Protecting the Grid from Terrorism
By M. Granger Morgan and Alan T. Crane
The bulk power transmission system is vulnerable to physical attack by a small number of well-informed terrorists, which could result in a widespread outage lasting months. Cyber attacks also could cause serious blackouts. Strategies and technologies exist to minimize damage, assure graceful degradation, expedite restoration and ensure the continued provision of critical social services, whether such outages result from terrorism or natural events. R&D is vital for reducing the costs and improving the performance of these technologies.
The bulk electric power system is inherently vulnerable to both physical and cyber attacks by terrorists. High voltage transformers, transmission lines and other key elements sit open and unguarded across the countryside, and some grid control systems could be hacked. A report recently released by the National Research Council, Terrorism and the Electric Power Delivery System, concludes that a handful of terrorists who know what they are doing could black out many customers across a large region for weeks or even months.
The report observes that while an attack on the power system would be less dramatic than those of September 11, 2001, "an event of this magnitude and duration could lead to turmoil, widespread public fear and an image of helplessness that would play directly into the hands of the terrorists. If such large extended outages were to occur during times of extreme weather, they could also result in hundreds or even thousands of deaths due to heat stress or extended exposure to extreme cold."
A 1998 ice storm in Ontario and Quebec disrupted power for weeks to over a million customers, causing great hardships and even deaths, as an Institute for Catastrophic Loss Reduction research paper reported not long afterwards.
Here we provide a summary of the main topics covered and the key points in the recent NRC report on terrorism and power delivery.
Physical Vulnerabilities. Chapter 3 lays out the physical threats to the system and discusses the need for more attention to rapid repair and restoration and to better consequence management. The report is not the first to raise concerns about the physical vulnerabilities of the grid; the Office of Technology Assessment and an earlier NRC committee report addressed them in 1990 and 2002. The newer NRC report details needed actions in much greater detail and explores the consequence of restructuring the industry.
- Physical attack is especially worrisome because key components, especially large power transformers, have not been manufactured in the United States and may take months or years to replace. The nation does not maintain adequate stockpiles of spares.
Cyber vulnerabilities. Supervisory control and data acquisition (SCADA) systems, if compromised, could allow hackers to disrupt operations and disable protective equipment. Chapter 4 finds that while a cyber attack by itself probably could not bring down the system for an extended period, it could cause serious short-term disruption. Further, the risks from cyber attack are growing, and if coordinated with a physical attack, the damage could be compounded.
- Penetration pathways must be minimized and best practices for security provisions applied.
Insider attacks. Chapter 5 addresses vulnerabilities that result from the fact that many people—utility employees, contractors and others involved in the power system—have access to the grid. It focuses on issues such as the security threats posed by insiders, the need for improved planning, training and rehearsal of emergency response, and the aging workforce.
- Robust background screening programs for all personnel must be implemented across the industry.
Addressing vulnerabilities. Chapters 6 and 7 outline a variety of ways in which the consequences of an attack or large natural disaster can be reduced and restoration expedited.
- Cascading outages can be prevented by improved planning, rehearsal, grid modernization measures such as automatic controls, high-voltage power electronics and improved protective devices.
- Restoration of service can be accelerated by minimizing the damage and prior planning on measures. Prior arrangements such as designating repair crews from power companies as part of emergency response crews so they can access damaged facilities that have been designated as a "crime scene" would help initiate restoration activities.
Sustaining critical social services. Even if the grid never experiences a terrorist attack, sooner or later large outages will occur from natural causes or operating errors. Chapter 8 of the NRC report explores a variety of ways to configure the power system so it can continue to sustain critical social services (for example, police and fire, food and fuel, schools) in the event of an outage across a wide geographic region that lasts for an extended period.
- Smart grid technology, distributed generation, micro-grids and similar technologies would enable operators to direct power to critical services.
The need for research and development: An important focus of the NRC report is to identify a number of needs in research and development. Two recommendations are especially noteworthy:
- The United States should develop a set of "recovery transformers." These would be inefficient (they would run hot), but would be small enough to transport and install expeditiously to supply some service until proper replacements are secured.
- The Department of Energy should fund a few demonstration projects to show how smart gird technology and distributed generation could be configured to secure critical services in the event of a large extended blackout.
The bottom line: The U.S. power grid is highly vulnerable. There are technical and policy strategies that reduce those vulnerabilities. While the risk cannot be totally eliminated, there are technical and policy strategies that could greatly reduce the social and economic cost of large blackouts of long duration.
M. Granger Morgan, an IEEE fellow, is professor and head of the Department of Engineering and Public Policy at Carnegie Mellon University where he is also University and Lord Chair Professor in Engineering. In addition, he holds academic appointments in the Department of Electrical and Computer Engineering and in the H. John Heinz III College. His research addresses problems in science, technology and public policy with a particular focus on energy, environmental systems, climate change and risk analysis. He has recently served as chair of the Science Advisory Board of the U.S. Environmental Protection Agency and as chair of the Advisory Council of the Electric Power Research Institute. He is a member of the National Academy of Sciences, and a Fellow of the AAAS and the Society for Risk Analysis. He holds a B.A. from Harvard College, an M.S. in astronomy and space science from Cornell and a Ph.D. in applied physics and information sciences from the University of California, San Diego.
Alan T. Crane is Senior Scientist at the National Research Council, where he is the study director for a project analyzing light-duty vehicle and fuel technology options for greatly reducing petroleum consumption and greenhouse gas emissions by 2050. He has directed projects that analyzed plug-in hybrid electric and fuel-cell vehicles, the vulnerability of electric power systems to terrorism, and fuel-economy standards for cars and light trucks. Previously he worked at the Congressional Office of Technology Assessment, where he directed projects on energy policy, international technology transfer and nuclear proliferation. He has a bachelor of science degree from Haverford College and a master of science in mechanical engineering from New York University.