Department of Energy Smart Grid FOIA Documents
On June 10, 2010 EPIC submitted a Freedom of Information Act (FOIA) request to the Department of Energy (DOE). EPIC sought agency records concerning the DOE Smart Grid Investment Grant Program (SGIG).
Originally authorized by Section 1306 of the Energy Independence and Security Act of 2007 and then modified by the American Recovery and Reinvestment Act of 2009, SGIG is a DOE program intended to accelerate the country's transition to a modern electric transmission and distribution system by promoting investment in smart grid technology. SGIG seeks to accomplish this goal through competitive grants whereby DOE will provide up to 50% of the cost for new projects implementing the smart grid. These grants range in size from a minimum of $300,000 to as much as $200 million.
In June 2009, the DOE issued its initial announcement opening up the SGIG application process. As part of this process, the DOE required applicants to submit a Project Plan describing how the project would address cybersecurity concerns. The plans needed to include summaries of:
- The cybersecurity risks of the project and how such risks would be mitigated throughout the project lifecycle
- The cybersecurity criteria utilized for vendor an device selection
- The relevant cybersecurity standards and best practices that the applicant intended to follow
- How the project would adapt to new cybersecurity standards that may emerge
A DOE Spokesperson has asserted that the plans were subsequently reviewed by two cybersecurity experts, however neither the names of the experts nor details of the plans themselves have been released to the public. In October 2009, President Obama announced that 100 winning applicants would receive a total of $3.4 billion in SGIG funding. Of the $3.4 billion awarded through SGIG, approximately $2.8 billion will go to making and deploying smart meters.
Smart meters have the capability to monitor and report on customer electricity consumption in near real-time. Such monitoring might reveal sensitive personal behavior patterns. For example, smart-meter data could distinguish between when the consumer is engaged in housework or personal hygiene. Similarly, it might reveal that a consumer has a serious medical condition that requires use of medical equipment every night or that his house is vacant all day. Experts predict that, as research progresses, increasingly detailed information will be discoverable through an individual's electricity consumption profile, down to the ability to track the use of individual appliances. "With the whole of a person's home activities laid to bare, [appliance-usage tracking] provides a better look into home activities than would peering through the blinds at that house."
In the wrong hands, such information could even leave the customer exposed to physical danger, either from burglars or vandals able to determine the best time to strike an unguarded home or from stalkers given another tool to track their victims.
EPIC requested the following DOE records:
- All cybersecurity plans submitted by SGIG grantees.
- Any evaluation criteria used by the agency to assess the cybersecurity plans submitted by SGIG grantees.
- Any final reports submitted by cybersecurity experts evaluating the cybersecurity plans of SGIG grantees
The agency requested more information regarding EPIC's request for a waiver of fees. After EPIC provided this information, the agency did not respond and EPIC appealed. Subsequently, the DOE began providing the requested documents.
The DOE has provided so far:1. DOE criteria for evaluating cybersecurity plans submitted by SGIG grantees
- Technical Approach to Interoperability and Cybersecurity
- Criterion 3 - Adequacy of the technical approach for addressing interoperability and cybersecurity (including "opportunities to earn a high technical merit rating for criterion 3")
- Vermont Utilities
- City of Ruston, Louisiana
- Midwest Energy
- Guam Power Authority
- Iowa Association of Municipal Utilities
- Lakeland Electric
- Lafayette Utility Systems
- Marblehead Municipal Light Department
- Talquin Electric Cooperative, Inc.
- American Transmission Company, LLC
- Southwest Transmission Cooperative
- Duke Energy
- Whirlpool Corporationl
- Cobb Electric Membership Corporation
- PPL Electric Utilities Corporation
- Wisconsin Power and Light Company
- Progress Energy
- Conslidated Edison Company of New York, Inc.
- New York Independent System Operator
- Electric Power Board of Chattanooga TN
- Pacific Northwest Generating Cooperative Power
- Central Maine Power Company
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.