Electric Grid Physical Security: Recent Legislation

This report briefly discusses legislative initiatives to address the physical safety of electrical transformers and 0other parts of the U.S. electric grid which are vulnerable to damage from theft, vandalism, or terrorist attacks.

CRS INSIGHT Electric Grid Physical Security: Recent Legislation January 6, 2016 (IN10425) | Related Author Paul W. Parfomak | Paul W. Parfomak, Specialist in Energy and Infrastructure Policy (pparfomak@crs.loc.gov, 7-0030) Introduction The U.S. electric grid consists of over 200,000 miles of high voltage transmission lines and hundreds of high voltage (HV) transformer substations. Due to their size and location these critical assets—especially the transformers—are vulnerable to physical damage from theft, vandalism, or terrorist attack. The Fixing America's Surface Transportation (FAST) Act (P.L. 114-94), which became law on December 4, 2015, contains provisions to facilitate recovery during electric grid emergencies due to physical damage and other causes. A Senate bill (S. 2012) could also expand efforts to protect the grid from physical threats. The vulnerability of the electric grid to natural events or malicious acts has been a long-standing policy concern. A particular focus has been on HV transformers. Such transformers are very difficult to restore when damaged because they can take over a year to manufacture and are hard to move. Over the years, the utility industry and government agencies have engaged in ever greater efforts to secure HV transformers and other grid assets from physical attack and to improve grid recovery should an attack succeed. These efforts include coordination and information sharing, voluntary spare equipment programs, industry security standards, and large-scale security exercises. (For further discussion, see CRS Report R43604, Physical Security of the U.S. Power Grid: High-Voltage Transformer Substations, by Paul W. Parfomak.) In November 2014, the Federal Energy Regulatory Commission (FERC) approved a new mandatory Physical Security Reliability Standard (CIP-014-1) for industry "to address physical security risks and vulnerabilities related to the reliable operation" of the power grid by performing risk assessments to identify their critical facilities, evaluate potential threats and vulnerabilities, and implement security plans to protect against attacks. While viewed by many as an important step in improving grid security, some in Congress have advocated additional measures to facilitate grid recovery in an emergency. The Department of Energy's (DOE) 2015 Quadrennial Energy Review also recommended a DOE-led effort to develop a critical HV transformer reserve as a source of emergency spares in the event of natural disaster or physical attack. FAST Act Grid Security Provisions The FAST Act contains two sections explicitly expanding federal efforts to prevent or recover from a physical attack or another emergency on the U.S. electric grid. (Similar language was in the North American Energy Security and Infrastructure Act of 2015 (H.R. 8) which previously passed in the House.) Critical Electric Infrastructure Security (§1104). This section provides the Secretary of Energy additional authority to order emergency measures to protect or restore the reliability of critical electric infrastructure or of defense critical electric infrastructure during a grid security emergency. The identification of such an emergency would be made by written notice from the President with a concurrent notification to Congress. This section would allow grid owners to recover prudent costs incurred under such emergency measures through rates regulated by the Federal Energy Regulatory Commission. The section would also increase protection of critical electric infrastructure information, among other provisions. Strategic Transformer Reserve (§1105). This section requires the Secretary of Energy—in consultation with other agencies, the military, and the utility industry—to submit to Congress within one year a plan for a Strategic Transformer Reserve. The reserve would store in strategic locations spare large power transformers and mobile substations in sufficient numbers to temporarily replace critical large power transformers damaged due to intentional attack or destructive natural events. This section would authorize the Secretary to establish the reserve six months after submitting the plan to Congress. Energy Policy Modernization Act of 2015 Congress is considering additional proposals to increase the physical security of the electric grid. In particular, the Energy Policy Modernization Act of 2015 (S. 2012), which was reported by the Senate Committee on Energy and Natural Resources last September, includes two sections primarily directed at electric grid cybersecurity but with potential effects on physical asset protection or recovery. Cybersecurity Threats (§2001). This section would provide the Secretary of Energy additional authority to order emergency measures to avert or mitigate a cybersecurity threat upon receiving notice from the President that such a threat exists. The President would provide written notice to the Secretary and Congress of such a threat as soon as practicable. Notably, this section would allow grid owners to recover prudent costs incurred under such emergency measures through rates regulated by FERC. The section would also increase protection of critical electric infrastructure information, including information about critical assets and physical vulnerability. Such information presumably could include asset criticality and vulnerability analysis, engineering diagrams, and physical security plans. Enhanced Grid Security (§2002). This section would designate the Department of Energy as the lead Sector-Specific Agency under Presidential Policy Directive 21 for energy sector cybersecurity. Among other mandates, the bill would require DOE to develop a program for modeling and assessing energy infrastructure risks in the face of natural and human-made threats (both cyber and physical). The bill would also require DOE to explore alternative structures and funding mechanisms to expand industry participation in the Electricity Sector Information Sharing and Analysis Center (ES-ISAC), a secure forum for sharing information about grid vulnerabilities and threats of any kind.