Two members of the Federal Energy Regulatory Commission last week balked at former Chairman Jon Wellinghoff’s campaign to raise awareness of the threat of sabotage of the electric grid, saying it could result in copycat attacks and wasteful spending. Separately, the head of the North American Electric Reliability Corp. said he opposed mandatory standards on physical security as expensive and unworkable.
Commissioners John Norris and Philip Moeller made statements at last week’s meeting in response to news articles earlier this month reporting on Wellinghoff’s concerns about the April 2013 sniper attack on a PG&E substation near Metcalf, Calif. The former chairman called the attack “the most significant incident of domestic terrorism involving the grid” to date. (RTO Insider provided an account of the attack based on a presentation at PJM’s Grid 20/20 conference in November. See Substation Saboteurs ‘No Amateurs’.)
Congressional Inquiry
Following the articles, Senate Majority Leader Harry Reid and three fellow Democrats wrote a letter to acting FERC Chair Cheryl LaFleur and NERC CEO Gerry Cauley asking them to determine whether reliability regulations were needed to address the physical security of “critical substations and other essential functions.”
In a letter to Reid Feb. 11, LaFleur said that FERC had joined NERC, the Department of Homeland Security, the Department of Energy and the FBI in an outreach campaign to utilities, states and law enforcement agencies, including a detailed briefing about the Metcalf incident. “This approach has resulted in improvements being implemented more quickly and more confidentially than a mandatory regulation could have accomplished under our existing authority,” she wrote.
LaFleur added, however, that she had directed FERC staff to work with NERC to determine whether a mandatory reliability standard is needed “to protect against physical attacks on our electric infrastructure.”
In his own response, NERC’s Cauley said he opposed a mandatory standard. “There are more than 55,000 substations of 100 Kv or higher across North America, and not all those assets can be 100% protected against all threats,” Cauley wrote. “I am concerned that a rule-based approach for physical security would not provide the flexibility needed to deal with the widely varying risk profiles and circumstances across the North American grid and would instead create unnecessary and inefficient regulatory burdens and compliance obligations.”
Cauley summarized NERC’s “defense-in-depth” philosophy, which includes simulation exercises such as NERC’s two-day drill last November. (See Grid Exercise `Like a Disaster Movie’.)
At last Thursday’s open meeting, Commissioner Moeller read a brief statement warning that “highlighting any real or perceived vulnerabilities and sharing specific security information or responsive actions may inadvertently promote the prospect of additional copycat attacks.”
Commissioner Norris had far more to say, warning that “elected officials and our former colleague seem to be calling for significant measures specifically geared toward erecting various physical barriers to our grid infrastructure.”
“I am concerned,” he said, “that such actions are a 20th century solution for a 21st century problem.”
Norris said three utilities that met with him recently indicated they may spend more than $500 million on physical barriers and increased security measures around transformers and substations.
PG&E said Feb. 10 it plans to install opaque walls, advanced camera systems, enhanced lighting and additional alarms at multiple substations as a result of the attack. Although it did not place a cost estimate on the improvements, it said it would likely seek a rate increase to fund them.
Norris said making such investments nationwide could cost billions — money he said would be better spent on “a multi-functional, intelligent grid that is resilient and capable of mitigating multiple kinds of threats.” He noted that in addition to potential saboteurs, the grid also faces threats from cyber-attacks, geomagnetic disturbances, electromagnetic pulses and natural disasters.
Metcalf Attack
At least two gunmen were believed involved in the attack on PG&E’s Metcalf 500/230 kV substation near San Jose about 2 a.m. April 16. The shooting occurred minutes after the suspects were believed to have cut underground fiber optic cables a half-mile from the substation, briefly knocking out phone and 911 service in the area.
The shooting caused more than $15 million in damage and prompted the California Independent System Operator to issue an alert asking residents in the region to cut their electricity use. The substation was out of service for nearly a month.
The incident was strikingly similar to a scenario Wellinghoff had outlined in 2012 in an interview with Bloomberg News. Transformers are often custom built and can take 18 to 36 months to replace, Wellinghoff said.
The recent news accounts quoted Wellinghoff reporting that investigators found that the shell casings discovered outside the substation were wiped off to prevent fingerprint detection. Wellinghoff also said military experts spotted small rock piles outside the substation that might have been left earlier to mark the best firing positions.
While Wellinghoff characterized the incident as “terrorism,” the FBI has not agreed with such a characterization.
“Based on the information we have right now, we don’t believe it’s related to terrorism,” an FBI spokesman told The Los Angeles Times, noting that no one has been arrested in the case. “Until we understand the motives, we won’t be 100% sure it’s not terrorism.”
LaFleur: Change FOIA
Unlike Norris and Moeller, LaFleur did not criticize Wellinghoff’s actions in raising the alarm about the attack.
But she told reporters after the meeting she agreed with her colleagues that “the resilience of the grid needs to be viewed broadly.”
She said FERC would seek to “maximize existing authority before talking about” seeking more powers. However she said Congress could help security efforts by amending the Freedom of Information Act to exempt sensitive information regarding grid vulnerabilities and threats from disclosure.
In her letter to Reid, she added: “Congress should consider designating a federal department or agency (not necessarily FERC) with clear and direct authority to require actions in the event of an emergency involving a physical or cyber threat to the bulk power system. This authority should include the ability to require action before a physical or cyber national security incident has occurred.”
Senators’ Letter
The letter from Reid, which was signed by Ron Wyden (D-Ore.), Al Franken (D-Minn.) and Dianne Feinstein (D-Calif.) expressed concern “that voluntary measures may not be sufficient to constitute a reasonable response to the risk of physical attack on the electricity system. While it appears that many utilities have a firm grasp on the problem, we simply do not know if there are substantial numbers of utilities or others that have not taken adequate measures to protect against and minimize the harm from a physical attack. A chain is only as strong as its weakest link.”
Unlike a chain, however, the grid is designed to remain functional despite the loss of individual assets.
“We should look to further deployment of phasor measurement units, wide-area management systems and enhanced situational awareness,” Norris said. “Furthering efforts in the development and deployment of microgrids and smart grid technology will also greatly assist in addressing grid resiliency.”