Transmission Resiliency Summit Focuses on Grid Security

Apr 8, 2019

The NATF, EPRI and NERC gathered reps from utilities, RTOs, regional entities and government agencies to discuss improving the bulk electric system.

By Michael Brooks

CHARLOTTE, N.C. — There was no stated theme to this year’s Transmission Resiliency Summit, held at Electric Power Research Institute laboratories last week, but some common motifs ran through the event.

The North American Transmission Forum (NATF), headquartered less than 6 miles west of the EPRI labs, gathered representatives from utilities, RTOs, NERC regional entities and government agencies to discuss improving the resilience of the bulk electric system.

More than 200 representatives from utilities, RTOs, NERC regional entities and government agencies gathered at EPRI’s lab in Charlotte, N.C. | © *RTO Insider*

That group held its first meeting in April 2013 in the aftermath of Superstorm Sandy, focusing on severe weather events, according to NATF CEO Tom Galloway. Less than two weeks later, gunmen carried out a highly sophisticated attack on Pacific Gas and Electric’s Metcalf substation, costing the utility more than $15 million in direct costs and $100 million in security upgrades.

Galloway’s recollection of those events set the stage for two days of discussing not just the myriad threats the grid faces — and the best ways to secure the grid, both physically and digitally, against them — but also how to respond to and recover from a catastrophic event.

Last week’s summit, hosted jointly with NERC this year, was the largest NATF and EPRI have held and the first one open to non-NATF members, including the press. Andrew Phillips, EPRI vice president of transmission and distribution infrastructure, said 230 people had registered, representing more than 100 different entities from the U.S. and Canada.

The maximum capacity for the conference room: 230. And there were only a few open seats throughout the event.

“Who’s who in the zoo [are] all here,” said Brian Harrell, assistant director for infrastructure security at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). “No. 1, I think that’s a testament to this particular conference, and two, it’s showcasing the fact that you all are taking resilience very, very seriously.”

Speakers Stress Collaboration, Info Sharing

A constant refrain among the multiple speeches, presentations and panels was an emphasis on working together and sharing information, both between the public and private sectors, and among utilities.

Left to right: Charles Poliseno, Duke Energy; Bennett Gaines, FirstEnergy; and Kathy Bosse, Exelon. | © *RTO Insider*

“I think we really need to advocate for a collective defense: Whether you are a critical infrastructure company, whether you are a citizen of the United States or you are the U.S. government, we are all in this together,” said Harrell, a former director of the Electricity Information Sharing and Analysis Center (E-ISAC). “Your problem quickly becomes my problem. My problem quickly becomes your problem. Duke’s problem quickly becomes SCANA’s problem, which becomes Dominion’s problem, etc.”

The current director of E-ISAC, Bill Lawrence, urged attendees to join the NERC-operated program, noting the effort to improve its web-based tools in the past few years. “Basically, back in 2015, many of your organizations took a hard look at us and said, ‘Hey, ISAC, if [you want us] to use you, you gotta suck less.’”

E-ISAC benefits from the required reporting under NERC’s Critical Infrastructure Protection standards, “but we also need to get that voluntary information sharing,” Lawrence said in a presentation on measuring the program’s effectiveness. “We’re definitely not sitting on … a pile of gold in voluntary shares, but it’s growing, because our vision is to be a world-class, trusted source of quality analysis and rapid sharing of electric infrastructure security information.”

Galloway asked Lawrence if there was anything besides “‘better information sharing’ … that this audience can do to better support you in moving the E-ISAC forward.”

“Other than my catch-all — ‘share more’ — challenge us,” Lawrence answered. He encouraged members to inform the center if they found its resources were not useful to them.

Most of the first day of the event was spent discussing the incident command system (ICS). The concept was originally developed by fire chiefs in several states in the 1970s to provide a common hierarchy and standardized terms among their departments to coordinate their response to wildfires. Now it is used across multiple sectors, companies and institutions to coordinate their responses to emergencies.

“Firefighting is a team sport,” said Wike Graham, battalion chief for the Charlotte Fire Department. He recalled that Carolina Panthers Head Coach Ron Rivera, after observing firefighters put out a fire in his house, compared the incident commander to a coach. “‘They send the plays in, and you watch these guys, they all know what they’re doing and they’re working as a team.’ That’s what ICS is all about.”

An ICS determines who is in charge (the incident commander) among teams from different entities that respond to an emergency — for example, local police, FBI and the military.

“Training military guys to not be in charge is difficult,” said Taylor Cox, senior consultant for business continuity at Xcel Energy. “‘Yes, sir, I understand you were in charge in Iraq. You are not in charge here,’” recalled Cox, a former member of the Army National Guard.

Staff members from several utilities shared their experiences implementing ICS. Manny Cancel, Consolidated Edison’s chief information officer, described how his company used the system to restore power to Wall Street after the terrorist attacks of Sept. 11, 2001. Kathy Bosse, crisis manager for Exelon, said her company used the system during the civil unrest in Baltimore following the death of Freddie Gray in 2015. Others shared their experiences using the system to respond to simulated cybersecurity attacks.

Emergency Communications

The Metcalf attackers, whose motives and identities remain a mystery, cut fiber optic cables less than a mile from the substation, briefly knocking out internet, phone and 911 service in the area. “One of the things that was most troubling is that it was a very deliberate effort to impact communications,” Galloway said.

One panel at the conference focused exclusively on communications during an event in which all other methods are unavailable.

Ross Merlin of DHS gave a presentation on the department’s SHAred RESources (SHARES) high-frequency radio (HFR) program. He began by explaining how HFR works.

“It works by something called ‘PFM.’ It stands for ‘pure freaking magic.’”

Actually, it’s quite simple but, based on the audience’s reaction to the technology, no less impressive. HFR works by bouncing signals off Earth’s ionosphere, the part of the atmosphere that has been ionized by solar radiation, about 80 km above the surface.

Normally, HFR is used for communicating over very long distances. But it can also be used in cases where all short-distance comms are down.

“By using the right antenna, you can make your signal go almost straight up, which sounds useless unless you’re trying to talk to the International Space Station,” Merlin said. But once it bounces off the ionosphere, the signal comes “not just straight down, but kind of like an upside-down ice cream cone,” allowing for communication within a certain radius. Users can send not only voice, but email and images as well.

SHARES has more than 2,600 participants using about 2,300 radio stations, according to Merlin. The program used to be restricted to the federal government only, but “a few years ago we found giant loophole, I mean, we found a way to reinterpret the rules so as to allow state and local government and critical infrastructure and key resources folks to take advantage of this. … The folks you depend on, whatever you have a dependency on to keep going, we can probably get them in here.”

Several attendees representing Canadian utilities said after Merlin’s presentation that they intended to inquire about applying for the program.

Drones

The second day of the conference featured presentations on the threats posed by unmanned aerial vehicles, more commonly known as drones, both those used by utilities for maintenance and those used by the public — or hostile foreign actors.

CISA’s Harrell repeated his warnings against using foreign-manufactured drones from last month’s NERC Reliability Leadership Summit. (See Feds Late to Act on Drone Threat, DHS Official Says.) E-ISAC’s Lawrence advised the audience to “look beyond” the manufacturers from which the federal government is banned from purchasing under the National Defense Authorization Act for Fiscal Year 2019.

There have also been incidences overseas of environmentalists using drones to try to disable electric infrastructure, including one last year in which Greenpeace flew a device shaped like Superman into a nuclear plant in France.

But according to Xcel’s Cox, “nuisance drones,” piloted by careless or curious hobbyists, are the most common threat to utilities.

“A lot of them are like the kid who throws the Frisbee on your roof and just wants his Frisbee back.”

The Federal Aviation Administration has exclusive jurisdiction over what can fly where, meaning utilities that spot drones over their substations or other facilities can’t do much about them except report them. But that doesn’t mean utilities shouldn’t monitor them.

“There are a lot of physical security managers not paying attention because they say, ‘Well we can’t shoot them down anyway, so why should we care?’” Cox said in response to an audience question about what is allowed. “Well a lot of your security folks don’t have arrest authority, and yet we’re still taking pictures of people stealing copper.”

He advised utilities to leave downed drones alone: Blades can easily cut off fingers, and any sim cards could be compromised with malware.

Travis Moran of Welund North America urged audience members to submit comments on FAA’s Advance Notice of Proposed Rulemaking regarding drones, due April 15. Proposed earlier this month under Section 2209 of the FAA Extension, Safety and Security Act of 2016, the rules would allow utilities to apply for airspace restrictions over their facilities.

“2209 is your best interest right now, and you’ve got to get your lobby people off their butts on this,” said Moran, also a strategic partner with SRC/Gryphon Sensors and a member of the Energy Drone Coalition’s advisory board. “I’ve always said you guys get it because you’re already used to the CIP standards and CIP process, so electricity should be the one to lead this. … Get your people on there … or else you know how the government is going to do it. They’re doing it without your comment, and you’re not going to like what you get.”

Conference Coverage FERC & Federal Reliability