Gaps in Physical Infrastructure Resilience: How a Sniper Attack May Change the Energy Industry
In a special segment of PBS’s “Newshour” aired on February 11, 2014, reporters questioned Former Chairman of the Federal Energy Regulatory Commission (FERC) Jon Wellinghoff, and Deputy Undersecurity for Cybersecurity at the Department of Homeland Security Mark Weatherford, about an organized attack on a Silicon Valley substation, an attack which could have disabled the power supply across large portions of the California Bay area. Despite its potential severity, the incident garnered little media attention when it occurred in 2013, almost one year ago.
The PBS segment can be viewed here.
So where did the attack occur and why did it happen?
On April 13, 2013 around 1:00 a.m., an unknown individual manually cut a connection providing communication between the Metcalf substation in San Jose, California, and the local industry responders at the utility that serves much of the Silicon Valley area. Thirty minutes later, multiple gunmen fired at least 150 assault rifle rounds into a series of transformers (FYI: transformers are the mechanical devices linking large transmission lines [the jumbo lines] to local distribution lines [the residential street lines] by transforming large amounts of power to usable amounts of electric energy for end-use consumers) over a period of about 20 minutes.
Because there was no barrier around the substation other than a simple chain link fence, the snipers had a clear shot of the cooling fins within the high voltage transformers. The shots were dispensed carefully and were calculated to cause destruction – it is clear that the gunmen understood the technology. By focusing the attack on the fins of the transformer, the snipers were able to drain the oil out of the fins and cause the collapse of 17 transformers within the substation and over $15 million in repairs. Shots to any other part of the transformer could not have caused the damage caused by those to the fins.
Some are now suggesting that this 2013 attack was only a dress rehearsal for a larger, future attack aiming to darken entire regions of the country. California escaped more serious circumstances thanks to at least a few factors: existing reliability standards evinced by the North American Electric Corporation (NERC) require substations to have back-up transformers to take over when another fails, low demand for electricity is characteristic of the industry in the spring, and local practices by California utilities in compliance with other NERC standards ensured a quick response time and effective replacement of the broken transformer. The attack virtually unobservable by the Silicon Valley electricity consumers. Was this the first terroristic assault on national critical infrastructure, an attack predicted by former U.S. Defense Secretary Leon Panetta as a “cyber Pearl Harbor”? While officials may never know the impetus behind the attack, it has quickly become a useful test case for recognizing holes in security and threats to grid resilience.
In the PBS interview, former Chairman Jon Wellinghoff expressed his concern that the attack could mean imminent danger for the country’s supply of reliable energy when he called it “…the most serious domestic terror attack on the grid.” Wellinghoff said that the country should be concerned about these kinds of attacks, because attacks on certain energy nodes (points where one part of the bulk-electric system is connected to another part of the system) could have a crippling effect on the whole energy grid. Wellinghoff stated that while the industry “…can never prevent someone from trying to attempt an attack,” industry leaders “… can do simple things like making the fences around the stations opaque so you can’t see through them, beef up the camera security, the lighting security, and even do things like put physical concrete barriers around the areas like they do overseas when they have critical infrastructure.” To achieve this level of security, Wellinghoff recommends that the federal government create an agency with the authority to research and design physical requirements at grid stations across the country.
Contrasting Wellinghoff’s concerns, Mark Weatherford expressed a more skeptical perspective, saying that taking pragmatic measures to harden the infrastructure could mitigate the risks of these physical attacks. Creating another avenue for oversight on an already heavily regulated industry, Weatherford avers, could create problems. Instead, Weatherford suggests that the government should “work with the state public utilities commissions (PUCs) and help the state PUCs understand this issue better.” This, in effect, would link two otherwise isolated regulatory bodies and produce more coherent administration over the electricity industry.
What is remarkable about Wellinghoff’s bold proposal for the creation of a new federal regulatory body is that Congress has already done this. In 2005, Congress amended the Federal Power Act to add a new section, Section 215, to allow the Federal Energy Regulatory Commission (FERC) to certify an Electric Reliability Organization (ERO) to establish and enforce a series of “requirements for the operation of existing bulk-power system facilities… and the design of planned additions or modifications to such facilities,” including physical security controls at transmission substations. In 2006, FERC certified NERC as the electric reliability organization. It is likely that Wellinghoff had not forgotten about the creation and existence of NERC (which was certified only three years before he was appointed by the President as the Chairman of the FERC).
In response to Wellinghoff’s renewal of concerns related to the 2013 California substation attack, U.S. Senators Ron Wyden (D-OR), Harry Reid (D-NV), Diane Feinstein (D-CA), and Al Franken (D-MN) wrote a letter to leadership at both the FERC and NERC on February 7, 2014 requesting an investigation into whether additional minimum mandatory standards regarding physical security at critical substations and other essential facilities should be implemented. In a clever pun, the Senators warned that “A chain is only as strong as its weakest link” when it comes to only voluntary measures to mitigate physical risks.
NERC responded individually to each of the Senators and issued a public statement on February 12, 2014 saying “NERC addresses physical and cybersecurity through guidelines, mandatory standards, outreach efforts and training exercises in coordination with North American stakeholders and federal agencies.” Further, NERC promises to collaborate with FERC to continue to protect the bulk electric system. In his letter to each of the Senators, Gerry Cauley of NERC outlined measures taken by NERC after the 2013 incident to improve security and ensure physical and cyber resilience of the nation’s electricity infrastructure. Ultimately, Cauley stated that NERC’s efforts to investigate the potential for threats and collaborate with industry leaders and government regulators would continue but that NERC would not be developing mandatory standards at this time. As Cauley stated, “a rule-based approach for physical security would not provide the flexibility needed to deal with the widely varying risk profiles and circumstances across the North American grid and would instead create unnecessary and inefficient regulatory burdens and compliance obligations.”
Cauley’s letter can be viewed here.
Summary
So what can we take away from the California sniper attack, Wellinghoff’s suggestions, the Senators’ concerns, and NERC’s response? At the very least, we know the threat exists and that additional physical security measures are needed. We know that government oversight of these types of issues may be warranted and that the federal government has already condoned the development of administrative oversight of security and reliability standards when they approved NERC as the electric reliability authority. Finally, we know that NERC has determined that mandatory standards for additional physical security are not in the best interest of the industry but promises to engage with FERC and industry leaders to develop the best strategy for threat mitigation.
Disclaimer: The views, information, and analyses conveyed in this article are those of the author in his personal capacity and do not reflect the official policy, position, or assumptions of the North American Electric Reliability Corporation (NERC), any agency of the U.S. government, or any other corporation, partnership, organization, agency, or entity. Information, assumptions, analyses, or recommendations made in this article should not be construed as legal advice or as an offer to advise and are not reflective of the position of NERC, any governmental agency, or any other entity.
[…] Gaps in Physical Infrastructure Resilience: How a Sniper Attack May Change the Energy Industry […]