• In the early hours of the morning on April 16, 2013, a highly professional commando-style assault took place on Pacific Gas & Electric’s Metcalf substation near San Jose, California. As many as twenty-one effectively irreplaceable high-voltage transformers were very nearly destroyed. Had that occurred, Silicon Valley and much of the San Francisco Bay area could have been without power for protracted periods, possibly for years. The yet-to-be-identified attackers got away and must be assumed to be still at large.
• On October 27, 2013, the Knights Templar drug gang struck and disrupted the grid of Mexico’s Michoacan State. 
• On June 9, 2014, al Qaeda in the Arabian Peninsula (AQAP) used mortars and rockets to attack the national grid of Yemen by destroying transmission towers. It was the first time that a terrorist attack resulted in an entire country being blacked-out. 

In addition, there have been a number of incidents in which hackers believed to be associated with Russia, China, North Korea, and Iran have demonstrated the capability to use cyber techniques to penetrate and potentially to exercise destructive control over critical infrastructures like electric grids.

In addition, Rep. Trent Franks (R-AZ) has observed that a recently translated Iranian doctrinal statement makes reference in twenty different places to the use of electromagnetic pulse (EMP) to attack that nation’s enemies. The Russians, Chinese, and North Koreans similarly regard EMP as simply a type of cyberwarfare, to be employed offensively against their enemies, including this country.

It appears that official Washington has finally begun to pay attention to the vulnerability of the U.S. electric grid. Notably, the chairman of the House Homeland Security Committee’s Subcommittee on Cyber-security, Congressman Patrick Meehan (R-PA) hinted that the December 2014 North Korean cyber attack on Sony could portend that the United States’ critical infrastructure could be its next target. He observed:

American businesses, financial networks, government agencies and infrastructure systems like power grids are at continual risk. They’re targeted not just by lone hackers and criminal syndicates, but by well-funded nation-states like North Korea and Iran. A lack of consequences for when nation states carry out cyberattacks has only emboldened these adversaries to do more harm.

Even if no jihadist or other terrorist, hacker or hostile nation tries to disrupt our most critical of critical infrastructures via one technique or another, we still have to “harden” the grid. After all, we are overdue for the sort of intense solar storm that occurs roughly every 150 years. And when it hits, by one estimate issued by the National Oceanographic and Atmospheric Administration, 130 million Americans will be without power for years. Needless to say, most of those affected will perish before the lights come back on.

Fortunately, on December 1, 2014 in what may have been the only laudable action to come out of the lame duck session, the House of Representatives took a small, but important, step to address the vulnerability of the U.S. bulk power distribution system. It unanimously approved the Critical Infrastructure Protection Act (CIPA), a bill that requires the Department of Homeland Security to develop a plan for protecting the grid against solar weather, cyber attack, EMP and more. Rep. Meehan co-sponsored this legislation, along with its lead sponsors, Reps. Franks and Pete Sessions (R-TX).

With the new Congress, the CIPA bill will have to start from scratch – as would any other legislation designed to achieve grid resiliency on the more accelerated basis that is needed in the face of the aforementioned human-induced and naturally occurring threats to the grid. Still, the elevation of Sen. Ron Johnson (R-WI) to the chairmanship of the Senate Homeland Security Committee and his commitment and that of his House counterpart, Rep. Michael McCaul, to swift action on CIPA is heartening. 

But will it be in time?