Rifleman Sabotages Pacific Gas and Electric Station

“There are ways that a very few number of actors with very rudimentary equipment could take down large portions of our grid.”[1]

-Jon Wellinghoff, Former Chairman of the Federal Energy Regulatory Commission (FERC)

On April 16, 2013, the day following the Boston Marathon bombings, an attack was executed against the Pacific Gas and Electric Company’s (PG&E) Metcalf Transmission substation near San Jose, California. The Metcalf station serves a population of over one million, including Silicon Valley, and is an important part of the West Coast grid. The operation to cripple the station appeared to be planned and executed with precision by an unknown number of attackers. At 0058, the perpetrator(s) entered manholes, cutting AT&T phone lines in an underground vault[2], which knocked out local 911 and landline service to the substation, and some cell service in the area.[3] Minutes later, lines belonging to Level 3 Communications were also cut, knocking out the substation’s Internet service.[4]

At 0131, one or more shooters fired over 100 rounds of 7.62 x 39mm ammunition into the plant’s cooling mechanisms.[5] In the span of 19 minutes, 17 transformers were damaged, although it would be another 15 minutes before oil loss caused them to overheat and crash. A failure message was sent to PG&E’s notification system at 0145. To prevent a blackout, workers rerouted power and asked other power plants in Silicon Valley to produce more electricity to compensate for the lost capability.[6] A worker in a nearby building with functioning phones heard the shots and called the police at 0141. Police arrived at the north end of the station approximately one minute after the shooting stopped, while the attackers successfully fled, presumably to the south. The police were unable to unlock the gate to the station, and after a cursory search revealed nothing, they left. Shortly after their departure, the system crashed. In all, 10,000 gallons of oil leaked from the damaged substation and repairs took 27 days.

The Investigation

What began as a routine vandalism investigation quickly turned complex. Stacked rock piles were found in the area where the shooter(s) stood, suggesting the possibility of casing and rehearsals. Abandoned shell casings were free of fingerprints. The attacker(s) evaded surveillance cameras, but cameras did pick up what appear to be light signals at the beginning and end of the attack, possibly a coordination measure initiating the exfiltration phase of the mission when police approached.[7] The cutting of the phone and Internet lines and choice of aim points within the transformer structure demonstrated knowledge of both communication and power grid configuration. The perpetrators may have known the transformers were unlikely to ignite, and they appear to have anticipated how police would respond.

Shooting Facts

Public sources indicate that the weapon(s) used was an AK-47. 7.62x39mm is consistent with AK style rifles but not exclusively consumed by these. The AK-47 is a cheaply constructed, rugged and widely available tool. The rifle is a Russian design but is manufactured and obtainable all over the world. It is not a precision rifle. It is not a long range rifle. The 7.62x39mm round is not a uniquely destructive round. We believe, based on independent analysis of video of the scene and maps of the area, that shooting distances appear to be between approximately 50-200 meters. Engaging a bus-sized target such as the transformers with an AK or other 7.62x39mm rifle, could successfully be achieved with nothing more than a rudimentary level of skill (if illumination was favorable or quality night optics were available). It is unclear if the shooters were spraying targets or methodically engaging transformers. Firing 100 rounds in 19 minutes means the shooting could be as slow as 10 rounds per minute, or one shot every 6 seconds. Even after conducting three (30 round) magazine changes, a moderately skilled shooter is easily capable of firing 100 rounds in less than a few minutes from an AK. A 100 round drum magazine would streamline the time required. California has some of the most restrictive laws toward private gun ownership in the country. These laws did not inhibit the PG&E shooter(s).

Suspects

Information about the Metcalf attack was not publicized for 10 months. This appears to be an attempt to prevent inspiring copycats. Most signs pointed toward a professional sabotage operation, a feeling confirmed when U.S. military specialists from the Joint Warfare Analysis Center were called in to take a look.[8] The FBI alleges the incident was not an act of terrorism. This opinion is not universal (the opposition includes some former counterterrorism FBI agents).[9] Furthermore, Jon Wellinghoff, former Chairman of the Federal Energy Regulatory Commission (FERC), called it the most significant incident of domestic terrorism involving the grid that has ever occurred in the U.S. The perpetrators are likely still at large. Wellingoff, who since stepped down, gave closed-door, high-level briefings to federal agencies, Congress and the White House expressing his concern that a larger attack could be in the works and publicly acknowledged the incident out of reported concern that national security is at risk and critical electric-grid sites aren’t adequately protected.[10] Mark Johnson, a former vice president for transmission operations at PG&E agrees, and briefed a security conference his views that Metcalf was a “dress rehearsal for future attacks.”[11] It should be noted that this infrastructure is not uniquely vulnerable, whether analyzing the United States or any other country.

West Bar Nuclear Plant, Tennessee

Less than one week later, on April 21^st, an intruder opened fire at the Watts Bar Nuclear Plant in Spring City, Tennessee. A security guard on a routine perimeter check spotted a man inside a clearly marked restricted area of the Watts Bar Nuclear Plant in Spring City, Tennessee. The intruder tied his boat to the end of a dock that was located on plant property but outside the plant’s fences. Not feeling threatened, the officer spoke with the perpetrator from afar. The man produced a weapon and fired several shots at the officer, striking his vehicle.[12] The officer was not injured and returned fire, but apparently failed to hit his target. Law enforcement officers combed the area with helicopters and on foot over the next 12 hours with no success in locating the shooter.

The plant implemented a heightened security posture, and the FBI and Nuclear Regulatory Commission took control of the investigation. There are no suspects. There is no indication of sophisticated capability in this attack.

Little Rock, Arkansas

The FBI is investigating three attacks against the Arkansas power infrastructure in September and October, 2013. A perpetrator fastened a cable to a 100-foot transmission tower and laid it across a nearby railroad track in what investigators believe was an attempt to use a moving train to bring down the tower. High voltage lines were brought down during the operation, alerting officials to the tampering before trains passed through the area. There was also a fire set at a nearby substation with the message “You should have expected us.” and an incident where a stolen tractor with an extendable arm and saw blade was used to physically cut down key power poles.[13]

Vulnerabilities

Power plants have been regarded as both tactical and strategic targets. U.S. Special Operations Forces deliver long-range precision fires against key equipment as a standard mission set that is not uncommon in the world. Successfully targeting just one or two facilities in a region has the potential to create widespread disruption physically, economically, and psychologically. The scale of the attack can be tailored to suit the perpetrator’s aims. It has been alleged that the Metcalf incident resulted in the leakage of sensitive data into the public domain.[14]

There have been threats and attempts to blow up or penetrate nuclear reactors in Argentina, Russia, Lithuania, Western Europe, South Africa, and South Korea.[15] According to the 9/11 Commission Report, al Qaeda also considered attacks on a nuclear power reactor as part of its early plans.[16] Perhaps most dangerous would be a knowledgeable lone wolf suicide terrorist with no concern for high radiation exposure. Cyber attacks against the electric grid are similarly well documented. In 2013, the energy sector accounted for 59% of the cyber incidents reported to the Department of Homeland Security’s industrial control systems cyber emergency response team.[17] While cyber engagements require a high level of sophistication to plan, they are easier to stage since physical location and detection aren’t factors. And while malware has been used to destroy hardware, some experts believe recovering the grid from a cyber attack will be easier since these attacks are usually short in duration and don’t generally involve physical destruction.[18]

Physical Hardening Challenges

If the national defense strategy were to be based upon defending individual targets, there are an unlimited number of potential targets to defend. Encouragingly, the infrastructure of national adversaries is similarly vulnerable. Non-state actors must be targeted with greater precision, but they do not lack targets and vulnerabilities of their own.

According to former FERC Chairman Wellinghoff, “There are probably less than 100 critical high voltage substations on our grid in this country that need to be protected from a physical attack. It is neither a monumental task, nor is it an inordinate sum of money that would be required to do so.”[19] However, one must acknowledge the likelihood that attackers may not be married to the idea of attacking power stations specifically, but whatever target will most easily advance their objectives or interests. High voltage stations are only a small number among many potential high value targets.

Way Forward

The challenge of protection is two-fold – safeguarding the grid, the hard target and electricity’s users, the soft target. In addition to physical hardening, “psychological hardening” against threats also serves the national interest. Citizens must be prepared for the challenges of a major blackout and serve as ‘eyes and ears’ for threat detection. Public awareness is the best way to lower fear.

Ms. Kinzer is a reserve U.S. Air Force intelligence officer and senior intelligence consultant at Patch Plus Consulting.

Ms. Hesterman (PhD.) is a retired U.S. Air Force colonel. Her forthcoming book is Soft Target Hardening: Protecting People from Attack (Taylor & Francis, CRC Press, http://www.crcpress.com/product/isbn/9781482244212.)