OPINION:
“They must know if you cut off our power, deprive us of electricity, deprive us of water, deprive us of gasoline, you need to know we have the right to do it [to you].”
Ukrainian President Volodymyr Zelenskyy spoke these words in a recent “60 Minutes” interview regarding his country’s war with Russia.
This is the reality of modern warfare: Adversaries target the infrastructure a country needs to survive, especially the electric grid. Our own government knows this, which is why the U.S. has poured tens of millions of dollars into the Ukrainian electric grid in recent years in an effort to strengthen its resilience to Russian bombardment, physical sabotage and cyberattacks.
But when it comes to protecting America’s electric grid, the U.S. government has been missing in action for decades.
In May 1981, the Government Accountability Office published a report titled “Federal Electrical Emergency Preparedness Is Inadequate,” warning that the nation’s electric power systems were “very vulnerable to disruptions from acts of war, sabotage, or terrorism” and that the federal government “is not now prepared to handle a long-term national or regional disruption in electric power.”
In 2013, the spectacular coordinated attack on Pacific Gas & Electric’s Metcalf transformer station in California, first reported by The Wall Street Journal, brought the grid’s lack of physical security to the attention of Congress. The electric utility industry argued against the need for a physical security standard, but the government ordered the industry to write a physical security standard anyway.
The resulting standard the industry was forced to write exempted most facilities and required no actual physical security measures to be taken. Physical attacks against the grid continued.
After attackers used rifle fire to take down two electrical grid substations in Moore County, North Carolina, leaving 40,000 residents without power in December, the Federal Energy Regulatory Commission — the government agency responsible for approving the physical security standards for the nation’s bulk electric system —announced a joint technical conference with North American Electric Reliability Corp., the organization responsible for developing grid reliability standards and enforcing compliance to regulations, to discuss physical security.
In response to the conference last month, the electric utility industry once again went on record that no further enhancement of grid security standards is necessary. This has been their standard response for years to any attempt to update the physical security or cybersecurity standards for the electric grid.
Outside grid security experts and engineers have argued that the industry needs to improve physical security standards for critical assets in the country’s electrical grid, motivated in part by a federal study that showed that physical sabotage attacks against only a small number of critical nodes in the grid would be sufficient to cause a prolonged and devastating nationwide blackout.
FERC allows the electric power industry to decide which substations are important enough to fall under the current physical security standard, even though that standard is fraught with loopholes. The industry has taken a narrow approach in naming substations as “critical” to avoid having to spend money to protect them.
Security experts have petitioned FERC to force the industry to utilize its own accurate engineering models to determine what elements of the grid are truly vital and then apply the standard to those assets. Such a requirement is common sense, but industry trade groups have consistently pushed back.
Imagine if the auto industry deliberately refused to use data from their excellent crash simulators and crash dummies to provide input to their engineers to make cars safer. Wouldn’t that be criminally irresponsible?
It’s an analogy that should be on the minds of FERC commissioners.
Unfortunately, attacks on the electric grid aren’t going away. According to data submitted to the Department of Energy by the electric power industry, physical attacks have resulted in electric disturbances in 1,072 cases from January 2010 through this past June — a rate of nearly 1.5 attacks per week.
At the same time, the vulnerability of the grid has been covered widely by the media and even through documentaries such as the award-winning 2022 film “Grid Down, Power Up.”
Over the past nine years, however, FERC has declined to order an overhaul of an obviously ineffective physical security standard despite numerous formal complaints and petitions.
It is just a matter of time before one or more of these attacks results in a major blackout, causing immense economic and physical loss. When that happens, the commissioners at the Federal Energy Regulatory Commission should ask themselves, “who will the American people hold responsible?”
• Tommy Waller is president and CEO of the Center for Security Policy and a retired Marine Reserve lieutenant colonel. Michael Mabee is a retired Army command sergeant major and the author of “The Civil Defense Book.”
