An attack on the power grid by terrorists -- even ones armed with relatively simple weapons -- is among the greatest threats to the reliability of the nation’s power system, the chairman of the U.S. Federal Energy Regulatory Commission said.
“There are ways that a very few number of actors with very rudimentary equipment could take down large portions of our grid,” FERC Chairman Jon Wellinghoff said today at a Bloomberg Government breakfast in Washington. “I don’t think we have the level of physical security we need.”
The security of the power-network components such as transformers “is an equal if not greater issue” than cybersecurity, Wellinghoff said.
The agency two months ago created an office to help reduce risks to the electric grid and natural-gas and oil facilities. A terrorist attack on the system could cost hundreds of billions of dollars and result in thousands of deaths, according to a 2007 report that was declassified and released by the National Academy of Sciences on Nov. 14.
The FERC, which regulates the interstate transport of electricity, natural gas and oil, this year also has ramped up its enforcement against energy-market manipulation. Wellinghoff predicted that a recent surge in filings against energy traders would plateau, and said he had not decided whether to consider another term as chairman when his current one expires next year.
“A coordinated physical attack is a very, very unsettling thing to me,” Wellinghoff said.
Transformers, which alter the voltage of electricity, are often custom built for utilities and can take 18 to 36 months to make, according to Wellinghoff. They are also inadequately protected, often surrounded only by chain-link fences, he said.
An attacker “could get 200 yards away with a .22 rifle and take the whole thing out,” Wellinghoff said. For a “couple hundred bucks” a utility could install metal sheeting to block the view of transformers, he said. “If you can’t see through the fence, you can’t figure out where to shoot anymore.”
The report released last week by the National Academy of Sciences called for the government to work with utilities to create a stockpile of transformers and other equipment that would be used in the event of an emergency. The Edison Electric Institute, a Washington-based industry group for publicly traded utilities, is leading a pilot program to install additional devices.
Wellinghoff said utilities aren’t doing enough to protect the physical components of the grid. The FERC can work with power companies to make them aware of the security issues, develop strategies to lessen the risks and help them recover their costs, according to the agency’s chairman.
“If you do all those things then you might be able to get them to move,” Wellinghoff said. The FERC doesn’t currently have the authority to order utilities to take immediate grid-protection safety measures, he said. Wellinghoff said he would like to see Congress grant a government agency, though not necessarily the FERC, authority to more quickly respond to a potential threat to the nation’s infrastructure.
The agency on Sept. 20 announced the creation of its Office of Energy Infrastructure Security, led by Joseph McClelland, the FERC’s former director of reliability, to identify ways to lessen the risk of physical and cyber security threats. The unit will also work with other government agencies and the private sector, according to a statement.
Wellinghoff has served on the commission since 2006 and has been chairman since 2009. His term as chairman expires at the end of June, and he said he hasn’t decided whether he will consider an additional one.
He has overseen the growth of the FERC’s enforcement office after Congress in 2005 granted the agency the authority to fine those who jeopardize the grid’s reliability up to $1 million per day per violation.
The FERC is currently investigating separate instances of alleged market manipulation by JPMorgan Chase & Co., Barclays Plc and Deutsche Bank AG, among other probes.
“We’re in full enforcement mode,” Wellinghoff said. “We’re not at war with anybody. We’re simply trying to ensure that these markets are operating in a full and fair manner.”
The FERC in March reached a record $245 million settlement with Constellation Energy Group Inc. over alleged energy trading violations in New York. The company didn’t admit any wrongdoing.
Barclays has vowed to challenge the FERC’s proposal for a record $469.9 million in penalties related to alleged market manipulation in the western U.S. from late 2006 to 2008, and Deutsche Bank has disputed the agency’s proposed penalties of $1.6 million, saying the bank has done nothing wrong. The FERC on Nov. 14 suspended a JPMorgan unit’s energy-trading authority for providing inaccurate information to regulators, a penalty the bank says is unwarranted for what it called an inadvertent error.
Wellinghoff said he believes the fines proposed so far are adequate to deter traders from trying to game the markets. He also said the agency’s enforcement actions have probably “reached a plateau and will sort of stabilize out” now that the FERC’s enforcement office is well-staffed with about 200 people.
The FERC is now overseeing a U.S. energy infrastructure that is trying to adapt to extreme weather conditions such as superstorm Sandy, which pummeled the Northeast in late October, cutting power to more than 8 million homes and businesses.
While the storm primarily affected lower-voltage power lines, Wellinghoff said the disaster might help foster a broader look at the definition of electric-grid reliability and encourage the use of “distributed” generation, such as power produced by solar panels at a private residence.
“We have to start anticipating what will be our future with respect to both natural events and also events that may be perpetrated by those who would do us harm in the areas of physical and cybersecurity,” Wellinghoff said.