Electricity is the lifeblood of our digital world, making it more important than ever that we keep our energy secure and constant. Unfortunately, the stability of the power grid is threatened on a weekly basis. In 2015, journalists at USA Today analyzed federal energy records and found that approximately every four days, part of the nation’s power grid is struck by a cyber or physical attack. These attacks take place against sections of the power grid across the country, no matter how urban or rural the region.
While the focus is often put on cyberattacks in the current age of digital transformation, physical attacks on the U.S. power grid are still a real and dangerous threat. In fact, USA Today stated, “Between 2011 and 2014, electric utilities reported 362 physical and cyberattacks that caused outages or other power disturbances to the U.S. Department of Energy. Of those, 14 were cyberattacks and the rest were physical in nature.” In other words, more than 96 percent of attacks on the power grid were physical attacks during that three year period. This goes to show that while, of course, cybersecurity is of the utmost importance, it is vital to invest in physical security when it comes to our nation’s critical infrastructure.
The Problem with the Power Grid
The vulnerability of the power grid is emphasized because of its interdependent nature. Electricity, which is created in power plants, travels through a network of substations, high voltage transmission lines, utility lines, and converters before it safely enters consumers’ homes and offices. With this system if multiple variables fail simultaneously, it could have a butterfly effect that causes major outages spanning from a few hours, weeks, or even months.
Even though this network plays a vital role in our everyday life, it isn’t uncommon for substations to have limited security that relies on reactive security practices, rather than proactive measures. Vital equipment, like transformers, are often out in the open with little protection, and many substations are frequently left unmanned with only a chain-link fence to deter intruders from attacking the system.
While others may employ security cameras or alarms, without someone constantly monitoring the security system, it’s easy for intruders to inflict damage before being intercepted. The lack of sophisticated security measures can leave the power grid vulnerable to physical attacks, ranging from terrorism and sabotage to theft.
In 2014, the Federal Energy Regulatory Commission (FERC) made an effort to ensure better physical protection of the grid by requiring “enhanced protection for individual substations that if rendered inoperable or damaged could result in widespread instability.” Unfortunately, because of its focus on larger substations, the requirements only applied to 350 of the approximate 55,000 substations in the U.S., according to the Wall Street Journal. While this was a step in the right direction, the interconnectivity of the power grid means that small substations can lead to blackouts almost as easily as larger substations.
The ideal solution is to increase security measures at each substation, but budgetary constraints can limit security implementation. Utilities are a regulated industry, and according to the Wall Street Journal, any increases in spending must be justified to regulatory agencies before passing the costs on to ratepayers - the people who are purchasing electricity.
Therefore, it’s important to keep quality and affordability in mind when identifying and enacting security measures. These costs will be covered by the public, and no one will be pleased if their electric bill suddenly doubles or even triples - even if it does mean a more secure power grid.
Implications of Attacks on the Power Grid
If intruders were able to successfully attack the power grid, the outcome could range from a slight power outage to a mass blackout that takes days to restore and has a detrimental impact on everyday life. For example, according to USA Today, a mass blackout in 2003 shut down the stock exchange, directly contributed to the deaths of 10 people, and indirectly caused the death of 90 people because of sweltering heat and air pollution.
It’s important to keep in mind our reliance on electricity in our connected world. An attack on the power grid would not only take away our ability to charge cell phones, power traffic lights, and refrigerate food, but it also would cut power to water treatment plants and hospital healthcare systems, making cascading outages a matter of life and death. Not to mention, the effects of an outage could extend beyond physical health to the nation’s financial health, with damage likely costing billions to repair.
Power Grid Attacks from the Past
Incidents from the past provide insight into how future physical attacks could occur and emphasize the need for updated physical security measures. Below, we briefly outline the events of past attacks. While a majority of these attacks are often committed by metal thieves or angry employees, others are sophisticated, planned attacks - all of which highlight the need for increased physical security measures.
Metcalf Sniper Attack
We’ll begin with one of the most well-known and expensive power grid attacks: theMetcalf Sniper attack. Referred to as “the most significant incident of domestic terrorism involving the gridthat has ever occurred,” the incident tookplace on April 16, 2013 when a team of gunmen opened fire on the Metcalf Transmission Substation in San Jose, California. By the end of the attack, the shooters had severely damaged 17 transformers that funnel power to Silicon Valley. It caused more than $15 million of damage that took 27 days to repair. The event started the conversation about increased grid security and prompted the 2014 FERC changes we described previously. Image Source: CNN
Liberty Substation Attack
In November of 2013, at the Liberty substation just outside of Phoenix, Arizona, the alarms sounded for two days before an electrician was dispatched. When he arrived, he found the fence had been slashed open, the steel door ajar, and the station’s computer cabinets broken in. He also noted that eight of the 10 security cameras had proven useless because they were broken or pointed at the sky. Just two weeks earlier, the fiber-optic cables at the station had been cut, causing a two-hour communication outage, and then two months later, the station was attacked again. Although the attack was unsuccessful, the newly-installed security cameras failed once again.
Buckskin Substation Attack
A more recent incident occurred in Utah in September of 2016. A gunman shot three to four shots into a high-voltage transformer in Garkane Energy Cooperative’s Buckskin Substation. Coolant spilled from the transformer, causing it to overheat, and nearly 10,000 homes and businesses were without power. While half of them were able to regain power within a couple hours, others had to wait for more than seven hours. Fortunately, the transformer was not damaged to its core, making it possible to refurbish it rather than replacing it altogether. Experts commented that had damage been more extensive, replacement and repair could have grown from a matter of weeks to a matter of months.
While the above cases did not cause weeks of outages, we must think beyond individual attacks. If these events were to take place simultaneously, it could have a cascading effect that leads to major outages across the nation. To prevent more serious outcomes in the future, it’s vital that we focus on better protecting the power grid now.
Updated, Increased Security Measures
It’s time for power grid security to reflect the importance of electric utilities in our world today. By implementing updated, increased physical security measures at substations across the U.S., we can better protect facilities from future attacks. A footstep detection system, like Pathfinder, provides an affordable solution as a standalone product or as a part of an integrated security plan. It can be used asymmetrically to protect substations, using fewer sensors at a lower cost and gaining an earlier warning of activity.
With Pathfinder you not only get an undetectable security solution, but also the ability to improve your threat assessment and shorten your critical response time.The sensors, which send alerts to an app on your cell phone, are placed at critical points of penetration, or points of vulnerability that may be easily entered by an intruder. By monitoring for movement in the right areas, Pathfinder alerts facility personnel of suspicious activity before damage occurs.