Amidst Recent Attacks, U.S. Regulators Emphasize Grid Security

A series of threats to the U.S. power grid have elevated physical grid security as a key concern for federal energy regulators. On December 15, 2022, the Federal Energy Regulatory Commission (FERC) ordered the North American Electric Reliability Corporation (NERC) to reassess its existing security rules in light of recent grid attacks.

NERC rules require facility operators to perform risk assessments on transmission substations that could result in instability, uncontrolled separation, or cascading within an interconnection. Specifically, FERC ordered NERC to review “the adequacy of the required risk assessment set forth in the physical security reliability standard; and whether a minimum level of physical security protections should be required for all bulk-power system transmission stations and substations and primary control centers.” NERC’s assessment of the existing rules is due in April 2023.

The most recent public meeting of the Joint Federal-State Task Force on Electric Transmission (Task Force) took place on February 15, 2023, and focused on “Physical Security of the Transmission System.” At the meeting, NERC President and CEO James Robb indicated that regulators will have to make difficult decisions about which of the 50,000 high-voltage substations will most need additional security. Puesh Kumar, Director of the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, noted the information gaps related to understanding and preventing attacks. In “[T]he majority of incidents, there isn’t a lot of good information on what caused it,” Kumar stated. “When these events do occur, they tend to be pretty localized.”

The General Accounting Office has indicated that in the first eight months of 2022, the U.S. electrical grid was physically attacked more than 107 times — the most in over a decade. High-profile instances include the following:

  • On February 6, 2023, the FBI and the U.S. Attorney’s Office for the District of Maryland announced the filing of a criminal complaint against Brandon Clint Russell and Sarah Beth Clendaniel, each of whom was charged with conspiracy to destroy an energy facility in Maryland. According to an FBI affidavit in support of the criminal complaint, Russell allegedly plotted to attack critical infrastructure and advised an FBI source to strike “when there is greatest strain on the grid.”
  • In January 2023, the U.S. Attorney’s Office for the Western District of Washington filed criminal charges against two men in relation to attacks on substations owned by Puget Sound Energy Inc. and Tacoma Public Utilities that took place on December 25, 2022. The attacks caused more than 14,000 customers to lose power and generated more than $3 million in damages. Charges included conspiracy to damage the property of an energy facility and conspiracy to cause a significant interruption and impairment of a function of an energy facility.
  • An attack in December 2022, during which gunfire damaged two Duke Energy Corp. substations in North Carolina and affected 40,000 customers, remains under investigation. The Duke substation attack followed two similar vandalism incidents affecting critical North Carolina power infrastructure, one involving an EnergyUnited Electric Membership Corp. substation and another affecting a Carteret-Crave Electric Cooperative substation.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.