More than 33,000 customers remained without power Monday afternoon in Moore County, N.C., following apparent attacks on two of Duke Energy’s (NYSE:DUK) substations over the weekend, and the company said some customers may not see their electricity restored until Thursday.
The outages began near the town of Carthage about 7 p.m. Saturday. They “shortly thereafter … spread to the greater majority of central and southern Moore County,” Sheriff Ronnie Fields said in a press conference Sunday afternoon. At the height of the outages, more than 45,000 customers had lost power, Duke said in a press release on Sunday; the utility’s outage map has been updated since then to reflect the restoration of some customers as crews work in 24-hour shifts, Duke confirmed to RTO Insider.
‘Pretty Sophisticated Repair’
Crews and sheriff’s deputies investigating the outages discovered “extensive damage” to two substations. Fields said the deputies found evidence indicating that firearms had been used to disable the facilities with “multiple shots” fired by attackers who “knew exactly what they were doing.” Duke said parts of the substations had been damaged “beyond repair,” requiring technicians to completely replace the affected equipment.
Duke spokesperson Jeff Brooks said at Sunday’s press conference that “we are looking at a pretty sophisticated repair with some fairly large equipment,” and that Duke is “pursuing multiple paths of restoration [to] restore as many customers as possible, as quickly as possible.”
The county implemented a 9 p.m.-5 a.m. curfew Sunday night “to best protect our citizens and … businesses of our county,” Fields said. Additionally, most county operations were shut down on Monday except emergency services, along with limited transportation for medical needs. County Manager Wayne Vest said that the county would probably be working “a skeletal operation” through Monday and hope to “get back up to full speed” by Wednesday.
“We faced something [Saturday] night here in Moore County that we’ve never faced before, but I promise you we’re going to get through this, and we’ll get through it together,” Fields said at the press conference. “We’re very united here in Moore County, and we’re not going to let this hold us back, and I can promise you, to the perpetrators out there, we will find you.”
No Known Motivation
Law enforcement has not publicly identified any culprit or motivation for the attacks so far. Fields said that “every available officer” in his office is doing “what we can to try to determine what happened,” with municipal and state officials contributing to the effort, along with the FBI.
The Electricity Subsector Coordinating Council (ESCC) said in a statement Monday that it was “working closely with … law enforcement officials” in their investigation into the attacks. Participants in an ESCC-hosted conference call Monday night included FERC Chairman Richard Glick; Brandon Wales, executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency; and Deputy Energy Secretary David Turk.
The ERO Enterprise has also mobilized in response to the incident. SERC Reliability CEO Jason Blake said in a statement that the regional entity is “in close coordination” with Duke, NERC, federal agencies and “appropriate industry members across our 16-state footprint [so that] information is shared as it becomes known and that utilities across our footprint are in a heightened security posture.”
Asked about online rumors that the attacks were meant to shut down a local drag show that was planned to occur Saturday night, Fields said that while “anything’s possible,” the office had “not been able to tie anything back” to the show. Calling the perpetrators “cowards,” he acknowledged that no person or group had stepped forward to take responsibility for the attacks, adding that while the targeting of the power grid “wasn’t random,” he could not say at this point whether the incident should be considered an act of domestic terrorism.
The suspected connection to the drag show was apparently strengthened by a series of provocative Facebook posts by Emily Grace Rainey, a self-proclaimed conservative activist living in Moore County who served in the U.S. Army before resigning amid an investigation of her participation in the Jan. 6, 2021, attack on the U.S. Capitol.
Before the outage began, Rainey had posted the contact information of the drag show’s sponsors, adding, “You know what to do.” After the outage started she wrote, “The power is out in Moore County, and I know why,” later posting a picture of the theater where the show was supposed to be held with a caption saying, “God will not be mocked.”
However, Fields said on Sunday that while deputies had interviewed and “had a word” with Rainey, the lead “turned out to be nothing.” He urged citizens not to post false information online, reminding listeners that it “takes time for us to run that down.”
History of Physical Security Threats
The idea of domestic terrorists attacking the power grid has gained credibility in recent years, especially following the announcement in February that three men had pleaded guilty to planning to damage substations with high-powered rifles. (See FBI: Conspirators Planned Grid Attack to Start Race War.) According to their confessions, the men hoped to spark “confusion and unrest” that would lead to a civil war, inspired by “racially or ethnically motivated violent extremist views.”
The tactics of Saturday’s incident also resemble those of the 2013 attack on Pacific Gas and Electric’s Metcalf substation near San Jose, Calif. In that event, whose perpetrators have never been identified, snipers fired an estimated 150 rounds at transformer radiators in the facility, hitting 10 of the 11 targets and resulting in the loss of about 52,000 gallons of cooling oil. (See Substation Saboteurs ‘No Amateurs’.) The attackers are also believed to have cut underground fiber optic cables near the substation, temporarily disabling phone and 911 service for the area.
Physical security for bulk electric system facilities is addressed in NERC’s Critical Infrastructure Protection (CIP) reliability standards, most notably CIP-014-3 (Physical security), the first version of which was introduced two years after the Metcalf attacks. Asked about security preparations at Duke’s substations on Sunday, Brooks said that “we take security extremely seriously” and that the utility was confident its security requirements were in place at the affected facilities.
“We understand that we’re critical infrastructure, and so we do incorporate multiple layers of security at all of our facilities and across our system to help protect the grid and … restore power when we have disruptions,” Brooks said. “We can’t provide specific information on security measures at a critical facility, but I can say that certainly we’re one of the most highly regulated industries in the country. There’s a lot of protocols around security that we follow, and we believe we followed those in this case.”