Security Issue

Addressing a Major National Security Issue;
A Successful Cyberattack on the Electric Grid


Recent news from the Cyber Security And Infrastructure Security Agency (CISA), under the Department of Homeland Security, is that it has found evidence that hackers in China (PRC) have invaded and placed programs inside both government and non-governmental US computer programs that manage major infrastructure in the United States. In the event of a conflict between the US and China, China could institute these cyber hacking programs to shut down not only the electric grid, but the delivery of water, the treatment of wastewater, and the operation of gas pipelines, as well as degrade military response. Director Christopher A. Wray of the FBI also reached the same conclusions in testimony recently given to Congress.

Ted Koppel, in his book Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, described the major national security issue of a successful cyberattack on the electric grid and the fact that the government and public are not prepared. The following paper describes the exposure and a civil defense plan to prepare the public. I have taken this up with the Secretary of Energy subject matter expert and he agrees with my analysis and plan. It is a major issue that needs to be addressed before it is too late.

During the last year, the states of Texas and California have faced electricity blackouts due to winter storms, fires, high winds, and high temperatures. Rolling blackouts have occurred, and have shut down parts of the electric system, leaving millions without electricity in freezing cold temperatures for days. However, there is another man-made action that could lead to major electric blackouts, and that is a cyberattack, causing a complete shutdown of one of the major electric grids in the US. This could leave tens of millions of Americans without electricity, water, gas, and wastewater treatment for weeks. This type of outage would last until each utility has restarted and then interconnected with all of the other providers. This restarting and interconnecting is termed a “black start”. There is further discussion of black start below.

Ted Koppel, in his book Lights Out, which is mentioned above, covers this national security issue, including the need to communicate with the American public about this very serious national security issue. The director of the FBI has recently stated that considering the recent successful cyberattacks against our Federal Government offices and businesses, it will just be a matter of time before one happens to our major utilities

Below is a discussion of what would happen if the Western grid interconnection should suffer a cyberattack and have to shut down. Thirty-one utilities interconnected to the loop would go black and up to 60 million Americans would be without electricity, water, gas, and wastewater treatment for about three to six weeks. They would not be prepared to handle such an attack.

The good news is that we can be prepared, and the recent Texas blackouts really demonstrate to us that we need to be prepared. Below is a CIVIL DEFENSE PLAN that each state and territory should use in case of a shutdown of the supply of electricity.

The following is part of an exchange I had about the policy and process issues relating to preparing for cyberattack issues on the electric grid. I know a great deal of work has been done to develop emergency plans to respond to earthquakes, but cyberattacks are man-made, and at this time, probably much more likely. The public is totally in the dark about this situation, and the threatened impacts are far too significant for this state of affairs to continue.

As mentioned above, the director of the FBI agrees that a cyberattack will happen to the electric grid and other major infrastructure. My concern is that there will be a massive shutdown of electric service and our families will not be prepared to respond to it.

A successful cyber-shutdown of the Western Electric Grid Loop is a major national security issue. This estimate is based on how long it will take each utility to restart (black start) its individual control area. There is a specific process that a utility must follow to black start its electric system. The utility must start one of its firm power (coal, gas, nuclear, hydro, or biomass) generators and then power up the large A-substations around the generator. Then power would be routed to the next closest generator and its A-substation, and interconnect those two generators. Then the process would be repeated with the next nearest generator and interconnect with the two other generators. This restart process must be repeated one generator at a time until the entire control area is returned to functionality from an electrical standpoint. Only then can the utility interconnect with its neighboring utility that has also stood up its control area! Then this interconnection process will continue until all 31 utilities on the Western Grid Loop are once again interconnected. I estimate that this will take three to six weeks but electric systems experts can be more exact. My point is that 60 million people will be without electricity for an extended period of time, so what can be done to make sure they survive this extended electric outage?

Properly defining the exposure to the public and preparing to respond to it is critical to maintaining reliable electric service. It is also a way to bring environmental balance back to the 31 interconnected electric utilities, because of the need to maintain sufficient firm generation resources, ie. coal, nuclear, gas, hydro, and biofusion, rather than solar and wind resources, within the control areas of these interconnected utilities.

First, there is a need to question a number of existing California and federal policies, such as the California Resource Board’s once-through-cooling regulations, which shut down existing firm generating resources that will be necessary to black start a number of control areas. To black start areas, here is what happens: Isolated power stations are started individually, then they are gradually reconnected to one another to form an interconnected system again. It is used when the grid experiences a blackout and must be restarted from scratch.

Second, it brings into question the 50% Renewable Policy Standards and whether compliance with these standards will leave sufficient firm resources within each control area to black start the control areas.

Third, it brings into question the EPA regulation to shut down coal-fired units. There may be a need to exempt certain units for national security reasons.

Finally, the Federal Energy Regulatory Commission’s, (FERC), continuing push for competition needs to be put into question. For example, FERC Order 1000 needs to be put into question. The more we bifurcate the vertically integrated systems, the harder it will be to control them if a successful cyber attack occurs. The concept of restructuring needs to be reviewed and at the least, IOUs need to be given the right to build firm power resources necessary to black start their control areas and the local air quality agencies need to be mandated to issue the necessary Emission Reduction Credits to build the necessary firm generation.

I agree with the CISA and the FBI that a successful cyber attack will happen. Therefore, comprehensive federal and individual state plans need to be devised. I wrote to a Washington DC lawyer and asked if the California ISO had black start plans in case of an attack. He said yes, but they are confidential for security reasons. For the reasons set forth above and other facts I know, I cannot believe that these plans are complete. The fact that this issue has not been raised to civil defense and major policy issues shows that the government is not in command of the problem, or does not have the problem sufficiently on its radar.


Major Civil Defense Plan


In approaching a major civil defense plan to respond to the exposure of having the Western Electric Loop shut down due to a cyberattack, there are a number of steps that need to be taken in planning for a unified government, electric, gas, and water utility response.

First, the public needs to be educated on the importance of this serious national exposure, and every family unit should be encouraged to have three weeks of water and dry foodstuffs in store, as well as a heat source to cook them. This is exactly like earthquake planning in Southern California, except all the structures are left standing.

All emergency generators will be started, and sufficient fuel for these generators will be maintained at their locations for six weeks. A complete inventory of the locations of the emergency generation will be conducted by the county governments, along with each city government. Additional generators will be acquired at centralized shelters to provide heating or cooling centers for the local population. Facilities with solar power should install storage batteries to make maximum use of the solar power that can be generated each day. Finally, emergency generators should be placed at all water and gas pumping stations as well as at all water purification plants. Gas stations should be required to have emergency generators, as well as all police and fire stations. Major government offices should also have emergency generators. Next, emergency generators will be required at all hospitals, assisted nursing homes, and other essential medical and emergency facilities. Also, grocery stores and food and water storage and distribution facilities should have emergency generators as well.

Second, the state and county governments, in coordination with FEMA, (the Federal Emergency Management Agency), will take control of all public and private food and fuel distribution centers. Pursuant to a coordinated federal, state, regional, and local government civil defense plan, food and water for the population in each county for a period of an additional three weeks needs to be distributed. Central distribution centers at churches and schools need to have been set up ahead of time and a specific implementation process put in place. Also, the National Guard needs to be prepared to be called up, along with all available police, sheriff, and state troopers in order to maintain order.

Each electric utility should be broken into it own electric control area and given the responsibility to completely black start its individual control area within three weeks. The assured deliverance of the required natural gas to power the firm generating resources must be assured in advance. The black start will begin around the substations that are close to the firm generating resources, and slowly move out from there. Because of the break up of the vertically integrated utility, an emergency plan must be developed between the distribution, transmission, and generation utilities in each control area on how to black start the individual control areas.

Primary focus should be put on black starting the firm generating facilities that will keep the water and gas utilities running. Next, education of the public on how the black start process will work and how the civil defense plans will work before and during the restoration process needs to take place. We have earthquake plans similar to this, but cyberattacks are more likely, and the response will be different and can be much more manageable.

For the first two weeks, only authorized vehicles will be allowed on the streets except in an emergency situation or at designated times set for going to food and water distribution centers.
This whole process should be completed in three weeks but should be designed to stretch out to six weeks if necessary. At this point in time, the control areas should be designed to function for six months without reconnecting to the loop. This will provide time for a determination of how the cyber attack occurred, and for a solution to be developed to fix and stop it. In addition, the civil defense plans should be reviewed and modified where necessary. Also, all water and foodstuff should be replenished.

Finally, this plan to prepare for a cyber attack must be repeated on the other three electric grids, (midwest, eastern, and Texas) in the US.