Attacking U.S. Energy Infrastructure: How Vulnerable is the United States?
Although the United States is enjoying a boom in domestic energy production, key energy infrastructures are still highly vulnerable to attack, and such attacks could yield catastrophic results.
As the United States reaps the benefits of its newfound shale oil and natural gas reserves, U.S. businesses and citizens alike cannot help but feel secure in terms of their nation’s energy security situation. Natural gas is slowly replacing inefficient, high-emission coal in electricity production, investment in renewables has outpaced fossil fuels, and the United States is forming new energy partnerships around the globe, all leading to increased U.S.energy security.
However, key energy infrastructures of the United States, particularly the aging electrical grid, remain highly vulnerable to attack, leaving banks, hospitals, and other critical sectors at risk. Measures must be taken to update and protect these vital installations to ensure the safety of U.S. citizens as the country continues increase its reliance on computerized systems.
There have already been multiple attacks against energy installations at home and abroad, including against U.S. companies. According to a recent analysis released by the National Consortium for the Study of Terrorism and Responses to Terrorism (START), terrorist attacks on energy and mining-related targets increased dramatically in 2013 and 2014, and several key attacks have already occurred this year, including an Islamic State (ISIS)-led attack on a U.S.-owned gas company in France.
In addition to attacks abroad, the physical vulnerabilities of the United States’ domestic electrical grid certainly should not be underestimated. Key power plants and transformers that supply electricity to critical institutions are often left unguarded and outdated. These aging networks amplify the impact of localized failures. In 2013, for example, a 19-minute sniper attack on a California substation destroyed 17 transformers, cutting power to all of Silicon Valley, home to some of the world’s largest high-tech corporations. Implementing such attacks is not difficult, according to U.S. authorities. The Federal Energy Regulatory Commission (FERC) stated that a coordinated attack on the U.S. electrical grid would only need to destroy a few of the over 50,000 substations to cause nationwide blackouts. Moreover, much of the United States’ grid support is built overseas, meaning recovery times are prolonged: getting replacement parts can take up to 18 months. Stockpiling transformers could abate some of these vulnerabilities and considerably shorten recovery time following an attack.
These instances have prompted private sector leaders and government officials alike to call for upgrading the U.S. electrical grid, fearing that U.S. facilities could become targets of future terrorist attacks. While some adjustments have been made, more work needs to be done. Moreover, physical attacks are not the only threat to U.S. energy infrastructures. Former FBI Director Robert Mueller argued ISIS should be considered a growing threat to U.S. energy security in part due to its potential to conduct cyber-attacks. Former Secretary of Defense William Cohen also voiced his concerns, stating that “[An attack] is possible… and you can do it through cyberattacks and that’s the real threat… We have to look at cyberattacks being able to shut down our power grid.”
Although many attacks against energy infrastructure in other countries have come via bombings, attacks levied against U.S. energy infrastructures are primarily cyber-attacks. According to the U.S. Department of Energy, there have been 15 cyber-attacks on the U.S. electrical grid since 2000. In 2014, the U.S. Industrial Control System Cyber Emergency Response Team estimated 32 percent of responses to threats against “critical infrastructures” happened in the energy sector.
In 2015, the University of Cambridge’s Centre for Risk Studies, in partnership with the London-based insurance company Lloyd’s, released a report simulating a cyber attack on the U.S. electrical grid. The hypothetical attack occurred through infected computers at key U.S. power plants in the northeast, which overloaded and thereby destroyed the plants’ generators. The report estimated that the resulting blackout would affect roughly 93 million people, and could cost the U.S. economy over $1 trillion with an additional $71.1 billion in insurance claims. While this specific scenario is unlikely, its execution seems frighteningly simple. This information is not lost on key terrorist groups and organizations with an interest in harming the United States. A cyber-attack against the U.S. energy grid, should the United States fail to upgrade its systems, is inevitable.
It is imperative that the United States take the necessary steps to update and protect its existing energy infrastructures—particularly the electrical grid—in order to bolster its security. The effects of a large-scale attack would be catastrophic. Blackouts could leave citizens in darkness, hospitals without power, and financial institutions without access to their digital databases. While government efforts are underway to update the grid, it will take cooperation from the private sector to implement any changes. Upgrading U.S. energy infrastructures is a costly endeavor, but doing nothing may prove far costlier in the long run. Policymakers and private businesses alike must ask themselves an important question: As energy dependence in the United States continues to grow, does the appetite for attacking it grow as well?
William George is a Staff Writer for Charged Affairs. He earned an MA from the University of Central Florida in Orlando and has held research positions covering U.S.- Saudi relations, terrorism, and U.S. energy policy. He currently works as a Project Consultant for the Hollings Center for International Dialogue.