CRITICAL CONVERSATION TRANSCRIPT

Panel Discussion on the Electric Grid and Homeland Security

The National Press Club.
Nov. 19, 2003.

On November 19, 2003 the Critical Infrastructure Protection (CIP) Project hosted “Power Play: Protecting America’s Electrical Grid”, the second in a series of CIP Project Critical Conversations.  Evident in recent events, such as the Northeast blackout and Hurricane Isabel, the state of the national power grid is of extreme national interest.

This second in the conversations series brought together six distinguished panelists, including senior policy makers, law makers and industry executives.  These leaders in their field will help shed light and their insights on a simple question that has no simple answers, “What needs to be done to make the supply of electricity in this country from generation to transmission, the grid as well, more secure and more reliable?”(Sesno)

John McCarthy, Executive Director, CIP Project, offered opening remarks on this second critical conversation.  After which, Frank Sesno, moderator of the event and GMU Professor of Public Policy and Communication and senior fellow on the Critical Infrastructure Protection Project, asked the distinguished panel members to comment on the security and reliability of the nation’s power grid and how to improve it.

Report on the August 2003 Blackout

PATRICK WOOD, CHAIRMAN, FEDERAL ENERGY REGULATORY COMMISSION: I think it's important to think just how secure and reliable it (electrical grid) is today. I mean, it is a very robust three-country grid that we're talking about here in North America that has very high reliability already. When you think about 50 million people out of power, the high reliability is hard to remember. One going every 10 years has been our standard.

The report will lay out with great detail what happened at every tenth-of-a-second cycle on the afternoon of August the 14th. The part on the propagation of outage and the recovery are really dealt with somewhat in the report but will be highlighted more in the final report which will ask for public comment and hearings in both countries. (USA/Canada)

Results from August 2003 - What are the top priorities?  What needs to be done?

WOOD: It's recognized that the grid is not a lot of little independent islands in the sea. It's part of a whole interconnected ocean of electricity, and the interconnectedness of it requires not only cooperation, but some standardization. The rules that apply to the reliability, which Mr. Gent's organization has worked with quite a bit over the last 40 years, are very important tying that all together.

So the utilities need to do their job well but they also need to recognize in today's environment, which isn't a whole lot different than it was 50 years ago, that they are not islands in the sea but that they're interconnected.  The product moves at the speed of light. So they've got to talk to each other and work with each other pretty fast.

MICHEHL GENT, PRESIDENT AND CEO, NORTH AMERICAN RELIABILITY COUNCIL: We need to take a look at just what I said on the day the blackout occurred. We need to decide whether the rules we have are adequate, and if they are adequate, then we need to figure out who broke the rules and why and fix that. One of the things going forward that we may have to take a look at is that some of the very basic assumptions that we use to build power systems are correct.

It just could be that some of the very basic things that we thought were sacrosanct, were golden, have to be changed. We've designed the system to handle over-current and now maybe we need to redesign the system to handle lack of voltage, or something like that.

So there will be a lot of PhD theses written off of this, but I think when it's all over, we'll have not only the best system in the world, we'll not only maintain that, but we'll have one that's even infinitely better than it is now.

JOHN DERRICK, CHAIRMAN, PEPCO HOLDINGS, INC.: This network's a very complicated thing, and this study, which none of us seen yet in detail will involve a whole lot of things. But at any given point in time, we have a system by which we do seek to work together under a set of rules that NERC promulgates thoughtfully, and if we don't all follow those rules carefully, then perversities can start.

Once perversities start, the system is designed to protect itself. So at a certain point, it's going to come apart, and should come apart in order to protect itself.

The initiating event can be technical and can be all number of kinds of things. But, one of those things that can also create it is failure to follow rules. So from our perspective, I would say that rules are important and rules need to be followed, and this is where there is a bridge into the energy bill.

A very critical component of the energy bill is giving FERC the authority through an entity to have rules that are enforceable.

The energy bill & the teeth needed to mandate certain standards:

LORETTA SANCHEZ, REPRESENTATIVE, U.S. HOUSE OF REPRESENTATIVES: I didn’t vote for the energy bill because I'm a Californian. If we're going to talk about FERC, could we have our $9 billion, please?

There are plenty of rules and they have plenty of ability to do some of these  things, and sometimes they refuse to. So you're really picking on a bad subject, from my standpoint, because we could use that $9 billion.

I think rules are very important. I'm glad that industry believes so.

I'm an economist by training. I used to work for Booz Allen. I was an investment banker and I was my own businesswoman, so I'm not opposed to the free market system. I'm not opposed to people investing and making a return. I guess philosophically I have to look at this from a homeland security issue.

I look at it from a homeland perspective, the security. And philosophically I would look at whether this is a commodity or is this something that is so important that it must be regulated. All of us in here could agree that this is an important commodity that needs to be regulated.

If that is the case, then we need to make up our mind.  What does it look like? I don't have a problem with vertical integration, or up and down if that's the case. What I have a problem with is, how do we secure it, how do we invest in it, how do we get a return on it, and if we reform the rules, how do we enforce the rules?

I think that that is fundamental to our electricity grid. It's fundamental to almost everything that's going on today, whether it's Wall Street, whether it's the funds scandal that's going on today.

That's where Americans, from a security standpoint, are really upset today. They're upset because they don't believe government is doing its job to secure electricity to secure electricity for them.

 DENISE SWINK, ACTING DIRECTOR, OFFICE OF ENERGY ASSUREDNESS: I would agree that the bill is inadequate in putting a regulatory hand on this industry to assure its reliability.

Notwithstanding the regulatory issue, I would want to say something that's associated with it from a homeland security perspective, and one of the questions that was asked, was what lessons did we learn from the blackout.  This relates to the energy legislation and it relates to what happens after the blackout.

One thing that we really learned was that clearly mistakes are the first line of reaction to these types of situations. I think what the states learned is that they have become lax in understanding who should know what about an energy disruption, and how it affects other infrastructures.

Michigan just recently came out with their report a few weeks ago, and they really emphasized that. You have situations where if we're going to use distributed generation as part of a grid of the future, you have to make sure that the units run. They found out in Ohio and Michigan, people had backup generation units, but didn't have any contracts for fuels and didn't have anyone that knew how to hook it up.

There's a part to it besides the regulatory side, how do we get ourselves more ready for these incidences, whether it's at the state level or whether it's at the national level?

GENT: The most important thing I think we can do immediately, and what I plan to do come legislation or not is to conduct what I'll call a high level of audits of all the operating entities or the high level of what we call control areas in the United States and Canada to assure that they are now capable of complying with the rules. If we had been doing this say for the last five years, I'm sure we could have averted this blackout.

There are a number of things that if we had the teeth to go in, to look, to penalize those people who are not complying, to force them into compliance, turn them into FERC, have them do something about it, I think that this could all have been avoided.

There are probably many things that will come out in this report, and I'm reluctant to start giving examples, but the one that's most popular in the media is right of way maintenance, which is tree trimming, blocking the right of ways. Most states get reports from their utilities that yes, this has been done, but somebody needs to go out there and certify or audit to be sure that the right of ways are clear.

WOOD: What we ought to have is an interstate regulator with the same teeth that a state has. When I was in Texas we had the ability to fine people for reliability infractions, so when you have that ability, they don't do it. We had the ability to fine people for manipulating the market to take advantage of that.

We've got very limited teeth and I know it's frustrating to everybody from California, but we do. The law actually would change that, both on the refund front and on the punitive penalties front. So, the ability to actually do what any basic economic and utility regulator in the country ought to be at the FERC as well.

SANCHEZ: But as far as all the rules that would be necessary, all the teeth that would be necessary, I'm just not an expert enough to know every downfall of every piece of the grid and how it's connected.

ANNA AURILIO, LEGISLATIVE DIRECTOR, UNITED STATES PUBLIC INTEREST RESEARCH GROUP: I want to repeat again about the reliability standards. We are going to be going from something that is voluntary self-regulation on the part of the industry to mandatory self-regulation.It is better to have mandatory than voluntary, but it is still the industry setting the rules and in charge, so in our minds that is not far enough.

Finally, the electricity total of the energy bill, which I had the good portion to read this weekend, repeals one of the longest-standing consumer protection laws on the book, the Public Utility Holding Company Act in 1935. That was supposed to prevent things like Enron, only Enron got an exemption. In its place, it actually weakened things like FERC's merger review authority. So it puts no protections in place for consumers and industry will be even less accountable. So we think this takes us backwards.

Repealing the 1935 Public Utility holding Company Act - Right, wrong, how do we make sense of this?

SWINK: Well, clearly competition improves market behavior. And what needs to be done, which I think is being done through FERC and other organizations is to work with the public utility commissioners and the organizations such as their national organizations and work with them to help them communicate to the customers exactly the benefits and the downfalls of moving forward.

SESNO: Is it going to open the industry, as charged, to the sort of fire sale?

WOOD: I don't think the repeal of PUHCA will do that. It is different. I think Anna's correct. It did change what was the old law with standards that are different, but the merger still has to go through a bar commission, the Federal Trade Commission, Department of Justice. There are pretty clear standards about aggregation of market power. We've got to make sure that you don't create a big monster that's unregulated. Accounting standards, which we've recently beefed up after posting them will have to be applicable either way.
 
We've got the checks in place. I don't know that it will unleash this wave of new investment either. I think the truth is as usual somewhere in the middle, and regulators have to make sure that public interest is served by proving that these mergers are not.

DERRICK: From industry, I agree with the Chairman. I think there are two things I would say about this. In terms of the regulated aspect of our business, the wires business as we call it, it's highly regulated. No one is going to buy a local utility without the approval of the local regulators, which also means the state legislature in a great measure.  Because of this, you are not going to see Wal-Mart or somebody buying up a bunch of regulated distribution utilities. The Chairman has spoken to the role he has relative to the bulk power. I'm all for the repeal of PUHCA because I think what it will do is allow capital to come into this industry and do some very constructive things.

For example, my power supplier is bankrupt, as are some others, and the notion of having companies like Exxon-Mobil or Shell or whoever become active in the energy to start to aggregate those kinds of resources and so forth and bring stability to my way of thinking is a very positive way.
 
I want to see an opportunity for new capital - an affiliated capital. Energy companies have a chance to get involved in the generation in our industry because I think that would be a positive thing, and they're not going to be able to get involved in the distribution, because that's where we serve customers without the local regulators approving it.

SANCHEZ: I would tend to disagree. Quite frankly, again, I go back to the real fiasco that we saw happen in California. I believe that if we're going to have rural, and we're going to rely on somebody like a FERC to really regulate for us, then we have to ensure that in fact they're regulating, and we've seen that that just doesn't happen.We obviously have seen that we have no redress, even when issues are very transparent of manipulation.

I mean, nobody every imagined these holding companies, for example happening now in Texas and New Mexico and other places, that really turned around and gouged the California consumers. And we see it happening across a lot of other industries. I mean, there's just no faith that this will happen.  The consolidation of media, it's another issue where even Congress has gotten in the middle of that. We just see it happening over and over. So I guess even when you tell me that FERC gets to be sat on the mergers and everything, there are no protections left.

Mandatory Self Regulation:  Is it really better than voluntary?

GENT: The standards process that we delivered is an NC approved process that has up to nine sectors involved, which includes small customers, large customers, and all of the other elements of the electric industry. And while it's true that the small customers don't have the funds and resources to participate, I can guarantee that if you'd like to participate, you're welcome and I'll actually pay your travel expenses.

WOOD: The law does provide that the rules do come up from NERC but they do have to be certified by the commission, and I'm pleased to find out that as of two hours ago, the Senate joined the House in approving our budget, which had $5 million more to address just the reliability issues. The regulator has got to be as smart as the regulated and I think we learned in Enron that that clearly did not happen. So we're not going to make that mistake a second time and appreciate having the resources to actually do something about it.

DERRICK: The electric system in America was designed, built and operated these many, many years back, highly qualified engineers and technicians who believe me get up every morning and go to bed every night feeling the responsibility to keep the lights on. Under the old paradigm, it was all vertically integrated, and those experts tended to be within a space slice, and it worked.

Now, under the new paradigm, the slices don't match up quite the same way. But as far as the technical aspects of this, the rules, the notion that this is a self-regulated industry, that sounds like a pejorative thing the way I hear it. It's self regulated, or it's regulated by a group of highly qualified, highly trained people and done in the process under FERC.

And so if PERG or anybody else wants to say these technologies don't know what they're doing, they're free to do that. To me, that's the big thing about getting into this new status. It moves it into the daylight, into the process that does provide a level of transparency and so forth that doesn't exist today.

AURILIO: But when you see what happened in California, the manipulation of the energy prices, then this is the case that disproves the statement that you just made.

DERRICK: I disagree with that, because what happened in California was a very bad model for the new paradigm. And the model for the new paradigm can be much better than what California was then and I'm sure as California is changing now. So I'd hold up the model for the new paradigm that's the best that I've seen and I'm a part of it, so I'll have to admit that. Pennsylvania, New Jersey, Maryland Regional Transmission Organization operating as an ISO is doing all of this stuff quite well, and in a fairly transparent way. Not perfect, but it's an example where it can be done better than some.

So the notion that we move forward together, is critical. This is one nation.  This is interstate stuff to the extent that if we move forward together on an orderly path, we will solve these problems.

Will the consumer get what they need out of the energy bill?

AURILIO: The U.S. targets a national office for the state public interest research groups, and we've got people all over the Hill today trying to kill the energy bill, because our feeling is, this energy bill is a disaster, and not just for consumers, but also for our public health.

First of all, something was mentioned about consumers and environmentalists being opposed to the things we need to do to move forward. The excellent news is, in this country we are a smart country and we have the solution to the problem of a cumbersome electric grid that is too centralized and too focused on polluting central power plants, nuclear, coal and in some cases, oil. So we can increase energy efficiency, we can shift to clean renewable and smaller distributed sources of energy, and that will actually help consumers help the environment and help with reliability. The energy bill takes us in exactly the wrong direction, and I want to address what you said about rules.

We're all in favor of rules and enforcement. The problem is that while this energy bill does a tiny thing because it makes them industry self-regulating rules now voluntary mandatory, it's not going to help us in the long run industry continues to sit in the policy and there's no public participation, there's no other voices at the table.

Remember that this energy bill started out with the Bush-Cheney energy plan in 2001 behind closed doors, with no consumer and public input. It was crafted in conference behind closed doors, again, with no public input. And finally, it does not learn any lessons from California-Enron, because the House passed it last night before we even had the blackout report.

DERRICK: Let me just say that with all due respect to the congresswoman that I think this energy bill, as it pertains to electrical reliability is a major step forward, and we need a major step forward. This is a crawl, walk, run thing as far as I'm concerned.

We know today we can do things better, and we're not doing them better in part because the rules we're operating by do not have sufficient teeth in them. We know today we can do better.

This bill sets the stage or allows the process to move forward, albeit more haltingly than some of us would like, or at all, but it moves us forward in my judgment toward an end that we all share, which is to keep the lights on.

$100 billion – A good number to re-vamp the system?

GENT: We need to think about real time, what's happening now and how do we fix that? And that's what we think the reliability legislation in the bill that Anne Aurillo doesn't like will fix. The other part is the longer term welfare, the system, and then you get into how do you incent people to build transmission? Do the customers of the United States and Canada really deserve to have a cheaper, more transparent electricity system where they can have cheaper electricity, or do we want to continue with the way we're doing now?

In the real time, we can operate any system that you give us. We may have to rotate some of you out. You may not all have electricity, but it will be reliable. But in the longer term, if everybody's to have what they want, I think for my part we're going to have to build more transmission. So we need to keep the two separate.

WOOD: Everybody thinks it's $100 billion next year. I think the number I saw was more like $50 billion over the next 20 years as an increment. That might be ballpark.Everyone is assuming that what we're talking about there is a great big transmission that runs through a brand new field as opposed to taking the existing transmission and souping it up or as I think Anna was saying, decentralize the system.

We have the ability to put generation out closer to the people, and therefore buy some reliability that way as well. There are probably a number of options, and there's no single fix. But clearly the truth is that we do need to continue to invest in the system and keep it up to snuff.

Decentralized system?

WOOD: I think that the customer is going to drive what they want. If customers want that kind of local-source, small controllable kind of next to their house or business, I think as Denise pointed out, it's got to make sure that with that right comes an obligation to be available.

DERRICK: Decentralization is I think is a tool going forward.If you have a critical facility anywhere in America where you have to have 100% power at 60 hertz at the right volts, 60 cycles per second at the right voltage, you can't rely on anybody's grid to do that, because grids are not infallible.

I think as we consider the homeland security, the critical infrastructure aspects of this, more and more people will take action to protect themselves.

SANCHEZ: I do believe that decentralization is definitely something that we should take a look at, because there is more control. And there is more assigned - I think there could be more assigned accountability and reliability and robustness to a system like that.


What are the priorities of what needs to be done in order to make this critical infrastructure safer?

SANCHEZ: First and foremost, I think we need an inventory of what we actually have out there. And we understand that 85% of the entire critical infrastructure that sits in the United States sits in private hands. And coming from the business world, I also have a problem with that too, because as some of my people say to me, if we give you our information and our computer codes and what we're doing and everything, then that's just one other person or one other place where this information is sitting. It's a higher vulnerability for attacks somewhere.

The possibility of attack comes from everywhere. It can be a physical attack, it can be a cyber-security attack. We think most often it will be, when it happens, somebody from the inside. So we're sitting there trying to struggle as a Congress and as an administrative agency that the Homeland Security is, how do we get industry to step up to the plate and protect that asset to the point where we need it to be, while at the same time we understand that the bottom line is really that they're in the business.

That's a very difficult situation for us, and it's something that we struggle with in the committee.

GENT: I've got your answer. We've got security guidelines and security standards. For instance the Federal Energy Regulatory Commission asked us to immediately implement what we could in the way of cyber-security standards and we did this. We implemented a standard, we put it through a process where we had input from customers, and some say it's the least common denominator standards, but it is a start.

And then we immediately started a full standards process where we'll put a very complicated and detailed cyber-security standard in place, which we hope will assure you that we'll have some security there, and we can do the same thing with the physician stuff.

However, we're one big industry that has resisted giving government this hit list of facilities that they can take out. We've resisted this time and time again. We're slowly coming around now, but the worst thing that could happen would be for somebody at DHS to make that list that we're developing available.

SANCHEZ: I come out of the investment banking industry. And it's a very regulated industry, and it's also a very self-regulated industry. I always tell my former colleagues, “You’ve got to fix the problem before we come to fix it for you,” because Oxley and some of these others just don't do it from my standpoint.

So my answer has consistently been on this committee that associations of the different type of critical infrastructure need to get together and need to give us their solution. I'm not saying give us your plans, I'm saying, what is it that you're actually doing and make it an industry standard so that we don't feel like we need to have all the information filed away some place in Department of Homeland Security, which is chaotic anyway.

SWANK: I want to bring up a point, Congresswoman, even though NERC has made strides in putting out security standards for the fiber area, the fiber area is one of the greatest vulnerabilities for this electricity system. The supervisory control and data acquisition systems, friendly called SCADA, have a variety of vintages. Some of them are 50 years old, some of them are 40 years old, some of them are 20 years old. We really don't know what the inventory looks like out there of those types of system. We know that they're vulnerable.  We have technology answers to start working on with respect to both the legacy systems, which were the older ones, as well as the contemporary ones.  However clearly working with NERC and Department of Homeland Security and the Congress, we really need to move forward in making sure we understand that vulnerability, what equipment is out there now, what processes are out there now, and what are the major opportunities to secure it.

 I want to emphasize that in the cyber world, you have to stay one step ahead. It is a continuing effort. It's not we find an answer and it's done. It's something that you have to stay on top of, because the hackers hacking the hackers are always trying to get ahead of you.

WOOD: The electric highway, everybody sees it, they know where it is. It is the most visible infrastructure probably we've got, next to highways. But I do rest more assured, and as I think honestly the fallout from the blackout will speed the day, as well I think some of the provisions in the energy bill of making it more robust and redundant, so that even if someone of bad intent does try to do something to the infrastructure, it doesn't impact the whole grid.

Incentives – Market incentives, internal incentives, new ideas, innovations, instruments, security and reliability

SWINK: Well, clearly, working with the insurance industry and the risk insurance area, the situation right now is the industry does not have the data, nor the experienced actuaries to set risk insurance premiums, based on levels of security investment. So we have an effort actually along with George Mason to pull together the energy industry and the insurance industry to work through what we need to be able to create that capability.

I would say that it's part of a much broader thing that we call building the business case for investing in security. This nation needs to move to a position that we did with safety and that we did with quality and the Baldridge awards. Security for the private sector has to become inculcated into their mode of business. And they need to - their attractiveness for investment and buying of products, just like quality and safety, should be talked about.

AURILIO: PERC has done a lot of work looking at the chemical issue, and the fact that chemical plants, even more than nuclear plants, really suffer from a lack of good security, and there's been a lot of recent press on that. One of the things we've really been pushing on  is the notion of inherent safety - that in order to prevent any kind of real catastrophic incident at a chemical plant, whether intentional or by accident, the chemical company should be required to plan and use inherently safer technology if it is available.

I think there should be a requirement for energy as well, that along with looking at the environmental and consumer cost of the new energy plant, you should look at the security risk of a new plant and this energy bill, to go back to it, actually would go back to $6 billion in tax credits for new nuclear power plants while doing nothing to increase nuclear security.

Our recent report finds that 47% of the time the nuclear power plants before September 11th failed force on force tests, and even after September 11th, these companies are still giving months of advance notice before these tests even come in. So we're not keeping our nuclear power plants secure. No one's looked at the security of the spent fuel pools and we can go into that more if you want to, and we think the notion of requiring a consideration of inherently safer technologies, as we're asking of the chemical industry would go a long way in the energy industry as well.

DERRICK: Well, I think the energy companies like any other entities respond if they can - if the investment they make provides a return that's a market-based return. In a regulated industry, that's a regulated return. In other words, what I want to spend in the distribution and transmission, I'm looking for 20 percent return, because it's not. It's a regulated return.

I sort of agreed with the Congresswoman.  She's right and they ((PERC)) are right that we just are not doing a good job of understanding all this and industry's not responding. I think the key thing is we're not doing a good job of understanding together and what it is that we are asked to do. Right now, I take it back to my industry, in which 85 percent of is in private hands, and said we are responsible for keeping those lights on. If there are new paradigms that we have to deal with, then we have to feel comfortable that we understand what the paradigms are.

And as it pertains to our industry, the problem in most all these things, the problem in Homeland Security is the secret of the secret. It's the answer to this. That is to say, it was put together to answer that question over time. What is it that needs to be done? What do the people think is the reasonable thing, and then we can respond to it? Right now, we're nowhere near getting to the end of that.

 
DERRICK: (Vulnerabilities/security) - We went through the Department of Homeland Security with the request for funding for some serious stuff and we got it, we're doing it. But it's a small piece.

It’s enhanced physical security of some of our facilities. But, that has to come through the state, by the way. The company can't get anything directly from the Department of Homeland  Security.

 I just want to come back to the point, this is crawl, walk, run. We are all people, I think that are trying to do the right thing. And what we need is to get ourselves on a path that we can more constructively work together towards our common responsibility, and again, I think this energy bill is a step in the right direction, and there's a lot of other things I could do, but it's going to require in part the Department of Homeland Security giving us the security if you will, or the feeling of security that we can in fact share some of this information without it becoming a perversity, and that's just a matter of judgment as we move along.

WOOD: What's basic here is the grid, and the issues we're talking about are not market. They're regulated. In fact, as John admitted, they're heavily regulated and we need to kind of make sure regulators don't kind of walk away from the party and say, "We're done." Because in fact the grid should be really a public asset that's a monopoly asset that's subject to significant regulatory oversight. I think incentive's a big one and it is actually a quiet little provision that got put in the conference. I didn't ask for it, but it sure will help. But it said, folks you've got to make sure that the utilities that invest the money to meet the reliability standards in the first part of the bill, that they get their money back.  That is what I hear all the time, that it's a classic fall out of the disconnect between federal jurisdiction and state jurisdiction. Burk says yes that $100,000 investment is a good investment and you should be able to recover that from your customers. Well hey, there's another regulator between me and the customer, and that's usually the state or, in this case, the District of Columbia.


GENT: I'd like to speak to specifics here, just give you an example. If it's true, and I don't accept it's true, that we have a cyber security exposure with our system control and data acquisition systems that Denise mentioned, then we can decide that we need to have a standard that says that they need to have encrypted technology which then forces the vendors to build it the way it will be secure. Over some designated period of time we have a secure system if we decide that we want to go that way. That will cost. It will have to come back to the people putting out the money. But that's the way that you do these things.  You get together in a public forum where everybody has a say and you decide as a nation, yes we want to secure all our process control systems.

 
Power plants – More vulnerable than the public is aware of?

WOOD: Well fortunately there is another regulatory commission called the nuclear regulatory commission and I'm going to defer to them. I think there are a lot of differences between the one I went to see in early 2000 back in Texas and then I went to a plant near Chicago about eight months after 9/1. It was hard enough to get in the first one and the second.

I did see that little surface to air missile battery sitting out in front of the one after 9/11 that wasn't there before 9/11. There is quite a sensitivity and awareness that threats just don't come in through a truck. They can come from the air. And I will kind of leave it to the DHS and NRC people to persuade you about that. But I'm just saying as a person that knows what's going on but not intimately involved in these details I was struck by the significant change of MO between pre-9/11 and post.

Questions from the audience:

 
TODD LAPORTE: Since interdependency is the issue here then how is it that we can think about the trade off between efficiency on the one hand, which markets give us, and reliability on the other hand from the regulatory perspective and from the industry's perspective?

DERRICK:  I would suggest that if you want to study this in detail to look at what's going on in the PJM where there are market responses, increasingly market responses to all the various facets of this thing, ancillary power, fire support, and all that esoteric stuff. But I think that's a place to look.

There's a set of rules that in part deal with some of these issues, understanding the rules, having  rules that have force, and then moving forward, to my way of thinking is the way this is all going to work its way out. And it's not going to happen overnight. I mean there's a big learning curve to all of this, which is one of the problems that we've all got, I think. But I am very confident that we can work our way through that, again because I think in the case of PJM they're doing a very credible job of moving along down this path.

I think one other perversity that we've all got of this and mentioned here is there was the promise of this new world of restructure or deregulation that the prices were going to go down, very low.  Well the prices have in fact gone down. My customers are paying less than they've paid when the rate was frozen. But that's due to start going away and needs to go away.

We are not paying enough. The only revenue that comes to this industry or any other  industry is through customers paying. The fact of the matter is the aggregate revenue incoming to our industry today is lower than it needs to be to deal with these issues we're talking about. We need to make sure we grapple well enough with that to get on the other side because I made the comment if I can earn a rate of return why wouldn't I do something? Well it starts with a revenue line to get to the rate of  returns, as you well know. And so that whole, that was a very unfortunate circumstance, that that promise was out there to consumers.

Everybody, regulators thought that was going to be the case, and now that we've run out of string and the prices need to start going back up everybody is very nervous about it. But that's a political leadership thing that I think is really important to us being able to work our way through this.I'm just talking about responsible, prices that responsibly reflect the cost of doing business.

AURILIO: With all due respect and you say that you're not paying enough. The California Public Utility Council Commission found that Mirant actually was a company that deliberately withheld output during California's energy crisis. Pat Wood’s agency actually found that Mirant was a company that had engaged with one of the 11 companies that had engaged in an epidemic of false reporting of gas price information.  So, from the consumer perspective, I want to dispel one huge myth which is; consumers were promised that deregulation was going to lead us to cleaner and cheaper power.

And PERG actually set out some principles and said, you know, maybe we should go forward with this, if you have some consumer protections and environmental protections in place. And that's not at all what happened in all of the states where we got involved in deregulation sites. So what's happened now is consumers actually usually have the choice between dirty or filthy power and in California sometimes they never even got power.

As far as the cost to consumers, we're still doing the research.  However, our research has found right now that more than 90 percent of the people in deregulated markets, the residential customers, actually have no choice. There is no one competing for their dollar. Second of all, in many of the states there were rate caps put in place at the time of deregulation to shield consumers from the billions of dollars that were be given as part of the deregulation bill to bail out the expensive investments that the incumbent utilities had made in things like nuclear power plants. So this hid that and in California we actually ran a ballot initiative to repeal part of the California law that the utilities opposed.

Right now consumers don't have a good picture of what the impact of deregulation has been because there were price caps put in place. What we are starting to see in places where these price caps are starting to get lifted is that utilities are rushing to the commissions and asking for massive rate increases like 40 or 80 percent.

SESNO: Is that something you're familiar with?

GENT: Nothing I've seen.

AURILIO: Some of my state PIRGS are telling us 40, 80 percent. And I want to go back to efficiency because again we're not enamored of the previous, you know, regulated system.

Obviously we have dirty power plants and nuclear plants that were built under that system. But in terms of efficiency, a lot of utilities finally came around to implementing demand side management programs where they realized that selling energy efficiency was often a greater way of increasing supply than building a new power plant that's cleaner.  So as part of deregulation they cut demand side management programs.

WOOD: I think the question had to do with interdependency.  

GENT: Interdependencies are standard critical infrastructure. In the electric industry, we have for years tried to form task forces and groups with the natural gas and pipeline industry to be able to understand our interdependencies. For instance, if you're counting on a power plant and it gets cold and take the natural gas and send it to residential customers who are preferred over industrial customers (and rightly so I believe) then we need to be able to account for that. And that's just a very simple example.

From a terrorist standpoint, what happens when you blow the line up, the gas line up? You know, what does the power plant do? We know we have plans, the gas people have plans for rebuilding or replacing the pipeline, but what does the electric system do. Well we've made it that far, but what we need to be able to do, and this is where DHS comes into the picture, is to put all these interdependencies together. To my knowledge, we don't' have that modeling.  Don't believe what you hear. We don't have the modeling. The modeling we have is incredibly simplistic. Our labs need to be charged and in an open process to come up with these models. Then we need to close the process so we don't have it on the front page of the Wall Street Journal where the choke points in the United States are. So it's a confidentiality problem, and it's a modeling problem, and it's a mathematical problem. We're not there.

SWINK: I think we're well on our way though. At this point, there's a tremendous amount of effort going into folks that have data, folks that can share or cannot share data, inventory and all the different capabilities in both the private sector and the federal government national lab system. We are moving along, and I can tell you that we'll have good progress over the next year as far as deploying more sophisticated models and on better databases. There's no doubt about that.

The overall interdependency area is huge. We haven't even talked about what issues there have been on restoration schedule. One of the biggest issues we had with both the blackout and with Isabel was many critical facilities didn't know where they were on restoration schedules. And Allison Silverstein of PERG and me are working with the natural gas industry right now on a regional supply disruption set of modeling and scenario that we are hoping to bring lots of other stakeholders into.

So you're absolutely correct, we have a lot to doand we need to take this from not only what needs to be done on making funds available for investing in the grid of the future, but what is it that we're going to do now to help us all understand what our vulnerabilities are.  What are our options today to respond to that?

WOOD: The report (August 2003 blackout) that's coming out in 30 minutes is a pretty good case study, at least one data point that contrasts the actions and activities of people operating in an efficient, mature market and ones that aren't. I would say that once you read that and contrast what's happening in a non-market area versus activities and responses that happen in a market, that question will be answered.

SEAN GORMAN: You can get very detailed power grid data, gas pipeline data, telecommunications data to a pretty high degree and coming up with a hit list is not an incredibly difficult task. Knowing that that data is out there, what are the reasons for not going forward with information sharing and collaborating to help solve these problems and getting them out of the stovepipe?

DERRICK: I'll answer that from my perspective. The data that's out there, and you're right. It's out there. I have corresponded with a couple of those data sources and said, you know, with friends like us we like you we don't need enemies.

We've all went out on a different paradigm, the pre-terrorist paradigm. Once we got post 9/11, I hope in my particular case, our company’s whole perspective on the information we make available, changed. And you're not going to get it from us anymore without us specifically knowing about it. Now that doesn't mean you can't get it from some other place. And we're not untypical. I think we're going to stay in that kind of a position until such time as we have these ground rules better understood who has the culpability. 

Let me ask you the question for a minute. If something happened tomorrow at a major note and the lights went out and we're going to be out for weeks, who do you think would be held accountable for that? I can tell you. It's the local utility. Well and it was on its map. We couldn't protect anything that was on there. It wouldn't get us anywhere.

And so in this post 9/11 world, we're still trying to figure out, how do you operate in America in a post 9/11 world? What we're really saying is we just have to have a workable way that we can feel comfortable together, that we're moving forward. And governments working on that, and we're working on that, and we're going to get there. In the meantime we're all very nervous.

GENT: Having a total facilities list is fine, but knowing which ones are critical is even more important to the terrorists and we're not about to release that. And I'm pleased to say that all reports that I've seen are wrong.

CHAS HENRY WTOP RADIO: How does the Department of Homeland Security do a credible risk assessment if they don't have access to that information?

DERRICK: I would say that at this point the Department of Homeland Security has not been blocked in getting information to do really critical risk assessments. But they still look somewhat disjointed and are not smoothly rolling out. This is understandable for something the size of DHS. That's a big job they've got. And I mean people have changed. The latest I just read in the paper this morning is Michael Byrne (our connection to DHS in this region).  All of a sudden we don't have a personification of DHS that we were used to. Now he's going to have a replacement obviously, but those things are disruptive.  I don't think that there's any lack of understanding of what some of the principle vulnerabilities are. For instance let's take my company. We've been in business a long time here, sitting in the same piece of real estate as the secret service and the FBI. Hopefully it wouldn't surprise you to know that they know a fair amount about Pepco's System. So it's not that government is unaware of this stuff. But it's just this new paradigm we're in, we're just all trying to figure out what the rules are.

GENT: One of the things that would help us a lot is if the DHS would give us the design basis threat. Basically, telling us what they think the chances are of whatever it is that's going to happen. In other words, we expect this to happen and here's the percent probability that this will happen. The other thing is give us all your information and we'll tell you what's vulnerable. So there's two extremes we need to negotiate somewhere in the middle.

SWINK: DHS does have authority for protection of critical, infrastructure protection information under their legislation, and they have a rule that they're going through right now that all the industries have had a chance to comment on. That hasn't gone final, but as John was saying, there are these steps coming out.

And the other thing is, we seem to be talking a lot about the federal level, maybe that's because we're in Washington.  However, there's a lot going on at the state level and not only with the Utility Commissioners. These commissioners have a critical infrastructure protection nationwide committee that's taking a look at how much energy assurance is enough.  If you're a commissioner how do you decide how much is enough, to be able to do your prudent evaluations.

How do you protect critical infrastructure information from wide dispersal, when you know that regulators and legislators, at the state level, need to have access to that information? Well, you have to have state legislation to do that and, as far as I know, Kansas is the only state that does right now.

WOOD: We were the first federal agency to actually have critical energy infrastructure information rule we did about maybe a year ago, and it's worked pretty well. There was some concern from some of the customer side that maybe we're withholding too much, so we allowed those people that are impacted (by a pipeline going near their house to get access to everything, but it's not on the Web, it's not made easily accessible.

We look at things on a case-by-case basis, and I've got a pretty stern pass mistress who's involved with telling people no, but it works. But, it has created kind of a paradigm shift, both within the Agency and within the industry. I think the industry folks that provide that information to us are not concerned at all, like they used to be, prior to being removed.

UNIDENTIFIED PARTICIPANT: Could you comment on utilities in the southeastern United States from a FERC perspective?

WOOD: Well, I think the model is a good one. It's the one we've argued. It's been since adopted by New England. MISO, which is a large kind of area over the Midwest has filed a proposal and will re file it, to adopt that same system by October of '04. And in California, which we had a hearing out there last week, they are proposing adopting a similar system.  I think the rest of the country will get the hint and move along, but we will see how that plays out, as we implement the energy bill, over the coming months.

FINAL RECOMMENDATIONS: Three priorities each would set starting in 12 months to make the energy grid more reliable and secure in five years.

DERRICK: I'll pass the Energy Bill, because it deals with reliability. It also deals with investments, so I think that's a very, very important thing.

I think that from the journalists in the room, that when this kind of a dialogue is raised in a broader audience, we can agree on a lot of things if we didn't scream at each other quite the same way so communications is very important. Those are really the two. I can't even think of another one. Those are the two that I would say are really important.

AURILIO: You say three things.  Kill the Energy Bill. It gives states more authority to enforce the law, and then also passed at the state level, more renewable energy standards and more appliance efficiency standards and that's what PIRGS are working on.

GENT: I'd like to have some of my pet issues that are real specific here. I think we need more openness and transparency, in the things we're doing. I sent a letter to all the CEOs at the controlled areas, on October 15th, asking them to certify that they're doing actually the things they should be doing. And I think that having those returns made public puts a certain public pressure on them to do better and, in the same way. 

I'm calling for compliance audits of all the system operators, on a routine basis. I believe that would clear all of this up. I think that ought to be more open.

Finally, in just the other end of the scale, I'd like to see industry cooperate with government, to provide a more secure grid, from both terrorists and natural acts, but not have to give up the hit list of how to attack the system.

SWINK: Three items: I think that we absolutely need to focus on a balance of attention between the needs for the long-term investments, both in technology and in capacity, with focusing on processes, practices, procedures, technologies for resilience today.

We really need to get around to identifying, as a nation, what does energy assurance look like, when it's adequate, whether it's at the national level, or whether it's at the state level, and start building some metrics for us to determine whether or not we're making progress.

And finally, we need to do a whole lot more work, both with the regulators, and the regulated and the private sector, on the panorama of initiatives that could be done on building the business escapes for security.

WOOD: Pass the bill, because of what it does for reliability, transmission investment and forced endorsement of regional grid creation.

Number two, facilitate the decentralized distributed generation that is really a true reliability and market power silver bullet for the system. This is a joint state/federal issue.

Third, how do we enable customers to respond to the demand, to the price signals in the market? How can they participate, by cutting back their demand, at a peak hour, so that the price doesn't go through the roof or that their lights go out? Demand response is what we call it.  The more we can do to create that, the quicker we will catch up to Europe.  We are not the leaders in the world here.

SESNO: Nobody calls for the consumers to get used to the fact that they should pay more for all of this.

GENT: Transmission is seven percent of your total bill.

DERRICK: Yes, a better understanding to stop throwing darts at each other. You know, get to some fundamental understanding of what's going on and work more constructively together.