Weird California Incident Last Year Points To The Real Threat To The Power Grid (Hint: It's Not Cyberattacks)

from the uncommon-common-sense dept

Via Bruce Schneier’s blog, we learn of the following intriguing story published in Foreign Policy:

Around 1:00 AM on April 16, at least one individual (possibly two) entered two different manholes at the PG&E Metcalf power substation, southeast of San Jose, and cut fiber cables in the area around the substation. That knocked out some local 911 services, landline service to the substation, and cell phone service in the area, a senior U.S. intelligence official told Foreign Policy. The intruder(s) then fired more than 100 rounds from what two officials described as a high-powered rifle at several transformers in the facility. Ten transformers were damaged in one area of the facility, and three transformer banks — or groups of transformers — were hit in another, according to a PG&E spokesman.

Oil then leaked from the transformers, causing them to overheat and shut down. However, there were no major power outages, and no long-term damage. The Foreign Policy post gives a good summary of what we do and don’t know, and is well-worth reading in full. As Schneier comments:

The article worries that this might be a dry-run to some cyberwar-like attack, but that doesn’t make sense. But it’s just too complicated and weird to be a prank.

Anyone have any ideas?

Feel free to theorize in the comments about what happened last April. Absent further information, I’d like to focus here on the following perceptive analysis from the article:

At the very least, the attack points to an arguably overlooked physical threat to power facilities at a time when much of the U.S. intelligence community, Congress, and the electrical power industry is focused on the risk of cyber attacks. There has never been a confirmed power outage caused by a cyber attack in the United States. But the Obama administration has sought to promulgate cyber security standards that power facilities could use to minimize the risk of one.

This fixation on “cybersecurity” is something that Techdirt has been pointing out for a while. It seems largely driven by canny defense and security companies hungry for profitable contracts, which are able to take advantage of politicians intimidated by technology and worried about seeming “soft” on “cyberterror.” Kudos, then, to Jon Wellinghoff, the chairman of the Federal Energy Regulatory Commission, who seems to have more common sense than most of his colleagues:

A shooter “could get 200 yards away with a .22 rifle and take the whole thing out,” Wellinghoff said last month at a conference sponsored by Bloomberg. His proposed defense: A metal sheet that would block the transformer from view. “If you can’t see through the fence, you can’t figure out where to shoot anymore,” Wellinghoff said. Price tag? A “couple hundred bucks.” A lot cheaper than the billions the administration has spent in the past four years beefing up cyber security of critical infrastructure in the United States and on government computer networks.


Follow me @glynmoody on Twitter or, and +glynmoody on Google+

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Weird California Incident Last Year Points To The Real Threat To The Power Grid (Hint: It's Not Cyberattacks)”

Subscribe: RSS Leave a comment
Ben (profile) says:

Re: Re:

Price tag? A “couple hundred bucks.” A lot cheaper than the billions the administration has spent in the past four years beefing up cyber security

A couple of hundred bucks for one facility. How many electrical transformer sites are there? The comparison is false.

I also doubt it would be “a couple hundred bucks” but more likely “a couple thousand bucks”, but a million sites at a thousand a site would still be significantly less than the cybersecurity money pit.

That One Guy (profile) says:

Re: Re: Re: Re:

Depends on what the ‘wall’ is supposed to do. For a sheet of metal thick enough, and installed securely enough to stop bullets, yeah, you’d probably be looking at at least a thousand between materials and installation.

However, what it sounded like from his comment:

His proposed defense: A metal sheet that would block the transformer from view. “If you can’t see through the fence, you can’t figure out where to shoot anymore,” Wellinghoff said.

… is that the sheet is only supposed to block the critical parts from view, so any potential shooter would have no easy way to target important pieces, and would either have to get past the sheet/fence, or just shoot blindly and hope they hit something important.

RonKaminsky (profile) says:

Re: Re: Re:

Not only are you correct about the improper comparison, I would like to point out that anyone really serious about shutting down a facility like the one which was attacked could easily gather intelligence from an unmanned drone, and then attack it with, for example, bombs/grenades launched from a small truck-mounted catapult. Or even possibly just with small rockets designed to drop metal cables in the proper locations — no explosives necessary.

Spending money to defend against the chance of someone attacking would almost certainly not be cost-effective, however, unless the likelihood of such attacks would increase dramatically. How unfortunate that human psychology is irrationally biased towards favoring safety against vanishingly rare but dramatic risks and ignoring common, small ones (like having less money because electricity is more expensive).

Arthur Moore (profile) says:

While I agree that it would still be cheaper, we still need to compare the cost of all the substations, not just one. Plus that hundred bucks estimate doesn’t include labor and kickbacks.

Nearly the same point was made in the first comment of the slashdot discussion:

Anonymous Coward says:

reminds me of the line in the movie with Jody Foster, Contact, in which someone (i cant remember who) asks ‘why have 1 when you can have 2 at twice the price?’ in other words, spend as much as possible and dont worry about how much is wasted doing ridiculous tasks when a modest sum would do a better job! the companies involved can say ‘thanks’ in nice ways!

TasMot (profile) says:

The Reign of Terror is beginning...

So, somebody (read power consumers) should cough up millions of dollars to do “something” about an isolated incident. A little bit of risk assessment is in order before letting out the contracts for millions of dollars for cyber security or steel walls.

The power companies could/should evaluate their systems to see where there are any critical places and then determine how to secure them. The power grid is a very big distributed system that covers thousands of miles of power lines and remote substations. It would take a big coordinated effort to “take it out” unless a major junction could be hit. That type of effort would require a LOT of people to pull it off with very good coordination or a lot of very well coordinated timers that could be set to go off weeks in advance while somebody runs around the country putting lots of them in place.

So the big question is whether or not this is a one node trend or in reality an isolated incident (like an angry customer in another post).

Part of a terror campaign is to actually cause terror in people. Since this happened a year ago, it seems like calling it a “cyber terror” attack and spending a billion dollars to fix it seems like an overreaction.

aldestrawk says:

NERC CIPC report


Silicone Valley Area ? Adjacent to City of San Jose, CA ? Between US 101 and a 600 MW Calpine generating plant.
Communication vaults for two communications providers damaged prior to substation attack. AT&T first. Then Level 3 Communications. Fiber cut flush with conduit entrance to vault to make repairs more difficult. Team apparently brought ladders or ropes to access the Level 3 vault.
Although utility communications went through those vaults the utility has alternate communications paths through microwave communication links. Communications to substation was not interrupted.
911 communications affected by the communications interruptions. Communications cut off to closest three towns from AT&T cut. Generating plant communications cut off by Level 3 vault attack.
Fence alarm detection, cameras on fence line, card reader access through fence. Fence alarms triggered three times due to bullets hitting fence. Attackers never entered substation.
More than 120 – 7.62×39 rifle rounds fired at autotransformers. 10 of 11 ? 500/230 kV transformers and 3 of 4 ? 230/115 kV transformers damaged and taken out of service. Only energized transformers shot.
Shots fired primarily low on the radiators. > 51,000 gals of oil spilled. Transformers tripped due to high temperature or low oil as cooling lost. First alarms came in about one minute after first shots detected.
Appears to have been a team of multiple people not just one or two. Spotters, shooters, communications attack, etc.

aldestrawk says:

I remember, while growing up, during the revolutionary days of the late 60s and early 70s that people would bomb the towers supporting long distance power transmission lines. My idea was to shoot cables over the lines with a crossbow to short them out. Not that I ever thought about doing that seriously. I am not even sure that would work. The, rather conservative, dad of a friend of mine in high school, who was a civil engineer, said that somehow allowing the pumps that pumped water from the Central Valley in California over the Tehachapi mountains to LA to run in reverse would destroy those pumps which would take weeks to repair. Nowadays, one may be able to do that via the Internet but you cannot ignore physical security. Cybersecurity is very sexy these days and the media loves to focus on it and the expert color commentators they use, who are probably likely to profit, find this a great way stoke FUD.

I suspect whoever did this substation attack has similar motivations. The group that did this had some knowledge about the systems but not enough to show that it was some kind of insider attack. Four years ago, some fiber optic cables were cut nearby in San Jose cutting communications to parts of Silicon Valley and Santa Cruz County. That may have been an insider attack though (authorities still don’t know who or why). All the heavy equipment at Granite Rock’s Quail Hollow sand quarry in Santa Cruz county, CA were damaged when someone put a substance into the gas tanks which was very effective in destroying the engines. This happened, I think, last spring around the time of the substation attack.

Anonymous Coward says:

Getting paid to divert physical threats requires effort because physical threats are a real problem that do in fact exist and can happen and so there is work to be done to divert them.

Getting paid to divert a non-existing problem is cheap and easy so why not just lobby congress to pay you to divert non-existing problems. There is no work to be done because there is no problem in the first place.

I know what I’ll do. We are all going to get attacked by a bunch of unicorns from outerspace tomorrow. Congress needs to pay me to defend against this threat.

ECA (profile) says:

lets look at a few things

1. MOST utilities are very easy to disturb. If you understand how they are setup and distributed, its very easy to take sections DOWN.
2. What a propaganda experiment..(real or NOT)
3. Long ago, many services were looking at placing MOST of the service under ground.. YOU STILL need access.. and if you dont LOCK IT DOWN, it can be accessed.

Considering how the system is built..THESE persons, did some damage, and it DIDNT AFFECT ANYONE?? I am TOTALLY amazed.

GEMont (profile) says:

Shock Testing.

After all, its silly to depend on real terrorists to get the job done right, unless you train them yourself.

Failing the creation of a large war to distract the population from the activities of the Commercial Government of the USA, the only other possible route would be a huge “natural” disaster that killed hundreds of thousands and left millions homeless across the USA.

There’s a certain minimum limit to the level of an atrocity, or rather the public’s reaction to it, that makes it effective. If there’s too little damage, too few people die, the ruse might not work. This is why War is the favorite scam in these sorts of situations. Lot of damage and lots of death and lots of positive public response because we’re used to war and know what to expect and can quite readily switch our anger with the government for anger against the new foreign foe.

But massive homeland disasters are the next best thing.

Looks like at least one of these spooks in high places has read “Steal This Book”.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...