Much of the energy infrastructure upon which the Department of Defense depends is commercially owned.
The Department of Defense relies on commercial electric power for nearly 99% of its power needs at military installations.
As such it is vulnerable to indirect attacks which could aim to disrupt or shut down electrical power to defense assets.
Currently, the scope of the reliability standards is limited by section 215's definition of the bulk-power system, which specifically excludes `facilities used in the local distribution of electric energy.' section 215 of the Federal Power Act provides an adequate statutory foundation for the ERO to develop most reliability standards for the bulk power system.
However, the nature of a national security threat by entities intent on attacking the U.S. through vulnerabilities in its electric grid stands in stark contrast to other major reliability vulnerabilities that have caused regional blackouts and reliability failures in the past, such as vegetation management and protective relay maintenance practices.
Widespread disruption of electric service can quickly undermine the U.S. government, its military operations and security, and the economy, as well as endanger the health and safety of millions of citizens.
Given the national security dimension to this threat, there may be a need to act quickly to protect the grid, to act in a manner where action is mandatory rather than voluntary, and to protect certain information from public disclosure.
Accordingly, these standards do not apply to lower-voltage distribution facilities that serve critical electric infrastructure, such as certain defense facilities.
For example, the current interpretation of bulk power system excludes virtually all of the grid facilities in certain large cities such as New York.
In addition, the provisions of section 215 do not apply to Alaska or Hawaii, where a number of important federal installations are located.
CYBER ATTACKS
Another area of concerns regard cyber security.
Public reports relating to cyber security vulnerabilities and threats have increased in recent years. In 2010, almost two-thirds of firms in the United States reported that they were the victim of “cyber security incidents or information breaches”, while the volume of malicious software on American networks more than tripled from 2009. Such attacks could adversely affect defense facilities – so it represents a national security concern.
Over the past five years, the number of incidents reported by federal agencies to the United States Computer Emergency Readiness Team (US-CERT) increased from 5,503 incidents in fiscal year 2006 to about 41,776 incidents in fiscal year 2010. The commercial electric power grid increasingly faces threats that could lead to power disruptions. In July 2010, malicious software was discovered that appears to have been created specifically to attack industrial control systems widely used in electric power plants and at other important infrastructure. Since January 2010, NERC has issued 14 alerts to address a variety of cyber security-related issues and vulnerabilities.
In circumstances involving a cyber security threat to reliability, there may be a need to act decisively in hours or days, rather than weeks, months, or years. Existing NERC processes for adoption of reliability standards do not offer a timely means of responding to imminent cyber security threats and vulnerabilities. This is something that poses at threat to defense facilities which depend on commercial power generation.
“The Pentagon does not really have an answer to this problem of energy security, that is precisely because it is so dependent upon commercial facilities”, says Ronald Fuller of Charlotte, an electrical engineering major.
TERRORIST ATTACK
A terrorist attack that caused a long-term grid disruption "could significantly affect our military forces globally -- potentially blinding them, neutering their command and control, degrading their mobility and isolating them from their principal sources of logistics support," Paul Stockton, the Pentagon's assistant secretary for homeland defense, was quoted as saying recently in the online journal Homeland Security Affairs.
A board of outside experts tasked by the Department of Defense to study the issue found in a 2008 report that there are “significant gaps in DOD's ability to prevent and respond to major electrical outages.”
"Critical national security and homeland defense missions are at an unacceptably high risk of extended outages from failure of the grid," the Defense Science Board concluded. "The grid is fragile, vulnerable, near its capacity limit, and outside of DOD control. In most cases, neither the grid nor on-base backup power provides sufficient reliability to ensure continuity of critical national priority functions and oversight of strategic missions in the face of long-term (several months) outage."
And while the Pentagon has joined interagency efforts to beef up grid security, experts say solutions remain elusive. Four years after the Defense Science Board report, DOD has yet to define what "energy security" means at its bases, let alone how to assure it, according to dozens of interviews with military officials, lawmakers, defense energy experts, project developers and utilities.
Some argue that all military facilities should be able to operate off the grid for an unlimited period of time, a concept called "islanding." This idea has fallen out of favor with some officials I have talked to at the Pentagon, as the focus recently has been on budget cuts and ongoing wars and military interventionism around the world.
Others inside the Pentagon recognize the need but refuse to talk about it citing national security concerns.
The Defense Science Board published a “classified appendix” to one report on this issue that lists multiple facilities where the board believed building this limited form of islanding is most important. Officials would not elaborate and I have been unsuccessful requesting the appendix.
What this would actually mean depends on the installation. So far I have only been able to identify a list of 30 facilities which are vulnerable. For security reasons I have decided not to list these sites. While it is true that certain sites focused on training may be able to stay offline for a while, it should be understood that facilities involved with battlefield missions like drone flights or real-time intelligence analysis likely cannot afford a gap.
“The Pentagon needs to recognize this, if they have not already”, said William Black of Charlotte, a Pentagon watchdog, who agrees that energy security is an issue the Pentagon hasn’t really addressed.
Everyone I talk to recognize that energy and power reliability for the military should be a priority.
Robert Tilford
Charlotte, N.C.
Comments