WASHINGTON – The top federal energy regulator said Thursday that her agency is taking steps to improve handling of classified national security information, following a report that officials improperly allowed widespread access to a document that outlined specific physical threats to the nation’s electric grid.
Cheryl LaFleur, acting chairwoman of the Federal Energy Regulatory Commission, told the Senate Energy Committee on Thursday that employees are “wiping and scrubbing all databases” and taking other steps to protect sensitive information.
The commission also has directed a non-profit entity that oversees electric reliability to develop physical security standards for the grid by early June.
In issuing the order, the agency recognized that most utilities already have taken steps to identify critical structures and protect them from attack, LaFleur said.
“A mandatory standard will reinforce these efforts and ensure that all owners and operators of the bulk power system take such important steps where appropriate,” she said.
LaFleur’s testimony came a day after a government investigator said commission employees improperly allowed widespread access to a sensitive document that outlined specific locations where the nation’s electric grid is vulnerable to physical threats.
A document created by the commission in response to an April 2013 attack on a California substation should have been kept secret as a national security matter, Energy Department Inspector General Gregory Friedman said Wednesday. Instead the information was provided in whole or in part to federal and industry officials in unsecured settings.
The Wall Street Journal reported last month that a federal analysis indicated that a co-ordinated terrorist strike on just nine key electric transmission substations could cause cascading power outages across the country in each of the nation’s three synchronized power networks.
LaFleur denounced the newspaper report as “highly irresponsible” but did not refute its contents.
“While there may be value in a general discussion of the steps we take to keep the (power) grid safe, the publication of sensitive material about the grid crosses the line from transparency to irresponsibility and gives those who would do us harm a roadmap to achieve malicious designs,” LaFleur said.
Wrongful use of sensitive information by an energy commission employee or former employee could result in penalties, including firing, LaFleur said, but added: “I have no reason to believe” the leak was a criminal matter.
LaFleur acknowledged that the agency needs to improve training for handling of classified information but said as a longtime commissioner that the agency has a strong culture of ensuring that sensitive information remains confidential. Information about potential mergers or important licensing decisions, for instance, is not leaked before its official release, she said.
“We deal with confidential information all the time,” she said.
Sen. Lisa Murkowski of Alaska, the senior Republican on the energy panel, called the inspector general’s report “extremely troubling” but praised LaFleur’s response.
Still, Murkowski said it is “likely impossible to ensure that every part of the grid could withstand physical or cyberattack.” The government as a whole needs to redouble efforts to ensure grid reliability and security, Murkowski said, adding that it is not clear whether new legislation is needed.
“Clearly the commission must do better going forward to protect nonpublic information from disclosure. The challenge before us is how to maintain and improve reliability and affordability while keeping environmental performance in balance,” Murkowski said.
The panel’s chairwoman, Sen. Mary Landrieu, D-La., said it was fortunate that the 2013 attack on a Pacific Gas & Electric Co. substation near Metcalf, Calif., did not result in a blackout in Silicon Valley, “the horrors of which could only be imagined.” Former FERC Chairman Jon Wellinghoff has said the attack was terrorism. The FBI has said in repeated statements it had found no indications to back that up.
Landrieu did not address the question of terrorism but said the widely reported incident “came very close to causing the shutdown of a large portion of the Western Grid.”
Possible attacks on the grid must be taken seriously, “but the response must fit the size and the nature of the threat. One size does not fit all,” Landrieu said.
Meanwhile, PG&E offered a $250,000 reward Thursday for information leading to an arrest and conviction in the April 16, 2013 attack. Fiber-optic lines were cut to knock out phone and 911 service in the area, and shots were fired into a substation.
“One year later, the perpetrator or perpetrators of this crime remain at large and we want to help change that,” said Gregg Lemler, PG&E’s vice-president of electric transmission operations. The reward would be funded by shareholders. AT&T has offered its own $250,000 reward for information leading to arrests.
The sniper bullets knocked out 17 transformers powering parts of Silicon Valley and caused more than $15 million in damage.
Associated Press writer Garance Burke in San Francisco contributed to this story.
Follow Matthew Daly on Twitter: https://twitter.com/MatthewDalyWDC