Date first published: 28/02/2023
Key sectors: all
Key risks: terrorism; civilian infrastructure
Risk development
In the first eight months of 2022, the Department of Energy recorded at least 101 incidents that they were deemed intentional attacks, threats of an attack or vandalism on the United States’ power grid. Between August 2022 and January 2023 there were at least 18 more publicly recorded incidents. The number of incidents increased compared to 2021 figures, with 97 reported attacks for the entire year, 96 in 2020 and 81 in 2019. Although most of them resulted in no power outage, the attacks affected over 22,000 customers. Surprisingly, only four of the incidents were labelled as cyber-attacks.
Why it matters
The impact of a physical attack on the power grid can be significant. The grid spans more than 7,300 power plants, 55,000 transmission substations and 257,495 km of high-voltage power lines. Power grids are constructed with limited redundancies meaning that a failure in one area can have an impact elsewhere. A government report released in 2014 found that the country could suffer a blackout for weeks or months if saboteurs simultaneously targeted only nine of the 55,000 substations.
While some parts of the grid are well protected, the vast majority are not. For example, the Christmas 2022 attack in Washington state highlighted the lack of security at several substations. To attack the Hemlock substation – which is run by private company Puget Sound Energy – the attackers only need to cut a chain-link fence and tamper with a switch. To enter the Elk Plain substation, the attackers only had to remove padlocks on a pedestrian gate and alter switch breakers.
Background
It is difficult to pinpoint the reason behind an increase in the number of attacks. Some of the incidents may reflect the growing number of small-scale extremist groups, with individuals radicalised on social media. For instance, In May 2020 authorities foiled a plot by three men claiming to be members of the far-right ‘Boogaloo’ movement who attempted to firebomb power substations in Las Vegas to provoke violence during a Black Lives Matter protest in the city. However other attacks cannot be attributed to such causes. An attack on 25 December 2022 on four substations in western Washington state which left more than 14,000 residents in the dark, were perpetrated by two men seeking to knock out power so they could commit a robbery.
Targeting energy infrastructure is a topical theme in extremist social-media groups and messaging apps. Due to information sharing over the internet it is plausible that initial extremist attacks inspired others to conduct ‘copy-cat’ incidents. The electrical grid has been physically attacked at least six times in Oregon and Western Washington since mid-November 2022, with at least two of those incidents similar to the attack in North Carolina – perhaps an indication of copy-cat attacks.
Risk outlook
The December 2022 attack in Moore County, North Carolina, resulted in federal regulators ordering a review of physical security at facilities. However, improvements are difficult – as ownership of infrastructure is split between the public sectors and a large number of private actors. Federal, state and local governments have varying regulations. No single government department is responsible for ensuring physical security of energy infrastructure. Regardless, most solutions – such as more physical barriers, cameras and guards — are often impractical and expensive, which means that security will remain inadequate and further attacks likely.
