Joint Hearing on Implications of Power Blackouts for the Nation's Cybersecurity and Critical Infrastructure Protection: The Electrical Grid, Critical Interdependencies, Vulnerabilities and Readiness
Paul H. Gilbert, PE, NAE
Panel on Energy Facilities, Cities, and Fixed Infrastructure
Committee on Science and Technology for Countering Terrorism
National Research Council
The National Academies
Director Emeritus of Parsons Brinckerhoff, Inc.
Cybersecurity, Science and Research and Development Subcommittee
Infrastructure and Border Security Subcommittee
Select Committee on Homeland Security
U.S. House of Representatives
September 4, 2003
Good afternoon, Chairman Thornberry, Chairman Camp, and members of the Subcommittees. My name is Paul Gilbert. I am an officer and director emeritus of Parsons Brinckerhoff, Inc. I am also a member of the National Academy of Engineering and was Chair of the National Research Council Panel responsible for the Chapter on Energy Systems for the NRC Branscomb-Klausner Report: "Making the Nation Safer: the Role of Science and Technology in Countering Terrorism". As you know, the NRC is the operating arm of the National Academy of Science, National Academy of Engineering and the Institute of Medicine, chartered in 1863, to advise the government on matters of science and technology. The subject report was the product of the mobilized academies following the 9/11 attacks. Some 130 volunteers from every branch of science, engineering and medicine assembled to undertake this work on an urgent basis with the report production financed entirely with private funds of the Academies. The report was first presented in June of 2002. It is a pleasure to come before you today to assist in focusing attention on the vulnerabilities of our Electric Power Systems, including their cyber sub systems, and the enormous dependence of other critical infrastructure on the electric supply.
Our basic infrastructure systems are a highly integrated, mutually dependent generally highly utilized set of infrastructure components that provide our communities and way of life with vitally needed services and support. These include the electric power and our food supply, water supply, waste disposal, natural gas, communications, transportation, petroleum products, shelter, employment, medical support and emergency services, and all our other basic needs. While all these elements are essential to our well being, only one has the unique impact if lost of causing all the others to either be seriously degraded or completely lost. And that, of course, is electric power. Our technically advanced society is literally hard wired to a firm reliable electric supply.
That electric supply system has, over the past decade taken on significantly greater loads (power demands) and has also undergone a makeover from being a highly regulated, vertically integrated utility industry to one that is partially deregulated, far less unified and not so robust and resilient as it was. The generation side is essentially deregulated and operating under an open market set of conditions where competitive price, low operating costs and return on investment are rewarded with profits and bonuses. At the same time the transmission sector remains fully regulated and limited from taking steps to meet growing demand with new capacity by uncertainty in knowing how such investments will be paid for under regulatory bodies that are tasked to see that power is delivered to rate payers at minimum cost. Where possible, operating costs have been reduced by installing automated cyber controllers, SCADA units and LANs, to perform the functions that people had previously performed. In general, control is now more centralized, spare parts inventories are reduced, and systems are highly integrated across entire regions.
This dramatic change has played out with the result that the in-place electrical systems assets today are typically being operated very efficiently at close to the limit of available capacity. In this mode, another characteristic of such systems appears. When operated near their capacity, these systems have little margin within which to handle power or load fluctuations. Thus they are quite vulnerable to being brought down by operating fluctuations that exceed their remaining margins. Shutting down becomes the only way a system element has of protecting itself from severe damage when load exceeds capacity. But the loss of a piece of the grid, a section of transmission line, does not end the problem. The line down takes with it the power it was transmitting. A connected power plant, having no connected load must also shut down. In these highly integrated grids, more lines have imbalance problems and more plants sense capacity problems and so also shut down. This cascading spreads very rapidly in many directions and in seconds, an entire sector of the North American grid can be down. We had a living example of this event, this past month, caused by an accident. We were fortunate to see the power return in so short a time.
The exact same consequences could too easily be reproduced by an attack from a small trained terrorist team as was hypothecated in the Making the Nation Safer report. Several critical nodes in the grid, taken out in the most damaging manner is the terrorist attack. What is caused is the terror flowing to all of us from the attack. Recovery in the case cited might take weeks or months, not hours or days, and the damage done to our people and our economy would be enormous.
While the report does not speculate on the extended consequences of such an event, I have been asked to do so here and so offer this as personal opinion. Because our critical infrastructure is so completely integrated, with the power out for even a day or two, both food and water supply soon fail. Transportation systems would be at a standstill. Wastewater could not be pumped away and so would become a health problem. In time natural gas pressure would decline and some would loose gas altogether. Nights would be very dark and communications would be spotty or non-existent. Storage batteries would have been long gone from the stores if any stores were open. Work, jobs, employment, business and production would be stopped. Our economy would take a major hit. All in all our cities would not be very nice places to be. Some local power grids would get back up and so there would be islands of light in the darkness. Haves and have-nots would get involved. It would not be a very safe place to be either. Marshal law would likely follow along with emergency food and water supply relief. We would rally and find ways to get by while the system is being repaired. In time, the power will start to come back. Tentatively at first, with rolling blackouts and then with all it glory. Several weeks to months have passed, and the clean up would begin. This is one man's opinion.
We have the means to limit the kind of disaster that has been speculated upon above. The recommendations provided in Chapter 6 of the report address actions that are designed to minimize the immediate vulnerabilities of the electric power systems and then to seek longer-term solutions. Those recommendations are as to the point today as they were when published 15 months ago.
- The recommendations begin with immediate attention is needed to mobilize the leadership and then the resources of people and organizations to first determine the proper roles for each interested party and then to come together, meet and develop needed plans.
- Issues that deter open discussions among the private and governmental parties need to be resolved immediately. These include antitrust, liability and FOIA.
- Review by government of the institutional and market settings (regulated and deregulated and open free market) for the industry needs attention to focus the inherent incentives on what the nation needs to live safely.
- Mobilization of tools now employed by the military to analyze vulnerabilities should occur, perhaps transferring them to DHS for use with the grids.
- Coordinated studies are indicated to identify the most critical equipment in the respective power systems and to describe the protective measures to be taken with each.
- Simulation models of these highly complex grids are indicated that are capable of identifying points of greatest vulnerability and reserves on operating capacities.
- Statutory action is indicated to allow recovery crews to immediately enter what would then be a crime scene following an attack to commence the work of repair, recovery, and restoration of service.
- The regulatory bodies must be encouraged to find the means for transmission organizations to define costs for counter terrorism improvements and for recovering those costs from their operations or from other sources.
- The use of SCADA systems in an unprotected configuration should be addressed and expert advice obtained regarding the options available to correct the vulnerabilities now present.
- Research is indicated that addresses particular system equipment needs. First among the list is the potential value of modular universal EHV transformers to support rapid grid recovery.
- Research is indicated into the equipment and technology required for, and the steps involved to, transition to an intelligent, adaptive power grid.
There is much greater detail and substance provided in Chapter 6 of the referenced report. The unfortunate black out this past month has drawn important attention to this area of critical infrastructure need. We at the Academies are delighted that we can continue to contribute to the effective resolution of these issues.
Thank you for inviting me today and for your attention in holding these hearings. I will be happy to respond to your questions.
|Join the GlobalSecurity.org mailing list|