In the computer security world, the vulnerability of open above-ground transformer parks is a well-known problem. It’s been a hypothetical on many a threat model for decades.
When gunslinging yahoos in North Carolina and elsewhere started shooting transformers, my email in-box lit up with a few messages saying, “that thing we talked about, it’s happening.” Now, the cat (as it were) is out of the bag. In the american tradition of overreacting once it’s too late, we’ll probably spend billions on power substation defense, or we’ll blame China for it, and start WWIII.
I think my first conversation about the power substations was back in the mid 1990s. At that time, the US was starting to think about its “smart grid” (or, if we’re talking about the Texas power grid, “the Y’all dumbass grid”) – one fellow I knew opined that the real target is the generators: they are heinously expensive, there is no inventory of spares, and they are basically constructed in situ. Fast forward a few years and people were discussing, in hushed tones, whether a nuclear reactor could survive being hit with a suicidal commercial aircraft full of people. I know the analysis of that topic has been done, but none of the people involved will talk about it. That’s probably for the best. If the nuclear power plants are like pretty much everything humans have built, there will be complex flaws that can be explored by an adversary who puts some thought into it. Here’s one hint to would-be terrorists: start attending computer security conferences and you’ll learn how airplane flight control systems are connected to the entertainment systems, and power grids were built by the lowest bidder, etc. The environment is target-rich and always has been, as long as – like the rebels in Star Wars – you don’t expect to survive the experience. [coop]
Early one Sunday afternoon last September, for reasons that may never be clearly understood, someone fired three or four rounds from a high-powered rifle into the main high-voltage transformer in Garkane Energy Cooperative’s Buckskin Substation, in far southern Utah.
It didn’t take long for thousands of gallons of coolant to spill from the transformer’s punctured radiator fins. Soon after that, the unit’s core began to overheat, and its connections shorted out. And then came the inevitable: Nearly 10,000 homes and businesses, almost 75 percent of the co-op’s accounts, went dark.
At the co-op’s headquarters in Loa, Utah, dispatchers were able to bypass switches and reroute power to bring half of those services back on within an hour and a half. But 5,000 downline accounts, in small communities and isolated homes near two popular national parks and a national monument, went without power for more than seven hours.
But what if, instead of assuming pointless damaging attacks by random jerks, we considered carefully planned and executed political actions carried out by good guys, accompanied by a media blitzkrieg intended to have a political effect of its own?
“Some of the distribution-level transformers are pretty standardized,” he says. “But these days, every time you get a substation transformer, you’re talking about a special order, and it takes about a year. New ones are a long time coming.”
Here’s the scenario: a small contingent of environmentalist capitalists cook up the idea of publicly attacking the power grid with the stated purpose of manipulating the cost/benefit analysis for fossil fuel-powered generation systems. Some journalists are teased an opportunity to interview someone who’s planning something big – real big; the journalists are pre-fed with the political ideology of the organization, which is that they will carefully map out what parts of the grid are powered by fossil fuels and, with rifles, perhaps a truck bomb, and perhaps a direct assault on a facility (no operators or guards to be harmed unless strictly necessary) they will raise the cost of fossil fuel generation by an extremely large amount of money. Their first press release is similar in tone to the old anti-vegan trolls’ T-shirt, “for every cheeseburger you don’t eat, we will – unfortunately – have to eat two.” I.e.: “We’re not going to do anything that harms wind, hydro, solar, or nuclear generation, but fossil fuels are about to become twice as expensive because you’re going to need guards for the facilities we don’t hit, and replacements for the facilities we do.” And, perhaps, “oh, if you decide you’re going to pass the costs on to your customers, we will target your executive management, personally.”
That didn’t happen last fall, thanks to prudent preparation and a conscientious Garkane Energy board. The co-op has invested in four mobile substations, consisting primarily of backup transformers of varying voltage capacities, that are kept under lock and key. Stationed on custom-built, heavy-duty semi-trailers, they’re always ready to go.
The co-op’s own tractor-trailer rig, fully fueled and regularly maintained, stands by to pull those transformers to any of the 48 substations scattered across the five counties in two states that comprise Garkane Energy’s 16,000- square-mile territory. There’s also space set aside at those substations to set up and connect a mobile unit when it’s needed.
I’m a security guy, so I just have to enquire trollingly whether the drivers for the tractor-trailer rig have full security background checks, and have all been in their current jobs for 10+ years, and – presumably – the tractor-trailer resides in an armored revetment where it would be impossible for a thermite-carrying drone to reach it?
Shakespear says things might have gone more easily and quickly if Garkane Energy could have strengthened its grid with loop lines to backfeed power as needed to outlying areas of its service territory. But the need for long, low-density runs through rugged, mountainous, heavily forested terrain works against such a plan.
“We’ve looked at it, but the very nature of our system precludes that,” Shakespear says. “This area is not conducive to economically running a looped system.”
Nice work crew, shame if they started quitting for safer jobs because someone shot a few holes in their trucks. That’s also one of the problems with having substations all over the place. Of course, if there were nice safe clear solar farms, there wouldn’t be a problem.
The organization would need a few ideologically sound members who had absolutely no view into its operational plans, but were completely aware of the background and motivation for the group. Those members would be, presumably, stage IV cancer patients, or suffering from MS or other degenerative diseases that would simply mean that the government would be welcome to interrogate them all it wanted – all they’d get is the party line and eventually a corpse. Have a nice big show trial, or congressional hearings, it’d all play into the hand of the rebel forces. Obviously, the organization would have to have a few well-spoken nihilists who enjoy the whole media song and dance, and – perhaps – “the attacks begin on such-and-such a date. We have no idea where, by arrangement, I haven’t talked to any of the team in over a year and we were using dead drops and one-time pads we exchanged back in 2020. All I know is that one team has been buying rifles and armor-piercing bullets, and the other has been building drones, and the publicity team – we’re that. If you kill us, though, some of you may die in response, so – be careful.”
Security people have been on this beat for some time, too: [cyberinsurgency]
During the Global War On Terror, the government has inflicted Denial Of Clue attacks on itself several times. Usually this is in the form of one agency hypothesizing that another agency may be subjected to a certain type of attack, which then triggers investigation and media coverage, and suddenly the hypothetical target is expending resources to protect against an attack that never materializes.
Denial Of Clue attacks can be used in combination with one-off attacks, to create a Death Of A Thousand Cuts scenario, in which the target is constantly chasing the last threat model, but is being bombarded with plausible yet spurious threats in a Denial Of Clue, bolstered by one-off pinprick attacks designed to overload their incident response capability.
The time for such an effort to appear is a little past-ripe, especially since the largest polluters in the world (the US) have decided to fail to meet even the modest CO2 reductions called for in the Paris Accords. In fact, if the organizations’ spokes-people were clear about its non-violent agenda, its environmental focus, etc., they’d still be labeled “terrorists” (like Earth First) but there might even be popular support and copycat attacks that would magnify the effectiveness of the effort. You probably already know how much I despise marketing and public relations, but this is more like “induced catastrophe public relations” – rather akin the “the shock doctrine” as espoused by disaster capitalists. The entire publicity axis would have to keep its tongue firmly in cheek and play to the cameras while the other teams, Rogue One and Rogue Two went on independently. You know: strategy straight out of the racist dipsticks’ favorite book The Turner Diaries. They’d just have to stay focused and keep repeating, “We’re not trying to hurt anyone, we’re just unilaterally adjusting your cost equations. Think of us as a freelance Invisible Hand Of The Free Market.”
Here’s the starting fulcrum for the publicity campaign – and, honestly, I can’t think of a better guy to have an open conversation with: the chairman of the US Senate Committee on Energy and Natural Resources – Joe Manchin. [sen] I don’t know if you knew that, but irony died the day Manchin was put in charge of that committee.