How vulnerable is America’s power grid? The Wall Street Journal recently did an in-depth study to find out the answer to that question, and the results are unsettling.
“Despite federal orders to secure the power grid, tens of thousands of substations are still vulnerable to saboteurs,” writes WSJ reporter Rebecca Smith in the July 14, 2016 edition. “The U.S. electric system is in danger of widespread blackouts lasting days, weeks or longer through the destruction of sensitive, hard-to-replace equipment. Yet records are so spotty that no government agency can offer an accurate tally of substation attacks, whether for vandalism, theft or more nefarious purposes.”
Smith reviewed dozens of reports of break-ins at power stations, including one last year at an electrical substation in Bakersfield, Calif. She discovered that despite federal orders to secure them, the nation’s tens of thousands of substations are vulnerable to attack.
Many substations have little to no security – sometimes only a chain-link fence – and if there is an alarm system in place, the alarms are often ignored.
Abidance Consulting, a security company, inspected nearly 1,000 substations in 14 states over the past year. “At least half had nothing but a padlock on the gate,” Abidance’s James Holler told The Wall Street Journal. “No cameras. No motion sensors or alarms.”
When one utility lost a set of substation keys when a truck was stolen, the staff didn’t even change the substation locks, Holler added.
A big part of the problem with security is that although America’s grid system is federally regulated, in reality it is an interdependent collection of locations owned and operated by utility companies and grid operators.
The fragile electrical system was basically patched together over the decades since the early 20th century. Major power sources, such as gas-fired generators and nuclear-power plants, are linked with substations to carry electricity over a network of long-distance high-voltage power lines. Using computerized technology, substations then lower the voltage in order to deliver electricity safely to homes and businesses.
WSJ calls the grid “a giant puzzle that can be configured in different ways to deliver power where and when it is needed.” While Smith the writer, points out that the motive of most substation break-ins is theft, the locations also are a potential target for terrorists who may wish to gather information for a future attack or cause immediate damage to a region.
At a Federal Energy Regulatory Commission (FERC) meeting earlier this year on grid security, Gerry Cauley, head of the North American Electric Reliability Corp., said the thought of “eight or 10 vans going to different sites and blowing things up” is something that keeps him awake at night. He estimated that recovery from a coordinated attack could take months.
Differences in power demand, which can be sparked by extreme weather and time of day, cause so much variability in the use of the grid that Smith writes, “What causes a catastrophe one day might not the next, which makes security issues complex. Small problems can quickly spiral out of control.”
Human error is another factor. For example, equipment problems combined with human error caused a large transmission line to trip out of service in Arizona five years ago. While that grid is designed to withstand the loss of any one line, in this case, the current shifted to nearby lines and overloaded them. Then two transformers at two small substations shut down defensively to prevent equipment damage. The result? San Diego experienced a blackout. Street and airport traffic was halted. Raw sewage was released into the ocean. And an estimated 2.7 million households were without power in California, Arizona and Mexico.
The National Research Council of the National Academies of Sciences in 2012 examined the various parts of the power grid and concluded that substations are “the most vulnerable to terrorist attack.”
“We’ve known we had an issue for a long time and have been very slow to do anything about it,” M. Granger Morgan, a Carnegie Mellon University professor who studied the San Diego blackout, told Smith.
The Foundation for Resilient Societies has called for an analysis of the impact of simultaneous attacks, both physical and cyber, on substations. Thomas Popik, chairperson of the non-profit organization, told the FERC in June that the grid is “a battlefield of the future” that needs military-type defenses.
Story continues below video
Michael Bardee, director of the FERC’s Office of Electric Reliability at FERC, acknowledged to The Wall Street Journal that his agency could do more to study security vulnerabilities at substations.
Meanwhile, some local power companies are trying to beef up security. The Vermont Electric Power Co., for example, approved $12 million for an improved security program after thieves broke into and stole copper from some of its substations dozens of times between 2012 and early 2014.
With more secure fencing and better security cameras in place, the utility has not had a break-in in more than a year.
However, WSJ found nine recent substation break-ins where theft did not appear to be the motive.
One of these was at the federally owned Liberty substation in Buckeye, Ariz., which is near Phoenix. In November 2013, an intruder cut fiber-optic cables that serve Liberty and the Mead substation near Hoover Dam. It took workers two hours to fix the problem.
Two months later, two men broke into Liberty again and left after they were unable to cut power to a security trailer that had lights and cameras installed after the first incident. Investigators later discovered that most of the new security cameras had not been properly programmed or installed.
The Liberty substation is operated by the Western Area Power Administration (WAPA), which controls power lines used by utilities serving some 40 million people in 15 states.
A federal audit last year cited WAPA for violations of security regulations, including broken or outdated equipment, poor control over keys to critical locations and failure to install security systems.
Keith Cloud, the WAPA’s head of security, told WSJ that he has received about $300,000 for security upgrades at some of the utility’s 328 substations, including Liberty.
But to protect the system’s 40 most important control centers, he said he would need $90 million. “I don’t have the authority or budget to protect my substations,” he said.
Do you believe America’s power grid is vulnerable to a major attack? Do you think one is inevitable? Share your thoughts in the section below: