http://onforb.

es/16dv5Hm

Chip Register Contributor

Discussing the Centennial Moment in the capital and commodity markets
Opinions expressed by Forbes Contributors are their own.

ENERGY 2/03/2015 @ 9:44AM 1,730 views

Former FERC Chief Jon

Wellinghoff Speaks Out on Grid
Security and Distributed
Generation
Comment Now

In a previous article on Forbes, I had a conversation with former-CIA chief

Jim Woolsey to discuss one of America’s greatest national security
vulnerabilities, its power grid. The issues that Woolsey has been concerned
with for over a decade has been the ease in which a terrorist group or other
actor (think North Korea for example) could attack the grid and plunge the
country into darkness for months, if not years. And if that seems far-fetched,
just recall how a tree limb fell in Ohio in 2003 and blacked out the entire
Northeast and part of Canada for several days.
Woolsey describes several scenarios of how the grid could be taken down for
an extended period of time by anyone with the means and the will to do the
nation, and the world, great harm. His focus was on EMP, or
electromagnetic pulse. That’s part of the radiation blast emitting from a
nuclear detonation, and it has the effect of rendering all forms of electrical
devices useless. Radio, televisions, telephones, and, yes, power stations
would all essentially fry from the inside out if exposed to such an event.
Permanently.

Still seemed far-fetched? It really isn’t. A very small and unsophisticated

nuclear device (which is or could be in the possession of many American
foes) could be attached to a weather balloon launched from a boat in the Gulf
of Mexico or off of California and floated to the county’s mid-continent
where its detonation would have the greatest effect. America would literally
go dark. No phones. No money. No heat. No running water. No medicine. No
police. Just darkness.

Congressional studies quoted by Woolsey estimate that two-thirds of the

population would die of starvation, disease, exposure or violence related to
social breakdown in the first twelve months alone.

And to make matters worse, we would never even know what hit us, because
we would have no means to investigate, to say nothing of respond. Just
darkness.
Other methods of getting at the power grid include cyber-attack or a
coordinated set of bombings (with conventional explosives similar to the
Oklahoma City in 1995) aimed at the regional nodes, or major substations
that interlock the nation’s grid.

And here is where we pick up the story with my next discussion with Jon
Wellinghoff, the former Commissioner of the Federal Energy Regulatory
Commission (FERC). Wellinghoff has also been sounding the alarm for years
about this vulnerability. But he has a slightly different take on how to secure
the grid. While many analysts point to the few billion or so it would take to
protect the grid from attack, Wellinghoff equates that to building a wall,
which will only lead to potential attacks designing higher ladders.

Commissioner Wellinghoff believes the true answer to grid security is to

fundamentally realign the system from one that relies on a few nodes
(probably less than a dozen), which are all critical for the grid to operate, to a
national system of ‘distributed grids’; hundreds of smaller ones, which of
course could be attacked individually through conventional or nuclear or
cyber means, but none of which could topple the entire system if it went
down.

What follows is our discussion that covered political leadership, new

incentives and renewable energy sources that could advance the cause of
distributed energy and lead to a safer (and cleaner) future for us all.
What is the state of grid security today? How safe are we from
either a cyber or physical attack?

I think we are in a very tenuous security situation, mainly because of the way
the grid is configured.  It is currently set up in such a way that requires
central station generation, which is then distributed through nodes of high
voltage substations and then sent out to load centers. This centralized
distribution system presents an array of vulnerabilities from a cyber and
physical security standpoint.

What are some of those vulnerabilities?

These specific high-voltage sub-station nodes. If they are attacked in some

way, be it by cyber, electromagnetic pulse or conventional bombing for
instance, it can have a destabilizing effect for the entire grid.

What exactly is a node and how can it be attacked?

A node is one of a number of high-voltage substations, which are contained

within the three main interconnects making up the North American power
grid; the Texas, Eastern and Western interconnects. The nodes are sort of a
gathering point inside the interconnects where more than one power
generation source feeds into, which is then distributed out to load centers.
These particular nodes, if they are knocked out by either a physical or a
cyber attack, could have a major destabilizing effect on the entire grid
system. Repairing these nodes has a long lead time due to their highly
customized designs. So if there are multiple node outages it could be many
weeks or months till the system is back to normal. By then, the country could
be in chaos.

So how do we protect these nodes?

Well, there is only so much you can do. We could physically protect these
nodes by beefing up security around them, but they’ll never be totally safe
from a physical or cyber attack. It is sort of like building a firewall to keep
out hackers. Eventually, the hackers will figure out how to get through,
forcing you to build a higher firewall. It never ends. What we need to do is to
move toward from this kind of thinking.

So what’s the solution here?

We need change the way the grid works, not just build higher and higher
walls around these nodes. This can be done by shifting from a centralized to
a distributed grid architecture in which power generation is dispersed along
the grid.

By that you mean distributed generation?

That’s right. Distributed generation.

Can you explain what distributed generation is and how can it
make the grid safer?
Distributed generation is about moving power generation to within the load
centers as opposed to power sources being remotely located from the load
centers. This breaks up the centralized node architecture currently in place
and disperses the generation across the grid forming micro and sub-regional
grids. So if there is an attack on a node it won’t take down that whole area of
the grid because there would be those sub-regional and micro-grids that
could island themselves within those areas. So we need to look at a different
grid architecture and recognize and value the sort of support and security
that can be provided by distributed generation.

Can you give me an example of what a distributed grid might look
like and how it would be powered? 

A distributed grid can be powered by a variety of methods – from co-

generators of natural gas to wind turbines to solar installations on your
home. The key is that they are located within that particular sub-region and
can run even if the there is some cascading failure throughout the main grid.
Solar is a good example. If everyone had solar panels on their respective
roofs then we could adequately disperse power generation in such a way that
it makes nodes practically irrelevant. It is easy to hack into a node and cause
it to malfunction but it is basically impossible to hack 10 million solar power
systems.

This seems like a multi­decade effort, right? In the meantime, the
grid remains pretty exposed to attack by either cyber or
conventional means. So is there something that can be done now
to protect the grid?

How quickly we get to a distributed grid depends on how quickly we

recognize the value of moving there. But you’re right, it will take some time
so the government and the utilities should work together in the interim to
ensure the safety of the grid. Such safety measures can range from instead of
putting up a chain-link fence, erecting a simple concrete block wall, to
placing ballistic resistant material around sensitive facilities. Conventional
threats are always evolving, which makes protecting the grid as it is today
very difficult. Just think about it, a person can now buy ten self-flying drones
off eBay, load them up with explosives and have them dive bomb on to
critical power nodes. Such a threat didn’t exist five years ago.

What can people do to protect themselves?

People are beginning to understand that they need their own onsite
capabilities to island themselves from the grid. That’s because the grid’s
external vulnerabilities will continue to be a problem until we do have
substantial amounts of distributed generation. I have a solar photovoltaic
system that provides 100% of my power needs. I am looking into how I can
island myself off the grid. But it is not just me, the military is moving toward
micro-grids at all of their bases because they understand the vulnerability of
those bases to outages.

So how come the government and the utility industry isn’t doing
more to encourage distributed generation?
There were a number of pieces of legislation at one time proposed that
would have granted FERC additional authority to mitigate known threats
and vulnerabilities to the grid system but that legislation never got
anywhere.

And why is that?

Politics. The utility industry isn’t incentivized to encourage distributed

generation so they tend to oppose any changes to the status quo. FERC has
been blocked from enacting stronger standards because they have to accept
the standards as written by the North American Electricity Reliability
Corporation (NERC), which is controlled by the utility industry. I testified
many times that I didn’t care if the authority was given to FERC, to
Homeland Security, the Department of Energy or some other agency. It
didn’t matter to me; we just needed a national mandate for stronger
standards. Regardless of that there was never an adequate compromise
reached between the congressional sponsors of the legislation, the FERC and
the utility industry.

Why are the utilities so hostile to change here?

The distributed model scares the utilities because it is new and places more
control in the hands of the general population. That’s the response of a
legacy industry that is very conservative and tends to look back instead of
forward. The natural tendency of these utilities is to invest in security and
improvements surrounding the plants they control as opposed to valuing the
sort of investments consumers would make, like distributed generation. But,
as I explained before, there is only so much that can be done to protect the
grid based on its current architecture.

So where do we go from here?

The key is valuing distributed resources more appropriately. That way we

could move more quickly to the distributed sub-regional and supportable
system that won’t be vulnerable to attack. We have the ability to structure a
market system for the grid that could make it more reliable and safer using
distributed generation. We just need to get the government and the utilities
on board as soon as possible.

In Wellinghoff’s view, protecting our centralized grid from all forms of attack
– from bombings to EMP to cyber – is a never ending journey. We should of
course do what we can for now, but the best use of resources is to
reconfigure the grid, to change it from a centralized Goliath that can be
downed with a single rock to hundreds of smaller grids. These could have
thousands or even millions of generation sources attached to them, thanks to
rooftop solar, micro-nuclear plants and other innovations in the field.

Ideally, the money we would spend building higher walls, according to

Wellinghoff, should be spent incentivizing consumers and generators to
invest in these technologies and grid companies to adapt the national
infrastructure around them. Only this can ultimately lead us to a safer (and
cleaner) place.

This article is available online at: http://onforb.es/16dv5Hm 2015 Forbes.com LLC™   All Rights Reserved