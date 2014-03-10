(John Kemp is a Reuters market analyst. The views expressed are
his own)
By John Kemp
LONDON, March 10 Owners and operators of
high-voltage transmission lines and substations must identify
critical facilities and implement a security plan to protect
them from physical attack, the U.S. Federal Energy Regulatory
Commission (FERC) ordered on Friday.
The instruction comes in response to a recent investigation
by the Wall Street Journal into a sniper attack on the Metcalf
substation near San Jose in California in April 2013. ("Assault
on California power station raises alarm on potential for
terrorism" Feb. 4)
That prompted a group of senior senators last month to write
to FERC asking the Commission to consider whether additional
reliability standards are necessary to protect the grid from
physical attacks.
FERC has reacted by ordering the National American Electric
Reliability Corporation (NERC) and its members to submit a new
standard for approval within 90 days.
The Journal investigation highlighted the risk posed by
attacks on the high-voltage transformers at main substations
such as Metcalf.
The industry keeps few spares, and damaged transformers
could take many months to replace owing to limited manufacturing
capacity. ("Transformers expose limits of securing the power
grid" March 4)
But journalists, politicians and regulators are probably
focusing on the wrong threat, forcing the industry to divert
precious resources away from dealing with more serious problems,
such as a big geomagnetic storm.
GRID DISCIPLINE
According to FERC, critical facilities are those which if
damaged or taken out of action could have a wider impact on the
grid including "instability, uncontrolled separation or
cascading failures".
Blowing up one or even a couple of main substations should
not cause major blackouts provided that proper grid operation
discipline is maintained.
By and large, the grid is designed and operated to handle
the loss of a major power plant or even a major transmission
line or substation, the "N-1" criterion, without loss of
stability.
Power can be routed around the affected nodes because of the
huge amount of redundancy built into the grid's physical
architecture and operations protocols.
The idea that a lone sniper or even a small group of them
could black out a sizeable portion of a state or even the
country is a far-fetched fantasy.
At Metcalf, power was immediately routed around the affected
substation, and grid controllers called on reserve generation to
keep power flowing to customers in the affected area. The
incident showed that the grid's operational plan worked exactly
as intended.
CASCADING FAILURE
The fear seems to be that a malicious attack could trigger a
cascading failure over a large area similar to the August 2003
blackout.
That terrible event cut power to 50 million people in the
Northeast, Midwest and neighbouring parts of Canada in a matter
of minutes and left some without power for up to four days.
The blackout stemmed from overgrown trees coming into
contact with a handful of high-voltage lines in the
Cleveland-Akron area of Ohio.
A small local problem became a region-wide crisis because of
computer failures and errors by control room staff, which led to
serious violations of grid discipline and N-1 preparedness.
As a result, the control room was not aware of the mounting
dangers until it was too late to do anything about them.
Since the outage, all transmission companies have been
required to tighten up their plans for managing vegetation.
But the most important improvements concern better training
and systems for control-room staff to improve "situational
awareness" and reinforce operational discipline.
With proper discipline, it is extremely unlikely an attack
on one or even a couple of major substations such as Metcalf
could produce cascading power failures or widespread
instability.
Even if one or two major substations are rendered
inoperable, the industry carries sufficient spares to repair or
replace them.
Limited stocks of high-voltage transformers and other
critical equipment are kept in readiness by utilities and
transmission operators to deal with the aftermath of hurricanes
and can be shared through an industry-wide mutual aid system.
DISTRIBUTED DAMAGE
The real risk would come from an incident that caused damage
to a dozen or more hard-to-replace transformers or transmission
lines simultaneously.
If dozens of transformers went down at the same time, the
lights would certainly go off. Nuclear power plants as well as
coal and gas-fired generating stations would go into automatic
shutdown in response to the loss of load to protect vulnerable
equipment.
Power lines and substations would be disconnected by
protective relays to prevent them being damaged by power surges.
Electricity supplies to some customers could remain cut off for
weeks or even months as replacement transformers are obtained
from abroad.
Such a scenario is hard to imagine in the context of
ordinary criminal activity. It would require a conspiracy on a
vast scale, for which the best preparation is intelligence by
the National Security Agency and Federal Bureau of
Investigation.
But this is precisely what would happen in the result of a
large geomagnetic storm, an electromagnetic pulse (EMP) from the
air-burst detonation of a nuclear weapon, or a cyber-attack by a
hostile power or a terrorist organisation.
Of those dangers, a big geomagnetic storm is certain to
occur one day, though they remain rare. The precise amount of
damage it would cause is a matter of controversy.
According to the U.S. government's Oak Ridge National
Laboratory, a big geomagnetic storm or a burst of EMP could
certainly take out dozens of high-voltage transformers and leave
millions of customers without power for months.
("Electromagnetic pulse: effects on the U.S. power grid" 2010)
COMMISSIONER NORRIS
To his credit, one member of FERC grasped the problem. In a
gentle concurrence issued on March 7, Commissioner John Norris
explained his reservations.
"I remain concerned that our recent efforts ... have focused
too narrowly on the need to bolster the physical security of our
electric grid," Norris worried. "But I also think it is
important that we continue to equally focus our efforts and our
resources on other threats to our nation's grid, including cyber
threats, geomagnetic disturbances, electromagnetic pulses and
natural disasters."
He went on: "It appears to me that many people ... have
rushed to address the need for physical security solely in
response to the Metcalf incident ... But it has been well
understood for decades that our nation's grid has been
vulnerable to physical attack. We simply cannot erect enough
barriers to protect North America's over 400,000 miles of
circuit transmission and 55,000 transmission substations."
Norris expressed concern that billions of dollars would be
spent, with the cost passed on to customers, on erecting
physical barriers while other more serious threats go
unaddressed. Investments in better communications and control
equipment to make the grid smarter, more responsive and more
resilient would provide much greater security.
Grid companies have already spent an enormous amount of time
and money considering physical and other threats to the grid
since the 2003 blackout and the 2011 attack on the World Trade
Center.
NERC's Critical Infrastructure Protection Committee has
issued a 77-part set of guidelines for protecting the grid
against physical threats, in conjunction with the U.S.
Department of Homeland Security, the National Terrorism Advisory
System and the Electricity Sector Information Sharing and
Analysis Center (ES-ISAC).
The latest version of the guidelines was approved by NERC's
Critical Infrastructure Protection Committee in October 2013.
But in Washington, politicians must be seen to do something.
So FERC has ordered NERC to produce yet another set of
paperwork.
In its order, FERC acknowledged "the number of facilities
identified as critical will be relatively small". Many
substations will not be deemed critical.
"We also recognise that the industry has engaged in
longstanding efforts to address the physical security of its
critical facilities."
In its own way, the FERC order is harmless, but it
duplicates other work that has already been done and is a
distraction from more pressing problems.
(editing by Jane Baird)