Security Concerns for U.S. Power Grid

We all know about the Boston Marathon terror attack on April 15, 2013. Two Chechen brothers with Islamist beliefs set off two bombs near the finish line, killing 3 people and wounding at least another 264. What most people don’t realize (and I didn’t until recently) is that that wasn’t the only attack. Less than 24 hours later, armed assailants attacked an electrical substation near San Jose, California.

electrical substationThe entire attack took less than an hour, beginning with someone sneaking into an underground vault, cutting AT&T fiber-optic lines to knock out phone and 911 service shortly before 1 a.m. on the 16th. Within half an hour, an unknown number of snipers began a 19-minute barrage on the nearby PG&E substation. By the end, seventeen transformers had been destroyed, and the perpetrators got away clean, leaving no indication of who they were or the reason for the assault. Fortunately, no workers were injured. Following the attack, utility workers were able to quickly reroute power around the site, and other Silicon Valley substations took up the slack, thereby preventing a blackout. But, the millions of dollars’ worth of damage to the substation in question took 27 days to repair.

The nature and small scale of the substation attack suggests that, while “professional”, it was not the work of a well-funded terrorist group. Or, if it was, one has to wonder what benefit it would be to have such a limited “trial run”, since it only serves to warn the authorities of the danger. In fact, the FBI insists that it wasn’t a “terrorist” attack at all. On the other hand, Jon Wellinghoff, now-retired chairman of the Federal Energy Regulatory Commission, thinks the evidence points to:

“the most significant incident of domestic terrorism involving the U.S. power grid that has ever occurred.”

Apparently, the Defense Department experts he consulted with at the time found 100+ shell casings with no fingerprints and “small piles of rocks that appeared to have been left by an advance scout to tell the attackers where to get the best shots.” He may have a point. However, just because they demonstrated reasonable skill with firearms, planned ahead, and were smart enough to wear gloves doesn’t mean they were “terrorists”. Personally, I think it sounds like the efforts of a few local individuals (with obvious weapons training) who were either a) just trying to “have some fun” or b) wanting to alert the public and the authorities of the need for better protection from actual terrorist attacks on our infrastructure — a sort of “Wake up!” call. Or not.

Regardless, I certainly hope the powers-that-be take this seriously. If this incident is any indication, it seems like a concerted effort by a larger, well-funded group, armed with more than just a few rifles — regardless of their ideology — could fairly easily take out several key substations, causing a whole lotta destruction and disruption across wide areas of the U.S. (On the other hand, there are other, possibly easier, ways to attack our power grid. See below.) Unfortunately, I have little confidence in our leaders in Washington doing what needs to be done. Whatever efforts they do take will probably involve more regulations and restrictions of freedoms, while trying to retain a “politically correct” appearance and all “for the public good”.

A spokesperson for the House Energy and Commerce Committee says they have been “briefed by agency officials and industry representatives” and “continue to monitor the investigation closely.” And, according to an official statement by Scott Aaronson, senior director of national security policy for the Edison Electric Institute,

“The industry takes its role as critical infrastructure providers very seriously. Publicizing clearly sensitive information about critical infrastructure protection endangers the safety of the American people and the integrity of the grid.”

Good point, but I’m still worried. This looks like a great opportunity for the energy industry (not the government) to hire some of those thousands of unemployed military veterans as on-site guards and security consultants. They’ve got the training. The costs would be relatively minimal and certainly tolerable, even if passed along through slightly increased utility rates.

skull and crossbones shadow on digital codeAnother area where our infrastructure is vulnerable is through its computer systems. Many have assumed that, due to their isolation from the rest of the internet, plus their relative obscurity such that only a limited number of people are familiar with them, the control systems of our various energy plants were safe from cyber-attacks. Not so. In a study last year, independent consultants from Automatak identified 25 vulnerabilities in the computer system used to control power plants throughout North America.

Fortunately, they are the “good guys”, working with the industry to find and patch such holes before hackers — either for pure mischief’s sake or worse — spot them and take advantage. But, once in awhile, the “bad guys” do find and exploit a security opening before it’s caught. And, there have been limited cyber-attacks on American control systems in the past, mostly traced back to China (who officially denies it) and Russia.

Then, of course, there is the threat of an Electromagnetic Pulse (EMP) attack, which would fry all(?) electrical systems and devices within a certain radius of the blast — depending on how big a pulse it was, of course. But, that’s a whooooole ‘nother level of bad. (Check these two links for what that might entail.)

NOTE: As I was about to “go to press”, I found this article. In reaction to the substation attack and subsequent meetings, several liberal Democrat Senators (e.g., Reid, Feinstein, Franken) sent a letter to the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation, urging stronger federal standards to protect the U.S. power grid.

“We are concerned that voluntary measures may not be sufficient to constitute a reasonable response to the risk of physical attack on the electricity system.”

I’m glad that they took the attack as a “wake-up call to the risk of physical attacks on the grid.” But, it sounds to me that, as I feared, it will be used as a pretext for federal authorities seizing more control.


Tags: , , , , , , ,

Leave a Comment

CommentLuv badge

SEO Powered by Platinum SEO from Techblissonline