Sen. Murkowski Calls for DOE IG to Examine Disclosure of Sensitive Energy Infrastructure Information

March 27, 2014

WASHINGTON, D.C. – U.S. Sen. Lisa Murkowski (R-Alaska) today spoke on the Senate floor about the irresponsible and dangerous leak of internal Federal Energy Regulatory Commission (FERC) information on potential vulnerabilities of the nation’s electric grid. Video and the full text of her comments are below.

Sen. Murkowski speaks on the Senate floor about grid vulnerability.

(Click on photo to play video)

“I’ve come to the floor to speak about the physical security of our nation’s power grid.  This is a subject that recent stories in the Wall Street Journal, about a coordinated attack on the California Metcalf substation last April, have drawn considerable attention to. 

“While those stories highlighted potential vulnerabilities, my principal focus today will be to highlight the safeguards that are already in place to protect the nation’s bulk power system – and to announce a step that is now necessary to prevent the undue release of sensitive, non-public information.

“First, and foremost, I believe it is important to remember during the Metcalf incident, the PG&E system did not lose power. This fact emphasizes the grid’s resiliency and importance of building redundancy into the bulk power system.       

“And, as usual, the electric industry has learned from and responded to the California incident.  At the end of last year, the Departments of Energy and Homeland Security, along with the North American Electric Reliability Corporation (NERC), the Federal Energy Regulatory Commission and the FBI began a cross-country tour of 10 cities in order to brief utility operators and local law enforcement on the lessons learned from Metcalf. Government officials discussed mitigation strategies and meeting participants were able to develop important relationships between first responders and the industry. 

“In fact, as a result of the 2005 Energy Policy Act’s mandatory requirements, the electric industry has invested significant resources to address both physical and cybersecurity threats and vulnerabilities. Through partnerships with various federal agencies, industry is focusing on preparation, prevention, response and recovery. For example, NERC holds yearly security conferences and a grid exercise, which tests and prepares industry on physical and cyber security events.

“And yet, former FERC Chairman Jon Wellinghoff was quoted in the Wall Street Journal, calling the Metcalf incident ‘the most significant incident of domestic terrorism involving the grid that has ever occurred.’ Comments such as these are certainly sensational. Depending upon the factual context, they also can be reckless. 

“Although the topic of physical security warrants discussion, we must be prudent about information for the public sphere. Many government leaders are privy to confidential and sensitive information that if not carefully treated could provide a roadmap to terrorists or other bad actors about vulnerabilities. At a minimum, government officials have a duty to safeguard sensitive information they learn in their official capacity.

“A story that appeared in the Wall Street Journal on March 13 was shocking because it included sensitive information about the nation’s energy infrastructure that the newspaper said came from documents created at FERC. Although the Wall Street Journal did not name specific facilities at risk, it did detail the geographic regions and the number of facilities that, if simultaneously disabled, could cause serious harm – the article claimed a national blackout. 

“I commend FERC Chair Cheryl LaFleur for her statement regarding the publication of this information, and I thank Commissioner Tony Clark as well for his statement about the matter. Fortunately, our current FERC commissioners are an independent lot. I understand the commission itself is looking into this matter, including the question of how sensitive internal FERC documents made their way into a high profile news article.  I urge FERC to leave no stone unturned. I have grave concerns about the irresponsible release of nonpublic information that unduly pinpoints potential vulnerabilities of our nation’s grid. If this conduct is not already illegal, it should be.

“The source of the leaked information appears to be someone with access to highly sensitive, narrowly distributed FERC documents. Releasing this sensitive information for publication has put the nation at greater risk and potentially endangered lives, including those of the many good people who are faithfully working to maintain and protect the grid. 

“In order to learn what happened here and to determine how better to safeguard critical information as steps are being taken to make the grid less vulnerable, my colleague and Chairman Mary Landrieu and I have written to the Inspector General of the Department of Energy, whose oversight includes the FERC. It is our understanding that the IG has already begun an inquiry into this matter. We have asked him to conclude his inquiry as soon as possible. And we have also asked for his immediate assurance that if the inquiry must ripen into an investigation that he will, as we have every confidence he would, follow the information he learns wherever it leads.

“We are eager to receive recommendations to improve the safeguards of keeping sensitive information from disclosure. We have also asked the IG to look into the obligations of current and former FERC commissioners and employees with respect to non-public information. I certainly hope the inspector general’s inquiry leads to the identification of the person or persons who provided this sensitive non-public information to the media. But even if it does not – even if we learn that the leak of this information could have been accomplished without the violation of any disclosure restrictions – we will consider introducing legislation to make sure that in the future, the disclosure of non-public information about energy infrastructure that puts our nation at risk is a violation of federal law.  

“We must remember that the possibility of a physical attack that disables key parts of the grid has always been a risk.  Again, in this instance, our system worked and no power was lost.  Therefore, I urge a measured approach when evaluating our next steps in response to Metcalf.  Erecting barriers at every transmission substation and surveillance of every inch of transmission is not feasible.   I am concerned these types of measures will potentially cost billions of dollars, with little impact.  There must also be a balance between the measures related to physical security and the costs that would likely be passed through to consumers.

“On March 7, FERC used the grid reliability framework Congress established in the 2005 Energy Policy Act by directing NERC to establish standards addressing physical vulnerabilities to better protect our nation’s power grid. NERC has 90 days to develop its proposed standards through a collaborative process. The proposed standard will then be reviewed independently before it is submitted to FERC.

“Our Energy Policy Act standards are foundational. Constant information sharing between government and industry, coupled with alerts for rapid response, are also key tools for dealing with the changing state of security.  

“As policymakers, we must include physical security as a key issue in our discussions.  We must also take measured steps to protect the grid, but we must not sensationalize the threat. I commend NERC and FERC for starting the standard-setting process. And I urge all participants to strike a balance between measures related to physical security and costs and benefits for electric customers and the broader public.”

Murkowski, the ranking member of the Senate Energy and Natural Resources Committee, released a report in February on the importance of the nation’s electric grid and the critical issue of protecting electric reliability.   

###