Leaks are a part of Washington as old as government secrecy. The recent alleged leak of a Federal Energy Regulation Commission report regarding potential vulnerability of the electrical grid to the Wall Street Journal reporter Rebecca Smith is yet another item in this long history. That a report would be given to a journalist that expressed concern for the safety of the electrical system is troublesome, however, the health and safety of the electrical grid is a fundamentally important economic and national security issue. It should be subject to fairly open and informed public debate as our society’s dependence upon it is great.
The FERC report Smith cited allegedly contained information pointing to the possibility that simultaneous destruction of nine particular electrical transformers could bring down the electrical grid at a national level and require significant time to return to full operations. Such a physical attack has occurred in one location – the April 16, 2013 incident at Pacific Gas & Electric’s Metcalfe energy center and transmission substation – in which snipers, “surgically knocked out 17 giant transformers that funnel power to Silicon Valley.” Those who perpetrated the PG&E attack remain, almost a year later, still at large.
Senators Mary Landrieu and Lisa Murkowski, the chair and ranking member of the Senate Energy and Natural Resources Committee criticized the disclosure of the FERC report, and called for the Department of Energy’s Inspector General to locate the FERC employee responsible for sharing the article with the Journal. This follows acting FERC Chairman Cheryl LaFleur’s comments on the Journal’s decision to run the article. She stated that,
[P]ublication by The Wall Street Journal of sensitive information about the grid undermines the careful work done by professionals who dedicate their careers to providing the American people with a reliable and secure grid. The Wall Street Journal has appropriately declined to identify by name particularly critical substations throughout the country. Nonetheless, the publication of other sensitive information is highly irresponsible. While there may be value in a general discussion of the steps we take to keep the grid safe, the publication of sensitive material about the grid crosses the line from transparency to irresponsibility, and gives those who would do us harm a roadmap to achieve malicious designs.
Beyond the line between transparency and irresponsibility raised by Ms. LaFleur, there are several questions to consider. First among them is whether the story on the FERC report revealed anything truly dangerous. Additionally, there is a matter of how much the general public should be concerned about a catastrophic kinetic attack against the grid.
On the matter of the danger to the story, the article stated in what parts of the country the points of failure would be, but added no detail. Beyond sensitive information spillage, when we consider who might attack many pieces of grid simultaneously, the possibilities are probably quite low. Thus, a major physical attack on the grid would be a rare event – not impossible, but unlikely and hard to pull off. A cyber attack is also a possibility, but we are fortunate that process control computing is likely fairly heterogeneous. Nonetheless, policy and assurances are needed for cyber too, as evinced by the GridEx cyber exercise.
As to what policy can do, we should consider strategies for resiliency. My Rice colleague Leonardo Dueñas-Osorio has considered just how “lifeline” systems function and the probability for cascading failures within them. One of his observations is that, “increasing local redundancy mitigates the effects of interdependence on systemic performance, but such intervention is incapable of eliminating interdependent effects completely.” Whether we worry about earthquakes, hurricanes, blizzards, or terrorists, redundancy seems to be an issue that should be taken up in policy. Of course, redundancy also comes at a cost.
Finally, Senators Landrieu and Murkowski’s outrage at the Journal’s reporting should be placed in perspective. While they can be upset about the FERC report’s finding its way to a reporter (and the report was not a classified document), they should also consider the state of the grid and what can be done to improve it. This week I participated in a conference in which NSA whistleblower Thomas Drake and former NSA inspector general Joel Brenner had words regarding transparency in the United States’ signals intelligence agency. While the FERC leak (if it rises to worthiness of the term) is insignificant in comparison with the Drake, Snowden, and Manning leaks, the U.S. government must address the issue of how it can harness dissent into constructive criticism and improvement of policy, process, and oversight.
This post was drafted by Chris Bronk, Fellow in Information Technology Policy and Director of the Program on Energy and Cybersecurity in the Center for Energy Studies at Rice University’s Baker Institute.
