Government officials have expressed concern with the possibility of violent extremists and agents of foreign states attacking the nation's electrical grid.
[3][4] Cybersecurity is also an issue for electric grid security in the United States with financially motivated crimes being more common than terrorist ones.
[10] In a report concerning extremist threats, the Department of Homeland Security made note of a Telegram document that gave instructions for low-tech sabotage, including attacks on electrical power stations with rifles.
[11][12] In the U.S., the Federal Energy Regulatory Commission (FERC) is in charge of the cybersecurity standards for the bulk power system.
[13] However, Ted Koppel argues that the industry has blocked any significant oversight for decades, with only minuscule fines being levied for failing to comply with relatively lax standards as of the early 2010s.
In 1968, the National Electric Reliability Council (NERC) was formed after 12 regional organizations signed an agreement spanning the United States and parts of Canada.
[15][page needed] While security and reliability efforts ramped up after the 9/11 terrorist attacks, it wasn’t until 2003 that a massive blackout occurred in the Eastern Interconnection, leaving 500,000 people without power.
[16] Since their creation, these regional entities have ensured the reliability and security of the American BES by enforcing the mandatory NERC CIP standards.
[16] In his 2015 book, Ted Koppel argues that all utilities, but especially smaller ones, do not truly air-gap their operations from the internet, leaving significant attack surfaces.
The modern-day electric grid system is capable of restoring equipment that is damaged by natural disasters such as tornadoes, hurricanes, ice storms, and earthquakes in a generally short period of time.
The industry is also working with National Institute of Standards and Technology, the North American Electric Reliability Corporation, and federal intelligence and law enforcement agencies.
Recent to their article, the U.S. Department of Homeland Security confirmed that Russian hackers targeted the control room's of American public utilities.
To prevent disruption to the network, Sheahan and Powelson recommended national standards and collaboration between federal and state energy regulators.
Duke Energy put together a corporate incident response team that is devoted to cybersecurity 24 hours a day.
Senators Cory Gardner and Michael Bennet introduced legislation intended to improve grid security nation-wide.
[23] In March 2019, Donald Trump issued an executive order that directed federal agencies to prepare for attacks involving an electromagnetic pulse.
[16] In March and April of 1975, a "closely guarded" Pacific Gas and Electric substation was bombed twice in two separate incidents, knocking out power to more than 22,000 customers.
[28] Multiple attacks on electrical infrastructure were carried out by Jason Woodring in Central Arkansas between August and October 2013.
On April 16, 2013, an attack was carried out on Pacific Gas and Electric Company's Metcalf transmission substation in Coyote, California, near the border of San Jose.
On December 3, 2022, a shooting attack was carried out on two electrical distribution substations located in Moore County, North Carolina, United States.
Damage from the attack left up to 40,000 residential and business customers without electrical power, causing the death of one woman.
[45] Two men with previous criminal records of thefts were arrested on January 3, with the reported motive being to cut the power to serve as part of a wider plan to burglarize several businesses in the area.