In a report released on Monday, the Government Accountability Office (GAO) called out federal agencies for dragging their feet on measures intended to improve the resilience of the U.S. electric grid.
The Electricity Grid Resilience report draws on previous GAO publications to run down the biggest threats to the resilience of the bulk electric system, citing Presidential Policy Directive 21, which was issued in February 2013 and defines resilience as “the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions.” In the report, GAO also chastises other federal groups — mainly FERC and the Department of Energy (DOE) — for failing to follow through on GAO’s previous recommendations.
“The nation’s grid … faces risks from events that can damage electrical infrastructure … and communications systems, resulting in power outages [that] can threaten the nation’s economic and national security,” the authors wrote. However, while “agencies have implemented several of GAO’s recommendations for improving electricity grid resilience,” many “that represent key opportunities to mitigate risks” remain to be implemented.
The report identifies three main areas of risk to the grid warned about in previous GAO briefs. First is extreme weather and climate change, with February’s severe cold — which resulted in outages for millions of customers in Texas — receiving prominent billing along with hurricanes Irma and Maria, which hit Puerto Rico and the U.S. Virgin Islands in 2017. Referring to its own previous studies, GAO projected “more frequent and intense” storms that could “affect electricity generation, transmission and distribution” as a result of climate change.
Cyberattacks are another risk, with GAO cautioning that generation, transmission and distribution systems are all “increasingly connected” to the internet, creating various opportunities for hackers. A cyber intrusion could attack the grid directly, as in the case of a 2019 event that disrupted communication software for a utility serving parts of the Western U.S., or it could “facilitate a physical attack” by disabling security systems for vital infrastructure.
The report also warns that electromagnetic events, whether resulting from natural phenomena or induced artificially, present a danger for which the U.S. is largely unprepared. Along with disrupting computers and electronics, these events can “cause significant damage to critical electric infrastructure, such as transformers.” The 1989 solar storm that caused the collapse of the Hydro-Quebec grid is one example of this danger.
Previous Suggestions Not Taken
Federal agencies have acted on some of these items — for instance, FERC ordered NERC to develop reliability standards relating to geomagnetic disturbances in 2013, and GAO noted that the Department of Homeland Security appeared to have acted on its 2016 recommendation to “designate roles and responsibilities … for addressing electromagnetic risks.” (See FERC Orders Rules on Geomagnetic Disturbances.)
But the report found that many more of its recommendations have not yet been followed. Under the extreme weather and climate change category, GAO repeated previous calls for DOE to develop a “department-wide strategy” to enhance the grid’s resilience to climate change and to create a plan for the development of resilience-planning tools, as well as for FERC to “better manage climate-related risks to the grid by identifying, assessing and planning” for them.
For cybersecurity, GAO chided DOE for not yet finishing its part of the federal cybersecurity strategy as GAO recommended in 2019. The organization also reiterated calls for FERC to consider further changes to its cybersecurity standards and “evaluate the potential risks to the grid from a coordinated attack on geographically distributed targets” in order to ensure that “the approved threshold for mandatory compliance adequately responds to that risk.”
