A Vulnerable System Looks for Security

‘You can’t build a Great Wall of China,’ says David Wagman of Energy Insight, in this editorial.

Shortly after Tuesday’s terrorist attacks began in New York City and Washington, D.C., the North American Electric Reliability Council (NERC) issued an alert instructing grid security coordinators at 21 locations across the U.S. and Canada to assume heightened levels of readiness. That first-ever warning prompted coordinators to send crews into the field to secure and guard parts of the electric infrastructure seen as critical to achieving a “blackstart” of the electric system, should the targets spread to include vulnerable parts of the grid. The alert was in effect throughout the day on Tuesday and into Wednesday morning. As of that time no unusual events were reported anywhere in the nation’s grid, said one security analyst reached at his desk at the Michigan Electric Power Coordinating Center. In the space of only a few hours on Tuesday, that analyst’s role may well have changed from fretting about hooligans shooting out insulators on a Friday night to worrying about terrorists threatening the security of the nation’s electric infrastructure. Weaknesses in the past The grid clearly is vulnerable to disruption. A cascading blackout in 1965 famously darkened much of the northeastern U.S., including New York City. More recently, a dangling power line in 1996 disrupted power across several Western states. A January 1998 ice storm knocked out nearly a third of Hydro-Quebec’s transmission system and a 1989 solar flare needed just 90 seconds to cripple more than 21,500 MW of Hydro-Quebec’s transmission capability and leave six million people in the dark for hours. “You can’t build a Great Wall of China around all the lines,” said Brantley Eldridge, executive director of the East Central Area Reliability Council (ECAR). “If someone is willing to die for the cause, you can’t stop it.” The threat of a major disruption to the electric grid may be even more possible than some might think. How prepared? “The U.S. is perhaps one of the least prepared and least advanced in preparing for these threat concerns,” said John Kappenman, division manager with Metatech in Duluth, Minn. “The real possibility exists that large regional power grid collapses can occur.” Kappenman, who consults on infrastructure threat issues, recently wrote an article for a U.S. Army magazine outlining nuclear and space threats to domestic infrastructure systems. Any technologically complex system is at risk if someone wants to disrupt it. It “doesn’t take a nuclear event” to cause an electromagnetic pulse large enough to disrupt major portions of the grid, he said And it doesn’t take a rocket scientist, either. The September issue of Popular Mechanics magazine describes how to build a bomb, which, if detonated in the air, could be capable of crippling parts of the electric infrastructure. The article estimates such a bomb would cost no more than $400 to build and could be assembled by any nation with “even a 1940s technology base.” The possibility that malicious disruption could be aimed toward the electric grid is acknowledged by the NERC, which oversees reliability on North America’s electrical system from its Princeton, N.J., office. Before Tuesday, however, few were willing to take the threat of a coordinated attack on the electric infrastructure seriously. “Certainly the industry and people who operate transmission are aware of potential vulnerabilities,” said ECAR’s Eldridge. “The transmission towers are what they are,” said Ellen Vancko, NERC director of media relations. “Any technologically complex system is at risk if someone wants to disrupt it.” Some levels of security in place Prior to Tuesday’s events, three principal mechanisms offered some level of protection to the electric grid. In 1997, NERC recognized that open transmission access and rapidly increasing wholesale sales would strain the system in new ways. At the time, no single entity was charged with looking at regional systems to ensure they were operating within their capacity. Rather than relying on more than 150 utility control areas around North America, NERC told its 10 operating councils to designate a much smaller number of security coordinators to handle oversight. Ultimately, 21 coordinators were designated, among them the Michigan Electric Power Coordinating Center, managed by Jim Cyrulewski. Cyrulewski’s team is responsible for coordinating security in Michigan’s lower peninsula. His is the sole entity with information complete enough to tell analysts what is happening with the region’s power plants, line loadings and the overall transmission grid. Up to now, the major function of the security coordinator has been to prevent overloads, Cyrulewski said. If overloading does occur, his team may halt all transactions until the system regains its balance. The security coordinator is also responsible for alerting the National Infrastructure Protection Center (NIPC), a second level of grid protection, of any “operational and cyber threats or attacks” on the national electric infrastructure. Established in February 1998, the NIPC is housed within the Federal Bureau of Investigation. The center serves as the U.S. government’s focal point for assessing and investigating threats, issuing warnings and ultimately responding to threats or attacks to telecommunication, banking and finance, water, government and emergency organizations, and energy infrastructure. In NIPC’s view, critical energy infrastructure includes generating stations, transmission and distribution networks and fuel delivery networks. As of Wednesday morning, no electric-related incidents had been posted at the NIPC’s public information site. A third level of awareness emerged during planning for feared disruptions related to Y2K. In the months before January 1, 2000, NERC and its regional councils looked “pretty heavily” at the infrastructure’s sensitivity to disruption, said spokesperson Ellen Vancko. But the scrutiny reached no further than reinforcing the computer systems that operate the grid. Following Tuesday’s attacks, it still may be too early to say what additional steps need to be taken to secure the transmission grid, she said. “It won’t just be NERC,” Vancko said of future planning efforts. “It will be done in concert with industry and government entities.” Vulnerabilities across nation Where might the industry look for potential soft spots? If the Michigan Electric Power Coordinating Center is any indication, the number of places could be large. As many as 30 sites, tagged as critical to achieving “black-start” operations, saw increased security after Tuesday’s attacks. “If you expand that beyond Michigan, it becomes a very large number,” the source at the Michigan center said. “As many as 30 critical sites received increased security after Tuesday’s attacks.” The most vulnerable components likely include the system’s long-haul transmission lines and regional control centers, said Doug Logan, a power consultant with RDI Consulting in Boulder, Colo. Nuclear power plants may be seen as potential high-profile targets as well. Also critical are a number of electric substations. For example, a single substation east of San Francisco is a junction for transmission lines from northern and southern California, as well as for lines connecting power plants serving the Bay Area. That substation is “a key one,” Logan said. A second critical substation near Harrisburg, Penn., is a junction for several 500-kV lines serving the Pennsylvania-New-Jersey-Maryland (PJM Interconnection) power pool. “Knocking out any one of them would be disabling,” Logan said. He said power delivery could be interrupted for a “period of weeks” while the substation was rebuilt. In addition, long-haul transmission lines such as those between Las Vegas and Los Angeles cross miles of remote desert and could be at risk. Control centers may be the least vulnerable, in part because many of their computerized operations may be overridden manually in the case of a disruption. In this regard, the threat of earthquakes in California has already led to construction of redundant control facilities for the Independent System Operator. The industry may now begin to look harder at ways to more fully safeguard its critical infrastructure and increase redundancies. The topic could be on the agenda at a meeting of NERC’s 21 security coordinators scheduled for later this month in San Diego. And, within ECAR, at least, the topic has been discussed from time to time, said Brantley Eldridge. “Everyone is aware there is a threat.” (reprinted with permission)

No posts to display