Electric Grid Threat Looms Nearly 7 Years After Unsolved ‘Insider’ Attack

At 12:58 a.m. on April 16, 2013, while the nation was reeling from the Boston Marathon bombings only hours earlier, an unknown number of suspects assaulted the Metcalf Transmission Substation in Santa Clara County, California, which feeds power to Silicon Valley. The attackers initially used heavy wire cutters to snip fiber-optic cables operated by AT&T in a below-ground bunker. The team briefly disabled the 911 emergency system and phone lines. The suspects knew the specific manholes to open to reach the right cables. They were “clearly knowledgeable” about the layout of the substation and its communication systems, said one federal official.

By 1:31 a.m., a surveillance camera pointed along a chain-link fence around the substation recorded a streak of light that investigators from the Santa Clara County Sheriff’s office determined was a signal from a waved flashlight. It was followed by the muzzle flash of rifles and sparks from bullets hitting the fence. Additionally, following the attack, investigators found small piles of rocks near to where the shots had been fired, the type of formations that can be used to scout firing positions.

Jon Wellinghoff, chairman of the Federal Energy Regulatory Commission at the time, called it “the most significant incident of domestic terrorism involving the U.S. power grid that has ever occurred.” High-ranking government sources have told NBC they believe it was a trial run for a larger attack on the grid.

Officials say the attackers used night-vision scopes on their weapons and fired 120 rounds from high-powered rifles targeting transformers, which began to leak tens of thousands of gallons of oil and then overheated and shut down. The attack destroyed 17 large transformers. While some nearby neighborhoods temporarily lost power, “the big users weren’t even aware Metcalf had happened”, according to the Electric Power Research Institute. However, it took 27 days to repair the damage and cost over $15 million.

At 1:37 a.m., PG&E received an alarm from motion sensors at the substation. Minutes later, at 1:41 a.m., Santa Clara County Sheriff’s department received a 911 call about gunfire, sent by an engineer at a nearby power plant that still had phone service. By 1:50 a.m., another apparent flashlight signal, caught on film, marked the end of the attack. More than 100 expended 7.62×39mm cases were later found at the site. Sources said investigators had found no fingerprints on the shell casings, no matchable boot prints and no tire tracks from getaway vehicles.

One minute after the shooting stopped, 1:51 a.m., law-enforcement officers arrived, but werent able to detect an incident. Unable to get past the locked fence and seeing nothing suspicious, they left. At 3:15 a.m., PG&E dispatched a worker to the scene to survey the damage.

In August 2014, three members of the Santa Clara County Sheriff’s Office who responded to a major attack on a South Bay electrical substation last year recently revealed their belief that those in charge mishandled critical decisions just hours after the incident. “This was far more than vandalism,” said one of the first responders. “It was a serious attack and it was compromised from the start.”

The NBC Bay Area Investigative Unit recently reported that some Santa Clara Sheriff’s Office insiders are now criticizing the initial police response to that attack. Two sheriff’s deputies asked the Investigative Unit to keep their identities hidden for fear of retaliation. They ultimately decided to speak out because, as the other deputy put it, “this is important.”

They are dissatisfied that sheriff’s office administrators did not send enough resources to the scene fast enough after first responders asked for more help when they arrived around 3:30 a.m. The two deputies question why it took more than five hours before additional support arrived. “It was a big deal and the Sheriff’s Office refused to recognize that until about 8:30 or 9 o’clock the next morning,” the second deputy said. They accuse the sheriff’s command staff of downplaying the significance of the attack and failing to quickly call out more deputies and extra resources such as the SWAT team, helicopter and K-9 units. They believe those delays contributed to a crime that remains unsolved nearly a decade later.

Those frustrations grew deeper after they discovered that, in March 2014, Undersheriff John Hirokawa sent a misleading letter to Congresswoman Zoe Lofgren outlining the response to the Metcalf incident last year. “It’s written to make this incident look like the Sheriff’s Office was on top of it and handled it perfectly when nothing could be farther from the truth,” the second deputy said. The other deputy characterized the letter as a cover up to hide what he called botched decisions in the hours following the attack.

The two deputies are not the only Sheriff’s Office employees questioning what happened at Metcalf. The Investigative Unit obtained an internal email written to Hirokawa by Sergeant Gabriel Gonzalez — the first supervisor on site that morning — and the third person to express concern about the response. Gonzales references “insufficient staffing on scene” and writes that “it was pretty demoralizing for my deputies” and “we felt left out to dry that morning.”

No suspects have been identified and the case remains unsolved. However, in late 2015, Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security revealed that investigators “have not yet identified the shooter, there’s some indication it was an insider.”

By 2018, it was reported that the California Public Utilities Commission had issued its suggestions on how to improve security for all of the state’s power facilities following the 2013 Metcalf attack. Recommendations include requiring “defensibility” as a design consideration in the construction of future substations, which led to the construction of a phsyical wall around the substation. Also, according to the report, maintaining an inventory of spare parts so it would be possible to get the power grid up and running again quickly if it were to be compromised. Sen. Hill said the parts often come from overseas and are manufactured by a limited number of companies. “Which means we would be without power for six to nine months. We can’t exist that way. Our economy can’t exist that way. Our public safety can’t exist that way,” said Hill.

In 2014, a study conducted by the Federal Energy Regulatory Commission revealed that a coordinated attack on just nine of the United States’ 55,000 electric-transmission substations on the right day could cause a blackout from Los Angeles to New York City. “Destroy nine interconnection substations and a transformer manufacturer and the entire United States grid would be down for at least 18 months, probably longer,” the memo said.

Moreover, a December 2018 Department of Homeland Security report, prepared by the National Infrastructure Advisory Council (NIAC) — a group of senior executives who are involved in the operation and maintenance of critical infrastructure — warned that the nation would be extremely unprepared in the event of a catastrophic power outage. The report states, “The risk posed by a catastrophic power outage … is something that could paralyze entire regions, with grave implications for the nation’s economic and social well-being. Most importantly, the scale of the event — stretching across states and regions, affecting tens of millions of people — would exceed and exhaust mutual aid resources and capabilities.” The report noted that the grid remains a “prime target” for terrorist attacks in the United States.

Just one year prior to the MetCalf attack, in 2012, it was reported that nation’s electric grid was vulnerable to a terrorist attack. Even worse, in 2015, it was reported that ISIS had already attempted cyber terrorism, target the nations electric grid and other critical infrastructure. The risk of an attack implementing sophisticated cyber tools or kinetic means to target the grid can not be overstated. The threat of an attack targeting the power grid could cripple the United States economy and potentially kill millions of people. A lack of electricity would shut off water systems, shut down of transportation services, and even hospitals. Fresh and frozen foods supplies also would be impacted as would banks, financial institutions. “By one estimate, should the power go out and stay out for over a year, nine out of 10 Americans would likely perish,” said Frank Gaffney, founder and president of the Center for Security Policy in Washington.

To Detect Or Disclose A Secret Crime; To Bring To Judgment

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store