The Far-Right Domestic Extremist Threat to the Power Grid

A New Zealand man with a “neo-Nazi” ideology was arrested on March 14 for allegedly planning to attack an electrical substation, according to counterterrorism personnel in that country. Substations adjust electric voltage as needed to move power across the power grid. The officials said he harbored anti-government sentiment, was anti-Semitic and anti-Indigenous, and has neo-Nazi interests.

Police allege the man was trying to buy military gear and equipment to make an improvised explosive device, which could have knocked out power to a swath of the region — a reminder that cyber attacks are not the only threat to critical infrastructure.

Far-right extremists in the U.S. have also discussed and planned attacks on the power grid, and specifically substations.

• In September 2017 a leader of Atomwaffen Division (AWD), one of the country’s most dangerous extremist groups, posted in a chat room “You would want to target things like: Substations, water filtration plants, etc.” and that he had “a map of the US power grid….West-coast only….Classified map. Had someone with special permissions get it.” And Devon Arthurs, who murdered two of his roommates and fellow AWD members in Florida in May 2017, claimed the group had planned to use a cache of explosives and weapons to attack the nation’s power grid, nuclear reactors and synagogues. Including Arthurs, at least three AWD members or associates are associated with five homicides between 2017 and 2018. And last month, the FBI arrested five members of the AWD across four different states.
• An adherent to The Base, a small militant neo-Nazi organization that emerged mid-2018, mentioned the vulnerability of the “electrical grid” in a Gab post. In January, seven alleged members of The Base were arrested in Maryland, Georgia and Wisconsin.
• In December 1999, three members of the San Joaquin California Militia conspired to destroy an electrical substation (in addition to destroying a propane storage facility and a television tower, and also killing a federal judge) with a weapon of mass destruction.
• The White Resistance Manual, a white supremacist handbook similar to The Anarchist Cookbook, has a sabotage section that includes electrical power generation and distribution. It notes that power systems can be “taken down” by explosives, arson, and long-range rifle fire. The manual subsequently advises that the aforementioned means can be used against substations, transformers, and suspension pylons.

Attacks on power grid components can result in costly repairs or replacement, ranging from tens of thousands to hundreds of millions of dollars. These attacks can also cause electricity outages.

• On April 16, 2013, attackers fired over 100 rounds of high-powered rifle ammunition at 17 transformers in the Pacific Gas and Electric Company (PG&E) Metcalf transmission substation in California. Although PG&E avoided a blackout, the incident incurred more than $15 million in damages that required nearly a month to repair.
• On August 21, 2013, Jason Woodring, a self-employed pool maintenance worker, downed a 500,000-volt power line near an active railroad track in Cabot, Arkansas. A power outage ensued. According to energy company officials, the damage was $550,000.
• On September 29, 2013, Woodring set fire to an extra-high voltage switching station in Scott, Arkansas. Damages exceeded $4 million.
• On October 6, 2013, the Jacksonville, Arkansas, area experienced a loss of power for several hours. Woodring had used a tractor to pull down one of the poles supporting a 115,000-volt transmission line. Damages were close to $50,000. Woodring ultimately confessed to the three aforementioned incidents and was sentenced to 15 years.
• On September 25, 2016, someone with a high-powered rifle fired a few shots at a transformer in Utah owned by Garkane Energy Cooperative, disabling a remote substation. The attack led to an eight-hour power outage for about 13,000 residents. Damage to the transformer was expected to reach $1 million and take six months to a year to fully repair, according to a Garkane spokesman. Also concerning, the spokesperson said the attack “looked more criminal than vandalism because they knew exactly where to shoot it and they shot it multiple times in the same spot,” raising concerns about a person on the loose with that detailed level of knowledge.

The United States has over 55,000 substations, all of which have vulnerable components, often with insufficient physical protection. These components include circuit breakers, transmission and distribution buses, control buildings, and transformers. The highest risk components are the transformers, due to their vulnerability and potential consequences of damage or destruction. The large, rectangular “boxes” in this article’s headline picture are transformers. At substations they facilitate energy transfer over networks that operate at varying voltage levels.

The immediate consequences resulting from the damage or destruction of transformers at multiple locations would be widespread power outages. The April 2013 attack at the Metcalf substation could have been devastating if the attackers had better knowledge of substation components’ criticalities and transformers’ defeat mechanisms than they displayed that spring night. Even more so if they had attacked more than one substation that night. A Federal Energy Regulatory Commission study in 2013 obtained by the Wall Street Journal assessed that taking down nine large transformers could cause a coast-to-coast blackout. However, there has not been an attack on multiple transformers in the U.S.

Other consequences of attacking transformers and other components include the high cost of repair and replacement — $2 million to $7.5 million before transportation and installation costs — and replacement time. According to the U.S. Department of Energy, the time between a large transformer order and delivery can take almost 2 years, depending on whether they are produced domestically or overseas.

Compounding these challenges are companies’ culture and the perceived costs of protecting all these vulnerable substations and other elements of the power grid (although a remarkably insignificant amount of money — hundreds of dollars — can prevent millions of dollars in damage and destruction). A good example is PG&E after the aforementioned April 2013 attack on the Metcalf substation.

NBC Bay Area discovered that security was still lacking at many substations a year and a half after the attack. The news station’s unannounced visits to nine substations in Northern and Central California revealed what experts have called vulnerabilities in PG&E’s security network. In fact, four months after the April rifle attack on the substation, intruders cut through the facility’s fence in a few locations and stole expensive equipment — ironically while the substation was undergoing security upgrades because of the attack. Furthermore, a PG&E memo obtained by NBC revealed that resources to make significant improvements for security “remained unchanged from before the attack on Metcalf” and “these improvements continue to be slow, piecemeal and uncertain.”

The challenges associated with mitigating vulnerabilities against the electric grid (never mind that many critical infrastructure entities have never accomplished an enterprise security risk assessment), combined with terrorists’ stated desire to target the grid, require cost-effective security upgrades (after risk assessments) and increased vigilance. Things to watch:

1. Indications of communications — social media or encrypted — among members of domestic terrorist groups discussing or planning attacks on the electric grid and other critical infrastructure. (Unfortunately, “lone wolves” usually give off far fewer “signatures,” or indicators they are planning attacks.)
2. Suspicious behavior (probing, surveillance, etc.) around substations and other electric grid components, especially multiple facilities (e.g., multiple substations in the same geographic area).
3. The aforementioned communications and suspicious behavior leading up to or during major events such as the presidential conventions this summer, or during emergencies such as the current coronavirus pandemic. Far-right extremists possibly seek to exploit the pandemic. In mid-February, the U.S. Department of Homeland Security alleged that white supremacists discussed weaponizing coronavirus. A worst-case scenario would be an attack on multiple substations (especially transformers) in the same area during a pandemic (especially in a pandemic “hot zone”) or natural disaster, while that area is experiencing extreme temperatures during the summer or winter.