America’s Achilles’ heel

This week marks 10 years since unknown assailants attacked a power substation in Metcalf, California, that continues to serve as a harbinger about the vulnerability of the nation’s electric infrastructure.

That’s 10 years without the level of investment needed to upgrade, modernize and secure the nation’s power systems; 10 years without this perilous threat to American security even being a primary point of concern among those tasked with the nation’s well-being.

Federal and state officials, in concert with electric organizations and power companies, must do better. Addressing the grid’s vulnerability should be a national priority as the number of attacks increases and the likelihood of a prolonged catastrophe grows larger.

As federal, state and local law enforcement descended on Boston in the aftermath of the Boston Marathon bombing in April 2013, it pushed another startling terrorist act from the headlines.

On the evening of April 16, someone — or perhaps more than one person — severed several fiber-optic communication lines serving Silicon Valley. Then, over about 20 minutes, the assailant(s) fired 120 shots that damaged 17 transformers at a remote substation, causing $15 million in damage and knocking out operations for a month. To date, no arrests have been made in the case.

Jon Wellinghoff, then chair of the Federal Energy Regulatory Commission, called it “the most significant incident of domestic terrorism involving the [U.S.] grid that has ever occurred.” A subsequent FERC report found that taking down as few as nine of the nation’s 55,000 electric substations could result in a nationwide blackout of 18 months or longer.

The electric grid was long considered outdated and subject to crippling failure. Only a decade earlier, a cascading blackout left some 50 million people in the eastern United States and Canada without power for several days; it was later ascribed to one overloaded power line near Cleveland that was exacerbated by human errors, faulty control systems and equipment failures.

Ultimately, it’s almost miraculous that the system works as well as it does given its enormity and technological wizardry. One might assume more frequent failures from a system with “more than 9,200 electric generating units having more than 1 million megawatts of generating capacity connected to more than 600,000 miles of transmission lines,” as the Department of Energy describes it.

But the Metcalf attack represented a different sort of danger. While officials worried about the possibility of cyberattack and the perpetual ravages of time and use, physical threats against the grid weren’t on their radar, despite the fact that so many critical parts of the system were in remote locations and lightly guarded, if at all.

And the worst fears about Metcalf came true. Those with ill intent noted the grid’s vulnerability to physical attack and made that part of their strategy to sow unrest in the country. “Accelerationists,” a term referring to white supremacists and neo-Nazis intent on sparking a second civil war, specifically encouraged substation attacks in a handbook that circulated among adherents, according to the Department of Homeland Security, which issued a warning about grid attacks in January 2022.

Those same vandals are believed to be behind a series of substation attacks in the Pacific Northwest in November and December last year. And an attack on two substations in Moore County, North Carolina, in December knocked out power to about 45,000 for several days, putting a spotlight back on this insidious threat.

The DOE says there were 163 disruptions caused by physical attacks or vandalism in 2022, the most ever recorded in one year.

The electric grid has been called “America’s Achilles’ heel” by security experts and communities, such as those in Oregon, Washington and North Carolina, have felt the effects of that vulnerability.

More will follow unless federal lawmakers, power companies and regulators take seriously this profound risk and make protecting it a national priority through a thorough risk assessment and a clear plan, with appropriate funding, to secure it from attack.