THIS IS REAL UNLIKE THE JUNK SCIENCE OF GLOBAL WARMING!
About once every four days, part of the nation’s power grid is struck by a cyber or physical attack. Such attacks can leave millions without power. A major natural or intentional attack could destroy life as we know it. Before you think I am exaggerating, read on.
Although the repeated security breaches have never resulted in the type of cascading outage that swept across the Northeast in 2003, they have sharpened concerns about vulnerabilities in the electric system. A widespread outage lasting even a few days could disable devices ranging from ATMs to cellphones to traffic lights, gas pumps and could threaten lives if heating, air conditioning and health care systems exhaust their backup power supplies.
Some experts and officials fear the rash of smaller-scale incidents may point to broader security problems, raising questions about what can be done to safeguard the electrical grid from an attack that could leave millions without power for days or weeks, with potentially devastating consequences.
“It’s one of those things: One is too many, so that’s why we have to pay attention,” said Federal Energy Regulatory Commission Chairman Cheryl LaFleur. “The threats continue to evolve, and we have to continue to evolve as well.”
An examination by USA TODAY in collaboration with more than 10 Gannett newspapers and TV stations across the country, and drawing on thousands of pages of government records, federal energy data and a survey of more than 50 electric utilities, finds:
• More often than once a week, the physical and computerized security mechanisms intended to protect Americans from widespread power outages are affected by attacks, with less severe cyberattacks happening even more often.
• Transformers and other critical equipment often sit in plain view, protected only by chain-link fencing and a few security cameras.
• Suspects have never been identified in connection with many of the 300-plus attacks on electrical infrastructure since 2011.
• An organization funded by the power industry writes and enforces the industry’s own guidelines for security, and decreased the number of security penalties it issued by 30% from 2013 to 2014, leading to questions about oversight.
Jon Wellinghoff, former chairman of the Federal Energy Regulatory Commission, said the power grid is currently “too susceptible to a cascading outage” because of its reliance on a small number of critical substations and other physical equipment.
Because the nation’s electrical grid operates as an interdependent network, the failure of any one element requires energy to be drawn from other areas. If multiple parts fail at the same time, there is the potential for a cascading effect that could leave millions in the darks for days, weeks or longer.
“Those critical nodes can, in fact, be attacked in one way or another,” Wellinghoff said. “You have a very vulnerable system that will continue to be vulnerable until we figure out a way to break it out into more distributed systems.”
Some of the worst fears of those in charge of the power grid’s security came true shortly before 1 a.m. on April 16, 2013, when unknown attackers unleashed a coordinated attack on Pacific Gas & Electric’s Metcalf substation in northern California.
The attackers severed six underground fiber-optic lines before firing more than 100 rounds of ammunition at the substation’s transformers, causing more than $15 million in damage.
The intentional act of sabotage, likely involving more than one gunman, was unlike any previous attack on the nation’s grid in its scale and sophistication.
Yet officers did not begin investigating the scene until hours after the shooting took place. Security footage from the shooting is grainy. The attackers were never caught.
Power was not lost, but the nature of the Metcalf attack sent shock waves through the industry.
“Shooting at substations, unfortunately, is not uncommon,” Sue Kelly, president and CEO of the American Public Power Association, an industry group, said of the incident at a Senate hearing last year. “But this incident demonstrated a level of sophistication not previously seen in our sector.”
At a California Public Utilities Commission meeting last year to review the incident, PG&E senior director of substations Ken Wells said the Metcalf attack was “a game changer.”
“No doubt about it, …this event caused us and the entire industry to take a new and closer look at our critical facilities and what we can do to protect them,” Wells said.
As a result of the Metcalf incident, PG&E said it would invest $100 million over three years on new security around many of its critical facilities, including better security cameras, fencing and lighting.
Yet records from hundreds of other attacks in recent years show similar weaknesses still exist at thousands of electric facilities across the country, allowing repeated breaches.
Between 2011 and 2014, electric utilities reported 362 physical and cyberattacks that caused outages or other power disturbances to the U.S. Department of Energy. Of those, 14 were cyberattacks and the rest were physical in nature.
• In 2011, an intruder gained access to a critical hydro-electric converter station in Vermont by smashing a lock on a door.
• In 2013, a gunman fired multiple shots at a gas turbine power plant along the Missouri-Kansas border.
• Also in 2013, four bullets fired from a highway struck a power substation outside Colorado Springs.
No suspects were apprehended in those three incidents. Federal data show such attacks are not rare within the sprawling, interdependent network of transformers, power lines and other equipment that make up the electrical grid.
Often, such incidents are shrugged off by the local police who initially investigate.
In March 2013, security officers at the Jacksonville Electric Authority in Florida noticed a man climbing a fence surrounding St. Johns River Power Park, which produces energy for 250,000 northern Florida households.
The man fled when approached, Jacksonville Electric Authority spokeswoman Gerri Boyce said, and was later observed trying to enter a second facility. He fled again and was never caught.
Nobody filed a police report, according to Jacksonville Sheriff’s Office documents.
Federal records show it is not just large communities that are at risk of attack. Even small, rural utility companies have been subject to foul play.
After a 2011 cyberattack struck the Pedernales Electric Cooperative — a non-profit utility that serves about 200,000 customers across a vast agrarian region of Texas — the utility’s CEO, R.B. Sloan, shared his surprise with the utility’s board of directors.
“You would think if they really wanted to have an impact, they would go for something (else),” he said in a public meeting. Sloan said at the time that the utility filed reports with the Department of Energy and FBI, but he was concerned about the way they handled it.
“It’s obvious to us that some of the regulatory bodies are not well-equipped to accept these and follow up,” he said during the 2011 meeting. “I think this event has made that very apparent.”
Now an executive for a Georgia utility software company, Sloan declined to discuss the attack.
While the Department of Energy received only 14 reports of cyberattacks from utilities over the past four years, other reporting systems show rising cyberthreats.
The branch of the Department of Homeland Security that monitors cyberthreats received reports of 151 “cyber incidents” related to the energy industry in 2013 — up from 111 in 2012 and 31 in 2011. It is uncertain whether the increase is due to more incidents or an increase in reporting.
NOW FOR THE SHOW STOPPERS
The solar storm of 1859, also known as the Carrington event, was a powerful geomagnetic solar storm. A solar coronal mass ejection hit Earth’s magnetosphere and induced one of the largest geomagnetic storms on record. The associated “white light flare” in the solar photosphere was observed and recorded by English astronomers Richard C. Carrington and Richard Hodgson.
Telegraph systems all over Europe and North America failed, in some cases giving telegraph operators electric shocks. Telegraph pylons threw sparks. Some telegraph operators could continue to send and receive messages despite having disconnected their power supplies. From August 28 through September 2, 1859, numerous sunspots were observed on the Sun. On August 29, southern aurorae were observed as far north as Queensland, Australia. Just before noon on September 1, the English amateur astronomers Richard Carrington and Richard Hodgson independently made the first observations of a solar flare. The flare was associated with a major coronal mass ejection (CME) that travelled directly toward Earth, taking 17.6 hours to make the 93 million mile journey.
Studies have shown that a solar storm of this magnitude occurring today would likely cause widespread problems for modern civilization. The solar storm of 2012 was of similar magnitude, but it passed Earth’s orbit without striking the Earth.
In June 2013, a joint venture from researchers at Lloyd’s of London and Atmospheric and Environmental Research in the United States used data from the Carrington Event to estimate the current cost of a similar event to the US alone at up to $2.6 trillion.
ONE EMP BURST AND THE WORLD GOES DARK
The sky erupts. Cities darken, food spoils and homes fall silent. Civilization collapses. End-of-the-world novel? A video game? Or could such a scenario loom in America’s future?
There is talk of catastrophe ahead, depending on whom you believe, because of the threat of an electromagnetic pulse triggered by either a supersized solar storm or terrorist A-bomb, both capable of disabling the electric grid that powers modern life.
Electromagnetic pulses (EMP) are oversized outbursts of atmospheric electricity. I previously discussed an EMP powered by geomagnetic storms. The same thing can occur with a nuclear blast in our atmosphere. The resultant intense magnetic fields can induce ground currents strong enough to burn out power lines and electrical equipment across state lines.
The threat has even become political fodder, drawing warnings from former House speaker Newt Gingrich.
“We are not today hardened against this,” he told a Heritage Foundation audience. “It is an enormous catastrophic threat.”
There are “some important reasons for concern,” says physicist Yousaf Butt of the Harvard-Smithsonian Center for Astrophysics in Cambridge, Mass. “But there is also a lot of fluff.”
At risk are the more than 200,000 miles of high-voltage transmission lines that cross North America, supplying 1,800 utilities the power for TVs, lights, refrigerators and air conditioners in homes, and for the businesses, hospitals and police stations that take care of us all.
“The electric grid’s vulnerability to cyber and to other attacks is one of the single greatest threats to our national security,” Rep. Ed Markey, D-Mass.
Markey and others point to the August 2003 blackout that struck states from Michigan to Massachusetts, and southeastern Canada, as a sign of the grid’s vulnerability. Triggered by high-voltage lines stretched by heat until they sagged onto overgrown tree branches, the two-day blackout shut down 100 power plants, cut juice to about 55 million people and cost $6 billion, says the 2004 U.S.-Canada Power System Outage Task Force.
The electromagnetic pulse threat is a function of simple physics: Electromagnetic pulses and geomagnetic storms can alter Earth’s magnetic field. Changing magnetic fields in the atmosphere, in turn, can trigger surging currents in power lines.
Two historic incidents often figure in the discussion:
• On July 9, 1962, the Atomic Energy Commission and the Defense Atomic Support Agency detonated the Starfish Prime, a 1.4-megaton H-bomb test at an altitude of 250 miles, some 900 miles southwest of Hawaii over the Pacific Ocean. The pulse shorted out streetlights in Oahu.
• On March 9, 1989, the sun spat a million-mile-wide blast of high-temperature charged solar gas straight at the Earth. The “coronal mass ejection” struck the planet three days later, triggering a geomagnetic storm that made the northern lights visible in Texas. The storm also induced currents in Quebec’s power grid that knocked out power for 6 million people in Canada and the USA for at least nine hours.
“A lot of the questions are what steps does it make sense to take,” Legge says. “We could effectively gold-plate every component in the system, but the cost would mean that people can’t afford the rates that would result to pay for it.”
“The high-altitude nuclear-weapon-generated electromagnetic pulse is one of a small number of threats that has the potential to hold our society seriously at risk,” concluded a 2008 EMP Commission report headed by William Graham, a former science adviser to President Reagan.
In the nuclear scenario, the detonation of an atomic bomb anywhere from 25 to 500 miles high electrifies, or ionizes, the atmosphere about 25 miles up, triggering a series of electromagnetic pulses. The pulse’s reach varies with the size of the bomb, the height of its blast and design.
Gingrich cited the EMP Commission report in warning, “One weapon of this kind that went off over Omaha would eliminate most of the electrical production in the United States.”
Proposed fixes can cost a fortune but I am told that the main threat can be eliminated with about $2 billion worth of surge protectors. To date, almost nothing has been done.