Members of Congress went to Moore County, N.C., on Friday to hold a field hearing on the substation attacks there in early December that knocked out power to 45,000 customers, and which remain unsolved.
Rep. Jeff Duncan, R-S.C., chair of the House Energy & Commerce Subcommittee on Energy, Climate and Grid Security said the hearing was part of an effort to gather information for possible changes in law to better protect the grid.
“There have been several grid security incidents that have occurred recently, that we’re examining as part of our oversight responsibilities,” Duncan said. “Within the last year, we’ve seen electrical transmission substations attacked in Tacoma, Washington, and right here in Moore County. Both of these attacks resulted in blackouts that affected tens of thousands of people for multiple days.”
The Colonial Pipeline was hit by a ransomware attack in May 2021, and the subcommittee is looking into all three attacks for lessons learned to see if critical infrastructure protections would benefit from new laws, he added.
William Ray, North Carolina Department of Public Safety’s Director of Emergency Management, said information-sharing laws could be updated so the government can better coordinate with private owners of critical infrastructure.
“The percentage of the Department of Homeland Security defined critical infrastructure sectors owned by the private sector is significant,” Ray said. “We must evolve and recognize that public or private, we need the members of those 16 sectors at the table and partnerships in which they can be fully transparent.”
The information-sharing protections in place now do not adequately support open, honest and transparent dialogue between the public and private sectors, he added. Both private sector and public information need protections, while also sharing between relevant parties.
“Current federal and state information sharing, and intelligence protections do not fully address the need for open dialogue, while protecting the parties engaged as well as limiting information sharing due to classification requirements,” Ray said.
While electric infrastructure has always been targeted by copper thieves, the industry has seen an uptick in incidents that can only be described as sabotage, said Tim Ponseti, SERC vice president of operations.
“Fortunately, the bulk power system has built into it extraordinary levels of redundancy, which enhances reliability increased resilience,” Ponseti said. “It takes widespread system damage, like from a hurricane or tornadoes or ice storms, or target attack, like what happened in Moore County, to leave a large number of people in the dark for an extended period of time.”
Critical Infrastructure Protection (CIP) Standard 14 was put in place after the Metcalf Substation attack in Northern California a decade ago and it requires the industry to ramp up physical security around the most important substations that have the biggest impact on reliable operations of the grid.
Since the Moore County attack, Duke Energy, which owned the substations attacked, has been working to ensure that any substation that would lead outages if knocked out also gets heightened protection, said Mark Aysta, Duke’s managing director of enterprise security.
“We’re shifting from a tiered ranking system, focused largely on an asset’s impact to the bulk electric system, to a tiered approach with a greater focus on potential impact to customers,” Aysta said. “It’s through this lens, we’ve identified opportunities to increase security and surveillance and we’re developing implementation schedules for this work.”
While some substations can go down and grid operators can just reroute the power to avoid any significant customer impact, that is not possible at other substations and Duke is increasing security around the latter, he added.
Duke has also identified electrical components that might have long lead times to manufacture and is working to make sure it has backups on hand to bounce back after any future incidents, said Aysta.
“But we understand that even with a robust strategy of deterrence and monitoring, no utility can completely eliminate the risk of an attack,” Aysta said. “That’s the reality of operating an electrical system that extends across nearly 100,000 square miles, and includes thousands of substations, and millions of components. It is why we firmly believe grid resiliency must be a part of the conversation.”
The same technology that can detect outages from storms, isolate problems and reroute power to restore service to customers can be used to mitigate the impact of an attack on the grid. Resiliency investments are a major part of the $75 billion Duke is spending on grid improvements for its electric utilities over the next decade, Aysta said.