- By Shane Harris
Shane Harris is a senior staff writer at Foreign Policy, covering intelligence and cyber security. He is the author of The Watchers: The Rise of America's Surveillance State, which chronicles the creation of a vast national security apparatus and the rise of surveillance in America. The Watchers won the New York Public Library’s Helen Bernstein Book Award for Excellence in Journalism, and the Economist named it one of the best books of 2010. Shane is the winner of the Gerald R. Ford Prize for Distinguished Reporting on National Defense. He has four times been named a finalist for the Livingston Awards for Young Journalists, which honor the best journalists in America under the age of 35. Prior to joining Foreign Policy, he was the senior writer for The Washingtonian and a staff correspondent at National Journal.
When U.S. officials warn about "attacks" on electric power facilities these days, the first thing that comes to mind is probably a computer hacker trying to shut the lights off in a city with malware. But a more traditional attack on a power station in California has U.S. officials puzzled and worried about the physical security of the the electrical grid–from attackers who come in with guns blazing.
Around 1:00 AM on April 16, at least one individual (possibly two) entered two different manholes at the PG&E Metcalf power substation, southeast of San Jose, and cut fiber cables in the area around the substation. That knocked out some local 911 services, landline service to the substation, and cell phone service in the area, a senior U.S. intelligence official told Foreign Policy. The intruder(s) then fired more than 100 rounds from what two officials described as a high-powered rifle at several transformers in the facility. Ten transformers were damaged in one area of the facility, and three transformer banks — or groups of transformers — were hit in another, according to a PG&E spokesman.
Cooling oil then leaked from a transformer bank, causing the transformers to overheat and shut down. State regulators urged customers in the area to conserve energy over the following days, but there was no long-term damage reported at the facility and there were no major power outages. There were no injuries reported. That was the good news. The bad news is that officials don’t know who the shooter(s) were, and most importantly, whether further attacks are planned.
"Initially, the attack was being treated as vandalism and handled by local law enforcement," the senior intelligence official said. "However, investigators have been quoted in the press expressing opinions that there are indications that the timing of the attacks and target selection indicate a higher level of planning and sophistication."
The FBI has taken over the case. There appears to have been some initial concern, or at least interest, in the fact that the shooting happened one day after the Boston Marathon bombing. But the FBI has no evidence that the attack is related to terrorism, and it appears to be an isolated incident, said Peter Lee, a spokesman for the FBI field office in San Francisco, which is leading the investigation. Lee said the FBI has "a couple of leads we’re still following up on," which he wouldn’t discuss in detail. There has not been any published motive or intent for the attack, the intelligence official said, and no one has claimed credit.
Local investigators seemed to hit a dead end in June, so they released surveillance footage of the shooting. But that apparently produced no new information. The FBI says there have been no tips from the public about who the shooter might be and what he was doing there.
The incident might have stayed a local news story, but this month, Rep. Henry Waxman, the California Democrat and ranking member of the Energy and Commerce Committee, mentioned it at a hearing on regulatory issues. "It is clear that the electric grid is not adequately protected from physical or cyber attacks," Waxman said. He called the shooting at the the San Jose facility "an unprecedented and sophisticated attack on an electric grid substation with military-style weapons. Communications were disrupted. The attack inflicted substantial damage. It took weeks to replace the damaged parts. Under slightly different conditions, there could have been serious power outages or worse."
The U.S. official said the incident "did not involve a cyber attack," but that’s about all investigators seem to know right now. AT&T, which operates the phone network that was affected, has offered a $250,000 reward for information leading to the arrest and conviction of the perpetrator or perpetrators.
"These were not amateurs taking potshots," Mark Johnson, a former vice president for transmission operations at PG&E, said last month at a conference on grid security held in Philadelphia. "My personal view is that this was a dress rehearsal" for future attacks.
At the very least, the attack points to an arguably overlooked physical threat to power facilities at a time when much of the U.S. intelligence community, Congress, and the electrical power industry is focused on the risk of cyber attacks. There has never been a confirmed power outage caused by a cyber attack in the United States. But the Obama administration has sought to promulgate cyber security standards that power facilities could use to minimize the risk of one.
At least one senior official thinks the government is focusing too heavily on cyber attacks. Jon Wellinghoff, the chairman of the Federal Energy Regulatory Commission, said last month that an attack by intruders with guns and rifles could be just as devastating as a cyber attack.
A shooter "could get 200 yards away with a .22 rifle and take the whole thing out," Wellinghoff said last month at a conference sponsored by Bloomberg. His proposed defense: A metal sheet that would block the transformer from view. "If you can’t see through the fence, you can’t figure out where to shoot anymore," Wellinghoff said. Price tag? A "couple hundred bucks." A lot cheaper than the billions the administration has spent in the past four years beefing up cyber security of critical infrastructure in the United States and on government computer networks.
"There are ways that a very few number of actors with very rudimentary equipment could take down large portions of our grid," Wellinghoff said. "I don’t think we have the level of physical security we need."