If a utility wants to spend money to protect itself, they put themselves at a cost disadvantage, which often keeps them from making changes
The number-one cause of most power outages in the U.S. is bad weather

What does the industry consider to be its most severe threats the U.S. electric grid? There is no shortage of nightmare scenarios.

According to the Department of Energy, the number-one cause of most power outages in the U.S. is bad weather, which costs the economy between $18 billion and $33 billion every year in lost output and wages, spoiled inventory, delayed production and damage to grid infrastructure.

When considering what’s at stake, it’s important to keep in mind that a large power transformer (LPT) is an enormous, custom-built piece of equipment tailored to customers’ specifications. They usually aren’t interchangeable with each other, and they aren’t produced for spare-part inventories, so if one blows a lot of companies and homes could be without power for more than six months. They’re not cheap, either. According to EEP (Electrical Engineering Portal), $10 million is a fairly average cost, but that doesn’t include transporting the gargantuan piece of equipment or installing it, which usually adds an additional 35 percent to the bill.

As Dave Hunt, an independent homeland security consultant and a founding member of the National InfraGard Electromagnetic Pulse special interest group, puts it, “Hurricanes, flooding, tornadoes—you know you’ll get these, so do we prepare for a rare event or do we put it [money] into more sandbags?” It’s a troubling question considering all the possible threats facing the grid. Ironically, if a utility wants to spend money to protect itself, they put themselves at a cost disadvantage, which often keeps them from making changes.

An extraordinarily large solar flare could cause an Electromagnetic pulse event (EMP)
NASA estimates that a solar storm event today would make the earth go dark in about three minutes

Solar storms. In 1859, British solar astronomer Richard Carrington witnessed a white-light solar flare—a magnetic explosion on the sun—which was so strong it was visible from earth. If we were to experience something like that now, it would have dire consequences. Not only would it disrupt the magnetic field, but it would charge the ground with electricity and that voltage could get in to a transformer and destroy it. Moreover, in today’s electronic and GPS-guided world nothing would work. NASA estimates that a comparable event today would make the earth go dark in about three minutes.

An extraordinarily large solar flare could also cause an Electromagnetic pulse event (EMP), which would plunge the world into chaos almost immediately. Cell phones and computers would stop working; electricity would be gone over a very large area, and it could take up to a year to fix; people on life-saving medical equipment would die. Whatever food is in the stores would be gone or rotten in a matter of days. Recent testimony by Peter Vincent Pry, a member of the Congressional EMP Commission and executive director of the Task Force on National and Homeland Security, indicates that an EMP event such as occurred in 1859 could wipe out half of America's population in a year.

This kind of event, says Hunt, could also occur if a nation state exploded a nuclear device above the U.S. “If Iran were to ignite a nuclear bomb about 200 miles over the middle of the country, a super high pulse lasting a billionth of a second would fry any unprotected electronics. Planes would be dropping out of the sky.” Moreover, our backup generators wouldn’t work once the gas ran out.

An extraordinarily large solar flare could cause an Electromagnetic pulse event (EMP), which would plunge the world into chaos almost immediately. Cell phones and computers would stop working; electricity would be gone over a very large area, and it could take up to a year to fix; people on life-saving medical equipment would die

Physical attack. Last April, someone or some people (no one has been caught) slipped into an underground vault and cut a couple of communications cables. Within a half hour, snipers were surgically shooting at a PG&E electrical substation in Metcalf, Calif., and taking out 17 giant transformers that power Silicon Valley. Surveillance tapes reveal that a minute before the police showed up, the perpetrators disappeared.

It took utility workers nearly a month to make repairs and bring the substation back to life. This event says Hunt, “was a very sophisticated attack,” and it is viewed by many as a trial run and a possible terrorist act that, if it were widely replicated across the country, could take down the U.S. electric grid and black out much of the country. PG&E’s response was to build a wall around the substation.

Stupidity. Last July 3, DHS replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”  Unfortunately, DHS made an enormous mistake and released more than 800 pages of documents related not to Operation Aurora but to the Aurora Project, which is a 2007 research project run by Idaho National Laboratory that demonstrates how easy it is to hack elements in power and water systems.

The Aurora Project exposed a vulnerability common to many electrical generators, water pumps and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down.

Hunts says, “If the nation loses power we won’t have the ability to pull ourselves up by the bootstraps. You can’t respond your way out of it. You can’t stockpile enough food to feed tens of millions of people a month. Any place that is running will be overwhelmed. Even if 40 percent of the country is hit, can the other 60 percent manufacture enough to save us? Sure, generators could power the stuff, but the problem with them long-term is that the fuel supply would run out.”

Generators aren’t the half of it.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Vicki Contavespi Washington Correspondent, SecurityInformed.com

In case you missed it

Are Privacy Concerns Stifling Innovation in Security?
Are Privacy Concerns Stifling Innovation in Security?

Facial recognition is the latest technology to be targeted because of concerns about privacy. If such concerns cloud the public perception, they can be harmful to technology markets. Whether the concerns are genuine or based on misinformation is often beside the point; the practical damage has already been done. But beyond market demand, what is the impact of privacy concerns on technology innovation? We asked this week’s Expert Panel Roundtable: Are privacy concerns stifling innovation in security and related markets? 

Building Security: How Audio Tells the Whole Story
Building Security: How Audio Tells the Whole Story

Every building starts with the entrance. A solid enterprise risk mitigation and security strategy include protecting that entrance. Often, risk mitigation strategies protecting the entrance have included high-resolution video surveillance cameras, video management systems, and access control solutions. But that strategy and set of security solutions only tells part of the story. Imagine a security guard who is protecting a facility after hours, when an individual approaches the entrance and seeks to gain access. The security guard can pull up the video surveillance feed and see the individual and his movements, which appear to be suspicious. But he also needs to hear him in order to decide the next decisions and actions. Does he escalate the situation, calling for backup and for first responders’ response, or does he allow the individual access to the building because he works there and is authorized to enter?   Meet high-definition voice What the security guard needs is to be able to hear and to communicate with that individual. All enterprise security systems need three primary components in order to successfully protect the entrance and to mitigate risk – access control, video surveillance, and the ability to hear and communicate. Each component plays an integral role in supporting a unified security system, and without all three, the security system is not complete. Access control can be thought of as the brains of a security system by holding data and permissions. It serves as the arms and hands of the system; it can either keep someone out or invite them in. IP video allows a security team to remotely position a set of eyes anywhere an IP camera can be placed on a network. With a video management system, security teams can see what is happening and decide how to respond. However, with remote viewing, the event may be over by the time security physically responds.  Audio adds interactivity That three-component enterprise security system – comprising IP video, access control, and high-definition voice working together mitigates risks and provides value. It also means that security is interactive. Security teams talk and listen to the person that’s seen on a video surveillance system, no matter where the location or how remote. If the person is lost or simply needs assistance, security personnel can talk to them and provide direction and reassurance. Even more, in an emergency, an interactive solution becomes a critical life-saving tool, as it provides data that can be shared between security, police, emergency services, and more. Audio can also detect voices, noises, breaking glass, or other sounds that are not within direct view of a video camera. An interactive security system creates an informed response, by providing real-time situation awareness management. Post-event, it supports forensics and investigations to mitigate future security incidents.  Audio and COVID-19 We are living in extraordinary times. As businesses begin to reopen and stay open, they are looking for any tools that can help them overcome the enormous challenges they face. In buildings and facilities, the COVID-19 pandemic has created a new security perimeter, one that demands contactless access with entry and exit, and that has also created a new duty of care for security professionals. Now more than ever is the need to interact and communicate with individuals moving in and out of doors and spaces without physical intervention. Intelligent communications, integrated with contactless access control, can help a business to comply with pandemic safety guidelines and ultimately, reopen for business and stay open.  COVID-19 has also increased the need for clean-room isolation and quarantine spaces, sometimes in areas not originally intended for that use, where risk of infection is high, and equipment must be easily disinfected between patients. Here, purpose-built cleanroom intercoms, providing clear touchless communications despite the noisy environment, have emerged as critical tools for enabling patient care while reducing the need to enter the contaminated space. For example, voice communication can enable hospital staff to verify identity and to communicate with patients without entering the isolated and infectious environment, which can save on personal protective equipment (PPE) and reduce the amount of exposure to the virus. In non-emergency healthcare facilities, such as medical centers, voice can effectively relay information to building occupants and visitors for screening purposes. Visitors can be seen and heard. For example, a patient who seeks access to a medical center for an appointment can hear important instructions from a nurse via the intercom solution. Seeing the person that you talk to is one thing but hearing them conveys a much better sense of closeness, making it possible to maintain a high level of security and customer service.  The whole story Today’s security systems should no longer simply involve video surveillance cameras generating feedback and images to a security guard. Instead, a new ecosystem for enterprise security and risk mitigation has emerged, and it’s one that involves video surveillance, access control, and high-definition voice. That ecosystem can ensure well-rounded and responsive information management and security platform, all communicating with each other and offering actionable insight into risks and potential physical breaches. Audio is the new value hub of the connected and intelligent school, campus, building, correctional facility, and more. Simply put, a silent security system cannot be an effective security system. In every situation, it is crucial for all security professionals to mitigate risk, no matter what they are protecting. This emphasizes the need to hear, be heard, and be understood in virtually any environment.  

Inclusion and Diversity in the Security Industry: ‘One Step at a Time’
Inclusion and Diversity in the Security Industry: ‘One Step at a Time’

Historically, concerns about inclusion and diversity have not been widely discussed in the security market. In the last couple of years, however, the Security Industry Association (SIA) and other groups have worked to raise awareness around issues of diversity and inclusion. Specifically, SIA’s Women in Security Forum has focused on the growing role of women in all aspects of security, and SIA’s RISE community has focused on “rising stars” in an industry previously dominated by Baby Boomers. The next generation of security leaders There is a business case to be made for diversity and inclusion, says a report by McKinsey & Company. According to the management consulting company, gender-diverse companies are 24% more likely to outperform less diverse companies, and ethnically diverse companies are 33% more likely to outperform their less diverse counterparts. Furthermore, the “next generation of security leaders” – employees under 30 – are particularly focused on diversity and inclusion. Diversity refers to the traits and characteristics that make people unique A panel discussion at ISC West’s Virtual Event highlighted aspects of inclusion and diversity, starting with a definition of each. Diversity refers to the traits and characteristics that make people unique. On the other hand, inclusion refers to the behavior and social norms that ensure people feel welcome. “We are all on a journey, and our journey takes different paths,” said Willem Ryan of AlertEnterprise, one of the SIA panelists. “There are opportunities to improve over time. We can all change and increase our ability to have a positive impact.” Industry responsibility The industry has a responsibility to the next generation of industry leaders to address issues of inclusion and diversity. Forbes magazine says that millennials are more engaged at work when they believe their company fosters an inclusive culture. So the question becomes: How do we unify and create opportunities to work with and champion tomorrow’s leaders? SIA is driving change in our industry to achieve that goal. More women are active in SIA than ever before. The SIA Women in Security Forum now has 520 members, said Maureen Carlo of BCD International, the SIA Women in Security Forum Chair and another panelist. Also, more women than ever are chairing SIA committees and serving on the SIA Board of Directors. More women than ever are chairing SIA committees Overcoming unconscious bias Former SIA Chairman Scott Shafer of SMS Advisors, another of the panelists, noted that SIA awarded the Chairman’s Award to the Women in Security Forum in 2019, and to the RISE community steering committee in 2020. “There are lots of ways we are seeing the elevation of women and ethnic groups in the security industry,” said Shafer. One topic of interest is the problem of “unconscious bias,” which can be overcome by looking at something through some else’s lens. Ryan suggested use of the acronym SELF –  Slow Down, Empathize, Learn, and Find commonalities. Ryan recalled the value of being mentored and having someone shepherd him around the industry. “Now I want to give back,” he said. “We need to look at the things we can change in ourselves, in our company, in our communities, and in our industry. Change comes from the bottom and the top.” Increasing representation “It takes all of us to increase representation everywhere,” said Kasia Hanson of Intel Corp., another panelist. “We have in common that we are all human beings. Let’s make sure the next generation all have opportunities.” Diverse companies can attract better talent Moving forward, the panelists urged the industry to get involved and create opportunities because inclusion drives diversity. Diverse companies can attract better talent and attain a competitive advantage. Awareness of unconscious bias, and working to eliminate it, is an important element of change. Despite the progress the security industry is making, change continues to be incremental. As Ruth Bader Ginsburg has said, “Real change, enduring change, happens one step at a time.”