But now the government is involved and look out!
It finally leaked, and it’s all over the news now: The Wall Street Journal reported on Jan. 7 that last April the Pacific Gas and Electric Co. (PG&E) Metcalf substation came under attack. Fiber optic and phone lines were cut, and more than 100 rifle rounds were fired into substation equipment, disabling a number of large transformers. Damage was estimated at around $16 million. Metcalf substation is a major 500kV substation in the South San Francisco bay area. I worked on R&D projects there several times and remember how accessible it is.
The transformers didn’t explode, which would usually be expected. And the outages were minimized by rerouting the power.
Now maybe the attackers were just naïve about the system, or maybe they were just practicing for the big one, because with a little more effort they could have majorly shut down the cities by the Bay.
But, really, experienced utility industry folks throughout the United States have always known the vulnerabilities of almost all utility structures. We’ve even recently seen utility attacks in other countries. See Terrorism: How Vulnerable is the Grid? (http://tdworld.com/blog/terrorism-how-vulnerable-grid )
So why aren’t we better prepared? Several reasons – the biggest is that no one really knows what to do unless we build giant enclosures around substations and underground transmission and distribution circuits. Good luck with that one!
Then there’s the hyper-attention that cybersecurity gets. The government, through the DOE loves to fund those glitzy research projects, even though utility leaders have tried to communicate that no one will resort to traceable high tech when they can simply stand a half mile away with a rifle and blow out a transformer that could take weeks or even months to replace.
Well, now we have the government’s attention. The Wall Street Journal said that Sen. Dianne Feinstein, D-Calif., and some other senators are going to ask the Federal Energy Regulatory Commission (FERC) to "set minimum security standards for critical substations."
So the DOE will continue to shell out taxpayer money to cybersecurity consultants while committees start forming to study the problem and pump out drafts of paper standards.
Looking at the glass half full, at least it’s a start!