Utility Automation & Engineering T&D - House Committee on Homeland Security urges FERC chairman to investigate grid security

Concerned about the results of a secret experiment conducted for the Department of Homeland Security (DHS) in which a generator was destroyed by a cyber attack, the House Committee on Homeland Security urged Federal Energy Regulatory Commission (FERC) chairman Joseph Kelliher to investigate the implementation of certain measures to mitigate security vulnerabilities across the electricity sector. The request came in the form of a letter to Kelliher from committee members James Langevin (D-RI), Michael McCaul (R-TX), and Shelia Jackson-Lee (D-TX).

The experiment, called "Aurora," that alarmed the committee members was conducted in March 2007 by the Idaho National Laboratory for DHS. The exact details of the experiment have not been made public, however the letter states, citing news reports, that "the attack involved a controlled hack of a replicated control system commonly found throughout the [bulk-power system]." The researchers who launched the attack succeeded in destroying a generator. DHS released a video of the generator sputtering, smoking, and then stopping. (View the video of the attack here.) The authors of the letter worried that the same sort of attack could be used against larger generators to "cause widespread and long-term damage to the electric infrastructure of the United States."

DHS and the Department of Energy (DOE) developed "mitigation strategies" to prevent the exploitation of the vulnerability laid bare by Aurora and asked the North American Electric Reliability Corporation (NERC) to require electric sector owners and operators to implement the strategies.

However, the letter states that FERC denied NERC's ability to issue a "required action" for anything but "specific action in the context of violations or possible violations of Commission-approved reliability standards." NERC can only issue recommendations to electric sector owners and operators.

As a result, the letter says, NERC found that two weeks after issuing a recommendation to implement the mitigation measures, only 15 percent of respondents had put the measures into action. Four weeks after the recommendation was issued, NERC, the letter says, "allegedly found that 100 percent of the sector implemented the advisory's mitigation measures."

The authors asked Kelliher to immediately investigate the veracity of NERC's results and to determine what percentage of owners and operators thought the measures were recommendations or requirements; to explain which department or body has the regulatory authority to issue a "required action" and what legal changes may be required to more immediately respond to vulnerabilities; and how the government can ensure a complete mitigation of vulnerabilities as the are discovered.

Want to stay Current? Listen to Currents: The Energy News Podcast brought to you by Utility Automation & Engineering T&D and Electric Light & Power online. For the a list of all available episodes, click here and start listening today. And for more news and exclusive features from Utility Automation & Engineering T&D and Electric Light & Power online, please click here.

Add RSS Feed