Thethat cut off power for more than 45,000 people is bringing renewed attention to the vulnerabilities of the United States’ power grid.
The power grid, which is made up of three systems that deliver electricity from power plants to residences and businesses around the nation, is an integral piece of infrastructure that experts say is at risk for both physical attacks and cyberattacks, while also being vulnerable to other.
Dr. Granger Morgan, a professor of engineering at Carnegie Mellon University who chaired three National Academy of Sciences reports on the power grid for the U.S. government, said that the attack in North Carolina — where gunfire damaged equipment so badly that it needed to be replaced — shows that the government should take the threat to the power grid “more seriously.”
“We’ve known the power system is very vulnerable to physical attack, and we’ve known this for decades,” said Morgan, whose most recent NAS report was published in 2021. “We’ve made a bit of progress, but the system is still quite vulnerable.”
Why is the power grid vulnerable?
The power grid is vulnerable, Morgan said, partially because of its accessibility: Many of the nation’s 55,000 substations are blocked only by chain-link fences, and the equipment is easily accessible once within the fencing. In the, police have yet to clarify how the unidentified for the attack were able to simultaneously sabotage two substations ten minutes apart.
Part of the problem is that there is no single agency responsible for managing the resilience of the power grid. The Federal Energy Regulatory Commission (FERC) manages the high-voltage transmission system, but at the “lower voltage and distribution system level,” states have their own regulatory organizations, Morgan explained.
Three thousand different companies, both public and private, own or operate parts of the grid, self-taught grid security expert Mike Mabee.
Another complication is the physical materials necessary to keep power substations up and running. In Moore County, it took about five days to get the power turned back on because. There isn’t a lot of the necessary equipment available to spare, Morgan explained.
“We’ve made a lot of progress in recent years in stockpiling transformers, but the very high-voltage transformers that make up the backbone of the grid are extremely expensive, (and) rare,” Morgan said. “Many of them not made in this country, (and) backlogs to order them are very long.”
In general, many problems are the result of decades-long underinvestment in the power system. The 2021 NAS report that Morgan helped author devoted an entire chapter to these underinvestments, blaming a confluence of issues including uncertainty about the future of the sector, the highly regulated nature of the industry and the need for innovation that isn’t necessarily being met.
Attacks on substations have increased
Moore County isn’t the first place where substations have been targeted: A 2013 attack on thein California caused more than $15 million in damage, but quick intervention prevented power outages. From 2013 to August 2022, “there have been over 700 physical attacks against the U.S. electric grid,” Mabee .” In June 2022, the Department of Homeland Security warned that domestic extremists have been since at least 2020.
Brian Harrell, former assistant secretary for infrastructure protection at the Department of Homeland Security, told CBS News thia week that there has been a “significant uptick” in conversations about “sabotage and physical attacks on distribution and transmission substations.”
“Power stations are an attractive target, and domestic terror groups know that destroying this infrastructure can have a crippling effect on industry, citizens and local governments,” Harrell said, adding that the Moore County incident is “proof positive that domestic terror groups are intently looking at critical infrastructure as targets.”
On Dec. 6, CBS News confirmed the existence of a bulletin issued by local and federal law enforcement in Oregon warning of attacks on power grids following recent incidents there and in Washington state. According to the memo, power companies in the two states have reported “physical attacks on substations using hand tools, arson, firearms and metal chains.”
Law enforcement has also expressed concern that the Moore County attack could be followed by copycat incidents in other parts of the nation.
In addition to physical attacks, the grid is vulnerable to cyberattacks that can also cause blackouts and disruptions. In August 2022, Anne Neuberger, deputy national security advisor for cyber, seen in Ukraine.that her department has connected with private companies about how to counter cyberattacks like the ones
“We’ve taken any information we have about malicious software or tactics that the Russian government has used (and) shared that with the private sector with very practical advice of how to protect against it,” she said.
What lessons can be learned from the Moore County attack?
Morgan said that he hopes the Moore County situation will spur the relevant people to discuss solutions that can be made to strengthen the grid and ensure it remains secure.
“We keep having events. It would be nice if, sooner or later, people in senior administrative positions in the federal government decided ‘Alright, the time has finally come to … see if we can work our way through this messy combination of technical and political problems that have made it hard for us to do everything we should be doing to keep the grid resilient,'” he said.
More security at substations could prevent attacks similar to the ones in North Carolina, Morgan said, noting that expanded investment in backup or standby equipment could also help shorten power outages if they do occur.
“Things like hardening stations or putting (equipment) behind opaque barriers and that sort of thing could also be (a solution),” he said. “But ultimately, if you’ve got a really determined opponent, you can’t completely protect a power system.”