Any time the electric utility industry or "the grid" gets attention in the general news media, it's usually to alarm people. Not to be a skeptic, but we at T&D World are in the media business. Although we are not here just to garner clicks. Our purpose is to be a help to our industry; a brand that wants to help solve problems and a place where utilities can share their lessons learned and achievements with each other.
On Sunday night, 60 Minutes ran a story with the topic, "How Secure is America's Grid?" The online headline is: "Vulnerable U.S. electric grid facing threats from Russia and domestic terrorists." This, of course, is not news to any of us. We are in the weeds of this every day.
The funny thing was that their report centered around the Metcalf substation incident back in 2013. I was speaking to Larry Gasteiger, executive director of WIRES yesterday, when he mentioned he thought at first the story might have been a rerun. He acknowledged, though, that the issues that were brought up around grid resilience are arguably even more important today as we shift to an economy increasingly more reliant on electricity than a decade ago.
And we know, in what we are continuing to address, the aging part of infrastructure, vegetation, and firewalls (both technologically and physically) are key. We've been told more than once that we have a 20th century grid for a 21st century economy.
Of course the 60 Minutes report was not written for our industry. It was written for everyone else who may take for granted that their lights turn on when they flip the switch, or they can charge their phone any time they can find the charger their kids took up to their rooms (or to their friends' houses?)
The report also mentioned the Northeast Blackout of 2003 and Superstorm Sandy as catatastrophes for our grid (T&D World published separate supplements after these events).
It actually was an interesting interview with Jon Wellinghoff, former FERC chairman, telling Bill Whitaker that it would take less than 20 substations to put the "entire country in a blackout."
Journalist Whitaker included in the report an interview with Dr. Liz Sherwood-Randall, President Biden's homeland security advisor, and Anne Neuberger, deputy national security advisor for cyber. Sherwood-Randall got this right: "We don't have one system. We have several grids. We also have individual energy ecosystems in regions and states. And that's part of our strength because the resources for energy are different in different regions. And we have to acknowledge that we're not going to have a one-size-fits-all system."
But the final statement was from Dr. Granger Morgan, a Carnegie Mellon University professor of engineering who chaired three National Academy of Sciences reports on the power grid for the U.S. government. He said that what we need at this point is "to get the White House to put all the key players together in a room to identify the biggest vulnerabilities and then take steps to reduce them."
Whitaker countered with: "I'm surprised that's not being done."
Morgan then said "It has not been done. And it needs to happen now."
The problem with these "The Sky is Falling" reports are that they tend to underestimate the electric utility industry. Over the years, we have been scared with geomagnetic disturbances, EMPs, and solar storms. But the grid still stands and the professionals in our industry have pretty much been a step ahead.
NERC released this statement on the grid vulnerability the day after the 60 Minutes report came out, and I think it sums up the work our industry has done. There is always more to be done, of course, and we need to be on alert and continuing to work with regulators for the resources we need for a secure and resilient grid:
"Grid security efforts are just one piece of the multi-pronged approach NERC takes in its daily mission to assure the reliability, resilience and security of the North American bulk power system. Most importantly, the electricity industry is the only critical infrastructure to have mandatory and enforceable reliability standards. Our suite of Critical Infrastructure Protection Reliability Standards provide a foundation for sound security practices for addressing both key cyber and physical security challenges, including those identified in DHS’ recent “Shields Up” guidance.
"These standards, which were initially approved in January 2008, establish necessary controls and physical and electronic perimeters for cyber assets. They also mandate recovery plans, incident reporting and vulnerability assessments. Entities are regularly audited to ensure compliance with these standards, with non-compliance subject to significant financial penalties. This, in combination with the activities of NERC’s Electricity Information Sharing and Analysis Center, provides a robust cyber and physical security structure for industry in the United States and Canada.
"In 2014, FERC directed NERC to develop a mandatory physical security standard that was put in place to address issues related to the 2013 Metcalf substation event in California, which although serious, did not result in any outages to consumers. FERC said at the time: “electric systems are designed to be resilient and it would be difficult for attackers to disable many locations.” The majority of physical security incidents are related to copper theft, trespassing, damage from hunters and drone surveillance.
"In addition, through capabilities including the Cybersecurity Risk Information Sharing Program (CRISP) and other sensor and intelligence platforms, the E-ISAC analyzes security data for patterns of incidents and shares the result with asset owners and operators. This information sharing and industry collaboration facilitates strong, knowledge-based defense-in-depth capabilities.
"NERC also coordinates closely with other critical infrastructure sectors and our government partners, both in the United States and Canada, including the U.S. Department of Energy, which serves as the risk management agency for the energy sector. This level of collaboration allows the E-ISAC to rapidly share intelligence about vulnerabilities and mitigation approaches to its membership, ensures vigilance and provides the ability to respond quickly should situations evolve, while supporting industry’s efforts to maintain the reliability and security of the grid.
"Security of the grid continues to be a key priority for NERC, the U.S. and Canadian governments and industry. The continued coordination across our industry helps ensure vigilance and allows us to respond quickly should the need arise – we know nearly 400 million North Americans are counting on us."
