The Enemy We Don’t Know
It is easy to underestimate the threat of an attack on the U.S. electrical transmission grid. It’s an issue that is easily overshadowed by more graphic and dynamic national security threats from abroad. However, there are constant cyber and physical attacks on the U.S. electric grid system each year. The consequences of such an attack, even if its probability is relatively low, are so devastating that they warrant the serious attention of the American public and the American government.
One accidental outage in August 2003 left fifty million without power for two days at a cost of 6 billion dollars and the loss of eleven lives. The initial cause? Poor maintenance of tree branches surrounding some transmission equipment. The damage from an intentional attack could potentially cripple the U.S. economy, the provision of necessary government services, and daily life as we know it. To put it in a comparable light, Secretary of Defense Leon Panetta once described this type of assault “as destructive as the terrorist attack on 9/11.” Considering the Department of Defense depends on commercially owned power for around 85% of its energy infrastructure, an extended blackout across the country would quickly escalate from nuisance to national security nightmare.
The greatest vulnerability here is the physical security of the grid. The primary weakness of the electric grid lies in one of its most critical components, high-voltage (HV) transformers. These transformers regulate the voltage of electricity so it can be compatible across long distances and varied customer bases. HV units make up only 3% of power substations nationwide, while carrying nearly 70% of the country’s electricity. This translates to significant value, in terms of electric power, being consolidated to a very small amount of equipment, making them obvious targets. A Congressional Research Service report in June of this year found these transformers to be the “most vulnerable to intentional damage from malicious attacks.” Each part of the grid is highly interdependent and therefore susceptible to a continuous, cascading failure throughout the system like a disastrous domino effect.
That same CRS report revealed that countless acts of sabotage on the electric grid occur each day (though a majority are cyber attacks, which will be explored in the next installment of this series). Arguably the most well known of these is a 2013 attack on the PG&E substation in Metcalf, California. Multiple gunmen shot at the HV transformer radiators with .30 caliber rounds leading to leaks of the cooling oil. This caused the equipment to overheat, rendering the units inoperable. To date, no one has been held responsible for $15 million in damages caused. Though this case has been the most sophisticated and costly of its kind, other incidents of intentional damage to the electric grid have occurred — arson at a substation in Arkansas, rifle attack at Progress Energy in Florida, and more. Despite the issues that have arisen from these attacks, they are insignificant in comparison to the possibility of a simultaneous attack on multiple HV transformers, which the United States has fortunately never experienced.
The status quo could change quickly and with devastating consequences. Leading experts and research institutes have repeatedly appealed to Congress and the commercial sector to better safeguard the nation’s energy system against the multitude of threats. The Federal Energy Regulatory Commission (FERC) has labeled over two dozen grid stations as “extremely critical,” meaning that disabling at least nine stations during peak demand would trigger a nationwide blackout. HV transformer locations are easily identified due to the units’ bulky size and proximity to the largest transmission towers. It is therefore surprisingly simple to plan an assault.
Bearing in mind the devastating consequences of a rolling blackout that could result from an attack on a substation, security similar to that around prisons, or at the very least public schools, would be expected. In reality, the facilities are typically secured with only chain-link fences, rather than steel bars. Even guards are not part of standard operating procedures, unlike that of most high schools. The assailants can walk right through (well, maybe after cutting or scaling the fence first) and begin to dismantle the basics of U.S. energy security. There are a number of ways it could proceed from there: 1) a device might be utilized to penetrate and short-circuit the steel tank or 2) a long-distance rifle could take aim at the transformer or even 3) the cooling oil leak scenarios used by the perpetrators in the Metcalf, California incident that led to overheating of the transformers.
Once the initial damage has been done, facilities have neither a second line of defense, nor any equipment to moderate the duration of the blackout. The majority of utility companies do not invest in auxiliary transformers because it is essentially cost prohibitive with a price tag of 2 to 7.5 million dollars in addition to 9 months of production time before delivery and installation fees are even taken into account. Though the exact number of backup transformers at each facility is unknown because the information is classified, their prohibitive costs suggest that it is not likely there would be sufficient supply to mitigate consequences in the event of an expansive power outage. Sharing programs, through which companies pool spare equipment, contribute to the lack of sufficient data to more precisely estimate the vulnerability of the electric grid. Through such programs, in the case of an expansive power outage, many companies are entitled to use the same few backup transformers, rendering the share-system essentially useless. In the case of the Metcalf substation, operators were forced to reroute power all the way from Silicon Valley to avert a blackout.
In the years since that blackout, some progress has been made on the physical security of electrical facilities – especially compared to 2001 when security was an afterthought and always the first to go when it came time to trim costs. However, no singular action has been more important than the Nov. 20, 2014 FERC approval of a physical security reliability standard that requires facility operators to assess their vulnerabilities and develop contingency plans. As expected, compliance to the various standards (e.g. surveillance, shielding, modifying layouts) has staggered deadlines over a period of two years, prolonging the current state of vulnerability, but it demonstrates an evolution of the concept of physical security of the grid. Now, as the United States battles various threats to national security both from abroad and from within, the grid, and the devastating consequences of a potential attack on it, must remain a top priority.
This piece is the first in a series concerning the vulnerability of the electric grid. Articles identifying the cyber aspect of grid security, as well as the countermeasures taken so far and recommendations for further policy action are to come.