The U.S. power grid is extremely vulnerable to attacks. You would never know it, but there have been a number of debilitating attacks over the past few years. In the past year, there seems to have been a wave of them. One recent malicious attack occurred in Moore County, North Carolina, on December 5. The Moore County grid was hit by gunmen and went down for almost five days affecting power for about 45,000 customers.
The scary thing is that many Americans remain completely in the dark about how vulnerable our grid is. And no one seems to be talking about it. Many of the substations are outdoors, located remotely, and surrounded by nothing more than a chain link fence. There is often very little that stands between the grid and your average criminal. Unfortunately, in many cases, it isn't your average criminal who targets these facilities but professional actors—foreign and domestic—who carefully surveil and plan attacks to avoid detection. These events are not one-offs either. The attacks happen much more frequently than most realize. Alarmingly, most Americans have no idea that many of these attacks are not innocent mishaps; rather, they are the purposeful sabotage of an aging and weak infrastructure ripe for attack.
Navy Reserve officer Joshua Steinman commented on December 10 about the recent "wave of recent low-key attacks on the U.S. power grid." Steinman says such attacks are likely the work of "professionals," requiring time and planning. According to Steinman, critical infrastructure in the U.S. is primarily made up of "soft targets with low defensive postures" and is, therefore, highly vulnerable to attack. Moreover, Steinman contends the recent targeted locations seem to be near high-value locations like military bases. He ominously states that "These are not normal locations," says Steinman.
Steinman believes it is no coincidence that the December attack on two power substations in North Carolina was near Fort Bragg. Likewise, the other attacks in September and November were located in Florida and the Northwest and near military bases and places with high military presence.
President Trump brought Steinman to work on the National Security Council in a "top cybersecurity job" in 2017. Steinman was a former "strategy executive at the security firm ThinAir Labs; he was also a "liaison between Silicon Valley and the Pentagon as part of the military's Defense Innovation Unit Experimental program" since 2015.
The U.S. Government Accountability Office (GAO) wrote a blog in October on the vulnerability of the U.S. electricity grid to cyberattacks. The GAO cites two prior reports from 2019 as a basis for the blog. The 2021 GAO report states that the Department of Energy (DOE) needs to better understand "the risks to its distribution systems." According to the GAO, the DOE has focused more on "risks facing the grid's generation and transmission systems."
GAO writes the U.S. electricity grid is "really three interconnected transmission grids covering the contiguous United States, as well as parts of Canada and Mexico. It is roughly divided into the western states, Texas, and the eastern U.S. and Midwest. These three interconnections operate independently to provide electricity to their regions." They concluded that the "scale of potential impacts from such attacks is not well-understood." A national cybersecurity strategy involving "routine oversight" and the "hiring of dedicated cybersecurity personnel" will help to protect the distribution systems.
Hacker/GAO/https://www.gao.gov/blog/securing-u.s.-electricity-grid-cyberattacks
North Carolina Attacks are a Reminder of the 2013 Metcalf Power Substation Attack
The attacks in North Carolina "plunged 45,000 homes into freezing darkness" in Moore County. Will Manidis wrote a thread on the N.C. attacks, saying it was "a sober reminder of" the "most important terror campaign you've never heard of—" referencing the 2013 attacks on the Metcalf Power Substation in San Jose, California. "Highly skilled gunmen opened fire" and "in just under 10 minutes, disabled 17 transformers and caused $15 million in damages." The incident resulted in a U.S. government-simulated attack on the electrical grid and a follow-up report in March 2014. One of the report's conclusions was that groups of "unskilled actors" can "easily disable a majority of the U.S. grid." The event is still unsolved.
The PG&E-owned Metcalf location provides Santa Clara Valley with power. "Facebook, Stanford are all on this grid," said Manidis. Unknown actors cut fiber-optic lines at 12:58 a.m., causing a loss of internet and phone service. Cables in the vault near the Metcalf substation were also cut. A "muzzle flash of rifles" was recorded on a surveillance camera near the substation.
eXtcn49sCIBrhB4Tt0RWJA
By 1:45 a.m., the first bank of transformers had leaked 52,000 gallons of oil and overheated. A "control center about 90 miles north received an equipment failure alarm." According to Manidis, it became "incredibly clear how professional" the operation was. "Of the 100+ shell casings found, all had been wiped clean of fingerprints. There were also stacks of rocks found all over the site, commonly used to gauge firing distance." The attackers knew exactly what they were doing. They shot directly at cooling fans, "the weakest part of the transformer," and they knew where to dig to find the fiber optic cable. They also allegedly knew all of the camera locations. No one knows how they entered the site. According to Manidis and the 2014 report, "Metcalf was not one but two terror attacks on a critical piece of infrastructure" likely carried out by a "team with special forces experience."
Similarly, in Moore County, North Carolina, two power stations were hit with gunfire, and a wooden gate was cut open. The power was out for nearly five days, plunging communities into a state of emergency. A manhunt continues for what is now being called a "deliberate attack."
Florida Attacks
Electricity isn't the only utility threatened by bad actors. There have been several attacks targeting water supply in major urban areas. Both Florida and Houston water supplies were affected most recently. Urban water security has received little or no attention from academics and government officials. A tainted water supply is a potentially life-threatening event for thousands of citizens, and we rarely give it a thought.
Break-ins were reported at six substations across Florida in September 2022, according to a Duke Energy report filed to the Department of Energy. The attacks took place on September 21 and 22 and are all "miles from McDill AFB," according to Steinman. There were also cyberattacks on Oldsmar's water supply in 2021 in Pinellas County. According to The Tampa Bay Times:
"The attackers briefly multiplied the amount of sodium hydroxide, or lye, used in the city's water treatment by a factor of more than 100. Though the attack was quickly recognized, that action alone could make it the most successful cyberattack on critical infrastructure in the U.S. to date.
The hacker got into the plant's computer system through software that allows supervisors to access the system remotely. It was the equivalent of walking through an unlocked front door."
Steinman also mentions that the Houston water shortages in late November were due to "a very unique power infrastructure failure." Transformer failures there resulted in a "cascading event," causing water loss for nearly two days. "Nearly 2.2 million Houston customers were affected by the 36-hour boil water notice that began on November 27, 2022." 276 schools in the area were forced to close on November 28.
Oregon and Washington Substations Attacked in November
Four Pacific north-west utilities were also attacked in November. The Bonneville Power Administration reported a physical attack on the morning of November 24. The damage and cleanup have cost "ratepayers" in the region "hundreds of thousands of dollars" because of the vandalism and damage caused at a Clackamas, Oregon, substation. According to kuow.org, "Two people cut through the fence surrounding a high-voltage substation, then 'used firearms to shoot up and disable numerous pieces of equipment and cause significant damage.'"
Puget Sound Energy has confirmed attacks on two of its substations in Cowlitz County in November and is now working with the FBI to investigate. In Washington, the damage included "setting the control houses on fire, forced entry and sabotage of intricate electrical control systems, causing short circuits by tossing chains across the overhead buswork, and ballistic attack with small caliber firearms." This leaves a total of 6 attacks since mid-November in the Pacific Northwest.
After the attacks in North Carolina, NewsNation wrote about a nationwide memo from federal law enforcement officials warning of "threats to U.S. power grids." There has been speculation the attacks in North Carolina are connected to "white supremacist ideology," although that has yet to be confirmed. In February, the DOJ announced "three men plead guilty to crimes related to a scheme to attack power grids in the United States in furtherance of white supremacist ideology. The defendants, in this case, wanted to attack regional power substations and expected the damage would lead to economic distress and civil unrest," said Assistant Director Timothy Langan of the FBI's Counterterrorism Division.
Steinman believes that these operations can be foreign or domestic. He says our poorly protected infrastructure is easy prey for cartels, criminal gangs, and "native U.S." outfits. Anarchist/leftist groups have a history of conducting violent, decentralized operations in the U.S., according to a 2020 article from The American Mind on the history of Antifa. Foreign actors, say, Steinman, are likely to engage in "clandestine or covert acts" using "assets" here in the U.S. to avoid detection and blame.
Steinman states that such attacks are often not recognized for what they are when foreign entities are involved. Steinman continues:
"Imagine being the foreign government trying to send a message, and on the U.S. side, there is nobody receiving the message. If a tree falls in the forest... In that scenario, a nation in conflict with the U.S. is trying to send a message: 'We can take down your grid.' Translated across oceans, through a dozen+ coordinated yet deniable attacks, it's very possible nobody even understands a message is being sent."
Americans are far too naive about the vulnerability of our national infrastructure. We need to recognize these attacks' implications better and question them when they occur. Steinman adds, "[T]ackling these types of challenges comes down to very human problems: communication, coordination, correlation." The key, he says, is to "talk about this stuff openly [because] it is one of the few tools we have left."
