Physical attacks on equipment used as part of the bulk electrical system are one of multiple threats that demand the attention of utilities and grid operators alike.
The early December rifle attack that disabled two Duke Energy substations in rural North Carolina came nearly a decade after a highly publicized incident on the other side of the continent which led federal regulators to mandate tighter security measures.
Despite the headline-grabbing nature of a physical attack that disrupts power service for days and causes millions of dollars in damage, a host of other threats command most of the attention for grid operators.
As proof, a July report from the North American Electric Reliability Corp. (NERC) detailed bulk power system performance during 2021. It identified 70 transmission events that it said occurred between 2016–2021. Of those, only one was not weather related (and it was caused by incorrect field modification and RAS operation that led to a partial system collapse).
NERC said that if several weather factors were lumped together (for example, hurricane and wind, tornado and wind), then the dominant cause of transmission outages was extreme weather. Hurricanes caused the largest transmission events with an average size of 130 outages in 2021.
Indeed, in all of the 93-page report, just a portion of a single page addressed physical attacks in 2021. The bulk of NERC’s message is found in a single paragraph, which reads, “While the electricity industry experienced a moderate increase in the overall number of physical security incidents in 2021, the most serious types of incidents declined overall. However, the ongoing threat of domestic extremist groups to the electricity industry persisted as did the use of unauthorized aircraft, or drones.”
In a similar vein, the SERC Reliability Corp., which includes the area in North Carolina affected by the December attack, ranked physical attacks as 8th on its Top 10 list of risk factors it faced during 2021. The top risk was related to supply chain disruptions. Cybersecurity risks ranked second.
Big and far-flung
The sheer size and far-flung nature of the bulk energy system is both its strength and its weakness. As such, the system’s general contours are worth repeating.
The electric utility industry operates as an integrated system of generation, transmission, and distribution facilities to deliver electric power to consumers. In the United States, this system consists of over 9,000 electric generating units connected to over 200,000 miles of high-voltage transmission lines strung between large towers and rated at 230 kV or greater.
This network is interspersed with hundreds of large electric power transformers whose function is to adjust electric voltage as needed to move power across the network. High voltage (HV) transformer units make up roughly 3% of transformers in U.S. power substations, but carry as much as two-thirds to three-quarters of the nation’s electricity.
At a basic level, utility transformers, regardless of size, consist of copper wire wrapped around a metallic core within an insulated protective housing covered with a 5/8 to 3/4-inch mild steel tank. They are linked to the power grid by metal and (usually) ceramic connectors called “bushings” which resemble giant spark plugs.
Larger transformers generate waste heat during operation, so they are cooled by a system of internally circulating oil and external radiators. Transmission transformers are located in network substations along with transmission lines, associated electric equipment, and system controls.
The potential vulnerability of that handful of substations came clear in 2014 after details of a FERC study were published in the Wall Street Journal and suggested that an attack on nine of them could plunge the entire nation into darkness.
That study was prompted by the April 2013 rifle attack against Pacific Gas and Electric Co.’s Metcalf transmission substation in Coyote, California, near the border of San Jose. Gunmen fired on 17 electrical transformers, and resulted in more than $15 million worth of equipment damage, but had little impact on the station’s electrical power supply.
The FERC report prompted commissioners to direct the NERC to develop reliability standards for grid operators to address physical security threats.
FERC Acting Chair Cheryl LaFleur said at the time that the order would enhance the grid’s resilience by “requiring physical security for the facilities most critical to the reliable operation of the Bulk-Power System.”
The order had three steps: owners and operators must perform a risk assessment to identify facilities that are critical. Once those facilities are identified owners must evaluate potential threats to those sites. Following evaluation, owners and operators were directed to develop and implement a security plan.
In the wake of the Metcalf attack, PG&E spent a reported $100 million to enhance security around its substations. Work at the Metcalf facility and other substations included installing opaque fences to obscure the sites, as well as improved lighting, upgraded cameras, better coordination with local law enforcement officers, altering or removing trees and vegetation near substations, and other measures.
In North Carolina, meanwhile, a Duke Energy spokesperson told a December 5 news conference that the utility has “multiple layers of security protecting electrical infrastructure” including a “deep team of highly skilled professionals who monitor and respond to threats 24/7.”
The spokesperson said that law enforcement and utility security teams were engaged in proactive security patrols, and the utility stepped up security measures at critical assets in response to the recent events.
Physical attack
As far back as 2014, Members of Congress were briefed in a report on how a blunt physical attack on the high voltage transmission network might work. Interestingly, the report noted that multiple online sites linked to domestic terror and white supremacist groups included broad outlines of how potential attacks could be carried out on critical electric infrastructure.
The congressional report said that while all high voltage (HV) transformers are designed to withstand operational risks such as lightning strikes, hurricanes, and network power fluctuations, they are vulnerable to intentional physical attacks. It quoted one manufacturer, who said “if someone were to intentionally try … it is a surprisingly simple task and there are a large number of ways to conceivably damage a transformer beyond repair.”
A single “bad actor” with basic knowledge of transformer design could inflict irreparable damage, the congressional report said. Such attacks can cause massive electrical short circuits and oil fires that would destroy an HV transformer and damage surrounding infrastructure. One fire 2003 at a 345 kV substation in Texas, for example, destroyed the transformer and burned for five hours, causing plumes of smoke that could be seen for miles.
In addition to direct attacks on the transformers themselves, HV substations can be further disabled by damaging associated transmission lines or control centers that may be located on site.
The report said that HV transformers are usually housed in substations that are enclosed with a chain-link fence. Guards are not often stationed at these facilities under normal operating circumstances. Consequently, HV transformers are “ordinarily easier to access” than other critical electric facilities such as generation plants and control centers. (Published photos from the North Carolina incident showed what appeared to be a damaged fence at the substation site.)
Utilities use closed-circuit surveillance and other methods to detect intrusion. However, access to the substation may be achieved by either cutting or scaling the chain-link fence. Once inside, a saboteur could cause damage by accessing the control room or physically damaging the HV transformer, the report said. Penetrating the 5/8 to 3/4-inch steel tank with any device could short-circuit the windings and irreparably destroy the transformer.
Alternatively, a saboteur could attempt to open a valve and drain the insulating oil. Igniting the oil might cause the transformer to arc and eventually explode. With a clear line of sight, an attacker could also disable transformers from a distance using conventional rifles.
For example, in 2005 at a Progress Energy substation in Florida, a rifle attack ruptured a transformer oil tank, ultimately causing an explosion and local blackout.
