Infrastructure protection Lawmakers want mandatory security standards for national grid

Published 10 February 2014

Lawmakers have urged the imposition of federal security standards on grid operator in order to protect the U.S. national electric grid from attack. The new push follows stories, first reported in the Wall Street Journal reported last Wednesday, about a 16 April 2013sniper attack which disabled seventeen transformer in a San Jose, California substation for twenty-seven days, causing about $16 million in damage. Federal cybersecurity standards for protecting the grid are in place and mandated, but rules for protecting physical sites such as transformers and substations are voluntary.

Lawmakers have urged the imposition of federal security standards on grid operator in order to protect the U.S. national electric grid from attack. The new push follows stories, first reported in the Wall Street Journal reported last Wednesday, about a 16 April 2013sniper attack which disabled seventeen transformer in a San Jose, California substation for twenty-seven days, causing about $16 million in damage (see “Attack on California power station heightens concerns about grid security,” HSNW, 7 February 2014).

On Thursday, the Wall Street Journal reported that Senator Dianne Feinstein (D-California) said she and fellow senators had asked the Federal Energy Regulatory Commission (FERC), which has jurisdiction over the electric grid’s reliability, to “set minimum security standards for critical substations.”

Senators Ron Wyden (D-Oregon), Harry Reid (D-Nevada), and Al Franken (D-Minnesota) joined Feinstein in a letter sent to FERC requesting the agency to set new security rules.

The senators wrote that the San Jose substation sabotage was a “wake-up call to the risk of physical attacks on the grid.”

“This incident came uncomfortably close to causing a shutdown of a critical substation which could have resulted in a massive blackout in California and elsewhere in the West,” they wrote.

The FBI is investigating the April 2013 attack, and an agency spokesman told the Journal it does not think the incident was a terror attack. Jon Wellinghoff, chairman of FERC at the time, however, told the Journal that the attack is “the most significant incident of domestic terrorism involving the U.S. power grid that has ever occurred.”

Fox News reports that in December, during an oversight hearing, Representative Henry Waxman (D-California), described “an unprecedented and sophisticated attack on an electric grid substation with military-style weapons. Communications were disrupted. The attack inflicted substantial damage.”

He said he would withhold details of the incident to avoid harming the investigation but added he had been in touch with the FBI about it.

CBS SF-Bay Area reports that during the December hearing, FERC chairman Cheryl LaFleur told Congress grid security is a top priority, and her agency cooperates with utilities to protect physical equipment.

Federal cybersecurity standards for protecting the grid are in place and mandated, but rules for protecting physical sites such as transformers and substations are voluntary.

One proposal being discussed by lawmakers would give FERC the power to write and impose interim rules on grid defenses. The Journal notes that the utility industry would still be able to influence any permanent requirements.

Representative Trent Franks (R-Arizona), said “the last thing I want to do is regulate any industry.” He told the newspaper, however, that utilities must do more to protect the grid for the sake of national security.

Under current law, FERC can accept or reject industry-written proposals, but FERC cannot alter these proposals.

The Journal was told by some utility industry executives that it would be difficult to come up with a set of rules for improving grid security which would work in both urban and rural areas.

“One size fits all may not get you true resiliency,” said Lisa Barton, executive vice president of transmission for American Electric Power, and industry group. She added that increasing protections could be costly. “I’m not saying it isn’t worth it,” she said.