A third power substation has been damaged by gunfire in North Carolina, prompting an FBI investigation. The incident on Jan. 17 is part of a spate of gunfire vandalism that has renewed physical security concerns at a federal level.
The Randolph County Sheriff’s Office in Thomasville, central North Carolina, said the latest incident, believed to have taken place at around 3 a.m. on Tuesday, damaged the Pleasant Hill Substation owned by energy services firm EnergyUnited. A sheriff’s office spokesperson reportedly said authorities found 14 or 15 projectile holes in the substation transformer.
In a statement, EnergyUnited said the damage was from “an apparent gunshot.” It added that EnergyUnited members served by the substation “did not experience an outage as a result of the cooperative’s swift response.”
The sheriff’s office noted the FBI and North Carolina State Bureau of Investigations (SBI) were notified and that the FBI’s Joint Terrorism Task Force responded “to conduct a parallel investigation.”
A String of Gunfire Vandalism
The Thomasville incident follows two high-profile gunfire attacks at a pair of Duke Energy substations in Moore County, North Carolina, on Dec, 3, which affected 45,000 Duke Energy customers and interrupted power services for four days.
On Dec. 25, two substations owned by Tacoma Public Utilities and Puget Sound Energy were also “deliberately targeted,” interrupting access for 7,000 customers in Graham and Elk Plain, Washington. On Jan. 3, the U.S. Attorney’s Office announced the arrest of two suspects in the Christmas Day substation attacks. Tacoma Public Utilities said its dedication of “significant resources to both cyber and physical security” over the past years aided the swift arrests.
The FBI is also investigating shots fired at an American Electric Power substation in Centerburg, Ohio, on Nov. 11 that caused a power outage. The federal agency is meanwhile reviewing several other attacks at electricity substations in Washington and Oregon reported in November by the Cowlitz County Public Utility District, Portland General Electric, and Bonneville Power Administration.
A recent POLITICO analysis of Department of Energy data suggests physical attacks on the grid have been on the rise since 2012. Recent events, however, have prompted concern about organized terrorism targeting critical bulk power system (BPS) components.
In February 2022, three men pleaded guilty to crimes related to a scheme to attack power grids “in furtherance of white supremacist ideology,” the U.S. Department of Justice said. “As part of the conspiracy, each defendant was assigned a substation in a different region of the United States. The plan was to attack the substations, or power grids, with powerful rifles,” the agency said. “The defendants believed their plan would cost the government millions of dollars and cause unrest for Americans in the region. They had conversations about how the possibility of the power being out for many months could cause war, even a race war, and induce the next Great Depression.”
FERC, NERC Reviewing Physical Security Standards
Roused by recent events, the Federal Energy Regulatory Commission (FERC) on Dec. 22 ordered the North American Electric Reliability Corporation (NERC) to study the effectiveness of FERC’s 2014-approved existing reliability standard for the physical security of the BPS. NERC has until mid-April to submit a report that examines how physical security protections are being applied, whether improvements to existing requirements are necessary, and whether some minimal level of physical security protections should be required for all BPS stations, substations, and associated primary control centers.
NERC has meanwhile also embarked on modernizing its approach to BPS cyber and physical security. In December, it rolled out a new concept, “security integration,” which “refers to the integration of cyber and physical security aspects into conventional planning, design, and operations engineering practices.” The concept “encompasses all aspects of the conventional engineering part of the electric industry,” it explained. “NERC is primarily focused on integrating cyber and physical security concepts more holistically into transmission planning, engineering design, and system operations to ensure that mitigating security controls are considered as early in the process as possible, rather than as a ‘bolt-on’ solution.”
While recent events are concerning, the nature and impact of physical vulnerabilities are better understood than other security risks (such as cyber), NERC suggests. The most prominent physical security risk considerations are “co-dependence with cyber security (e.g., computer controls for physical access) and the prospective impact of replacing long lead-time equipment (e.g., large power transformers) damaged during an attack,” it said. So far, NERC has been conducting an annual industry exercise—GridEx—that helps industry both prepare and react to potential BPS security threats, it noted. “Led by NERC’s E-ISAC, GridEx gives participants a forum to demonstrate how they would respond to and recover from coordinated cyber and physical security threats and incidents,” it said.
NERC underscored that collaboration between utilities would continue to prove pivotal in identifying and thwarting attacks. Some entities, like energy service firm EnergyUnited, are already part of larger organized efforts, which include industry partners, peer organizations, as well as federal, state, and local officials to share information that improves member service and strengthens critical systems. EnergyUnited on Tuesday noted, however, that the community could also play a significant role in flagging “suspicious activity observed near any substations or facilities,” it said.
“EnergyUnited continually strives to deliver safe, reliable energy to its members,” said Steve McCachern, vice president of energy delivery for EnergyUnited. “While we are glad that our members did not experience any service interruptions, we take this matter very seriously and are currently investigating the incident.”