Attacks on U.S. power grids rose to an all-time high last year, further straining the sprawling and aging network.
The number of direct physical attacks, including acts of vandalism and other suspicious activity, that potentially threatened grid reliability rose 77% to 163 in 2022 from the previous year, according data released by the U.S. Energy Department Tuesday. The incidents put the network at risk in more than three dozen states, affecting about 90,000 customers.
Substations, which are responsible for stepping down high-voltage power to lower levels that can be delivered safely to homes, became high-profile targets late last year.
That the web of wires connecting thousands of power plants to supply hundreds of millions of Americans is vulnerable from physical and cyber attacks isn’t new. But the rise in physical attacks is a stunning reminder of how certain targeted infrastructure can lead to significant disruptions and losses. Regulators, federal authorities and the industry have been working to identify the most vulnerable components of the grid to prevent big blackouts.
The total number of reported disturbances that threaten grid reliability was little-changed last year, rising by three to 390 events. The share of physical attacks ballooned to 42% from less than a quarter of all incidents in 2021. The bulk of the rest of the disturbances are tied to severe weather or other operational issues. The number of cyber events reported rose slightly to nine last year.
The department’s Office of Cybersecurity, Energy Security & Emergency Response, which collected the data, declined to provide details about the seriousness of the events, the companies involved, the types of facilities or any intentions. The Energy Department has consistently disclosed physical and cyber attacks as part of its annual grid disturbances reports going back to 2011. Earlier data back to 2000 show only a handful of incidents amid less stringent disclosure requirements.
Another unit of the Energy Department did identify some of the companies in a separate report last week. Duke’s Florida utility faced a physical threat in September as did the Ravenswood Generating Station in New York City and the Brownsville Public Utilities Board in the following weeks, the Energy Information Administration data showed.
Exelon Corp., another utility giant, was listed as having experienced a cyber event on Nov. 23, the day before Thanksgiving, according to the EIA. It’s a rare disclosure. Exelon submitted the report out of “an abundance of caution” after being notified of a cyber event experienced by a vendor, not because of an incident within its own operations, spokeswoman Elizabeth Keating said in an email. Neither she nor the Energy Department provided details.
Meanwhile, a small plane that got tangled amid the wires of a transmission tower in Maryland, resulting in power outages, was categorized by the agency as a transmission interruption.
In December, up to 45,000 people in North Carolina were left in the dark after two Duke Energy Corp. substations were extensively damaged. The utility giant offered a $75,000 reward for information that helps lead to arrests. Then on Christmas day, two men attacked four substations in Washington state, triggering blackouts for more than 15,000 people and causing $3 million in damages.