If you wanted to knock out America's electric infrastructure and leave everyone in the dark for a few weeks, it might not be that difficult.
Back in March, the Wall Street Journal reported that a terrorist attack on just nine of the country's 55,000 electric substations could cause a coast-to-coast blackout — especially on a hot summer's day. This followed an eye-catching report on how a mysterious sniper had damaged a substation in California in 2013 — threatening to black out Silicon Valley.
Experts have been warning about these vulnerabilities in the power grid for years, but the Journal stories seem to have finally jolted people to attention. Last week, the Senate held a big hearing to figure out just how exposed the nation's power grid really is. Trouble is, there wasn't a clear answer. Experts, regulators, and industry officials often have different theories on what makes the grid vulnerable — which makes it hard to agree on a solution.
Still, it's an important topic — in the worst case, an extended blackout could cost many billions of dollars, plus death and destruction. So here's a broad overview of what the US power grid is and why it's so vulnerable:
What's the power grid again?
It's the system that brings electricity to homes, buildings, and factories. That includes all the high-voltage power lines that transport electricity from distant power plants to populated areas. There are also electrical substations with transformers to "step down" that high-voltage electricity so it can be carried in the wires you see around the city and used safely in your home. Plus a bunch of monitoring systems.
Is the US power grid prone to blackouts?
That's fair to say. Problems with the power grid cost the US economy an estimated $150 billion per year. And large blackouts seem to be getting more common over time.
Between 2000 and 2004, there were 149 power outages that affected 50,000 people or more. Between 2005 and 2009, that had risen to 349, according to Massoud Amin of the University of Minnesota.
Outages can happen for lots of reasons — an overheated transmission line or problem at the power plant. Truly massive blackouts, however, are often triggered when a tree or a storm or a wildfire knocks out power lines and then causes failures to ripple elsewhere. That's what happened in the 2003 Northeast blackout that left 50 million people without power. Other large blackouts are caused by equipment failures or operator errors — like the big 2011 blackout in southern California.
Given all that, there's a lot of interest in the question of how easy it would be for, say, a terrorist to cause a blackout intentionally.
Could a person intentionally cause a blackout?
Possibly. There are a few options:
Small-scale attacks: Back in April 2013, a sniper opened fire on an electric substation near Silicon Valley, knocking out 17 transformers in a mere 19 minutes. (This incident remained little-known for nearly a year until Foreign Policy reported it.) A major blackout was only avoided thanks to quick-thinking utility workers, who rerouted power.
Attacks like this could do some genuine damage. There are dozens of critical (and relatively unprotected) substations around the country — if they got taken out, it could potentially lead to widespread failures.
The extreme case could be quite bad: in March, the Journal reported that an attack on just nine of the nation's 55,000 electric substations could lead to coast-to-coast blackouts. (The paper didn't specify which substations.) That was according to a secret analysis from the Federal Energy Regulatory Commission. This is a worst-case scenario, but even regional blackouts could cause billions of dollars in damage.
Cyberattacks: The other big fear is that a hacker, say, could disrupt the grid by taking over the computer systems that monitor and supervise it, known as SCADA systems. So far, there hasn't been a case of a cyberattack causing a blackout in North America. But utilities already have to fend off thousands of attempted attacks each month (though most of these are efforts to steal customers' financial information, not cause a blackout).
Some grid experts, like former Federal Energy Regulatory Commission chair Jon Wellinghoff, think cyberattacks are somewhat less of a problem than physical attacks or security breaches. Many utility officials, meanwhile, think the industry should be spending at least as much money guarding against cyberattacks as they do against natural disasters.
What's the doomsday scenario?
Back in 2012, the National Research Council worried that a well-coordinated attack on the grid "could deny large regions of the country access to bulk system power for weeks or even months. … If such large extended outages were to occur during times of extreme weather, they could also result in hundreds or even thousands of deaths due to heat stress or extended exposure to extreme cold."
How would that work? It's worth walking through the mechanics of how a truly massive blackout — like the 2003 Northeast blackout that left 50 million people without power — can happen.
Power grids are, by their nature, extremely complex. It's hard to store electricity for any extended period. That means that the output from power plants has to be equal to the use of electricity at all times. Otherwise, power lines can get overloaded or generators underloaded, causing damage to the equipment.
Usually, the grid has protective devices that switch off a piece of equipment if there's a problem. So if, say, a sagging power line hits a tree — causing it to overheat — that line will get disconnected. The problem is that all the other lines now have to carry excess current. If they start overheating and have to switch off, you can get … cascading failures.
So power grid operators have to constantly monitor the system to make sure that power generation and power use are matched up and that a single fault can't cause the entire grid to fail. They're usually very good at this. But it's a difficult task — and if, the grid is already running at capacity or a major piece of equipment falters, it can be hard to prevent "cascading failures." The National Research Council was worried about an attack causing this sort of cascading effect.
Who oversees the power grid?
Here's where things get tricky. The United States doesn't have a single "national" grid — more than 90 percent of the lines and wires and stations that make up the grid are owned by private companies.
Grid operators have voluntarily organized themselves into regional bodies to coordinate the flow of electricity and keep everything running smoothly. These bodies are all overseen by a private company called NERC, which works with the federal government on various standards and policies.
At a very broad level, the nation's electric infrastructure is divided into three main regions, each with limited links between them: There's the Western Interconnection, the Eastern Interconnection, and the Texas Interconnection (see map above).
What makes the power grid so vulnerable?
Here's what the National Research Council concluded in 2012: many of our power grids are getting old, with aging equipment. The systems for monitoring and securing the grid are often inadequate. That all makes cascading failures more likely to occur. And the private sector doesn't appear to invest enough in upgrades or security measures.
One big reason: the regulatory environment for the grid is … complicated. The federal government, states, and localities all have a hand in overseeing the system, and those roles keep shifting over time. Some states are deregulating their utilities; others are re-regulating. So, the report noted, companies often have little incentive to invest in upgrades.
There are also a few specific problems that are getting more attention now. Many electrical substations aren't guarded — they're often unstaffed and protected by just a chain-link fence and some cameras. So it would be relatively easy for someone to attack these stations, causing ripple effects elsewhere. (One report by New Jersey regulators, unearthed by the Washington Free Beacon in March, found that break-ins and intrusions were quite common in the state's electrical facilities.)
Then there's cybersecurity. Regulators have done a fair amount of work in crafting standards to protect high-voltage systems. But a recent report from the Bipartisan Policy Center argued that not enough is being done to protect low-voltage distribution systems — and that companies don't always share enough information with each other to protect themselves from attacks.
Policymakers, for their part, can't always decide what problem to focus on. At the Senate hearing last week, some senators criticized the Wall Street Journal for publishing information about grid vulnerabilities. Others have blamed the Environmental Protection Agency for imposing tighter air-pollution rules and forcing some coal plants to shut down. Still other members of Congress want federal regulators to impose specific upgrades and security measures — an approach that utilities say is inappropriate.
So how do we protect the grid?
In its 2012 report, the National Research Council made a slew of recommendations for protecting the grid from attacks, from getting utilities to stockpile key pieces of equipment to security upgrades. Some of these, the report found, were likely worth the cost. Other fixes — like certain cyberdefenses — were still quite expensive and needed additional R&D to bring the cost down.
The report also looked at a wide variety of upgrades to the grid that could make it more resilient against cascading failures. Such upgrades wouldn't just help the country survive a terrorist attack — they would also be useful for protecting the grid against hurricanes or ice storms or space weather.
Advanced smart grid technologies, for instance, could allow operators to identify problems more rapidly and allow the system to repair itself in real time. Alternatively, a more distributed power system would be harder to knock out — say, if more and more facilities had their own solar-power generators.
These technologies have been gradually catching on for years — the 2009 stimulus bill had $11 billion in incentives for utilities to install smart-grid tech. But it's slow going, due in part to the complex governance structure of the power grid system (see here). And smart grids can have downsides: Some critics have noted that some of these new "smart" technologies can make the grid more vulnerable to cyberattacks.
Ultimately, the National Research Council report didn't think it was possible to stop all types of large blackouts — it's too difficult to protect large, complicated systems from every last possible failure. But there's a fair bit more that could be done — and that report, at least, thought many of these steps were worth the cost.
Further reading: On a related note, here's an old piece on how space weather (yes, space weather) could, under certain circumstances, also fry the US power grid. One of the more useful defenses here would be better early-warning systems.