Digital threats often dominate headlines, but physical security of critical electric infrastructure is equally important. Recent physical security incidents across the country sparked renewed attention of the potential for attackers to take advantage of vulnerabilities in power systems. As society continues to rely on electricity for an increasing range of facets of everyday life, the imperative to safeguard these critical assets against both cyber and physical threats has never been more crucial.
The repercussions of these attacks extend beyond mere inconvenience. They can pose a direct threat to national security, public safety, and economic stability. A prolonged power outage can cripple essential services, disrupt supply chains, and undermine the resilience of communities. Moreover, the interdependent nature of the electric grid means that an attack on one part of the system can have ripple effects, magnifying the impact and complicating recovery efforts.
Physical attacks on electric substations have escalated over the last few years, causing property damage as well as outages for thousands of customers. These attacks have occurred across the country, from the Pacific Northwest to Moore County, North Carolina. Other attacks have been disrupted before damage could occur. For example, the Federal Bureau of Investigation arrested two individuals on federal charges of plotting to attack multiple energy substations outside of Baltimore, Maryland in early February 2023. Incidents reported to the Electricity Information Sharing and Analysis Center (E-ISAC) have increased each year since 2019. Any utility professionals interested in additional information regarding specific incidents, severity level, and trends may contact the E-ISAC (individuals must first register for an E-ISAC account).
It is imperative that utilities take proactive measures to enhance the physical security of critical electric infrastructure. This requires a multi-faceted approach that addresses vulnerabilities at various levels, from individual substations and transmission lines to the overarching architecture of the grid.
Given the evolving threat landscape, the American Public Power Association updated its physical security guide – Physical Security Essentials: A Public Power Primer (A limited quantity of printed copies will also be available in the coming weeks). The updated guide encompasses several changes from the previous version, which was published in 2016, including fillable forms so that utilities can conduct their own assessments and giving an updated snapshot of public power’s physical security posture. The forms help utilities assess for potential vulnerabilities in their security policies and practices, in terms of everything from access controls to equipment and structures that can deter would-be attackers. And while assessing these elements is a good first step, the guide also curates key resources where utilities can find help in implementing next steps and continuing to develop a culture of security.
There is no one-size-fits-all approach to physical security, and we encourage public power utilities to implement risk-informed solutions that meet their specific needs to secure themselves against potential attack. As threats evolve and adversaries become increasingly sophisticated, we must remain vigilant and proactive in safeguarding the nation's power systems. By adopting a comprehensive approach, we can mitigate risks, enhance security, and ensure the reliability and resilience of electric infrastructure.