R. James Woolsey, the CIA Director under President Clinton, has said it would be hard to intentionally design an electricity delivery system more vulnerable and fragile than the one on which the U.S. presently relies.
Few in government or grid-related work disagree with Woolsey -- not even the Republicans and Democrats on the House Subcommittee on Energy and Power that met for testimony on The Grid Reliability and Infrastructure Defense (GRID) Act (H.R. 5026). The grid must really be in trouble.
The GRID Act would give the Federal Energy Regulatory Commission (FERC) emergency authority to respond to imminent physical and cyber-threats to the bulk-power transmission system and electric infrastructure critical to homeland security (on being so directed by the President).
The Act also instructs FERC to identify where the U.S. grid is vulnerable to cyber-attack, Electromagnetic Pulses (EMPs) and solar activity-driven geomagnetic storms and to develop standards to rectify these vulnerabilities.
Astonishingly in this stridently partisan time, the GRID Act was passed by voice vote in the House last year, though it succumbed in the Senate to election-year grandstanding.
“We must be more vigilant in securing the nation’s critical infrastructure, including the electrical grid,” said Subcommittee Chair Ed Whitfield (R-KY), opening the hearing.
“This bill represents the type of legislation that advances the security interests of all Americans and shows what can be accomplished when we choose to work together in a bipartisan manner,” added Ranking Member Bobby Rush (D-Il).
The GRID Act “is as bipartisan as they come,” said Representative Henry Waxman (D-CA), who added, “It is also budget neutral.”
Representative Ed Markey (D-MA), Representative Lee Terry (R-NE) and many others in the hearing talked about the recent, real and known cyber-attacks on the U.S. grid that had necessitated the bill.
Even in offering his alternative SHIELD Act, Representative Trent Franks (R-AZ) commended the committee for the GRID Act but said that “catalyzed by a major solar storm, a high-altitude nuclear blast, or a non-nuclear, device-induced intentional electromagnetic interference, this invisible force of ionized particles” could “overwhelm and destroy our present electrical power grids and electrical equipment, including electronic communication networks, radio equipment, integrated circuits and computers.”
An EMP could come, Franks said, with virtually no warning, and may be “the greatest short-term threat to peace and security in the world today.” We have, he concluded, “pictures of New York City and Washington, D.C., but we still want to keep them around for a while.”
Patricia Hoffman, Assistant Energy Secretary for Electricity Delivery & Energy Reliability, said the Department of Energy “supports the Administration’s strategic comprehensive approach to cybersecurity,” represented by the Act. It only wants further focus on “public-private partnerships to accelerate smart grid cybersecurity efforts; research and development of advanced technology” as well as “cybersecurity standards to provide a baseline to protect against known vulnerabilities” and several other data management and data sharing measures and procedures.
“The Department of Defense relies on commercial electric power for nearly 99% of its power needs at military installations,” testified Paul Stockton, Assistant Defense Secretary for Homeland Defense & America’s Security Affairs.
“The Department’s ability to perform its national security functions is largely dependent upon the reliability and resilience of the commercial electric power grid,” Stockton said, and is increasingly threatened by “disruptive or deliberate attacks, either physical and cyber in nature; natural hazards such as geomagnetic storms, and natural disasters with cascading regional and national impacts” as well as other procedural matters addressed by the GRID Act, including the “transition to automated control systems and other smart grid technologies.”
A National Academies of Science report, Stockton said, found “that if solar storms occurred today comparable to those that took place in the United States in 1921, more than 350 transformers could suffer permanent damage, leaving as many as 130 million people without power.” Such an event, Stockton said, “would significantly affect the Department of Defense’s execution of key missions.”
There were objections to the GRID Act. Gerry Cauley, President/CEO of North American Electric Reliability Corp. (NERC) said the Act was unnecessary. “NERC has consistently supported comprehensive legislation authorizing a government entity to address cyber emergencies. Which agency is a policy decision for Congress to make.”
In other words, it would be better if NERC had more responsibility instead of FERC. But several voices indicated that it was to some extent NERC’s failure to get standards in place that warranted the GRID Act.
“Each day, the electric power industry overcomes some level of threat, ranging from those posed by inclement weather or other natural events, to vandalism, equipment failures and cyber events,” testified Barry Lawson, Associate Director for Power Delivery & Reliability, National Rural Electric Cooperative Association (NRECA).
In other words, NRECA, another notorious turf protector, believes things are pretty much fine the way they are. The Obama Administration, both parties in the House, and the Departments of Energy and Defense don’t think so. That is why Washington watchers believe the GRID Act could be that rare thing this year: legislation with legs.
“It doesn’t seem like much of anything worthwhile can get through the House or Senate these days,” said Dan Watkiss, a partner with powerful D.C. law firm Bracewell and Giuliani and a 30-year veteran of the energy sector, “but if Congress can’t rise above peoples’ little turf battles for something as important as protecting the high voltage grid against cybersecurity risks, that’s sad.”