The Energy Department’s Office of Inspector General has issued a report concluding the Federal Energy Regulatory Commission failed to adequately protect the security of electric grid vulnerability analyses to prevent them falling into the wrong hands.
“Our review revealed that the commission’s controls, processes and procedures for protecting non-public information were severely lacking,” DOE Inspector General Gregory Friedman said in a report issued Jan. 30. “Specifically, we found that staff inconsistently handled and shared commission-created analyses that identified vulnerability of the nation’s electric grid without ensuring that the data was adequately evaluated for sensitivity and classification.”
The inspector general’s report, “Review of Controls for Protecting Non-Public Information at the Federal Energy Regulatory Commission,” follows a management alert issued by Friedman in April 2014 that ordered FERC Chairman Cheryl LaFleur to take immediate steps to protect national security information pertaining to the bulk power system, which in some cases includes hydroelectric facilities.
Investigation of the alleged leak of FERC modeling studies exposing power grid vulnerabilities is the result of an article published in March 2014 by the Wall Street Journal that included some details of such FERC modeling. The Senate Energy Committee chairman and FERC’s designated ethics official requested the inspector general’s investigation.
“The immediate issue with regard to making the electric grid simulation public appears to have been addressed,” the report said. “However, the matter regarding protection and sharing of sensitive commission information in the future has not. Striking a balance between information sharing and protecting non-public information that could adversely affect national security continues to pose a major management challenge for the commission.”
While there appear to be a number of FERC sanctions available for unauthorized exposure of strictly classified information, the inspector general said that is not the case for information considered to be merely sensitive. It said commission staff should develop a comprehensive program to ensure that sensitive and restricted information is adequately protected.
The inspector general said the investigation found differences of opinion between FERC staff and then-Chairman Jon Wellinghoff as to the sensitive nature of the FERC-created grid vulnerability models. The report said commission staff said the grid analyses were created with no expectation they would be shared with outside entities. However, it said, Wellinghoff made the decision to share the analyses with industry and external federal officials because they were compiled from public information and so that corrective measures could be taken to improve security at grid substations.
An ironic aspect of the report states that Energy Department classification officials tended to discredit the validity of the FERC hypothetical grid failure analyses. The officials found that a so-called perfect storm of circumstances would have to occur to bring catastrophic consequences to the grid.
“Even with these highly unlikely assumptions, loss of the critical substations cause the formation of islands of power within the interconnect for an unspecified length of time, not total power loss,” the classification officials concluded. “Given this and that achieving the results in the analysis requires the unlikely loss of several safety systems at the time of highest power demand, loss of the critical substations identified in the analysis would not result in the consequence described in the analysis or any other consequence that could be reasonably expected to result in damage to national security.”
The inspector general concluded FERC must develop a comprehensive program to protect sensitive information, balancing the needs of industry to have access to such information while protecting it from would-be adversaries.
Friedman recommended FERC ensure:
- commission employees are properly trained about sensitive information and have necessary security clearances;
- critical energy infrastructure information policies are current, disseminated and properly implemented;
- FERC and DOE understand their roles in information classification; and
- FERC seeks specific authority to protect commission-developed documents as necessary.
The inspector general said FERC management concurred with his recommendations and indicated corrective actions were being implemented. In response to the April management alert, FERC modified its ethics training and security training. Additionally, FERC officials are meeting with DOE classification officials to discuss their respective responsibilities in classification of commission-created information.
“We are dedicated to learning from this experience and strengthening our processes going forward,” LaFleur said in a letter of response.
FERC issued rules in November approving, with modifications, a power system physical security reliability standard submitted by the North American Electric Reliability Corp. Last year it also held technical conferences on Critical Infrastructure Protection issues and reliability of the bulk power system.
The inspector general’s report may be obtained from the agency’s Internet site under http://energy.gov/sites/prod/files/2015/02/f19/DOE-IG-0933.pdf.