"The Grid Is Already a Living System. We Just Don't Recognize It": Power Systems Veteran Mike Swearingen on Why Our Approach to Grid Autonomy and Security Is Backwards

Mike Swearingen doesn’t just talk about the power grid—he treats it like a creature he’s lived alongside for 30 years, listening to every hum, pop, and pulse. From troubleshooting satellite links in the Australian desert during Desert Storm to rewiring rural substations before dawn storms rolled in, he’s learned the grid’s moods the hard way. Now, as an IEEE Senior Member and one of Smart Grid Today’s original “pioneers,” he argues that the system already thinks for itself—only we refuse to admit it.

“The grid is alive,” he says. “If we ignore that, it will keep making decisions without us—and one day we won’t like the outcome.” In our conversation, Swearingen unpacks why the language we use (“autonomous,” “self-aware,” “living”) still scares utility engineers, and why borrowing tactics from fighter-jet radars and satellite war-rooms may be the only way to keep the lights on.

What our conversation ultimately reveals is that grid security isn’t merely a technical upgrade—it’s a philosophical shift. Treating the network as a living, adaptive organism forces us to rethink everything from regulatory mindsets to incident response playbooks. Swearingen’s stories show that the most resilient solutions will blend space-domain agility with boots-on-the-ground pragmatism, uniting satellite-era frequency hopping with old-school field intuition. It’s a warning and a roadmap: the faster we embrace the grid’s hidden intelligence, the better chance we have of steering—rather than chasing—its next evolutionary leap.

As a Smart Grid Pioneer and IEEE Senior Member with extensive experience in power system design, how do you see the concept of the "Autonomous Self Aware Living Grid" evolving over the next decade, particularly in relation to integrating renewable energy sources and managing grid resilience against cyber threats?

The genesis of Swearingen's autonomous grid concept came from a very practical place—the daily reality of managing power system outages as an engineer at rural electric cooperatives.

“When you’re in that role, you’re constantly thinking, ‘Okay, if I close these switches or devices to feed the system from a different direction, what’s the voltage going to be? What’s the current going to be?’” Swearingen explains. “You’re always calculating—what’s the capacitance? What’s the best scenario to maintain the largest portion of the system through backfeeds and other methods, while keeping everything stable?”

His first paper, titled Real-Time Evaluation and Operation of the Smart Grid Using Game Theory, laid the foundation for what would become the autonomous grid framework. But Swearingen is quick to clarify the scope of what he meant by “autonomous.”

“People assumed I meant the entire power system,” he says. “But that’s not practical—most of the power system is in the distribution network, which is highly variable. My focus was really on the interstate transmission system and generation, which are much more predictable and better suited for autonomy.”
“That system—the high-voltage backbone carrying electricity across state and regional lines—serves about 80–85% of the load for distribution utilities, large industrial facilities, processing plants, manufacturing, and increasingly, server farms and AI centers. That’s where I aimed the concept,” Swearingen clarifies.

In recent years, the idea has gained renewed relevance with the rise of microgrids. “With the push for microgrids—these self-contained ecosystems of electric service—you’ve now got a scale that’s much more manageable and predictable than a national distribution network. That’s where the autonomous grid concept fits beautifully.”

The military applications of this framework are particularly compelling to Swearingen. "The value of a Self Aware Autonomous Grid to military bases and sites is that the framework I defined in my paper would establish a more resilient, self-sustaining and reliable grid," he reflects. "The self evaluation and reconfiguring grid based on the state and condition of the grid would allow the military the ability to maintain and quickly restore service, if necessary, to their installation."

This capability addresses a critical operational need. "This could potentially allow the military installation's electric grid to operate with minimal personnel involvement thus reducing strain on personnel focus," Swearingen explains. "Meaning that the Autonomous Self Aware Living Grid can contribute to force multiplication."

The concept aligns with his broader philosophy of systems that augment rather than replace human capability—particularly valuable in military contexts where personnel may be focused on mission-critical activities rather than grid maintenance.

The framework he developed relies on a combination of advanced techniques to detect, diagnose, and respond to disturbances in the system:

• Predictive Analysis and AI Game Theory: “The system doesn’t look for everything—it only looks for what’s out of bounds, then works backward through all connected lines to build what I call ‘state and condition sets.’”
• Ant Colony Optimization: Inspired by nature, this method mimics how ants leave pheromone trails to the best food sources. “In our case, the strongest ‘trail’ leads to the problem areas in the grid.”
• Recursive Algorithms: “The system evaluates multiple potential solutions, scores them based on error margins and performance criteria, and then selects the optimal one.”

But perhaps the most innovative part of Swearingen’s system is the cybersecurity component—what he calls the Active Scan Analysis Threat Evaluation and Attack System, drawing directly from his experience in Air Force space systems.

“I was thinking about the F-22 Raptor, which at the time had the APG-77 radar—a phased array radar that could detect threats far beyond visual range. Not only would it detect enemy systems, but it could try to compromise them once located,” he recalls.

He adapted the same idea for defending the grid. “Why not do the same thing here? Not only can we detect the problem, but we can trace it back to the source, log the data, and teach the system from it.”
The system projects a parallel digital twin of the grid—one that attackers see as authentic. “To them, it looks real because it’s constantly updating itself just like the real grid we operate. So they attack it, not knowing it’s a decoy—and the autonomous system learns from that.” “This flips the conventional cybersecurity posture on its head. Instead of reacting after an attack, we’re proactive. We already know what they’re going to try, and they think they’ve succeeded—when in fact, they’ve exposed themselves to us. That data becomes our strength.”

Looking ahead, Swearingen sees renewable energy integration as both a catalyst for and a challenge to autonomous grid systems. He points to a massive outage on the Iberian Peninsula to underscore the risk. “People didn’t realize what really happened—it was due to sub-synchronous oscillation and subsequent sequence resonance. That only became an issue once renewables made up a larger share of the generation mix.”

Unlike traditional sources, renewables like wind and solar are highly variable and weather-dependent—creating operational scenarios that are too fast and complex for humans to manage in real time. “The autonomous grid monitors itself. It can’t literally ‘hear,’ of course, but it knows what’s happening through its internal state monitoring,” Swearingen explains. “It uses accepted industry standards and operational envelopes to evaluate its condition and take action.”

But he’s careful not to suggest replacing human oversight. The system is meant to augment, not replace, human operators. “If the system isolates an issue, it can notify the utility responsible for that segment of the line. Then, their crews can go out and fix it.”

As the grid becomes more decentralized, more digitized, and more vulnerable to attack, Swearingen believes autonomous systems are not optional—they’re inevitable. The greatest hurdle may be linguistics. “The biggest challenge is the terminology. Words like ‘autonomous,’ ‘self-aware,’ and ‘living’ tend to scare off engineers,” he says. “But the grid already makes autonomous decisions—we just don’t label them that way.”

Ultimately, his vision remains rooted in engineering pragmatism. “The purpose of the autonomous electric grid was twofold: first, to make the interstate transmission system more responsive—able to monitor and react faster than it does today. Second, to address a growing problem: engineers relying too heavily on analysis software without fully understanding the real-world physics at play in the system.”

In your paper "There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling," you addressed critical cybersecurity concerns. Given your experience working with Navy Surface Warfare and Dahlgren Labs on the AURORA vulnerability, what do you consider the most overlooked vulnerabilities in today's operational technology networks for power systems?

Swearingen's answer cuts to the heart of a fundamental misunderstanding in power system cybersecurity—one that stems from treating relays like network devices when they're actually something entirely different.

"Relays in power systems are the brains of the power system," Swearingen begins. "The majority of those control systems are relays, and in those relays are sensors. The bad thing about it is that even OT people, because they don't really understand relays or power systems or industrial control systems, think everything's like a network or a network device. Relays are not like that."

This misconception has created dangerous blind spots in cybersecurity approaches. To understand why, Swearingen explains how relays actually work—and it's far from what most IT and OT professionals imagine.

"Relays are not compiled code. They're not even line interpreted code in the true sense," he explains. "Relays are basically machine code. You've got inside of relay registers, you've got sensors, you've got a limited, finite set of commands that pertain to the function of that relay."

Programming a relay isn't like writing software—it's more like setting up a series of logical conditions using predefined device numbers from IEEE standards. "If I want a trip equation, I need the instantaneous trip and the over current trip. So I'd say, 79 or 59 equals a trip.' That's how it works, just like machine code."

TheANSI/IEEE C37.2 that Swearingen references defines device numbers used throughout the power industry: 79 represent an AC reclosing relay relay, while 59 represents an overvoltage relay. Engineers create logical equations using these device numbers to define when protective actions should occur.

"You're just setting up values in there, and you're telling it what to do based on those values, and it only does that one specific task," Swearingen continues. "It's not really computer code as you would say—it's exactly machine code."

This fundamental difference creates the first major vulnerability: the security approaches designed for network devices simply don't apply to relays. "They approach this thing like it is just like they approach anything on their network. And you can't do that. It doesn't work like that."

The security on most relays is rudimentary at best. "Because they're not like compiled code or anything like that, the security is basically different levels of passwords that you put in. It's a very simple password thing. It sits there and says, 'Okay, if you want to read all the information in the relay, give me the level one password. If you want to change them, then you've got to give me a level two.'"

But it doesn't go beyond basic password protection. "It doesn't get beyond there and do all this scanning to make sure that it's not been penetrated by an improper network or things like that. That's not how it works."

This creates a critical vulnerability that most cybersecurity professionals miss entirely. "There's a lack of understanding in that. So they never address relays properly, and because they don't understand them or address them, or even consider them, their idea is, 'If I solve this problem in the network, I don't have to worry about the relays—I've already solved those because the network is where it's at.'"

The reality is far more dangerous. Relays can be compromised without ever going through networks. Swearingen and his colleague Joe Weiss demonstrated this at conferences: "We worked with a company that showed that they took a cell phone and directly connected to the relay itself, without going through any networks, and gained complete control—locking out the utility from being able to control it."

Even more concerning are the old-school attack methods that remain viable. "When you come out of those relays, there is a communications cable that usually comes out and goes up a pole to some kind of antenna, and you can splice into that, set yourself up a local short area network. As long as you're close enough, you could be off a little distance where nobody can see you, and you could operate those relays and do the very same thing."

The most insidious vulnerability Swearingen identifies involves unused registers within relays. "You have registers within relays that are not used. Engineers usually don't look at those registers because it's like, 'Hey, I didn't use it.' Well, that's where an enemy of the state, or malicious cyber attacker, could go in there and put different things in the registers that are not being used, that they could use later when they come back in. So they've already got their stuff set up in there, sitting in these registers that you don't use, just sitting there dormant for when they want to use it."

Fortunately, relays do have tools that could help identify such intrusions—but most engineers don't use them. "These relays have event recorders that record for 30 days or more, depending upon the relay. All the register values, all the sensor values, all the settings actions that happen within the relay get recorded."

These event recorders are incredibly powerful diagnostic tools. "They have software you can have on your computer where you can play back what the relay was doing. You can look at the full 30 days, or you can look at a certain date and time, and it will give you oscilloscope readings, symmetrical component readings. You can literally sit there and watch the voltages and the currents and the registers and the operations change as they exactly changed at the time things were going on."

This capability could reveal unauthorized changes to unused registers, but it requires engineers to look beyond just the registers they programmed. "Unfortunately, that's not done by a lot of engineers. They don't use the full value of that tool."

The organizational problem compounds the technical one. "Engineers are like, 'Oh, cyber, that's the IT people's domain.' IT people go, 'We don't want to talk to engineers. We're not interested in what the engineers have to say. They just need to make sure that they have a reliable system.'"

Swearingen has coined a term for this dangerous mindset: "perception focus." His definition: "When you are looking at one particular thing and you believe that if you solve that one particular thing, all of the other things will be solved."

Both IT and OT professionals fall into this trap. "IT and OT think, 'Hey, look, we fixed the communications network. The engineers are never going to have a problem. We're never going to have the grid compromised.' That's not true."

The solution requires bridging this gap between engineering and cybersecurity. "The tools are within the relay. You just have to understand how to use the tools, as far as the engineers go. And the IT and OT people need to understand that they don't know what's going on in a power system, so to sit there and think that they could solve the cybersecurity of a power system is completely false."

This fundamental misunderstanding of relay technology and operation represents what Swearingen considers the most dangerous overlooked vulnerability in today's operational technology networks. Until cybersecurity professionals understand that relays aren't network devices and engineers embrace the cybersecurity tools already available in their systems, power grids remain dangerously exposed to attacks that bypass traditional network security entirely.

Drawing from your experience as a Space Equipment Maintenance Specialist at Joint Defense Facility Nurrungar in Australia, how do you see the intersection between space-based technologies and terrestrial power grid monitoring evolving, particularly for early detection of physical and cyber threats?

Drawing from his experience as a Space Equipment Maintenance Specialist at Joint Defense Facility Nurrungar during Desert Storm and Desert Shield, Mike Swearingen offers a unique lens into how space-based systems can augment terrestrial power grid operations—particularly for early detection of physical and cyber threats. And in his view, this convergence is no longer theoretical—it’s already underway and will accelerate.

“The equipment was good—it was interesting,” Swearingen recalls. “I was responsible for the overall operation and maintenance of that equipment, so we always got the information. The people watching the screens needed that information, and it was my job to make sure the systems were working so they had it.” He pauses, then adds, “The technology back then was pretty good. But it’s gotten far better since.”

What’s especially relevant today is how satellite communications, once reserved for military and classified applications, are now being deployed in civilian power systems. Swearingen points to dynamic line ratings as a clear example of how space-based connectivity is already enhancing real-time grid decision-making.

“In the power industry, you’ve got more communications now with Elon and his Starlink. Even DirecTV had their own satellite internet before that,” he says. “It’s already being used in power systems, especially with something we call dynamic line ratings.”

Traditionally, transmission lines were rated using fixed thermal limits—numbers based on manufacturer specs and static environmental assumptions. “Instead of saying, ‘Here’s what the line is rated for according to the manufacturer, and here’s what our SCADA system says we’re currently running through it,’ and limiting ourselves to that,” he explains, “dynamic line ratings let us push those limits more intelligently.”

“With dynamic line rating, we’ve got equipment installed on the lines that gives us real-time environmental information. We can sit there and say, ‘Hey, look, the temperature is low, the wind’s blowing across the lines, so we can probably push more power through them and avoid congestion.’ Or conversely, ‘Temperatures are high, the line’s sagging, and we need to find an alternate path to avoid a thermal violation.’”

The enabling factor here is satellite communication. “The way the space equipment is already being used is that a lot of these companies are using satellite links to send information back to the operation stations,” Swearingen says. “Those are the SCADA control centers—the main operation stations of the utility. That satellite link gives them a way to collect data from equipment in remote areas that would otherwise be hard to reach.”

This satellite-driven connectivity feeds directly into one of Swearingen’s core grid modernization goals: giving operators the situational awareness to make fast, informed decisions. “It allows utilities to get the most out of all the lines in the interstate transmission system, to reduce congestion. And it gives them real-time knowledge to do what we talked about in the autonomous grid—make choices about feeding power in different directions, and figure out what they can live with and what they can’t.”

But Swearingen’s perspective, shaped by his military space background, goes much deeper than communication efficiency. For him, it’s not just about optimizing load—it’s about securing the entire infrastructure. And the defense tactics used to protect satellites could inform how we secure the increasingly digital power grid.

“In the military, we were already doing things to secure space systems that are still ahead of what most utilities are doing,” he says. “We had constantly changing scramble codes inside the satellite receiving equipment for the commands we sent back. That way, even if someone intercepted a signal, it wouldn’t help them without the current code.”

Even satellite positioning required tight controls. “The geosynchronous satellites we worked with had to stay in position. If there was a need to move the satellite, you had to send the right command—and we protected those commands. When we did uplinks, we would use frequency hopping so the transmissions were nearly impossible to track or jam.”

Swearingen believes these kinds of measures—cryptographic security, frequency agility, constant authentication updates—need to be adopted in terrestrial critical infrastructure. “Utilities need to understand that space-based communication systems are becoming integral to the grid. If they’re going to depend on them, they’ve got to protect them.”

And protection, in Swearingen’s view, isn’t just defensive. He envisions a more assertive cybersecurity posture—one that leverages satellite systems to actively detect and counter attacks in real time.

“You may even want to have jamming systems, similar to what we have on aircraft,” he suggests. “I’m talking about electronic warfare-style countermeasures. You don’t just stop the threat after the fact—you disrupt it at the source.”

This thinking is embedded in his autonomous grid cybersecurity framework, which calls for a more strategic use of deception, learning, and retaliation. “It wasn’t just about finding out who did it so we could put together countermeasures,” he says. “It was also about using that knowledge to locate the attacker and respond—by damaging their equipment through electronic means if needed.”

That capability, he believes, could extend into space. “We not only have to protect our systems from whatever measures they’re going to use, we’ve also got to make it difficult—extremely difficult—for them to get in at all,” Swearingen warns. “Not just through blacklists, or whitelists, or zero trust frameworks. You have to make it hard to even initiate communication. That means jamming their signals, scrambling their data, or going offensive—attacking their communication efforts so they can’t touch our infrastructure.”

In many ways, this isn’t just a cybersecurity strategy—it’s a philosophy. And it’s already playing out in places most people don’t realize. Swearingen sees dynamic line rating systems as the early stages of this space-terrestrial convergence, where satellite technology begins to fundamentally alter how the grid operates.

And with renewable energy bringing more variability into power generation, the need for broader system awareness is only growing.“We’ve been operating power grids using accepted industry standards and operational envelopes for decades,” he notes. “Those envelopes work—but they’re local, limited. Space-based monitoring gives you the ability to see those parameters across huge geographic areas at once. That’s something human operators just can’t do manually.”

Satellites, in this context, become the eyes and ears of Swearingen’s autonomous grid. They provide the global communication and sensing infrastructure that allows his algorithms—like ant colony optimization and recursive state evaluation—to scale beyond local applications and operate across entire interconnections.

But Swearingen’s excitement is tempered by caution. The more we depend on space systems, the more we must defend them. “We’ve got to be sure that we make every effort—and do everything we can—to secure those systems,” he says. “And that includes all the components tied into the grid, whether they’re ground-based or space-based. The same strategies we used to defend satellites in the military—frequency hopping, layered encryption, active interference—they’re going to be essential to protect the power grid, too.”

For Swearingen, the intersection of space and terrestrial systems isn’t some abstract scenario—it’s already happening. The only question is whether the industry will proactively integrate security from the beginning, or wait until after a breach forces the issue—repeating the same reactive mistakes that created the vulnerabilities we now face in legacy grid infrastructure.

You've spoken at the U.S. Air Force Cyber College and co-authored "Resilient Without Zero Trust." What alternative security frameworks do you believe are more appropriate for critical infrastructure like the power grid, and why might zero trust architectures be problematic in these environments?

Swearingen's critique of zero trust for power systems stems from a deeper, foundational issue he highlights throughout our conversation: a widespread misunderstanding of how control systems actually function in the real world.

“Relays are basically machine code,” he reiterates. “Inside a relay, you’ve got registers. You’ve got sensors. You’ve got a limited, finite set of commands that pertain to the function of that relay. What you do is you store sensor information and other input data in those registers, and then you write logic—system settings commands—that operate based on those stored values.”

This structure, Swearingen explains, is fundamentally incompatible with the zero trust paradigm. “It’s hard to apply zero trust. These are machine code-type systems. You can’t really program zero trust into a relay because the tools required to do that just don’t exist in the relay environment.”

He goes on to explain what relay security actually looks like in the field—and why it’s not comparable to more advanced IT systems. “The security on a lot of those devices, because they’re not like compiled code or object-oriented software, is essentially just based on simple password tiers. It’s a very basic system.”

He gives a typical example: “The relay says, ‘Okay, if you want to read all the information inside, enter the level one password. That gives you access to see everything—registers, current values, event logs. But if you want to make any changes, then you’ve got to enter the level two password.’ And that’s where it ends. There’s nothing beyond that in terms of user roles, audit trails, or session tracking.”

By contrast, zero trust requires a host of capabilities that simply don’t exist in this environment—continuous identity verification, cryptographic handshake protocols, behavioral baselines, microsegmentation, device fingerprinting. Swearingen is blunt about the reality: “There’s no relay sitting there scanning to make sure it hasn’t been penetrated by an improper network. That’s not how it works.”

But instead of dismissing the security challenge or forcing a one-size-fits-all framework onto equipment that can’t support it, Swearingen offers a set of alternatives that align with the constraints and architecture of existing power systems. His proposed framework consists of multiple layers—all grounded in how the grid already functions, but reoriented toward cyber-resilience.

Real-Time Information Analysis

Rather than trying to replicate zero trust’s continuous verification in a system that wasn’t built for it, Swearingen focuses on the real-time operational capabilities already available in modern relay systems.

“These relays have built-in event recorders. You can download data from them—they usually store 30 days or more of information, depending on the model,” he says. “That includes all the register values, all the sensor inputs, all the setting changes that have occurred during that time.”

What makes this powerful, he explains, is that it creates a continuous, timestamped audit trail. “You can literally go back and watch how voltages changed, how current changed, how register values were updated, and how the relay responded—step by step—as it happened during an event.”

And the security value of that data is often overlooked. “Yes, it’s great for fault analysis,” Swearingen says. “But it’s also great for cybersecurity—if people knew to actually go back and check all the registers, not just the ones they used for their logic functions. Because then you might see something like, ‘Wait a minute—why did this register value change? What’s it doing there?’ That’s a red flag.”

Physical Security Integration

Another critical layer in Swearingen’s approach is old-fashioned, boots-on-the-ground physical inspection. He believes modern grid operators have become too dependent on remote monitoring while neglecting the value of field presence.

“We need to get back to having enough experienced employees—engineers and technicians—to go out and inspect our substations regularly,” he says. “Every substation I worked with—transmission, generation, distribution—was inspected at least once a month.”

Those inspections weren’t superficial. “We’d go in, we’d download all the relay information physically. We’d examine the hardware, visually inspect the site, and then bring both the physical and digital records back to the office, where the engineers could analyze them.”

This wasn’t just about maintenance—it was part of a broader cybersecurity posture. “By doing that every month, we had a solid idea of what was going on inside our system. If something had changed, we’d catch it. If someone had tampered with settings, we’d see it in the logs or notice it during the physical inspection.”

Operational Envelope Monitoring

Rather than trying to impose modern cybersecurity principles onto legacy systems, Swearingen’s autonomous grid concept embraces the operational traditions that already exist within the industry.

“We’ve been operating power systems for so long that we’ve developed accepted industry standards and operational envelopes,” he says. “Those envelopes define what’s considered normal. We use those as the baseline for the autonomous grid.”

In his framework, the system continuously monitors for deviations from those baselines—not every packet or every data stream. “I designed the system using predictive analysis and AI game theory. The idea is: don’t look at everything. Just look for what’s wrong. Look for what’s outside the envelope. Start there, and then trace backward through all the lines and nodes it’s connected to, so you can understand what’s causing the issue.”

Analog Backbone Systems

In collaboration with General Guy Walsh, Swearingen expanded his framework to include analog communication as a backup layer—a form of security-through-resilience.

“General Walsh saw the autonomous grid concept and said, ‘This is great—but what about an analog backbone?’ So I said, ‘Okay, fair enough,’ and I developed one. It’s in the final paper,” he explains.

Analog systems, he says, offer a form of immunity against many digital threats. “They don’t operate on IP. They can’t be hacked remotely in the same way. And they give you a redundant communication path in case your digital systems are compromised.”

Perception Focus Elimination

One of Swearingen’s most important insights is what he calls “perception focus”—a dangerous mindset in cybersecurity.

“My definition of perception focus is this: when you look at one piece of the system and convince yourself that solving that piece means you’ve solved everything,” he says. “IT and OT teams are guilty of this. They say, ‘Hey, we’ve secured the comms network. So the engineers will be fine now.’ That’s not true.”

His framework encourages cross-functional understanding. “The tools are in the relay—you just need engineers who understand how to use them. But you also need IT and OT professionals who realize that they don’t fully understand the power system. They’ve got to collaborate.”

Proactive Threat Detection

Instead of relying on the zero trust model of assuming compromise and reacting with granular access controls, Swearingen proposes a more proactive and strategic approach—one that uses deception as defense.

“We project a complete copy of our operational environment—not the live one, but an exact mirror that looks real to an attacker,” he explains. “To them, it behaves just like the actual power system. It’s constantly updating, just like the real SCADA. So they think they’ve compromised it.”

But they haven’t. “They’re interacting with a shadow system. And while they do, we’re watching. We’re learning. We’re gathering data on exactly what they’re trying to do and how they’re doing it.”

This intelligence is then fed back into the security architecture. “Instead of being reactive, we’re proactive. Not only do we know what they’re going to try—we know before they even get close to the real system. Because they think they already have.”

Security Must Complement Operations

The overarching problem with applying zero trust to power systems, Swearingen argues, is that it was designed for enterprise networks—not industrial control systems that prioritize uptime and physical safety.

“Everything you do to make a system more reliable, more efficient, or safer also makes it more cyber-vulnerable,” he says. “Because you’re creating more exposure. You’re adding access points. And engineering professionals tend to come from a place of trust—they’re focused on the system working. Meanwhile, cybersecurity people want to lock everything down. They come from a world of restriction, of maximum control, of need-to-know access.”

The result is a cultural clash. Swearingen’s approach acknowledges that tension and works within it. He doesn’t try to make relays behave like servers or firewalls. Instead, he enhances the existing system with tools that make sense—event log analysis, physical oversight, analog redundancy, and strategic deception.

“We can’t keep trying to retrofit cybersecurity principles from a different world onto this one,” he says. “We need security strategies that are native to the way the grid already works.”

Having witnessed the evolution of power system regulatory frameworks throughout your career, including roles in NERC compliance, how would you advise policymakers to balance innovation in grid technologies with the increasing need for security and reliability, particularly as physical attacks on the grid increase?

Swearingen’s advice to policymakers is informed by decades spent inside the evolving machinery of the U.S. power system—and by a deep frustration with how regulations are often made: not through operational insight, but through abstract policy debates led by people far removed from the day-to-day realities of grid management.

“It’s pretty easy and straightforward,” Swearingen says of the solution—but his tone carries the weight of someone who knows the simplicity is deceptive. “They say, ‘Well, we talk to utilities.’ Well, yes, you talk to management—the senior management—usually the CEO or the chief operations officer. That’s all well and good. But you need to start encouraging those utilities to send in their operations engineers and their protection engineers. You need to listen to what they have to say.”

The problem, as he sees it, is that policymakers rarely hear from the people who actually operate the grid. “Even the chief operating officer isn’t there every day running the grid. They may have done it at some point in their career—and that helps, sure—but they’re not the ones sitting in front of SCADA all day long. If you’re going to bring them in, have them bring their chief engineer. Have them bring the guy or woman sitting at the operations center who’s looking at that SCADA data and making the real-time decisions. Bring the engineers who are doing the protection systems, who are configuring and testing the relays. Those are the people who know what’s actually happening out there.”

Swearingen sees a persistent disconnect between Washington and the people who keep the lights on. “A lot of these policymakers in D.C. live in a solipsistic world of their own creation. They think because they’ve talked to the head of a big utility, or someone at a think tank, that they understand the whole picture. Or worse, they rely on an aide who knows just enough to be dangerous.”

The result? Policy that might sound well-meaning, but is operationally flawed. “Take Martin Heinrich from New Mexico,” Swearingen says. “He has some real concerns—valid concerns—and he cites them. But 70% of what he cites ends up being counterproductive or, frankly, useless in solving the actual problem. And that’s because he’s not getting his information from the people I just mentioned—the ones in the trenches.”

This issue goes beyond individual lawmakers. “It’s the same with congressional committees. And the worst part is, in that solipsistic environment, they all follow the same philosophy: ‘Never let the facts get in the way of a good perception.’ That’s the ruling mindset up there. And it’s dangerous.”

Rate Relief for Security Investments

Swearingen believes one of the most effective levers Congress and FERC could pull is financial—specifically, extending rate recovery to cover cybersecurity and physical security investments. His proposal targets the structural disincentives that currently prevent utilities from taking proactive steps.

“I’ve argued this point with FERC commissioners and their lawyers. And I’ve said it for years: if we’re going to make this work, we’ve got to do two things.”

The first, he says, builds on the work of his colleague Joe Weiss. “Joe’s been working for a long time on getting the insurance industry to change its models. Right now, utilities get no incentive for securing their systems. But if we said, ‘Hey, if you don’t have a demonstrably secure cyber-physical infrastructure, we’re going to raise your insurance premiums because you’re a greater liability’—that would move the needle. The insurance companies could be a huge lever for change.”

The second component is Swearingen’s: “If we can give rate relief to utilities for building new generation, new transmission lines—then why not for building secure infrastructure?”

He lays it out plainly: “Let’s say a utility is putting in new transmission infrastructure. And let’s say, as part of that, they install cybersecurity hardware, intrusion detection, isolation systems—real protective measures. If they can demonstrate to the Commission that they’re not just building for capacity but also building for security, and that these systems are defensible, then they should get rate relief for that.”

He acknowledges it won’t be a popular move with consumers. “This wouldn’t go over well in rate cases. But people have to understand—your rates already cover reliability. And now they need to start covering security, because without security, you don’t have reliability.”

Understanding Financial Constraints

Swearingen’s proposals are not academic. He’s deeply aware of the budget realities utilities face—especially smaller, non-investor-owned ones.

“Let’s talk about public power districts, municipalities, and cooperatives. These guys make up a huge portion of the utility space. And there’s a hard ceiling on the money they’ve got.”

He offers an example: “Say you’ve got a small cooperative. The CEO comes in and says, ‘You’re looking at $12 million over four years.’ Well, that co-op may need $2.5 to $3 million every single month just to operate. So you’re burning through $10 to $12 million just to keep the lights on—and you haven’t even started your system upgrades yet.”

Co-ops operate on a razor-thin model. “They don’t have profits. Whatever margin they make at the end of the year, they’ve got three choices: reinvest it in the system, refund it to their members, or use it to pay down debt. That’s it. No capital war chest. No rainy-day fund for major security upgrades.”

Even investor-owned utilities face barriers. “IOUs have more cash flow, but they’re driven by shareholder return. If they’re going to spend millions upgrading cybersecurity systems, the first question is, ‘What’s the ROI? Where’s the payback?’ And cybersecurity doesn’t have a direct revenue stream. So they deprioritize it.”

FERC's "Just and Reasonable" Standard

Swearingen understands that FERC, the Federal Energy Regulatory Commission, can’t approve just any increase in consumer rates. But he believes their existing legal standard—“just and reasonable”—can and should be extended to include cybersecurity.

“What FERC says is: if you’re building a new transmission project, and it improves reliability and regional capacity, you’re entitled to rate recovery—as long as it’s just and reasonable. That’s the magic phrase.”

His proposal: use that same framework to support security investments. “Show the Commission that this cybersecurity system protects the interstate grid. Demonstrate the value. If you can show that it improves resilience, that it reduces the likelihood of outages, that it limits attack surfaces—then it meets the threshold. It is, by definition, just and reasonable.”

Physical Security Integration

Swearingen also warns that policymakers can’t just focus on cyber—it’s the physical side that’s proving most vulnerable in today’s threat landscape.

“We’ve got to get back to having enough experienced people—engineers and technicians—to inspect substations regularly,” he says. “Every single substation we had used to be inspected monthly. That was standard.”

And those weren’t box-checking inspections. “We’d go in, download the relay logs, check for anomalies, and physically walk the site. Then we’d bring that data back—digital and physical—to the engineers. That let us see if anything had changed. If someone had tampered with settings. If something wasn’t acting like it should.”

He points to the infamous Metcalf substation attack as an example of what happens when this isn’t done. “Metcalf had no regular inspections. When they got hit, they ignored the first two alarms before they even sent someone out to check. That’s how you lose infrastructure—through complacency.”

Breaking Down Silos

To Swearingen, one of the biggest—and least acknowledged—barriers to better security is the persistent siloing of engineering and cybersecurity roles.

“Engineers will say, ‘Cybersecurity? That’s the IT team’s problem. I’ve got enough to worry about.’ And the IT guys are like, ‘Good—because we don’t want to talk to the engineers anyway.’ And because they don’t talk to each other, they create a gap. And that’s the exact surface area the attackers are exploiting.”

His recommendation to policymakers is blunt: “Force integration. Make it part of compliance. If a utility says they have a security program, then that program should require coordination between cybersecurity and engineering. Not as a suggestion. As a mandate.”

Industry Resistance to Change

Finally, Swearingen is realistic about the pace of change in the power sector—and how that slowness has made the industry vulnerable.

“The power industry is conservative by nature. Always has been. That’s not necessarily bad—it’s why we’ve had reliable systems for decades. But it also means we’re slow to respond to new challenges.”

He’s seen it before. “When cybersecurity started becoming an issue? The industry dragged its feet. When dynamic line rating was introduced? Same thing. It takes forever to get people to see the need. Then it takes even longer to get them to act.”

But the threat environment is evolving faster than the industry’s tolerance for inaction. “It’s happening more often—these attacks. Whether utilities want to admit it or not—and they don’t—it’s going to keep happening. And eventually, they won’t have a choice but to deal with it.”

Swearingen’s bottom-line advice to policymakers is clear and rooted in operational reality: Listen to the engineers. Incentivize the right behaviors. Fund what matters. And force collaboration between the silos.

Without those changes, he warns, policy will continue to operate at a dangerous distance from the systems it’s supposed to protect—and the critical infrastructure the nation relies on will remain exposed to increasingly sophisticated threats.

How did your experience with space equipment maintenance at Joint Defense Facility Nurrungar shape your approach to electronic warfare vulnerabilities in critical infrastructure like the power grid? Are there specific countermeasures from the space domain that could enhance grid resilience?

Swearingen’s experience maintaining space equipment during Desert Shield and Desert Storm gave him early exposure to electronic warfare countermeasures—hands-on knowledge that would later influence his most advanced cybersecurity concepts for the power grid. His time at Joint Defense Facility Nurrungar wasn’t just about maintaining functionality; it was about learning how to secure critical systems in contested environments.

“We were doing, at least on space equipment, things to secure the system—things like scramble codes being changed constantly within the satellite receiving equipment for the commands we sent back,” Swearingen recalls. “If we had geosynchronous satellites, we’d move them to a spot and let them sit there, and we were constantly monitoring them.”

The tools they used were sophisticated for their time. “When we were sending uplinks, we’d do things like frequency hopping. I won’t go into how that hopping worked—it’s probably changed since my time—but the point is, we had layered security. And that was over 30 years ago,” he says. “I’m a dinosaur compared to what they’re doing now, but the principles are still relevant.”

Swearingen stresses that despite the age of the systems, the fundamental lessons haven’t changed. “At the time, we did everything we could to cyber secure the equipment we had. And I have to assume that’s still the case now—just with more advanced tools.”

From F-22 Radar to Grid Defense

One of the most influential technologies that shaped Swearingen’s thinking wasn’t a satellite, but the F-22 Raptor’s radar system.

“I took what they were doing in the F-22—the APG-77 radar, which could scan all around itself with phased array tech. It could look down, look up, and track multiple aircraft at once, beyond visual range,” he explains. “It wasn’t just for detection. That radar could lock onto multiple targets and engage them simultaneously.”

What fascinated Swearingen wasn’t just the detection—it was the system’s active behavior. “It wouldn’t just find other systems—it would try to compromise them. It would use its radar not just to identify threats, but to strip them of their advantage.”

This was a breakthrough moment for him. “I thought, ‘We could do the same thing with the power grid. Not only can we detect a cyber problem, but we can trace it back to its origin. We can document it, we can analyze it, and we can use that intelligence to harden the system—and to strike back if needed.’”

Active Defense Through Electronic Measures

This philosophy—detect, analyze, and strike—is central to Swearingen’s “aggressive defense” model, built into his autonomous grid cybersecurity framework.

“It’s not just about identifying the attacker and then writing a report on it. That’s what we usually do—respond after the fact. What I’m saying is: we take what we learn from the attack, we identify who did it, and then we go after their systems. We damage them through electronic measures. We make sure they feel the cost of the attack.”

He clarifies that this approach isn’t science fiction. “This is done all the time on the dark web. Attackers go after each other’s systems and leave them unusable. I’m saying we take that same playbook and use it to defend critical infrastructure.”

Frequency Hopping and Communication Security

One of the most practical takeaways from Swearingen’s space operations experience is frequency agility. “Frequency hopping, cryptographic keys—those were essential parts of our system,” he says. “We didn’t leave uplinks static. You may even want to have frequency hopping in grid communications now.”

Modern power systems increasingly depend on wireless infrastructure—from remote sensors to SCADA systems to dynamic line rating platforms. Swearingen believes military-grade frequency hopping could drastically improve their resilience.

“If we’re going to rely on wireless, then we better secure it the way we secured satellites. That means layered encryption, key rotation, and frequency agility,” he explains. “It’s not just a best practice—it’s a requirement if we want these systems to survive in a contested environment.”

Jamming and Electronic Warfare

Swearingen also recommends bringing offensive electronic warfare capabilities to the power grid—not just passive defenses like firewalls or access control lists.

“You may even want to have jamming systems—just like the ones used on fighter aircraft,” he says. “We’ve got to make it hard for them to get in. Not just block access with blacklists and whitelists. That’s reactive thinking.”

Instead, he advocates active disruption at the communication layer. “Jamming their signal. Scrambling their protocols. Attacking their communication infrastructure the moment they try to breach ours. That’s the kind of posture we need.”

Proactive vs. Reactive Defense

Perhaps the greatest lesson Swearingen brought back from the space domain is the value of proactive defense.

“Cyber attacks evolve constantly. But the problem with our industry is—we’re reactive,” he says. “We get attacked, we conduct a forensic analysis, we write a report, we fix the hole, and then we pat ourselves on the back like we solved it. Meanwhile, the attacker’s already two steps ahead.”

His autonomous grid flips that model. It uses decoy systems that mimic the operational grid—what he calls a “parallel engineering analysis environment.”

“We project a copy of our control environment that behaves exactly like the real thing. The attacker sees it, thinks it’s live, and attacks it. But they’re in the decoy,” Swearingen explains. “We’re watching. We’re learning. And by the time they realize it’s fake, we’ve gathered enough data to understand their tools, their methods, and their intent.”

EMP and Hardening Considerations

Swearingen’s background in space operations also made him acutely aware of electromagnetic threats—both manmade and natural.

“When I was evaluating certain control systems, I found one where the vendor had built it from the ground up to be secure,” he says. “They even made it resistant to electromagnetic pulse. That’s not common. But it should be.”

In space, protecting against EMPs—whether from solar flares or nuclear detonations—is standard practice. “In the grid, though, we barely think about it,” he says. “But one good EMP could knock out unshielded substations, sensors, and comms systems. We’ve got to build with that in mind.”

Integration with Golden Dome and Missile Defense

Swearingen also draws from his military background when analyzing larger national defense systems, like the proposed Golden Dome missile defense initiative. “The technology is already there. We just haven’t integrated it and deployed it,” he says. “We can do it. And I think it’s a good idea to do it.”

But he has a warning: if we deploy missile defense without securing its digital infrastructure, it’s vulnerable. “If you build something that powerful, you better make sure its control systems are secure—cybersecure and physically secure.”

That means space-grade protections. “Any missiles deployed on the ground, or part of a distributed defense system—those comms have to be encrypted. They have to use frequency hopping. If they’re not hardened, they’re targets.”

Learning from Reagan's “Star Wars”

Swearingen also sees value in looking at history—specifically the Strategic Defense Initiative of the 1980s, famously nicknamed “Star Wars.”

“I remember when Reagan announced that plan—everybody laughed. But the Russians didn’t. Gorbachev wasn’t laughing. That was the key point in negotiations,” Swearingen says. “The opposition’s reaction tells you everything.”

And that reaction, he argues, is proof of concept. “When your adversary says, ‘Don’t do this,’ that’s how you know you’re onto something. That’s how you know it’s effective.”

Practical Applications Today

Swearingen's space experience has led to specific, implementable recommendations for power grid resilience:

1. Cryptographic key rotation: Constantly changing authentication codes, similar to satellite command systems
2. Frequency hopping communications: Making wireless grid communications harder to intercept or jam
3. Active electronic defense: Using jamming and electronic attack capabilities against adversaries
4. EMP hardening: Protecting critical systems against electromagnetic threats
5. Proactive threat hunting: Using honeypot-like systems to learn from attack attempts

The integration of these countermeasures—drawn from space-based operations—represents a fundamental evolution in how we secure critical infrastructure. Instead of relying solely on firewalls, air gaps, and passwords, Swearingen’s model embraces offensive capabilities, electromagnetic awareness, and continuous threat engagement.

As power grids become more digitized, more decentralized, and more wireless, they also become more exposed to the kinds of electromagnetic interference, jamming, spoofing, and cyber intrusions that have long been a feature of the space environment.

“The grid is entering the same domain we used to protect in space,” Swearingen concludes. “And we better start defending it with the same urgency—and the same tools.”

Author's Analysis: The Engineering Prophet's Dilemma

Throughout my conversation with Mike Swearingen, I was struck by a profound paradox: here is someone who has spent decades developing practical solutions to critical infrastructure vulnerabilities, yet his most important insights remain largely unimplemented, misunderstood, or dismissed by the very industry that needs them most.

Swearingen's trajectory from Air Force space equipment maintenance specialist to power systems engineer to autonomous grid theorist reveals a unique perspective—someone who understands both the physical realities of critical systems and the abstract concepts needed to secure them. His regret about the "autonomous, self-aware, living grid" terminology is telling; he created language to capture attention for critical concepts, only to find that the language itself became a barrier to adoption.

The fundamental disconnect he identifies between engineering and cybersecurity professionals isn't merely academic—it represents a dangerous blind spot in our approach to critical infrastructure protection. When cybersecurity professionals design security for systems they don't understand, and engineers dismiss cybersecurity as someone else's problem, the result is infrastructure that appears secure on paper but remains vulnerable to attacks that bypass traditional network security entirely.

What makes Swearingen's warnings particularly credible is his deep understanding of both sides of this divide. His explanation of how relays actually work—as machine code rather than network devices—illuminates why zero trust and other network-centric security approaches fail in power systems. Yet his proposed alternatives aren't theoretical; they're based on capabilities that already exist within relay systems, like event recorders that most engineers simply don't use for security purposes.

The space equipment background adds another dimension to his perspective. The frequency hopping, cryptographic security, and electronic warfare countermeasures he learned maintaining satellite systems in the 1990s are directly applicable to today's increasingly wireless and networked power grid. His adaptation of F-22 radar concepts to create proactive cybersecurity systems demonstrates the kind of cross-domain thinking that's essential for protecting critical infrastructure.

Perhaps most troubling is his observation about the power industry's inherent conservatism and slow reaction time. "It takes time to wake them up, and then it takes time to get them going," he notes. This institutional inertia, combined with the economic constraints facing utilities, creates a dangerous lag between threat evolution and defensive responses.

Swearingen's policy recommendations—particularly extending FERC rate relief to cybersecurity investments—address fundamental economic barriers to security implementation. Without proper incentives, utilities will continue to treat cybersecurity as a cost center rather than a reliability investment.

The autonomous grid concepts he developed aren't science fiction—they're engineering frameworks designed to address real operational challenges that become more acute as renewable energy penetration increases and power systems become more complex. The Iberian Peninsula outage he analyzed demonstrates how quickly traditional operational approaches can fail when confronted with new system dynamics.

What emerges from our conversation is a picture of critical infrastructure caught between worlds: engineered for reliability using decades-old technologies, but increasingly dependent on modern communications and control systems that create new vulnerabilities. Swearingen's unique background allows him to see both the engineering constraints and the security requirements, leading to solutions that work within operational realities rather than against them.

Yet implementation remains elusive. Like Joe Weiss's extensive database of control system incidents, Swearingen's autonomous grid frameworks and cybersecurity innovations remain largely theoretical despite their practical origins and proven applicability. The question isn't whether these approaches would work—Swearingen's engineering credentials and practical experience speak for themselves—but whether the industry will implement them before experiencing the kind of catastrophic failure that makes implementation mandatory rather than optional.

The convergence of space and terrestrial systems that Swearingen describes through dynamic line ratings and satellite communications isn't a future possibility—it's happening now. The security approaches he advocates, drawn from both power systems experience and space equipment maintenance, represent proven methods for operating in contested environments.

As our conversation concluded, I was left wondering whether Swearingen's role as the "dusty reference book" that gets consulted during crises is sustainable. The increasing frequency and sophistication of attacks on critical infrastructure suggest that reactive consultation may no longer be sufficient. The autonomous, proactive approaches he advocates may soon become not just technically superior but operationally necessary for maintaining grid stability in an increasingly hostile cyber environment.

The engineering prophet's dilemma is clear: having the knowledge and solutions but lacking the institutional mechanisms to implement them until crisis forces adoption. For critical infrastructure protection, this reactive approach may prove catastrophically insufficient in an era of rapidly evolving threats and increasing system complexity.

The Lost Art of Engineering Intuition

One of the most striking themes in my conversation with Swearingen was his concern about the decline of fundamental engineering skills—a decline that has direct implications for both grid operations and cybersecurity.

"I would say to an engineer when I'd interview them, 'I've got a problem here. I've got a big voltage drop. I'm having constant stability problems on this part of the system,'" Swearingen recounts. After providing all the technical parameters—voltage drop, current, phase angles, line impedances—he would ask how they'd solve the problem.

"They'd say, 'Well, we could take that information and we'll take it to an engineering analysis package and we'll look at it, and I'll get back to you.' I'd say, 'No, no. I mean, that's nice and it's a useful tool, but it's a tool, not an answer.'"

The problem, according to Swearingen, is that younger engineers have become too dependent on software without understanding the underlying physics. "What you never learned is that every variable in that formula is a real world number or a real world phenomenon that is occurring right now in the system. And if you can't understand that, then there's no guarantee that you're going to know whether good data or bad data is coming out of an engineering analysis package."

This software dependency creates dangerous blind spots in troubleshooting. "That younger generation has very poor troubleshooting skills. That's not a comment on their intelligence—they're very smart people coming out of engineering schools. They have the smarts. They don't have the savvy, and it takes time to get that. But they don't even know where to begin."

Swearingen's approach to developing engineering intuition involved three fundamental principles:

Consider Everything First: "I would tell my engineers, 'Consider everything, no matter how ridiculous it may sound, consider everything and then start tossing things out as you start evaluating it. But not to consider everything is to miss that one thing that never happens.'"

He points to the Iberian Peninsula outage as an example: "People weren't considering what really happened, which was due to sub-synchronous oscillation and subsequent sequence resonance. They didn't consider that because it only happened when renewables started becoming a bigger part of the fuel mix in the generation."

Ask What You Don't See: "The other thing you have to ask is, 'What don't I see?' You know, I'm at this part of the system. This is what I should be seeing. What don't I see? Is there anything here that I don't see? And why don't I see it?"

Use All Your Senses: Perhaps most remarkably, Swearingen advocates for using auditory cues in system diagnostics. "Power systems have sounds to them. You can hear the humming and other things with equipment or lines. You can hear how it sounds—it's either a lower hum or a higher hum."

He provides specific examples: "If you go into a substation and there's a power transformer and you hear a low grumbling, or you hear a low sound that's really loud, that's kind of a grumbling sound, that's something you should be cautious about, because it could be an indication of the transformer coil having issues and having potential for failing in the future."

Static sounds are equally important: "If you hear static sounds in the substation, kind of like an AM radio that can't get a station, the louder it gets as you walk around—the closer you get, the louder it gets—the closer you're getting to something where there's a broken insulator, or a switch is not completely closed correctly, or something's not connected well. That's going to cause a problem here pretty soon."

These diagnostic techniques represent decades of accumulated operational wisdom that can't be learned from textbooks or software. "That's how you learn how to learn. And engineers don't do that. They don't understand the concept, and they don't do that."

The Philosophy of Continuous Learning

Swearingen's approach to engineering education reflects a deeper philosophy about professional development and responsibility to the industry.

"When they go to college, there's one thing they know theoretically—how it works—but they didn't learn the one thing they needed to learn, which is: when you come out of college, the best thing you can learn is how to learn, which makes you adaptable to future situations."

This adaptability becomes crucial as power systems evolve. "I realized it's not enough for me just to be a good engineer. It's not enough to do a good job at my utility. It's got to be that not only do I do all that, but I get better and better at what I do, and get better and better in my experience and my knowledge, but most of all that I leave the industry better than when I entered it."

This philosophy drives Swearingen's continued involvement in the industry despite retirement. "I wouldn't consider it successful, or I wouldn't be happy with myself if I hadn't made a change for the better in our nation's electric grid and the industry itself."

Sandia Labs and Industry Adoption

One of the more intriguing aspects of Swearingen's autonomous grid work is its current development at national laboratories, despite initial industry skepticism.

"There's places now like Sandia Labs that are developing concepts based on my papers," Swearingen reveals. "I even talked to the person who's leading it by email at Sandia Labs, and she said, 'Thank you for your paper.' I said, 'Look, I'm just wanting you to succeed, since I've been doing this longer than everybody else.'"

The interaction reveals both progress and continued wariness: "They were a bit apprehensive. They liked the papers—they liked the papers a lot—but they didn't know the origins of the ideas. It's an idea that I've been working on for a long time."

This development at Sandia suggests that national security implications are driving adoption of autonomous grid concepts, even as the commercial utility industry remains cautious.

The Acronym Problem

Throughout our conversation, Swearingen displayed particular frustration with Washington's love of acronyms—a frustration that reflects deeper communication problems between engineers and policymakers.

"The one thing when I would go to DC that hit me was acronyms," he recalls. "When someone said to me, 'So what do you think NRECA is going to do?' I'm like, 'Who are you talking about?' And they said, 'NRECA.' I was like, 'You mean NRECA, the National Rural Electric Cooperative Association?' I said, 'Well, that's what everybody in the real world calls it. I don't know where you get your acronym.'"

His suggestion is direct: "We need less acronyms and more clear communication."

This acronym obsession represents a broader problem with Washington's insularity—the same "solipsistic world" that leads to policies disconnected from operational realities.

About Mike T. Swearingen

Mike T. Swearingen is a retired electric cooperative power systems engineer with over 20 years of experience working in every aspect of power systems operation including control systems, protection systems, transmission design, substation design, distribution design, and NERC compliance as well as regulatory matters. Named a Smart Grid Pioneer by Smart Grid Today in 2015, he is an IEEE Senior Member and holds a patent for a "Security System, Device, and Method for Operational Technology Networks."

Swearingen began his career as a Space Equipment Maintenance Specialist with the United States Air Force at Joint Defense Facility Nurrungar in Australia during Desert Shield and Desert Storm operations. After completing his Bachelor of Science in Computer Science/Mathematics Engineering at Eastern New Mexico University, he spent his civilian career with rural electric cooperatives, progressing from Engineering Assistant to Regulatory Compliance Manager before retiring in 2014 due to Parkinson's disease.

Throughout his career, Swearingen has been deeply involved in industry standards development and regulatory processes. He represented his cooperative as a member of the Southwest Power Pool's Transmission Working Group (TWG), Market Operations and Policy Committee (MOPC), and Market Working Group (MWG). He served as an analyst and independent merit reviewer on several projects at the Department of Energy (DOE) and was a technical advisor for the National Electric Energy Testing Research and Applications Center (NEETRAC).

As an author and researcher, Swearingen has presented and published two IEEE papers: "Real Time Evaluation and Operation of the Smart Grid using Game Theory" and "Regulatory Evolution and its Effect on System Operations and Security." He has published several articles for different periodicals within the power industry and has a paper on ResearchGate titled "Autonomous Self Aware Living Grid." He has participated in and reviewed several standards for publication and serves as an IEEE peer reviewer.

Swearingen co-authored IEEE Computer Magazine articles "There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling" and "Resilient Without Zero Trust." He has spoken at the U.S. Air Force Cyber College, the National Sheriffs Association Annual Conference, ICS Cybersecurity Conferences, and NRECA TechAdvantage. He has also worked with Navy Surface Warfare and Dahlgren Labs on cybersecurity and the AURORA vulnerability.

Since retiring, Swearingen continues to serve as a consultant and advisor to government agencies and industry organizations on power system cybersecurity and operational challenges. He describes his current role as being like "that thick reference book that sits on the shelf that has some dust on it—when they can't figure out why something is happening with the electric grid, either cybersecurity or operationally, they take me off the shelf, dust me off, open me up, and start asking me questions."

For more information, reach out to Mike at michaeltswearingen@gmail.com. 

Further Reading:

"Autonomous Self Aware Living Grid": https://www.researchgate.net/publication/341099227_Autonomous_Self_Aware_Living_Grid

"Real Time Evaluation and Operation of the Smart Grid using Game Theory": https://ieeexplore.ieee.org/document/5756714

"Regulatory Evolution and its Effect on System Operations and Security": https://ieeexplore.ieee.org/document/6194562

"What You Need to Know (and Don't) About the AURORA Vulnerability": https://www.powermag.com/what-you-need-to-know-and-dont-about-the-aurora-vulnerability/