Utilities focus on plausibility, prevention in preparing for worst-case scenarios
From natural disasters to cyberattacks, utilities face many threats — the key, according to one company official, is to focus on the most likely events.
A spike in natural disasters this year has left millions without power in the United States for varying lengths of time. And given concerns over climate change and the possibility the trend will continue, customers may be asking if their utility has prepared for the worst.
It is a valid question, given recent events.
This 2017 Atlantic hurricane season was one of the most active on record — there were eight storms from just Aug. 9 to Sept. 29, a dubious feat unmatched in the last 124 years. Three storms created major disruptions to utility operations: Hurricanes Harvey, Irma and Maria struck Texas, Florida and Puerto Rico, respectively. The response to the first two storms was good, but in Puerto Rico about three-quarters of the population remains without power — more than a month after the storm hit.
Across the country on the West Coast, wildfires have at times caused widespread blackouts. Pacific Gas & Electric earlier this month said it had restored power to all 350,000 electric and 42,000 gas customers who lost service.
But disasters come in all shapes and sizes, and utilities have to pick their battles. There are limits to what they can reasonably do to harden their systems in advance.
Picking their battles
Don Daigler, director of business resilience for Southern California Edison, has also worked at FEMA and the Department of Homeland Security. He said "utilities can prepare for a lot of things but there has to be a cost-benefit analysis — otherwise, protections become so costly customers would never be able to afford to harden the grid."
SCE's strategy is to focus on "more plausible scenarios," said Daigler. “We're looking at preparing for large scale events, but some [fears] are so wildly out of bounds with reality, they are unlikely to occur.”
Take, for instance, recent warnings of an electro magnetic pulse (EMP) triggered by a nuclear detonation in the atmosphere, likely by North Korea. Such an event could be devastating. Peter Pry, who served as chief of staff for a Congressional commission on EMP attacks, recently testified before a House Committee on Homeland Security that the threat is "critical and existential."
"With the development of small nuclear arsenals and long-range missiles by new, radical U.S. adversaries, beginning with North Korea, the threat of a nuclear EMP attack against the U.S. becomes one of the few ways that such a country could inflict devastating damage," Pry told lawmakers. "We know for certain that EMP will cause widespread damage of electronics and protracted blackout of unprotected electric grids and other critical infrastructures."
While an EMP could be devastating to the United States, knocking out power and destroying electronic equipment, it is also a very low probability event. Nevertheless, Pry has recommended hardening 100 nuclear reactors and critical portions of the electric grid.
In its most basic form, it's an issue similar to debates over whether to move power lines under ground: "Sure you can," explained Daigler. "But it is really expensive."
“The industry itself needs to be realistic and reasonable about where the challenges lie and be able to create structures that are adaptable and scalable to meet the needs out there," he said. "We will continue at a national level to get pressure applied to us by regulators and legislators to look at the scenario du jour, based on a third-party entity coming in and trying to scare people into taking actions that are not realistic," Daigler said.
The risk is "trying to do too much against too many threats," he said. "More focus should be spent on hardening and mitigation — the work that can be done before a disaster hits."
Enabling recovery workers
For all the systems and data and technology, disaster recovery comes down to people. As things "move towards more crisis, there's a concept that the primary source of resilience isn't technology but human,” Michael Legatt, CEO and founder of ResilientGrid, told Utility Dive.
“If you're trying to restore a system, it's not just a question about the wires,” Legatt explained. "At the end of the day, its an engineering problem. We have built incredibly complex and complicated systems, and in many ways in normal operation that has been setting us up for success.”
But in a crisis, utilities would be well-served to keep an eye on the big picture, he said. Weather events don't just impact power lines, but also 911 operations, ambulances and fire trucks, and water companies, "each focused on their part of the bigger puzzle."
Storm-related decisions of which feeder circuit to reroute, or when to dispatch a bucket truck, are relatively simple decisions. “When the disaster first hits, operators have procedures they've been given and ideally they are set up for success,” Legatt said. But from that point, the emergency will continue or deviate from what a planner was able to come up with.
“Where it gets more complex is when you have real life things happening in the middle," Legatt said. "It becomes a lot more dynamic."
SCE's worst-case scenario
SCE holds dozens of training exercises each year, including a Resilient Grid series that has a simulated disaster component. In three parts, Edison officials work through the steps they would take in the event of an emergency.
One exercise is a tabletop event focused on the initial 12 hours following a disaster. Another functional exercise, more focused on internal coordination, looks at the time period from 12 hours to two to three days after the event.
A final, full-scale exercise brings together a wide range of stakeholders and officials and picks up about three days after a hypothetical disaster. The exercise "focuses on the immediacy, trying to get as much back online as possible and looking at how to stabilize the grid," Daigler said.
That third exercise was hosted Oct. 19 this year, and forced the utility to respond to a fictional 7.8 magnitude earthquake that struck major areas of Southern California from the Coachella Valley to cities in the San Gabriel Valley. The resilience exercise brought together senior utility officials, representatives from the White House, Department of Homeland Security, Los Angeles County Emergency Management and other stakeholders.
SCE has an all-hazards response plan, along with specific responses for earthquakes, fires, windstorms and other disasters. Daigler said that in the simulated-earthquake scenario, the utility expected less than 50% of its customers would actually lose power — a turnaround from the 100% prediction from just a few years ago.
"A lot has to do with the stability of generation," Daigler sad. "It won't be a blackstart."
The utility's strategy is to start at the outer perimeter of an outage and work its way in. Generation and transmission are the first assets to be repaired. "We prioritize bringing the most customers back as quick as possible," he said, while also focusing on critical-care customers who are prioritized. The utility initially tries to bring customers back online through switching and rerouting power flows.
Edison is also looking at the possible use of drone aircraft to monitor its electric grid following a disaster. "It takes a lot of time to go out and do damage assessments," Daigler said. In some instances, SCE would consider rotating blackouts to ensure the stability of the grid.
But what happens if the grid disaster isn't physical? While earthquakes are the likeliest natural disaster event SCE will face, Daigler said the utility has more work ongoing to address cyber threats.
“The bad guys are getting much smarter," he said.
One fear among the industry is that a remote cyberattack could cause a widespread blackout — similar to what occurred in Ukraine two years ago. Daigler said the United States' security systems make a widespread outage unlikely, but he added that "quite frankly, bad actors are becoming more and more complex. A lot of actions are state-sponsored … at some point there likely will be an event and we need to be prepared to deal with that."
SoCal Edison will be participating in GridEx next month; the biennial exercise is designed to simulate a cyber and physical attack on electric and other critical infrastructure assets across North America. This is the fourth simulation — the tabletop exercise will include utilities, federal agencies, supply chain stakeholders and other critical infrastructure partners.
The concerns are well founded as hacking attempts are becoming more common.
Earlier this month, the U.S. Department of Homeland Security and the Federal Bureau of Investigation issued a joint warning that described an "advanced persistent threat" targeting government entities and organizations in a wide range of sectors, including energy, nuclear, aviation and critical manufacturing. In September, security firm Symantec warned that a group of hackers known as Dragonfly 2.0 had targeted the power sector in Europe and the United States, potentially gaining operational access.
Follow Robert Walton on Twitter