Grid Security Now!

Grid Security Now!

Michael Mabee – Author of The Civil Defense Book

Menu
  • Home
  • Library
    • Grid Security Library
      • Government Documents on Grid Security
      • OE-417 Electric Disturbance Events Database
      • CIP Violation Database
      • Database of Chinese Transformers and Equipment in the U.S. Electric Grid
      • Why Haven’t We Secured the Grid?
      • What is the Electric Grid and How is it Regulated?
      • Grid Protection Posts
      • Video (EMP and Grid Security)
    • Civil Defense Library
      • The cavalry is not coming
      • Civil Defense Posts
      • Video (Preparedness)
      • Civil Defense Checklists
  • In the Press
  • Take Action!
  • Fund The Fight!
  • About Me
    • About Michael
    • Interviews – Michael Mabee
    • Subscribe to Mike’s Blog
    • Contact Me
  • My Book
Menu
FERC Denies Physical Security Complaint

FERC Denies Grid Physical Security Complaint, BUT…

Posted on June 14, 2020June 14, 2020 by Michael Mabee

In an order that appears to be largely cut and pasted from the electric industry arguments, FERC denied my electric grid physical security complaint on June 9, 2020. However, FERC Commissioner McNamee filed a separate “concurring opinion” which reads like a dissent. Apparently, the physical security complaint struck a nerve.

Background of my Physical Security Complaint

By way of background, in 2014 the Federal Energy Regulatory Commission (FERC) ordered the grid’s self regulatory entity, the North American Electric Reliability Corporation (NERC) to draft the physical security standard. (You read that correctly: the electric sector writes is own standards—not the government.) This was the result of Congressional and media concern after spectacular physical attack against a PG&E transformer in Metcalf California in 2013 raising concerns about terrorism.

It is important to understand NERC and the electric sector did not want to write the standard—they were forced. Unfortunately, the resulting standard is weak and fraught with loopholes.

It is also important to note that, at the time I filed the physical security complaint, there had been 245 physical attacks on the grid since the standard became effective.

After discovering some disturbing inadequacies in the physical security of the electric grid, I filed a complaint with the FERC on January 29, 2020. My complaint alleged that the mandatory physical security standard for the electric grid (CIP-14-2) was grossly inadequate and rarely enforced. I provided detailed analysis of the standard and evidence to support my allegations. FERC opened Docket Number EL20-21-000 on the complaint and invited public comments and intervention. NERC and almost the entire electric industry vehemently opposed the complaint. Unfortunately, FERC Commissioners have frequently proven themselves unwilling to buck the industry – even on national security matters. Therefore, the easiest thing for them to do here was dismiss the complaint on a technicality. (It’s not that the physical security of the grid is adequate – it is that we already approved the standard and we see no reason to revisit it now.)

The Complaint and all the substantive filings in this docket are linked on the bottom of this page.

FERC’s Order Denying Physical Security Complaint

FERC’s Order denies the complaint for the reasons presented by NERC and the industry Trade Associations. In fact, parts of FERC’s order seem to mimic the exact same arguments submitted by the industry. For example, the FERC Order states:

Relying solely on the small number of filed violations is not a sufficient basis for us to conclude that Reliability Standard CIP-014-2 is not being enforced when it is equally plausible that the small number of violations could be attributed to industry compliance.

FERC Order at ¶20. Compare to NERC’s argument on page 16 of their filing, mimicked by one of the Trade Associations’ arguments (APPA, LPPC and TAPS) on page 4 of their filing . There are many other examples.

The other Trade Association filing (NRECA and EEI – whose members include corporations owned by the Government of the People’s Republic of China), tried to end their missive with a catchy phrase:

Reliability is not measured by the number of violations of standards or penalties filed at the Commission. Rather, reliability is measured by keeping the lights on.

Really? Well on September 10, 2001 domestic safety was measured by the lack of terrorist attacks. The Trade Associations miss (or ignore) the point: Let’s fix grid physical security before the lights go out.

Unfortunately, FERC fell right in line with the industry’s wishes and dismissed the complaint, largely on a technicality – there is no reason to revisit the physical security standard – what is done is done, and therefore it must be okay.

Commissioner McNamee’s “Dissenting Concurrence”

Departing FERC Commissioner Bernard L. McNamee filed a separate “concurring” opinion. Commissioner McNamee, who announced in January that he is leaving FERC after his term expires, talks in detail about the threats to the electric grid. I’m including his entire text below. I’ve highlighted a few parts, but the entire opinion is excellent.

(Issued June 9, 2020)

McNAMEE, Commissioner, concurring:

  1. The Commission’s order in this proceeding denies the Complaint alleging that Reliability Standard CIP-014-2 (Physical Security) is “inadequate” and that “enforcement of the mandatory physical security standard seems nonexistent.” The order also denies the Complaint’s request for an order from the Commission directing the North American Electric Reliability Corporation (NERC) to correct these alleged deficiencies. Though the Commission’s reasoning in denying the Complaint is correct as a matter of law, I write separately to encourage NERC, regulated entities and the Commission to continually reassess the security of all assets used for the generation, transmission and distribution of electricity.[1]

Cyber and Physical Threats Are Real

  1. The importance of electricity to the security and safety of the American people cannot be overstated. Virtually every aspect of our lives, our businesses, and our society depend on access to reliable and affordable electricity. Therefore, any realized threat to our electric system can have devastating effects on individuals, families, businesses, the economy and the nation. We know this; so do our adversaries.
  2. In the summer of 2018, then Director of National Intelligence Dan Coats stated, referencing the attacks on our country of September 11, 2001, that “the warning lights are blinking red again” and “the digital infrastructure that serves this country is literally under attack.”[2] We know that this referenced infrastructure includes our bulk power system. It has been publicly reported that nations such as Russia, China, Iran, and North Korea, as well as terrorist organizations and non-state actors, have attempted to and have the capability and intent to infiltrate our electrical systems, primarily through cyber-attacks.[3] There is also a growing awareness that we need to be concerned about the supply chain for software and equipment used in the electric industry.[4] The ability to remotely interfere with our electric system through cyber-attacks creates real threats to the physical operation of the grid. The Commission, NERC and regulated entities have been working to address these threats and must continue to do so.
  3. Physical attacks on electric infrastructure are also a real threat. For example, the event that prompted Reliability Standard CIP-014-2 (Physical Security) was the April 2013 physical attack on the Metcalf substation in San Jose, California. This attack involved individuals using rifles to target the 500 kV substation; seventeen transformers were damaged in the attack.[5] Similarly, in September 2016, an individual armed with a high-powered rifle successfully conducted a sniper attack in Utah, knocking out the Buckskin substation and causing a loss of power for 13,000 customers.[6]
  4. It is also recognized that remotely controlled unmanned aerial vehicles, or drones, can be employed to attack energy infrastructure. As an example, we only need to consider the public reports that drones were likely used to attack and damage oil refineries in Saudi Arabia in September, 2019.[7] We also need to be vigilant about the potential threat posed by various forms of electromagnetic pulse (EMP) when considering electric infrastructure security.[8]

President Executive Order

  1. Among other actions taken by Congress and the President, on May 1, 2020, President Trump issued an Executive Order on “Securing the United States Bulk-Power System.” In its preamble the Executive Order observes:

[F]oreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system, which provides the electricity that supports our national defense, vital emergency services, critical infrastructure, economy, and way of life. The bulk-power system is a target of those seeking to commit malicious acts against the United States and its people, including malicious cyber activities, because a successful attack on our bulk-power system would present significant risks to our economy, human health and safety, and would render the United States less capable of acting in defense of itself and its allies.[9]

  1. To address these threats, the Executive Order prohibits the purchase or use of equipment for the electric grid that was manufactured by an entity under the control of a foreign adversary or that poses a national security threat.

FERC and NERC Responses to Cyber and Physical Security

  1. Under the Energy Policy Act of 2005, FERC, along with NERC, oversees implementation and enforcement of mandatory reliability standards for both cyber and physical security in the bulk electric system.[10] Through the development of Critical Infrastructure Protection or CIP standards, we ensure that the assets that support the nation’s electricity supply comply with baseline standards for cyber and physical security. Though the Complaint at issue in this proceeding is denied, the work to secure the grid is ongoing.
  2. The threats to the grid are real and we must remain vigilant. FERC and NERC have been working with industry to establish standards. But standards are only the beginning. In addition to these baseline standards, FERC and NERC must also work collaboratively with industry to establish best practices in addressing these threats. It is up to everyone to be vigilant and proactive in preventing attacks and mitigating security risks. As a Commission we need to work continually with NERC and the regulated community to ensure that our electric grid is secure against cyber and physical attacks.

For these reasons, I respectfully concur.

______________________________

Bernard L. McNamee
Commissioner

[1] I recognize that the Commission does not have jurisdiction over the local distribution of electricity or the siting and permitting of generation facilities; but due to the interconnected nature of the electric system, it is important that regulated entities and regulators be cognizant of the fact that threats to any part of the system can be a threat to the entire electrical system.

[2] See National Public Radio, Transcript: Dan Coats warns of continuing Russian cyberattacks (Jul. 18, 2018), https://www.npr.org/2018/07/18/630164914/transcript-dan-coats-warns-of-continuing-russian-cyberattacks.

[3] Department of Energy, Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector at 20-23 (Aug. 2016), https://www.energy.gov/sites/prod/files/2017/01/f34/Cyber%20Threat%20and%20Vulnerability%20Analysis%20of%20the%20U.S.%20Electric%20Sector.pdf.

[4] See generally Reliability Standard CIP-013-1, Cybersecurity – Supply Chain Risk Management.

[5] Congressional Research Service, Physical Security of the U.S. Power Grid: High-Voltage Transformer Substations at 7 (Jun. 17, 2014), https://fas.org/sgp/crs/homesec/R43604.pdf.

[6] Peter Behr, Substation attack is new evidence of grid vulnerability, E&E News (Oct. 6, 2016), https://www.eenews.net/stories/1060043920.

[7] David Reid, Saudi Aramco reveals attack damage at oil production plants, CNBC ( Sep. 21, 2019), https://www.cnbc.com/2019/09/20/oil-drone-attack-damage-revealed-at-saudi-aramco-facility.html.

[8] See Executive Order No. 13865, 84 Fed. Reg. 12041 (2019); see also Department of Energy, Electromagnetic Pulse Resilience Action Plan (January 10, 2017), https://www.energy.gov/sites/prod/files/2017/01/f34/DOE%20EMP%20Resilience%20Action%20Plan%20January%202017.pdf.

[9] See Executive Order No.13920, 85 Fed. Reg. 26595 (2020).

[10] Energy Policy Act of 2005, Pub. L. No. 109-58, § 1211, 119 Stat. 941-46 (2005) (codified at 16 U.S.C. § 824o).


 

Physical Security Complaint

  • Click HERE for Formal Complaint of Michael Mabee in EL20-21-000
  • Click HERE for Supplemental Complaint of Michael Mabee in EL20-21-000
  • Click HERE for Federal Register Notice of Complaint
  • Click HERE for Federal Register Notice of Supplemental Complaint

Filings Supporting the Complaint

  • Click HERE for Motion to Intervene of Louisiana Public Service Commission
  • Click HERE for Motion to Intervene of Fred A. Reitman
  • Click HERE for Motion to Intervene of Former CIA Director R. James Woolsey
  • Click HERE for Motion to Intervene of New Hampshire Representative David Testerman
  • Click HERE for Motion to Intervene of Joseph A Voglund 
  • Click HERE for Motion to Intervene of the Town of Mont Vernon, New Hampshire
  • Click HERE for Motion to Intervene of Task Force on National and Homeland Security
  • Click HERE for Motion to Intervene of City of Franklin, NH Councilor Karen Testerman
  • Click HERE for Motion to Intervene of Timothy L Cimino
  • Click HERE for Motion to Intervene of the Foundation for Resilient Societies 
  • Click HERE for Motion of Michael Mabee for FERC to take Official Notice

Filings Opposing the Complaint

  • Click HERE for Motion to Intervene by NERC
  • Click HERE for Motion to Intervene by Edison Electric Institute and the National Rural Electric Cooperative Association
  • Click HERE for Protest of American Public Power Association, the Large Public Power Council, and Transmission Access Policy Study Group

 




 

News

  • How to Fix Electric Grid Security
  • U.S. Continues to Import Large Transformers from China
  • 60 Minutes – How secure is America’s electric grid?
  • COVERUP UPDATE: CIP Violation Database and FOIA Lawsuit
  • Q: How Did We Become So Vulnerable?
  • Rate Recovery: How Electric Customers Fund Industry Lobbying
  • Energy Sector Supply Chain Review – U.S. Department of Energy
  • Criminally Negligent Homicide in February 2021 Texas Blackout Deaths?
  • Chinese Transformer Threat Now Confirmed by Two Administrations
  • Secretary of Energy Advisory Board: Comments of Michael Mabee
  • Electricity Advisory Committee: Comments of Michael Mabee
  • How the electric utility industry torpedoed grid security
  • Chinese Transformer Complaint Filed with U.S. Government
  • U.S. Electric Grid Imports More Chinese Transformers in 2020 and 2021
  • Recent Grid Threats: Frank Gaffney and Michael Mabee Break It Down
  • Secret Penalties: The Electric Grid Is Making You Pay Their Fines
  • Government Misses the Boat on Grid Security – Again
  • Critical Electric Infrastructure – The Government Must Step Up
  • FERC Dismisses Texas Grid Collapse Complaint
  • FERC Office of Public Participation: End the Electric Industry Coverup
  • Testimony of Michael Mabee on SB 1606 – All Hazards Grid Security
  • Federal Complaint Filed on Texas Grid Collapse
  • We Are Plugged In To Life Support
  • Texas Blackout: The Unacceptable Outcome of a Foreseeable Event
  • Chinese Transformers in the Electric Grid: Lights Out For NYC?
  • Message to Governor Jennifer Granholm and the Department of Energy
  • Chinese Transformers in the Electric Grid
  • The U.S. Has 300 Chinese Large Power Transformers
  • Senator Murkowski Questions Cybersecurity Order Suspension
  • Grid Supply Chain Cybersecurity Order “Suspended”

Fund The Fight!


Subjects

Search Website

Subscribe for Updates!

Follow me on Twitter

Tweets by CivilDefenseBK

Click To Get Prepared!

The Civil Defense Book: Emergency Preparedness for a Rural or Suburban Community
The Civil Defense Book Get it now!

Subscribe for updates

Follow Me On Facebook

The Civil Defense Book

9 months ago

The Civil Defense Book
Bradford Clark Freeman, the last surviving member of Easy Company's Band of Brothers, dies at 97apple.news/AkFt2MfXqTCWTe4KGOFDOPg ... See MoreSee Less

Bradford Clark Freeman, the last surviving member of Easy Company's Band of Brothers, dies at 97 — CNN

apple.news

Bradford Clark Freeman, believed to be the last surviving original member of the historic World War II parachute infantry regiment of the US Army known as Easy Company, died Sunday in Columbus, Missis...
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

The Civil Defense Book

9 months ago

The Civil Defense Book
Here Comes the Sun—to End Civilizationwww.wired.com/story/sun-storm-end-civilization/ ... See MoreSee Less

Here Comes the Sun—to End Civilization

www.wired.com

Every so often, our star fires off a plasma bomb in a random direction. Our best hope the next time Earth is in the crosshairs? Capacitors.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Fund The fight!


©2023 Grid Security Now! | Theme by SuperbThemes