In the early hours of 16 April 2013, one or more gunmen opened fire on the Pacific Gas & Electric (PG&E) Metcalf substation for nearly 20 minutes. They took out 17 transformers at the Silicon Valley location and then slipped away into the night before police arrived.
The attack caused significant damage but did not result in a power outage. It did, however, reignite a conversation about the physical security of the electricity grid in the United States and elsewhere, shifting the focus somewhat away from cybersecurity. The Wall Street Journal later reported that the Federal Energy Regulatory Commission (FERC) had done a study that same year assessing grid weaknesses. According to the newspaper, it found that a coordinated attack on a small, specific set of the 55 000 transmission substations in the United States could plunge the entire nation into darkness.
Some experts question the findings that the entire U.S. power grid could be taken down by an attack on fewer than 10 substations, as some news reports claimed, although these experts all noted they had not seen the FERC study. “Maybe if you made that 50 or 60, but 10?” says Clark Gellings, a fellow at the Electric Power Research Institute (EPRI). “Sure, you could do some damage, but I just don’t buy it.”
Whether or not the substation number is true, work is under way to avoid such an alarming outcome. Government agencies and electric utilities are reassessing critical equipment, evaluating how to build and deploy critical assets faster in an emergency, and developing cutting-edge software tools to help utilities plan more broadly for storms, terrorism, or any other calamity.
In the United States, FERC is refocusing on physical security requirements by asking the North American Electric Reliability Corporation to develop reliability standards for grid operators that address physical security threats. The standards are still being drafted, but they will require that utilities and grid operators identify critical facilities, evaluate potential threats, and develop a security plan to address the threats. That’s no simple task, given that the country is host to some 3000 utilities.
Europe got a jump start on that task with the Directive on European Critical Infrastructures in 2008, a set of procedures for identifying and assessing protection for critical infrastructure, including the electricity grid.
No matter how far in advance utilities may plan for outages, evaluating threats is a dynamic, complex procedure, and not a one-time endeavor. “What’s critical does change from time to time,” says Jeffery Dagle, chief electrical engineer at the U.S. Department of Energy’s Pacific Northwest National Laboratory (PNNL). “It can be a function of what else is knocked out.”
Help is on the way in the form of advanced algorithms that will let utilities model different scenarios to come up with flexible security plans that can react to changing grid conditions. PNNL’s Future Power Grid Initiative includes tools that take advantage of real-time, high-performance computing and parallel algorithms to simulate the U.S. grid and its millions of customers. The tools are still being crafted but could be widely available in a few years.
In the meantime, experts say there is more focus on beefing up security and making operational changes, such as ensuring that backup components don’t sit within the same substation as the assets they would need to replace.
Among those components considered critical in both physical and cybersecurity threats are large, difficult-to-replace, extra-high-voltage (EHV) transmission transformers. Weighing hundreds of metric tons, filled with oil, and capable of handling more than 345 kilovolts, EHVs can take months to manufacture. Orders are usually placed far in advance, according to a leading maker of EHV transformers, ABB. After a long lead time, they can also take weeks to install, sometimes requiring specialized rail cars to transport the hulking pieces of power equipment. There are about 2000 in the United States alone, and 90 percent of consumed power passes through EHVs, says ABB.
Concerned that the loss of such transformers from a cyberattack could cripple the grid, the U.S. Department of Homeland Security decided to prototype a fast-turnaround transformer. ABB, EPRI, and CenterPoint Energy, in Texas, worked together on the Rapid Recovery Transformer (RecX) program to see how quickly a replacement transformer could be built and deployed in an emergency.
“It took two weeks start to finish,” says Barry Dillon, spokesperson for the North American branch of ABB. The Swiss power electronics giant has 3 factories in North America and 10 more globally that could add extra shifts or change priorities to produce EHV transformers faster if there was a sudden need. Other manufacturers, such as Mitsubishi, have also expanded their North American factories in recent years.
Focusing on physical security can be an opportunity to add more sensors and software that not only alert grid operators in the case of attack or failure but also monitor the health of critical assets, says EPRI’s Gellings. As more IT is brought on line to monitor critical assets, cybersecurity must be evaluated in conjunction with physical security. “I worry more about the combination of the physical and cyber done in a very intelligent way,” he says.
Says PNNL’s Dagle: “The trick is not letting the crisis du jour trump all the things we need to keep an eye on.”
About the Author
Brooklyn-based Tweed Katherine Tweed regularly contributes to IEEE Spectrum’s Energywise blog. She’s been digging into power grid issues for years, but investigating their vulnerability to physical attack—by bullets instead of hackers—was new to her. “Cybersecurity has been the focus for so long,” she says.