Now! | Theme by SuperbThemes