"These Aren't Migrants. These Are Military Personnel": Mike Swearingen Reveals How Military-Trained Iranian Operatives Could Execute a Grid Takedown Within 250 Miles of the Border

When I reconnected with Mike Swearingen for our follow-up interview, the geopolitical landscape had shifted dramatically. Iranian cells crossing the southern border. Chinese transformers with potential backdoors. Distribution substations protected by nothing more than default passwords. What emerged from our conversation wasn't just a technical discussion about grid vulnerabilities—it was a stark warning about threats that have already penetrated American borders.

"There are teams from Iran and from China that came into our country for the sole purpose of gaining access from the inside," Swearingen states matter-of-factly. It's not speculation—it's his assessment based on decades of experience and current intelligence patterns. The autonomous grid concepts we discussed in our first interview suddenly take on new urgency when foreign military-trained operatives are potentially already scouting critical infrastructure targets within 250 miles of the border.

What makes this conversation particularly chilling is Swearingen's description of how simple a coordinated attack would be. Using his Jenga tower analogy, he explains how pulling just "four, six, seven pieces" from the right locations could bring down the entire grid. The sophistication isn't in the attack itself—it's in knowing which pieces to pull.

Given the current geopolitical tensions and intelligence about Iranian cells potentially entering through the southern border, how do you assess the immediate physical and cyber threats to our power grid, particularly in distribution systems near border states?

"Let’s remember there are different kinds of threats to the grid," Swearingen begins. "When it comes to cyber threats specifically, there are state-sponsored groups like Iran, China, and others. Russia has already demonstrated its ability to breach grid infrastructure—just look at what they did in Ukraine. They’ve proven they can do it."

He recalls an early warning: "I remember, back when I was with the Secure the Grid Coalition and Volt Typhoon first came up, I said, 'This setup is extremely dangerous—it’s an insidious program that could cause serious damage to the grid.' And I still stand by that."

But what concerns him most today is the southern border. "One of the things that really worries me is the influx of people coming across. At first, it was framed as isolated individuals—just one here, a few there. But based on everything I’ve seen, there are actual teams—whether you call them cells or something else—coming from Iran and China. These aren’t just migrants; these are people sent here with the sole purpose of gaining access to our infrastructure from the inside."

The proximity of critical infrastructure raises the stakes. "Some of our key substations are only about 175 to 250 miles from the border. That might sound like a lot, but in reality, that’s a distance that can easily be covered in a few days or even less, depending on how they travel. Once they’re inside, it becomes a much more serious issue."

When asked if he was referring to cyber specialists, Swearingen clarified: "When I say 'intelligent,' I don’t just mean high IQ. These are military personnel—people who’ve been trained in a very focused way. Just like our Air Force trains someone to fly a B-2 or maintain complex systems, these individuals have been trained to handle sophisticated electrical and electronic equipment. In my case, they trained us on space systems. These are not amateurs. They’re skilled, technically capable, and they know what they’re doing—which makes them a significant threat to the grid, whether through a cyberattack or physical sabotage."

"It’s not about calling them geniuses, although some may be. What I mean is they have been rigorously trained. They have the kind of specialized knowledge that makes grid attacks possible—and that’s a very serious concern."

He emphasizes that not all threats come from foreign states. "There are other motives too. You’ve got hackers who aren’t necessarily ideological or after money. Some just want to make a name for themselves in dark web communities—maybe to build their rep so they can get hired later. That’s a growing risk as well."

Swearingen has also studied physical vulnerabilities. "Stephen Chill, a retired Lt. Colonel in the Marine Corp., and I co-authored a paper for Secure the Grid outlining the types of physical threats the grid faces. We described scenarios where coordinated teams could strike multiple physical points simultaneously, targeting the right assets to cause real disruption."

The 2013 Metcalf substation attack remains a case study: "Hank Cooper brought up Metcalf with me—it was a physical attack, sure, but it was more than that. It was a coordinated effort. And let’s be honest: Metcalf’s own response was part of the problem. As I remember, they let alarms go off, just watched the cameras that were still working, since the attackers cut some fiber optic lines, and decided nothing was wrong—until they finally sent someone out to check in person. That kind of delay is unacceptable."

To explain grid vulnerability, Swearingen uses a striking analogy: "At the ICS conference back in 2017, I compared the grid to dominoes. You knock one over and it might take out a few—or all of them. But a better analogy is Jenga. You can pull out one piece and the whole structure might still stand. But pull the wrong few pieces, and it all collapses."

He cautions against oversimplified estimates. "People throw numbers around—12 pieces, 6 pieces, whatever. But the real number isn’t as simple as they think. I live and breathe this stuff. That’s why people reach out to me for insights. Imagine a four-foot-tall Jenga tower. You might only have to pull four, six, maybe seven pieces in the right spots, and the entire thing falls apart. That’s how the grid works—it’s a giant tower of interconnected systems."

The concept of "electrical location" is critical to understanding which assets are most vulnerable. "If you target the right substation—based on what I call its electrical location—you can cause a massive impact. Electrical location refers to how many other parts of the grid are interconnected with that one substation. The more lines connected to it, the more damage an attack on that station can cause. Those are your foundational Jenga pieces. Pull one of those, and the whole grid can collapse. That’s what keeps me up at night."

You mentioned that many distribution utilities still use default passwords on their relays. Can you explain why this seemingly basic security measure remains unaddressed, and what would it take to fix this endemic problem?

"Many distribution utilities still leave the default password in their relays," Swearingen reveals. "To this day, they don’t have a formal password-changing program for those devices." Why such a basic cybersecurity measure is overlooked comes down to mindset. "They simply didn’t think about it. That was the original reason—they weren’t thinking in cybersecurity terms. Back then, engineers focused on coordination and reliability. That was their job. Cybersecurity wasn’t on the radar."

The scale of the issue makes it more than a simple oversight. "Now that they're beginning to realize the problem, it’s like, ‘Oh man, we’ve got to change all of these passwords—and we’ve got a lot of relays out there.’"

He provides context: "The average cooperative utility has anywhere from 10 to 12 distribution substations, but depending on its size, it could have hundreds. That’s hundreds of substations with relays that all need password changes." So, what’s the challenge? "Well, now it becomes a logistics issue. They have to physically go to every single substation, change the password at each relay, record what it was changed to, and ensure that process is coordinated. Years ago, the issue was lack of cybersecurity awareness. Today, the obstacle is manpower and logistics."

It’s not just co-ops that are affected. "Municipalities, public power districts—they’re all in the same boat. Many simply don’t have the workforce to do this quickly. It’s a massive undertaking." The limitations are often technical. "A lot of utilities can’t change relay settings remotely from their SCADA system. That means they have to send someone on-site to every single relay and manually change it. Like I said, it’s a logistics deal. Manpower and logistics."

He contrasts this with what a future grid could look like. "The autonomous grid would be able to detect attacks, learn from them, and automatically reconfigure relays to defend itself. That’s the future. But we’re not there yet." 

"As it stands today, most utilities still can’t change relay settings from the control center. Some can, but even then, the capability is limited. So we’re stuck physically going to each relay. It’s unfortunate, but not surprising. We’re working with a system that’s been in place for 60 to 70 years."

Swearingen breaks down just how vulnerable these devices are. "Most relays don’t use compiled code or complex authentication systems. They operate on simple, tiered passwords. If you want to read relay data, you enter the Level 1 password. If you want to change settings, you need Level 2. That’s it." There’s no active monitoring of breaches, either. "These devices don’t scan to see if they’ve been accessed from an unauthorized network. They don’t flag anything. That’s not how they work."

The ease of exploitation is alarming. "We once worked with a company that showed how they connected directly to a relay with just a cell phone—no network required. They gained full control. They even locked out the utility from controlling it. That’s how easy it can be." He expands on how that’s possible. "Until recently, a lot of these relays had DB9 ports on the back. Through that port, you didn’t even need the vendor’s software. If you knew the command structure of the relay, you could interface with it using something like HyperTerminal. That’s what we used to use."

"If you know the relay’s instruction sets, you can just type commands in and change settings. No special software needed—just the right knowledge. That’s a huge security problem." Even worse, much of this knowledge is readily available. "Some manufacturers, like Schweitzer, have made it harder to get user manuals—you have to submit an email and go through a vetting process. That’s a good step."

"But at the same time, those same manuals are still floating around the internet. People have already downloaded them and uploaded copies elsewhere. So they’re out there." And that’s not the only source of intelligence. "You can get a lot of information from public sources—EIA, NERC, RTOs, and ISOs. That includes regional transmission organizations like SPP and MISO, or WECC out west. Plus, DOE publishes periodic reports, like the Transmission Congestion Report. It used to come out every two years—now it's less predictable—but if you know what to look for, you can pull data from those reports that can be used to identify weak points. The information is out there if you know how to find it."

Walk us through how a coordinated cyber-physical attack by Iranian operatives might unfold. What would be their likely targets, methods, and what would happen in the first 24 hours after such an attack?

“There are multiple ways to attack the grid,” Swearingen begins. “Several strategies exist—some of which I can’t talk about for obvious reasons. That’s part of the problem. If I can figure them out, you can bet there are other engineers out there who can too—and not all of them have good intentions.”

Despite the constraints, he outlines a credible scenario for a coordinated cyber-physical attack. “The approach would be similar to what I’ve described before using the Jenga analogy. The attackers would identify key substations—linchpins in the grid—and then conduct reconnaissance. They’d scout the sites, evaluate security—or lack thereof—and collect forward intelligence to plan the operation.”

The operational playbook would be surprisingly simple. “Once a plan is in place, they’d form teams to target those substations. These operatives wouldn’t necessarily need a background in power systems. You don’t need electrical engineers. You just give clear instructions: ‘Here’s your weapon. Your targets are this transformer, that control panel, and that relay.’ That’s it. They don’t need to understand the big picture—just their specific objectives.”

Swearingen continues: “You’d ideally want them to have some tactical skill—not just standing out in the open. A sniper-style mentality. Concealed, deliberate. The key is timing and coordination. It would unfold just like a military operation, hitting multiple sites at once.” The simplicity allows for scalability. “You have the planners who understand the grid and choose the targets, and then you deploy field operatives who only need to follow directions. They don’t have to be military veterans—just people who can execute. That makes it easier to recruit and deploy more people.”

Cross-border infiltration would likely be a force multiplier. “You have teams coming across the southern border. But you also have others already inside the U.S.—individuals loyal to Iran who crossed earlier and are embedded. Those contacts could be activated and told: ‘You’re assigned to this location. Here are your targets. This is what you take out.’ The plans would already be in place—they’d just follow instructions. With the number of people that have crossed, the attacker has a wider pool to work with.”

The physical effects would be immediate and disruptive. “Just look at the North Carolina attack from a couple of years ago—two transformers were shot. Power transformers are incredibly difficult to replace. People throw around numbers—four years, six years—but the truth is, it depends on the transformer. For distribution utilities, transformers typically range from 5 MVA to 20 or 30 MVA. Even those have long lead times—just not as long as the giant ones used by large IOUs or interstate systems.”

The bottleneck is structural. “I’ve designed a lot of these. First, you need a manufacturing slot. That’s your start date. And depending on the manufacturer’s schedule, you might wait a year—or two, even three—just to get that slot. Maybe you move up if someone else cancels, but that’s not guaranteed. That delay becomes a major issue.”

The cyber side adds another attack vector. “Most distribution substations are connected to their SCADA system via some kind of communication link—fiber optic lines or wireless antennas. Some even use directional Yagi antennas. An attacker could splice into that communication line and create a local network—maybe even from a distance—without being seen. They wouldn’t need to be inside the substation. And like we discussed previously, some have demonstrated that it’s possible to access and control relays with just a cell phone.”

More subtle attacks can be embedded quietly. “The most insidious cyber tactic involves relay registers. Many relays have unused registers. If an attacker gets access, they can preload malicious settings into those unused registers. That way, the payload is already sitting there—it just needs to be executed at the right moment.”

This passive approach allows for surveillance, too. “Once they’re inside the relay, they can monitor how it behaves. They can observe load patterns, see when usage peaks, and understand how the substation is being used. That’s dangerous intelligence. With that information, they might even adjust their settings in real time. They might say, ‘We’ve got a bigger window of opportunity here than we thought.’ And then act accordingly.”

You've expressed concerns about Chinese equipment, particularly transformers and inverters with potential backdoors. How widespread is this problem, and what specific vulnerabilities have you identified in equipment currently installed across the U.S. grid?

“There’s been a lot of talk about Chinese-made transformers containing backdoors,” Swearingen acknowledges. “And to a certain extent, that concern is valid. The real issue, though, stems from a broader breakdown in how we oversee critical grid equipment procurement.”

He describes a shift away from rigorous inspection protocols that were once standard. “When I used to spec out a transformer, I made it clear that my awarding of the contract was conditional. I wanted to inspect the production process myself—on-site at the manufacturer’s facility.”

His oversight process was meticulous. “I wrote specific milestones into the contract. For example: when the core of the transformer was being built—when the coil wires were being wrapped—I required a visit to inspect the winding before it was enclosed in the transformer tank. That’s the big tank you see on power transformers. Then, when they were ready to wire and begin testing, I’d come back again. I wanted to personally verify that they were using the exact test equipment and design elements I had specified.”

This included checking for authentic components. “Say I called for a Reinhausen load tap changer to regulate voltage. I’d confirm it was a genuine Reinhausen unit—not a knockoff. I wanted to examine every key component myself. That level of oversight made it much harder for any unauthorized hardware or backdoors to be included.”

But today, Swearingen says, that diligence has largely disappeared. “These days, utilities often don’t enforce that kind of contractual visibility. They’ll award the contract and say, ‘Go ahead and build it. We might come visit.’ Some do show up—but not with the same rigor. Maybe a single site visit at the end. Or maybe none at all. Some just say, ‘We’ll inspect the transformer once it arrives onsite.’”

By then, he warns, it’s too late. “If it’s not built right, you either have to send it back or accept compromised equipment. That’s the real risk we face with Chinese transformers—and it’s driven by that erosion of oversight.”

The same vulnerabilities extend to renewable energy systems. “Another area where this is now being exposed is wind farm and solar farm inverters. These are the devices that allow wind turbines and solar to interconnect with the electric grid. Some of the Chinese-manufactured inverters have what are essentially hidden switches—supposedly there to allow remote maintenance support.”

But Swearingen says those access points are unnecessary and dangerous. “Maintenance access shouldn’t be remote. If the manufacturer wants to help, they can come onsite. You shouldn’t leave switches in the system that can be flipped from halfway around the world.”

These risks often go unchecked in interconnection agreements. “I’ve interconnected a number of wind and solar facilities into grids I’ve managed. And the biggest gap I see is in cybersecurity and physical security requirements. Ideally, every interconnection agreement should include a section requiring inspection for vulnerabilities—especially obvious ones like those switches—before the site is connected to the grid. But that doesn’t always happen.”

When asked about Iran’s role in potential grid threats, Swearingen is direct: “Iran is absolutely capable. Cyberattacks on relays—like the ones we discussed earlier—are within their reach. We sometimes forget: the U.S. and China aren’t the only countries with brilliant engineers. Iran has a large number of highly educated individuals who understand these systems. Their cyber capabilities are just as real as China’s or Russia’s.”

His biggest concern is the infiltration of trained personnel. “When the border was more open, I warned that skilled individuals were likely entering the country—some possibly in organized cells. These aren’t just untrained operatives. These are people with advanced knowledge—military-grade knowledge.” He draws a comparison to U.S. military training. “Think about how we train our own military. We don’t send people into the field unless they’re deeply trained in their equipment and mission. Iran does the same. These individuals are well-prepared, and that makes them a threat wherever they operate.”

The lack of visibility into these networks alarms him. “How much do we actually know about the people who’ve come across the border? That’s not my area—I’m not intelligence. My focus is the grid. But still, do we know their backgrounds? Their affiliations? Their social ties back home?”

He poses serious questions. “What if two people entered the country separately but were trained together? What if they’re now working in coordination—on a mission? I don’t know if our intelligence services are tracking that. But it’s a critical question. Because the evidence suggests that these people are here. And if you want to call them sleeper cells, that’s fine. But whatever the term, the threat is real. These teams could absolutely coordinate to cause major damage to our grid.”

What immediate steps should utilities take to address these vulnerabilities, and what role should federal agencies and lending institutions play in incentivizing security improvements, especially for smaller cooperatives with limited budgets?

"There's something that can be done about it. It's just the willingness to do it," Swearingen says firmly. He believes the first step is returning to common-sense practices that many utilities have abandoned.

"That’s part of the reason for going out there on a monthly basis and having a substation inspection schedule—something a lot of utilities used to do, but have gotten away from. You physically go to the substation, check the equipment, download the relays, and bring the data back so you can see what’s changed, what needs attention—event recorder logs, register info, settings, all of it."

Swearingen says it won’t eliminate threats entirely, but it tightens the surface area attackers can exploit. "It takes a few key pieces off the chessboard. It’s about making the attack harder. But the utility has to be willing to make it a priority."

Smaller Utilities Face Bigger Constraints

“That’s where it gets tricky,” he says. “Each distribution utility is different. Some say they don’t have the staff. Others just don’t see it as urgent. You’ve got to make them care about it—and that’s the hard part.”

He emphasizes that distribution systems are where the danger is, not just transmission.“Distribution is the largest part of the grid. There are thousands of substations out there across the U.S.—and only a few of them, if hit in the right way, could take down the system. It's based on their electrical location. Those are the Jenga pieces we keep talking about. And the scary thing is, we’re not really identifying them.”

Regulators Are Looking the Wrong Way

Swearingen is critical of current oversight. “I helped write some NERC standards, and I’ve always had a problem with how they define the bulk electric system. Distribution substations aren’t even on their radar. They don’t pay attention to them, so neither does FERC. That’s a big blind spot.”

“There’s a little mention of distribution providers in the NERC rules, but it doesn’t come close to covering the handful of substations that could actually bring the grid down.”

He explains how that oversight structure was set up: “FERC, under the Federal Power Act, designated NERC as the electric reliability organization. NERC already existed before 2007, so they said, ‘Okay, you’ve got the infrastructure—run with it.’ That’s how NERC ended up writing the rules. But they’re still not addressing the real problem.”

Rewriting the Playbook on Cybersecurity

“We don’t just need more standards,” he says. “We need a fresh look at the whole thing. Especially distribution. We need to completely reevaluate how we’re approaching cybersecurity for the grid.” And more importantly, we need to make it matter financially. “We’ve got to find ways to make utilities want to do it. That’s what this comes down to.”

For Co-ops, the Tools Already Exist—They're Just Not Being Used

Swearingen points to existing institutions like NRECA—the National Rural Electric Cooperative Association. “NRECA is the main voice for co-ops in D.C. They’ve got a cybersecurity program. It needs work, but it’s there. And they already help set the standards for co-ops under the Rural Utilities Service, or RUS.”

“RUS used to write the standards themselves, but they had staffing cuts and handed that over to NRECA. I helped write some of those. RUS still puts its stamp on it, but the legwork comes from NRECA now.”

He says RUS and CFC (National Rural Utilities Cooperative Finance Corporation) could both be offering targeted funding for cybersecurity—but they’re not doing enough. “They could be offering real financial incentives to help co-ops upgrade their cybersecurity or improve physical security. But right now, all they’re offering through NRECA is a resource. Not funding. That’s the difference.”

The Financial Reality for Small Utilities

Swearingen gets specific about the budget constraints. “With big IOUs, they can file at FERC for rate relief when they build new generation or transmission lines. As long as it’s ‘just and reasonable,’ they get it.”

“But distribution utilities? They can’t file for rate relief. Not at all. I was involved in a case with my own co-op where we tried to become eligible for rate relief through our transmission assets. That case went on for over eight years. That’s typical for FERC. A lawyer could build a whole career on four of those cases.”

He explains the math: “If the CEO tells you, ‘You’ve got $12 million over four years to run and improve the system,’ you’re already tight. Maybe $2.5 million a year just to keep things running. That leaves $500,000 a year for upgrades—$2 million total. That’s not much to work with.”

And co-ops don’t have the same profit structure. “Co-ops are not-for-profit. At the end of the year, they’ve only got three choices: return capital credits to members, pay down debt, or improve the system. And when they think ‘system improvement,’ they’re thinking trucks, poles, substations. Not cybersecurity.” “That’s the root problem. They don’t see cybersecurity as a system investment. We need to change that.”

What Should Be Done Right Now

Swearingen outlines three key actions:

1. Fund cybersecurity directly through RUS and CFC“These groups already provide funding to co-ops. Just give them a dedicated cybersecurity lending or grant mechanism. The co-ops will take advantage of it—if the money is there.”
2. Create a rate relief option at FERC for cybersecurity improvements“For IOUs, FERC should say, ‘Look, if you can prove your cybersecurity upgrades are legitimate and necessary, we’ll grant rate relief under the same standards we use for generation and transmission.’ That’s how you motivate them.”
3. Use insurance to create pressure“There’s another lever: insurance. Joe Weiss has talked about this. Big companies respond to risk. If insurance carriers say, ‘If you’re not doing cybersecurity, your rate goes up,’ and ‘If you are doing it, it goes down,’ that’s a powerful motivator.”

The Bottom Line: Money Moves Utilities

“At the end of the day, utilities are slow to notice and slow to react by nature,” Swearingen says. “But what makes them move is financial opportunity. That’s just how it is.”

“For IOUs, the motivator is rate relief. For co-ops, it’s targeted loans and grants. That’s not the whole solution—but it would go a long way.”

He concludes with the same clarity he’s brought to the rest of the conversation: “If we go back to basic practices—monthly substation inspections, transformer checks while they’re still being built—and combine that with real financial incentives, we’d take a huge step forward. We’d finally start reducing the attack surface in a serious way.”

Author's Analysis

Mike Swearingen’s core message is stark: most utilities already know what to do—they simply haven’t made it a budget or regulatory priority. Closing that “willingness gap” starts with three practical moves utilities can control today, and three financial levers only Washington and the lending community can pull.

First, utilities need to re-adopt disciplined field hygiene. Swearingen wants every substation back on a monthly walk-through: engineers pull relay event logs, download register data, and visually inspect breakers and fences. Many co-ops did this 20 years ago; abandoning the practice left default-password relays and unmonitored log files waiting to be weaponised . Those inspections won’t erase risk, but they remove easy chess pieces from an attacker’s board.

Second, asset owners must treat distribution substations as the front line. There are thousands of them, yet only “a handful”—the high-connectivity “Jenga pieces”—could topple wide areas if hit together . Because NERC’s bulk-system definition skips most distribution sites, nobody is forcing utilities to harden the very nodes a coordinated strike would pick first .

Third, even the smallest utility can launch a relay-password eradication campaign. Swearingen concedes the logistics are ugly—every relay may require a truck roll—but default credentials are the quickest path to a catastrophic breach, and cell-phone demos have already proved how little skill it takes to seize a relay left in factory mode . Until those passwords are gone, every higher-level defence is moot.

The obstacle, as Swearingen repeats, is money. Co-ops and municipal systems can’t recover cybersecurity costs through FERC rate cases, and their annual capital budgets often leave only six-figure scraps for upgrades . That is where federal agencies and lenders must step in:

• RUS and CFC should carve out a zero-interest “cyber modernisation” credit line—dedicated funds that count the same as pole replacements or new bucket trucks when boards review the end-of-year margin decisions . If the money is earmarked, co-ops will spend it.
• FERC must grant the investor-owned utilities the same “just and reasonable” rate relief for verifiable security projects that they already enjoy for new generation and transmission. Tie the relief to measurable tasks—password audits, factory acceptance tests, intrusion monitoring—and IOUs will move quickly .
• Insurers can harden the carrot-and-stick. Swearingen cites Joe Weiss’s idea: charge baseline premiums to companies that can’t prove relay hardening and inspection programs; discount those that can. Nothing motivates a board like a seven-figure delta in annual insurance cost .

Finally, Congress or FERC needs to order a fast-track rewrite of NERC CIP scope. If a distribution node’s “electrical location” could shed more than a quarter-gigawatt or isolate 150 k customers, it should get the same mandatory controls as a bulk-system transformer. Until that happens, attackers will keep aiming at the blind spot.

Swearingen’s prescription is not exotic technology; it is old-school field discipline backed by modern financial signals. Put monthly inspections, password change plans, and supply-chain spot checks back in the operating budget; let RUS/CFC loans, FERC rate relief, and insurance premiums make those line items painless; and expand NERC’s rulebook to cover the very substations adversaries have already scoped. Everything else—AI-driven autonomous defences, deep-packet intrusion detection, zero-trust OT networks—will matter only after those six mundane steps are finished.

About Mike T. Swearingen

Mike T. Swearingen is a retired electric cooperative power systems engineer with over 20 years of experience working in every aspect of power systems operation including control systems, protection systems, transmission design, substation design, distribution design, and NERC compliance as well as regulatory matters. Named a Smart Grid Pioneer by Smart Grid Today in 2015, he is an IEEE Senior Member and holds a patent for a "Security System, Device, and Method for Operational Technology Networks."

Swearingen began his career as a Space Equipment Maintenance Specialist with the United States Air Force at Joint Defense Facility Nurrungar in Australia during Desert Shield and Desert Storm operations. After completing his Bachelor of Science in Computer Science/Mathematics Engineering at Eastern New Mexico University, he spent his civilian career with rural electric cooperatives, progressing from Engineering Assistant to Regulatory Compliance Manager before retiring in 2014 due to Parkinson's disease.

Throughout his career, Swearingen has been deeply involved in industry standards development and regulatory processes. He represented his cooperative as a member of the Southwest Power Pool's Transmission Working Group (TWG), Market Operations and Policy Committee (MOPC), and Market Working Group (MWG). He served as an analyst and independent merit reviewer on several projects at the Department of Energy (DOE) and was a technical advisor for the National Electric Energy Testing Research and Applications Center (NEETRAC).

As an author and researcher, Swearingen has presented and published two IEEE papers: "Real Time Evaluation and Operation of the Smart Grid using Game Theory" and "Regulatory Evolution and its Effect on System Operations and Security." He has published several articles for different periodicals within the power industry and has a paper on ResearchGate titled "Autonomous Self Aware Living Grid." He has participated in and reviewed several standards for publication and serves as an IEEE peer reviewer.

Swearingen co-authored IEEE Computer Magazine articles "There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling" and "Resilient Without Zero Trust." He has spoken at the U.S. Air Force Cyber College, the National Sheriffs Association Annual Conference, ICS Cybersecurity Conferences, and NRECA TechAdvantage. He has also worked with Navy Surface Warfare and Dahlgren Labs on cybersecurity and the AURORA vulnerability.

Since retiring, Swearingen continues to serve as a consultant and advisor to government agencies and industry organizations on power system cybersecurity and operational challenges. He describes his current role as being like "that thick reference book that sits on the shelf that has some dust on it—when they can't figure out why something is happening with the electric grid, either cybersecurity or operationally, they take me off the shelf, dust me off, open me up, and start asking me questions."

For more information, reach out to Mike at michaeltswearingen@gmail.com

Further Reading:

• Physical Vulnerability Assessment Paper (co-authored with Stephen Schill)
• "Real Time Evaluation and Operation of the Smart Grid using Game Theory"
• "Autonomous Self Aware Living Grid"
• NERC CIP Standards Overview