By Joy Ditto, Senior Vice President, Legislative & Political Affairs, American Public Power Association
The nation’s electric power system is a complex machine with thousands of substations, transmission lines and power plants. No individual, company or government agency alone can manage the daily demands of many millions of electric customers, who expect power instantly when they flip a switch. The same goes for deterring physical and cyber attacks on the grid.
Congress recognized this complexity when it amended the Federal Power Act (FPA) in 2005 to add a new Section 215. The law has created a successful international public-private partnership combining US and Canadian government oversight with the flexibility industry needs to maintain reliability and respond to threats to our most basic mission: keeping the lights on.
When viewed from a static standpoint, an attack on a specific substation, power plant or computer system can sound catastrophic, and just plain scary. But utility operators, in conjunction with regulators and other government officials, can, and do, respond. For example, utilities can re-route power or move equipment, which helps keep power flowing if an attack occurs.
This is what grid operators call “resiliency,” and it is precisely what happened in April 2013 with the sniper attack on the Metcalf substation in southern California. Though the substation was knocked offline, utility operators were able to maintain uninterrupted power to the region, by rerouting power flows and calling on neighboring utilities to assist. To be sure, industry can’t stop every attack, or guarantee attacks will not result in power outages, but our record thus far shows a remarkable degree of success in keeping the lights on.
We coordinate with multiple agencies across the federal government to share information and intelligence about the most pressing threats to the grid. That is the central task of the Electric Subsector Coordinating Council (ESCC), which comprises utility representatives from throughout the nation, who meet with senior officials from federal agencies including the Departments of Energy and Homeland Security, the Federal Bureau of Investigation and the National Security Council staff. The ESCC is focused on several key areas, including deploying new security technologies on utility systems and sharing information with the government on emerging threats and vulnerabilities to the grid.
Of course industry must constantly up its game to respond to evolving threats. In March, the Federal Energy Regulatory Commission (FERC) ordered the North American Reliability Corporation (NERC), the not-for-profit entity designated by FERC to be the North America’s electric reliability organization, to propose new security standards to protect against physical attacks on the grid’s most critical components. NERC presented these standards to FERC in May 2014 and is awaiting approval.
This is how the Section 215 process is supposed to work. It’s a give-and-take partnership, under which NERC convenes the industry’s technical experts to develop standards for review by the nation’s grid regulator. FERC can also order NERC to develop standards to address potential system vulnerabilities, as it has done in the case of physical attacks on facilities. If FERC thinks NERC’s response is inadequate, FERC can reject the proposed standards and send them back to NERC to revise.
It’s important to note, too, that the standards created by this process are mandatory. In fact, the electric industry is virtually the only critical infrastructure sector with mandatory standards. NERC is authorized by law to levy up to $1 million per day for each utility violation of these standards. This gets to the incentives built into the process: utilities have a strong desire to protect their assets from attack, and they face very real economic and reputational consequences if they fail to meet established NERC standards.
The NERC standards development process is open and transparent, and designed to incorporate disparate viewpoints from a variety of stakeholders. The American National Standards Institute has certified NERC’s standard development process as meeting its rigorous requirements for openness, public comment and due process. Engineers, technicians and government officials can learn much from other experts, our customers, and average citizens about how we can best prevent the lights from going out. FERC accepts comments from all interested parties before acting on NERC’s proposal.
At the American Public Power Association, we know that keeping power reliable and affordable is of paramount concern to the utility industry. There are some 2,000 public power utilities in the U.S. Each one carries out an essential function that many take for granted. Together, we serve 14 percent of the nation’s electricity customers. Along with our utility industry peers, we will continue work in collaboration with NERC and the federal government to prevent and respond to threats, not only because it’s the law, but because we are committed to keeping the lights on.