November 22, 2024
IG Faults FERC on Leaked Sabotage Report
FERC lacks proper controls for handling classified national security information, the Department of Energy’s Inspector General said.

The Federal Energy Regulatory Commission lacks proper controls for identifying and handling classified national security information, the Department of Energy’s Inspector General said last week.

Gregory H. Friedman issued his preliminary findings in a report issued on the eve of FERC’s appearance before the Senate Energy and Natural Resources Committee Thursday.

The IG review was initiated in March in response to news reports that included non-public information regarding FERC modeling on grid vulnerabilities and the investigation into the April 2013 attack on Pacific Gas and Electric Co.’s Metcalf substation.

The IG report said DOE’s subject matter experts concluded that at least one presentation created by commission staff should have been classified when it was created.

Article Cited

Although the report did not identify the presentation, Acting FERC Chair Cheryl LaFleur told the Energy Committee Thursday it was modeling created in early 2013 that was the subject of a March 13 Wall Street Journal article.

The article said the modeling indicated that disabling just nine critical substations could blackout the continental United States — a conclusion some experts have questioned.

“Based on preliminary information, we determined that the presentation was accessible to, and in specific instances, was viewed and handled by Commission employees who may not have had personnel security clearances and thus, were not fully aware of their obligation to protect the information,” Friedman said in a management alert. “Similarly, the document was reported to have been maintained on portable electronic equipment and transmitted via unsecured means.”

The document’s contents may “have been provided to both Federal and industry officials in unclassified settings,” the report added.

LaFleur had requested the IG review along with Senate Energy Chair Mary Landrieu, D.-La., and ranking member Lisa Murkowski, R-Alaska. LaFleur told the committee Thursday she had ordered FERC staff to make implementation of the IG’s corrective recommendations a top priority.

Scrubbing Computers

Cheryl LaFleur, acting chair, FERC
Cheryl LaFleur, acting chair, FERC

LaFleur said that the presentation was created in early 2013 and should have been classified at the secret level or higher, rather than as Critical Energy Infrastructure Information (CEII), a level of information that can be obtained by many FERC employees.

FERC responded to the IG findings by “gathering any paper copies we can find … wiping and scrubbing all databases and computers, and any portable devices across the commission,” LaFleur said.

She said the commission also is “reaching out to former employees including our former chairman [Jon Wellinghoff], and trying to get our arms around any information that may be out there.”

Wellinghoff, who was chairman from 2009 until December 2013, has been widely quoted in news accounts since leaving the commission during his campaign to raise awareness of the threat of sabotage. Each of the current commissioners has criticized Wellinghoff, both for going public with his concerns and for not doing more to address them when he headed the commission. (See FERC Criticism of Ex-Chair Mounts.)

Wellinghoff told Politico last month that he and another FERC official had briefed hundreds of people about the study and that the information in the Journal article was no secret. “There was no classified information,” he said. “There was no secret information and nothing was shared with anybody that was in any way part of some unpublished report.” He did not respond to requests for comment last week.

NERC: Attack was ‘Turning Point’

At least two saboteurs are believed to have taken part in the Metcalf attack, which caused more than $15 million in damage and idled the substation for nearly a month, but caused no power interruptions.

Gerry Cauley, president of the North American Electric Reliability Corp., who also testified before the committee, said the attack was a “turning point” that indicated security measures designed to keep intruders from getting onto substation property were insufficient.

“We’re doing the right things and were doing the right things on a prioritized basis,” he said. “… The Metcalf incident was serious but it’s also a good example of the resiliency of the grid — there were no customer outages.”

FERC & FederalReliability

Leave a Reply

Your email address will not be published. Required fields are marked *