Terrorism and the Electric Power Delivery System

Electrical grid is said to be vulnerable to terrorist attack. I can agree that electrical power distribution network would be quite vulnerable if someone tries to sabotage it and knows what to do. I know this because I design software and hardware for control systems for electrical companies.

Some days ago I saw in Finnish television an interesting documentary Suomi polvilleen 15 minuutissa (viewable on Yle Areena at least for Finnish people still for few weeks). It says that in Finland there has been debate on how many weeks the army could protect the country against potential attacks. The document says that the country could collapse in 15 minutes if some outside attacker or a small terrorist group would attack to certain key point in power network. Practically nothing would work anymore without power and it will take quite bit of time to get replacement parts for some key component. There are not too many spare parts and it it take months or a year to build a new big high voltage distribution transformer.

This vulnerability would hold to practically all developed countries. I have understood that Finnish electrical power distribution network would be in pretty good condition compared to electrical power networks on some other countries. I think that in many countries could quite easily cause huge problems by damaging some key points on power distribution network. Those attacks could be either cyber-attacks or attacks or damaging physical infrastructure.


In USA there has been lots of talk lately about electrical grid vulnerability to terrorist attack. There are warnings like this: Cyber-terrorists could target the U.S. electrical grid and throw the nation into chaos. And there is indeed some truth on those because this critical infrastructure is vital to a country’s economy and security, not a new target for terrorist groups (there have been documented incidents since the 1970s), inherently vulnerable (economical and practical reasons) and extremely hard to protect well. The electric power delivery system that carries electricity from large central generators to customers could be severely damaged by a small number of well-informed attackers. The system is inherently vulnerable because transmission lines may span hundreds of miles. Electrical infrastructure is not necessarily a new target for terrorist groups- there have been documented incidents since the 1970s.

New York Times writes that Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work. By blowing up substations or transmission lines with explosives or by firing projectiles at them from a distance, the report said, terrorists could cause cascading failures and damage parts that would take months to repair or replace.

Remember the fact that causing large scale problems for long time is usually hard. In Debunking Theories of a Terrorist Power Grab article a Penn State power-system expert cites laws of physics to pull the plug on worries that a terrorist attack on a minor substation could bring down the entire U.S. electric grid. The most vulnerable points are the ones that have the most energy flowing through them — like huge power stations or highly connected transformers. Those are the ones that should be well protected well and there should not be too much worrying on protecting smaller transformers.

Here are few links to articles for more information:

There is also a free book Terrorism and the Electric Power Delivery System on-line covering those topics. Check it out if you want to learn more. It gives you much more background than those articles.


  1. Tomi Engdahl says:

    Antti Kaikkonen Suomessa lisääntyneistä drone­havainnoista: ”Valvontaa on hieman lisätty” https://www.is.fi/politiikka/art-2000009142324.html

  2. Tomi Engdahl says:

    Pekka Haavisto: Venäjän uusissa iskuissa yksi ”erittäin huolestuttava” piirre https://www.is.fi/politiikka/art-2000009143569.html

  3. Tomi Engdahl says:

    Major German energy supplier hit by cyberattack https://therecord.media/major-german-energy-supplier-hit-by-cyberattack/
    Enercity, one of Germany’s largest municipal energy suppliers, confirmed it was targeted by a cyberattack on Wednesday morning. The Hannover-based company said its security systems “reacted immediately”
    and that “greater damage to the company” has been averted. Enercity confirmed that it would continue supplying energy to customers, explaining its operational technology and critical infrastructure was not affected. “Our grids and power plants are stable and the security of supply is guaranteed, ” the company stated.

  4. Tomi Engdahl says:

    Antti Häkkänen vaatii selkeitä linjauksia kriittisen infrastruktuurin suojaamiseksi: ”Ei voi olla niin, että ministerit vain ihmettelevät asiaa” https://www.is.fi/politiikka/art-2000009188336.html

    Energiayhtiöt ovat ilmaisseet huolensa siitä, että tulevana talvena niiden kiinteistöihin kohdistuisi sabotaasia. Puolustusvaliokunnan puheenjohtajan Antti Häkkäsen mielestä turvallisuusasioiden ei pitäisi olla ainoastaan yritysten vastuulla.

    PUOLUSTUSVALIOKUNNAN puheenjohtaja Antti Häkkänen (kok) sanoo, että Suomessa pitäisi olla selkeät linjaukset siitä, miten kriittistä infrastruktuuria, kuten energiayhtiöiden keskeisiä lämmöntuotantolaitoksia, suojataan.

    IS kertoi maanantaina energiayhtiöiden edustajien olevan huolissaan siitä, että energiayhtiöiden kiinteistöihin kohdistuisi tulevana talvena sabotaasia. Sabotaasi voi kohdistua esimerkiksi sähkölinjoihin ja muuntamoihin.

    Haastateltavien mukaan erilaisia valvonta- ja vartiointitoimia on lisätty, mutta kaikkea ei voida valvoa.

    Esiin nousivat myös kriittisen infrastruktuurin läheisyydessä havaitut dronet, joilla todennäköisesti pyritään hybridivaikuttamiseen.

    HÄKKÄNEN jakaa energiayhtiöiden huolen.

    – Ei voi mennä niin, että yritysten pitäisi itse ymmärtää, mikä on kansallisen turvallisuuden kannalta vaarallista toimintaa. Valtioneuvoston pitää tehdä linjaukset ja valtakunnan tasolta täytyy tulla ohjeistus siitä, mikä kohde suojataan milläkin tavalla, Häkkänen sanoo IS:lle.

    – Valtakunnan tasolta täytyy tulla ohjeistus siitä, miten suojataan keskeiset infrastruktuuritekijät, kuten satamat tai vesijärjestelmien solmukohdat, sekä energiayhtiöiden keskeiset lämmöntuotantolaitokset.

    Suomessa ei Häkkäsen mukaan ole aiemmin täysin ymmärretty esimerkiksi venäläisten kiinteistökauppojen roolia, energian käyttöä poliittisena aseena, tai tiettyjen muiden hybridivaikuttamiskeinojen ongelmia.

    Nyt näihin on hänen mukaansa onneksi herätty.

    – Ei voi olla niin, että julkisuudessa ministerit vain ihmettelevät asiaa. On varmistettava, että kriittisen infrastruktuurin osalta turvallisuusasiat ovat kunnossa.

  5. Tomi Engdahl says:

    Microsoft says attackers are hacking energy grids by exploiting decades-old software

    Microsoft has warned that malicious hackers are exploiting a discontinued web server found in common Internet of Things (IoT) devices to target organizations in the energy sector.

    In an analysis published on Tuesday, Microsoft researchers said they had discovered a vulnerable open-source component in the Boa web server, which is still widely used in a range of routers and security cameras, as well as popular software development kits (SDKs), despite the software’s retirement in 2005.

    The technology giant identified the component while investigating a suspected Indian electric grid intrusion first detailed by Recorded Future in April, where Chinese state-sponsored attackers used IoT devices to gain a foothold on operational technology (OT) networks, used to monitor and control physical industrial systems.

    Microsoft said it has identified one million internet-exposed Boa server components globally over the span of a one-week period, warning that the vulnerable component poses a “supply chain risk that may affect millions of organizations and devices.”

    Microsoft said the most recent attack it observed was the compromise of Tata Power in October. This breach resulted in the Hive ransomware group publishing data stolen from the Indian energy giant,

    Vulnerable SDK components lead to supply chain risks in IoT and OT environments

  6. Tomi Engdahl says:

    Extensive power outage in North Carolina is being investigated as a ‘criminal occurrence,’ authorities say

    An extensive power outage affecting about 40,000 customers in North Carolina’s Moore County is being investigated as a “criminal occurrence” after crews found signs of potential vandalism at several locations, authorities said.

    Several communities across the county began experiencing power outages just after 7 p.m. Saturday, the Moore County Sheriff’s Office said in a Facebook post.

    “As utility companies began responding to the different substations, evidence was discovered that indicated that intentional vandalism had occurred at multiple sites,” the sheriff’s office said.

  7. Tomi Engdahl says:

    Security News This Week: Attackers Keep Targeting the US Electric Grid https://www.wired.com/story/attacks-us-electrical-grid-security-roundup/
    Plus: Chinese hackers stealing US Covid relief funds, a cyberattack on the Met Opera website, and more

  8. Tomi Engdahl says:

    Security News This Week: Attackers Keep Targeting the US Electric Grid
    Plus: Chinese hackers stealing US Covid relief funds, a cyberattack on the Met Opera website, and more.

  9. Tomi Engdahl says:

    In the face of homegrown domestic terrorism, hard-to-replace transformers in the U.S. are becoming increasingly essential infrastructure. Meanwhile, a Russia-bombarded Ukraine is finding grid assistance from unexpected sources.

    Transformer Stockpiles—and Grids—Come Under Threat The U.S. failed to improve its stock, but Ukraine’s supply may be improving

    Among the most basic power equipment components—transformers—are in short supply in both the U.S. and Ukraine, increasing their power grids’ vulnerability. In the U.S., a spate of hurricanes, global supply holdups, domestic terror attacks on grid infrastructure, and a dearth of domestic manufacturing has depleted stocks. In Ukraine, relentless Russian bombardment of electrical substations is destroying transformers faster than they can be replaced.

    Both situations came before the U.S. Congress this week. President Volodymyr Zelenskyy appeared before a joint session of Congress appealing for more weapons to combat Russia’s attacks. Zelenskyy struck a defiant tone, saying bombs and blackouts will not steal Ukraine’s Christmas: “Even if there is no electricity, the light of our faith in ourselves will not be put out.”

    Meanwhile, behind the scenes, members of Congress made a last-ditch and ultimately unsuccessful appeal for federal dollars to boost transformer production.

    Transformers are like trust—months or years to build, seconds or minutes to destroy.

    Since the birth of modern power grids, millions of transformers on street poles and in switchyards have underpinned the practicality of alternating current.

    Yet nearly 140 years since their invention, transformers remain much like trust: they can take months or even years to build and just seconds to minutes to destroy.

    Projectiles puncturing their cases can release or ignite the heat-transfer oils that protect their intricate coil windings from overheating, often causing irreparable damage. That can be a crippling weakness at a time of increasing attacks on transformers.

    In Ukraine, Russian barrages destroy multiple transformers almost daily. That’s made transformers the most sought-after hardware in the country after Western missile systems. And it has forced Ukraine’s grid operators to appeal for spares from their counterparts abroad.

    Deliberate grid attacks are also raising anxiety in the U.S. Gunfire that took out the occasional transformer can on a pole five years ago is increasingly destroying transformers in substations that can weigh over 200 tonnes and feed power to neighborhoods or to entire cities.

    Coordinated firearms attacks on a pair of Duke Energy transmission substations in North Carolina this month grabbed headlines by blacking out about 45,000 people for up to four days. But in the last two months alone, deliberate damage to substations has sparked blackouts across the U.S., including in a second area in North Carolina, Ohio, and Oregon and Washington state. All remain unsolved.

    The scale of hostile outages in the U.S. pales compared to Ukraine’s suffering. But there are unsettling commonalities. In both countries, substation attacks seem designed to sow chaos and fear, and are at least partly motivated by an antipathy that’s anywhere from reckless to outright vengeful.

    The conspirators “expected the damage would lead to economic distress and civil unrest,”

    Six months after the Columbus filings, federal authorities became aware that a “suspected white supremacist” posted online the “exact coordinates of more than 75,000 substations across the U.S.,” according to cable news network NewsNation.

    Attacks and warnings are boosting utility interest in programs that give them access to shared stockpiles of transformers and other critical equipment.

    Pooling resources provides an insurance policy against high-impact events expected to occur infrequently to any one firm. But Rupert says more and closer manufacturing would enhance security. Tighter supplies mean longer delays to replace stocks that could be cleared out by a major incident causing widespread destruction—such as a massive solar storm, or attack via electromagnetic weapons.

    Large transformers Grid Assurance acquired in 2020 to be delivered in 18-24 months would take up to 39 months to replace today. Worse still, says Rupert, 70 percent of its transformers are manufactured outside North America.

    challenges contributing to transformer shortages, and honed in on one key ingredient: grain-oriented electrical steel. It’s the grade required for compact and efficient transformers, only one U.S. firm makes it, and the national lab study found its quality and quantity lacking. As a result, domestic producers serve only one-fifth of U.S. transformer demand—mostly small devices powering several homes or blocks

    A Little Help from Friends

    Creativity and bravery has certainly been on display by grid engineers in Ukraine, who cobble and piece together whatever parts they can to restore power knocked out by each Russian barrage.

    Last Friday’s had cut power deliveries by over half when the engineers set to work—despite Ukrainian air defenses downing 60 of the 80-90 missiles fired. The next day President Zelenskyy said grid operators already had power flowing again to almost 6 million people.

    Of course, there was much more work ahead. ”There is still a lot of work to do to stabilize the system. There are problems with the supply of heat, there are big problems with the supply of water,” said Zelenskyy.

    DTEK, an energy conglomerate that distributes most of eastern Ukraine’s power, received its first infusion of equipment last week, including 36 transformers from Zurich-based equipment supplier Hitachi Energy.

    Other distributors are benefitting from 250 transformers donated by Lithuanian power and gas distributor ESO that arrived earlier this month.

    Ukrenergo, meanwhile, can buy equipment for its transmission grid thanks to more than Euro-400-million in loans and grants from European governments last week.

    Ukraine’s Grid Needs Parts—Will Western Firms Step Up? As Ukraine’s energy infrastructure gets pummeled, the nation’s allies have yet to answer desperate calls for support

  10. Tomi Engdahl says:

    Pakistanin sähköverkko kaatui
    Sähkökatko alkoi varhain maanantaiaamuna, kun generaattoreita käynnistettiin uudelleen.

    Pakistanin valtakunnallisessa sähköverkossa tapahtuneen häiriön vuoksi osa maasta kärsi sähkökatkosta varhain maanantaiaamuna. Asiasta kertoo Reuters.

    Pakistanin energiaministeriön mukaan laaja sähkökatko alkoi puoli kahdeksan aikaan aamulla paikallista aikaa. Korjaustyöt on aloitettu. Pakistanin energiaministeri Kharrum Dastagir kertoi Geo Newsille, että sähköt yritetään saada palautettua 12 tunnin kuluessa.

    Massive power breakdown hits Pakistan

    Minister says power generation units are temporarily shut in winter at night.
    Says frequency variation in national grid triggered outage.
    Says ministry trying to restore power in next 12 hours.

    Power Minister Khurrum Dastagir, while talking to Geo News, said that the power generation units are temporarily shut down in winter at night as an economic measure to save fuel costs.

    “When the systems were turned on at 7:30am this morning one by one, frequency variation was reported in the southern part of the country between Jamshoro and Dadu. There was a fluctuation in voltage and power generating units were shut down one by one due to cascading impact. This is not a major crisis,” said the federal minister as the country plunged into darkness for the second time in four months.

    The minister said that his ministry has started restoring some grid stations in Tarbela and Warsak.

    “Peshawar Electric Supply Company (PESCO) and some grids of Islamabad Electric Supply Company (IESCO) have already been restored,” claimed the minister.

    A timeline of power breakdowns in Pakistan

    The country’s generation and distribution network has suffered eight major power breakdowns during the last nine years.

    In 2014 and 2017, nationwide blackouts were caused by a fault in Tarbela Power Station while fog, frequency variation and the Guddu Power Plant fault were blamed for breakdowns in 2015, 2018, 2019, 2021, 2022 and 2023.

    Every time the party in power announced to conduct a comprehensive probe and vowed to rectify the issues but nothing has happened despite multiple inquiries.

  11. Tomi Engdahl says:

    Pakistani authorities investigating if cyberattack caused nationwide blackout https://therecord.media/pakistani-authorities-investigating-if-cyberattack-caused-nationwide-blackout/
    Pakistani authorities are investigating whether a nationwide blackout which left millions of people without power on Monday was caused by a cyberattack. The countrys energy minister Khurram Dastgir Khan told journalists during a news conference on Tuesday morning that there was a remote chance the incident was caused by hackers. Cyberattacks on energy grids are rare, although several have targeted Ukraine in the context of Russias attacks against the country since 2014. Outages have become a common occurrence in the South Asian country in recent years, where an ongoing economic crisis and last years devastating floods have severely impacted the lives of the countrys more than 220 million people

  12. Tomi Engdahl says:

    FBI says two men attacked Washington’s electric grid in order to commit a robbery

    Two men have been charged with federal crimes for attacking substations in Washington State, an act of sabotage that left thousands without power on Christmas Day.

    Federal agents say one of the men confessed to knocking out the power in order to commit a burglary by emptying the cash register of a local business during the power outage.

    The sabotage came after a string of other attacks on power infrastructure across the U.S., including one that caused a major outage in North Carolina.

    The Department of Homeland Security has previously warned that power infrastructure is an “attractive” target for domestic terrorists; however, the charging documents for Greenwood and Crahan don’t indicate any political motivations.

  13. Tomi Engdahl says:

    What Is A Black Start Of The Power Grid?

    A summary of the challenges with starting a grid back up from total collapse.

    The grid is a little bit of a house of cards. It’s not necessarily flimsy, but if the whole thing gets knocked down, you have to rebuild it one card at a time and from the ground up. Restoring power after a major blackout is one of the most high stakes operations you can imagine. The consequences of messing it up are enormous, but there’s no way to practice a real-life scenario. It seems as simple as flipping a switch, but restoring power is more complicated than you might think.

  14. Tomi Engdahl says:

    What Really Happened During the 2003 Blackout?

    In 2003, one of the most severe power outages in history affected the northeastern US and parts of eastern Canada. This video summarizes the events leading up to and during the blackout.

    Blackout: The Power Outage That Left 50 Million W/o Electricity | Retro Report | The New York Times

    Retro Report: In 2003, a blackout crippled areas of the U.S. and Canada, leaving some 50 million people in the dark. Ten years later, we are still grappling with concerns over the vulnerability of the power grid.

  15. Tomi Engdahl says:

    Authorized Personnel Only – How to Start and Sync a 400,000 Watt Turbine Hydroelectric Generator

    Authorized Personnel Only – Kickstarting A Hydroelectric Turbine

  16. Tomi Engdahl says:

    Energy Transformation via Cyber-Resilient Smart Grid

    Learn more about smart grid vulnerabilities and how organizations can future-proof their enterprises

    As the need for reliable and affordable energy sources grows, countries worldwide are increasingly turning to smart grids. Smart grids revolutionize how society accesses energy, enabling higher efficiency, reliability, and cost-effective management of energy resources. But these advancements come with a risk—smart grid infrastructures are highly vulnerable to cyberattacks, leading to costly consequences if left unprotected.

    Drawing on the Achieving Energy Transformation: Building a Cyber Resilient Smart Grid

    Report released on April 2023 from TXOne Networks, a Trend Micro’s affiliated company dedicated to OT security. This blog will discuss key vulnerabilities in smart grids. It also discusses the associated cybersecurity standards and countermeasures that must be taken to protect this vital infrastructure from malicious activities.

    Renewable power generation

    Renewable power generation, such as wind and solar, plays a critical role in the smart grid, but they also introduce new vulnerabilities that attackers can exploit. The following are some of the vulnerabilities associated with renewable power generation:

    Vulnerabilities in Wind Power Control Equipment: Wind turbines are controlled by industrial control systems that may have vulnerabilities that attackers can exploit. For example, attackers could manipulate the control systems to change the output of the wind turbines, causing imbalances in the grid and potentially leading to blackouts.
    Vulnerabilities in Solar Power Generation: Solar power generation systems also rely on industrial control systems, which may have vulnerabilities that attackers can exploit. For example, attackers could manipulate the control systems to cause the solar panels to overproduce or underproduce energy, causing imbalances in the grid.

    Distribution Automation (DA) and Feeder Automation (FA)

    These are critical components of the smart grid that automate power distribution from the substation to customers. However, they are also vulnerable to attacks due to the following reasons:

    Insecure Industrial Control Protocols: DA and FA systems use industrial control protocols that may not have security features, making them vulnerable to attacks. For example, attackers could use unauthenticated commands to manipulate the DA and FA systems, causing power outages or other disruptions.
    Risk of Remote Service Vulnerabilities: Many DA and FA systems are connected to remote services, such as cloud-based applications, which can be vulnerable to attacks. Attackers could exploit vulnerabilities in these remote services to gain access to the DA and FA systems and cause disruptions.

    Energy Storage System Management

    It is an essential component of the smart grid that enables the storage of excess energy from renewable sources for later use. However, they are also vulnerable to attacks due to the following reasons:

    Insecure Communication Protocols: Energy storage systems use communication protocols to communicate with other smart grid components. These protocols may not have security features, making them vulnerable to attacks. For example, attackers could intercept the communication between the energy storage system and other smart grid components, leading to unauthorized access or control of the system.
    Physical Security Risks: Energy storage systems may be located in remote or unsecured locations, making them vulnerable to physical attacks. Attackers could damage or destroy the energy storage systems, leading to power outages or other disruptions.

    Advanced Metering Infrastructure (AMI) Management System

    This is another critical component of the smart grid that enables collecting and transmitting energy usage data from smart meters to utilities. However, they are also vulnerable to attacks due to the following reasons:

    Insecure Communication Protocols: AMI systems use communication protocols to transmit data between smart meters and utilities. These protocols may not have security features, making them vulnerable to attacks. For example, attackers could intercept the communication between the smart meters and utilities, leading to unauthorized access or control of the system.
    Unauthorized Access: AMI systems may be accessible to unauthorized personnel, making them vulnerable to attacks. Attackers could gain physical access to the AMI systems and tamper with the smart meters or the data collected by the system.

    Addressing these vulnerabilities is crucial for the resilience and security of the smart grid. Implementing robust cybersecurity measures can significantly mitigate these vulnerabilities and safeguard against cyber threats.

  17. Tomi Engdahl says:

    New Russian-linked CosmicEnergy malware targets industrial systems https://www.bleepingcomputer.com/news/security/new-russian-linked-cosmicenergy-malware-targets-industrial-systems/
    Mandiant security researchers have discovered a new malware called CosmicEnergy designed to disrupt industrial systems and linked to Russian cybersecurity outfit Rostelecom-Solar (formerly Solar Security). The malware specifically targets IEC-104-compliant remote terminal units (RTUs) commonly used in electric transmission and distribution operations across Europe, the Middle East, and Asia

  18. Tomi Engdahl says:

    Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure

    In a campaign called Volt Typhoon, Microsoft says Chinese government hackers were siphoning data from critical infrastructure organizations in Guam, a U.S. territory in the Pacific Ocean.
    Rohan Goswami / CNBC:
    Microsoft says Chinese state-sponsored hackers compromised “critical infrastructure organizations” across US industries, with a focus on gathering intelligence — – Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries …
    Microsoft warns that China hackers attacked U.S. infrastructure
    Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries, including government and communications organizations, Microsoft said Wednesday.
    The hacking group is codenamed”Volt Typhoon,” and has been in operation since 2021.
    Impacted parties have already been notified.

  19. Tomi Engdahl says:

    Russians Hacked into America’s Electric Grid. Here’s Why Securing It Is Hard.
    There is no way to completely protect the grid. Regulation at the state and federal levels makes it hard for utilities and regulators to work together to get the job done.


Leave a Comment

Your email address will not be published. Required fields are marked *