Does the risk of terrorism directed at utilities warrant immediate action? And if so, will the federal government take over with predictable inefficiently and unpredictable outcomes? On the other hand, maybe we need the sluggishness that comes with government management to keep the industry from trying too hard and getting a hernia.
From the Wall Street Journal: Grid Terror Attacks: U.S. Government Is Urged to Take Steps for Protection:
“Two research groups urged the federal government to take action to protect the electric grid from physical attacks, rather than leave security decisions in the hands of the utility industry.
The Congressional Research Service recommended that Congress examine whether a national-level analysis of the grid's vulnerabilities is needed or if individual power companies' internal security assessments are sufficient.
Separately, a nonprofit research group said efforts proposed by utilities to harden the grid fall short because they don't account for how one region might depend on others. The report from the Battelle Memorial Institute, which operates six of the U.S. Energy Department's laboratories, said attacks could occur across more than one electric system, destabilizing large areas.”
Well, a unified approach makes sense. But are you happy about having government (say taxpayer) funded agencies and consultants recommending that government (say taxpayer) funded agencies expand to take on more work?
The article continues: “Jason Black, who wrote the Battelle report, which was published in May, said a utility-by-utility assessment is a flawed approach. It would be better to determine which U.S. facilities are critical by looking across many utilities' systems, he said.”
A triage approach. That makes sense. But who’s going to call the shots?
I tossed the discussion out to the Grid Optimization panel of experts and got a good discussion going. This is a rather long discussion but certainly worth reading.
Grid Optimization center of excellence
Vulnerabilities Will Always Remain
This is deja vu all over again.
The security of the electric system was also a big concern in the 70s. Under government pressure we examined how we could protect ourselves against outside attack but never really came up with an answer. After a time the issue seemed to evaporate as other things occupied the spotlight.
It appears now that we have come full circle and security of the electric system from outside intrusion is again in the headlines but with the added feature of cyber-attack in the equation due to electronics and computer control. Although I do not advocate throwing the towel in on this, my pessimism suggests that what one man may invent or put in place another can just as well undo and defeat.
Beyond this, physical attack is still a major threat to electric systems because of the sheer expanse of networks and equipment. Prudent design and precautions can minimize the damage an outside force can inflict but in the end many vulnerabilities will always remain. Unfortunately with rather crude instruments it is possible for almost anyone dedicated to causing damage to disable even the best designed and constructed electric networks. It was true in the 70s and is still true today.
Well what is the answer then? It is simply continuing to do all the things we are now doing to address the issue and doing them as well as we can while hoping for the best. The reality of it all is that there is nothing we can do to guarantee 100% protection from those intent on doing damage to our electric infrastructure.
Matthew C. Cordaro PhD
Trustee at Long Island Power Authority, Former Utility CEO, University Dean
Overall, Coordinated Plan is Needed
As one old enough to have lived through the 1965 Northeast blackout (I was taking a calculus exam), the 1977 New York City blackout, and the 2003 Northeast blackout (I was working at EPRI’s Lenox Lab), and just yesterday a local, substation-fire-related blackout, I’m starting to feel like a fighter who’s been in the ring too long. As everyone has noted, there are no silver-bullet solutions. No 100% guarantees. But something surely needs to be done; we can’t just throw up our hands and hope for the best. Here’s what I would suggest: As war is too important to leave to generals, the security of the nation’s grid is also too important to leave to the utility industry alone. There has to be an overall, coordinated plan to minimize both the risk and extent of major blackouts, whether such blackouts are terrorist- or weather-induced. Clearly, distributed generation has a role to play here, as does the hardening of critical substations (as Paul noted) and, I would add, the segmenting or regionalizing of communication and control systems. The key, I believe is to be agile, flexible, and innovative in both the development and execution of any such plan, for this is a battle with no end in sight.
former editor at McGraw-Hill’s Electrical Week newsletter, editor for Business Week, and researcher with EPRI
Focus on the Real Threat
I disagree with some elements of Lee’s post: “for this is a battle with no end in sight" Against who? (the weather? terrorists?)
The U.S. power network is vulnerable to weather - that is where I would focus my attention & budget. Question (straw man): In the United States, how many "blackouts" have been caused by "terrorists" and how many by weather (and in your answer indicate monetary loss due to said blackout). When I worked for Sony - we always focused on what cost the most - how to reduce that cost - what causes the most blackouts - focus on that (and it sure ain't "terrorists").
Neither would I involve politicos, who for the most part have a heroic lack of knowledge with respect to power networks.
"Harden substations" how? Cover them in concrete?
I live in Europe and what the United States does with respect to its power network (and how money is wasted or well spent on said network) is its own business. But whatever it does - think clearly and don't invent entities unnecessarily (a variation on Occam’s razor).
Systems Engineer UK DNO: Merseyside & North Wales Electricity Board O&M and new build
Senior Authorised Engineer to 33kV
If We Can Overcome Katrina....
I personally wrote a column calling for a dumb component to the smart grid so that we could switch off the sophisticated hackable components at will. I still see it that way. Terrorists get hacked too and they have resorted to handwritten notes that are hand delivered. I expect that if one size fits all, then one hack would affect all and so I am not sure that we need a grand solution.
But I am out of my technology element and my more nerdy IT friends say that we need more robust security measures.
Another comment: If we can overcome Katrina and Sandy, then any real or cyber-attack activities will pale in required response.
Transmission & Distribution World
Different Levels of Reliability
Many good comments. I like Rick's idea about causing smart grid to sort of "fail-dumb." It sounds intuitive but I suffer from Rick's limited IT background as well. It is likely that electricity is one of the many infrastructures that need more cyber security measures.
On the terrorist topic: There are good reasons why weather will remain a far greater threat to the grid than terrorist. The first reason is because of the scope of damage that storms such as Katrina and Sandy can inflict is difficult for man to replicate. The second reason resides in the name terrorist itself. For the most part a terrorist's principle objective is to create terror on a level that will publicize the terrorist cause and achieve their desired outcome. As inconvenient, costly, and dangerous as a system-wide blackout can be, it does not produce the same kind of visceral reaction that the bomb exploding at the Boston Marathon did. If the enemies of this country decide to shift from terror to sabotage, then it is a new game with new objectives. Even then "hardening" can only go so far. These days a properly motivated and equipped saboteur can take out just about anything that can be built by mankind.
Additionally, I wonder if it is time to consider offering different levels of reliability. I recently visited a data center website that touted a "Critical System Uptime" that exceeded 12.75 years - and counting. While that makes business sense for a data center, I sure wouldn't want to pay for that kind of reliability at my house (which currently has a "Critical System Uptime" of 92 hours and counting.) Of course, pursuing any service level differentiation in a regulated environment is a "swimming upstream" effort at best.
I particularly liked Mike's "heroic lack of knowledge" phrase. Well said. Unfortunately, I fear that the broad and uninhibited application of that insufficiency may ultimately be the biggest threat of all.
President, Inception Energy Strategies, LLC
Nationalized Grid Security Moves Us Toward Nationalized Grid
We need to be careful what we wish for. Moving toward nationalized grid security is moving toward a nationalized grid. I would just like us to consider the health of our nationalized passenger rail system (Amtrak) and mail delivery (Post Office) and social welfare systems (Social Security and Medicare) before we get too enthusiastic. I would also ponder the recent example of the GM bailout, and how politics rather than business sense or public good determined which dealerships and factories closed and how bondholders lost their investments to the unions by executive fiat in an engineered legal miscarriage right out of Atlas Shrugged. We all have anecdotes of power outages, but with a national system availability index of 99.98, there is a lot more room for performance to go down than up after a government takeover. Attacks on grid infrastructure or personnel are national news precisely because of their rarity. Most of the damage being done to the grid today is self-inflicted by bad policy. Market-distorting subsidies and mandates are already straining the grid with forced accommodation of undispatchable intermittent generation. Mixing in more vote-buying politics and conflicting partisan ideologies and executive branch license is a recipe for further undermining this national treasure of the world’s greatest power network.
As some have pointed out, there is a lot of efficiency and resiliency yet to be gained by developing industry-wide standardized hardware and protocols to make our grid more modular, more interchangeable, and more easily scalable. I heartily agree. But we should also understand there is risk in homogeneity. More connectivity and interoperability and uniformity actually increase the vulnerability to cyber-attack rather than decrease it. The more monolithic systems become, and the more visibility is granted into their underlying functions and operating systems by way of open architecture, the more vulnerable they can become to malicious attacks or accidental software glitches that rapidly propagate through a system. Systems with incompatible protocols or air gaps between devices actually provide natural barriers and fire-breaks to penetration and exploitation.
In my opinion, one of the biggest mistakes the U.S. military services have made in recent years is completely standardizing their computer networks to the point that any weakness or vulnerability that is found can be exploited from any networked terminal in the world. China successfully attacked classified U.S. military networks with a thumb drive years before STUXNET made the headlines. A bad OS patch a couple of years ago took down much of the Navy's NMCI network with essentially a self-inflicted denial-of-service attack because every computer tried to download its updates from the network servers at the same exact time. Implementing common application programming interfaces (API) at the seams between dissimilar equipment is generally a better approach to balancing interoperability and performance with security and cost than to impose completely homogenous architectures and operating systems. In any case, for a US power grid comprising $2 trillion in physical plant, there really is no option to simultaneously upgrade everything to the same configuration, let alone maintain it in uniformity as technology evolves.
Before we sell our soul to the devil for a promise of security, we should do more to understand the symptoms and diagnose the disease we are trying to treat. Our adversaries are blue-collar criminals (copper thieves, vandals), and white-collar criminals: hackers, disgruntled insiders). If the attackers are only seeking personal enrichment or notoriety, they are a law enforcement challenge, and God knows we have plenty of law enforcement capacity across the land in this post 2001 world with every government agency from Immigration and Customs to the Department of Education armed with sawed-off shotguns and hollow-point bullets. If the attackers aim is to cause death and destruction, they are terrorists, and therefore an FBI and CIA and DOD challenge. In either case, there are already multiple layers of federal agencies and national bureaucracy in place to deal with them. The fact that this vast and inefficient and expensive array of agencies has imperfect effectiveness is an argument against further reinforcing that strategy. In my opinion we should work more on the other pincer in a synergistic strategy to complement policing -- and that is hardening the target. By this I don’t mean putting our substations in bomb-proof bunkers, but rather eliminating single points of failure and reducing chances of attacks escalating to anything more than a nuisance. That is best achieved through healthy design margins, healthy operating reserves, redundancy, adequate warehouse shelf-stocking, and the mutual trust required to interconnect and wheel power and cover for each other as necessary.
Todd "Ike" Kiefer
East Mississippi Electric Power Assoc.
Government Involvement is Warranted
Very interesting points. I was privileged to work for ConEdison for eight years, I was the Project Manager for the 4 kV smart grid stimulus Project (D.O.E funding) and I was the project manager for the 4 kV Energy Management System upgrade. I learnt the importance of cyber security. ConEdison is very unique, because it is predominately underground so it is not as vulnerable as other utilities. In that case transmission towers are not the critical factor, but the substations become the critical factors.
I also worked for one year in PEPCO in the field. I was probably in most manholes, and it was always very interesting when I had to work close to the White House and I see the Secret Service sitting on the hoods of their cars looking at me while reading their newspaper (very old school). It was then that I realized that underground is also vulnerable, being that they are scattered all over the place and it is not like we use a special tool to open the cover.
I was reading an article recently that discussed a new wave of cyber-attacks, where the attackers will forge the load data in order to display to the operators' high overloads or high top oil/hot spot temperatures, which will result in the operator taking this equipment out of service. Imagine if this is done for many utilities during a nasty heat wave at the same moment.
Aerial substations were always a concern to me, especially when several substations are close to subways/train stations, or attached to a building. All it takes is for someone to throw something on the exposed aluminum bus and short the phases. Also, as mentioned prior, transmission towers are located all over the place and not monitored.
Recently terrorist groups were attacking the transmission towers in Yemen (they have very few). Google is another source, where not only can one see all the substations, they can trace the towers leading from that station all the way to the generators.
Electricity is the most important thing nowadays, and billions are spent in protection, yet lines are taken out of service merely because they come in contact with a balloon that cost less than 1 cent. I was taking a Siemens course when the instructor mentioned that in Texas, they used to shoot at the insulators, because it makes a nice cracking sound. Amazing world we live in.
I think the government involvement is warranted. We will not be asking for the same security as nuclear facilities, but at least build greater walls (bomb proof) when feasible. I am actually more worried about throwing something on the bus than throwing a bomb, because the NYPD is on top of that here in New York.
Electric Delivery Planning