Terror Threat to Grid Is Real, Says Suppressed Study

A terrorist attack on the U.S. electricity delivery system could wreak much more havoc and disruption than the devastation wrought by Superstorm Sandy last fall, according to a 2007 report by the National Academy of Sciences (NAS), which was declassified late last year. The NAS’s National Research Council report, “Terrorism and the Electric Power Delivery System,” found that the U.S. electric grid is in need of substantial upgrades to protect against deliberate attack.

M. Granger Morgan of Carnegie Mellon University in Pittsburgh, who led the study, said, “Power system disruptions experienced to date in the United States, be they from natural disasters or malfunctions, have had immense economic impacts. Considering that a systematically designed and executed terrorist attack could cause disruptions even more widespread and of longer duration, it is no stretch of the imagination to think that such attacks could produce damage costing hundreds of billions of dollars.”

The NAS report notes that “the physical capabilities of much of the transmission network have not kept pace with the increasing burden that is being placed on it—subsequently many parts of the bulk high-voltage system are heavily stressed. In addition, many important pieces of equipment are decades old and lack improved technology that could help limit outages. This makes the stressed, aging system especially vulnerable to the multiple failures that might follow, for example, a coordinated attack on the power system by terrorists.”

High-voltage transformers are a particular concern because they are vulnerable “both from within and from outside the substations where they are located,” says the academy. “These transformers are very large, difficult to move, often custom-built, and difficult to replace. Most are no longer made in the United States, and the delivery time for new ones could run from months to years.” The report suggests a stockpile of universal recovery transformers, smaller and easier to move than the big iron. “They would be less efficient than those normally operated,” says the academy, “and would only be for temporary use, but they could drastically reduce delays in restoring disabled electric power systems.”

The National Research Council completed the study in the fall of 2007, but the Department of Homeland Security (DHS), which sponsored the work, was apparently so alarmed by the findings that it classified the study “in its entirety,” according to the academy. The research council then petitioned DHS to declassify the work. In a foreword to the declassified report, Ralph Cicerone, president of the NAS, and Charles Vest, president of the National Academy of Engineering, wrote: “We regret the long delay in approving this report for public release. We understand the need to safeguard security information that may need to remain classified. But openness is also required to accelerate the progress with current technology and implementation of research and development of new technology to better protect the nation from terrorism and other threats.”

In a related event, DHS Secretary Janet Napolitano told a Washington Post cybersecurity meeting in November, just ahead of the NAS report, that the grid is extremely vulnerable to terrorists. She said she is recommending that the Obama administration issue an executive order on grid security, given the failure of the 112th Congress to act on legislation. The order, she said, would cover “many of the areas the legislation would cover, but it’s not a complete substitute for legislation.”

At the same time DHS agreed to declassify the 2007 NAS report, Steven Aftergood of the Federation of American Scientists’ Secrecy News publication revealed a 2004 Congressional Research Service report which, he noted, had not been revealed for over eight years, but was renumbered and released in November. The report, “Electric Utility Infrastructure Vulnerabilities: Transformers, Towers, and Terrorism,” found, “Threats against control systems may come from several different directions, such as state-sponsored attack, terrorist group attack, computer hacking, and worm or viral infection. However, the risk posed to industrial control systems from Internet-based attack is difficult to assess.”

—Kennedy Maize is MANAGING POWER’s executive editor.