While significant strides have been made in protecting the power grid in the last decade, recent attacks show that more work is needed.
On Dec. 3, 2022, shooters attacked two electrical distribution substations in Moore County, North Carolina, causing widespread power outages. The attack crippled critical equipment leaving tens of thousands of customers without electricity for four days and resulted in a local State of Emergency. Gunfire damaged another North Carolina substation on Jan. 17, 2023.
These attacks – on the heels of intrusions and vandalism in November 2022 on substations in Oregon and Washington – are stark reminders of both the vulnerabilities of our electric system and the challenges in securing it against adversaries. It is a story that has happened before, going back a decade or more and calls into question whether we are doing enough to protect one of the nation’s greatest assets.
The U.S. power grid contains more than 7,300 power plants, 55,000 transmission substations, and nearly 160,000 miles of high-voltage power lines. In 2022, this geographically-distributed critical infrastructure—what some have called one of the greatest engineering accomplishments of the 20th century—experienced a decade-leading number of deliberate attacks. As one of 16 critical infrastructure sectors, power grid operators are subject to mandatory security requirements to prevent outages and preserve service delivery.
The North American Electric Reliability Corporation (NERC) sets standards for the reliability and security of the bulk electric grid. NERC’s Critical Infrastructure Protection (CIP) standards include physical security requirements for transmission stations and substations (CIP-014.3), as well as requirements for cybersecurity, supply chain risk management, incident reporting, and more. While these regulations set mandatory requirements, they only apply to the built electric system. The challenge to protect the larger grid remains daunting.
Clearly, not every facility and site can be physically hardened to the point that all attacks are blocked. Not only would this be cost prohibitive, but the broad range of potential attack vectors makes this impractical. We can, however, improve the state of power grid security with technology. Deployment of advanced sensor systems can not only speed detection and support alarms that may deter intruders, but also mitigate equipment damage. Selective ruggedization both in equipment design, substation layout and existing site improvements can protect the more vulnerable components to reduce the impact of an attack. Improving the resilience of the power grid supply chain enables better incident response and quicker recovery.
In the Moore County attack, gunshots damaged large and sophisticated equipment. Full restoration of power required repairing, locating, transporting, and installing replacement equipment.
In areas where gunfire is a significant risk, gunshot detection technology can provide real-time identification of an attack. In locations where physical incursion is a greater risk, surveillance cameras, alarming gates, and access points can improve situational awareness and increase the ability to scare off attackers. The availability and affordability of commercial sensor and alarm systems has grown substantially in recent years, making these capabilities cost effective for a wider range of use cases.
It is equally important to leverage sensor and automation technology on critical equipment for grid operations. For example, sensors on coolant levels, loss of coolant pressure, and dissolved gas analysis would provide real-time situational awareness on subsystem health and early identification of potential damage, both intentional and the result of normal wear. Sensors can be combined with automatic controllers to allow critical equipment to be shut down safely, quickly, and in a manner that avoids catastrophic damage that renders equipment a total loss.
Ruggedizing vulnerable areas and components is also important. This is similar to how military and other assets are protected for use in extreme environments, such as reinforced vehicles and hardened military platforms. More ruggedization should be part of equipment design. Other reinforcements can be made to existing equipment with post-deployment upgrades, beyond blast walls.
No matter how strong a utility’s defenses, it is not possible to stop all attacks. Enhancing supply chain resilience will enable grid operators to respond more quickly to equipment failures and attacks, reducing service outages. In February 2021, the president issued an Executive Order on America’s Supply Chains, which addressed the need for resilient, diverse, and secure supply chains to ensure economic prosperity and national security.
The vulnerability of our nation’s electrical infrastructure—and the transmission system in particular—is well recognized. A 2014 study described how the national grid could be brought down with coordinated attacks. Since then, the grid has changed with the introduction of more renewable resources, which has changed its operation and altered its attack surface. While significant strides have been made in protecting the power grid in the last decade, possibly more than any other critical infrastructure sector in that time, recent attacks show that more work is needed. For physical grid security, advances in sensors and automation, along with targeted ruggedization and enhanced supply chain resilience can help.
Stan Pietrowicz leads Peraton Labs’ applied cybersecurity department, providing research, development, and engineering solutions for critical infrastructure protection and consulting services in risk management, cybersecurity, and information assurance. He supports diverse customers across defense, energy, transportation, telecommunications, and government markets. For more information visit Peraton Labs.