Lawmakers are livid because of a FERC leak of sensitive information about vulnerabilities in the electric grid to the Wall Street Journal last month. The article noted that a coordinated attack on nine key -- but unnamed -- substations could cause a bicoastal blackout of weeks, even months.
The acting head of FERC called publishing the story "highly irresponsible." The chairwoman of the Senate Intelligence Committee is alarmed. The chairwoman and ranking member of the Senate Energy and Natural Resources Committee have called for an investigation.
"It doesn't take a rocket scientist to piece it together and figure out how you could really debilitate the system. We should not be providing a roadmap. We're already vulnerable enough in so many different ways," Sen. Lisa Murkowski, R-Alaska, the Energy Committee's top Republican, told the Washington Examiner.
It's not that the potential for such a calamity wasn't known before. That possibility was aired at least 30 years ago, and anyone with an in-depth knowledge of electric grid security likely was aware of it. But the story, coupled with an April 2013 attack at the Metcalf substation outside San Jose, Calif., is putting a spotlight on vulnerabilities that lawmakers say pose a security risk.
The California attack by gunmen already had brought fresh congressional attention to grid security, and the Wall Street Journal story added to the fervor. FERC is developing baseline standards so that some of the potentially less guarded facilities -- such as those in rural locations -- have at least minimum protections.
Sen. Jeff Flake, R-Ariz., said such actions are a good first step. But he said it's not possible to guard against "every eventuality" and ruled out a legislative fix.
"You can never protect against every attempt. Just do the best that you can. I'm confident we're doing everything that we need to do on the big stuff," Flake told the Examiner.
Despite Flake's dismissal, the legislative attention to physical — and cyber — grid security has been "rejuvenated" by the article and the Metcalf attack, said Dan Reuckert, associate vice president of management consulting firm Black & Veatch's security and compliance practice.
Grid security will get an airing at a forthcoming Senate Energy Committee hearing on energy infrastructure, said Matthew Lehner, a spokesman for Sen. Mary Landrieu, D-La., chairwoman of the panel.
The real value in the legislation is that it restarts a discussion about "that balance to say how much do you regulate versus self-govern," Reuckert said. For the most part, though, substations and critical infrastructure in urban areas are already well-protected, he said.
Patrick Miller, an electric grid security expert and managing partner with the Anfield Group, said the congressional focus on physical security is a distraction from cybersecurity, which is a bigger concern in the electric utility industry.
"I think diverting resources to prevention of physical attacks is probably not the best approach," Miller said. "Sometimes I just kind of shrug and sigh about these things because the ability to spend lots and lots of money to barely move the needle certainly exists."
Murkowski agreed. She said the key is not to be too reactionary: Using the rear-view mirror is not a good strategy when you're already speeding ahead.
"If we just focus today on protecting the threat that we saw, for instance, at Metcalf, and how are we going to make sure we don't have gunshots fired at a transmission facility, it's kind of like TSA just checking our shoes for a bomb," she said.