In the wake of an attack last year on an electric substation in California, four U.S. Senators have written a letter to the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation, urging them to adopt mandatory standards for physical security at electric power facilities. During the attack, unidentified gunmen disabled 17 transformers by firing shots from a high-powered rifle through a fence surrounding the facility. Calling the incident a “wake-up call” to the risks of physical attacks on the grid, the lawmakers expressed concern that current voluntary measures may be insufficient to minimize the risks of such attacks in the future.
The California incident has drawn attention to potential vulnerabilities in the nation’s energy infrastructure more generally. By agreement, the U.S. Department of Transportation (DOT) and the Transportation Security Administration (TSA) share responsibility for regulating the security of pipeline facilities. While DOT regulations specify baseline security measures only for LNG and hazardous liquid pipeline facilities, see 49 C.F.R. Part 193, Subpart J (requiring, among other things, that LNG plants have written security procedures, protective enclosures for certain facilities, monitoring, lighting, and means for security communications); 49 C.F.R. Part 195.436 (requiring operators of hazardous liquid pipeline facilities to provide protection for pumping stations, breakout tank areas, and other exposed facilities from vandalism and unauthorized entry), TSA’s pipeline security guidelines recommend additional security measures for all types of pipeline facilities and associated cyber assets. Critical infrastructure cybersecurity was also the topic of an Executive Order and Presidential Policy Directive issued last year and the subject of a previous post.
In the above letter, the lawmakers requested a response from FERC and NERC by March 3, 2014.