Former FERC Chief Jon Wellinghoff Speaks Out on Grid Security and Distributed Generation

In a previous article, I had a conversation with former-CIA chief Jim Woolsey to discuss one of America’s greatest national security vulnerabilities, its power grid. The issues that Woolsey has been concerned with for over a decade has been the ease in which a terrorist group or other actor (think North Korea for example) could attack the grid and plunge the country into darkness for months, if not years. And if that seems far-fetched, just recall how a tree limb fell in Ohio in 2003 and blacked out the entire Northeast and part of Canada for several days.

Woolsey describes several scenarios of how the grid could be taken down for an extended period of time by anyone with the means and the will to do the nation, and the world, great harm. His focus was on EMP, or electromagnetic pulse. That’s part of the radiation blast emitting from a nuclear detonation, and it has the effect of rendering all forms of electrical devices useless. Radio, televisions, telephones, and, yes, power stations would all essentially fry from the inside out if exposed to such an event. Permanently.

Still seemed far-fetched? It really isn’t. A very small and unsophisticated nuclear device (which is or could be in the possession of many American foes) could be attached to a weather balloon launched from a boat in the Gulf of Mexico or off of California and floated to the county’s mid-continent where its detonation would have the greatest effect. America would literally go dark. No phones. No money. No heat. No running water. No medicine. No police. Just darkness.

Congressional studies quoted by Woolsey estimate that two-thirds of the population would die of starvation, disease, exposure or violence related to social breakdown in the first twelve months alone.

And to make matters worse, we would never even know what hit us, because we would have no means to investigate, to say nothing of respond. Just darkness.

Other methods of getting at the power grid include cyber-attack or a coordinated set of bombings (with conventional explosives similar to the Oklahoma City in 1995) aimed at the regional nodes, or major substations that interlock the nation’s grid.

And here is where we pick up the story with my next discussion with Jon Wellinghoff, the former Commissioner of the Federal Energy Regulatory Commission (FERC). Wellinghoff has also been sounding the alarm for years about this vulnerability. But he has a slightly different take on how to secure the grid. While many analysts point to the few billion or so it would take to protect the grid from attack, Wellinghoff equates that to building a wall, which will only lead to potential attacks designing higher ladders.

Commissioner Wellinghoff believes the true answer to grid security is to fundamentally realign the system from one that relies on a few nodes (probably less than a dozen), which are all critical for the grid to operate, to a national system of ‘distributed grids’; hundreds of smaller ones, which of course could be attacked individually through conventional or nuclear or cyber means, but none of which could topple the entire system if it went down.

What follows is our discussion that covered political leadership, new incentives and renewable energy sources that could advance the cause of distributed energy and lead to a safer (and cleaner) future for us all.

Q: What is the state of grid security today? How safe are we from either a cyber or physical attack?

Wellinghoff: I think we are in a very tenuous security situation, mainly because of the way the grid is configured.  It is currently set up in such a way that requires central station generation, which is then distributed through nodes of high voltage substations and then sent out to load centers. This centralized distribution system presents an array of vulnerabilities from a cyber and physical security standpoint.

Q. What are some of those vulnerabilities?

W: These specific high-voltage sub-station nodes. If they are attacked in some way, be it by cyber, electromagnetic pulse or conventional bombing for instance, it can have a destabilizing effect for the entire grid.

Q. What exactly is a node and how can it be attacked?

W: A node is one of a number of high-voltage substations, which are contained within the three main interconnects making up the North American power grid; the Texas, Eastern and Western interconnects. The nodes are sort of a gathering point inside the interconnects where more than one power generation source feeds into, which is then distributed out to load centers. These particular nodes, if they are knocked out by either a physical or a cyber attack, could have a major destabilizing effect on the entire grid system. Repairing these nodes has a long lead time due to their highly customized designs. So if there are multiple node outages it could be many weeks or months till the system is back to normal. By then, the country could be in chaos.

Q. So how do we protect these nodes?

W: Well, there is only so much you can do. We could physically protect these nodes by beefing up security around them, but they’ll never be totally safe from a physical or cyber attack. It is sort of like building a firewall to keep out hackers. Eventually, the hackers will figure out how to get through, forcing you to build a higher firewall. It never ends. What we need to do is to move toward from this kind of thinking.

Q. So what’s the solution here?

W: We need change the way the grid works, not just build higher and higher walls around these nodes. This can be done by shifting from a centralized to a distributed grid architecture in which power generation is dispersed along the grid.

Q. By that you mean distributed generation?

W: That’s right. Distributed generation.


Q. Can you explain what distributed generation is and how can it make the grid safer?

W: Distributed generation is about moving power generation to within the load centers as opposed to power sources being remotely located from the load centers. This breaks up the centralized node architecture currently in place and disperses the generation across the grid forming micro and sub-regional grids. So if there is an attack on a node it won’t take down that whole area of the grid because there would be those sub-regional and micro-grids that could island themselves within those areas. So we need to look at a different grid architecture and recognize and value the sort of support and security that can be provided by distributed generation.

Q. Can you give me an example of what a distributed grid might look like and how it would be powered?

W: A distributed grid can be powered by a variety of methods — from co-generators of natural gas to wind turbines to solar installations on your home. The key is that they are located within that particular sub-region and can run even if the there is some cascading failure throughout the main grid. Solar is a good example. If everyone had solar panels on their respective roofs then we could adequately disperse power generation in such a way that it makes nodes practically irrelevant. It is easy to hack into a node and cause it to malfunction but it is basically impossible to hack 10 million solar power systems.

Q. This seems like a multi-decade effort, right? In the meantime, the grid remains pretty exposed to attack by either cyber or conventional means. So is there something that can be done now to protect the grid?

W: How quickly we get to a distributed grid depends on how quickly we recognize the value of moving there. But you’re right, it will take some time so the government and the utilities should work together in the interim to ensure the safety of the grid. Such safety measures can range from instead of putting up a chain-link fence, erecting a simple concrete block wall, to placing ballistic resistant material around sensitive facilities. Conventional threats are always evolving, which makes protecting the grid as it is today very difficult. Just think about it, a person can now buy ten self-flying drones off eBay EBAY +1.42%, load them up with explosives and have them dive bomb on to critical power nodes. Such a threat didn’t exist five years ago.

Q. What can people do to protect themselves?

W: People are beginning to understand that they need their own onsite capabilities to island themselves from the grid. That’s because the grid’s external vulnerabilities will continue to be a problem until we do have substantial amounts of distributed generation. I have a solar photovoltaic system that provides 100 percent of my power needs. I am looking into how I can island myself off the grid. But it is not just me, the military is moving toward micro-grids at all of their bases because they understand the vulnerability of those bases to outages.

Q. So how come the government and the utility industry isn’t doing more to encourage distributed generation?

W: There were a number of pieces of legislation at one time proposed that would have granted FERC additional authority to mitigate known threats and vulnerabilities to the grid system but that legislation never got anywhere.

Q. And why is that?

W: Politics. The utility industry isn’t incentivized to encourage distributed generation so they tend to oppose any changes to the status quo. FERC has been blocked from enacting stronger standards because they have to accept the standards as written by the North American Electricity Reliability Corporation (NERC), which is controlled by the utility industry. I testified many times that I didn’t care if the authority was given to FERC, to Homeland Security, the Department of Energy or some other agency. It didn’t matter to me; we just needed a national mandate for stronger standards. Regardless of that there was never an adequate compromise reached between the congressional sponsors of the legislation, the FERC and the utility industry.

Q. Why are the utilities so hostile to change here?

W: The distributed model scares the utilities because it is new and places more control in the hands of the general population. That’s the response of a legacy industry that is very conservative and tends to look back instead of forward. The natural tendency of these utilities is to invest in security and improvements surrounding the plants they control as opposed to valuing the sort of investments consumers would make, like distributed generation. But, as I explained before, there is only so much that can be done to protect the grid based on its current architecture.

Q. So where do we go from here?

W: The key is valuing distributed resources more appropriately. That way we could move more quickly to the distributed sub-regional and supportable system that won’t be vulnerable to attack. We have the ability to structure a market system for the grid that could make it more reliable and safer using distributed generation. We just need to get the government and the utilities on board as soon as possible.

In Wellinghoff’s view, protecting our centralized grid from all forms of attack — from bombings to EMP to cyber — is a never ending journey. We should of course do what we can for now, but the best use of resources is to reconfigure the grid, to change it from a centralized Goliath that can be downed with a single rock to hundreds of smaller grids. These could have thousands or even millions of generation sources attached to them, thanks to rooftop solar, micro-nuclear plants and other innovations in the field.

Ideally, the money we would spend building higher walls, according to Wellinghoff, should be spent incentivizing consumers and generators to invest in these technologies and grid companies to adapt the national infrastructure around them. Only this can ultimately lead us to a safer (and cleaner) place.

This article was originally published on Forbes and was republished with permission.

Lead image: Transmission lines via Shutterstock

Did You Like this Article? Get All the Energy Industry News Delivered to Your Inbox

Subscribe to an email newsletter today at no cost and receive the latest news and information.

 Subscribe Now


Logistics Risk Management in the Transformer Industry

Transformers often are shipped thousands of miles, involving multiple handoffs,and more than a do...

Secrets of Barco UniSee Mount Revealed

Last year Barco introduced UniSee, a revolutionary large-scale visualization platform designed to...

The Time is Right for Optimum Reliability: Capital-Intensive Industries and Asset Performance Management

Imagine a plant that is no longer at risk of a random shutdown. Imagine not worrying about losing...

Going Digital: The New Normal in Oil & Gas

In this whitepaper you will learn how Keystone Engineering, ONGC, and Saipem are using software t...

Latest PennEnergy Jobs

PennEnergy Oil & Gas Jobs