By Kathleen Davis, Associate Editor
The repercussions of September 11 are being felt in every fold and wrinkle of the American fabric, and the power industry is no exception.
Consolidated Edison felt a direct hit that day: two substations destroyed in the World Trade Center attack, 12,000 customers without power. It took 140 crews nearly a week to restore power, and the physical and economic losses lowered both stock prices and revenues for the company.
Targeted effects of terrorism on a U.S. utility are unprecedented, and the possibilities of further terrorist action have left an entire industry wondering whether it is truly prepared for what may come.
Are we ready?
Lou Leffler, manager of projects with the North American Electric Reliability Council (NERC) and coordinator for the electricity sector in the Critical Infrastructure Protection (CIP) program-formed in 1997, the president’s commission on CIP established the DOE as sector liaison for electricity and NERC as sector coordinator-stated that awareness of possible terrorist threats is not as new as it may seem.
“The industry has always been concerned about this,” Leffler said in an interview with EL&P. “It goes back to the ’80s when the first stirrings of terrorism began to cross our agenda, and even perhaps before that.””Obviously, it’s heightened now,” he added.
In fact, NERC has been working with DOE and the FBI on infrastructure issues for nearly 20 years. It just hasn’t been such a front-burner issue in the past. The CIP has been in place for only a couple of years, with its two main emphases-before the events of September 11-both physical and cyber security.
Leffler admitted that one thing that NERC and CIP hadn’t really defined was the “alert level” process, but after September 11, NERC’s senior management deemed it necessary to react, so they put the industry on full alert status-even though full alert status hadn’t yet been fully defined.
“We needed to make a statement, and we did. At that time we said that the industry would be at ‘full alert status,’ and we’ve been working since then to better codify these terms,” Leffler admitted. “Full alert status may mean one thing to Kathleen Davis; it may mean something else to Ellen Vancko [a NERC spokesperson] or to Lou. So, we are working on the process of creating more detailed codes.”
Dr. Karl Stahlkopf, vice president of power delivery at the Electric Power Research Institute (EPRI) and a prominent member of EPRI’s internal task force on security, told EL&P that the power industry already has elements of protection in place that could be used to react to terrorist threats. Utilities usually turn to them during weather-related problems.
“The infrastructure that we currently have is very robust, and it has to deal with all sorts of natural challenges-earthquakes, fires, floods, hurricanes, tornadoes, and, by and large, we’ve done a very good job in recovering from natural disasters, keeping the local problems from propagating more globally,” he stated.
Allen Rose, a vice president of Black & Veatch’s special projects group who specializes in security engineering, agrees with Stahlkopf. Rose, too, brought up the fact that a utility’s preparation for environmental disasters gives an accurate view of their preparation for terrorist threats.
“I think you’ll find that the utilities along both coasts may be a little better prepared [for a terrorist attack] because they are impacted by natural disasters more frequently than we are here in the Midwest,” said Rose.
Where the trouble is
“It’s clear to us-as one takes a look at how the U.S. itself went after infrastructure in the Balkan war and Iraq-that the electric infrastructure is one of the very first elements attacked,” Stahlkopf added. “We’re seeing the same sort of thing in Afghanistan now; they’re trying to knock out the electric infrastructure.”
Should such military efforts move to domestic soil, Stahlkopf believes that power will be high on the list of targets. “For all practical purposes, electricity is the oxygen of American society. Needless to say, the shock value of losing electricity would certainly be enormous. We’d like to make sure that sort of thing doesn’t happen,” he said.
According to Stahlkopf, the interconnectivity of the grid could be its greatest problem. With the U.S., Canada and part of Mexico tied together in three large synchronous regions, an outage in California could reach all the way up into British Columbia.
Stahlkopf believes this makes the electricity system quite unique when compared to water and gas systems, with the additional detriment of being unable to store electricity.
“The strength of the system is the fact that it has multiple redundancies. The weakness of the system is that it is all interdependent. So the strength is tied to the weakness,” Stahlkopf stated.
Leffler also sees the glut of facts and figures available on the power industry as a potential security flaw.
“[NERC is] concerned with data/information security, the wealth of information that is too available. We are seeking to secure that which we consider to be potential ‘road maps’ or ‘blueprints’ for terrorists,” he stated.
Rose, on the other hand, believes that the weakness may lie in industry reactions. Power companies react to outages, but prevention may be the key.
“What we’re finding is most utilities are geared more toward response as opposed to prevention or delay type activities,” Rose said, adding that Black & Veatch sees the focus for emergency plans moving more toward prevention and detection, as opposed to simple response.
The new plan
Leffler, Stahlkopf and Rose all agreed that the industry is already responding to possible terrorist action.
Leffler stated that NERC has daily conference calls with their 21 security coordinators, who are charged with the reliability of the power system and are now having to factor possible terrorist threats into their daily operations. He also stated that NERC keeps in close contact with DOE and the FBI to keep information on possible terrorist actions readily available to the power industry.
Stahlkopf, in fact, sent kudos NERC’s way, saying they have done an excellent job so far. EPRI has also reacted to the September 11 attacks, forming an internal task force and working with other new industry organizations to discuss security issues and possible solutions. Stahlkopf pointed out that the Edison Electric Institute (EEI) has put together a CEO task force to look at questions of terrorist actions, and he suggests that all utilities check in with EEI to keep themselves updated.
“There is concern at the highest level that the industry prepare itself and be thoughtful about its approaches to treating these issues,” he said. “With the EEI task force and NERC, among others, the industry certainly has a heightened awareness and sensitivity to what potential threats might be.”
“There’s quite a bit more going on than meets the eye,” he added.
Rose believes that both physical and electronic threats have been issues since the hubbub surrounding Y2K, giving the industry a bit of a leg-up at this point.
“In the past few years, the industry as a whole has been very aware of their vulnerabilities and has taken steps to either correct or isolate them,” Rose stated.
Judging how to move forward from here, however, requires a lot of thoughtful weighing: Will the potential threat of terrorist action equal or outweigh the possible costs of heightened security?
Know the enemy
“I think it’s difficult to assess what degree the threat truly is,” Stahlkopf said. Local and individual threats are not so much an issue to Stahlkopf, since such actions would be akin to an outage from a natural disaster. He does believe, however, that the possibility of a coordinated attack that could affect the system more broadly may warrant further study.
“How is this all going to evolve? I really don’t know. Is there going to be an attack on infrastructure? We won’t know until it happens. But, I think it is appropriate to examine our systems very closely, understand what the vulnerabilities are and make those vulnerabilities known to people inside the industry, leading to a learned discussion about whether it is feasible to protect against that threat or not,” he concluded, adding that EPRI and other task forces are working on possible threat scenarios and potential damages.
Leffler suggests that-on an individual level-a utility should consider tightening security at the boundaries of a facility, having telemonitors, and thoroughly examining the security of ports and firewalls.
Rose, however, pointed out that utilities’ individual reactions could differ widely, depending on the utility’s comfort level to accept or reject risk.
“That’s completely up to the utility,” Rose stated. “I don’t think-in the country as a whole-you’ll see a military or paramilitary presence guarding utility infrastructure, but it depends really on what the utility has seen in the past and how they want to protect their particular assets.”
Rose added that most utilities he has spoken to are aiming more toward employee and customer awareness rather than the “men with guns” approach. According to Rose, awareness programs can be more cost effective while keeping the general public panic to a minimum.
All in all, no one has a definite plan for the future just yet, for the industry finds itself in new and uncharted territory.
“The probabilities of certain types of events have always been based on historical performance,” Stahlkopf said. “And with Sept. 11 historical performance went out the window.”
Leffler can be contacted via Ellen Vancko (Ellen.Vancko@nerc.net). Stahlkopf can be reached via Jacquard Spivey (Jspivey@epri. com), and Allen Rose can be contacted directly at 913-458-6611 or firstname.lastname@example.org.
This is the first installment of a series of security features in EL&P. Nuclear plant security will be the subject of the second installment slated for the January 2002 issue.