Did Big Energy Just Make Us Safer From Terrorism Or Cyber Attacks On The U.S. Electrical Grid?
Homeland Security Secretary Janet Napolitano had some words of caution for her successor in her final days in office: A cyber attack on America’s power grid is coming and it’s not a matter of if, but when. Now, thanks to a new private sector cooperative called Grid Assurance, help is on the way.
This is an existential issue for America and the free world. The congressional Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack says an EMP attack would wipe out about 90% of the U.S. population within two years of such an event as a result of disease, food scarcity and the complete breakdown of society. The Department of Energy echoes this sentiment, noting the dependence of navigation, telecoms, the Internet and our financial, health care and emergency response systems on the power grid. Lloyds of London says costs of a grid geomagnetic disturbance event could top $2 trillion.
Our power grid is vulnerable to attack. Utilities reported 300 attacks on the grid resulting in power disruptions between 2011 and 2014. Some of these are wake-up calls. Last December, a coordinated act of cyber terrorism or warfare (victims don’t distinguish) cut power to more than 100 Ukrainian cities and towns. The attack carried Moscow’s fingerprints, using “BlackEnergy 3”— a malware program of suspected Russian origin.
I’ve written before that our power grid’s vulnerability is shocking, and cyber terrorists know this, too. In 2013, gunmen wreaked havoc in an attack on a Pacific Gas & Electric Co. substation in San Jose, Calif., in the heart of Silicon Valley. They broke into an underground vault, cut fiber optic cables and shot up equipment for 20 minutes with AK-47s, wrecking 17 of 23 transformers and nearly causing a major blackout.
Jon Wellinghoff, head of the Federal Energy Regulatory Commission (FERC) when the incident occurred, told The Wall Street Journal that the attack may have been a trial run for a future effort to bring down large swathes of the electrical grid.
Our Achilles’ Heel
At the heart of the U.S. power grid, and its Achilles’ heel, are large power transformers (LPTs) at high-voltage substations. These machines are behemoths. They weigh up to 400 tons, cost up to $7.5 million each, and orders for the machines — mostly made overseas — take up to two years to fill. FERC says sabotaging nine critical substations (like the one attacked in San Jose) could cause nationwide blackouts for 18 months or more. Our survival depends on the grid’s resiliency and how it recovers from attack.
So, what are we doing about resiliency? Plenty.
Enter Grid Assurance, a cooperative subscription service which secured FERC regulatory approval in March that will provide emergency equipment supply services for utilities and transmission owners in the US and Canada. The initiative was launched by American Electric Power, Berkshire Hathaway Energy, Duke Energy, Edison International, Eversource Energy, Exelon, Great Plains Energy, and Southern Company.
FERC gave final regulatory approval to Grid Assurance in late March and, as a result, the bad guys’ job is a lot harder. Grid Assurance will have critical spare parts for utilities or transmission facilities that need help in a hurry. It will keep grid transmission equipment in secure warehouses and will provide delivery support. The service is a win-win, pooling assets and accessing economies of scale, which should lower costs to ratepayers.
Not that we’ve been asleep at the switch before, but Grid Assurance will be like the Special Forces of grid resiliency. It compliments the Edison Institute’s Spare Transformer Equipment Program (STEP) that is limited to certain transformers only. Grid Assurance storehouses will keep a supply of other vital equipment too such as circuit breakers, phase angle regulators and control modules.
Also, Grid Assurance is more agile than STEP, which is triggered only by a federal emergency following a terrorist attack. Subscribers can call on Grid Assurance for any emergency, including cyber attacks, electromagnetic pulses, catastrophic events, solar storms, earthquakes and severe weather.
Kudos to FERC
Grid Assurance also dovetails with the North American Electric Reliability Corporation’s (NERC) requirement for securing facilities that “if rendered inoperable or damaged could result in widespread instability, uncontrolled separation, or cascading within [the grid].” Grid Assurance also meets NERC standards that transmission owners perform risk and threat assessments and develop and implement plans to protect identified assets.
My Blank Rome colleague Jennifer Daniels , who advises international firms on data and cyber security, says the collaboration of Grid Assurance will be especially helpful “to address security risks to critical infrastructure, because no one company can go it alone.”
FERC deserves kudos for its approval. FERC affirmed that transmission owners may comply in part with NERC standards by subscribing to Grid Assurance. FERC issued a positive order that says a contract with Grid Assurance would be a “prudent” measure for a public utility, that the associated costs can be subject of “one-off” charges to recover those costs, and that it would waive rules prohibiting public utilities from buying non-power goods or services from a non-public utility at above market price. (Grid Assurance will charge its original cost and there is no “market price” for its services.)
Grid Assurance comes as President Obama has issued an executive order for a new sanctions program to fight malicious cyber attackers. The order authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to sanction “malicious cyber actors” who threaten the United States. Good luck finding them! That’s why when it comes to the power grid resiliency is key, and that’s what Grid Assurance is all about.
Grid Assurance will begin marketing itself soon with subscribers signing up and the service being built out over the coming 18 months. The new service is great news for all Americans, and it should help Janet Napolitano sleep a little easier at night, too.
This article was written by Michael Krancer from Forbes and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.