The threat of a malicious cyberattack on natural gas pipelines emerged Friday as a theme in the Trump administration’s working plan to toss a lifeline to coal and nuclear power plants.
The idea that a blackout caused by a fuel shortage could shut down a U.S. military base or disrupt the banking sector justifies a federal directive forcing grid operators to keep running coal and nuclear plants widely expected to close because they’re expensive and unprofitable, according to a draft policy memo from the Department of Energy.
The distributed nature of gas infrastructure — from thousands of miles of pipelines to remote compressor stations — makes the sector "difficult to protect," the memo concluded. Under the DOE plan, the federal government would ensure fuel supplies are available if a gas pipeline is taken offline by ordering grid operators such as PJM Interconnection to buy power or future commitments from coal and nuclear plants, which have on-site fuel.
Security experts broadly agree that natural gas infrastructure faces threats from hackers and terrorists. But the severity of those dangers is up for debate.
Since the memo’s release Friday, ahead of a White House National Security Council meeting, critics have questioned whether DOE’s plan is the best way of addressing threats from sophisticated state actors like Russia or Iran, or whether the threat is being used to achieve one of President Trump’s political goals: help for coal-burning utilities and coal-mining communities whose voters helped put him in office. Coal industry CEOs and top Republican donors, including Joe Craft of Alliance Resource Partners and Robert Murray of Murray Energy Co., have urged Trump to intervene in the electricity markets to support coal against cheaper natural gas and renewable energy (Energywire, Aug. 23, 2017).
The DOE draft plan to use a combination of the 1950 Defense Production Act and the Federal Power Act to intervene in power markets has already driven a new wedge into the U.S. energy sector. Coal interests praised the plan. But a coalition of natural gas, oil, renewable power, competitive market proponents and environmental groups lined up against it Friday, as they were when Energy Secretary Rick Perry last year pressed the Federal Energy Regulatory Commission to earmark financial support to "baseload" coal and nuclear plants.
New to the debate are the cyber and physical risks to gas infrastructure.
Could a cyber or physical attack "result in more substantial disruptions" than the polar vortex in 2014, when cold weather and gas fuel supply issues caused 35,000 megawatts of power outages across Texas and the eastern United States, as DOE claims? Or are the "multi-point attacks" featured in the plan too rare or technically infeasible to merit an unprecedented federal intervention in U.S. electricity markets?
Defining the threat
The DOE memo references the "inextricable interdependency" between natural gas and electricity generation, noting that it "presents a serious vulnerability to the grid, and therefore, our national security."
The still-unsolved sniper attack on the Metcalf substation outside San Jose, Calif., in 2013 accelerated a FERC examination of grid substations where outages could cause large, cascading blackouts. FERC regulations following the Metcalf attack require grid operators to identify and protect certain substations.
Meanwhile, the rail industry that supplies coal-fired power plants has had to contend with its own terrorist threats in recent years, according to documents obtained under the Freedom of Information Act. Foreign terrorist groups have discussed using "sticky bombs" to target freight rail cars hauling hazardous materials, according to the FBI. Domestic environmental extremist groups could also seek to disrupt fossil fuels traffic, through physical or cyber means, law enforcement officials warn.
"[DOE is] ignoring the coal pipeline that’s called a railroad," said energy consultant Alison Silverstein, who led the research project that was the basis for Perry’s "baseload" proposal last year, though she did not author its conclusions.
"It is just as easy for a terrorist to take down a railroad [line] as it is to take down a pipeline," and a pipeline break can be repaired faster than a railroad bridge, she said. "Everyone is equally vulnerable," she added. "There is no magic there."
In late March, hackers struck a natural gas service provider, cutting off major pipeline companies from online billing, scheduling and document-sharing resources (Energywire, April 6).
The cyberattack on Massachusetts-based Energy Services Group never affected the flow of gas, as energy companies reverted to email or backup software for affected services. But the case highlighted the growing threat to natural gas utilities as they automate and connect certain operations, improving efficiency but potentially opening up new pathways for hackers.
Intelligence officials have warned for years of advanced, persistent hacking campaigns aimed at prying into the control networks that underpin the nation’s gas grid. In one case dating back to 2012, hackers believed to be affiliated with the Chinese government made off with sensitive maps of the U.S. gas transmission grid, along with other valuable data (Energywire, May 23, 2017).
Cybersecurity experts say the most sophisticated groups of hackers have stopped short of attempting to actually block the flow of gas or electricity in the U.S. Last week, Charles Carmakal, vice president at cybersecurity firm FireEye subsidiary Mandiant, said that Russian hackers had gained access to oil and gas pipelines in the U.S. but added that he has not seen "a deliberate attempt by a foreign government to disrupt operations in the U.S."
Robert M. Lee, CEO of industrial cybersecurity firm Dragos Inc., said Friday that he was unaware of an imminent cyberthreat to natural gas lines. "Ongoing? Yes," he said. "More than usual? No."
The DOE plan doesn’t delve into cyberthreats that could erase any assumed emergency advantage of coal and nuclear plants, including hacking attacks on plant transformers or communications. If a successful attack on transmission operators control system took down parts of the grid, a coal plant would be no more useful than a gas turbine, since either plant’s power couldn’t reach customers.
However, the draft plan notes that the North American Electric Reliability Corp., which enforces binding cybersecurity standards for the bulk power grid at FERC’s discretion, "does not have authority over natural gas pipelines and there are no mandatory reliability or security standards for natural gas pipelines otherwise."
While the DOE proposal is anchored in threats to gas pipelines supplying power plants, DOE has apparently not acted on a proposal left over from the Obama administration that DOE and FERC, with the Transportation Security Administration, evaluate individual pipelines’ cybersecurity preparedness.
Without such audits, it is not clear how DOE is assessing pipeline cyberdefenses.
After the 9/11 attacks, Congress gave TSA authority to regulate pipeline defenses, including cybersecurity. TSA has agreed with industry representatives to rely on voluntary compliance.
An E&E News investigation in 2017 showed that neither DOE, nor FERC nor TSA had made a systematic and comprehensive review of pipeline cyberdefenses, and the industry had not done so either (Energywire, May 26, 2017).
Dave McCurdy, president and CEO of the American Gas Association, defended his industry’s handling of security issues in a statement Friday, citing a recent gas delivery record set this winter.
"Any fact-based, objective examination of the natural gas delivery system demonstrates unquestionable reliability and resilience through extreme weather and today’s reality of constant cyberattack," he said, adding that natural gas utilities routinely work with the Department of Homeland Security and DOE "to maintain the highest level of cybersecurity preparedness."
Solution or bailout?
DOE’s plan would direct grid system operators to buy power or power supply commitments from designated at-risk coal and nuclear plants, giving the plant operators enough new revenue to forestall planned retirements.
The plan doesn’t explain how DOE would decide which plants would get payments, how it would determine a fair price to keep these plants operating, or whether payments would continue even if other grid investments made a plant no longer essential to a region’s grid resilience.
The stopgap measure would last for two years, a period of time DOE says is necessary to analyze critical defenses facilities’ dependence on private-sector power supplies and to pinpoint the most important junctions on interstate power grids and their gas pipeline supply lines.
Former Pentagon official and security consultant Paul Stockton said the DOE draft "offers a comprehensive and compelling analysis of the problems confronting U.S. energy resilience," including challenges from the natural gas sector.
Stockton, managing director of Sonecon LLC, which provides strategic advisory services to Exelon Corp. and other power companies, pointed out that the plan "makes one especially important point — the risk that adversaries will launch multipoint attacks including cyber and other disruptions to the energy sector."
He said he hoped DOE would weigh changes to how energy markets compensate electric power generation to reflect the security value of nuclear and coal plants whose fuel supplies are on-site. "I look forward to seeing the details of these proposals," he said.
Others are looking for details that could provide a foothold for fighting the plan in court.
"Without knowing exactly what they were going to do and how, it’s difficult to plan your litigation strategy," said John Hughes, CEO of the Electricity Consumers Resource Council, a national association of large industrial users of electricity. He said in an interview that he was "mystified by the lack of information on how this will be paid for."
Opponents of the DOE plan will be meeting soon to consider their strategies, he pointed out. Hughes has lambasted the plan as an effective bailout for "a select few companies," noting that "the federal government should not use the pretext of ‘national security’ to pick winners and losers in the energy markets, and it must certainly not treat U.S. manufacturing jobs as inferior to the jobs at uneconomic power plants."
The new plan is likely to put DOE also at odds with some, or all, of the nation’s regional high-voltage power system operators, who are bound by FERC rules to safeguard their systems. The PJM Interconnection, in the Mid-Atlantic and eastern Great Lakes region, recently asked FERC to give it more authority to defend its network and power plant fuel supplies against cyberattacks. ISO New England, that area’s independent system operator, has made the same plea to FERC that it can decide how much blackout risk is acceptable.
"Because each region is unique, it should be left to the region’s respective RTO/ISO to determine what, if any, assessments are needed in light of the type of resilience threats faced there," the New England operator said.