Utilities attending SERC Reliability’s Spring Reliability and Security Webinar certainly needed no reminders of the dangers firearms pose to electrical equipment. Barely a year had passed since the Moore County shootings of December 2022 — when still-unidentified attackers damaged two Duke Energy substations, leading to a loss of power for about 45,000 customers — and the nearly weeklong crisis hasn’t been far from grid operators’ minds since. (See Duke Completes Power Restoration After NC Substation Attack.)
But SERC Senior CIP Engineer Justin Kelly noted in the Feb. 28 webinar that gunfire damage also may have a much more mundane cause, discussing his experiences with rural utilities that must deal with “a gun club next door.”
“I remember hearing a story of an entity that was having their insulators shot in a specific area,” Kelly said. “What they did is, they hung a target from the transmission line so that [the neighbors] would have something to shoot at, and … the people stopped shooting at their insulators as soon as they did that.”
Kelly said his goal was to remind attendees that physical security threats can arise for a broad range of reasons, not all of them malicious — but utilities always must take them seriously.
Compliance with NERC’s Critical Infrastructure Protection (CIP) reliability standards is a good starting point, Kelly said, but he agreed with his colleague Drew Slabaugh — the regional entity’s senior legal counsel for legal and regulatory affairs — that entities must understand the standards’ requirements are “results based, not paperwork based.” Treating compliance as an exercise in “check the box just to say we did it” may leave important vulnerabilities exposed.
Kelly emphasized that while there are basic protections that can and should be installed at most facilities, such as cameras and fences, utilities also must look beyond these generic steps to ensure their substations are truly secure. This means considering the “unique characteristics” present at a facility that adversaries can take advantage of.
As an example, Kelly mentioned a substation he visited with a “dead-end tower” nearby — meaning a self-supporting tower installed where transmission lines change direction that must be built to heavier specifications to manage their large “lateral loads.” Kelly noted construction going on near the tower, adding pointedly that “if you take the bolts off of the bottom of those towers, they can pull over in the direction that they’re being pulled by the line.”
Terrain is another variable that can lead to differences in vulnerability between facilities. Bill Peterson, SERC’s director of entity development and communication, observed that a mountain was a key factor in the 2013 attacks on the Metcalf substation in California, giving the attackers clear visibility into the facility that was in a depression nearby. (See Substation Saboteurs ‘No Amateurs’.)
Even when entities properly identify their unique threats, there may be little benefit without follow-through. Kelly said utilities must make sure threats are met with proper responses and that everyone involved in the entity’s CIP compliance is on board.
“I remember one entity I was at; they identified a threat [from] a specific actor. They did not provide any information [about] how they were addressing that threat, but when we asked about it, they said, ‘Oh, that person is actually in jail. That’s why we’re not doing anything about it,’” Kelly said. “But they didn’t document that anywhere. So there [was] no real ranking and understanding of what [they considered] to be the biggest threat here [and] the biggest vulnerability.”
Kelly also noted that many utilities fail to categorize their threats appropriately, ranking hazards like copper theft with the same urgency as much more immediate threats to reliability. He urged entities to work on prioritizing their risks so they devote appropriate resources to keeping the grid safe in the most efficient manner.
