FERC brushes off clown-clad protesters to tackle cyberthreats

Source: Hannah Northey, E&E reporter • Posted: Friday, July 17, 2015

The Federal Energy Regulatory Commission today moved forward with a high-profile effort to protect the U.S. bulk power system from cyberattacks as activists dressed as clowns marched outside the agency’s headquarters to protest the spread of gas infrastructure.

FERC Chairman Norman Bay and his fellow commissioners unanimously proposed revisions to reliability standards to address the threat utilities face from network or computer hardware infected with malware.

The revisions are included in a notice of proposed rulemaking that seeks comment on seven updated standards that the North American Electric Reliability Corp. proposed earlier this year. NERC is the federally appointed grid overseer.

Bay told reporters after the meeting that grid products being counterfeit, tampered with or injected with malware are emerging threats. FERC will now take comment on the need for such a standard and how quickly it could be implemented.

“This rulemaking raises a question as to whether or not there should be a standard in this area, and so that’s what we’re asking NERC to consider,” Bay said. “It’s too early in the process to say what a standard might say or what the terms of it might be, as well as what delay might be caused by the standard.”

FERC is not at this time asking Congress for a broader statutory authority to deal with the threat, Bay said.

The chairman acknowledged the commission’s push for better security stems from two documented incidents in which the supply chain for equipment used on the bulk power system was tampered with.

“That’s something we’re reacting to,” Bay said.

Last year, the federal government warned about recent cyberattacks on energy control systems. The Department of Homeland Security cautioned about the Havex malware — also known as Dragonfly or Energetic Bear for its reported interest in the energy sector — and a strain of the BlackEnergy criminal malware (EnergyWire, Oct. 31, 2014).

In both cases, the agency’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned electric utilities, ICS equipment vendors and other potentially infected companies before notifying the public.

But FERC’s meeting was also marked by outbursts from protesters, stepped-up security and what have become routine announcements warning activists against attempting to directly address commissioners or disrupt the proceedings as they’ve regularly done in recent months.

Outside the agency’s Washington, D.C., headquarters, a handful of activists from Beyond Extreme Energy donning clown costumes protested what they call the “FERCus,” a play on “circus.” While many of the group’s members have been kicked out of previous meetings and are not allowed inside the agency’s main conference room, they continue to protest outside and can watch remotely from an attached room with television monitors, according to FERC.

Other protesters dressed in business attire stood up at the start of the meeting despite warnings from security guards. They were later ushered out.

“There’s no reason to approve fracked gas infrastructure,” said one man in a button-down shirt. “We’re calling for renewable energy now. Wind and solar, no more fossil fuels.”

A woman then stood up, calling on FERC to stop approving gas pipelines located near nuclear power plants and to push renewables.

“Listen to the pope, renewable energy now, save the climate,” the woman shouted.