Recovering from an Attack on Critical Electric Grid Infrastructure
Electric utilities must enhance their preparedness for recovery from a targeted attack on critical electric power grid infrastructure, as damage may be more extensive than historically encountered. Fortunately, electric utilities already have experience rebuilding transmission lines, distribution lines and substations after extreme weather events or natural disasters, such as hurricanes, ice storms, windstorms, and wildfires.
During storm recovery, each utility deploys a thousand workers at many locations across their system, allowing them to restore power across multi-state areas within twenty-four hours of a wide area blackout. During recovery from a wide area blackout, each utility restores their system from energy control centers using a SCADA (Supervisory Control And Data Acquisition) system.
Recovery from an attack, however, will be more difficult than recovery from an extreme weather event or wide area blackout as damage will be focused, rather than random.
In this post, we will explore two possibilities for which recovery strategies should be in place: sabotage of a neighborhood substation and sabotage of a critical substation. After that, we'll take a look at a very simple solution to this potentially major problem: component standardization.
Recovery at a Neighborhood Substation
A worst case scenario for a neighborhood substation could occur if a saboteur severely damaged major equipment providing power to 5,000 homes. The flow of electric power to those 5,000 homes could be interrupted for up to 24 hours until switches can be opened and closed to reroute power from nearby substations.
Depending on the level of damage, and accounting for current availability of replacement components, repairs and replacements could take weeks or months to complete. During that time, some houses may be powered by diesel generators. Other houses may get power from a nearby substation. All customers served from the neighborhood substation will be at an elevated risk of loss of electric power until final repairs have been completed.
Recovery from a saboteur’s attack may be compared to that required after a house fire. After the extent of damage is determined, replacement parts are ordered, and repairs can be completed within a few months. In the meantime, alternate living space may be needed.
The key difference between a house fire and sabotage of a neighborhood substation is that after a house fire, only one residence is impacted and residents can relocate until repairs have been completed. If a neighborhood substation is sabotaged, thousands of residences would be impacted until repairs are completed.
Recovery at a Critical Facility
A worst case scenario for a critical facility could occur if a saboteur damaged equipment at a facility that is key to supplying power to several million homes. The flow of electric power to 5 million homes could be interrupted for up to 24 hours until power can be rerouted. The flow of electric power to 1 million of these homes would be interrupted on a rotating basis until short term repairs can be made.
As in recovery from a neighborhood substation attack, repairs and replacements can take weeks or months to complete. When this many customers are interrupted, it is unlikely that power can be restored by simply rerouting power from a different facility, as was possible in the neighborhood substation example.
Some homes may be provided with electric power produced by diesel generators until repairs are completed. However, this option is not viable when a large number of customers need power. Running portable generators has its own set of problems: portable generators create poor air quality in neighborhoods, cause noise pollution, and emit significant amounts of greenhouse gases.
Recovery from intentional damage will be much more difficult than recovery from the wide area blackouts that have occurred in the past. Very few components needed to be replaced after the Northeast Blackout in August 2003 and the Southwest Blackout in September 2011.
Recovery from a major facility attack may be compared to that required to restore power in a substation after a tornado. The best case scenario occurred in Virginia in April 2011, when a 500 KV switchyard was rebuilt in two months. A more typical case requires the acquisition of replacement parts after the extent of damage is determined. Installation of replacement parts in substations will take months unless spare components are readily available.
Necessary Replacement Components
The supply chain of replacement parts needed to repair a home after a tornado differs greatly from that of replacement components necessary for critical grid infrastructure repairs. Almost all items used to rebuild a house are available at local lumber yards or home improvement stores. Stock materials, for example framing lumber, can be cut to the appropriate length at the jobsite. Plus, homeowners have a wide choice of items that can be substituted for an original item.
Rebuilding industrial buildings, offices, etc., after a tornado is much more complicated. Often these structures require replacement parts that are custom made. Recovery of critical grid infrastructure, including both neighborhood substations and larger critical facilities, is more comparable to industrial building recovery than home recovery after a significant event. The timeframe for a full recovery is longer, and the cost is greater, as custom parts are usually necessary.
Limited Component Availability
Most producers of critical components minimize the amount of inventory they maintain on hand, and receive materials in time for use, for example, when a newly planned substation is being built. However, this practice limits component availability for use in emergency replacement, such as after an attack.
This is further complicated by the fact that transformer components come from several manufacturers. This often leads to mismatched timelines of component availability, as all suppliers are minimizing inventory. Custom-designed equipment with unique installation requirements also complicates this issue.
Damage at a critical substation from sabotage or attack will have financial impacts on electric utilities, energy providers, and consumers. If rotating outages are implemented, KWH sales and revenue earned by electric utilities will be reduced. If energy providers lose transmission access, they may face bankruptcy.
Electric utilities operating facilities that are monitored by NERC can also face enhanced scrutiny, and possibly civil penalties, if it can be shown that the wide area blackout was caused by a failure to comply with NERC Critical Infrastructure Protection (CIP) Reliability Standards.
Standardized Components: The Best Path Forward
To reduce wait times for components when recovering from an attack, electric utilities should modify their critical facilities to accommodate new components with standardized, plug-connected wiring. These new components will be universally transferable from one company to another. This will eliminate the need for custom-designed equipment and intricate wiring installation.
Once standardized, components used in substations, distribution lines, and transmission lines can be quickly and efficiently installed, repaired, or replaced. It will not matter if parts are needed after a tornado, terrorist attack, or even for a new installation. Standardized equipment can be centrally warehoused and shipped to electric utilities for use “out of the box” in any location across the U.S.
In the meantime, Prescient performs power system security assessments that can identify vulnerabilities in physical security at critical grid infrastructure. If you’d like to dive further into the topic of physical security, or schedule a risk assessment, contact us. We’d love to talk security with you.