MK Perimeter Protection Logo


The grid is under attack

On the evening of December 3, the lights went out in Moore County.

For tens of thousands of central North Carolina residents among the Piedmont hills west of Fayetteville, electric heaters became useless against the cold, the internet went dead, and refrigerator fans spun to a halt. Traffic lights went dark at intersections, and cellphone batteries began to dwindle. Local authorities declared a state of emergency and, fearful over the prospect of unrest, enforced a curfew.

The outage was no accident: Attackers had rained gunfire on two electrical substations, the facilities that regulate and distribute electricity across the power grid, and knocked them out of operation. Law enforcement estimated millions of dollars in damages, and it took days for repair crews from Duke Energy working around the clock to finally bring everything back online. A federal investigation is underway.

As dramatic and costly as the Moore County power outage was, it wasn’t an anomaly. An Insider investigation has found that attacks against the electrical grid nationwide are at an all-time high — and experts say the greatest threat comes from right-wing extremists seeking to sow chaos and accelerate the devolution of the social order. The investigation, which includes an analysis of newly released Department of Energy data, visits to substations, a review of law-enforcement records from nine jurisdictions, as well as neo-Nazi propaganda, and interviews with six power industry and extremism experts, found that attacks on the grid spiked dramatically last year, with a 72% increase over 2021.

According to Department of Energy statistics, human attacks were responsible for 171 “electric disturbance incidents” around the country in 2022, compared with 99 in 2021. (Insider’s review of the data counted incidents that the Department of Energy labeled as the result of vandalism, sabotage, actual physical attack, cyber event, and suspicious activity.)

The motivation for attacks on substations can vary wildly and usually remains unknown, as most perpetrators are never caught. But law-enforcement officials and researchers who study extremism say far-right zealots are increasingly intent on targeting the grid under the banner of neo-Nazi “accelerationism,” or the theory that chaos and destabilizing violence will help bring about a race war. And despite the rapidly growing threat, experts say, efforts to secure the grid against attack are lagging, leaving huge swaths of our electrical infrastructure vulnerable to attack from a white supremacist movement looking to take advantage.

In the past year, the Department of Homeland Security has repeatedly warned of threats to critical infrastructure posed by “lone offenders and small groups motivated by a range of ideological beliefs.” There are “continued calls for violence directed at US critical infrastructure,” the agency warned in February of last year, “as a means to create chaos and advance ideological goals.”

Though many disturbances at substations may be the result of petty vandalism or attempted burglaries, authorities are concerned about a more concerted targeting of critical infrastructure. Law-enforcement officials in Washington state warned utilities last year that white supremacists were plotting to take down the power grid, according to a December summary of two interagency task-force memos that Insider obtained through a records request.

Groups targeting electrical infrastructure “are connected with accelerationism,” an emergency-management director at the state’s Department of Commerce wrote, “and their goals are to increase social disruption, violence, and gain support for the superiority of the white race.”

Attacks on a vulnerable critical infrastructure

The Moore County attack, the biggest of its kind last year, led to scrutiny of what law enforcement and power companies were doing to prevent similar attempts to take down the grid. A raft of disturbances in the Pacific Northwest that caused millions in damages further highlighted how substations appear to be a soft target.

In spite of years of warnings from the security community about the vulnerabilities of electric infrastructure to attack, the reality is that much of it remains relatively unsecured. Some substations don’t even have video surveillance.

The vast majority of attacks and vandalism on power stations in 2022, including the high-profile attacks in North Carolina, remain unsolved, according to an Insider analysis of the Department of Energy’s database of such incidents and police records. Attackers are often able to cause damage and then flee well before utilities call law enforcement to the scene, according to police records from nine attacks obtained by Insider.

Insider visited four Pacific Northwest substations that have been attacked in the past three months. At each, there was a noticeable lack of security: Only one was patrolled by a guard. An Insider reporter walked around the perimeter of the others for 10 minutes each. At one substation, the hole attackers had cut into the fence nearly three weeks before had been repaired with plastic zip ties.

One substation that was attacked on November 28, just outside Portland, Oregon, neighbors a sheriff’s station.

Virtually under the nose of the police, someone cut a hole in the substation fence, entered the control room, and slashed power to a wide swath of the suburbs east of Portland — including offices of the utility company and law enforcement, 911 audio shows.

“We have a huge power outage,” the 911 dispatcher who took the call about the attack told a utility employee. “We’re tired of this.”

It’s no wonder the dispatcher was tired: Just four days earlier, in the same county, two people had “used firearms to shoot up and disable numerous pieces of equipment and cause significant damage” at another substation, according to an internal memo from the utility obtained by Oregon Public Broadcasting and KUOW. The police took four hours to respond to the 911 call for that attack, according to records obtained by Insider.

Two hours after initially phoning the attack in, an employee for the utilities company again called law enforcement to ask when officers would be on the scene.

“This is critical infrastructure,” they reminded the dispatcher, sounding exasperated.

An FBI representative declined to confirm the existence of an investigation into the two attacks near Portland, but the sheriff’s office said it was cooperating with a federal investigation. No one has been arrested.

At four substations in Washington state’s Pierce County, attackers broke into substations on Christmas Day and tampered with equipment, leading to arcs that cut power to 14,000 customers and caused approximately $3 million in damage.

It wasn’t difficult for attackers to breach those substations, which are on suburban streets and protected only by a fence, with a pair of bolt cutters. Nor was there much surveillance. Two had signs advising that the station was being surveilled, but the police didn’t take any footage into evidence, according to records obtained by Insider. At one of the stations, a camera was pointing directly at the electric panel, but it wasn’t active, according to a police report.

The camera “used outdated 3G cell signal” and “no longer worked,” utility employees told an officer.

Two suspects in those attacks were later charged based on an FBI analysis of cellphone records that found two devices were in the vicinity of each of the four substations when the attacks occurred, according to a charging document. After his arrest, one of the suspects told officers that they had cut power to rob a local business. He was later released from custody on orders to enter a substance-abuse program.

But most of the attacks in the past year remain unsolved, leaving a lack of data for researchers to determine the motivations behind them. Local law enforcement may also miss the signs an incident is ideologically motivated, some extremism experts worry, and not flag attacks to federal investigators.

“There is a dearth of knowledge within local and regional law enforcement to understand the early warning signs of more advanced terroristic threats,” said Matt Kriner, a far-right researcher and managing director of the Accelerationist Research Consortium.

We’re not sitting on our hands on this.

In Lewis County, Washington, 7,500 customers were knocked offline in June after an attacker caused a power arc at a substation located next to the utility’s offices. Surveillance footage captured from a building next door shows a white pickup truck drive by, then a flash of the power arc. The police found a crowbar on the scene that someone had apparently used to break a lock on the fence, according to investigation files obtained by Insider. No arrests have been made, an FBI representative confirmed.

In Kern County, in southern California, someone fired a gun into a PG&E substation last July, leaving 1,100 customers without power and causing $3 million to $5 million in damage to the station, according to a representative for the utility and police documents obtained by Insider.

The police still have no suspects in the case, a representative for the sheriff’s department said. “There have been no eyewitnesses to come forward,” the person added, “if there are any.”

Law enforcement and utility companies, though, say they’re working to resolve the open cases and prevent further attacks. In an emailed statement, an FBI representative said the agency “remains vigilant” but had “not determined that a single individual or group is responsible or that incidents in different cities are linked.”

“We’re not sitting on our hands on this,” said Brendan Armstrong, a security specialist at Seattle City Light. “We’ve all increased our security posture.”

Extremists target the power grid

Extremist groups have targeted critical infrastructure for decades. In the 1970s, the anti-capitalist New World Liberation Front carried out more than 20 bombings on California’s energy facilities. After 9/11 there was a surge in concern over Islamic extremist plots to target power, water, and transportation infrastructure. Ted Kaczynski, otherwise known as the Unabomber, explicitly called for targeting the energy sector in one of his essays. White supremacist propagandists have done the same, viewing it as the most effective way to cause chaos.

Conspiracy theorists and extremist movements abroad have also found critical infrastructure an appealing target. During the early months of the COVID-19 pandemic, a wave of arson attacks across Britain targeted cellphone towers based on the falsehood that 5G technology was somehow spreading the coronavirus.

But despite the long-standing relationship between a variety of extremist movements and critical infrastructure, four extremism researchers who spoke with Insider all agreed that the far-right had become the dominant player in targeting the grid. A study released last year by George Washington University’s Program on Extremism found that as Salafi-jihadist plots from Islamic State supporters began to wane in about 2017, neo-Nazi attempts on infrastructure grew.

“We saw a huge spike in white supremacist cases starting targeting critical infrastructure between 2020 and 2022,” Ilana Krill, a research fellow at the Program on Extremism who was one of the study’s authors, told Insider. “A disproportionate amount of these cases focused on the energy sector and substations.”

The targeting of critical infrastructure has also coincided with a resurgence in one subset of the white supremacist movement: neo-Nazi accelerationists, a largely decentralized community of people who believe that through violent attacks such as bombings and shootings they can collapse society as we know it and build a white ethnostate in its place.

Multiple countries have designated accelerationist groups, such as the now-largely-defunct Atomwaffen and The Base, as international terrorist organizations. The ideology has inspired mass killings such as the 2019 Christchurch attack in New Zealand, which killed 51 people at two mosques, and is linked to several murders and mass shootings in the US.

joint investigation last year from Insider, Welt Am Sonntag, and Politico that reviewed nearly 100,000 messages from encrypted neo-Nazi chat groups found accelerationists from across North America and Europe sharing information on bomb-making materials and discussing carrying out terrorist attacks.

Members of accelerationist groups have been charged with several plots in recent years to attack critical infrastructure. Brandon Clint Russell, a founder of Atomwaffen who kept a framed picture of the Oklahoma City bomber Timothy McVeigh on his dresser, was sentenced in 2018 to five years in prison for possession of dangerous explosives after discussing attacks on the energy sector. Five men, including three US Marine veterans, were indicted in North Carolina in 2021 and accused of plotting to use homemade thermite bombs to blow up the power grid. Three men from Ohio, Indiana, and Wisconsin pleaded guilty last year to conspiring to blow up electrical facilities in an attempt to further their neo-Nazi beliefs and instigate a race war.

“The critical-infrastructure element has become one of the core components of neo-fascist accelerationist movements in the US. It’s become one of the targets du jour,” said Jon Lewis, a researcher at the Program on Extremism who studies accelerationism.

In July, a 250-page online magazine began circulating through neo-Nazi channels on the messaging app Telegram. It was a work of accelerationist propaganda that looked like a mix between the glossy publications that ISIS distributed at the height of its insurgency, but filtered through the aesthetics of “Call Of Duty” and 4chan. Numerous sections, which Insider reviewed, contained calls for attacking critical infrastructure and instructional guides for how to knock out the power grid — claiming that “during a long-term outage, the masses will crumple and eat one another.”

Even when it doesn’t appear that white supremacists are behind certain outages, such as the botched burglary in Pierce County, accelerationist groups celebrate and sometimes take credit for attacks. Part of the movement’s goal is to push the idea of targeting critical infrastructure further into the mainstream discourse, hoping to inspire lone actors to attack the grid.

“They don’t really care who is doing the violence, who’s doing the critical-infrastructure attacks,” Lewis said. “They just want to be the spark that starts on fire.”

The electric-industry response

Recent attacks in Washington, Oregon, and North Carolina aren’t the first to raise hackles in the electric industry. A 2013 gun attack on a substation in Metcalf, near San Jose, was a major call to action.

In that case, saboteurs cut a fiber-optic cable to try to knock out communications and spent about 20 minutes shooting transformers from a short distance away in the middle of the night. Thousands of gallons of cooling oil leaked, causing the transformers to overheat, but no one ended up losing electricity.

A utility may have 100 substations in its territory and decide only two of them are critical.

The perpetrators left no fingerprints and were never caught, despite a $250,000 reward. Their professionalism put a chill into regulators like Jon Wellinghoff, who led the Federal Energy Regulatory Commission at the time. His team directed NERC, a self-regulatory group, to come up with reliability standards for critical substations — and looking back, he wishes it went further.

The standards didn’t instruct utilities to follow a point-by-point checklist and instead simply stated they had to conduct risk assessments and come up with plans to protect their critical facilities, Wellinghoff said. The result was that relatively few substations received security improvements.

“A utility may have 100 substations in its territory and decide only two of them are critical,” Wellinghoff said.

As a result, the overwhelming majority of America’s more than 40,000 substations are like the ones Insider visited in Oregon: largely unguarded, barely surveilled, and protected by little more than a chain-link fence. That’s partly because most of them can be taken offline without posing a risk to the broader system.

“Putting in a somewhat simplistic camera system and two-way voice communication could be $75,000,” said Kevin Perry, a substation security auditor who retired in 2018. “When you start replacing chain-link fence with 10-foot-high or 12-foot-high solid barrier walls that are embedded 36 inches into the ground, that’s a pretty big chunk of change.”

Utilities would have to convince state regulators that passing on the cost of those investments to ratepayers is worth it, and there are only a few states where legislators have tried to mandate stronger defenses.

North Carolina and South Carolina lawmakers have proposed bills that would boost security requirements for electrical systems, and Arizona lawmakers have proposed upping criminal penalties. The Federal Energy Regulatory Commission ordered NERC, the self-regulatory group, to consider creating new security requirements.

There have always been threats. Perry said frustrated or bored hunters had long been known to shoot at substations and other electrical infrastructure. Copper thieves — some of whom have been killed or injured — have also been a problem, he said.

There are also signs that extremists don’t have detailed technical knowledge of the grid’s weak points. Wellinghoff reviewed several pages on sabotaging electrical equipment from the accelerationist online magazine at Insider’s request. He said he wasn’t concerned.

“This is not really very sophisticated info,” he said in an email. “Pretty rudimentary.”

One issue that grid-security experts said they felt didn’t get enough attention is the long lead time required to replace bulk power-transmission equipment. Utilities often build their substations according to custom specifications, and replacing a high-voltage transformer that is damaged beyond repair can take five years, said Perry. He said Russia’s attacks on Ukraine’s electrical infrastructure were adding to the demand.

The industry has responded by forming equipment-sharing pools. Richard Mroz, a former New Jersey utilities regulator who now works as a lobbyist and advisor to the group Protect Our Power, said he’d been heartened by the willingness of some state regulators to allow utilities to bill their customers for the cost of membership.

“Whether it’s a terror cell or other domestic disgruntleds or someone who’s just had a bad day, it doesn’t matter,” Mroz said. “We should take protective measures against threats.”

Recent Posts


Contact Us