NERC: High-Impact, Low-Frequency Risks to Grid
We've called your attention to various security risks over the past six months, notably the mundane nature of unintended consequences and the sexier topic of cyber security.
Joe Weiss, managing partner at Applied Control Solutions, talked about security in its broadest sense at Grid ComForum in San Jose in February. Weiss is a walking, talking sense of urgency; that column is here.
Yesterday, the North American Electric Reliability Corporation (NERC) released a report on high-impact, low-frequency events that threaten the grid. (Yes, that's "HILF.") While not terribly newsworthy, the report serves to clear the mind of daily minutiae and bring infrequently considered threats into sharper focus.
Because these mega-threats already appear on the industry's radar, the report noted, many proposals for action likewise are not new.
"HILF risks are just one part of a much larger landscape of risks and concerns facing the sector," the report acknowledged.
Nonetheless, the report urged further efforts to address these risks "in a coordinated, systematic fashion."
The three major, HILF risks identified by NERC and the U.S. Department of Energy (DOE) were articulated in a two-day workshop last November: cyber or physical coordinated attack, pandemic and geomagnetic disturbance.
Pulling a few passages from the executive summary should serve as food for thought. Given space constraints, I'd urge those who are interested to delve into the report itself, particularly in the area of risk assessment and mitigation that needs addressing.
"The risk of a coordinated cyber, physical or blended attack against the North American bulk power system has become more acute of the past 15 years as digital communication equipment has introduced cyber vulnerability into the system," the report noted, neatly delivering the smart grid angle. "Resource optimization trends have allowed some inherent physical redundancy within the system to be reduced."
"The specific concern . is the targeting of multiple key nodes on the system that, if damaged, destroyed or interrupted in a coordinated fashion, could bring the system outside the protection provided by traditional planning and operating criteria," the report continued. "Such an attack would behave very differently than traditional risks to the system, in that an intelligent attacker could mount an adaptive attack that would manipulate assets and potentially provide misleading information to system operators."
The report acknowledged that no such attack has occurred to date and suggested that NERC's Critical Infrastructure Protection (CIP) plans have helped mitigate this risk. One suggested action: the development of "forensic tools and network architectures" that support "graceful system degradation" to allow grid operators to "fly with fewer controls."
The "pandemic risk" is exactly what it sounds like: a concern that a major disease outbreak could decimate operating staff, leaving less-trained, less-experienced individuals to run power generators, address mechanical failures and restore power after outages. (Picture your correspondent at the helm of a control facility and you will never sleep again, I promise.)
The report added that while many stakeholders have plans for pandemics, the sector relies on the federal government to report on the severity and reach of an outbreak - thus "clear triggers" are needed to inform an effective response.
Geomagnetic disturbances, high-altitude electromagnetic pulse events and intentional geomagnetic interference are the third threat articulated by the DOE/NERC report.
"Geomagnetically induced currents on the system infrastructure have the potential to result in widespread tripping of key transmission lines and irreversible physical damage to large transformers," according to the report.
Detonation of a nuclear device was identified as a clear threat, as was "a coordinated attack involving intentional electromagnetic interference [that] could result in more localized and targeted impacts that may also cause significant impacts."
The report noted that replacing damaged extra-high voltage transformers could result in prolonged outages, as the procurement cycle for that equipment can run months to even years.
The nature of high-impact, low-frequency risks is insidious - they appear unlikely and even unthinkable, yet the impacts could be devastating. In the midst of writing about commercial and industrial demand response, smart meters, etc., the NERC/DOE report made me sit back and think big for a change.
Intelligent Utility Daily