U.S. Electric Grid Vulnerable to Unprecedented Waves of Attack

Threats increase as industry scrambles to boost security

power line towers
Getty Images
March 27, 2018

The U.S. electric grid has become increasingly vulnerable to what the federal government is describing as an unprecedented wave of attacks that threatens to cripple the nation, according to a new investigative report that warns the energy industry is lagging in efforts to boost physical security of these critical sites.

Amid a wave of increasing attacks across the country on key power stations, the North American Electric Reliability Corporation, or NERC, has been struggling to force the power industry to enact a series of security improvements meant to stop would-be attackers and terrorists from crippling the nation's infrastructure.

Since 2014, "security risks to the power grid have become an even greater concern in the electric utility industry," according to a new Congressional Research Service report that warns the power industry "has not necessarily reached the level of physical security needed based on the sector's own assessments of risk."

In the three years since federal overseers implicated a series of new standards for physical security of grid locations, the industry has worked to improve its defenses but has struggled to implement all of the government's recommendations, according to the report.

The slow moving pace of reforms, combined with an increased threat level and inability of the federal government to warn of upcoming attacks, has fueled concerns that the U.S. electric grid could be easily taken down by a rogue actor.

"There is widespread belief that bulk power critical assets are vulnerable to physical attack, that such an attack potentially could have catastrophic consequences, and that the risks of such attacks are growing," according to the report. "But the exact nature of such potential attacks and the capability of perpetrators to successfully execute them are uncertain."

The matter has sparked congressional concerns, warranting the recent CRS report, particularly in light of a September 2016 rifle attack on a transformer substation in Utah. That was just latest in a string of gun attacks on physical sites that power the grid.

"Although the electric power sector seems to be moving in the overall direction of greater physical security for critical assets, many measures have yet to be implemented and the process of corporate realignment around physical security is still underway," according to the report, which omitted a comprehensive overview of all the pressing threats due to national security concerns.

"The September 2016 rifle attack on a 69 kV transformer substation in Utah—which reportedly left 13,000 rural customers without power for up to eight hours—showed that similar incidents could occur almost anywhere on the grid," the report warns.

A recent report from the National Academy of Sciences warned of catastrophic repercussions should rogue actors or terrorists take the grid down.

"While to date there have been only minor attacks on the power system in the United States, large-scale physical destruction of key parts of the power system by terrorists is a real danger," the academy warned. "Some physical attacks could cause disruption in system operations that last for weeks or months."

Tracking the situation has proven tough for both the power industry and the federal government, according to the CRS report, which found that "there is currently no comprehensive accounting of changes in physical security throughout the sector."

Due to widespread variation in security improvements, it remains unclear how much the power industry has bolstered defenses against even the crudest of attacks.

While NERC has tried to provide updated threat assessments, much of the information offered publicly is classified and redacted, complicating efforts by Congress and private industry to effectively prepare to future attacks.

"Even when detailed company-specific information about physical security measures is available, it might be difficult to develop reliable metrics to evaluate it," according to the report.

The Edison Electric Institute, or EEI, an association of U.S. electric companies, has admitted that it is nearly impossible to provide a full picture of grid security.

"Officials at EEI have stated that measuring the adequacy of grid security for a diverse set of asset owners under changing risk circumstances poses significant problems," CRS noted in its report.

While the power industry has taken positive steps, there are numerous challenges that still need to be addressed, the report concludes.