A federal agency announced this month that it is shifting its focus to physical security around the U.S. electrical grid, after one or more assailants shot at two North Carolina substations in an attack that left 45,000 customers without power.
Authorities investigating the case have still not released a motive or potential suspects as federal regulators turn to an assessment of the nation’s vulnerability to such attacks.
Since the growing sophistication of the internet, conversations about securing the nation’s electrical infrastructure from cyberattacks have been the focus of many federal reports despite credible threats of physical assaults. In August, the U.S. Department of Energy even announced a $45 million effort to prevent cyberattacks on the grid.
The Federal Energy Regulatory Commission (FERC), an independent agency tasked with regulating the interstate transmission of electricity, natural gas and oil, has directed the North American Electric Reliability Corporation (NERC), an Atlanta-based nonprofit, to investigate security surrounding the bulk power system and figure out “whether the standard needs to be improved” and will have 120 days to turn in a report.
NERC will study the effectiveness of current physical security standards and whether the current level of protection should be heightened.
“The security and reliability of the nation’s electric grid is one of FERC’s top priorities,” the agency’s chairman Rich Glick said in a Dec. 15 press release.
“In light of the increasing number of recent reports of physical attacks on our nation’s infrastructure, it is important that we fully and clearly review the effectiveness of our existing physical security standard to determine whether additional improvements are necessary to safeguard the Bulk Power System.”
For years, academic studies and news reports have questioned the physical vulnerability of the power grid system — including whether it can withstand severe weather events — against potential attacks.
A report circulated by the Department of Homeland Security in January 2021 highlighted one such threat, citing a user on the dark web who encouraged attacks on the electrical grid.
“Source posted four photos and a statement in response to the thread titled, ‘How can we further our cause without violence irl?’ The photos posted were of a cellphone tower, large utility pole, transformer and a large antenna on fire. The statement reads, ‘That’s easy. Starve the beast of electricity and communications’,” the report said.
It continued: “In response to another anonymous image board user’s post discussing the implausibility of Source’s original statement, Source stated, “How so? Is there a cop stationed at every utility pole, antenna, transformer, substation, junction box, switchboard, and high tension line in America to watch for a low-profile attack that takes less than 10 seconds to pull off?’”
A DHS intelligence bulletin from January 2022 says that domestic violent extremists, or DVEs, are likely to continue threats towards America’s critical infrastructure.
“DVEs have developed credible, specific plans to attack electricity infrastructure since at least 2020, identifying the electric grid as a particularly attractive target given its interdependency with other infrastructure sectors. Absent significant technical knowledge or insider assistance, small-scale attacks are unlikely to cause widespread, multi-state power loss but may result in physical damage that poses risks to operations or personnel, according to a body of DHS and open source reporting,” the bulletin states.
Because of rumors circulating online about the North Carolina substation attack, investigators are looking into whether the attack was aimed at preventing a local drag show in Moore County, where organizers said there had been previous threats to shut it down.
The U.S. power grid system is split up into three main sections: eastern, western and the Electric Reliability Council of Texas, which covers most of the state. These three interconnections make up more than 7,300 power plants, nearly 160,000 miles of high-voltage power lines, and millions of miles of low-voltage power lines and distribution transformers, which connects 145 million customers, according to the U.S. Energy Information Administration.
While there are more than 55,000 substations across the country, a small number of them play outsized roles in powering homes across large regions, according to a 2014 report by the Wall Street Journal, which referenced a FERC study that found knocking out nine critical substations could cause a blackout a majority of the country.
Mark Dyson, managing director of the Rocky Mountain Institute, a nonprofit founded in 1982 to help improve America’s energy practices, said he and his team work directly with utilities on grid monetization and grid-hardening programs to help better secure them across the country.
“The problem is that we built this power grid that we have in the United States over the past 100 years … and by design, it relies on single large pieces of equipment, like power plants and transformers, knitted together over thousands of miles all operating in synchrony at a continental scale,” Dyson told Yahoo News.
“What we can do is make that system less likely to fail catastrophically by putting more of the assets closer to the customers that use them … and by doing that, we make it easier for that system to bounce back when it is disabled or when it is damaged.”
Power outages, while a massive inconvenience to some, could be life-threatening to others when areas are experiencing extreme weather like heat waves or cold temperatures.
Dr. Granger Morgan, who was featured in a “60 Minutes” segment in February about the grid’s physical vulnerability, spoke to CBS News following the substation attack in North Carolina.
“We’ve known the power system is very vulnerable to physical attack, and we’ve known this for decades,” Morgan, a professor who chaired three National Academy of Sciences reports on the power grid for the U.S. government, told CBS News. “We’ve made a bit of progress, but the system is still quite vulnerable.”
He added that it’s vulnerable partially because of its accessibility: Many of the nation’s 55,000 substations are blocked only by chain-link fences, and the equipment is easily accessible once within the fencing.
But there have been efforts to upgrade the nation’s infrastructure. The Department of Energy, under the Biden administration’s new infrastructure law, announced in November that $13 billion will go towards expanding and modernizing the electric grid.
The government is not in control of the system, so it will have to work with electric grid owners and operators to divide the funds and initiate the projects.
The information sent out by DOE mainly addresses issues outside of human threats, in an effort to “improve the resilience of the power system against growing threats of extreme weather and climate change.”
“The federal government has less jurisdiction on physical security,” Dyson said. “There are ways that the federal government can propose standards on utilities for cybersecurity … but when it comes to physical systems, those are all basically state jurisdictional — most of them anyway. Therefore, it has been left up to the states and often individual utilities to choose the level at which to prioritize the physical security.”