AdobeStock_596516064

“They must know if you cut off our power, deprive us of electricity, deprive us of water, deprive us of gasoline you need to know we have the right to do it [to you].”

Ukrainian President Volodymyr Zelenskyy spoke these words in a recent 60-Minutes interview on Ukraine’s ongoing war with Russia.

This is the reality of modern warfare: adversaries target the critical infrastructure a country needs to survive, most especially the electric grid. Our own government knows this, which is why the U.S. has poured tens of millions of dollars into the Ukrainian electric grid in recent years in an effort to strengthen its resilience to Russian bombardment, physical sabotage, and cyber- attacks.

But when it comes to protecting America’s electric grid, the U.S. government has been MIA for decades.

In May 1981, the GAO published a report entitled “Federal Electrical Emergency Preparedness Is Inadequate,” warning that the nation’s electric power systems were “very vulnerable to disruptions from acts of war, sabotage, or terrorism,” and that the “Federal Government is not now prepared to handle a long-term national or regional disruption in electric power.”

In 2013, the spectacular coordinated attack on PG&E’s Metcalf transformer station in California, first reported by the Wall Street Journal, brought the lack of grid physical security to the attention of Congress. The electric utility industry argued against the need for a physical security standard, but the government ordered the industry to write a physical security standard anyway. The resulting standard the industry was forced to write exempted most facilities and required no actual physical security measures be taken. Physical attacks against the grid continued.

After attackers used rifle fire to take down two electrical grid substations in Moore County, North Carolina, leaving 40,000 citizens without power in December of 2022, the Federal Energy Regulatory Commission (FERC) – the U.S. agency responsible for approving the physical security standards for the nation’s bulk electric system– announced a joint technical conference with North American Electric Reliability Corporation (NERC), the organization responsible for developing grid reliability standards and enforcing compliance to regulations, to discuss physical security.

In response to the conference this past August, the electric utility industry once again went on record that no further enhancement of grid security standards are necessary. This has been their standard response for years to any attempt to update the physical security or cybersecurity standards for the electric grid.

Outside grid security experts and engineers have argued for years that the industry needs to improve physical security standards for critical assets in the country’s electrical grid, motivated in part by a federal study which showed that physical sabotage attacks against only a small number of critical nodes in the grid would be sufficient to cause a prolonged and devastating nationwide blackout.

Currently FERC allows the electric power industry to decide which substations are important enough to fall under the existing physical security standard, even while that standard is fraught with loopholes. The industry has taken a very narrow approach in naming substations as “critical,” to avoid having to spend money to protect them.

Security experts have petitioned FERC to force the industry to utilize its own accurate engineering models to determine what elements of the grid are truly the most vital, and then apply the standard to those assets. Such a requirement is common sense, but industry trade groups have consistently pushed back.

Imagine if the auto industry deliberately refused to use data from their excellent crash simulators and crash dummies to provide input to their engineers to make cars safer?  Wouldn’t that be criminally irresponsible?

It’s an analogy that should be on the minds of the Commissioners at FERC.

Unfortunately, attacks on the electric grid aren’t going away. According to data submitted to the Department of Energy by the electric power industry, physical attacks have resulted in electric disturbances in 1,072 cases from January 2010 through June 2023 – a rate of nearly 1.5 attacks per week. At the same time, the vulnerability of the grid has been covered widely by the media and even through documentaries such as the award-winning film “Grid Down, Power Up.”

Yet over the past nine years, FERC has declined to order a fundamental overhaul of an obviously ineffective physical security standard despite numerous formal complaints and petitions.

It is just a matter of time before one or more of these attacks results in a major blackout causing immense economic and physical loss. When that happens, the Commissioners at FERC should ask themselves –who will the American people hold responsible?

Please Share: