But, we just won round two against the grid coverup
A year ago, I began reporting on and filing objections to a grid coverup involving a Critical Infrastructure Protection (CIP) standards. Specially, it all started with a 2.7 million dollar Notice of Penalty against an “Unidentified Registered Entity” of the electric grid. The North American Electric Reliability Corporation (NERC) – the alleged “regulator” for the electric grid – covered up the name. And the Federal Energy Regulatory Commission (FERC) – the federal agency responsible to oversee NERC – looked the other way on this grid coverup.
This incident triggered a year-long investigation. You can read the complete details of the investigation here: NERC Coverup Investigation Report. Our investigation revealed that between 2010 and 2018, there had been 243 FERC dockets involving 1465 “Unidentified Registered Entities.” In other words, the names of 1465 CIP violators were kept from the public view.
NERC’s “Double Secret Probation” of CIP violators is ongoing
Unfortunately, the coverup continues unabated. In 2019 (as of this writing) the CIP violations continue to have the names of the violators withheld from the public. The recent $10 million dollar Notice of Penalty is a prime example. Filed against an “unidentified” set of “companies,” the press soon reported that the culprit was Duke Energy Corp (NYSE ticker: DUK). But FERC has not acknowledged the name in the public docket! (See my Motion to Intervene in FERC Docket NP19-4-000.) FERC continues to allow the electric grid to engage in secret regulatory actions away from the scrutiny of the American public.
NERC’s “Double Secret Probation” of the CIP violators is just wrong on every level. Why? Because secret regulation has not worked.
We know for a fact the at the Russians and the Chinese have been in our electric grid for over a decade:
So, if keeping the names of the CIP violators from the public was going to make us safer, wouldn’t it have worked by now? Clearly, our safety is not the point of hiding the names. NERC’s “Double Secret Probation” grid coverup is happening because that is what the companies of the electric grid want – anonymity and cover.
The electric utility industry does not want to be held accountable for cybersecurity – it is simply “too burdensome” to be accountable to the American people. And NERC does not want to be held accountable for their failed regulatory scheme. If the grid gets taken down, all industry fingers are going to point to FERC: “We just did what you allowed us to do!”
Who will be responsible for all the deaths?
I recently criticized Cheryl A. LaFleur – the longest serving Commissioner of FERC – for failing to take action to protect the U.S. electric grid in her 8 1/2 year tenure. Chairman Neil Chatterjee, Commissioner Bernard McNamee and Commissioner Richard Glick I have a question: If the grid goes down and millions of Americans die (see Senate report here), who is responsible?
Are the FERC Commissioners responsible?
Is NERC responsible?
Is the electric utility industry responsible?
I suspect the answer will be none of the above. Nobody will be take responsibility if we have a horrible catastrophe. Fingers will point in every direction. “Blue ribbon panels” will be appointed to investigate and ultimately, the results won’t matter to the millions of dead Americans and their dead families.
We need somebody to step up and take responsibility to protect the American people now. FERC – this is your cue: Stop the industry coverup and let’s have open and transparent regulation of Critical Infrastructure Protection (CIP) Standards!
The main beneficiaries of this failed secret regulatory system have been the Russian, Chinese, North Korean and Iranian governments and their state-sponsored hackers. I think it is high time to kick them all out of our grid.
The American people win round two
After uncovering the extent of the coverup last year, I’ve filed three more FOIA requests:
I filed the third one because NERC and the electric utility industry objected to the release of the names of the CIP violators in the first two FOIA requests. In other words, NERC and the the multi-billion dollar electric utility industry are fighting me to prevent having the names of regulatory violators revealed to the 326 million people that the industry is endangering!
But, on February 28, 2019, the Federal Energy Regulatory Commission sided with the American people and decided:
Based on my application of the various factors discussed above, I determine that the disclosure of the name of the URE is appropriate.
So starting Monday, the Federal Energy Regulatory Commission will begin disclosing the names of these regulatory violators to me a few at a time and I will be able to disclose them to the public HERE.
The fight is not over. Not by a long shot. FERC is still not disclosing the names in the public dockets and NERC will still cover up each and every new one. Unless I continue to file frequent FOIAs, the coverup will continue unabated.
You can take action to help fix this grid coverup
A regulatory scheme should not require FOIAs to get vital regulatory information to the public. We all need to let the Federal Energy Regulatory Commission (FERC) know that the security of the electric grid is critical – secret regulation and coverups are unacceptable to the public.
Senator Ron Johnson, Chairman of the Senate Committee on Homeland Security and Governmental Affairs, held this remarkable hearing along with Ranking Member Senator Gary Peters. Senator Johnson’s viewpoint is clear:
We have known about the existential threat posed by electromagnetic pulses (EMP) and geomagnetic disturbances (GMD) for decades. Because most people are either unaware of the danger, or view these as very low probability events, there has not been sufficient public pressure to take effective action to mitigate these threats. Instead, we establish commissions and study panels, conduct research, and develop plans to develop strategies. It is way past time to stop admiring this problem, and actually begin to do something concrete to protect our vulnerable electrical grid, control systems, and the ever-increasing array of electronic devices our society has become dependent upon.
According to Senator Johnson, the time for action is long overdue. And finally he is going to do something about it. At the beginning and the end of the hearing, he emphasized that Dr. George Baker’s written testimony contained action items and Senator Johnson gave “homework” to DHS, DOE, FERC and the electric industry to review Dr. George Baker’s action items and act on them.
Alas, it is still going to be a fight…
The electric grid still fights efforts to protect (ahem) the electric grid?
As hard as it is to believe, protecting the electric grid against EMP and GMD is not a unanimous action item. “The grid” itself is still trying to convince us that delay and a laissez-faire policy are the best course of action. In other words, according to “the grid,” the best course of action is inaction.
This dangerous attitude is exemplified by Scott Aaronson, Vice President for Security and Preparedness at the Edison Electric Institute. He actually said the following in open hearing:
But sound policy must be based on sound science. And it is for that reason that we appreciate the work of Electric Power Research Institute and North American Electric Reliability Corporation which informs industry as we pursue the right investments and operating posture to appropriately protect the energy grid.
Dude, seriously? You used the phrase “sound policy” in the same sentence as “North American Electric Reliability Corporation”??
And you used the phrase “sound science” in the same sentence as “Electric Power Research Institute”??
Reality Check: Out of the four biggest stumbling blocks to protecting the electric grid from EMP and GMD, the VP of Stumbling Block #4 just complimented Stumbling Blocks #2 and #3 for their work in doing delaying action on EMP and GMD protection – which has been ignored by Stumbling Block #1.
Down the regulatory rabbit-hole we go! Let’s review the stumbling blocks to protecting the electric grid from EMP and GMD:
I have previously discussed in detail why the past 15 years of Federal Energy Regulatory Commission (FERC) Commissioners are part of the problem. (Read it HERE.) I have also discussed in detail the regulatory failings and coverups that have punctuated NERC’s reign as the alleged “Electric Reliability Organization” (ERO). (Read it HERE, HERE, and HERE… and there are oh so many more on the subject.) So let me expend a little ink now on stumbling blocks #3 (EPRI) and #4 (EEI).
EPRI and EEI are thinly veiled electric industry lobbying arms
The Edison Electric Institute (EEI) and the Electric Power Research Institute (EPRI) sound like legitimate research institutions. but caveat emptor. In their own words:
The Edison Electric Institute (EEI) is the association that represents all U.S. investor-owned electric companies. Our members provide electricity for about 220 million Americans, and operate in all 50 states and the District of Columbia. As a whole, the electric power industry supports more than 7 million jobs in communities across the United States. In addition to our U.S. members, EEI has more than 65 international electric companies with operations in more than 90 countries, as International Members, and hundreds of industry suppliers and related organizations as Associate Members.
Organized in 1933, EEI provides public policy leadership, strategic business intelligence, and essential conferences and forums.
In other words, EEI is an electric industry lobbying group!
The Electric Power Research Institute (EPRI) conducts research, development, and demonstration projects for the benefit of the public in the United States and internationally. As an independent, nonprofit organization for public interest energy and environmental research, we focus on electricity generation, delivery, and use in collaboration with the electricity sector, its stakeholders and others to enhance the quality of life by making electric power safe, reliable, affordable, and environmentally responsible.
Hmmm. This sounds legit! That is, until you dig deeper. Who are the members of EPRI and is it really “independent”?
EPRI has collaborated with the electricity sector and its stakeholders since 1972 and our membership has grown to represent approximately 90% of the electric utility revenue generated in the United States and extends to participation in more than 35 countries. The worldwide membership that supports our work comprises more than 1,000 organizations. While most members are electric utilities, others are businesses, government agencies, regulators and public or private entities engaged in some aspect of the generation, delivery, or use of electricity.
The by-laws of EPRI provide that members pay for their membership – nothing wrong with that, but remember that, according to EPRI, “most members are electric utilities.” So a good hunk of EPRI’s funding comes from – you guessed it – the electric utility industry.
In other words, EPRI is an electric industry lobbying group!
For years EPRI and EEI have been proponents of “further study” when it comes to EMP and GMD. This is what Senator Johnson refers to as “admiring this problem.” It has become more and more clear over the years that EPRI and EEI have been stumbling blocks to action on EMP and GMD.
Mr. Aaronson’s written testimony was no disappointment in this regard – EEI still advocates that we “admire the problem” more:
Because the effects of an EMP attack on the energy grid are not understood sufficiently or remain classified, crafting appropriate mitigations and making business-risk decisions to address EMP threats require more research to better understand how EMPs could impact the grid; inform the development of EMP-resistant grid components; and develop best practices to help limit the impact of these threats.
Not understood? We have two decades of public studies, hearings and federal reports (click HERE for a list) bringing our “understanding” of these threats to a ridiculously high level. And the military has known about and studied EMP since 1962. It is simply negligence for anyone to advocate anything less than immediate action to protect our critical infrastructures from the very well-understood and existential threats of EMP and GMD. Is there anybody out there who will say that EMP and GMD are not a threat to the electric grid?
…well, actually, yes…there is: EEI.
In a paper dated February 2015, EEI made a number of representations about the phenomenon of electromagnetic pulse (EMP) and its implications for the grid that were dangerously misleading. In the interest of correcting what EEI characterizes as “myths and facts,” the Secure the Grid (STG) Coalition – a group of scientists, engineers, national security practitioners, legislators and other leaders in this field – offered a detailed and fact-checked rebuttal: Read it HERE.
Interestingly, since the Secure the Grid Coalition published it’s “fact check” rebuttal to EEI’s misinformation, they have since scrubbed their document from their website. Fear not, I have included the original document here: Misleading EEI Document.
In fact, in addition to delaying any action, EPRI has been “low-balling” the EMP and GMD problem. According to Dr. George Baker’s testimony:
There is no need to recalculate a standard EMP waveform. Note that current EPRI grid vulnerability assessment models are using low-bound recalculated E3 waveforms. Existing IEC and EMPC EMP waveforms are more than adequate. Use of the unclassified MIL-STD-188-125 test regimen will assure power grid survivability to both EMP and 100-year solar storms.
Moreover, Dr. William Graham, Chairman of the Congressional EMP Commission, noted:
In 2016, the Electric Power Research Institute (EPRI), which is funded by the electric power industry, published an erroneous report that significantly underestimates the nuclear E3 EMP threat to electric grids. EPRI and others have used the report to lobby against Federal and State initiatives to protect the electric grid against nuclear EMP attack.
In sum, EPRI and EEI have been a big part of the problem. They have rationalized the electric industry’s desire to take a minimalist approach to grid protection through questionable “science” and delay tactics.
So Kudos to Senator Johnson for his leadership in having this hearing and trying to move the ball forward. And Dr. George Baker should be lauded as an American hero who has spent literally his entire adult life working to protect the American people from EMP and GMD.
Dr. George Baker, Director. Dr. Baker is a Professor Emeritus at James Madison University, where he directed the JMU Institute for Infrastructure and Information Assurrance. Previously, Dr. Baker led the Defense Nuclear Agency’s Electromagnetic Pulse (EMP) program, directed the Defense Threat Reduction Agency’s assessment arm, and served as a member of the Congressional EMP Commission Staff. Dr. Baker holds an M.S. in Physics from University of Virginia, and a Ph.D. in Engineering Physics from the U.S. Air Force Institute of Technology. Currently, Dr. Baker is CEO of BAYCOR, LLC – a consulting company primarily devoted to preparedness for and protection against major electromagnetic threats to critical infrastructures including nuclear EMP, solar storms, and radio frequency weapons. Dr. Baker also serves as a Principal Investigator for Resilient Societies on matters of infrastructure protection.
Read Dr. George Baker’s testimony below, or watch or listen to the entire hearing.
Listen to the hearing below, or go to THIS LINK to watch the webcast.
Testimony of Dr. George Baker Professor Emeritus, James Madison University Director, Foundation for Resilient Societies
United States of America Before the Senate Committee on Homeland Security and Governmental Affairs February 27, 2019
to Senator Johnson
and Senator Peters for this
opportunity to share my thoughts on the protection of our critical
against the wide-area electromagnetic threats posed by
the nuclear electromagnetic pulse (EMP) and solar storm geomagnetic
disturbances (GMD). Protection is urgently
needed to assure electric
power grid reliability.
is George Baker and I have
spent most of my professional career protecting the U.S. military from the
nuclear electromagnetic pulse (EMP).
the Defense Nuclear
Agency and successor Defense Threat Reduction
Agency (DTRA), I managed
the development of the
military standards used to
protect and test Department of Defense
(DoD) systems against
EMP. I also directed the Springfield Research Facility,
DTRA’s assessment arm,
responsible for vulnerability assessments of critical military facilities and supporting infrastructure
and organizing and deploying the initial Joint Chiefs of Staff (JCS) Force Protection vulnerability assessment teams. In my second
career as an academic, I directed James
Madison University’s Institute
for Infrastructure and Information Assurance, developed courses on complex infrastructure systems and how they fail and nuclear energy technology,
and organized five national symposia
on Critical Infrastructure Assurance
with the National Research
Council. During 2001-2008,
and again in 2017-2018, I served as a Senior Advisor
to the Congressionally-mandated Commission
to Assess the Threat to the
United States of Electromagnetic
Pulse (EMP) Attack.
The nature of
EMP and GMD effects on our grid can be severe,
to be sure. These phenomena introduce abnormal
transient electrical currents into
systems precipitating upset and thermal damage within electrical and electronic
components. Consequences involve
risk measurement units of
millions of casualties (EMP Commission), trillions
of dollars (Lloyds
and, dents in the history of civilization (Center for Policy on Emerging Technology).
The good news is that well-known, effective, and practical
are available to counter
these threats. We
have the engineering know- how and
tools to protect ourselves.
What is lacking
I will use today’s
Senate Roundtable to address questions
posed by Senator Johnson
and his staff regarding the severity of EMP and GMD system/network effects and the status of
national preparedness to operate through
and recover from these effects.
Question 1: What are
your thoughts on how an EMP/GMD
would impact the electric power
Atmospheric nuclear tests and simulated
testing reveals that systems connected
to long lines
are especially vulnerable to component damage,
necessitating repair or replacement.
All three time phases
of the EMP waveform (E1,
E2, and E3) couple most efficiently to long lines,
and would induce thousands of amperes on each overhead line that you see
as you drive down major highways. Because the strength of EMP fields is measured in volts
meter, to first order,
the longer the line,
the more EMP energy will be coupled into connected
systems and the higher the probability of system damage. Furthermore,
levels of EMP
current and voltage
induced on lines increase
with lines’ height above ground.
Because of its organic,
elevated long lines,
the electrical power grid is, itself,
highly vulnerable to component damage when
exposed to EMP and will couple
large electrical transients to most other (dependent) infrastructure
systems. It is ironic that our most critical
infrastructure is also the most
vulnerable to EMP, i.e.
grid couples the highest EMP/GMD levels into
its own components and those of connected facilities
1962 Starfish Prime high
altitude burst nuclear test 900 miles
from Hawaii provided partial evidence of EMP’s capabilities. The absence
of large-scale infrastructure failure in Honolulu is
of EMP skeptics, used over and over as
evidence that we
need not worry about long- term grid collapse from EMP. However, the Hawaiian Islands
were in the far-field,
low-amplitude fringe of the
EMP geo-pattern, the burst height and
weapon design were non-optimal for EMP
field generation, and the
electronics technology common in today’s electric power,
and control systems
was absent from the
Hawaiian networks. The small geographic size of the islands
and corresponding short lengths
of power lines, greatly reduced
effects on the grid. Thus, the
Starfish Prime test offered
a highly limited
ensemble of possible EMP
effects – just a
small taste of things
Because their high-altitude nuclear bursts were over a continental landmass, exposing long line networks spanning thousands of miles, the Russian atmospheric nuclear test experience has provided many more insights into EMP effects. But, just as with U.S. tests, the Russian test lessons are limited by the absence of today’s electric power, communication, Internet and control systems. The Russian tests caused overhead transmission and telecommunications line disconnects and damage including electrical arc breakage of powerline support insulators, causing overhead power lines to drop to ground. Dr. Valery Kondrat’ev reported they experienced fires from EMP and loss of communications gear. Military generators (fixed diesel generation plants) and substations were damaged. Overhead line network damage was due to early-time EMP and buried cable damage by late-arriving EMP. The Russians also reported malfunctions of radio stations.
Since the atmospheric
test era, government and industry
laboratory tests of hundreds
items have revealed EMP
vulnerability of grid
distribution transformers, grid control electronics, computers,
and communication networks
and indicate that we have
become more vulnerable to EMP due to technology advances and the
foundational role of electricity and electronics in our everyday life
and enterprise- enabling
Without protection, there is real evidence
from atmospheric testing and laboratory testing that the
grid will collapse, causing long-term,
large-scale cascading debilitation of dependent
infrastructures and services. EMP system debilitation is due to the
upset and thermal
burnout of grid-essential command, control, and communication electronics, and physical
damage to the heavy-duty grid components that supply
our power including
transformers, and possibly generators. The
military has the benefit
of decades of system testing
and a classified database documenting EMP
effects on hundreds of systems that has
caused them to recognize
that the electric power grid, in
its present unprotected state, cannot be relied
on following an EMP
attack. The military
backup power as part of
mission essential system design. DoD
is installing hardened
“microgrids” on key bases to make
them independent of the surrounding grid.
Because the power grid is
essential to the recovery
of all critical
the ability to operate
through an attack
or to be rapidly restored is paramount.
example, emergency responder experience
during multiple severe hurricanes indicates that electric
power availability is critical
for their operations.
I’m sure you’ll hear from other witnesses
that “EMP effects are not that bad –
to worry” and “it’s not necessary to harden the grid,
rather let’s put our money into
recovery phase activities, spare parts,
etc. so we
can pick up the pieces afterwards.” Threat levels,
by many utilities and their research arms, is based
assessments using EMP/GMD waveforms
that are lower than levels predicted by the latest empirically-verified
science and, in the case of GMD, lower than measured solar storm levels.
The utility industry’s “minimization mindset” is dangerous. As a case in point, the Federal Energy Regulatory Commission (FERC)/North American Electric Reliability Corporation (NERC) GMD standard (TPL-007-2) which set GMD Earth potential levels lower than those measured during past solar storms and set transformer failure thresholds higher than known malfunction levels. The result of this rosy industry analysis was that only fourteen of the thousands of transformers included in the model, would need protection – a result far from consensus among independent experts. Even with enforced utility compliance with the present GMD standard, our grid will remain vulnerable to major solar storms.
Government officials and utility
executives must transition to a “defense-conservative” mindset
for our power grid and
other lifeline infrastructures – just as
in protecting our strategic systems.
Question 2: How is the private
sector evaluating and attempting to address the
threat of an EMP/GMD?
The FERC GMD standard (TPL-007-2), though its specified environments and system thresholds are not defense-conservative, has at least brought industry attention to GMD effects. Because there is no corresponding federal EMP directive, the private sector is not doing very much of anything to address the EMP threat. The absence of federal EMP directives and standards for the electric power grid has resulted in inconsistent industry interest, approaches and questionable protection effectiveness. The NERC/electric industry EMP approach appears to be to let the national grid fail and concentrate attention, investments and preparedness on elaborate recovery plans to rebuild the grid in the aftermath of an EMP- caused grid collapse. This approach is fraught with risk.
There have been a few glimmers of EMP interest and action
including several uncoordinated
efforts within the electric
power industry and IT/Communication/Data
Center industry. Center Point, PJM, and Dominion Energy have
each hardened a major control
center. AEP has protected
400+ substation control shelters.
Generation stations have not been addressed because of cost-recovery limitations (unlike transmission
systems where federal regulations
allow cost recovery). Notwithstanding, other than
a beta- test of a
GMD protection device
one transformer in Wisconsin,
no hardening of the bulk
power system’s high voltage,
heavy duty, long-lead-time replacement items has occurred. The grid, in its current unhardened state,
would likely be out of service for long periods
following a major solar storm or EMP attack.
Within the communications/Internet sector,
one major data center in
Indiana, belonging to an insurance
company, has been protected. A data center in Minneapolis that serves electric utility industry
has installed a small protected
space. One data center in Pennsylvania
has EMP-protected a space of about 2000 square feet. Companies
are reluctant to harden
because there are no EMP/GMD
regulations or requirements for civilian
infrastructure. Power industry officials
have expressed reservations
that any near-term protection initiatives
could well be rendered
obsolete if they don’t conform
to unknown future
regulations and standards.
A major national concern is that a significant number of local electric power microgrids are being installed around the U.S. with no EMP protection. Microgrids are being justified and installed at highly- critical of infrastructure sites that cannot tolerate even short-term electric power grid outages. Thus, failure in an EMP event would likely terminate essential microgrid-powered services. Another major concern is that installation of unprotected microgrids actually harms the resilience of the existing grid by increasing the “vulnerability of complexity.”
Microgrids add another
layer of complexity to the existing
grid. Grid EMP vulnerability is increased
by the additional coupling
in microgrid control
electronics networks and interconnecting powerline
requirements would be
very helpful to ensure microgrids
will survive and not increase the
EMP vulnerability of the rest
grid. Note that microgrid
protection introduces a small incremental cost if included
in initial system design,
adding only 2-5% to
microgrid acquisition costs. Based
on DoD experience, retrofit EMP protection
costs run ten times
higher. We are at a watershed
moment where we
must decide between
designed-in protection on microgrid installations yielding
much improved electricity supply
resilience – or proceed in our current
lazy-faire manner with resulting
increases in local and
regional electric power grid vulnerability.
Regrettably, industry and government are largely ignoring the Congressional EMP Commission’s findings and recommendations. Recent National Infrastructure Advisory Council (NIAC) and Congressional Research Service (CRS) reports have also ignored recommendations from knowledgeable public interest groups, including the Foundation for Resilient Societies,,, JINSA, The American Foreign Policy Council, Infragard’s EMP Special Interest Group and the US Air Force Training Command’s Electromagnetic Defense Task Force (EDTF). A survey of recent government reports that address the protection of critical infrastructure reveals that none mention EMP, although critical infrastructure risks, resilience, protection, and availability are central to each report and to each Departments’ mission. Key reports on infrastructure protection and nuclear posture neglect to address EMP. EMP is not included in the DHS list of top 100 threats. EMP programs will greatly benefit from attention to reports from all concerned organizations and must have more attention at the highest policy levels.
On a positive note, several commercial enterprises have
developed turn-key EMP
services and product
lines and stand ready
to harden critical infrastructure
facilities and systems
(see Figure 1). I am confident
that, once we have national, state
and local protection initiatives, American companies
be ready to harden
critical infrastructure facilities and systems. Because
U.S. firms are world leaders in EMP protection technologies, there
potential for well-paying
manufacturing jobs in this emerging
industry. Our allies also
need EMP protection, so there is
the opportunity for robust export of EMP protection devices and services.
Question 3: What is the potential cost of hardening our
nation’s electrical grid with respect
to available technical options?
There have been several efforts to quantify the cost to harden the grid. None have been conclusive. An early effort by the Foundation for Resilient societies estimated costs in the several tens of billions of dollars for the bulk power system and supporting communication, fuel and transportation infrastructures (Figure 2). Note that generation stations, not subject to FERC protection standards, likely represent the largest share of EMP/GMD protection costs.
Based on the work of the Foundation for Resilient Societies
and DoD experience in
hardening military systems, my preliminary estimate
prioritized protection of the existing electric power
system is on the order of $50B, representing about 1% of the
grid’s replacement cost.
From a cost-benefit standpoint,
this amount is reasonable when compared with
the dollar losses from a national-scale
blackout which would be
measured in multiples of the U.S.
(tens of trillions of dollars). The estimate considers
protection of a top-down
“thin-line” of priority
grid systems including selected
generation plants with priority given
to nuclear plants and black-start plants, selected transmission
substations (e.g., FERC’s analytical result of nine critical
substations in the
U.S. electric grid), plus the
control centers and communication networks
necessary for monitoring grid status and
controlling post-event restoration
efforts. Some of the necessary fuel logistical tail (transportation assets,
terminals, refineries) is also included in this rough
estimate. This level of investment would allow faster reconstitution of the bulk grid following an EMP
or GMD-caused grid collapse
but would not offer complete
protection. The investment strategy is based
on identifying a top-down
“thin-line” of grid assets necessary
to restart the bulk power grid. For a
more rigorous and complete cost estimate
cost studies by DOE, industry,
and independent think tanks.
A bottom-up EMP protection approach (local,
State efforts) and cost estimate is also required since communities could
be on their own for extended
periods in a wide-area blackout.
Local community awareness is essential
to develop effective programs that address a thin-line of life-support infrastructures including local backup
power generation systems, emergency
services (law enforcement, fire, EMS, and their communications),
water supply/treatment, hospitals, and the necessary
logistics tail (food,
fuel). The Carolinas’ Lake
Wylie project provides a model for costing
a bottom-up EMP/GMD protection program. The federal government needs
the interface between the top-down and bottom-up efforts. The interface
demark occurs where the high
voltage transmission grid (bulk power) meets
the distribution grid (lower voltage
electric network supplying local infrastructure
Low cost stop-gap measures
will be important, including hardened
microgrid installations as a
near-term solution for life-line
infrastructures. As mentioned,
are presently at a
watershed moment due to the onset and rapid acceleration
of microgrid installations. Federal EMP
standards are desperately needed to inform and govern
the protection of microgrids. Otherwise, microgrids
will actually increase
vulnerability of the existing grid
due to the added layer of complexity, including heavy reliance on microprocessor controls
vulnerable to the E1 pulse.
While I commonly learn about efforts to protect commercial systems
against EMP, I would be hard-pressed to give
a good example of EMP-protected microgrids in the
civilian infrastructure. Accordingly,
that the microgrids now being developed
and installed would fail under EMP attack
Question 4: What additional authorities would you recommend
and should be involved
to assure national preparedness
an EMP/GMD event?
resolve and policy objectives for EMP/GMD preparedness, federal
authorities must recognize that America’s grid is the prime target infrastructure of our adversaries. Because the electric power grid is the foundation
of our technical society,
in military parlance,
an EMP attack engenders the ultimate “functional defeat” of the American society and enterprise.
Debilitation of the electric
power grid would lead
to an internecine fight for survival. Without protection and planning, our society would
greatly diminishing an attacker’s required follow-on war effort to
take over America’s
land possessions, island territories such as Guam, the remote
states of Hawaii and
Alaska, and even the continental United States.
The single most important recommendation of the 2018 EMP Commission Executive Report was to establish an office of EMP coordination within the National Security Council (NSC). The Commission recommended immediate action to advance U.S. security and survivability with the President establishing an Executive Agent having the authority, accountability, and resources to manage U.S. national infrastructure protection and defense against EMP. The Commission expressed concern that the current institutional authorities and responsibilities – government, industry, regulatory agencies – are fragmented, incomplete, under-resourced, and unable to protect and defend against foreign EMP threats or major solar storms.
EMP executive order, if signed, will help
in this regard
by designating the
Assistant to the President for National Security Affairs (APNSA),
through the NSC and in consultation with the Director
of the Office of Science and
Technology Policy (OSTP), as responsible for coordinating the development, and implementation of executive branch activities related to national EMP
Certain aspects of the Energy
Power Act of 2005 have
become detrimental to national preparedness against EMP
attack. The self-regulatory system for electric utilities,
with NERC as the designated
Electric Reliability Organization (ERO) has, in effect,
Under the Act, FERC can
them. In the quest for national EMP/GMD
preparedness, FERC serves only as the brake
pedal rather than the driver. Through
a sua sponte order to
NERC, FERC requested only a GMD standard,
intentionally excluding EMP
protection. The resulting NERC
GMD standards (TPL-007-1 and TPL-007-2) enable
utilities to sidestep grid
protection engineering using
paper studies. The
few items of long-replacement-time grid equipment that would
be protected to NERC’s sub-threat TPL-007-1/2 solar storm standards would remain vulnerable to substantially higher magnitude
E1 and E3 hazards,
with risk of E1 damage
to circuits and relays required
to protect against
E3. A combined-threat EMP- GMD
standard is a needed
and cost-effective solution.
New legislation is needed to empower FERC, specifically to enable the Commission to write and enforce grid protection standards. We must give FERC authority commensurate with Nuclear Regulatory Commission’s reactor authority, but over the US power grid. FERC should have explicit authority related to improving national security. FERC should also be asked to identify regulatory and non-regulatory mechanisms, including cost recovery measures, to incentivize private sector engagement to address the effects of EMP. In legislation, FERC should also be asked to develop a national-level blackstart plan. Currently we have only local and regional black start plans where utilities assume they can blackstart themselves by tapping into nearby, unaffected grids – an untenable approach in a continental-scale EMP/GMD contingency.
NERC’s role should
also be redefined to coordinating and assuring industry compliance
with FERC EMP/GMD
standards. FERC and
NERC should report to NSC and Congress
on a regular basis
on the status
of the overall resilience, security, and protection state of the U.S.
electric power grid.
A persistent barrier to the approval and implementation of effective grid reliability standards has been inadequate cost recovery opportunities. Potential mechanisms for cost recovery include FERC-approved tariffs, federal tax credits, and appropriations for cost sharing, as with the Smart Grid Investment Grant program of 2010-2015. Under deregulation, competition has had a countervailing effect on reliability. The adage, “private efficiency leads to public vulnerability,” applies here. Better designed electricity markets with incentives reducing multi-hazard risk of catastrophe would lead to major improvements in grid resiliency.
The Director of National Intelligence
plays key role by determining foreign
aggressors’ intent and capabilities
regarding EMP. Agencies
use DNI briefings and reports in determining whether or not to include EMP
in their planning and requirements. Unfortunately,
the most recent intelligence
community (IC) EMP
report published by the Joint Atomic
Energy Intelligence Council
(JAEIC) is factually
erroneous and analytically unsound.
This report provides an effective excuse/alibi for agencies
and their industry affiliates to ignore EMP in their planning and system acquisition processes. The Congressional EMP Commission recommended that the
circulate to all recipients of the 2014 JAEIC report the EMP
Commission critique of that report and
direct a new assessment that supersedes
the 2014 JAEIC EMP report. The new IC report
should be reviewed
by experts in the subject areas being addressed and circulated to all the
recipients of the defective
EMP is not mentioned in several
important high-level policy documents
including the U.S. Department of Defense 2018 Nuclear Posture
Review. EMP is not mentioned in the
Department of Homeland Security list of top 100
threats. I ask your Committee
the inclusion of the EMP
threat at the
highest levels of policy
guidance, especially when
your Committee has oversight
Question 5. How can current DHS
and DOE programs improve
efforts to protect critical national infrastructure
against EMP and GMD?
The impending EMP
Executive Order will help
and goes a long way in
clarifying DHS and DOE EMP/GMD roles
Because we can’t protect
everything, progress will be spurred by a prioritized list of EMP-susceptible infrastructure from DHS. Developing criteria for prioritization would benefit from coordination
with Assistant Secretary of Defense (Homeland Defense and
Affairs) on their criteria for assembling the
Defense Critical Asset (DCA) and Defense
Critical Infrastructure Protection (DCIP) and lists.
A recovery time
objective (RTO) should be
specified for critical
infrastructures and used as a criterion
for priority assignment.
Due to its 50-plus
year learning from actual EMP specification, design, build, and test
experience, DoD information
sharing and assistance to DHS and DOE
is crucially important
to national preparedness. The U.S.
military already has EMP protection
approaches that are practical,
affordable, tested and well understood that can be translated
directly to electric power grid control
facilities and supervisory control and data acquisition electronics and
networks. For more than a half‐century,
DoD has protected high priority
control, and computer
assets for nuclear deterrence and response.
DHS and DOE EMP/GMD protection programs
should emulate DoD’s efforts.
In this vein, it will be important to preclude temptations to re-invent the wheel by giving DHS and DOE full access to DoD standards, handbooks and data bases. Existing EMP standard waveforms are more than adequate for specifying a standard unclassified EMP environment for use by industry. In particular, the International Electrotechnical Commission’s (IEC) E1 and E2 waveforms coupled with the EMP Commission’s E3 waveform provide an excellent, unclassified basis for national infrastructure EMP protection. These coupled with the MIL-STD-188-125 shielding effectiveness acceptance test and pulsed current injection (PCI) acceptance test specifications will provide high confidence in critical infrastructure system survivability. Systems complying with the MIL-STD-188-125 E3 PCI acceptance test will also survive 100-year solar storm GMD-induced currents.
It will be important for DHS and DOE to develop
expertise with DoD EMP protection, testing and hardness maintenance and surveillance
HM/HS programs. EMP/GMD assurance does not end
with initial installation of protection hardware. DoD has found that EMP
hardness degrades with time,
necessitating periodic system surveillance and maintenance. Critical
infrastructure protection (CIP) programs
should include outyear funding for this. A
paragon hardness maintenance
program is STRATCOM’s Minuteman
Stove-pipe attention to single
threats necessitate needless
and unnecessarily expensive redundancies in system protection.
DTRA’s blue ribbon assessment programs
have found that all hazards protections
imminently practical – that once
“single-point failure” locations are identified, protection of these against
is straightforward. And it is important that EMP is not ignored. The
failure of current GMD
protection efforts to address
nearly identical vulnerabilities
and protection measures for he EMP/E3
waveform has been a lost opportunity.
vulnerabilities can be reduced by hardening the electric grid
and, procedurally, by executing well- planned
load shedding given adequate
warning time (EMP can
occur with no warning). Smart, timely reconstitution
the grid following
a planned or unplanned shut-down is an equally
important part of the planning process.
of these – prioritized system hardening,
smart shutdown and smart reconstitution – will require improved multi-threat grid
modeling. A major objective of modeling will be the identification of the most critical system and network failure
points to enable generating the list of system protection priorities. This
be key to cost reduction. DOE has included
provisions for improved
grid modeling in its 2016
EMP Action Plan.
Empirical validation of models is essential
for confidence building. Electromagnetic system effects
and hardening requirements
are tried and true for communication,
computer, and control electronics
to DoD protection and test programs
and standards development. However, there
are still holes in
system testing and hardening data bases.
most concern, we have
not yet tested or hardened HV generation
plants and HV/EHV transformers. Threat level testing will be
required to determine EMP/GMD vulnerabilities,
develop and validate models,
and verify protection methods. To this
end, new and upgraded EMP/GMD integrated system test beds are needed. The Idaho
National Laboratories (INL) and Tennessee Valley
Authority (TVA) are excellent candidates for test beds and have
begun initial development. And Duke Energy
has recently provided
transformer for the first U.S.
Pilot demonstration programs
in selected grid sectors are all-important to answer questions on feasibility and cost of local and regional
infrastructure EMP protection. The cost of grid
EMP protection is the biggest question
there. The ongoing
Lake Wylie Protection Project
and the San Antonio Joint-Base microgrid
development programs are good examples
and should be encouraged, expanded, and funded.
DHS should publish an official, unclassified EMP/GMD standard. DHS is to be commended for issuing a coordination version of a communication/data center protection standard. This document should be expanded to include HV/EHV electric power assets (HV generators and substation transformers/breakers). In addition, a DHS-endorsed national EMP/GMD planning scenario would provide an overarching scope for public and private stakeholder awareness, grid protection and recovery planning. DHS expand its complement of EMP/GMD scientists and engineers.
Summary and Action
resolve and policy objectives for preparedness, Federal authorities must recognize
that America’s grid is
the prime target infrastructure
of our adversaries. Despite witness
arguments to the contrary, the grid, in its current unhardened
state, would likely be out of service
for long periods
following a major solar storm or EMP attack. Our strategy must be defense conservative
and to enable as much
the following steps to achieve
grid resilience, including ‘top-down’ actions
and a set of equally important ‘bottom-up’ actions.
From a Top Down perspective:
The most important
recommendation of the 2018
EMP Commission was to
establish an office of EMP coordination within the National Security Council
(NSC). The new EMP executive
order does this.
The FERC GMD standard (TPL-007-2), though its
specified environments and system
thresholds are not defense-conservative,
has at least brought
industry attention to GMD effects.
This standard, even if rigorously enforced will leave the
grid dangerously vulnerable to GMD and needs to
Without a corresponding FERC EMP directive, the private sector is not doing very
much of anything
to address the EMP threat. An EMP directive and protection standard are sorely
New legislation is
needed to empower FERC,
Enable FERC to write
enforce grid protection
Identify mechanisms, including cost recovery
measures, to incentivize
private sector engagement on EMP protection and increase on-site
Develop a national blackstart plan.
A national EMP
is needed. DHS is to be commended for issuing a coordination version of a communication/data center protection
guidelines. DHS should expand this to include
electric generator stations and
For more than a half‐century, DoD has protected high priority military command,
computer assets for nuclear
deterrence and response.
DHS and DOE
EMP/GMD protection programs should emulate DoD’s efforts.
We must preclude the temptation to re-invent
the wheel by giving
DHS and DOE full
access to DoD standards and
data bases. There is
no need to recalculate a standard
waveform. Note that current EPRI grid vulnerability assessment models are using low- bound
recalculated E3 waveforms. Existing
IEC and EMPC EMP waveforms
are more than adequate. Use of the
unclassified MIL-STD-188-125 test regimen will assure power grid survivability to both
EMP and 100-year solar
A prioritized list of EMP-susceptible infrastructure
needed. System protection and reconstitution prioritization requires improved
grid modeling. Integrated system test beds
will be important for model validation. Top priority is HV generation plants and HV/EHV transformers, heretofore untested.
The INL and TVA test beds
The most current
EMP Intelligence report is technically flawed and
misleading in a manner that downplays
need for action
– a new assessment is
I estimate cost of EMP protection for the bulk power system to
be in the $50B range. The investment strategy is based
on identifying a top-down
“thin-line” of grid assets.
More rigorous cost estimates are needed by DOE &
From a Bottom-Up perspective:
EMP protection programs
must be pursued at the local and
State levels since communities
would be on their own for extended
periods in a wide-area blackout.
Pilot demonstration programs
grid sectors are all-important to address
the feasibility and cost of local EMP protection. The ongoing
Lake Wylie Demonstration Project and the
San Antonio Joint-Base microgrid development program are good examples
and should be expanded
Bottom-up protection should
address a thin-line of essential
life-support infrastructures including distribution
substations, backup power generation
systems, emergency services,
water supply and treatment, hospitals, and the
necessary logistics tail.
Low cost, stop-gap measures
will be important, including hardened
microgrid installations as a near-term solution
life-line infrastructures. We are presently
at a watershed moment due
recent onset and rapid
acceleration of microgrid installations.
Federal requirements and standards are important
to ensure that microgrids will survive and not increase the EMP vulnerability of the rest of the
grid. Microgrid EMP
protection is only a
small incremental cost if included in initial
government must coordinate the interface between the top-down
and bottom-up efforts. A
useful interface demark
occurs where the
high voltage transmission grid (bulk power) meets
the distribution grid (lower voltage electric
network supplying local infrastructure
On a positive note, several commercial enterprises have
developed turn-key EMP protection services and product lines and
stand ready to harden critical infrastructure
facilities and systems one directives
and programs are in place.
 H. Seguine, U.S.-Russian meeting – HEMP
Effects on National
Power Grid and Telecommunications, National Communication
System Memorandum for Record, 17
 Electric Power Research Institute, Magnetohydrodynamic Electromagnetic Pulse
Assessment of the Continental
U.S. Electric Grid. Palo Alto, CA, February 2017.
 W. R. Graham
et al, Assessing
the Threat from Electromagnetic Pulse (EMP),
Report of the Commission to Assess the Threat
to the United States from Electromagnetic Pulse (EMP) Attack,
 The “vulnerability of complexity” was coined by Yale professor
Charles Perrow in his book, Normal Accidents. “Normal accidents” in complex
infrastructure systems involve system interactions that are not only unexpected, but are incomprehensible for some critical
period of time. For instance,
it took an expert
NERC investigation team three months to determine
the exact combination and sequence
of system failures
that led to the 2003 Northeast blackout.
 G. Baker, W. Harris, T. Popik, Protecting the Electric Power Grid from Electromagnetic Pulse: Legal and Policy Aspects, Critical Infrastructure Protection Report, George Mason University, July 2013.
 T. Popik, W. Harris, G. Baker, Comments of the Foundation for Resilient Societies on The Federal Energy Regulatory Commission Reliability Standard for Transmission System Planned Performance for Geomagnetic Disturbance Events, Docket No. RM15-11-000, 10 August 2015.
 T. Popik, Testimony of the Foundation for Resilient Societies before the Federal Energy Regulatory Commission Reliability Technical Conference, Docket No. AD16-15-000, 1 June 2016
 B. Gabbard, R. Joseph, Threats to U.S. Critical Infrastructure, Gemunder Center EMP Task Force, September 2015
 R. Harrison, I. Berman, Strategic Primer: Electromagnetic Threats, American Foreign Policy Council, Winter 2018.
 M. Laskey, W. Harris, S. Volandt, Powering Through: From Fragile Infrastructures to Community Resilience, Infragard EMP Special Interest Group, November 2016.
 D. Stuckenberg, R. Woolsey, D DeMaio, Electromagnetic Defense Task Force (EDTF) 2018 Report, Air University Press, Maxwell Air Force Base, Alabama, November 2018.
 These reports include Mitigation of Power Outage Risks for Department of Defense Facilities and Activities 2015, National Infrastructure Protection Plan 2013: Partnering for Critical Infrastructure Security and Resilience (DHS), U.S. Department of Energy Strategic Plan 2014-2018, and the 2018 Nuclear Posture Review.
 Note: DTRA has recently (Fall 2018) begun HV the first-generation station EMP testing.
 W. R. Graham et al, Assessing the Threat from Electromagnetic Pulse (EMP), Executive Report, Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack, July 2017
 The DOE Quadrennial Energy Review released in January 2017 recommended, “… in the area of cybersecurity, Congress should provide FERC with authority to modify NERC-proposed reliability standards—or to promulgate new standards directly…” EMP could be included under the cyber threat since it debilitates cyber electronic systems and constitutes the ultimate
 G. Baker, Testimony before the Federal Energy Regulatory Commission Reliability Technical Conference, Docket No. AD17-8-000, 22 June 2017
 P. Auerswald et al, Seeds of Disaster, Roots of Response: How Private Action Can Reduce Public Vulnerability, Cambridge University Press, 2006.
 International Electrotechnical Commission, EMP Environment Standard 61000-2-9
 Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack. Recommended E3 HEMP Heave Electric Field Waveform for the Critical Infrastructures. Report of the EMP Commission, July 2017.
 Note: EMP protection covers GMD effects. Late-time EMP (E3) protection hardware will suffice for GMD protection.
 Electromagnetic Pulse (EMP) Protection and Resilience Guidelines for Critical Infrastructure and Equipment, Version 2.2, DHS National
for Communications (NCC), National
Cybersecurity and Communications Integration Center, February
Consider this: The North American Electric Reliability Corporation (NERC) reported ZERO “Cybersecurity Incidents” for the last three years. But NERC is withholding the names of cyber violators from the public because of the “Cybersecurity Incidents” over the last three years.
So, not only does literally everybody in the U.S. pay an electric bill; not only do we all rely on the electric grid for everything necessary for life – but it seems the electric grid also thinks we are all stupid.
Seriously, here is the issue: Secret self-regulation does not work.
The electric grid is self regulated by NERC – a non-profit corporation. This self-regulatory scheme is nominally overseen by the Federal Energy Regulatory Commission (FERC). For the last decade, Russian and Chinese hackers have been inside the U.S. electric grid. Our regulators have failed and refused to secure the electric grid. This shocking revelation was front and center when Senator Angus King (Maine) questioned the CEO of NERC, James Robb, on February 14, 2019:
Disclosure is the cornerstone of a successful regulatory scheme in a free society. The Securities and Exchange Commission routinely publicizes the names of companies and individuals subject to regulatory actions under U.S. securities laws; the Food and Drug Administration routinely publicizes the names of companies whose food is being recalled due to public safety concerns; the National Transportation Safety Board routinely publicizes the names of companies responsible for airplane crashes. There are numerous other examples of appropriate disclosure. It is high irony that public disclosure has made food consumption and airline travel extremely safe for Americans while a far greater danger – the threat of long-term blackout for millions – has been neglected by the responsible federal regulator, FERC.
The Secure The Grid Coalition is fighting to fix the electric grid’s broken regulatory scheme that is endangering all of us. The fight is shaping up around the issue of a $10 million penalty NERC imposed on January 25, 2019 against unnamed companies that committed 127 violations of Critical Infrastructure Protection (CIP) standards over several years. The press has since outed Duke Energy Corp as the violator, but neither NERC or the U.S. government have acknowledged this. The coverup remains.
You can join us and be heard!
We need to all let the Federal Energy Regulatory Commission (FERC) know that the security of the electric grid is critical – secret regulation and coverups are unacceptable to the public. As a citizen, you have the right to file a “Motion to Intervene” in this docket and be heard! The deadline to file on this docket is March 29, 2019so write your letter today and submit it online to FERC Docket Number NP19-4-000, or mail it in to FERC (Be sure to include the Docket Number in your letter).
Mabee, a private citizen, requests the Commission’s leave to intervene in the
above captioned docket, pursuant to 18 C.F.R. § 39.7(e)(4). I request that 1) the
Commission review this Notice of Penalty (NOP) to ensure that it is in the
public interest, and 2) that the name of the entities(s), the unredacted Notice
of Penalty and the unredacted settlement agreement be released in the public
docket. NERC has made redactions to the publicly available documents, alleging
the identities and other identifying information about Critical Infrastructure
Protection (CIP) standards violators must be kept from the public. The lack of
transparency in this Notice of Penalty raise significant public interest concerns.
Background on FERC Docket No. NP19-4-000
On January 25, 2019, the North American Electric
Reliability Corporation (NERC) filed a Notice of Penalty with FERC that
disclosed 127 cybersecurity standard violations by unidentified “Companies.”
NERC and its Regional Entities (RE) determined:
[T]he 127 violations collectively posed a serious risk to the security and reliability of the BPS (Bulk Power System). The Companies’ violations of the CIP Reliability Standards posed a higher risk to the reliability of the BPS because many of the violations involved long durations, multiple instances of noncompliance, and repeated failures to implement physical and cyber security protections.
It is notable that the Notice of Penalty revealed
violations that could allow adversaries in remote locations to gain electronic
access to grid facilities:
The REs determined that the Companies allowed interactive remote access to the BCSs (Bulk Electric System Cyber Systems) inside the Companies ESP (Electronic Security Perimeter) without first going through an Intermediate System, utilizing encryption, and requiring multi-factor authentication.
violation started when the Standard became mandatory and enforceable and is currently ongoing. [Emphasis added.]
The violated standard, CIP-005-5-2 R2, became effective
in July 2015. Without the violator having fear of public scrutiny, it is
apparent that even three and one-half years have not been sufficient time for “the
Companies” to remedy this currently
On February 1, 2019, trade publication EnergyWire disclosed that Duke Energy is
the unnamed standards violator.
Duke Energy is one of America’s largest utilities, with 7.2 million customers
across seven states. Duke’s generation fleet includes six nuclear plants. A
physical or cyber-attack on Duke could cause a long-term, wide-area blackout
and result in release of radioactive contaminants. Nonetheless, the NERC
standard enforcement regime, with its practice of hiding the names of violators
under the guise of so-called Critical Energy/Electric Infrastructure
Information (CEII), has failed to assure the protection of Americans depending
on Duke for their electric power.
The NERC-imposed fine was $10 million, tiny in comparison
to Duke’s 2017 net income of $3 billion.
This NOP had redactions that are far beyond the
redactions in all previous CIP NOP’s submitted to FERC by NERC. For example, in
all previous CIP NOPs, the identity of the Regional Entity (RE) was disclosed
and the NERC Violation ID was disclosed. Also, in this NOP the reason for the
NOP was redacted – usually it is disclosed that the reason the NOP is being
filed is that, for example, the Regional Entity and the “Unidentified
Registered Entity” have entered into a settlement agreement. Here on page 1 of
the Duke NOP, NERC has redacted the reason for the NOP’s submission:
This is the first instance since 2010 that NERC has used this
type of redaction. Also, the “NERC Violation ID” is redacted for the first time
since 2010. Here is the beginning of the violation table from page 2 of the
NERC’s coverup of the identity of the violator (‘the
Companies”), the identity of the regulator (the “Regional Entities” or “REs”), and
settlement agreement are profoundly against the public interest. FERC should
not tolerate this concealment by NERC. “The Companies” were subjected to a $10-million
fine for 127 cybersecurity violations; the details of this compliance gap are of
great public interest.
The public must be able to cast scrutiny over the activities of NERC and its
regulated entities for the self-regulatory scheme codified in Section 215 of
the Federal Power Act to be effective.
Federal Regulations Require Disclosure
NERC requests that the redacted portions of the NOP be
designated as nonpublic under 18 CFR § 39.7(b)(4) and as CEII under 18 CFR §
388.113(e)(1). Neither of these regulations provide NERC, the “Regional
Entities” or “the Companies” relief from public scrutiny in this regulatory
action. As described in detail below, NERC is apparently violating its duties
as the designated “Electric Reliability Organization” (ERO) by:
Improperly classifying information as CEII,
Improperly applying the “Cybersecurity Incident” exemption
Improperly applying the “disposition” exemption to
Providing misleading interpretations of Commission
Each violation or alleged violation shall be treated as nonpublic until the matter is filed with the Commission as a notice of penalty or resolved by an admission that the user, owner or operator of the Bulk Power System violated a Reliability Standard or by a settlement or other negotiated disposition. The disposition of each violation or alleged violation that relates to a Cybersecurity Incident or that would jeopardize the security of the Bulk-Power System if publicly disclosed shall be nonpublic unless the Commission directs otherwise. [Emphasis added.]
Further, 18 CFR § 39.7(d)(1) provides that a notice of
penalty by the Electric Reliability Organization shall consist of, inter alia: “The name of the entity on
whom the penalty is imposed.”
So, 18 CFR § 39.7 (b)(4) and 18 CFR § 39.7(d)(1) are
clear that at the point when “the matter is filed with the Commission as a
notice of penalty or resolved by an admission that the user, owner or operator
of the Bulk Power System violated a Reliability Standard or by a settlement or
other negotiated disposition” then the name of the penalized entity as well as
the supporting documentation – including the settlement agreement – must be
publicly disclosed. Importantly, the “notice of penalty” is afforded different
treatment in 18 CFR § 39.7 (b)(4) than the “disposition of each
violation”—there is no provision in regulation to make the “notice of penalty”
nonpublic. Moreover, 18 CFR § 39.7(d)(1) makes it absolutely clear that “the
name of the entity on whom the penalty is imposed” is part of the “notice of
18 CFR § 39.7 (b)(4) allows the “disposition of each
violation” (or alleged violation) to be made nonpublic, but only if disclosure
of the “disposition” would jeopardize security of the Bulk Power System. Again,
the “name of the entity” is not part of “disposition” of the violation, so
there is never an exemption of the violator’s name from public disclosure. Nor
has NERC made a credible case that disclosure of the “disposition” of the Duke violations
would jeopardize the security of the Bulk-Power System, especially when the
violations do not involve bona fide
Cybersecurity Incidents as defined in 18 CFR § 39.1.
FERC has made no public order (or change in regulation)
to allow NERC to withhold the “notice of penalty” for the Duke NOP (or any
other NOP). If FERC has made a private directive to NERC to withhold the “disposition”
of the violations in Duke NOP, and other NOPs, then the public interest demands
that the text of this hidden FERC directive and its underlying legal rationale
be promptly released by the Commission.
NERC’s “Cybersecurity Incident” Shell Game.
The “cybersecurity incident” exception that NERC
frequently evokes as a justification for covering up the names of violators clearly
does not apply. It is critical to point out that nothing in this redacted NOP
refers to a “cybersecurity incident.” 18 CFR § 39.1
defines “cybersecurity incident” as:
Cybersecurity Incident means a malicious act or suspicious event that disrupts, or was an attempt to disrupt, the operation of those programmable electronic devices and communications networks including hardware, software and data that are essential to the Reliable Operation of the Bulk-Power System.
There is no allegation in the NOP of a malicious act or
suspicious event that disrupted or attempted to disrupt the Reliable Operation
of the Bulk-Power System. This was simply a regulatory action after instances
of noncompliance of CIP standards were discovered, either through self-reports
or regulatory audits.
It is extremely disconcerting that NERC claims in 2015,
2016, and 2017 there were zero reportable cybersecurity incidents. In NERC’s
June 2018 “State of Reliability 2018” report,
on page 39 we see NERC’s claim:
Yet somehow, in the Duke NOP NERC claims the name of “the
Companies” must be withheld from public scrutiny since these are “cybersecurity
incidents.” Since the violations described in the Duke NOP occurred over the
same time period that NERC reported that there were no reportable
“cybersecurity incidents”, the public is confused. Why is it we cannot have the
name of the violator? In its State of Reliability report NERC says that there
were no reportable cybersecurity incidents, but the Duke NOP contains
descriptions of “cybersecurity incidents” so serious they must be redacted?
NERC’s twisted logic defies all commonsense.
Further, to the extent that NERC attempts to argue that
disclosure of the name of the regulated entity or the settlement agreement
“would jeopardize the security of the Bulk-Power System if publicly disclosed”,
their argument falls flat. In fact, it is misleading.
In the NOP NERC quotes FERC Order 672 – out of context –
and argues that:
As the Commission has previously recognized, information related to CIP violations and cyber security issues, including the identity of the registered entity, may jeopardize BPS security, asserting that “even publicly identifying which entity has a system vulnerable to a ‘cyber attack’ could jeopardize system security, allowing persons seeking to do harm to focus on a particular entity in the Bulk-Power System.”
This is a grossly selective use of a quote from FERC
Order 672. The entire passage from the FERC order explains the benefit of transparency:
As explained in the NOPR, and confirmed by numerous commenters, a proceeding involving a Cybersecurity Incident requires additional protection because it is possible that Bulk-Power System security and reliability would be further jeopardized by the public dissemination of information involving incidents that compromise the cybersecurity system of a specific user, owner or operator of the Bulk-Power System. For example, even publicly identifying which entity has a system vulnerable to a “cyber attack” could jeopardize system security, allowing persons seeking to do harm to focus on a particular entity in the Bulk-Power System. While the Commission recognizes the benefit of transparency in Commission proceedings, as discussed by APPA and TAPS, the benefits of transparency are overridden in the limited situation of cases in which such transparency would jeopardize Bulk-Power System security. [Internal footnotes omitted, Emphasis added.]
Nothing in this NOP credibly alleges that a
“Cybersecurity Incident” as defined in 18 CFR § 39.1 has taken place. Moreover,
NERC provides no evidence or argument, other than a conclusory statement, that
disclosure of the redacted information would jeopardize Bulk-Power System
Then NERC compounds this apparent misrepresentation by
Consistent with the Commission’s statement, NERC is treating as nonpublic the identity of the Companies and any information that could lead to the identification of the Companies.
In other words, NERC is blaming FERC for the coverup by
quoting this out of context passage and apparently misapplying federal
If NERC has direction from FERC allowing redaction of Notices
of Penalty, the public interest demands that FERC release the text of this
direction. If in fact there is no direction from FERC, the Commission should
make this clear.
Perhaps NERC is somehow arguing that releasing any data
that identifies any entity that is subject to a regulatory action (or even the
identity of the regulator or “Regional Entity”) will endanger the Bulk-Power
System. One way to read this argument is is that since our regulatory regime is
so weak and ineffective, a coverup is necessary so the “malicious actors” don’t
find out how vulnerable we are.
Presently, NERC as ERO, is improperly using the Critical
Energy/Electric Infrastructure Information (CEII) rule
to hide from public view the identities of entities that violate Critical
Infrastructure Protection (“CIP”) Reliability Standards – even when the
violation has been abated and there is no arguable security need to withhold
this information. Essentially, NERC and the Regional Entities are misusing
FERC’s authority to shield industry from public scrutiny. The Commission must
not allow this practice repugnant to the public interest to continue.
Only NERC is asserting that this information is CEII or
“privileged” or “nonpublic” – the Commission has not made such a determination.
18 CFR § 388.112(c)(1)(i) Provides that:
The documents for which privileged treatment is claimed will be maintained in the Commission’s document repositories as non-public until such time as the Commission may determine that the document is not entitled to the treatment sought and is subject to disclosure consistent with § 388.108. By treating the documents as nonpublic, the Commission is not making a determination on any claim of privilege status. The Commission retains the right to make determinations with regard to any claim of privilege status, and the discretion to release information as necessary to carry out its jurisdictional responsibilities. [Emphasis added.]
NERC has for years been classifying the names of the
violators and the settlement agreements as “nonpublic” and tries to argue that
FERC also deems these documents as “nonpublic” – not so according to the
Finally, even the Commission’s own interpretation of the
Critical Energy Infrastructure Information rules support disclosure. I note
that FERC Order No. 833 holds that the Commission’s practice is that
information that “simply give[s] the general location of the critical
infrastructure” or simply provides the name of the facility is not Critical
Energy Infrastructure Information (CEII).
The NERC Enforcement Regime is Broken and Endangers the U.S.
CIP regulations should protect the U.S. electric grid by
holding “the Companies” accountable to protect the portion of the U.S. critical
infrastructure that they own or operate. Instead, NERC has twisted this
regulatory scheme into a sham where companies have no incentive to do more than
the minimum. If caught violating a CIP standard, NERC and the Regional Entities
will settle the matter privately with “the Companies,” negotiating a “penalty”
that “the Companies” are willing to pay and will keep the matter from public
view. A great deal for “the Companies” – not so much for the American people.
NERC’s view of how an effective enforcement regime should
work is gravely flawed. NERC essentially argues in the NOP that they are
redacting the names of “the Companies” and any identifying information because:
Malicious individuals already target the Companies’ operational personnel, seeking bits and pieces of data to map the Companies’ systems and identify possible attack vectors. The public disclosure of a single piece of redacted information may not, on its own, provide everything needed to exploit an entity and attack the electric grid. But, successive public disclosures of additional pieces of redacted information will increase the likelihood of a cyber-intrusion with a corresponding adverse effect on energy infrastructure. Each successive disclosure could fill in some knowledge gaps of those planning to do harm, helping to complete the maps of entity systems. Therefore, it is important to examine and evaluate the redacted information in the aggregate.
This is a generic argument that any information of any
kind identifying “the Companies” would assist hackers. Therefore, according to
NERC, hiding the names of the companies will somehow thwart the Chinese and
What would work better is if “the Companies” took the CIP
regulations seriously and put effort in to thwart the malicious individuals.
What would also help is if NERC became a regulator rather than an industry
advocate. Public scrutiny of regulatory failings is the time-tested method to ensure
accountability in a free society.
NERC has been redacting the names of the companies since
July 6, 2010 – over 8 ½ years. In an official assessment to the U.S. Congress
released on January 29, 2019, the U.S. Intelligence Community confirmed that
the U.S. electric grid is not secure against foreign incursions:
Russia has the ability to execute cyber attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure—such as disrupting an electrical distribution network for at least a few hours—similar to those demonstrated in Ukraine in 2015 and 2016. Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.
Redacting the names, NRC ID and other “identifying
information” clearly hasn’t thwarted our adversaries – it has only thwarted the
American people from evaluating the weakness of NERC’s enforcement regime – and
actually it is this weak enforcement of
CIP standards that has assisted the “malicious individuals.” (One has to
wonder whether NERC is spending more legal effort on hiding threats from the
public than on enforcing grid security standards on utilities.)
Finally, NERC has no problem providing all this
identifying information on its website on all active registered entities in its
“NERC Active Compliance Registry Matrix” (NCR). Exhibit A is the most recent
list of all the 1495 registered entities – with NRC ID and functions – pieces
of information redacted in the NOP – and in all other NOP’s since July 6, 2010.
I obtained this list from NERC’s public website on February 10, 2019.
So this list apparently poses no information of interest to “malicious
individuals” but somehow NERC argues that the name of the of the entity
subjected to a regulatory action in every single CIP violation since July of
2010 somehow poses such a threat.
Industry Embarrassment Does Not Equal National Security Concern
NERC began covering up the names of CIP violators – as they are continuing to
do in this NOP – there has been less incentive to fix the grid
security problems. That’s why disclosure is important. Why should
utilities spend money to fix grave cybersecurity issues if they know that 1) if
caught, their friendly regulator will “settle” the violation privately and the
settlement agreement will be kept secret, 2) the utility can negotiate a
trivial fine, and 3) the utility’s name will not be disclosed to the public?
On the surface, it is hard to understand why
the industry has taken the lack of transparency approach to CIP regulation. However,
upon closer historical examination, the industry has crafted its own favorable
(to the industry) regulatory scheme whereby it implements whatever protections
are convenient and inexpensive – but it can avoid any protections that the
industry deems too “burdensome.”
Simply put, the security of the electric grid is apparently optional – we
depend on about 1,500 electric utility industry entities to do the right thing
– but there is no strong requirement that they do the right thing.
A logical conclusion one can draw from this
set of facts is that the industry seeks to avoid public exposure for their
inaction on cyber security. Under the guise of protecting us (because we the
public cannot be trusted with this sensitive information) private, secret
regulation is ongoing, with back-room settlements and handshake penalties.
Thus, “the Companies” and their shareholders avoid the embarrassment of being
outed for a lack of action on Critical Infrastructure protection (CIP)
standards. And NERC is not held accountable for their ineffective enforcement
Meanwhile, after a decade of inaction, it is
well known that our electric grid is vulnerable – and in fact, has been
penetrated and probed. This regulatory scheme has not made us safer.
The federal regulations are very clear that the name of
the entity on whom the NERC penalty is imposed must be disclosed, along with
the settlement agreements and all documents necessary for public scrutiny of
the regulatory transaction. FERC has failed to enforce its own regulations,
with great harm to the public interest.
For all of the forgoing reasons, I request that the
Commission fully review the Notice of Penalty in this docket and require that
the identity of “the Companies”, names of the regional entities, the full text
of the settlement agreement, and all other redacted information is promptly
disclosed to the public.
If FERC’s practice of allowing NERC to hide the names of cybersecurity
violators was going to help electric grid security, it should have worked over
the past nine years. The Director of National Intelligence says that America’s
electric grid is at grave risk of cyberattack—it is obvious that reform of this
weak enforcement regime is long overdue.
This NOP is a departure from past NOPs where the violators were referred to a
“Unidentified Registered Entities.” In this NOP, the unidentified entities are
referred to as “the Companies.”
is noteworthy that on February 14, 2019 in a hearing before the Senate
Committee on Energy and Natural Resources – a hearing attended by both the
President and CEO of NERC as well as the Chairman of the Commission – Senator
Angus King noted unequivocally that “the Russians are already in the grid.” See:
(accessed February 20, 2019).