(CISA photo)

The Far-Right Domestic Extremist Threat to the Power Grid

A New Zealand man with a “neo-Nazi” ideology was arrested on March 14 for allegedly planning to attack an electrical substation, according to counterterrorism personnel in that country. Substations adjust electric voltage as needed to move power across the power grid. The officials said he harbored anti-government sentiment, was anti-Semitic and anti-Indigenous, and has neo-Nazi interests.

Police allege the man was trying to buy military gear and equipment to make an improvised explosive device, which could have knocked out power to a swath of the region — a reminder that cyber attacks are not the only threat to critical infrastructure.

Far-right extremists in the U.S. have also discussed and planned attacks on the power grid, and specifically substations.

Attacks on power grid components can result in costly repairs or replacement, ranging from tens of thousands to hundreds of millions of dollars. These attacks can also cause electricity outages.

  • On April 16, 2013, attackers fired over 100 rounds of high-powered rifle ammunition at 17 transformers in the Pacific Gas and Electric Company (PG&E) Metcalf transmission substation in California. Although PG&E avoided a blackout, the incident incurred more than $15 million in damages that required nearly a month to repair.
  • On August 21, 2013, Jason Woodring, a self-employed pool maintenance worker, downed a 500,000-volt power line near an active railroad track in Cabot, Arkansas. A power outage ensued. According to energy company officials, the damage was $550,000.
  • On September 29, 2013, Woodring set fire to an extra-high voltage switching station in Scott, Arkansas. Damages exceeded $4 million.
  • On October 6, 2013, the Jacksonville, Arkansas, area experienced a loss of power for several hours. Woodring had used a tractor to pull down one of the poles supporting a 115,000-volt transmission line. Damages were close to $50,000. Woodring ultimately confessed to the three aforementioned incidents and was sentenced to 15 years.
  • On September 25, 2016, someone with a high-powered rifle fired a few shots at a transformer in Utah owned by Garkane Energy Cooperative, disabling a remote substation. The attack led to an eight-hour power outage for about 13,000 residents. Damage to the transformer was expected to reach $1 million and take six months to a year to fully repair, according to a Garkane spokesman. Also concerning, the spokesperson said the attack “looked more criminal than vandalism because they knew exactly where to shoot it and they shot it multiple times in the same spot,” raising concerns about a person on the loose with that detailed level of knowledge.

The United States has over 55,000 substations, all of which have vulnerable components, often with insufficient physical protection. These components include circuit breakers, transmission and distribution buses, control buildings, and transformers. The highest risk components are the transformers, due to their vulnerability and potential consequences of damage or destruction. The large, rectangular “boxes” in this article’s headline picture are transformers. At substations they facilitate energy transfer over networks that operate at varying voltage levels.

The immediate consequences resulting from the damage or destruction of transformers at multiple locations would be widespread power outages. The April 2013 attack at the Metcalf substation could have been devastating if the attackers had better knowledge of substation components’ criticalities and transformers’ defeat mechanisms than they displayed that spring night. Even more so if they had attacked more than one substation that night. A Federal Energy Regulatory Commission study in 2013 obtained by the Wall Street Journal assessed that taking down nine large transformers could cause a coast-to-coast blackout. However, there has not been an attack on multiple transformers in the U.S.

Other consequences of attacking transformers and other components include the high cost of repair and replacement — $2 million to $7.5 million before transportation and installation costs — and replacement time. According to the U.S. Department of Energy, the time between a large transformer order and delivery can take almost 2 years, depending on whether they are produced domestically or overseas.

Compounding these challenges are companies’ culture and the perceived costs of protecting all these vulnerable substations and other elements of the power grid (although a remarkably insignificant amount of money — hundreds of dollars — can prevent millions of dollars in damage and destruction). A good example is PG&E after the aforementioned April 2013 attack on the Metcalf substation.

NBC Bay Area discovered that security was still lacking at many substations a year and a half after the attack. The news station’s unannounced visits to nine substations in Northern and Central California revealed what experts have called vulnerabilities in PG&E’s security network. In fact, four months after the April rifle attack on the substation, intruders cut through the facility’s fence in a few locations and stole expensive equipment — ironically while the substation was undergoing security upgrades because of the attack. Furthermore, a PG&E memo obtained by NBC revealed that resources to make significant improvements for security “remained unchanged from before the attack on Metcalf” and “these improvements continue to be slow, piecemeal and uncertain.”

The challenges associated with mitigating vulnerabilities against the electric grid (never mind that many critical infrastructure entities have never accomplished an enterprise security risk assessment), combined with terrorists’ stated desire to target the grid, require cost-effective security upgrades (after risk assessments) and increased vigilance. Things to watch:

  1. Indications of communications — social media or encrypted — among members of domestic terrorist groups discussing or planning attacks on the electric grid and other critical infrastructure. (Unfortunately, “lone wolves” usually give off far fewer “signatures,” or indicators they are planning attacks.)
  2. Suspicious behavior (probing, surveillance, etc.) around substations and other electric grid components, especially multiple facilities (e.g., multiple substations in the same geographic area).
  3. The aforementioned communications and suspicious behavior leading up to or during major events such as the presidential conventions this summer, or during emergencies such as the current coronavirus pandemic. Far-right extremists possibly seek to exploit the pandemic. In mid-February, the U.S. Department of Homeland Security alleged that white supremacists discussed weaponizing coronavirus. A worst-case scenario would be an attack on multiple substations (especially transformers) in the same area during a pandemic (especially in a pandemic “hot zone”) or natural disaster, while that area is experiencing extreme temperatures during the summer or winter.
(Visited 3,031 times, 2 visits today)

K. Campbell, CPP®, is a security and intelligence professional with experience and training in intelligence; risk, threat, and vulnerability assessments; executive protection; counterterrorism; and business continuity. He is a Certified Protection Professional, board certified in security management by the ASIS International. In his past experience as a U.S. military intelligence officer, his responsibilities included classified and protective intelligence; degrade, disrupt, and destroy recommendations against various state and non-state entities; and establishing and managing military-to-military classified intelligence sharing with other governments. His counterterrorism experience includes identifying the need to, and orchestrating, an overhaul of a major U.S. counterterrorism plan for the Middle East; establishing and leading collaboration with the U.S. Customs & Border Protection, resulting in the placement of 79 terrorists on the No-Fly List; prioritizing 1,000+ names for U.S. Customs & Border Protection to mitigate against terrorist entry into the U.S.; and initiating and leading production of one of the U.S. Intelligence Community’s first analyses on the Islamic State’s financial vulnerabilities. He also predicted the arrests and terrorist attacks in Belgium that occurred in 2015 and 2016. His executive protection experience includes a foreign government dignitary, a corporate client at both 2016 presidential conventions, and high-profile Hollywood celebrities. He has also conducted risk assessments for the U.S. government and the private sector. Mr. Campbell’s previous articles in Homeland Security Today include “Negligence Bleeds: The Catastrophic Results of Dismissing Counterterrorism Intelligence” and “3 Keys to Hardening Concerts, Event Venues Against Inevitable Attack Attempts.” He presented on “The 2020 Olympics: Red Teaming Enterprise Security Risks” at the Global Security Exchange (GSX) 2019, the 20,000-attendee flagship conference for the international security industry. At GSX 2018 he presented on “Hardening Concerts & Special Events in a New Era”. He also presented on risk assessments at the 2018 Domestic Violence Safety and Security Conference in Washington, D.C. Mr. Campbell obtained a Master of Arts degree in global risk from Johns Hopkins University’s School of Advanced International Studies, a Master of Arts degree in military operational art and science from the Air Command & Staff College at the U.S. Air Force’s Air University, and a Bachelor of Arts degree in political science from Virginia Tech. He’s a member of the Armed Forces Communications and Electronics Association, ASIS International, the Baltimore Council on Foreign Affairs, the Association of Certified Sanctions Specialists, the Association Of Threat Assessment Professionals, InfraGard, and the International CPTED (Crime Prevention Through Environmental Design) Association.

Leave a Reply

Latest from Cybersecurity

Go to Top
X
X