Ten years ago next week, the National Commission on Terrorist Attacks Upon the United States issued its final report, known as the 9/11 Commission Report, documenting the events leading up to the day that a determined adversary exploited vulnerabilities in our system to kill three thousand Americans and cause $2 trillion in localized and global economic damage.
Among the most notable of the 9/11 Commission’s findings was the following observation:
The most important failure was one of imagination. We do not believe leaders understood the gravity of the threat. The terrorist danger from Bin Ladin and al Qaeda was not a major topic for policy debate among the public, the media, or in the Congress. Indeed, it barely came up during the 2000 presidential campaign.
Regrettably, this admonishment published a decade ago applies in similar fashion today to an even greater threat to national security: The persistent vulnerability of the U.S. electric grid — and by extension, the economy and critical infrastructure dependent upon it — to a catastrophic event, whether deliberate attack or natural hazard. This failure of imagination with respect to electric grid security is all the more inexplicable, however, when we consider that threats to the grid are far from theoretical. They are real and they are multiplying, and in some cases, we have only quite narrowly — even unintentionally — avoided what could have been major disasters.
In what was a wildly underreported incident at the time, in April 2013 a group of unknown individuals infiltrated a PG&E substation on the outskirts of San Jose, California, cut a series of underground fiber-optic cables then opened fire with high-powered rifles on seventeen high-voltage transformers. The assailants got away and have yet to be identified or apprehended.
It wasn’t until almost a year later that we would find out, thanks to reporting by the Wall Street Journal, how serious this attack truly was. Jon Wellinghoff, who was Chairman of the Federal Energy Regulatory Commission (FERC) at the time of the attack but had retired by the time he spoke to the Journal, called it “the most significant incident of domestic terrorism involving the grid that has ever occurred” — one that if repeated across the country, could take down the grid. Wellinghoff went on to note that military experts who surveyed the site told him it looked like a “professional job.”
Physical attacks on the electric grid have continued, both here and overseas. In Nogales, Arizona last month, authorities found what has been described as a “crude incendiary device” near a 50,000 gallon diesel tank at an electric utility substation — local reporting indicates that had the device exploded, an estimated 30,000 customers would have lost power. In the Mexican state of Michoacan last fall, the Knights Templar drug cartel attacked local power stations leaving eleven towns without power, while in Yemen, jihadist attacks on power lines left the entire country without power for a day.
Meanwhile, cyber-attacks against this country’s electric grid are unrelenting. In recent days, the Department of Homeland Security issued an alert to critical infrastructure operators that a Russian hacking group has launched a malware offensive against primarily the American but also European energy sectors. The second-biggest grid operator in the United States recently shut down a cybersecurity breach possibly connected to that Russian group, while the State of Connecticut last spring defended against a cyber-attack on its electric, natural gas, and water sectors.
Then there’s the threat of electro-magnetic pulse (EMP). A nuclear device delivered by a ballistic missile and detonated outside the atmosphere over the United States would generate immense amounts of electromagnetic energy that would fry the grid, causing massive, protracted — and potentially irreparable — blackouts over much of the country. A similar phenomenon can be caused by major solar flaring, or geomagnetic disturbances (GMD). In 1859, a GMD dubbed the “Carrington event” hit Earth and burned up the telegraph lines and offices across the United States. Scientists estimate that we are long overdue for a repeat performance of Carrington. In fact, the Earth narrowly missed — by nine days — being hit by such a storm back in July, 2012.
Needless to say, the consequences of such an event for today’s hyper-wired economy and infrastructure would be far greater than those experienced in 1859. And yet the grid today remains highly vulnerable to both EMP and GMD. That is all the more outrageous given the findings of eleven federal studies acknowledging this reality, as compiled in a recent publication by the Center for Security Policy, Guilty Knowledge: What the US Government Knows About the Vulnerability of the Electric Grid, But Refuses to Fix.
One would think that the frequency and severity of the threats to the grid would impel the public and private sectors to treat this state of affairs as the national emergency that it is, and act accordingly to harden the grid against all hazards. The bad news is that we have not yet arrived at that point, owing in part to 1) the inclination of some private sector stakeholders to downplay the dangers of the grid being taken down; 2) the tendency of Washington and industry — to the extent that they are focusing on the threat — to address primarily their preoccupation with the cyber-aspect of the problem (important though it is) at the expense of the physical and electromagnetic threats; and 3) perpetual buck-passing between various federal government agencies.
The good news is that there are those within and outside Washington who recognize the urgent need to implement an all-hazards approach to grid security, and their numbers are growing. Earlier this month, the Electric Infrastructure Security Council convened its annual conference (this year in London), bringing together from the United States and other concerned nations top executive branch officials, legislators, regulators, electric utilities industry leaders, and scientific experts. The consensus view that emerged from the gathering was that the problem of electric grid vulnerability is extremely serious, and that efforts to address it up to this point have been inadequate.
What is needed now is a concerted effort to build on the London conference’s work. As one former senior Pentagon official has observed, the magnitude of threats to the grid requires a response on the order of a Manhattan Project, bringing the full weight and resources of government and industry to bear.
The alternative is a failure of imagination we simply cannot afford.