When I joined the Pentagon in 2009 as assistant secretary of defense for Homeland Defense and Americas’ Security Affairs, I received a rude awakening. The Defense Science Board had just issued a study — “More Fight, Less Fuel” — that found “military installations are almost completely dependent on a fragile and vulnerable power grid, placing critical military and homeland defense missions at unacceptable risk of extended outage.”
Since that time, power companies have partnered with the Department of Energy to make enormous progress in strengthening grid resilience. But this is no time to pat ourselves on the back. Adversary capabilities have improved at least as quickly. Our enemies are seeking to embed increasingly sophisticated malware on grid networks, preparing the battlefield so they can strike at any moment they choose.
Two months ago, the Department of Homeland Security warned that Russia has a campaign underway to compromise energy infrastructure and threaten the “safety, security, and economic well-being of the United States.” Grid owners and operators must continue ramping up protection measures to stay ahead of this intensifying threat.
Yet, the more that power companies strengthen the resilience of their systems, the greater the danger that adversaries create catastrophic blackouts indirectly — that is, by attacking the flow of fuel on which power generation depends. Nuclear power plants have sufficient fuel stored on-site to operate for months. However, in many regions of the United States, natural gas-fired generators provide the predominant source of power. If adversaries can disrupt the flow of that gas, the resulting loss of power could have devastating effects on U.S. national security.
The vulnerability of natural gas infrastructure is of growing concern to members of the Federal Energy Regulatory Commission. Earlier this month, Commissioners Neil Chatterjee and Richard Glick concluded that given the “the growing cyber security threat to gas pipelines,” regulators should develop and impose mandatory cybersecurity standards on natural gas systems, equivalent to those that already help strengthen the resilience of the electric grid. Combined with additional voluntary measures, such standards could help reduce the risk that adversaries will maneuver around the grid’s increasingly stringent defenses, and attack gas systems as a means to disrupt electric service.
Two other initiatives could also help defeat fuel-based attacks on the grid.
—First, power companies and natural gas system operators need a more detailed, government-provided assessment of the threats they face. A range of federal agencies have information sharing mechanisms to support the energy sector.
However, a number of electric companies emphasize that they lack the classified information they need to assess fully the cyber threats to their own systems and to the gas infrastructure on which they depend. The Department of Energy and FERC should consider providing gas and electric companies with a design basis threat — that is, an assessment of the scale and severity of the cyber and physical threats their systems must be able to survive.
Nuclear power plants already benefit from such government-provided guidance to help harden their systems against attack. An equivalent design basis threat for the energy sector could help infrastructure owners and operators assess their vulnerabilities to attack and develop measures to fill the gaps they identify.
—Second, FERC and the Department of Energy should take steps to halt the premature retirement of nuclear power plants. Energy market prices must reflect all costs of production, and should compensate nuclear plants for the resilience and environmental benefits they bring to customers. FERC should immediately order the regional markets to update their pricing rules to reflect these considerations. FERC should also defend states’ fundamental rights to protect their citizens from pollution by adopting state clean energy standards.
Furthermore, I strongly believe that the cost of carbon pollution must be reflected in markets, and support federal, state and regional efforts to do just that.
With the recently announced early closures of nuclear power plants, the risks to U.S. grid resilience are only increasing. We just passed the one-year anniversary of the announcement to close Three Mile Island prematurely in the fall of 2019. Compounded with FirstEnergy’s recent announcement of its three planned closures, these four early retirements may negate about a quarter-century of progress in renewable generation, increasing carbon emissions by nearly 21 million metric tons annually.
Our country’s energy mix of diverse fuel sources was built not only as an economic solution but also as a strategic national security imperative. If we let market forces — which do not factor in security, let alone the low-carbon choices — determine the reliability and resilience of our grid, we are unnecessarily putting our economy, national security, and public health and safety at risk.