What do the sun, growing trees, and cyber-terrorists have in common? One might think this question is the lead-in to a joke to by a comedian with a particularly bizarre sense of humor. It is in fact the latest list of subjects to be addressed in the electric reliability arena. At yesterday's monthly public meeting, the Federal Energy Regulatory Commission ("FERC") issued new orders directing action to improve management of vegetation, which can grow into and short out electric equipment, and to protect the nation's electric system from the geomagnetic anomalies than can arise from solar storms. Meanwhile, arguments about cyber-security threats continue to generate a lot of heat but not much light.
Let's address each of these topics in turn, starting with vegetation management. Managing trees and shrubs that grow around electric transmission and distribution lines is a constant concern of electric system managers because trees growing into power lines can cause them to short out. In fact, many of the major outages that have afflicted the North American electric grid can be traced back to major transmission lines that short out as a result of contact with untended vegetation. For example, the August 2003 blackout that left much of the eastern U.S. and Canada in darkness, and the 1996 outages that left much of the West Coast without power, can be traced back to transmission lines that contacted trees, leading to major cascading outages.
To address such concerns, FERC, in an order issued yesterday, proposes to accept the North American Electric Reliability Corporation's ("NERC") new vegetation management reliability standard, FAC-003-2, but with one important modification.
The new standard expands the reach of NERC's vegetation management standards, which currently apply only to transmission lines operating above 200 kV, to include important transmission pathways that operate below 200 kV. For utilities operating in the Western Interconnection, this includes all WECC Major Transmission Paths, including several such paths that operate at 115-kV. The new standard also requires annual inspection of all covered transmission lines and annual completion of 100% of required vegetation management work. This should discourage any tendency to cut costs by delaying maintenance related to vegetation management.
While FERC generally proposes to adopt FAC-003-2 as drafted by NERC, the order includes one major exception. Under the existing rule, a violation of the vegetation management standard is treated as a "medium" Violation Risk Factor. On this point, FERC remands the standard to NERC and directs that such violations be treated as a "high" Violation Risk Factor, making violations subject to potentially much more severe fines. This change suggests that seriousness with which FERC views vegetation management violations. Comments on the order are due in mid- to late December, depending on when it is published in the Federal Register.
At yesterday's meeting, FERC issued a second order concerning reliability, this one proposing measures to protect the grid from "geomagnetic distrurbances" ("GMDs"). GMDs are generally driven by solar storms or solar flares, but can also be caused by nuclear weapons and certain specialized electromagnetic pulse weapons. While occurring rarely, GMDs can have severe consequences for the electric grid. For example, a solar storm in 1989 produced a GMD that knocked out much of the electric grid in the Province of Quebec.
To address these potential threats, FERC proposes a two-step approach, to be developed in a NERC-led standards development process. In the first step, to be effective 90 days after the NERC standards development process is completed and the final rule is adopted by FERC, owners and operators of Bulk-Power System assets would be required to develop operational procedures to mitigate GMD impacts on the Bulk-Power System. In the second phase, NERC would develop reliability standards, to be effective six months after approval by FERC, that would require owners and operators of Bulk-Power System components to assess the vulnerability of those components to GMD, and to develop plans to address these vulnerabilities, which could range from, for example, installation of protective equipment to inventory controls that would allow phased retirement of equipment that cannot be retrofitted.
The proposed rule is the result of considerable work at FERC and elsewhere over the last few years examining the potential impacts of GMDs and assessing the potential costs of controlling the damage caused by GMDs to the electric grid. For example, the Oak Ridge National Laboratory recently completed a series of studies suggesting that a severe solar storm could produce $1 to $2 trillion in economic damages and require two to ten years to recover, while protective measures could cost as little as twenty cents per year for the average residential customer. Comments on the proposed rule are due in mid- to late December, depending on when the proposed rule is published in the Federal Register.
Cyber-security has also been a major topic of conversation recently. For example, in a speech last week, Defense Secretary Leon Panetta argued that terrorists could launch a "cyber Pearl Harbor," and retiring Rep. Norm Dicks (D-WA) warned of a "cyber 911." All the scary talk has, so far, produced little concrete action in Washington, DC, with cybersecurity legislation stuck in election-year limbo.
While Congress fiddles, however, FERC has taken a concrete step to address cybersecurity in the electric industry by creating a new Office of Energy Infrastructure Security, which will be headed by Joseph McClelland. McClelland previously headed FERC's Office of Electric Reliability and played a major role in FERC's efforts to implement its new responsibilities, created by the Energy Policy Act of 2005, to oversee mandatory electric reliability standards. The new office will be responsible for coordinating cybersecurity efforts between FERC, other government agencies, and the private sector.
In addition, the Department of Homeland Security and the Department of Energy have recently scheduled a series of briefings for the energy industry, in both classified and unclassified formats, that will provide new information about cybersecurity threats targeting energy infrastructure. Briefings in the Western U.S. are scheduled for Denver on October 24 and, tentatively, for San Francisco on October 25 and Anchorage on October 30. Entities interested in attended are asked to send an email to DOE's Suzanne Lemieux (Suzanne.firstname.lastname@example.org) with the full name, organization, the desired session date and location, and, if applicable, the security clearance of the person to attend, including the organization that holds the clearance. These briefings may help address one of the major concerns of individuals in the electric industry attempting to address cybersecurity threats, which is that it is difficult to effectively prevent such threats with most of the information about them has been classified.