For Immediate Release
Grid Security Investigator Files Complaint Addressing Inadequate Electric Grid Physical Security
Washington DC – Grid Security Investigator Michael Mabee filed a formal complaint with the Federal Energy Regulatory Commission (FERC) charging that the mandatory physical security standards and enforcement for the electric grid are inadequate. FERC docketed the complaint and issued a notice on February 6, 2020.
The mandatory physical security standard came about as the result of media attention and Congressional concern about a well-planned and coordinated physical attack on Pacific Gas & Electric’s Metcalf transformer substation just outside of San Jose California on April 16, 2013. Often referred to as a “sniper attack,” this event initiated a focus on physical security vulnerabilities that led the Federal Energy Regulatory Commission to conclude that such an attack, if successfully executed in just 9 locations across the United States, could blackout the nation for up to 18 months.
However, this was not the first time the Federal Government has reported on physical security vulnerabilities to the nation’s bulk power system. U.S. Government Accountability Office reports dating back to at least 1981 discuss the vulnerability of the electric grid to physical attacks.
Nevertheless, Mr. Mabee’s research indicates that in 2020, the present standard is inadequate and rarely enforced. Since the Metcalf attack in 2013, the grid’s regulator, the North American Electric Reliability Corporation (NERC), has only cited violations of the physical security standard 4 times.
“The April 2013 Metcalf attack was not the only physical attack on critical components of the North American electric grid. According the Department of Energy OE-417 reports, there were 578 physical attacks against the grid reported from January 1, 2010 through May 31, 2019.” Mabee said in his complaint.
Moreover, Mabee argues that the underlying standard is inadequate. “There is no requirement that an entity’s risk assessment or physical security plan be reviewed by anyone with any physical security expertise. There is no regulator determination whatsoever as to the effectiveness of any entity’s physical security plan.” Mabee said in his complaint.
“All a company needs to meet the standard is a three-ring binder of papers labelled ‘Physical Security Plan.’” Mabee said. “That unapproved three-ring binder of papers is what is standing between the United States and a catastrophic widespread power outage caused by a terrorist attack.”
FERC issued a notice that interested parties have until 5:00 Eastern Time on March 10, 2020 to file motions to intervene and comments. Under the law, FERC can direct NERC to either submit or modify a reliability standard if the Commission considers such a new or modified reliability standard appropriate.
FERC Docket No. EL20-21-000
For further information, contact:
Phone: (516) 808-0883
Email: [email protected]