Electricity Grid Resilience

The nation’s grid delivers electricity that is essential for modern life. However, the grid faces risks from events that can damage electrical infrastructure (such as power lines) and communications systems, resulting in power outages. These outages can threaten the nation’s economic and national security.

They can also disproportionately affect low-income groups, in part because such groups have fewer resources to invest in backup generators and other measures to minimize the impact of outages.Even though most of the electricity grid is owned and operated by private industry, the federal government plays a key role in enhancing grid resilience.
• The Department of Homeland Security (DHS) is responsible for coordinating the overall federal effort to promote the security and resilience of the nation’s critical infrastructure sectors.
• The Department of Energy (DOE) leads federal efforts to support electricity grid resilience, including research and technology development by national laboratories.
• The Federal Energy Regulatory Commission (FERC) reviews and approves standards developed by the North American Electric Reliability Corporation, the federally designated U.S. electric reliability organization.

Key Issues
The electricity grid faces multiple risks that can cause widespread power outages.
Risks:
- Extreme weather and climate change
- Cyber- and physical attacks
- Electromagnetic events

In addition to the risks described in the prior page, the electric utility industry faces complex challenges and transformations, including:
• aging infrastructure;
• adoption of new technologies, such as information and communication systems
to improve the grid’s efficiency; and
• a changing mix of power generation. The traditional model of large, centralized power generators is evolving as retiring generators are replaced with variable wind and solar generators, smaller and more flexible natural gas generators, and nontraditional resources. Such resources include demand-response activities which encourage consumers to reduce their demand for electricity when the cost to generate electricity are high, and various technologies (e.g., solar panels) that generate electricity at or near where it will be used—known as “distributed generation.”

Key Opportunities
Agencies have implemented several of GAO’s recommendations for improving electricity grid resilience. For example, in March 2016, we recommended that DHS designate roles and responsibilities within the department for addressing electromagnetic risks, which DHS did in 2017. However, as of September 2021, agencies had not yet implemented a number of GAO recommendations that represent key opportunities to mitigate risks in the following areas:

- Extreme weather and climate change - Prioritize efforts and target resources effectively. Enhance grid resilience efforts. Better manage climate-related risks
- Cyberattacks - Assess all cybersecurity risks. Address risks to distribution systems Consider changes to current standards. Evaluate potential risks of a coordinated attack

Panama City, FL Strengthens Critical Infrastructure for Future Disasters

FEMA has approved grants of more than $4.7 million for two hazard mitigation projects for the city of Panama City to reduce its risk of critical facility failure during future disasters. Funding from FEMA’s Hazard Mitigation Grant Program (HMGP) was approved in response to a proposal by the city after Hurricane Michael in 2018.

Millville Wastewater Treatment Plant: $2,653,956 for the purchase and installation of twin permanent generators to support the critical operations of the plant. They will be connected to the main electrical transfer system by a switchgear and an underground duct bank, which provide a protected pathway for electrical transmission and allow the city to provide continued service to the community during future power outages.

Sanitary Sewer Lift Stations: $2,052,265 for Phase One in a proposed project to provide flood protection and improvements to 13 sanitary sewer lift stations within the city, including surveying, engineering, design, plan preparation, permitting and the bidding for Phase Two approval. If approved, the project proposes different mitigation actions depending on the needs and assessment of each of the 13 sites to include relocation, elevation or strengthening against storm surge and wave-action hazards.

The HMGP provides funding to help communities eliminate or reduce disaster-related damage. Following a major disaster, a percentage of a state’s total federal recovery grants is calculated to help develop more resilient communities. Florida has an Enhanced Hazard Mitigation Plan that allows more funding to be available for post-disaster resilience projects. States with the enhanced plan receive HMGP funds based on 20% of their total estimated eligible federal disaster assistance.

Keystone Accidents Investigated by GOA

The Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) required TC Energy to take additional safety measures specified in a special permit as conditions of allowing certain portions of the Keystone Pipeline (Keystone) to operate at a higher stress level than allowed by regulation. PHMSA reviewed technical information and drew on its experience granting similar permits to natural gas pipelines to develop 51 conditions with which TC Energy must comply. Most pipeline safety and technical stakeholders GAO interviewed agreed the conditions offset the risks of operating at a higher stress level. However, PHMSA did not allow TC Energy to fully operate Keystone at this higher stress level until 2017, after TC Energy replaced pipe affected by industry-wide pipeline quality issues.

Keystone's accident history has been similar to other crude oil pipelines since 2010, but the severity of spills has worsened in recent years. Similar to crude oil pipelines nationwide, most of Keystone's 22 accidents from 2010 through 2020 released fewer than 50 barrels of oil and were contained on operator-controlled property such as a pump station. The two largest spills in Keystone's history in 2017 and 2019 were among the six accidents that met PHMSA's criteria for accidents “impacting people or the environment.” According to PHMSA's measures for these more severe types of accidents, from 2010 to 2020 TC Energy performed better than nationwide averages, but worse in the past five years due to the 2017 and 2019 spills.

The Keystone Pipeline has transported over 3 billion barrels of crude oil from Canada to U.S. refineries since 2010. Keystone's accident history is similar to other pipelines, but the severity of its spills has worsened in recent years due to 2 large spills in 2017 and 2019.

The Department of Transportation required Keystone operator TC Energy to investigate and address the root causes of the 4 largest spills. DOT has also issued enforcement actions and civil penalties for problems like inadequate corrosion prevention. Based on Keystone "lessons learned," DOT has increased inspection resources for other pipelines during construction.

In response to each of Keystone's four largest spills, PHMSA issued Corrective Action Orders requiring TC Energy to investigate the accidents' root causes and take necessary corrective actions. These investigations found that the four accidents were caused by issues related to the original design, manufacturing of the pipe, or construction of the pipeline. PHMSA also issued other enforcement actions and assessed civil penalties to TC Energy for deficiencies found during inspections, such as inadequate corrosion prevention and missing pipeline markers. Based in part on its experience overseeing Keystone, PHMSA officials said they have increased resources to conduct inspections during construction of other pipelines and are establishing a more formal process to document and track the compliance of all special permits, including Keystone's permit.

New IAEA Guidance in Emergency Preparedness and Response

How do you create a national strategy to protect people in a nuclear or radiological emergency based on lessons learned, scientific evidence and good practices? A new IAEA publication, Considerations in the Development of a Protection Strategy for a Nuclear or Radiological Emergency provides the concepts and practical considerations needed to build that protection strategy.
“The publication is universally adaptable and addresses the different aspects of an emergency from the direct radiological consequences to protecting against non-radiological aspects, which are decisive for an effective response,” said Svetlana Nestoroska Madjunarova, former counsellor in monitoring and emergency at the North Macedonian Radiation Safety Directorate and author of the publication.
Five main topics are covered in the publication: the concept of a protection strategy for a nuclear or radiological emergency, the basis and process for the development of a protection strategy, processes for justifying and optimizing protection and safety and consultation with interested parties. These five topics provide guidance to those planning a protection strategy, the underlying concepts and they also provide practical guidance on implementation in alignment with the IAEA safety standards and the goals of emergency response as defined in General Safety Requirement Part 7.
The publication also provides an outline for national protection strategies to support national efforts to develop justified and optimised plans to protect health and minimize danger to life and property during and following a nuclear or radiological emergency, as well as specific guidance for the effective, optimal implementation of the strategy in emergency response.
Protection measures should be based on scientifically justified methods and applied only when observations in the field indicate action is necessary. In this manner, maximum protection can be provided with minimum social and economic disruption. Justification in emergency response means taking diverse factors into account to achieve more good than harm. Optimization is a process that applies the resources at hand in the most effective manner to provide the best protection during an emergency.
Core objective
The guidance addresses both the early stages of the emergency response and the subsequent return to normality in the affected areas, while also touching on environmental, economic and other consequences. These considerations, previously addressed in separate publications, are now gathered for the first time in this unified volume.
“Effective emergency response planning requires a holistic approach that addresses all the issues arising during and following an emergency, not solely the initial consequences of the nuclear or radiological emergency,” said David Owen, expert from the United Kingdom on the publication drafting group.
The publication reflects the latest safety requirements and recommendations in emergency preparedness and response and supports their implementation.
“The eventual return to normality following an emergency is an important consideration in the protection strategy,” Madjunarova said. “Countries may expect that in this post-emergency period there is enough time to acquire the relevant social, economic and radiological information needed to make optimal decisions. Lessons learned show that a comprehensive strategy is essential in making and implementing those decisions in a timely manner.”
The publication also offers practical advice on the possible transboundary consequences of a nuclear or radiological emergency to identify potential hazards to aid cooperation with all countries that may be affected by such events to ensure effective and consistent protection of the affected populations and the environment across borders.

Alliance for National & Community Resilience Awards First Resilience Designation to Martinsville, Virginia

The Alliance for National & Community Resilience (ANCR) issued its first community resilience designation to Martinsville, Virginia, at a meeting of the City Council. Martinsville was selected as the initial pilot city for ANCR’s Community Resilience Benchmarks (CRB) for buildings and housing. The city was awarded an Essential designation for its building-related activities and an Enhanced designation for its housing-related initiatives.
“We were particularly impressed with the involvement of city staff and their transparency and thoroughness as we worked through the benchmarking process. Their commitment to the process will be invaluable in supporting improvements in the CRB process and help enhance the resilience of other communities,” said Evan Reis, ANCR Board Chair and Executive Director of the U.S. Resiliency Council.
The benchmarking process was led by Kris Bridges, Martinsville’s Building Official and Mark McCaskill, Martinsville’s Community Development Director. Jeremy Sigmon of Planet Sigmon served as the community’s ANCR Mentor, guiding them through the benchmarking process.
“The Martinsville City Council commends the work of our Inspections and Community Development Departments for their work with ANCR in improving the city’s resiliency and setting the standard for other communities to follow,” said Kathy Lawson, Mayor, Martinsville, Virginia. “The City of Martinsville is committed to the development of benchmarks such as the CRB as having the proper protocols in place will not only give us the needed information to maintain critical facilities and infrastructure during disaster events, but also allow us to reap the financial benefits, improve resiliency across our community and show our commitment to our community and citizens.”
Based on the feedback from Martinsville, ANCR will finalize its benchmarking process and begin work on developing additional benchmarks. The Buildings and Housing Benchmarks represent the first two benchmarks developed under the CRB. ANCR identified 19 community functions covering the social, organizational and infrastructural aspects of communities that influence their resilience and is developing benchmarks for each of them. The Water Benchmark was completed in 2020 and is currently being piloted along with the Buildings and Housing Benchmark in Oakland Park, Florida.

Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure

The Biden Administration continues to take steps to safeguard U.S. critical infrastructure from growing, persistent, and sophisticated cyber threats. Recent high-profile attacks on critical infrastructure around the world, including the ransomware attacks on the Colonial Pipeline and JBS Foods in the United States, demonstrate that significant cyber vulnerabilities exist across U.S. critical infrastructure, which is largely owned and operated by the private sector.
Currently, federal cybersecurity regulation in the United States is sectoral. It has a patchwork of sector-specific statutes that have been adopted piecemeal, as data security threats in particular sectors have gained public attention. Given the evolving threat faced today, it must consider new approaches, both voluntary and mandatory. It is critical infrastructure owners and operators responsibility to follow voluntary guidance as well as mandatory requirements in order to ensure that the critical services the American people rely on are protected from cyber threats.
President Biden has signed a National Security Memorandum (NSM) on “Improving Cybersecurity for Critical Infrastructure Control Systems,” which addresses cybersecurity for critical infrastructure and implements long overdue efforts to meet the threats. The NSM:
- Directs the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST), in collaboration with other agencies, to develop cybersecurity performance goals for critical infrastructure.
- Formally establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative. The ICS initiative is a voluntary, collaborative effort between the federal government and the critical infrastructure community to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings.

TSA Takes Steps to Address Some Pipeline Security Program Weaknesses

The nation's pipelines are vulnerable to cyber-based attacks due to increased reliance on computerized systems. In May 2021 malicious cyber actors deployed ransomware against Colonial Pipeline's business systems. The company subsequently disconnected certain systems that monitor and control physical pipeline functions so that they would not be compromised.
Protecting the nation's pipeline systems from security threats is a responsibility shared by both the Transportation Security Administration (TSA) and private industry stakeholders. Prior to issuing a cybersecurity directive in May 2021, TSA's efforts included issuing voluntary security guidelines and security reviews of privately owned and operated pipelines. GAO reports in 2018 and 2019 identified some weaknesses in the agency's oversight and guidance, and made 15 recommendations to address these weaknesses. TSA concurred with GAO's recommendations and has addressed most of them, such as clarifying portions of its Pipeline Security Guidelines improving its monitoring of security review performance, and assessing staffing needs.
As of June 2021, TSA had not fully addressed two pipeline cybersecurity-related weaknesses that GAO previously identified. These weaknesses correspond to three of the 15 recommendations from GAO's 2018 and 2019 reports.
Incomplete information for pipeline risk assessments. GAO identified factors that likely limit the usefulness of TSA's risk assessment methodology for prioritizing pipeline security reviews. For example, TSA's risk assessment did not include information consistent with critical infrastructure risk mitigation, such as information on natural hazards and cybersecurity risks. GAO recommended that TSA develop data sources relevant to pipeline threats, vulnerabilities, and consequences of disruptions. As of June 2021, TSA had not fully addressed this recommendation.
Aged protocols for responding to pipeline security incidents. GAO reported in June 2019 that TSA had not revised its 2010 Pipeline Security and Incident Recovery Protocol Plan to reflect changes in pipeline security threats, including those related to cybersecurity. GAO recommended that TSA periodically review, and update its 2010 plan. TSA has begun taking action in response to this recommendation, but has not fully addressed it, as of June 2021.
TSA's May 2021 cybersecurity directive requires that certain pipeline owner/operators assess whether their current operations are consistent with TSA's Guidelines on cybersecurity, identify any gaps and remediation measures, and report the results to TSA and others. TSA's July 2021 cybersecurity directive mandates that certain pipeline owner/operators implement cybersecurity mitigation measures; develop a Cybersecurity Contingency Response Plan in the event of an incident; and undergo an annual cybersecurity architecture design review, among other things. These recent security directives are important requirements for pipeline owner/operators because TSA's Guidelines do not include key mitigation strategies for owner/operators to reference when reviewing their cyber assets. TSA officials told GAO that a timely update to address current cyber threats is appropriate and that they anticipate updating the Guidelines over the next year.

Storms and Record Rainfall in Western Europe Disrupts CI

Record rainfall has caused swollen rivers to burst their banks and wash away homes and other buildings in western Europe – leading to more than 190 fatalities and over 1000 people missing. The floods have affected several river basins, first in the United Kingdom and later across northern and central Europe including Austria, Belgium, Germany, Luxembourg, the Netherlands, Switzerland and Italy.
The German states of Rhineland-Palatinate and North Rhine-Westphalia were among the worst hit by the torrential rainfall, with water levels rising in the Rhine River, as well as the Walloon Region in Belgium. The storms and high waters have also battered neighbouring Switzerland, the Netherlands and Luxembourg.
Data from the Copernicus Sentinel-1 mission are being used to map flooded areas to help relief efforts. The mission has been supplying imagery through the Copernicus Emergency Mapping Service to aid relief efforts. The devastating floods has triggered four activations in the Copernicus Emergency Mapping Service, in Western Germany, Belgium, Switzerland and the Netherlands.
The service uses observations from multiple satellites to provide on-demand mapping to help civil protection authorities and the international humanitarian community in the face of major emergencies.
Westnetz, Germany's biggest power distribution grid, stated that 200,000 properties in the North Rhine-Westphalia and Rhineland-Palatinate regions were without power and that it would be impossible to repair substations until roads were cleared.

CISA and FBI Launch Operation Flashpoint to Raise Awareness about How to Prevent Bomb Making

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Justice’s Federal Bureau of Investigation (FBI) announced a new pilot program called “Operation Flashpoint” to build awareness in communities across the U.S. about how to prevent bomb attacks.
At the pilot’s launch today at Revell Ace Hardware in Clinton, Miss., CISA and FBI officials highlighted the threat posed by domestic violent extremists and others who can build improvised explosive devices (IEDs) from common household items found at retail stores across the country. Approximately 250,000 businesses in the U.S. sell, use or distribute materials that can be used to build bombs.
IEDs pose a significant threat in the U.S. In 2020 alone, there were 2,061 total bomb threat, suspicious package and device-related incidents across the nation, according to CISA’s Office for Bombing Prevention TRIPwire report. Major bombings can cause mass casualty events and cost hundreds of millions of dollars or more.
The 90-day Operation Flashpoint pilot, which will include events in other cities including Columbia, S.C.; Louisville, Ky.; and Orlando/Tampa, Fla., encourages businesses and the public to voluntarily report suspicious activities, such as buying large amounts of chemicals and materials (or a combination of these) that can be used to build bombs.
“Operation Flashpoint is a major milestone in implementing U.S. policy to thwart bomb threats,” said Dr. David Mussington, Executive Assistant Director for CISA’s Infrastructure Security Division. “It shows the strong unity in the federal government, between the Department of Justice and the Department of Homeland Security, to safeguard citizens and critical infrastructure.”

IAEA Tool for Self-Assessment of National Nuclear and Radiation Safety Infrastructure Now Available Online

The IAEA has launched a web-based version of its self-assessment tool — eSARIS — with additional features and advanced functionalities to support Member States in assessing their nuclear and radiation safety framework, to either strengthen the national regulatory infrastructure or in preparation for an IAEA Integrated Regulatory Review Service (IRRS) mission.

“eSARIS allows multiple users across different organizations in a Member State to work together more effectively, as they can view and edit information simultaneously,” said Teodros Hailu, IAEA Radiation Safety Specialist and eSARIS technical officer. “Users can also use charts to monitor their self-assessment progress and the new tool provides the opportunity of tracking changes made to information provided.”

eSARIS is a new version of the IAEA Self-Assessment of Regulatory Infrastructure for Safety (SARIS). SARIS was originally launched in 2013 and is regularly updated in line with the development of IAEA safety requirements. eSARIS now provides users with easy and secure online access, and acts as a shared online platform for all users within a country.

The SARIS methodology, used by staff of regulatory bodies, technical services provider organizations, facilities using radiation sources and government entities, is based on a structure of questions that promotes the objective evaluation of current safety framework, processes and related activities, and enables Member States to devise a continuous improvement plan for their national safety infrastructure.

Conducting self-assessment using SARIS is a preparatory requirement for IAEA Integrated Regulatory Review Service (IRRS) missions, a peer review service of regulatory framework for Member States to strengthen and enhance the effectiveness of their regulatory infrastructure.

User-friendly features

The new eSARIS was developed in response to feedback from Member States and allows regulatory bodies to modify the scope of their self-assessment. Since it is accessed via the IAEA Nucleus system, existing Nucleus account holders will benefit from single sign-on, while eSARIS also guarantees users a high level of restricted access and security.

Isabel Villanueva Delgado, Head of the General Secretary’s Cabinet at the Spanish Nuclear Safety Council (CSN), who was involved in the development stage of the tool, said: “eSARIS systematically guides on how to implement the self-assessment plan; organize roles and responsibilities; develop an action plan for improvement in line with updated IAEA safety standards; and create a repository of information and evidence, which could prove beneficial in the short and long term.”

Richard Ndi Samba, Director of Regulation and Regulatory Control at the National Radiation Protection Agency (NRPA) in Cameroon and also involved in the development process, added that “the updated tool provides an easy interface to communicate with IAEA technical officers, which allows country counterparts to quickly identify areas of performance improvement.”

eSARIS also includes other components, such as the Integrated Review of Infrastructure for Safety (IRIS) tool, which provides for a comprehensive and targeted self-assessment in line with the IAEA Specific Safety Guide SSG-16 (Rev. 1) on the establishment of a national safety infrastructure for a nuclear power programme.

1 2 3 5