National security – real concern or cover for action?

Unless you’ve been living under a rock, you are by now painfully aware of the violations that the NSA makes – is making as I write this – of the privacy into each and every one of us in the name of US national security.  Google words like PRISM, Bullrun, or Mystic and you are now as likely to find NSA references as you are to find the original meanings of these words.  Over in the UK, GCHQ has developed and continues to pursue similar programs.  Not satisfied with this extraordinary degree of surveillance capability, leaders at the highest levels in the US and UK are floating the idea of requiring all makers of secure communications software of any variety to build in back doors to allow on-demand access by government officials.

This is despite the fact that citizens around the world, and especially those in the US and UK jurisdictions in which these agencies operate, want more intelligence oversight and a restoration of citizen privacy.  Available evidence suggests that oversight has been largely for show, and toothless the few times restrictions were attempted.  No compelling evidence is available to suggest that these programs have been effective.

“It’s the national security, stupid” comes the reply.  These extraordinary invasions of privacy are what it takes to keep us all safe and secure.  Yes it’s repugnant, yes it is deeply invasive, but yes it is also absolutely necessary.  This is the sacrifice you must make for security.  There is seemingly no privacy protection we aren’t willing to violate, seemingly nothing we won’t do, to preserve national security.

Except perhaps to protect the power grid.

Order 745
While our attention has been focused on the Snowden revelations another, much larger, national security issue has been quietly winding its way through the courts.  It’s called FERC Order 745, and chances are you’ve never heard of it.

In the energy industry, “demand response” is the ability to reduce electricity demand at the source – your water heater, HVAC, lighting, etc. – to reduce load on the power generation plant and the grid.  FERC, the US Federal Energy Regulatory Comission, approved Order 745 in 2012.  In a nutshell, it requires grid operators to pay full market price for demand response resources under specified conditions. Order 745 was tremendously successful in creating demand response resources.  So successful in fact that they began to cut into the profits of the grid operators and utilities, prompting the Electric Power Supply Association,  national trade association representing competitive power suppliers, to sue.

In May 2014 the D.C. Circuit Court of Appeals decided EPSA v. FERC in favor of EPSA, overturning FERC Order 745 on the basis that FERC had exceeded its jurisdiction and assumed authority reserved to the individual states. The word “security” does not appear anywhere in the decision handed down by the Circuit Court justices.

Power grid basics
Consider our electric grid.  It has been our practice to build out power generation capacity based on peak loads.  We do not have grid-scale energy storage capability, and that means power plants run at less than full capacity most of the day, ramping up to full power meet peak demand.  Electricity travels at the speed of light and is consumed within a second of being generated so the power generated must equal or exceed the power drawn at all times.  When demand exceeds capacity, overloaded components of the grid shut down.

But when plants are already running at peak capacity and another plant shuts down, that load must come from elsewhere on the grid.  Other plants cannot supply it if they are also running at peak capacity, nor can they ramp up generation as quickly as stepping on the gas pedal of a car.  The best case, when the remaining plants are already running at peak, is that the grid must be partitioned to quickly isolate the areas supplied by the downed plant.  That portion of the grid then goes dark.

In the worst case, a cascading failure occurs in which each downed power plant increases the load on the remainder faster than they can respond.  This causes one or more additional plants to go down, which impacts the remaining plants like falling dominos, and the next thing you know, large swaths of the country go dark.  NERC estimates the impact of the Northeast Blackout of 2003 to be between 7 and 14 billion dollars.  Officially the death toll stands at 11.  When factoring in indirect causes such as complications from diseases, the death toll rises to nearly 100.

To put this in perspective, the total number of private US citizens killed by terrorism worldwide in 2012, the latest year for which the US State Department has published numbers, was 10.  In terms of lost American lives, the 2003 blackout was equivalent to somewhere between one and ten years of terrorist activity.

National infrastructure target
But numbers of casualties doesn’t make something a national security issue.  If it did, traffic accidents and heart disease would be the top concerns of the NSA.  Instead they tend to focus on antagonist people and groups, and their likely targets.  Of the likely targets, those that underpin large-scale operational aspects of the country are called national infrastructure targets.

It is one thing to guard against local terror incidents.  Quite another to guard against attacks which ground all air traffic, crash the stock market, or shut down large portions of the electrical grid.  None of these systems can be defined by or contained within political jurisdictions.  The power outage doesn’t stop at the state border.  From a policy perspective, the electrical grid is a national infrastructure target, not merely a state concern.

If nothing else convinces that this is a national security issue, a quick Google search for pages where “Order 745” and “national security” both appear is revealing.  Not only does the media believe these two things are related, but if you add the qualifier “site:gov” to the Google search the results indicate that the US government apparently believes Order 745 is national security related, or at least they did at the time the order was approved.  They should not need any convincing, only reminding.

Cover for action
In his TED talk, Edward Snowden says much of the terror threat described by the NSA and other agencies is “cover for action.”  Within the Intelligence trade, that term describes creation of a fictitious but plausible threat to justify action which would not otherwise be approved, or that positions legitimate personnel so as to mask covert actions.  Snowden says much of the threat we hear about is cover for action.  The NSA and other defenders say the threat is real and, if anything, is understated.  How is someone on the sidelines to tell the difference?

As an autistic person, I’m terrible at reading body language.  But I accommodate in other ways.  For example, it is possible to infer intent by tracing back from actions and words.  What belief would a person have to hold to say or do a given thing?

Consider someone who is laser-focused on national security and whose concerns overlap with domestic surveillance.  Now consider someone laser-focused on developing and expanding surveillance and using national security as justification.  The first of these would tend to see everything as a threat. They would be spread pretty thin defending national security on all fronts, and something like the power grid would definitely be on their radar.  On the other hand, someone who is focused on expanding surveillance capabilities would see national security threats only in terms of how they bolster the surveillance agenda.  Other national security threats, no matter how credible, are merely distractions from their real mission and ignored whenever possible.

So I have a hard time believing NSA Deputy Director Richard Ledgett when he appears at TED to defend PRISM, Bullrun, Upstream, ANT and all the rest as necessary for national security but there are no Google hits for his name appearing alongside the phrase Order 745.  Why is that?  The champions of national security are curiously picky about their battles, and Federal oversight of the power grid doesn’t appear to be one of them.  Could there be another agenda?  Or, more to the point, is it possible to claim national security is the agenda and yet remain silent on whether Order 745 is within the jurisdiction of FERC?

Cover for action may sound a bit paranoid, but at least it explains the observable facts.

The rule, not the jurisdiction
Regardless of the efficacy of FERC Order 745, the greater issue is whether Federal regulatory oversight of the nation’s power grid transcends purely commercial interest.  If in fact the power grid is a national security concern, then at least those aspects must be regulated nationally.  The strategy for creating reserves of on-demand capacity certainly would be among the issues regulated at the national level.

Contest the methods of Order 745.  Change the specifications.  Change the rates.  fund government subsidies to bridge the wholesale and retail rates if you must.  But please, for the sake of national security, don’t take the jurisdiction away from FERC.

Looking ahead
Yesterday, the Supreme Court announced it would review the lower court’s decision on ESPA v. FERC, to enthusiastic response.  It will be revealing to see whether the case remains one of commerce and jurisdiction, with the national security implications buried in the footnotes or ignored entirely.

About T.Rob

Computer security nerd. WebSphere MQ expert. Autist. Advocate. Author. Humanist. Text-based life form. Find me on Facebook, Twitter, G+, or LinkedIn.
This entry was posted in General. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.