NERC, FERC to WSJ: so disappointed in you
Maybe you’ve seen it. In fact, you’ve probably seen it. I saw it on CBS This Morning today.
“It” is the Wall Street Journal (WSJ) article on how the U.S. “could suffer a coast-to-cost blackout” if someone—an angry little someone one imagines—took out just nine specific substations. The article doesn’t name the nine substations, thankfully, and most of the later half of the article is actually devoted to a rehashing of the Metcalf substation attack from last year, but just those first few paragraphs about this Federal Energy Regulatory Commission (FERC) power flow study were enough to set the industry and the general news media a-buzz.
In a statement, Acting FERC Chairman Cheryl A. LaFleur responded to the Wall Street Journal article and subsequent media coverage by stating that:
"Today’s publication by The Wall Street Journal of sensitive information about the grid undermines the careful work done by professionals who dedicate their careers to providing the American people with a reliable and secure grid. The Wall Street Journal has appropriately declined to identify by name particularly critical substations throughout the country. Nonetheless, the publication of other sensitive information is highly irresponsible. While there may be value in a general discussion of the steps we take to keep the grid safe, the publication of sensitive material about the grid crosses the line from transparency to irresponsibility, and gives those who would do us harm a roadmap to achieve malicious designs. The American people deserve better."
LaFluer’s full statement can be found here.
The North American Reliability Corporation (NERC)—which shoulders grid reliability responsibility with FERC—also released a statement. In part, it stated:
“The electricity industry has always made reliability a priority. This is done through mandatory reliability standards and guidelines, including cyber and physical security; and through focus by utilities on preparation, prevention, response and recovery efforts, including industry and government spare equipment programs.
While much work has been done and much more is ongoing, it is disappointing and concerning that the media would choose to disregard the existing security of our nation’s infrastructure and publish information that could impact the security of our grid. Publicly discussing specific vulnerabilities of critical grid assets raises serious national security concerns and undermines the substantial, ongoing work that NERC, industry and government are doing to strengthen our grid against potential cyber and physical security attacks. Articles like this one do nothing to improve security, rather they jeopardize it.”
Read that statement in full here.
In related news, on March 7, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to develop reliability standards requiring owners and operators of the grid (or bulk electric system) to address risks due to physical security threats and vulnerabilities.
The reliability standards require owners/operators to take at least three steps to protect physical security.
(1.) Owners and operators must perform a risk assessment of their system to identify facilities that, if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation, or cascading failures.
(2.) Owners and operators of critical facilities must evaluate potential threats and vulnerabilities to those facilities.
(3.) Owners and operators must develop and implement a security plan to address potential threats and vulnerabilities.
NERC has 90 days to submit the proposed standards.
Learn more on these standards by clicking here.