The current self-inflicted Pacific Gas & Electric Co. blackouts in California are a cautionary tale for the rest of the United States.
In fact, we shouldn’t be as shocked as we are that over 800,000 customers are likely to lose power this week as PG&E struggles to maintain its aged infrastructure. The companies of the electric grid, including PG&E, have effectively kept critical information from the public, investors, and Congress for almost a decade. Most Americans are unaware of the cover-up, even though it puts all of us in grave danger.
Last year, the regulators for the electric grid tried to cover up PG&E’s identity when the company was subjected to a $1.7 million regulatory fine for cybersecurity violations. PG&E’s identity was exposed through a Freedom of Information Act (FOIA) request.
At the same time, we also became aware that the identities of companies who violated the transmission vegetation management standard in the Western Interconnection—which includes California—were being covered up. Do we know whether one or more of these cases are PG&E? No, we don’t, because this information has been withheld from the public.
Last week, Frank Gaffney, the founder of the Center for Security Policy in Washington, called on the U.S. government to rectify this decade-long cover-up by filing incredibly hard-hitting comments on a legal docket of the Federal Energy Regulatory Commission (FERC), which is an independent federal agency that regulates the interstate transmission of natural gas, oil, and electricity.
FERC, and its designated Electric Reliability Organization, the North American Electric Reliability Corp. (NERC), currently withhold the names of electric utilities that violate critical infrastructure protection (CIP) standards. The stated reason for this practice is to keep confidential any information that may aid potential adversaries. However, this practice has also allowed utilities to avoid public scrutiny when they repeatedly violate standards, placing the public at grave risk of blackouts.
Nine years ago, Gaffney founded the “Secure the Grid Coalition” to bring together security experts to help shape policy to defend America’s MOST critical infrastructure—its electric grid—and prevent life-threatening blackouts. This coalition has been hard at work exposing the profound threats to the grid and the problems associated with its regulatory regime, calling on all levels of government and on the public to get involved in fixing these problems and securing the infrastructure against these threats.
Tommy Waller, a co-author of this article, serves as the coalition’s manager and vice president for special projects at the Center for Security Policy. On Sept. 21, he gave a presentation about the grid to the women activists of Eagle Forum at their “Eagle Council XLVII” event in Washington. This presentation succinctly summarized the threats to the grid, problems associated with its regulatory management, and the specific issues surrounding the industry’s lack of transparency.
Four Areas of Concern
Waller’s presentation and Gaffney’s comments to FERC cover four areas of concern, stemming from the industry’s coverup, that point to systematic, pervasive flaws in the regulation and protection of the electric grid. Critical information is being withheld from the public and conflicting (and misleading) information has been disseminated by NERC, lulling citizens, investors, and Congress into a false sense of security.
Vast Disparities Exist in Electric Grid Incident Reporting:
- Physical Attacks: There were 578 physical attacks against the grid reported to the Department of Energy from Jan. 1, 2010, through May 31, 2019. Yet, according the NERC annual reliability reports, there was only one during the same period.
- Cyber Attacks: There were 29 cyberattacks against the grid reported to the Department of Energy from Jan. 1, 2010, through May 31, 2019. Yet, according to the NERC annual reliability reports, there were none during the same period.
Lack of Enforcement of Already Inadequate Physical Security Standards:
- The physical security standard itself—CIP-014-2 (Physical Security)—is inadequate. There is no requirement that an entity’s risk assessment or physical security plan be reviewed by anyone with physical security knowledge. There is no determination whatsoever as to the effectiveness of any entity’s physical security plan.
- Enforcement of CIP-014-2 (Physical Security) seems nonexistent: In the six years since PG&E’s Metcalf California substation attack, there have been only four citations issued for violations of the physical security standards. And these four were for administrative violations.
Cybersecurity Standards Remain Inadequate:
- Despite that malware is one component of what took down the electric grid in Ukraine in 2015 and 2016, there remains no requirement that malware in the North American electric grid be detected, mitigated, and removed.
- The electric industry, including industry lobbyist Edison Electric Institute—whose members include companies owned by the government of the People’s Republic of China—claim that additional cybersecurity protections would be “unduly burdensome” and “unnecessary.” And the Federal Energy Regulatory Commission bought the argument.
Systematic and Permanent Coverup of Identities of Regulatory Violators:
- Since July of 2010, the identity of every violator of Critical Infrastructure Protection (CIP) standards has been withheld from the public, investors, and Congress. As of this writing, there have been a total of 253 FERC dockets, involving at least 1484 regulatory violators covered up.
- NERC and FERC are attempting to permanently withhold the names of these violators despite the fact that the violations in most cases have long ago been mitigated.
This “cover-up” was exposed by another one of the Secure the Grid Coalition’s volunteers—a 9/11 survivor and retired U.S. Army Command Sgt. Major Michael Mabee, who is a co-author of this article. Mabee’s research and advocacy has been a key component in pressuring the government to become more transparent in this area. Because of this pressure, FERC is now considering disclosing the names of CIP standard violators, as well as other administrative information on CIP standard audits.
On Aug. 27, 2019, FERC issued a “white paper” that it suggested was meant to address the lack of transparency noted by watchdogs such as Mabee. However, internationally renowned security experts such as George Cotter (former chief information officer of the National Security Agency), have indicated that this white paper is far from sufficient in addressing the problems stemming from the lack of focus on security among grid operators and grid regulators. Cotter joined more than 30 other citizens and experts who have filed comments on this important FERC docket.
Citizens around the country have an opportunity to get involved in this advocacy for transparency and security for the electric grid and the Secure the Grid Coalition has provided a helpful platform on its website for people to do so. Perhaps when the lights come back on in California, some of that state’s citizens might be more interested in this topic and what THEY can do to get involved in the effort to “Secure the Grid.”
Tommy Waller serves as vice president, special projects at the Center for Security Policy. Waller manages the Secure the Grid Coalition—a group of policymakers, defense professionals, and activists working diligently to secure America’s most critical infrastructure—the U.S. electric grid. Prior to joining the Center, Waller served in the U.S. Marine Corps as an infantry and recon officer, with combat service overseas in numerous theaters.
FERC and NERC did not respond to a request for comment by press time.
Michael Mabee is the author of “The Civil Defense Book.“ He is a retired U.S. Army command sgt. major who served two wartime deployments to Iraq, and two humanitarian missions to Guatemala, and who was decorated by both the Army and the U.S. government for his actions on 9/11 at the World Trade Center in New York. He has worked as an urban EMT and paramedic and as a suburban law enforcement officer and currently volunteers as a leading member of the Secure the Grid Coalition, advocating for grid security.
Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.