Last year I blogged about a report on grid cybersecurity that was released by US Representatives Ed Markey and Henry Waxman. The U.S. bulk power system is relied on by 300 million people and is comprised of 200,000 miles of transmission lines and about a thousand gigawatts (GW) of generating capacity. It is valued at over $1 trillion. Most of the bulk power grid is owned and operated by private companies, municipally- and coop-owned utiltiies.
The report makes the case that the components of the grid are highly interdependent. An outage in one area can lead to cascading outages in other areas. The classic example occurred in 2003 when four high voltage power lines in northern Ohio brushed trees and shut down. A computer system error caused a cascade of failures that left 50 million people without power for two days across the United States and Canada and cost the economy an estimated $6 billion.
This report makes the case that grid vulnerabilities pose substantial risks to U.S. national security. It cites a 2008 report by theTask Force on Department of Defense (DOD) Energy Strategy that said that “critical missions . . . are almost entirely dependent on the national transmission grid." About 85% of the energy infrastructure upon which DOD depends is commercially owned, and 99% of the electricity DOD consumes originates outside of DOD. In most cases, neither the grid nor on-base backup power provides sufficient reliability to ensure continuity of critical national priority functions and oversight of strategic missions in the face of a long term (several months) outage. An October 2009 report by the Government Accountability Office said that 31 of DOD’s 34 most critical global assets rely on commercially operated electricity grids for their primary source of electricity.
I remember a startling statistic in an Energy Information Adminstration (EIA) publication that the failure of 4% of U.S. substations would result in 60% of the U.S. losing power. The Markey and Waxman report also cites a declassified National Academy of Sciences report that found that physical damage to large transformers could disrupt power to large regions of the country and take months to repair.
Last Thursday the Wall Street Journal published an article citing "a previously unreported federal analysis." The article said that
"The study by the Federal Energy Regulatory Commission concluded that coordinated attacks in each of the nation's three separate electric systems could cause the entire power network to collapse, people familiar with the research said.
"The U.S. could suffer a coast-to-coast blackout if saboteurs knocked out nine of the country's electric-transmission substations on a summer day, according to a previously unreported federal analysis.
"A small number of the country's substations play an outsize role in keeping power flowing across large regions. The FERC analysis indicates that knocking out nine of those key substations could plunge the country into darkness for weeks, if not months."
The Acting Chairman Cheryl A. LaFleur of FERC issues a statement in response to the Wall Street Journal Article About Grid Security.
"We take seriously our obligation to the American people to protect the reliability and security of our nation’s energy infrastructure and to enhance its resilience. Experts from FERC and other federal agencies work continuously with the electric industry to assess the threats posed by physical attacks, cyber intrusions, and severe weather; perform sophisticated modeling to identify and address vulnerabilities; and provide advice on security techniques and best practices. FERC also oversees mandatory reliability standards for the electric industry, including cyber security standards and standards that require planning for contingencies and emergency operations. On Friday, March 7, 2014, FERC ordered mandatory standards to protect critical facilities from physical security threats and vulnerabilities. At the same time, no single action or approach is sufficient. Building a resilient grid requires a comprehensive and ongoing assessment of how the system is planned, constructed, operated, and secured under a range of conditions.
"Today’s publication by The Wall Street Journal of sensitive information about the grid undermines the careful work done by professionals who dedicate their careers to providing the American people with a reliable and secure grid. The Wall Street Journal has appropriately declined to identify by name particularly critical substations throughout the country. Nonetheless, the publication of other sensitive information is highly irresponsible. While there may be value in a general discussion of the steps we take to keep the grid safe, the publication of sensitive material about the grid crosses the line from transparency to irresponsibility, and gives those who would do us harm a roadmap to achieve malicious designs. The American people deserve better."