The North Carolina power grid attack exposes a troubling reality


The North Carolina power grid attack exposes a troubling reality

Attacks on multiple electrical substations left more than 40,000 customers in Moore County, North Carolina, without power on Sunday night, prompting local officials to call in the FBI to aid in an investigation.

The attacks, which involved gunfire and as of yet have no clear motive or suspects, highlight the physical vulnerability of the United States’ vast power grid in a world increasingly concerned by the risk of cyber intrusion. More than 55,000 power substations help keep electricity flowing across the country. Physical attacks on these and other power grid infrastructure are more common than one might think — and increasing in frequency.

There were 70 reports of emergency electric incidents and disturbances caused by suspected physical attacks, sabotage or vandalism from January to August 2022, Grid’s analysis of the most recently available data from the Department of Energy found. That figure represents a 75 percent increase from 40 such reports in all of 2015, the first year for which comparable data is available.

Jon Wellinghoff, former chairman of the Federal Energy Regulatory Commission, said the susceptibility of the nation’s electric infrastructure is “a problem that should take a relatively little amount of money and time to rectify, and one that can be taken care of with a few measures that would obstruct these pieces of infrastructure — primarily transformers — from view and from harm from projectiles.”


Yet despite continued physical attacks on the grid, he said, simple measures to protect the nation’s most vulnerable electric infrastructure have not been fully implemented in many areas.

Gaps in the physical security of the nation’s power grid attracted national attention in 2013, when multiple people shot .30 caliber rounds at high-voltage transformer radiators at the Metcalf substation south of San Jose, California. That caused the equipment to leak and then fail. Although the incident prompted attention from Congress to the larger issue of grid security, the perpetrators were never caught. And the nation’s power apparatus is still at risk.

“Something as simple as sandbags would be effective,” Wellinghoff told Grid. “It’s not rocket science here that we’re talking about to be able to protect these things. And it’s not billions of dollars to protect these things either. It’s several millions.”

Persistent vulnerabilities

Duke Energy, which owns the North Carolina substations that were attacked, did not immediately respond to requests for comment. The Department of Energy did not respond to a request for comment.

M. Granger Morgan, a professor of engineering at Carnegie Mellon University, said the U.S. power system’s weaknesses have been known for decades. He highlighted a 1990 report by Congress’ now-defunct Office of Technology Assessment, titled “Physical Vulnerability of Electric Systems to Natural Disasters and Sabotage,” which identified many vulnerabilities that persist today.


The decades-old report noted that many important pieces of infrastructure were highly visible and protected by nothing more than a chain-link fence. “In some cases,” the report states, “an attack can be carried out without entering the facility.”

The attacks in North Carolina illustrate how the risks and gaps in security have continued to the present day.

“The physical vulnerability of the U.S. power system is a problem that has existed for decades,” Morgan said. “We are in a somewhat better situation these days than we were 20 years ago, but the system is still highly vulnerable.”

Still, cyber risks tend to attract more public and governmental interest — and money. Just this past August, the Department of Energy announced funding totaling $45 million to test tech that will “protect our electric grid from cyber-attacks.” The bipartisan infrastructure bill, passed in 2021, included billions of dollars in funding for cybersecurity; this includes some specifically for power grid defenses, such as that in the $100 million Cyber Response and Recovery Fund, supporting federal and nonfederal entities affected by major hacks.

But complex network-hacking operations on the electrical grid require a bit more technical expertise than some physical attacks on power infrastructure — especially if you know what to shoot at. Though it is clearly still early in the investigation into the attacks in North Carolina, Moore County Sheriff Ronnie Fields told the press that the perpetrators “knew exactly what they were doing.” Duke Energy warned that while some customers would see power restored quickly, others “should be prepared for an extended outage” that could last through much of this week.

While cybersecurity has become paramount to the grid, there has been extensive research over the years into physical vulnerability as well — especially as regards the potential for major terrorist attacks. In a Congressional Research Service report from 2014, one manufacturer of high-voltage transformers, a key component of the power grid, said that damaging them is “a surprisingly simple task and there are a large number of ways to conceivably damage a transformer beyond repair.” All it would take, the report noted, is a “bad actor with basic knowledge.”

Extremist threats

Major attacks against such infrastructure have been relatively rare in recent years — but not unheard of.

In 2013, the same year as the Metcalf attack, one individual carried out several attacks on power infrastructure in Arkansas, burning down one substation in Lonoke County. In that case though, the perpetrator was found: Jason Woodring was arrested and eventually sentenced to 15 years in prison after pleading guilty. According to the Arkansas Times, the FBI said Woodring was “angry with the direction of the country,” but further motivation was unclear.

After the Metcalf attack, FERC directed NERC, the North American Electric Reliability Corporation, to develop a mandatory physical security standard. FERC noted at the time that the wide distribution of electrical infrastructure would make disabling many different locations, affecting huge numbers of customers, difficult and unlikely. NERC has said that “the majority of physical security incidents are related to copper theft, trespassing, damage from hunters and drone surveillance.”

But as the Energy data demonstrate, physical attacks on power infrastructure are increasing, and the reasons behind them are getting more concerning. Earlier this year, the Department of Homeland Security issued an alert warning that domestic violent extremists may target the power grid. In February, three men pleaded guilty to crimes relating to a plan to target electrical grid infrastructure, a plan that the Department of Justice said was “in furtherance of racially or ethnically motivated violent extremism advocating for the supremacy of the white race.”


Similarly, in 2020 four men were arrested and eventually charged with planning to damage the property of energy facilities in Idaho; they had maps highlighting the locations of transformers, substations and other power infrastructure, and appeared in photographs wearing Atomwaffen masks and performing Nazi salutes.

“Since Metcalf, everybody knew the potential was out there,” said Wellinghoff, who headed FERC at the time. “To allow this to happen is unconscionable.”

Thanks to Lillian Barkley for copy editing this article.

  • Steve Reilly
    Steve Reilly

    Investigative Reporter

    Steve Reilly is an investigative reporter for Grid focusing on threats to democracy.

  • Dave Levitan
    Dave Levitan

    Climate Reporter

    Dave Levitan is a climate reporter for Grid where he focuses on interconnected stories about climate and science, and politics shaping action around both.