Grid Security Now!

Grid Security Now!

Michael Mabee – Author of The Civil Defense Book

Menu
  • Home
  • Library
    • Grid Security Library
      • Government Documents on Grid Security
      • OE-417 Electric Disturbance Events Database
      • CIP Violation Database
      • Grid Protection Posts
      • Video (EMP and Grid Security)
      • What is the Electric Grid and How is it Regulated?
    • Civil Defense Library
      • The cavalry is not coming
      • Civil Defense Posts
      • Video (Preparedness)
      • Civil Defense Checklists
  • Fund The Fight!
  • Take Action!
  • About Me
    • About Michael
    • My Book
    • Michael in the Press
    • Subscribe to Mike’s Blog
    • Interviews
    • My Friends
    • Contact Me
Menu
Michael Mabee in the press

Michael Mabee in the Press

 


The Press Goes to Michael Mabee on grid security:

E&E News
February 3, 2021
What to watch for cybersecurity in Biden’s first 100 days

Biden’s decision to suspend the order for 90 days and instruct DOE and the Office of Management and Budget to consider a replacement met with mixed reactions.

Scott Aaronson, vice president for security and preparedness at EEI, praised Biden’s order, saying the move provides more time to get new DOE officials up to speed.

Grid security advocate Michael Mabee said he was “very concerned” that the order was suspended.

“The electric utility industry, as well as the regulators FERC and NERC have been behind the eight ball on supply chain cybersecurity for years,” Mabee said in an email. “And this is a position the United States can’t afford to be in. Now is not the time to suspend supply chain cybersecurity measures.”


S&P Global
June 12, 2020
FERC rejects complaint seeking revamp of grid physical security measures

But Mabee asserted that “nobody with regulatory authority even has to even approve [the security plan] — all you need is somebody to ‘review’ it … That unapproved three-ring binder of papers is what is standing between the United States and a catastrophic widespread power outage caused by a terrorist attack.”

Mabee said in a June 11 interview that he was “very disappointed” with FERC’s decision not to do more to protect against physical threats. “Right now, the electric grid is highly vulnerable to physical attacks and the CIP standard presently only covers a very, very small portion of that,” the blogger said.


POWER Magazine
April 22, 2020
FERC Orders Delayed Implementation of NERC Reliability Standards

FERC also received a single protest, filed by Michael Mabee, a private citizen who is a member of the ad hoc Secure the Grid Coalition. Mabee decried the three-day response period as “unreasonably” short. He also argued that because the U.S. government, NERC, and the electric industry have been aware of a pandemic threat for years, it should have been prepared. “If the Commission believes it must grant the requested relief, then this is evidence that the industry was not adequately prepared for a pandemic,” he wrote. “Therefore, if granting the requested relief, the Commission should also direct NERC to develop a CIP standard for pandemic and biological hazard preparedness.”


Washington Post: The Cybersecurity 202
December 3, 2019
Activist wants court to name and shame electric utilities for violating cybersecurity rules

“Everybody in the United States is dependent on electricity, but we’re being told by the regulators we don’t have a right to know whether our electricity provider is obeying the rules,” Mabee told me. “If there’s unsafe food, we all hear don’t eat spinach from ABC company … But, when it comes to the electric grid, any company that violates critical infrastructure protection regulations gets their name withheld.”

“The Chinese and the Russians may very well have malware planted in the U.S. electric grid and they might be able to turn it off,” Mabee told me. “[But] right now we’re very unsafe because there’s no incentive for these companies to do more than the minimum.”


E&E News
November 19, 2019
Lawsuit: FERC concealing utilities that broke cyber rules

“We need to have transparency and accountability,” Mabee told E&E News in an interview yesterday. “People need to know if the company they depend on for electricity is a serial violator of these standards.”

“When you’re fighting the bureaucracy, and the entire electric utility industry is fighting your FOIAs, it sometimes can be discouraging,” said Mabee, whose background in the U.S. military includes two combat tours in Iraq. “It really, really encouraged me that you can go to your elected officials, and they’ll take a look at your issue and jump in.”

“I’ve been very open about why I’m doing this and what I’m after,” Mabee said. “And what I’m after is that the names of regulatory violators get released.”


Inside Cybersecurity
September 30, 2019
Energy regulators’ proposal to name violators of cyber standards complicated by cost, liability concerns

According to records examined by the security blogger and military veteran Michael Mabee, since 2010, NERC has been routinely concealing the identity of violators in the notices, listing them instead as “Unidentified Registered Entities.” In previous years, going back to 2008, NERC consistently named the entities, in addition to providing specific details, such as whether the “violation risk factor” was low, medium or high; the date mitigating actions were completed; how the violation was discovered — self-reported or through audit; and whether entities were “uncooperative” in settlement agreements.

In the first comment filed with the commission on the proposal, Mabee argues simply adding the name of the violator to all the information that’s currently available, “is not going to suddenly make all this publicly available information CEII,” especially since the violations are mitigated before they are revealed.

In this vein, he noted the potential consequence of companies dragging out “their mitigation plan for a long period of time — even years — in an effort to delay their name being exposed as a CIP violator.”

Overall, he said withholding penalty details by default would thwart their “use in statistical analysis” and “the White Paper proposal does not contain enough public information to allow for public, investor, Congressional and state scrutiny and evaluation of the violators and the regulatory system — activities that are critical to the security of the bulk power system.”


Wall Street Journal
September 6, 2019
Regulator Weighs Disclosing Names of Utilities That Violate Grid Security Rules

Michael Mabee, a New Hampshire security blogger who has pushed for fuller disclosure, said that “getting the names of the violators is a huge victory,” but he wants to know the identities of past violators too, and doesn’t think that information should be withheld because vulnerabilities are required to be fixed, when discovered.

Mr. Mabee previously filed Freedom of Information Act requests for the release of unredacted penalty case documents, believing that public attention will make utilities focus harder on security.

A U.S. Army veteran, Mr. Mabee said he was sensitized to the importance of a secure electric grid after seeing what happens when a society suffers protracted blackouts and worries that U.S. utilities are lax about protecting their assets against attack. He said that lengthy blackouts tear at social structures, and said he witnessed the effects in two tours of duty in Iraq, in providing humanitarian assistance to Guatemala after a hurricane and after being in Manhattan during the terrorist attacks of 2001 and in the Northeast after a major blackout in 2003.

“It’s like a Forrest Gump thing, where I’ve been present to witness so many disasters,” he said. “I took an oath to defend America and I see threats to the grid as a major threat against our country.”


Wall Street Journal
April 4, 2019
PG&E Among Utilities Cited for Failing to Protect Against Cyber and Physical Attacks

Security researcher and blogger Michael Mabee, who has asked FERC to identify utilities associated with more than 200 penalty cases, said the regulatory system needs fixing, and “the only way for that to happen is by shining the light of day on it.”

Mr. Mabee also said penalties negotiated through settlement agreements are too low. So far, they have not been made public.


Law360
February 19, 2019
FERC Pressured To Disclose Cybersecurity Violators

Michael Mabee of Secure the Grid Coalition filed a separate motion asking FERC to disclose the subjects of nearly 200 cases resolved between five years and nine years ago, and is also in the process of penning a request for the identity of the record-setting settlement.

Public Citizen’s motion claimed disclosure would benefit state regulators and other local watchdogs, the public and even the industry. Mabee’s filing echoed concerns about public awareness and added that the secrecy appears legally unjustified.

“FERC needs to shine a light on utility violations that place the public at risk of long‐term and widespread electric grid outage from cyberattack and other deliberate actions of foreign adversaries,” Mabee’s motion said.

Mabee said potentially successful attacks like Russia’s undermine NERC’s primary reason for shielding companies where regulators find bad security practices — to protect that entity from further attack.

“If keeping the names of violators private was going to help, one would think it would have helped by now,” Mabee told Law360. “The public should be able to take a look at who the violators are and who the repeat violators are to evaluate the issue.”

Mabee compiled FERC data that shows out of 243 cases between 2010 and 2018, 1,465 energy entities violated the government’s critical infrastructure standards. The agency did not identify any of them.

He asked FERC to force NERC to name the companies involved in dockets that are five years or older — the regulatory limit, he said, for their confidential designation. In his request, Mabee claimed regulators have been abusing the rule that allows them to shield specific engineering, vulnerability or detailed design information that, if disclosed, could help someone attack the grid.

“NERC has been basically twisting the language and the definitions to have an excuse to not release these things,” Mabee said.


Wall Street Journal
August 24, 2018
PG&E Identified as Utility That Lost Control of Confidential Information

PG&E’s identity was revealed because of a Freedom of Information Act request filed to FERC by Secure the Grid Coalition, a nonprofit group focused on critical infrastructure protection. Michael Mabee, a New Hampshire representative of the group, said he petitioned for the information, because he thought it was “disturbing and wrong” for federal officials to protect a utility whose actions endangered the public.


Articles:

DomPrep Journal – Domestic Preparedness
December 2019
“The Electric Grid – Overcoming Vulnerability”

The Epoch Times
October 11, 2019
“Blackouts & Cover Ups: Why ALL Americans Must Work to ‘Secure the Grid’”

DomPrep Journal – Domestic Preparedness
September 2019
“Life Support – Ensuring Proper Regulation of the Electric Grid”


Cited in:

The Epoch Times
May 5, 2020
“As Trump Calls for Grid Security, Will Utilities Break With Beijing?”

DomPrep Journal – Domestic Preparedness
January 2020
“Small Steps Toward Long-Term Power Outage Preparedness”

The Lincoln County News
September 28, 2019
“Fair Urges All to Prepare, for Storms or ‘Apocalypse’”

The Epoch Times
June 5, 2019
“30 Years After Tiananmen: Is Communist China Crushing the Effort to Secure America’s Electric Grid?”

Journal of Civil Defense
2018, Volume 51, Issue 1
“Children and Civil Defense” (Also available HERE)


Cited in Federal Register Notices:

  • March 10, 2021 Complaint of Michael Mabee Related to Reliability Standards; Notice of Complaint
  • May 20, 2020 Complaint of Michael Mabee Related to Critical Infrastructure Protection Reliability Standards; Notice of Complaint
  • February 28, 2020 Complaint of Michael Mabee Related to Critical Infrastructure Reliability Standard; Notice of Supplemented Complaint
  • February 12, 2020 Complaint of Michael Mabee Related to Critical Infrastructure Reliability Standard; Notice of Complaint
  • October 26, 2018 Supply Chain Risk Management Reliability Standards
  • July 31, 2018 Cyber Security Incident Reporting Reliability Standards

Behind The Electric Industry’s Paywall:

(I wonder what they said about me…)


Click here for Michael’s Bio



News

  • Testimony of Michael Mabee on SB 1606 – All Hazards Grid Security
  • COVERUP UPDATE: CIP Violation Database and FOIAs
  • Federal Complaint Filed on Texas Grid Collapse
  • We Are Plugged In To Life Support
  • Texas Blackout: The Unacceptable Outcome of a Foreseeable Event
  • Chinese Transformers in the Electric Grid: Lights Out For NYC?
  • Message to Governor Jennifer Granholm and the Department of Energy
  • Chinese Transformers in the Electric Grid
  • The U.S. Has 300 Chinese Large Power Transformers
  • Senator Murkowski Questions Cybersecurity Order Suspension
  • Grid Supply Chain Cybersecurity Order “Suspended”
  • A Billion Reasons We Do Not Have Grid Security
  • Money Talks, Grid Security Walks
  • Critical Infrastructure Attacks Expose Regulatory Failures
  • Lawsuit: The Federal Government Must Secure The Grid
  • Securing America with Frank Gaffney: Threats to the Electric Grid
  • FERC: Who Will Be Responsible For All The Deaths If The Grid Goes Down?
  • Federal Energy Regulatory Commission Lays Down On The Job!
  • EMP Progress Report – A National Disgrace
  • EMP Ignorance Is Bliss – Dr. Peter Vincent Pry
  • China: EMP Threat – A New Report by Dr. Peter Pry
  • FERC Denies Grid Physical Security Complaint, BUT…
  • Secure the Grid Coalition Opposes Senate Bill S.3688
  • Electric Industry Lobbyist’s China Ties Questioned
  • Supply Chain Cybersecurity Complaint Filed with FERC
  • Executive Order 13920: Securing the United States Bulk-Power System
  • Electric Industry Wants to Defer Implementation of Cybersecurity
  • Electric Sector Protests Effective Grid Physical Security
  • Emergency Preparedness: Souhegan and Derry CERT
  • Coronavirus: Don’t Panic, Prepare!

Fund The Fight!


Subjects

Search Website

Subscribe for Updates!

Follow me on Twitter

Tweets by CivilDefenseBK

Click To Get Prepared!

The Civil Defense Book: Emergency Preparedness for a Rural or Suburban Community
The Civil Defense Book Get it now!

Subscribe for updates

Follow Me On Facebook

The Civil Defense Book

3 days ago

The Civil Defense Book
Testimony of Michael Mabee on Texas SB 1606 – All Hazards Grid Securitymichaelmabee.info/testimony-of-michael-mabee-on-sb-1606-all-hazards-grid-security/ ...

Testimony of Michael Mabee on SB 1606 – All Hazards Grid Security

michaelmabee.info

Testimony of Michael Mabee on SB 1606 – All Hazards Grid Security. After the 2021 Texas blackout, Texas must take action.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

The Civil Defense Book

5 days ago

The Civil Defense Book
Charles Coolidge, Medal of Honor Recipient Who Fought Boldly in WWII, Dead at 99www.military.com/daily-news/2021/04/08/charles-coolidge-medal-of-honor-recipient-who-fought-boldl... ...

Charles Coolidge, Medal of Honor Recipient Who Fought Boldly in WWII, Dead at 99

www.military.com

Charles Coolidge, one of the nation's most storied World War II veterans and a Medal of Honor recipient, has died at the age of 99.
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Fund The fight!


©2021 Grid Security Now! | Theme by SuperbThemes