Like leaving a child with access to a supply of candy without a threat of disciplinary measures, the powers that be are permitting the nation’s electric power companies to ignore existential threats to the American people while conducting interesting but ineffective exercises that ignore this reality. More effective oversight is needed. Stay tuned . . .
Last Wednesday and Thursday, The North American Electric Power Reliability Corporation (NERC) led a nationwide exercise directed at examining the fragility of the nation’s electric power grid under limited cyber and kinetic attacks. While it will be some time before the results of this second Grid Exercise (Grid Ex II) are published, three early reports provide enough of a snapshot of its content to understand its limited nature—and why no one should take comfort in whatever may be eventually concluded. Notably, the sources of these three accounts indicated below are not known as reflecting “right wing” conspiratorial points-of-view.
________________________________________________________
NOTABLE REPORTS ON GRID EX II
A preview from the National Public Radio’s November 12, 2013 Marketplace report, “Nation’s Electricity Grid Gets a Test” by Dan Weissmann, which among other things, refers to the National Geographic Channel’s American Blackout (See our October 24 and October 25 email messages)—depicting a 10-day shutdown of the Grid due to a cyberattack—while providing a day’s advance notice of Grid Ex II which is projected to test portions of the Grid to much smaller and less threatening attacks. For example. Weissmann observed that “Grid Ex will not address Telecommunications. In the world of the game, the internet and phone system will keep working.” He quoted a cyber security expert associated with the exercise as saying that would make conducting an exercise “difficult” and that may be something they look at for “next time,” in the context of a progression from the 2011 Grid Ex I, which involved only cyberattacks, to Grid Ex II, which involved cyberattacks and attacks that cause “stuff to blow up.
Also on November 12, the New York Times published on line a very informative 10-minute video, discussed briefly in our email message the same day—with links to the Times’ video that referred to Grid Ex II. This important video keyed off the 2003 cascading power grid failure from Ohio throughout the northeastern U.S. and into Canada, leaving some 50 million people without power for about 30 hours and in some cases up to four days. It graphically illustrated real life regional conditions without water, food, transportation, etc. caused by a tree falling on the fragile grid in Ohio, coupled to operations failures. It also pointed out the dysfunctional nature of how the electric power grid was then regulated—with no one in charge of the operations of literally hundreds of power companies. Ms. Nora Mead Brownell, a Commissioner of the federal Electric Regulatory Commission (FERC) from 2001-2006, illustrated the lack of sound Federal regulation of the hundreds of power companies and related elements of the Grid by observing that it was “like expecting your kids, when you walk out of the room and leave a pile of candy, not to help themselves unless you’ve said there’ll be consequences if you grab that pile of candy.” The video observed that, three years after the 2003 power failure, Congress authorized FERC to issue fines to non-compliant industrial elements—but offered no assessment of the effectiveness of those measures.
The November 14 New York Times carried a brief report by Matthew Weld on the just completed Grid Ex II entitled “Attack Ravages Power Grid. (Just a Test).” Weld reports that by late morning of the second day of this “unprecedented continental-scale war game to determine how prepared the nation is for a cyberattack, tens of millions of Americans were in simulated darkness. Hundreds of transmission lines and transformers were declared damaged or destroyed, and the engineers were rushing to assess computers that were, for the purposes of the drill, tearing their system apart.” Weld quotes Gerry W. Cauley, the president and chief executive of the North American Electric Reliability Corporation, which ran the drill as saying the drill went really well . . . “A bit scary, but really well.” After the Grid Ex I two years ago analysis, Weld says analysts found that participants were good at communicating with their neighbors, electrically speaking, but not with national organizations like the electric reliability corporation, making it hard for anyone to get an overview of what was happening. How well they did this time in what the national group called Grid Ex II will not be clear for weeks. Other reports are also expected to be slow in coming.
________________________________________________________
Some Implications of Grid Ex II.
Given the above press reports and an early (apparently from around last February) Booz Allen planning/recruitment briefing obtained from Googling, accurately reflect the actual Grid Ex II exercise, a few observations seem clear.
Dan Weissmann of NPR and, in particular, Matthew Weld of the New York Times should be complimented for providing at least this limited insight into the fragility of the Grid and the nature of the NERC-led exercises to date. Weld aptly observed that “the grid is quite vulnerable today”—indeed in his August 12, 2013 article, he more explicitly observed, “The electric grid . . . is the glass jaw of American industry. If an adversary lands a knockout blow . . . it could black out vast areas of the continent for weeks; interrupt supplies of water, gasoline, diesel fuel and fresh food; shut down communications; and create disruptions of a scale that was only hinted at by Hurricane Sandy and the attacks of Sept. 11.”
The New York Times video is also excellent in laying out visually and irrefutably, based on actual experience of a massive 2003 failure: 1) the nature of losing a major portion of the grid for even a short period of time, and 2) especially the nature of the bureaucratic problems of getting the electric power industry organized to deal effectively with the potential loss of the entire grid for an extended period of time.
The heart of the problem is getting sound Federal regulation of the hundreds of power companies and related elements, as was indelibly laid out by former FERC Commissioner Brownell’s statement that it was “like expecting your kids, when you walk out of the room and leave a pile of candy, not to help themselves unless you’ve said there’ll be consequences if you grab that pile of candy.”
This problem was not solved by the 2006 congressional action giving FERC authority to impose fines on noncompliant power companies—the primary regulation authority remains vested with the electric power industry’s representative, NERC—i.e., akin to leaving the kids in charge of the pile of candy.
As Ms. Brownell indicated this is obviously unwise. An independent agency obviously should be given the authority to regulate integrated operations of the grid—just as the Federal Aviation Agency regulates commercial aviation.
This has been the objective of proposed but languishing legislation (such as the GRID and SHIELD Acts) with overwhelming bipartisan support. The electric power lobby has managed to block passage of these bills, now proposed in the third congress in a row. In particular, the NERC has irresponsibly denied the reality of existential threats such as from natural or manmade electromagnetic pulse (EMP) events including in reports called “junk science” by truly competent technologists.
The reality of these threats is validated by numerous authoritative studies, including the congressionally mandated EMP commission in their 2004 and 2008 reports, the National Academy of Sciences, and several studies by the Department of Energy National Laboratories. And most pertinent, the effects are well known to technologists who designed our strategic systems during the Cold War to operate through such EMP attacks—but no effort was then, or since, spent to similarly harden the electric power grid and other electronic critical infrastructure, which makes possible modern civilization and sustains the lives of 310 million Americans.
Such activities as NERC’s Grid EX II exercise are academically interesting, but actually do little to deal with this serious threat, now well known for over a decade—including by our enemies and terrorists. Time is being wasted by such piecemeal exercises every other year, which seems to be NERC’s anticipated pattern. (Maybe the next one—e.g., two years from now—will, as suggested above, examine what happens without communications—sure to be lost in an EMP event—or even a competent terrorist cyberattack.)
Such delays dealing with a truly existential threat should not be tolerated by appropriate Federal authorities and members of congress who should be held accountable by “We the people.”
Last June, Rep. Trent Franks (R-AZ) and 24 co-sponsors introduced the Secure High-voltage Infrastructure for Electricity from Lethal Damage Act (HR 2417)—the Shield Act, which would empower the FERC to more effectively deal with these issues. But despite considerable support from past and present ranking Intelligence Community and defense officials, the proposed Shield Act has languished for lack of action by both the House Committee on Energy and Commerce Subcommittee on Energy and Power and the House Committee on the Budget where the legislation had been referred.
In an effort to apply more pressure on his reluctant colleagues, Mr. Franks on 30 October introduced the Critical Infrastructure Protection Act to help prevent such widespread power failures by requiring the Department of Homeland Security to live up to its responsibility for securing U.S. key resources and critical infrastructure, to include power production, generation and distribution systems. This Act will fall under the jurisdiction of the House Homeland Security Committee—hopefully with more responsive and responsible treatment than has been given the proposed Shield Act.
It should be understood that there are affordable fixes to the vulnerability of the electric power grid. Cost should not be an issue. Current estimates are that several hundred million dollars may be needed to harden the key elements of the electric power grid to EMP—to protect perhaps a trillion dollar investment as suggested by former FERC Commissioner Brownell—and more importantly the lives of several hundred million Americans.
Follow Maine’s Lead.
Meanwhile, while Washington continues to dither, more states should follow Maine’s bold lead in actually taking concrete initiatives to protect its portion of the electric power grid, thereby ensuring that at least the people of Maine can survive catastrophic collapse of the national power grid induced by a severe solar storm, manmade EMP event, cyberattack, or other cause. Such EMP protection will also mitigate all lesser hazards, such as blackouts induced by hurricanes and storms.
We should encourage other state legislators to follow the pattern of Maine State Representative Andrea Boland (D-Sanford), who successfully advocated in only a six month period historically important landmark legislation, LD 131. It passed the Maine House unanimously and with only two dissenting votes in the Senate.
Original article may be viewed here.