October 13, 2021, the San Jose Mercury News had the following headline: “High-wire act for PG&E: balancing safety, reliability”. Two lawsuits have been filed on behalf of nearly 200 people alleging PG&E caused this summer’s massive Dixie Fire in Butte County, which followed several blown fuses and equipment malfunctions. Last month, PG&E was charged with manslaughter after a tree fell onto a line and sparked Shasta County’s 2020 Zogg Fire, killing four people. PG&E pleaded guilty to 84 counts of voluntary manslaughter in a 2018 blaze that nearly destroyed the town of Paradise.
Consequently, PG&E is taking a zero-tolerance approach to “arcing,” which happens when an electric current along the line is interrupted and jumps through the air, releasing sparks. To prevent arcing, lines now shut down at the first sign of interrupted power. PG&E has always had the ability to adjust the sensitivity of the line’s safety devices - distribution reclosers. What’s changed is the widespread use of this strategy. Enhanced Power Line Safety Settings have been installed on more than 11,500 miles of lines in 169 circuits that serve 380,000 customers.
December 3, 2017, I issued the following blog concerning electric distribution and wildfires (https://www.controlglobal.com/blogs/unfettered/electric-reclosers-can-be-hacked-to-cause-wildfires). The cycling of electric distribution reclosers have caused major wildfires in California including the Santa Rosa fire and fires in Southern California as well as in at least two other states. As a result of the Santa Rosa fires, California State Senator Jerry Hill (D-San Mateo) called on investigators to focus on reclosers which send pulses of electricity into lines where service becomes briefly interrupted, helping to prevent blackouts and outages when lines are not actually damaged. Hill pointed to a public hearing he held several years ago in which representatives from PG&E spoke alongside counterparts from California's other two utilities, San Diego Gas & Electric Co.(SDG&E) and Southern California Edison. According to the testimony of SDG&E’s David Geier on the San Diego Witch and Rice fires, SDG&E uses protection devices on its transmission and distribution lines to ensure that the electric system detects and responds to fault activity and isolate the faulted lines similar to other electric utilities across the country. In that hearing the two Southern California companies said that they had a practice of blocking the reclosers from working during fire season, as the devices can be known to spark wildfires when a downed line is, for instance, in contact with a nearby tree or dry brush. At the time, PG&E defended its stance of not doing this because the reclosers improved reliability across the system, but the hearing appeared to have led to a pilot program in which PG&E was experimenting with turning off some of the devices during fire season — and, in fact, some of the reclosers in the North Bay were part of this pilot program, but many were not.
The October 13, 2021 article stated the use of breakers, reclosers, fuses and sectionalizers is a well-established practice in utilities for the protection of generation stations, transmission interchanges, transmission switching stations, transmission lines, distribution substations, and distribution lines. In the case of PG&E and SDG&E, the standard protection devices used on transmission lines are breakers, which open (interrupt the operation) when faults are detected. In the case of distribution lines, reclosers, fuses and sectionalizers are used. The more operations that occur with the reclosers, the higher the possibility of arcing causing sparks resulting in fires. When protection is setup correctly, distribution reclosers can provide reliability and reduce arcing assuming cyber protections are addressed.
In my book, Protecting Industrial Control Systems from Electronic Threats published in 2010, many electric distribution reclosers were identified as being cyber-vulnerable because of Bluetooth connectivity. As one vendor claimed: “They now have a Bluetooth connection for their new distribution recloser. If your line folks and/or engineers would like to sit in the truck on those rainy days checking on the recloser...” The ability to communicate by Bluetooth provides improved reliability but also a potential doorway for cyber attackers to manipulate utilities' recloser operations. This means that cyber attackers could bypass any safety feature settings that are installed and potentially use the operation of these reclosers to cause physical damage that could be financially devastating or kill people. The use of Bluetooth technology to cycle reclosers that can cause electrical fires probably cannot be detected from network monitoring.
Since 2010, technology has been progressing with the development of microprocessor-based distribution reclosers that typically utilize PC-based interface software to configure control settings, record metering information, and establish communication parameters. These microprocessor-based devices can be cyber vulnerable which can lead to compromised recloser settings. Additionally, there continues to be a significant number of the older systems with insecure Bluetooth communication still in wide-spread use.
Unfortunately, distribution reclosers and other distribution devices are not being addressed for cyber security as the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cyber security standards consider electric distribution systems as being out-of-scope. This might explain why the engineers responsible for the design and operation of electric distribution equipment are not addressing cyber security considerations as compared to what is being done for transmission equipment under the purview of the NERC CIPS. Electric distribution equipment is under the purview of state public utility commissions (PUCs) not the Federal Energy Regulatory Commission (FERC). Yet most PUC's don’t have the technical wherewithal to address electric distribution equipment cyber threats.
Summary
There is a connection between extreme drought, wildfires, and cyber threats. This makes better understanding of the cyber vulnerabilities of distribution equipment, developing appropriate policies, procedures, and regulations for electric distribution equipment critical before there are more devastating wildfires.
Joe Weiss
