Security in the Sights: Utilities Face Armed Physical Security Threats
Back in March 12, 2014, the Wall Street Journal ran a piece about the risk of a far-reaching, long-lasting power outage in the U.S. if the power grid were sabotaged at just a handful of vulnerable spots. The basis of the report was a study done by the Federal Energy Regulatory Commission that was shared with Congress, the White House and industry officials, but was kept private from the public.
Industry reaction to the WSJ report was intense. Then-Acting Chairwoman of FERC Cheryl LaFleur said the report was “highly irresponsible.” Then-Sen. Lisa Murkowski (R-Alaska) called for the Energy Department’s Inspector General to look into how the newspaper obtained the information it published. A release from the Edison Electric Institute quoted its president, Thomas Kuhn, as saying FERC, Congress and the administration should investigate the disclosure.
As a reporter who writes about the energy sector, I’m of two minds on this. I understand why, then and now, talking about power grid vulnerabilities publicly is going to upset some. I do not think talking about a problem makes it more likely to happen. I was taught in journalism school that where there are systems that aren’t working the way they should, it should be investigated and discussed.
At the same time, the power grid is seeing an uptick in attacks, and this is a scary thing for everyone who uses electricity. That is to say, everyone.
Physical attacks on the power grid are at their highest level since 2012, according to federal records examined by Politico. This includes 101 physical or computerized attacks reported from August 2022 to December 2022.
In one major incident, two Duke Energy substations in Moore County, North Carolina were shot at, which caused power outages affecting about 45,000.
Another attack came Christmas Day when four substations operated by Puget Sound Energy and Tacoma Public Utilities, touching off an outage affecting 14,000 customers.
“Is there something more sinister going on?” Richard Glick, then-chair of the Federal Energy Regulatory Commission, wondered aloud at a December 2022 press conference. “Are there people planning this?... I don’t think anyone knows that right now. But there’s no doubt that the numbers are up in terms of reported incidents.”
It is difficult to talk about incidents like these, which appear as though they could be coordinated in some way, but may not in fact be part of any larger, more nefarious plan. You risk doing a terrorist’s work for them, speculating beyond what the evidence shows.
“Are we going to have armed guards at every substation, every transformer in the country, in order to make sure this doesn’t happen?” FERC Commissioner Willie Phillips asked in January 2023, referring to the North Carolina attack. “Or [are these attacks] something that we can just expect more often?”
If people taking what could be called potshots at power infrastructure may not be that compelling, but there have been disruptions of domestic terrorists who testified they planned to trigger wider societal chaos by knocking down the power grid.
In Maryland, some Florida-based neo-Nazis planned to target the Baltimore power grid with sniper fire, according to an Associated Press report from February 6, 2023. One of the conspirators said the plan hinged on targeting the grid during cold weather during a time of peak electricity demand. The FBI emphasized their finding that the conspirators were not merely talking about such an attack, but actively taking steps toward carrying it out.
In my area, the Pacific Northwest, there have been 15 attacks on the power grid since June 2022, making the region a bit of a hotspot, according to Oregon Public Broadcasting.
When asked for a comment on power grid vulnerabilities, the Western Electricity Coordinating Council, the entity in charge of system reliability for the Western Interconnection, said it could not comment on any specifics, but provided a statement it put out jointly with NERC. The statement condemned the attacks and stated that the entities will continue to work with law enforcement before reviewing federal critical infrastructure protection (CIP) standards.
“NERC and industry take cyber and physical security extremely seriously. Among our Critical Infrastructure Protection (CIP) standards is a mandatory physical security standard (CIP-014) that requires utilities to have measures in place on their most critical assets to prevent cascading or uncontrolled outages on the bulk power system should a physical event take place and also to have methods in place to defend from such an attack,” according to the joint NERC/WECC statement.
Guarding Against Vandals
Rick Ladroga, CEO of AI Electrical Power Industries and a power engineer for more than 30 years, took some time to answer my questions while traveling across the U.S. to investigate the failure of a pair of transformers. He said physical security at substations and other vulnerable points on the grid has always been an issue, though perhaps not as much as today.
“I investigated a failure of an 840 MVA shell-form transformer 15-20 years ago in Missouri. The failure happened because an older retired man got himself liquored up and decided to do some shooting. His weapon was a deer rifle and his target was 161 KV transmission line insulators. He got one, and it flashed over several days later on a rainy day, causing millions of dollars in damages,” Ladroga said.
For this act of drunken vandalism, the man was never charged with any crime despite the impact on the power grid. Those involved preferred that the incident not be shared with the general public at the time, Ladroga said.
Ladroga pointed out that cemeteries, freight rail and other properties are targeted by people whose only motivation is to break something.
“It’s sick and twisted, but it’s there,” he said. “If these recent attacks on electrical assets were strategically planned and coordinated then the resulting damages and outages would be far greater and more severe in nature.”
The high-profile substation attacks in Washington and in North Carolina happened to be on substations that did not rise to the level of criticality that they would be subject to the CIP-014 requirements, according to the statement. It went on to call the events “unrelated,” but alike in the sense of showing that the physical vulnerabilities of the grid must be evaluated continuously.
CIP-014-1 requires utilities to identify T&D facilities and assets that, if damaged or made inoperable, could cause a cascading failure, widespread instability or uncontrolled separation within an interconnection. For facilities falling under this standard, the CIP requires recurring risk assessments, third-party reviews, security plans and resiliency countermeasures.
The standard was adopted about a year after PG&E’s Metcalf substation was hit with long-range rifle fire in an April 2013 incident that caused about $15 million in damages.
While the FBI eventually determined that the attack was not terrorism, but likely an act by a disgruntled employee, the incident spurred state and federal actions.
That white paper also states that even a well-coordinated attack on distribution facilities is not likely to result in a widespread system disruption or cascading outages because local grids have redundancies built in. Also, any individual distribution substation serves a relatively small service area.
“Depending on the design of the distribution system, redundancy can be built into system such that disruptions can be limited, and an affected distribution circuit can be served by an alternative substation,” according to the CPUC paper.
Given that there are more than 55,000 substations, some 200,000 miles of transmission line and 6 million miles of distribution lines in the U.S. according to Department of Energy Office of Electricity statistics, it is not practical to, say, assign security guards to each, or even put every asset under surveillance. These grid assets don’t just take up a lot of space. They are often built in isolated areas to boot, since people tend to want T&D equipment out of their way whenever practical.
Assessing the Threat
So the power grid presents would-be attackers with a target-rich environment. But how much of an issue is people shooting guns at power grid equipment?
Senior Vice President of Grid Security, Technical and Operations, with the American Public Power Association Adrienne Lotto said it is important enough for her group to pay careful attention to.
“This is certainly an area of concern for APPA. Grid infrastructure and equipment are often located in rural areas and ballistic/firearm damage can occur for a variety of reasons—ranging from accidental/hunting discharges to vandalism/malfeasance,” Lotto told T&D World. “That being said, it’s important for people to know is that those who target grid infrastructure will be tracked down and prosecuted to the fullest extent of the law.”
How damaging such attacks might be depends on the targeted assets, the weapons used, or even the conditions of the global economic system, Lotto said.
“Pole-top or substation transformers can get very expensive and increasingly hard to replace in the current supply chain environment,” Lotto said.
Larry Fitzgerald, Director, Security & Emergency Management for the TRC Companies said the threat profile is changing.
“Random events where distribution or even transmission grid equipment are vandalized by firearms have been going on for many years, often from a kid with a new firearm or a hunter on a slow day. What has changed in the last decade is that substations have started to be specifically targeted to cause outages on a local or regional basis. In the last 6 to 9 months the frequency of ballistic attacks against substations has increased substantially,” Fitzgerald said.
The attacks are often a mixture of “lone wolf” attackers, or small groups of terrorists, or individual thieves looking to strip valuable materials from equipment.
“There have been several recent publications and books by radically or ethnically motived groups and extremists to target various types of infrastructure using both explosives and ballistics weapons to cause damage and disruption often with the intent to undermine society and trust in various institutions such as the government and the reliability of the power grid,” Fitzgerald said.
Fitzgerald said no one solution for physical security is unbeatable, whether they are area denial measures, shielded components, surveillance or patrols, but he added that a combined approach is the best for foiling all but the most determined attackers.
“There are many things that can be done to protect T&D facilities from ballistic attacks. Not one of them by themselves are foolproof, but layered and properly coordinated with other strategies, to build capability around the deter, detect, deny, delay, respond and recover security taxonomy would be the most effective,” he said
Specifically, he said, fences should be made higher and more critical components need to be located toward the center of the substation rather than along the fence line. This kind of layout, combined with randomized patrols and cameras that include thermal imaging would boost security from there.
“Electronic system such as outward facing ground radar, gun-shot detection and other systems can provide early warning of an unauthorized person approaching or using a firearm near the facility. Other technologies also can provide early detection and could be part of a layer security approach, along with ballistic hardening of critical areas,” he said.
Stopping Bullets
Major manufacturers such as Siemens, Hitachi Energy and ABB have brought shielded transmission and distribution gear to market, and other vendors sell barriers and panels that meet the UL standards for protection against ballistic projectiles.
The Idaho National Laboratory was led to develop the Armored Transformer Barrier system after the 2013 Metcalf substation attack, and it has since been licensed for production.
The barrier is made of military grade steel that is “inexpensive, yet rugged,” according to the laboratory. It was tested to defend critical infrastructure from explosives as well as high-powered firearms, as well as natural disasters like a Category 2 hurricane.
The barriers come in four pieces: an A-frame, a pair of armor cassettes that slide in and an optional extension that makes the barrier taller for added protection. The design is modular and can be shipped disassembled before being installed with common hand tools, utility cranes and forklifts.
“AssetShield is an impact and fragmentation-protective system for substation equipment such as transformers, switchgear, circuit breakers, and capacitors. It reduces the kinetic energy of the bullets and reduces spalling after impact,” according to a release by ABB.
“Absolute physical security for a substation is not practically achievable, but with AssetShield and other protective actions, it is possible to minimize the damage, prolong service and restore service more quickly when there is an attack.” said Emily Heitman, Vice President and General Manager of Commercial Operations for Power Transformers in North America.
Right-Sizing the Response
Reasonable security measures are not judged by how well defended assets are, but on how robustly the grid is built as well as protected. If we build the power grid in a way that offers up fewer weak points, then these kinds of physical attacks could become less of a threat. Effective risk mitigation would address both the likelihood of these attacks and lower the consequences of one, should one happen.
As was said in the introduction to this piece, responding to terrorism is tricky because nobody should want to terrify people into a feeling of helplessness or despair. This is doing a terrorist’s job for them. A response should be proportionate to the threat itself.
If FERC, in its investigation into the issue, was correct to say an ill-timed shooting could paralyze the power grid if demand was high enough and if the attackers knew precisely where the weak points were, then conceivably engineers could shore up those weak points without needing to assign security guards to every substation in the country.
Manny Cancel, CEO of The Electricity Information Sharing and Analysis Center (E-ISAC) and Senior Vice President with NERC, said incidents involving ballistic damage or gunfire are quite rare when compared with petty theft and vandalism.
“Those types of incidents, those with ballistic damage or gunfire, are the overwhelming minority of incidents. So fortunately, there aren’t that many of them. There are a lot more of them are that are theft, people breaking in to steal copper wires, or defacement,” Cancel said.
A relatively small number put the power grid into what is called an operating contingency, meaning damage that makes equipment operate at less than maximum efficiency, or worse yet, an outage.
“That being said, they are significant, and we don’t want people shooting at critical infrastructure. After these most recent incidents in the Seattle-Tacoma area and in North Carolina, we issued guidance on how utilities could harden their assets if they wanted to, and recommendations on what they could bring to bear, from fencing and barriers to cameras and patrols,” Cancel said.
While conceding that the public does not know all the facts about every physical attack on the grid and who is perpetrating them, the latest major incidents seem to show that people damage power grid equipment for a variety of motivations.
“We don’t know all the facts, but if you look at Seattle-Tacoma, they were thieves. The Baltimore incident, which the FBI got ahead of, they were ideologically motivated. The adversary here kind of runs the gamut,” he said.
Cancel added that E-ISAC monitors some of the internet’s darker corners where extremist groups are talking quite a bit about disrupting the power grid to achieve their goals, even though they may not necessarily know how to carry out such plans.
The existing standards, like NERC’s CIPs, have done a good job protecting the interstate bulk power grid in North America, he said.
“These [standards] are less focused on distribution assets. That being said, many of the protections that are in place with the CIPs are used in other power stations. But there are so many substations that it is impractical to implement them all of them, so everyone has to evaluate their own needs and risks,” he said, adding that any changes made to regulations should be about right-sizing them to the individual risk profile.
“Some facilities do invest in ballistic protections,” he said. “It all depends on the risk profile of the specific asset. Let’s say a station gets taken out. But the grid is very resilient. Maybe you design the grid differently so we can engineer it so it’s more resilient.”
Although the industry has taken security, cyber and physical, seriously for decades, sometimes a fresh look is needed, he said.
“Sharing information is critically important now. You should report stuff, and whether you want to report it to ISAC or not, you should report it to local law enforcement,” he said.
Ladroga said the current regulations and industry best practices may need to be revised to account for more brazen attacks.
“Substations today need much better security,” he said. “There are a number of measures that can be taken, including security walls and fences, cameras, and manning critical assets with security forces.”
Cameras and lighting offer the lowest costs, with barriers and guards being more expensive. Still, Ladroga agreed that no one solution offers perfect protection.
“If an individual or group is determined to take out our grid, they can do it. That same fact holds for almost anything in our society. That is one of the main reasons why no one in the industry really ever talks about this issue,” he said. “It’s a similar story for the banking industry. They lose billions each year in electronic hacking incidents. They choose to keep the losses private to hopefully prevent others from trying.”