The nation-wide power grid is not likely to fall to EMPs and cyberattacks, but local power grids are in greater danger, plagued by security holes and outdated infrastructure.
In the early morning hours of 16 April 2013, an electrical substation located outside San Jose, California, was attacked. With a precision that suggested meticulous planning, the assailants disabled the telephone communication in the immediate area and proceeded to fire over 100 rounds into the facility, disabling 17 transformers that channeled power into the Silicon Valley. Electric-grid officials routed power through alternative substations and increased the power output from surrounding power plants, narrowly avoiding a blackout.
While there was no immediate power loss from the attack, the 19 minute foray inflicted approximately $15 million in damages and required that the substation be closed for 27 days while repairs were being made.1 To this day, authorities still do not know the number of assailants, their identities, or their motives. Instead of providing clues pertaining to the case, security feeds merely revealed that security surrounding the electrical grid was in dire need of improvement. The event at the Metcalf substation spawned a debate on US national security that has slowly been working its way to the forefront of national security policies—a debate that discusses the reliability of the electrical grid and whether its weaknesses are a threat to the safety of the American people.
A Complex System
Prior to the attack on the Pacific Energy and Gas Metcalf Substation, many Americans had never considered the importance of the electrical system. In reality, virtually every American relies upon it every single day. As defined by the US Energy Information Administration, “The US power grid is the electrical system that connects electricity producers and consumers by transmission and distribution lines and related facilities.”2 In short, it provides the necessary lifeblood for America’s modern amenities. Refrigerators, running water, and flushing toilets; subways, gas pumps, and traffic lights; the internet, and telephones; all are powered by the same common component—electricity.
Contrary to popular belief, there is no national power grid. Instead, the US electrical grid is broken into three large sections, each of which is capable of operating independently from one another: the Eastern Interconnection—typically serving areas from the East Coast to the Rocky Mountains; the Western Interconnection—which serves the states from the Western Coast to the western side of the Rockies; and the Texas Interconnection—which is limited to the greater portion of the State of Texas.2
The reliability of this system is debatable. A report from the Institution for Energy Research claims that the bulk power systems, or high voltage transmission lines that carry electricity from region to region, are “excellent overall” and have only caused two major blackouts in their entire history—one in 1965 and one in 2003.3 The North American Electric Reliability Corporation—the United States’ official electrical reliability consulting organization—came to the same conclusion but noted that severe weather conditions placed strain upon the system. In their 2015 report, they stated that, “BPS [bulk power systems] performance for events that can be controlled by industry action was consistently above the ALR [adequate level of reliability] performance objectives, demonstrating that the reliability risk of non-weather events is manageable.”4
However, the American Society of Civil Engineers examined the electrical grid as a wholeand concluded that the number of power outages has steadily been increasing in past years—a trend that was attributed to the aging infrastructure of the local grids throughout the various regions. Whereas in 2007, there were 76 significant power outages, in 2012 that number had climbed to 307.5
Unable to afford consistent upgrades to the local grids, officials are often forced to maintain an aging system that gradually becomes less capable of withstanding inclement weather and harsh conditions. Thus, while bulk power systems may be capable of providing electricity to the various regions of the nation, the grid’s resiliency breaks down as it reaches the local regions that are responsible for channeling power into the cities and towns across the United States.
Looming Threats: EMP and Cyber
Dependability notwithstanding, attention on the electric grid has typically focused on security and the prevention of harmful attacks. The Secure the Grid Coalition—”an ad hoc group of policy, energy, and national security experts, legislators, and industry insiders who are dedicated to strengthening the resiliency of America’s electrical grid”—has argued for many years that an electromagnetic pulse (EMP), cyber-attack, or physical attack all have the potential to cripple the US electric grid.6 Such an attack, they claim, could plunge entire regions of the United States into major blackouts for extended periods of time, interrupting the supply of basic necessities such as food and water and resulting in the loss of millions of lives.
Incidentally, attention towards the grid security has been growing as major political figures call for reform and increased security. Republican presidential candidate Ted Cruz has expressed concern of the grid’s vulnerability to an EMP—a nuclear weapon that, when detonated at an extremely high altitude, could cause interference with electrical systems and knock the grid offline for weeks or even months.7
While plausible, Ted Cruz’s concerns are currently rather unrealistic. The only parties reckless enough to risk inciting a nuclear war include rogue nations such as North Korea and Iran or terrorist organizations such as Al-Qaeda or ISIS—none of which currently possess the capabilities to construct, launch, or deliver a weapon of necessary magnitude. North Korea claims to have recently tested a nuclear bomb, but evidence indicates the warhead had a yield of approximately ten kilotons, only about 1/10 the necessary size to have the effect of an EMP.7 While rogue nations and terrorist organizations can be expected to continually seek such nuclear capabilities, the likelihood of an EMP attack in the near future is slim.
A more likely form of attack, and one that is often touted to be equally as devastating as an EMP, is a cyber-attack. On 23 December, 2015, vast portions of Ukraine experienced major blackouts. According to a report from CNN, “103 cities were ‘completely blacked out,’ and another 186 cities were left partially in the dark.”8 While the source of the blackout has not been officially confirmed, much of the evidence insinuates that it was the result of a Russian cyber-attack, motivated by the ongoing war in the Crimean peninsula. It is suspected that the Ukrainian cyber security was breached by the opening of a single corrupt email attachment.8
The success of such an attack should be disconcerting, especially when reports indicate that ISIS has been attempting to attack American electrical companies. While there is potential for disaster if such malware fell into the hands of the wrong individuals, the lack of uniformity among the United States energy grid would prevent a large scale blackout. According to Admiral Michael Rogers, Chairman of the House Intelligence Committee, a cyber-attack against the United State could give a party the ability to shut down, “very segmented, very tailored parts of our infrastructure.”9 Such an attack could potentially disable water turbines, interrupting the plumbing to a specific region; or it could incapacitate the electrical turbines, impeding the flow of electricity to houses and preventing citizens from utilizing their various appliances.
However, due to the various regional utilities that operate with different hardware and software, utilizing cyber-attacks to cause a “black-out” across an entire region would be incredibly difficult. Each utility would have to be breached separately. According to Jonathan Pollet, a cyber-security consultant for firms such as energy companies, electrical utilities, and chemical plants, “it would be like trying to rob a hundred different banks at the exact same time.”9
While the power grid does not seem to be immediately threatened by nuclear weapons or cyber-attacks, there is potential for a large amount of damage to be inflicted if various substations across the nation suffered from physical attacks. According to top US intelligence officials, ISIS and its eight branches are currently the number one terrorist threat and they “will probably attempt to direct attacks on the US Homeland in 2016.”10 If a small group or individual with a rifle and 100 rounds of ammunition could cause $15 million in damages in 19 minutes, the amount of damage inflicted by a determined terrorist organization with better equipment and explosives would be far greater. Reports have indicated that simultaneously disabling as few as ten critical components of the grid could result in the failure of major portions of the system. Due to the nature of the power grid supply chain, many of the critical parts are custom produced as they are ordered.11 Thus, if portions of the grid did go offline, it could be years before they were recovered and returned to operational status.
Recommendations
Attacks against the electrical grid have the potential to cause major disruptions in the flow of food, water, and basic necessities that are required to maintain clean and stable communities. The lack of security surrounding the power grid should be considered a weakness in United States’ national defense. Certainly, the government should take steps to reduce the negative effects of an EMP, cyber-attack, or physical attack upon the US power grid. As outlined by the Electric Power Research Institute, efforts to “harden” the grid should focus on three specific elements: prevention, recovery, and survival.12 Through the implementation of innovative design standards, strict cyber-security defense systems, stringent inspection procedures, and increased physical security around substations that are scattered across the nation, an attack on the power-grid could be prevented.
As a successful attack on the power grid is a matter of “when” rather than “if,” electrical companies should be required to stockpile transformers and other key components to the electrical system that currently require lengthy amounts of time to obtain, thus decreasing the amount of time that would be required to return a damaged system to operational status. Finally, methods should be developed to ensure that even in the midst of an attack, power is still supplied to critical infrastructure such as hospitals, prisons, traffic signals, and cellphones. Ensuring that the most basic of necessities are maintained during an attack will allow communities to recover much faster.
In light of the above recommendations, it may seem logical to suggest that Congress and the Administration enact federal standards to ensure consistent compliance across the nation. However, given the complexity of the US power grid and the differences that it bears from region to region, attempting to enforce security with a one-size-fits-all resolution would inevitably leave some sections less secure than others. Thus, it would be better for local authorities to work with system operators to ensure that the highest level of appropriate security is reached in each individual region. In this manner, the United States can effectively promote the resiliency of the US power grid and prepare for when it is necessary to respond in the aftermath of an attack. ■
- Rebecca Smith, “Assault On California Power Station Raises Alarm On Potential for Terrorism,” Wall Street Journal, February 5, 2014, http://www.wsj.com/articles/SB10001424052702304851104579359141941621778.
- “Energy in Brief.” S. Energy Information Administration, December 22, 2015, http://www.eia.gov/energy_in_brief/article/power_grid.cfm.
- Travis Fisher, “Assessing Emerging Policy Threats to the U.s. Power Grid.” Institute for Energy
Research, February 2015, http://instituteforenergyresearch.org/wp-content/uploads/2015/02/Threats-to-U.S.-Power-Grid.compressed.pdf. - State of Reliability 2015.” North American electric Reliability Corporation, Atlanta, GA, May 2015, http://www.nerc.com/pa/RAPA/PA/Performance%20Analysis%20DL/2015%20State%20of%20Reliability.pdf
- “2013 Report Cart for America’s Infrastructure.” American Society of Civil Engineers. http://www.infrastructurereportcard.org/a/#p/energy/conditions-and-capacity, http://securethegrid.com/.
- Doug Bolton, “Ted Cruz Issues Warning Over the Dangers of a North Korean Emp Attack at Republican Debate,” Independent || London, February 8, 2016, http://www.independent.co.uk/news/science/ted-cruz-north-korea-emp-nuclear-missile-republican-debate-a6861676.html.
- Jose Pagilery, “Scary Questions in Ukraine Energy Grid Hack.” CNN Money, January 18, 2016, http://money.cnn.com/2016/01/18/technology/ukraine-hack-russia/.
- Jonathan Pollet, Here’s What Chinese Hackers Can Actually Do To The US Power Grid” Business Insider, November 2014, http://www.business
com/what-hackers-can-do-to-our-power-grid-2014-11. - Ryan Browne, “Top Intelligence Official: Isis to Attempt U.s. Attacks This Year.” CNN Politics, February 9, 2016, http://www.cnn.com/2016/02/09/politics/james-clapper-isis-syrian-refugees/.
- Energy Informer, “Grid More Vulnerable Than Thought.” Breaking Energy, October 3, 2014, http://breakingenergy.com/2014/10/03/grid-more-vulnerable-than-thought/.
- “Grid Resiliency” Electric Power Research Institute, http://www.epri.com/Pages/Grid-Resiliency.aspx
Photo credit: © Jed Sullivan (https://www.flickr.com/photos/jed-sullivan/5406775626/)
Spring 2016
Volume 18, Issue 1
16 February