Electrical World T&D Nov/Dec 2001
Distribution—Cover Story
Terrorism:
Is the industry prepared?
By Lew Rubin
--------------------------------------------------------------------------------
Throughout history, the T&D system has survived an enormous variety of human-error-induced and weather-related catastrophes, not to mention the underwhelming Y2K threat. And now, here is yet another category of threat--human-evil-induced catastrophe--demanding attention
--------------------------------------------------------------------------------
New York City: Restoring power after Sept 11
--------------------------------------------------------------------------------
• A Herculean Task:
Restoring service to
Lower Manhattan
In the wake of the horrifying events of Sept 11 in New York, Washington, and Pennsylvania, the entire world is on alert. Security again looms large--particularly the security of the nation's infrastructure, of which the electric power grid is a seminal part. The North American electric power system, often dubbed the greatest engineering achievement in history, is vulnerable to a host of injuries.
But as it turns out, the North American utility establishment--in cooperation with government agencies--has already done a great deal of preparation for just this kind of catastrophe. Much of the preparation, including disaster-recovery planning and inter-utility cooperation, has been established over many years and the systems function quite well. Other aspects (notably defenses against cyber-infiltration) are newer, but the industry went through a massive cleanup and learned a great deal just a few years ago, in preparation for Y2K. Physical security protocols as well have been established for many facilities (notably nuclear plants) for quite some time. In the immediate aftermath of the September attacks, the industry fell back on a variety of well-established procedures and basic common sense.
None of this is to say, however, that today's terrorism threats are not very real and potentially devastating to the electric infrastructure. The events of Sept 11 have raised the ante to a heretofore-unimagined level and a great deal more preparation, testing, and evaluation must be done.
Recovery in lower Manhattan
The electric grid has always been vulnerable to disaster, so utilities have had most of the last century to learn how to cope. Every utility has a disaster recovery plan, outage management procedures, trained crews, warehouses full of spare parts--and plenty of opportunities to practice. Weather has been the traditional villain (hurricanes, tornadoes, floods, earthquakes) but human error has made its contribution as well--usually on a smaller scale. (The Northeast blackout of 1965 is a notable exception.)
So the extraordinary performance of Consolidated Edison Co of NY Inc in getting service restored to the lower tip of Manhattan is hardly surprising (see box). While certainly not business as usual, putting the grid back together in the vicinity of the World Trade Center--with two destroyed substations--was not far removed from what Con Edison (and every other utility) is prepared to do at all times.
Using its own crews and spare parts, Con Edison was able to restore service almost completely in just under eight days. There are still temporary generators on the job, and a lot of the temporary replacement cable as well, but the lights came back on, clear evidence that the events of Sept 11 were not beyond disaster recovery capabilities.
Vigilance needed
At the same time that Con Edison began its recovery, energy facilities elsewhere were also responding to the attacks. Utilities heightened vigilance, reviewed and strengthened security procedures, and increased information sharing.
As energy infrastructures by their nature are far-flung and attenuated, it will never be possible to protect all elements of the system completely, even with unlimited resources
--------------------------------------------------------------------------------
As energy infrastructures by their nature are far-flung and attenuated, it will never be possible to protect all elements of the system completely, even with unlimited resources. But here again there are many well-established procedures that energy facilities have relied on historically, and a well-established hierarchy of risk assessment and protection. The entire electric power system was reinforced comprehensively on Sept 11, essentially until further notice.
Nuclear powerplants are obvious, high-risk targets, so the US Nuclear Regulatory Commission (NRC) has three grades of security procedures for these facilities. On Sept 11, the NRC ordered the nation's nuclear plants to go to the highest level, which they promptly did. And, the Federal Energy Regulatory Commission (FERC) ordered similar procedures at the nations dams and hydroelectric facilities. The North American Electric Reliability Council (NERC), Princeton, NJ, was coordinating from day one with federal law enforcement the responses of the continent's bulk transmission systems, including increased security at key control centers and high-voltage substations.
While the details are classified, heightened physical security is typically about increased patrols, increased scrutiny of visitors, temporary suspension of public tours, locked gates, increased reporting of incidents, and close coordination with local law enforcement. All of these measures are well established at energy facilities.
At the same time, FERC announced on Sept 14 that it would allow utilities to recover the expenses "prudently incurred" to reinforce security at electric power facilities. FERC said,
" . . . the commission wants to assure companies . . . that we will approve applications to recover prudently incurred costs necessary to further safeguard the reliability and security of our energy supply infrastructure . . . "
From here on out
On the other hand, governments and utilities have for some time been aware that a terrorist attack could be very destructive. In 1998 President Clinton signed Presidential Decision Directive (PDD) 63, requesting agencies to comprehensively examine the question of national infrastructure protection, including energy, telecommunications, banking and finance, transportation, water systems, emergency services, and other critical elements. This initiative resulted in a widespread collection of government-industry studies and cooperative efforts, aimed at understanding the issues and implementing mitigation strategies.
In the electric sector the Critical Infrastructure Protection Working Group (CIPWG) was formed under the administration of NERC. CIPWG has been studying the vulnerability of the electric grid since that time (in large part because of Y2K concerns), and has issued several findings. Most are contained in a document called An Approach to Action for the Electricity Sector (NERC, June, 2001; www.nerc.com/pub/sys/all_updl/cip/ApproachforAction_June2001.pdf).
The document provides a sober look at the electric infrastructure and at the electric sector's (ES) preparedness for physical and cyber threats. On the positive side, the report notes that our sector is better prepared than most because of its long experience with natural and manmade disasters. "The severity of effects from natural disasters provides a ready parallel for the severity of effects from deliberate human actions. Electric utilities must also prepare for restoration after human-caused events--such as vandalism, theft of critical components, sabotage, terrorism, and cyber attacks. Vandalism and theft have been with the industry since the beginning; sabotage has been a concern primarily during wars. However, increased use of computer controls and technology has made cyber threats an increasing concern for individual electric utility, power pool, and area power coordinating council operations."
However the report also notes, "Few ES members have business recovery and/or business continuity plans in place that deal specifically with intentional attacks on cyber systems." Later, the report says, "Most ES members do not have in place business recovery plans that include procedures for dealing with widespread, well-planned attacks on physical facilities. Likewise, they do not include procedures for dealing with deliberate attempts to hamper repair and restoration activities."
The CIPWG recommends in this report a Four-Tiered Security Model for Action, including these key features:
• Avoidance--Take steps to prevent threats to both physical and cyber security.
• Assurance--Identify critical assets, assess vulnerabilities, and develop and execute mitigation plans. Re-evaluate periodically.
• Detection--Monitor cyber and physical intrusion systems, monitor outside agency warnings, gather intelligence, and investigate consistently.
• Recovery--Develop plans for rapid recovery/restoration of services, including information sharing and mutual assistance.
Mike Hyland of the American Public Power Assn (and a member of the CIPWG working group) points out that the FBI set up an information clearinghouse for the receipt, coordination, and analysis of suspicious incidents. The so-called National Infrastructure Protection Center is expected to be a key intelligence-gathering and analysis resource for assurance and detection.
While CIPWG, Y2K preparation, and related efforts are by no means cause for complacency, they have already made an important contribution. On Sept 21, the heads of three key energy industry trade associations (Edison Electric Institute, the American Petroleum Institute, and the American Gas Assn) stated that they felt their industries were in good shape. These industries have invested billions of dollars in security upgrades in the late 1990s to prepare for potential computer or terrorist disruptions related to the transition to the year 2000.
Share and share alike
While much has been done, a lot more still needs to be done. Implementation of all of the CIPWG recommendations is just beginning in the electric sector, and it will presumably continue with a new urgency in coming months.
Jayne Brady of EEI reports that new legislation that would facilitate more information sharing in the industry, through relaxation of both antitrust provisions (inter-company information exchange) and Freedom of Information Act (FOIA) rules (company-government information exchange) has recently been introduced. Also, EEI is facilitating an electric industry CEO Task Force that meets weekly by phone to review emergency response plans and set the stage for the next set of upgrades and recommendations for the industry to enact.
A Herculean task:
Restoring service to lower Manhattan
New York City suffered many kinds of damage on Sept 11, including a massive blow to its electric infrastructure. By evening on the fateful day, Consolidated Edison Co of NY Inc had lost as much as 400 MW of capacity, two key substations, and several miles of underground circuits. By Sept 19, however, Con Edison was able to restore service to all five transmission networks lost during the disaster. There is much to be done before next summer to make permanent repairs to the infrastructure, but the accomplishments of the first month have been nothing short of astounding.
Doing whatever it takes to get the lights back on: Con Ed laid miles of temporary cable, digging shallow trenches in the street where necessary
--------------------------------------------------------------------------------
When the twin towers of the World Trade Center collapsed that Tuesday morning, Con Edison lost close to 90 MW of load (roughly 1% of peak on a typical September day), but the delivery infrastructure remained intact. It wasn't until later in the day that the real damage was done.
In the afternoon, WTC Building 7 collapsed and took with it two key substations serving the WTC and adjacent areas. This loss caused another key substation in lower Manhattan to trip, isolating most of a key 138-kV transmission circuit serving the area. The fallout from Building 7 cut off service to more than 13,000 customers in lower Manhattan. By Wednesday morning, Con Edison had its work cut out for itself.
Steve Wood, Con Edison's vice president of engineering, describes the two-pronged recovery plan put in place over the following week. "To restore service quickly to key buildings like financial centers, hospitals, command centers, and worker rest locations, we brought in diesel-fueled mobile generators, and hooked them up right outside of each key building. In a few days we had close to 90 of these (each roughly the size of a flatbed trailer, providing between 1 and 2 MW of power each) on the streets, plus 14 refueling trucks servicing the fleet. These generators got spot service back up where it was needed."
At the same time, Con Edison's electric operations team was designing a way to bypass damaged circuits and string feeder cable throughout the area, to connect buildings back to the permanent grid. This effort took place over the next week, with as many as 1900 Con Edison employees working on the recovery effort. Some helped string several miles of temporary cable through the street. At street crossings they dug shallow trenches and covered them with steel plates. In other areas they isolated the cables using concrete construction barriers (figure).
On Sept 19, Con Edison had service restored, and the neighborhoods reconnected to the grid. Key networks restored included Park Place, Cortlandt, Bowling Green, Fulton, Park Place, and Battery Park City. The World Trade Center's 90-MW load is permanently gone, and perhaps another 30-50 MW of load from adjacent damaged buildings will not be back soon. But the rest of lower Manhattan has power again.
The next big challenge is to remove all the temporary cable and rebuild full capacity to the damaged feeders. Right now some feeders in the area are carrying more than summer design capacity, which will be okay into next spring. But, Steve Wood says, "We must be ready by the summer." The electric operations team has begun planning and designing for as much as three to five miles of new underground duct line, to be installed by May 2002.
The bill for all of this Herculean effort is still being computed. Wood says it will easily be in the "hundreds of millions" of dollars.