The electric industry says there is no “one size fits all solution.” They are wrong.
There has been a great deal or recent press on the lack of security of the electric grid. With the recent grid attacks in North Carolina, Nevada, Oregon and Washington state, most people have been surprised to learn about the almost 1000 physical attacks against the electric grid in the last decade and the general lack of security that exists.
The U.S. government has been concerned about the cybersecurity of the critical electric infrastructure since at least 2003; the security of the electric grid from physical threats since at least 1981; geomagnetic disturbance (GMD) threats since at least 1989; and electromagnetic pulse (EMP) threats since at least 1972. Moreover, we continue to see the impacts of extreme weather on our critical electric infrastructure every year and supply chain threats grow daily. In other words, we have been talking about securing our critical electric infrastructure for over four decades from the very threats we still face today.
Yet, despite decades of government knowledge of all these threats, today there are virtually no requirements for the electric grid to protect itself from known hazards. But it is a fact that electric utility industry lobbyists have successfully torpedoed grid security within the self-regulatory framework.
In fact, there is no one federal agency that has authority over the entire electric grid. Literally, there is nobody in charge of electric grid security! This is shocking to most people. It continues to be shocking to me, even after a decade of research.
The electric utility industry likes to use the talking point that there is no “one size fits all” solution to grid security (and, therefore, we should just leave it to them). They repeat this mantra over and over and over and try to make the grid security problem sound as complex and expensive as they possibly can to thwart any attempt to impose a government security mandate.
The electric utility industry is wrong: there is a “one size fits all” answer on how to fix electric grid security.
How to fix electric grid security:
First, because we literally cannot survive without electricity, we need to make protection of the electric grid against known hazards a mandatory federal requirement. Presently, grid security is voluntary, not mandatory. Presently, 100% of the risk is on us – the ratepayers, the citizens. If our electric grid suffers blackouts caused by the industry’s recalcitrance at defending against any of the above hazards, it’s all of us who suffer. The burden of this risk must shift from us, to them.
Second, we need to protect employees who are in a position to see, correct and report grid reliability and security issues. Presently, it is completely legal under federal law for an electric grid utility to fire an employee who reports violations of, for example, NERC reliability or critical infrastructure protection (CIP) standards.
These two simple, but critical, items are a “one size fits all” answer. They need to apply to all 3,000+ entities that comprise the electric grid. They must apply to all parts of the electric grid: generation, transmission and distribution.
- The Grid Security Act. This very simple provision (260 words) is based on what Congress enacted to address widespread corporate fraud in another self-regulatory environment (Wall Street) after the Enron debacle. Sections 302 and 404 of the Sarbanes-Oxley Act require that the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) of publicly traded companies certify annually (under civil and criminal penalties) that the company has adequate internal controls for disclosure and financial reporting. The Grid Security Act would require that the CEO of every company that owns or operates part of the electric grid certify annually that the entity has taken reasonably prudent measures to protect itself against known hazards. False or misleading certification could lead to criminal and civil liability.
- Electric Grid Whistleblower Protections. There is potential for problems in any self-regulatory regime. The government relies on employees who are in a position to see violations to be able to report them to their employer (or to regulators) without fear of reprisal. Presently, there is no federal law that would protect an employee who reported a cybersecurity or physical security issue, for example. A utility could legally fire an employee for reporting such a violation to the government. A bi-partisan whistleblower protection provision proposed by Senator Chuck Grassley (R-IA) and Senator Edward Markey (D-MA) in 2020 (which was derailed by COVID-19 and never brought to a vote) would provide these protections to employees of the electric grid.
These two provisions together, if enacted, would change the corporate culture of the electric utility industry and change the culture of the federal government. They would establish a baseline federal mandate and jurisdiction to protect the electric grid.
Tell your Representative and Senators how to fix electric grid security.
How do we get this done? You have to ask your elected officials to introduce and push for this legislation. Contact their office and try to set up a meeting or send them a letter.
- To find your U.S. Representative, go to the U.S. House of Representatives’ website by clicking here and enter in your zip code.
- To find your U.S. Senators, click here and click the map for your state.
Tell them that protection of the electric grid needs to be mandatory, and you know a way that this can be done. Give them copies of these two documents:
- Click HERE for a PDF copy of the Grid Security Act.
- Click HERE for a copy of the Electric Grid Whistleblower Protections.
We know how to fix electric grid security, but it will take citizens holding their elected officials accountable to get this done.
Will the Electric Utility Industry Fight This?
You bet they will.
As noted above, we have documented exactly how the electric industry has fought against grid security in the past by using their lobbyists and we can expect them to do it again.
To see just how much your elected representatives took from the industry – CLICK HERE.
We may not have the deep pockets of the utility industry to give Sierra-loads of money to politicians, but we have strength in numbers. It’s time for Americans to unite by getting smart on the issue of grid security, share the urgency with those who are unaware, and collaborate to pressure industry and government to protect this vital infrastructure.
Make your elected officials earn your vote.
Fortunately, there is a brand-new documentary that can help us do just that: Grid Down, Power Up is a film that you can watch and share and its website’s “participate” tab gives you more ways to get involved in the fight to Secure the Grid!
Here are some examples of what you can do:
- Click HERE for my January 16, 2023 letter to Congresswoman Kay Granger
- Click HERE for my January 16, 2023 letter to Senator John Cornyn
- Click HERE for my January 16, 2023 letter to Senator Ted Cruz