Power-Grid Attacks Surge and Are Likely to Continue, Study Finds

Source: By Katherine Blunt, Wall Street Journal • Posted: Tuesday, February 21, 2023

Confidential analysis shows sharp rise in targeting of facilities with gunfire, intrusion and vandalism

Duke Energy workers inspected a substation in North Carolina after attackers targeted it and others with gunfire in December.PHOTO: JONATHAN DRAKE/REUTERS

Physical attacks on the U.S. power grid rose 71% last year compared with 2021 and will likely increase this year, according to a confidential industry analysis viewed by The Wall Street Journal.

A division of the grid oversight body known as the North American Electric Reliability Corporation found that ballistic damage, intrusion and vandalism largely drove the increase. The analysis also determined that physical security incidents involving power outages have increased 20% since 2020, attributed to people frustrated by the onset of the pandemic, social tensions and economic challenges.

The NERC division, known as the Electricity Information Sharing and Analysis Center, or E-ISAC, recorded the sharp increase in incidents in 2022, driven in part by a series of clustered attacks on infrastructure in the Southeast, Midwest and Pacific Northwest. One of the most significant incidents occurred in early December when attackers targeted several substations in North Carolina with gunfire, leaving roughly 45,000 people in the dark.

Workers conducting maintenance on power lines in Baltimore, where authorities uncovered a plot to attack five substations in the area. Photo: brendan smialowski/Agence France-Presse/Getty Images

The E-ISAC study of grid attacks, which other U.S. government agencies have said are on the rise, is more robust than publicly available data sets. The division’s data includes some nonpublic reports that utilities and grid authorities file with federal agencies or NERC, as well as voluntary disclosures made confidentially. The division tracked a significant increase in mandatory reports last year.

The division wrote that it is reasonably likely that the uptick in such attacks will continue this year based on the number and nature of recent attacks, some of which appear to have been carried out by members of extremist groups aiming to destabilize the grid.

Manny Cancel, E-ISAC’s chief executive, declined to discuss the confidential materials but confirmed that the division has tracked an uptick in serious incidents since 2020. The number of politically or ideologically motivated attacks appears to be growing, he said, though it is difficult to identify the reasons for each one.

“There seems to be a pattern where people are targeting critical infrastructure, probably with the intent to disrupt,” he said. “Going back to the 2020 presidential election, as well as the recent midterm elections, we’ve seen an uptick in chatter and an uptick in incidents as well.”

Earlier this month, federal authorities charged the founder of Atomwaffen, described as a neo-Nazi network by civil-rights organizations, and a woman he met while in prison with an alleged plot to attack the Maryland power grid. The two planned to shoot up five substations that serve the Baltimore area, federal authorities said.

Attacks on substations in North Carolina left roughly 45,000 people without power.Photo: Karl B DeBlaker/Associated Press

Brian Harrell, former assistant secretary for infrastructure protection at the Department of Homeland Security, said there has lately been a notable increase in conversations among extremists about targeting critical infrastructure.

“These groups are talking to each other, and they’re learning from each other,” he said. “It gets a lot of people’s attention when you start turning off the lights, and I think that’s what they’re craving.”

Authorities and utilities say they have long been aware of the vulnerability of the power grid, a vast network of wires running from power plants and substations, many of which are located in remote areas. Power companies take numerous measures to secure their infrastructure, but some of it remains difficult to protect depending on location and a range of other factors.

In 2013, snipers targeted a large-scale transmission substation near San Jose, Calif., and raised fears that the country’s power grid was vulnerable to terrorism. The attack took out 17 transformers critical to supplying power to Silicon Valley, authorities said. A former federal regulator at the time called the event “the most significant incident of domestic terrorism involving the grid that has ever occurred.”

The attack resulted in stronger physical security standards for such large-scale substations that, if compromised, could result in outages for thousands of people. Mr. Cancel said federal regulators have directed NERC to re-evaluate those standards and determine whether they should apply to a broader range of assets.

The December outages in North Carolina occurred when attackers shot small-scale distribution substations owned by Duke Energy. The Federal Bureau of Investigation has said it is currently investigating the incidents.

Bonnie Titone, Duke’s chief information officer, said the company is working to improve its security practices and invest in measures to secure the grid better, in part by installing technologies to help keep power flowing in the event part of the system is damaged.

“No utility has the ability to prevent this from happening,” she said. “You can have all the cameras in the world, but that doesn’t necessarily mean you’re going to be able to deliver reliable power because of that.”

Write to Katherine Blunt at katherine.blunt@wsj.com