In preparing for my keynotes and panel sessions next week, July 8-9 (follow-on blog), I found a recent NERC Lessons Learned event of a combined cycle power plant in Florida that suffered significant load oscillations. In this January 2019 event, a single potential transformer (PT) sensor provided input to the steam turbine controller in the power plant. However, the sensor was providing bad data and the controller reacted accordingly by cycling the turbine resulting in 200MW load swings (see Max 737 plane crashes). These oscillations caused a 0.25Hz impact on the entire Eastern Interconnect and resulted in a 50 MW load swing in New England (local failure affects entire interconnected systems similar to Colonial Pipelines). Like the 2008 Florida outage, there was no mention of the event being a cyber incident even though it was a sensor communicating to a control system that cycled a valve with the impact affecting the interconnected grid. I don’t know if the PT sensor was analog or digital, but in either case, there is no cyber security, authentication, or cyber logging. Moreover, process sensors are out-of-scope for the NERC CIPs and NERC Supply Chain issues. The lack of process sensor authentication is also key to being able to address the Chinese transformers with hardware backdoors. There have been more than 350 control system cyber incidents in the North American electric system to date with 5 causing outages affecting at least 96,000 customers. The utility industry has work to do when it comes to treating cyber security and reliability/safety as inter-related tasks.
Leaders relevant to this article: