'Military-Style' Raid on California Power Station Spooks U.S.
When U.S. officials warn about "attacks" on electric power facilities
these days, the first thing that comes to mind is probably a computer
hacker trying to shut the lights off in a city with malware. But a more
traditional attack on a power station in California has U.S. officials
puzzled and worried about the physical security of the the electrical
grid--from attackers who come in with guns blazing.
Around 1:00 AM on April 16, at least one individual (possibly two)
entered two different manholes at the PG&E Metcalf power substation,
southeast of San Jose, and cut fiber cables in the area around the
substation. That knocked out some local 911 services, landline service
to the substation, and cell phone service in the area, a senior U.S.
intelligence official told Foreign Policy. The intruder(s) then fired
more than 100 rounds from what two officials described as a high-powered
rifle at several transformers in the facility. Ten transformers were
damaged in one area of the facility, and three transformer banks -- or
groups of transformers -- were hit in another, according to a PG&E
spokesman.
Cooling oil then leaked from a transformer bank, causing the
transformers to overheat and shut down. State regulators urged customers
in the area to conserve energy over the following days, but there was
no long-term damage reported at the facility and there were no major
power outages. There were no injuries reported. That was the good news.
The bad news is that officials don't know who the shooter(s) were, and
most importantly, whether further attacks are planned.
"Initially, the attack was being treated as vandalism and handled by
local law enforcement," the senior intelligence official said. "However,
investigators have been quoted in the press expressing opinions that
there are indications that the timing of the attacks and target
selection indicate a higher level of planning and sophistication."
The FBI has taken over the case. There appears to have been some initial
concern, or at least interest, in the fact that the shooting happened
one day after the Boston Marathon bombing. But the FBI has no evidence
that the attack is related to terrorism, and it appears to be an
isolated incident, said Peter Lee, a spokesman for the FBI field office
in San Francisco, which is leading the investigation. Lee said the FBI
has "a couple of leads we're still following up on," which he wouldn't
discuss in detail. There has not been any published motive or intent
for the attack, the intelligence official said, and no one has claimed
credit.
Local investigators seemed to hit a dead end in June, so they released surveillance footage
of the shooting. But that apparently produced no new information. The
FBI says there have been no tips from the public about who the shooter
might be and what he was doing there.
The incident might have stayed a local news story, but this month, Rep.
Henry Waxman, the California Democrat and ranking member of the Energy
and Commerce Committee, mentioned it at a hearing on regulatory issues.
"It is clear that the electric grid is not adequately protected from
physical or cyber attacks," Waxman said. He called the shooting at the
the San Jose facility "an unprecedented and sophisticated attack on an
electric grid substation with military-style weapons. Communications
were disrupted. The attack inflicted substantial damage. It took weeks
to replace the damaged parts. Under slightly different conditions, there
could have been serious power outages or worse."
The U.S. official said the incident "did not involve a cyber attack,"
but that's about all investigators seem to know right now. AT&T,
which operates the phone network that was affected, has offered a
$250,000 reward for information leading to the arrest and conviction of
the perpetrator or perpetrators.
"These were not amateurs taking potshots," Mark Johnson, a former vice
president for transmission operations at PG&E, said last month at a
conference on grid security held in Philadelphia. "My personal view is
that this was a dress rehearsal" for future attacks.
At the very least, the attack points to an arguably overlooked physical
threat to power facilities at a time when much of the U.S. intelligence
community, Congress, and the electrical power industry is focused on the
risk of cyber attacks. There has never been a confirmed power outage
caused by a cyber attack in the United States. But the Obama
administration has sought to promulgate cyber security standards that
power facilities could use to minimize the risk of one.
At least one senior official thinks the government is focusing too
heavily on cyber attacks. Jon Wellinghoff, the chairman of the Federal
Energy Regulatory Commission, said last month that an attack by
intruders with guns and rifles could be just as devastating as a cyber
attack.
A shooter "could get 200 yards away with a .22 rifle and take the whole
thing out," Wellinghoff said last month at a conference sponsored by Bloomberg.
His proposed defense: A metal sheet that would block the transformer
from view. "If you can't see through the fence, you can't figure out
where to shoot anymore," Wellinghoff said. Price tag? A "couple hundred
bucks." A lot cheaper than the billions the administration has spent in
the past four years beefing up cyber security of critical infrastructure
in the United States and on government computer networks.
"There are ways that a very few number of actors with very rudimentary
equipment could take down large portions of our grid," Wellinghoff said.
"I don't think we have the level of physical security we need."
No comments:
Post a Comment