(NewsNation) — As officials continue to investigate a “targeted attack” on two Duke Energy stations in Moore County, North Carolina, many are wondering if enough is being done to protect the nation’s power grid.
The latest incident comes more than seven years after federal regulators approved minimum physical security standards for critical power plants, but experts say those conditions fell short.
“These are just very vague requirements,” said Jon Wellinghoff, former head of the Federal Energy Regulatory Commission (FERC)
that regulates the interstate transmission of electricity in the United States.
In April 2013, gunmen in Coyote, California shot at 17 electrical transformers, causing $15 million in damage. The attackers were never found, but the incident exposed a significant vulnerability in the nation’s power infrastructure.
In response, federal regulators established mandatory physical security standards in 2015. The directive required power operators to identify “critical facilities” and then develop and implement security plans to protect those facilities.
But those standards were not prescriptive and gave utility companies considerable discretion in how and when they chose to secure those facilities.
Welinghoff said the recent attack in North Carolina, which left nearly 45,000 people without power, appears to be a copy of the 2013 incident in California.
“Apparently, these people went after that, figured out exactly what they needed to do, and they did it,” he said.
A congress report 2018 analyzed the impact of the 2015 security standards and determined that while many of the requirements had been implemented, they likely did not meet what was needed.
“While it is probably correct to conclude that…the US power grid is more physically secure than it was five years ago, it has not necessarily achieved the level of physical security required based on the industry’s own risk assessments,” the report found.
The report concluded that physical security levels continued to vary widely in the power sector and remained “a work in progress.”
Other industry experts, NewsNation, echoed the calls to improve security.
“Utilities need to be more active on the physical security side,” said Todd Keil, associate managing director for security risk management at Kroll, who previously worked with the US Department of Homeland Security (DHS). ).
Since the California attack, Pacific Gas and Electric Company (PG&E) has spent $300 million on security improvements at its facilities, the company told NewsNation. Those changes included additional lighting, cameras, and walls around critical equipment.
Duke Energy continues to investigate North Carolina and has said it plans to invest billions in improvements including enhanced security measures for the next decade.
Since the most recent attack, NewsNation reports have revealed numerous potential vulnerabilities related to the nation’s power infrastructure. We found out how easy it is to find the exact location of nearly 80,000 substations in North America, a map federal authorities believe was shared among white supremacists online.
When asked if physical security requirements need to be updated in response to evolving threats, FERC said, in part: “The security and reliability of the nation’s power grid remain our top priorities.”