November 22, 2024
DOE IG Warns FERC Information Security ‘Severely Lacking’
Probe Cites Missing Email, Conflicting Testimony
FERC’s protection of information on the vulnerability of the nation’s electrical grid is “severely lacking,” the DOE Inspector General warned in a report.

By Ted Knutson and Rich Heidorn Jr.

ferc
Former FERC Chairman Jon Wellinghoff

WASHINGTON — The Federal Energy Regulatory Commission’s protection of information on the vulnerability of the nation’s electrical grid is “severely lacking,” Department of Energy Inspector General Gregory Friedman warned in an inspection report.

The report, released Feb. 4, also said investigators found “troubling” inconsistencies between the testimony of FERC staffers and former FERC Chairman Jon Wellinghoff. Investigators said their efforts to reconcile the disparities were hampered because relevant emails were missing from Wellinghoff’s account.

Friedman called on the agency’s staff to develop a system to review sensitive information with the aim of providing appropriate access to the industry while protecting the data from would-be adversaries. He also recommended commission workers have security clearances.

The report came as a result of accusations that Wellinghoff inappropriately disclosed information to industry and federal officials on an analysis he commissioned on critical substations. Details of the analysis also were the subject of news articles. (See FERC Criticism of Ex-Chair Mounts.)

FERC staffers told the IG the non-public information Wellinghoff released was highly sensitive though it wasn’t classified. “The commission failed to have the material reviewed even though some commission staff referred to the analysis and substation failure simulations as being of ‘national security’ interest,” the IG said.

The report did not cite Wellinghoff by name, only referring to him as “the former FERC chairman.”

The report said that from June through October 2013, commission staff, including the former chairman, briefed or shared details of the electric grid analysis with industry and federal officials and congressional staff.

Factual Disputes, Missing Email

Before the briefings, the IG said, an unidentified “senior commission official” requested that the chairman consider using generic simulations to avoid revealing sensitive information, but Wellinghoff denied the request. The creators of the analysis told investigators that in response to concerns about sharing the information, Wellinghoff permitted them to treat the documents as Critical Energy Infrastructure Information (CEII), requiring those who viewed the information to sign nondisclosure agreements. The report cites emails dated April 23 and 25, 2013, in which a senior commission official wrote that he discussed the use of nondisclosure agreements with the former chairman, who agreed with the idea.

But Wellinghoff told investigators that although there was a general assumption that the analysis should be considered CEII, it was never formally designated as such. The former chairman also said he was unaware of commission staff requiring the completion of nondisclosure agreements prior to his sharing the information.

The IG said that in an effort to resolve the “troubling” inconsistences in the testimony of commission staff and the former chairman, investigators obtained emails and other relevant documentation from commission records.

“In our view, the information contemporaneously generated by the commission staff supported the testimonial evidence they provided regarding the circumstances surrounding the creation and subsequent handling of the electric grid analysis and substation failure simulations,” the IG said. “When we attempted to compare the statements made to us by the former chairman to supporting information, we found no email traffic in the former chairman’s account for a relevant period in October and November of 2013.”

Although commission staff said they had provided all of Wellinghoff’s emails in commission records, investigators did obtain some emails generated or received by the former chairman that were not found in his account from the email accounts of other commission staff members. “Nonetheless, because of the inability to obtain information from the former chairman’s email account for that period, we were unable to completely reconcile the differing positions,” the IG said.

Wellinghoff did not respond to a request for comment on the report.

‘Deeply Troubling’

The report was requested last February by then-Senate Energy and Natural Resources Committee Chairman Mary Landrieu (D.-La.) and the current chair, Alaska Republican Lisa Murkowski.

Murkowski issued a statement Feb. 4 terming the findings “deeply troubling.”

“Not only did the report find inconsistencies between the testimony of former FERC Chairman Wellinghoff and commission officials, but it found that during Wellinghoff’s tenure there was a ‘culture of reluctance to classify certain nonpublic documents,’” Murkowski said.

“Additionally, it is concerning that Mr. Wellinghoff’s email during the relevant period apparently went missing. Oversight of FERC is an important duty of this committee. As chairman, I will fully review the inspector general’s recommendations, including potential legislative proposals to improve FERC’s handling of sensitive information.”

FERC Chairman Cheryl LaFleur, who succeeded Wellinghoff, said she concurred with the report’s findings and had begun to implement its recommendations.

In response to the IG’s preliminary findings in April 2014, the commission modified its mandatory annual ethics and classified security training to emphasize the proper handling of nonpublic and classified material. (See IG Faults FERC on Leaked Sabotage Report.)

Commission staff also has begun meeting with Department of Energy officials to address confusion identified by investigators over their respective responsibilities for classifying commission-created information.

The IG said the commission’s comments and planned corrective actions were “generally responsive” to its findings.

FERC & Federal

Leave a Reply

Your email address will not be published. Required fields are marked *