DOE: Physical Attacks, Sabotage Jumped in 2022

The Duke Energy substations in Carthage (left) and West End, N.C., that unidentified attackers shot on Dec. 3, 2022, leading to the loss of power for around 45,000 customers in Moore County | FBI

Feb 3, 2023

Incidents of deliberate physical damage to bulk power system facilities rose by 77% last year, driving home the danger posed by malicious actors, DOE said.

Incidents of deliberate physical damage to bulk power system facilities rose by 77% last year, driving home the danger posed by malicious actors, the Department of Energy reported this week.

DOE’s annual summary of electric emergency incidents and disturbances — based on reports submitted by utilities to the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) — includes the type of event, demand loss in megawatts, number of customers affected, and region.

Out of the 390 incidents recorded in last year’s spreadsheet — up from 387 in 2021 — 163 involved deliberate physical damage to BPS equipment, a significant fraction of overall incidents and a major rise from the 92 recorded in 2021. The report also cites cybersecurity events (9), severe weather (95), fuel supply deficiency (5), generation inadequacy (4), system operations issues (87), and transmission interruption (27).

Among the incidents of physical damage, 90 were listed as involving “vandalism,” 57 as “suspicious activity,” 15 as “actual physical attack” and one as sabotage.

DOE did not provide details about how it defines these event types; the alert criteria listed in the report seem to be only loosely connected to the categories, with the same alert type provided for multiple types of events.

For example, “damage or destruction of [a] facility that results from actual or suspected intentional human action” is listed under both “suspicious activity” and “actual physical attack.” Additionally, there is some overlap between categories, with 10 incidents categorized as both “actual physical attack” and “vandalism.”

Most of the reported events resulted in no demand loss and affected no customers. The event with the biggest impact was December’s attacks on two Duke Energy (NYSE:DUK) substations in Moore County, North Carolina, when more than 45,000 customers lost power. The utility needed nearly a week to restore service to all those affected. (See Duke Completes Power Restoration After NC Substation Attack.) Investigators have yet to publicly identify any suspects or motives for the Moore County attacks.

The next-largest incident in terms of the number of people affected was the Christmas Day attacks in Washington state, when two men allegedly vandalized four electric substations in Pierce County, causing more than 21,000 customers to lose power. One of the men told police they committed the vandalism as part of a plan to burglarize a local business. (See Feds Charge Two in Wash. Substation Sabotage.)

By far the greatest number of physical security incidents — including the Washington attacks — occurred in WECC’s territory. The 73 WECC incidents affected more than 44,000 customers. SERC experienced 26 incidents, along with one event that it shared with ReliabilityFirst and three that affected it and the Texas Reliability Entity. These incidents, including those with RF and Texas RE, impacted more than 49,000 customers.

Events in the territory of the other REs affected a relative handful of people. Of the Midwest Reliability Organization’s six physical security incidents, one in Oklahoma affected 4,836 customers in July. The Northwest Power Coordination Council experienced 15 events, but only one — an event on Jan. 1 recorded as “suspicious activity” — affected 845 customers. RF reported several events in which the number of customers affected was unknown. Texas RE had no customers affected by its 17 incidents, although 1,521 were affected in a vandalism incident it shared with SERC.

FERC & Federal MRO NPCC RF SERC Texas RE WECC