Aging power grid presents security gap
WASHINGTON — Energy regulators' efforts to harden the power grid against snipers and terrorists are fueling a debate over whether they're diverting resources from other threats, such as cyber attacks.
The Federal Energy Regulatory Commission this month ordered the power industry to identify critical facilities and devise a plan to protect them from attack.
“My concern is that we don't shift our focus and our resources,” said John Norris, a FERC commissioner who voted for the order while cautioning against overreacting to the sniper attack last year on a power substation in California. “The rush to do this seems to be based on a very incomplete set of facts about what happened.”
As the electricity network has become increasingly dependent on software and the Internet, the utility industry has focused on combating potential cyber attacks.
The attack in April at Pacific Gas and Electric Co.'s Metcalf substation near San Jose resurrected a 20th-century threat — an old-fashioned, military-style assault on the power network.
Shooting for 19 minutes, rifle-toting attackers knocked out 17 giant transformers that funnel power to Silicon Valley. A minute before a police car arrived, the shooters disappeared into the night.
Regulators seek the best way to guard against all threats to the generators, transformers and thousands of miles of high-voltage power lines that make up the electrical grid while encouraging modernization of the aging network.
Norris said the United States should focus on developing technologies, such as microgrids, that can quickly isolate damaged components from the rest of the network in the event of an attack. Advanced technologies can make better use of data to improve awareness of incidents affecting the grid, he said.
“You address multiple threats, not just physical threats,” Norris said. At a FERC meeting in February, he said, “Our future is in a much smarter and more nimble grid.”
Former FERC Chairman Jon Wellinghoff for years has warned that the grid's most critical components, such as transformers that adjust electrical voltage, are vulnerable and could be better protected with relatively simple measures, like improved fencing.
An attack knocking out major critical components “would result in catastrophic failure, potentially, of the interconnect,” Wellinghoff said.
FERC's March 7 order required the North American Electric Reliability Corp., a nonprofit known as NERC that is responsible for ensuring the reliability of the grid, to produce by June standards to guard against physical attacks. The standards should require utilities to identify their most critical components and show that they're adequately protected.
“It was a good step to take, ultimately,” Wellinghoff said. “We'll see what NERC does and how long it takes.”
Gerry Cauley, head of the nonprofit, said he shares Norris' concerns about overreaction to the California attack, and that utilities can increase physical security by improving existing protections like lighting, cameras, surveillance equipment and key-card access at substations. The California incident showed that companies need to be concerned about the line of sight for potential gunmen, he said.
“I would like the standard to drive a more heightened look than what we've seen in the past,” Cauley said.
After the attack on the Metcalf substation near San Jose, FERC provided the industry with a list of steps to improve security at substations, said Tom Kuhn, president of the Edison Electric Institute, a Washington-based industry group for publicly traded utilities, including Duke Energy Corp. and Exelon Corp.
The list has not been made public. FERC spokeswoman Mary O'Driscoll declined to acknowledge its existence. EEI spokesman Jeff Ostermayer wrote in an email that he couldn't provide the list “for operational security reasons.”
Disabling as few as nine electricity substations and destroying a transformer manufacturer could plunge the nation into a blackout that would last for 18 months, The Wall Street Journal reported on Thursday, citing an internal FERC report.
Acting FERC Chairman Cheryl LaFleur did not deny the existence of the report, though she said that publishing sensitive information “crosses the line from transparency to irresponsibility, and gives those who would do us harm a road map to achieve malicious designs.”
San Francisco-based PG&E plans to spend $100 million in the next four years to bolster its network against further attacks, said Brian Swanson, a company spokesman.
Although the April attack disabled transformers at the substation, the company was able to prevent customers from losing power, he said. The utility has since worked with law enforcement to increase patrols and deployed security guards to provide a round-the-clock presence at critical units, Swanson said.
Ultimately, the steps industry and regulators take to guard against physical attacks will be a balancing act between securing the grid and shielding consumers from high costs.
According to Wellinghoff, there are probably fewer than 100 power substations, primarily in rural areas, that are most critical to the network and may need heightened protection. While costs would vary among substations, the expense would be minimal if spread among taxpayers, he said.
“They should be spread over everybody because it affects everybody,” he said.
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.
- Police: 3 killed, 9 wounded in attack at Colorado Planned Parenthood
- Plasma burp seen in star’s destruction by black hole
- Democrats face long odds in battle for lost congressional seats
- Obama signs $607B Defense bill but blasts GOP limits for Gitmo
- Chicago retail district targeted by protesters
- Floods claim lives in Texas
- American held captive in Cuba for 5 years expected quick release
- Healthy diet plan might not work for all, Israeli study reveals
- Email address gives FBI lead on record theft of user IDs, passwords
- Sex offender checks in with stolen boarding pass, authorities say
- Man accused of jumping White House fence left suicide note, authorities say