Recent reports from the U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have alerted Americans to efforts by the Russian government to target critical American infrastructure networks, particularly within the energy sector. DHS and FBI reports detail the activities of several persistent and advanced Russian hacking units, which burrowed into utility company networks and, in at least one instance, gained access to a power plant’s critical controls.
This revelation is concerning on its own, but in the broader context of existing threats to our electricity access, it signals the need to reconsider our approach to critical infrastructure and U.S. national security. The security and resilience of our electric grid are of particular concern to the U.S. Department of Defense (DoD), which is the largest institutional consumer of energy in the world. DoD relies on energy for every aspect of its mission, from powering ships and aircraft and steering the satellites that make up the Global Positioning System to sustaining forward operating bases and combat outposts in contested battlefields.
Increasingly, DoD’s missions and capabilities depend on maintaining connections to domestic bases and facilities. Even seemingly discrete missions operate across multiple domains and continents. For example, an Army patrol in a foreign country could receive reconnaissance from manned and unmanned aircraft, intercepted signals intelligence from satellites, and information from human intelligence sources. Each of these types of information might originate from a different source, but ultimately undergo processing and exploitation in the United States. Critical military and national defense capabilities, from Marines on the ground to our national missile defense system, rely on a myriad of network connections and require access to electricity to function.
Military installations in the continental United States are connected to the same civilian electric grid as our homes and businesses. Such bases usually possess diesel generators and small batteries (uninterruptible power systems) to back up their critical missions and facilities. While these redundant systems can mitigate the effects of short-term power disruptions, they are limited by fuel supplies and are often not designed to serve as primary power sources for prolonged periods. Given the threats posed by determined adversaries and extreme weather events to our power grid, it is time to formulate and implement more comprehensive strategies for DoD energy assurance.
The reports on Russian activities regarding U.S. critical infrastructure describes just one component of emerging and advanced threats to the U.S. power grid. In fact, a range of threats and vulnerabilities - from natural events to determined adversaries - have made the risk of widespread, prolonged power disruptions a crucial consideration for U.S. national security and defense leaders.
Adversaries are already disrupting power grids in other countries in ways that could be directed against the United States. Ukraine, for instance, has experienced at least two cyberattacks in the past three years that have disrupted access to power for hundreds of thousands of citizens. These attacks were complicated and multifaceted. Hackers not only accessed and opened substation breakers, but also interfered with backup power to the control rooms, overwhelmed the power company’s call center, and infected operator computers with malware called Killdisk, rendering them inoperable.
Last year, hackers unleashed a similar attack on a petrochemical company in Saudi Arabia. In this case, specific safety controls systems served as the targets. Cybersecurity analysts believe that the objective of this assault was to cause a deadly explosion. Many cybersecurity experts regard the attacks in the Ukraine and Saudi Arabia as proof-of-concept efforts that could eventually be directed against the U.S.
Attacks from determined adversaries are not exclusively channeled through computer networks. In 2013, gunmen severed local communications lines and opened fire on the Metcalf power substation in Northern California, disabling 17 high voltage transformers in less than 20 minutes. Though the utility company was able to reroute power in order to avoid outages, repairs to the substation required 27 days of work and cost 15 million dollars. The attackers were never identified. Similar attacks in more rural areas have caused outages and longer repair times. Regulators have created new requirements for the protection of electric transmission infrastructure, but the vast size of the electric grid and the large number of stakeholders who depend upon it render the monitoring and safeguarding of the entire system unrealistic.
In 2017, the United States experienced the largest power outage in its history, as more than 90 percent of Puerto Rico’s electric grid became damaged and inoperable after the island was slammed by a succession of storms. The devastation caused by the storms and the fitful nature of the recovery efforts have led to the permanent displacement of more than 200,000 residents and have fundamentally reshaped the structure of Puerto Rico’s economy and society. The disruptions in Puerto Rico and the U.S. Virgin Islands constitute the latest and most visceral examples of the impact of extreme weather events, which are only expected to become more frequent and severe in the future.
Of course, all of these disruptions pose threats, not only to DoD, but also to our economy and civic life. DoD’s ultimate mission is to fight and win our country’s wars, not to transform its national energy policy. Still, given our military’s dependence on electricity and the current threats to electricity access in the United States, we must explore what DoD can do to ensure that it is able to operate in situations in which it is needed most.
First, DoD and electricity sector stakeholders, including utility companies and regional transmission operators, should strengthen and expand collaborations in order to enhance the reliability of the power grids that serve critical DoD installations. DoD possesses limited knowledge of the workings of the electric grid outside the fences of its installations. Similarly, electric utility companies do not understand the critical power requirements of DoD installations located within their service territories. Some of this information is classified, and some of it concerns sensitive business operations. For these reasons, DoD and utility companies have not made a concerted effort to overcome the legal and logistical challenges mentioned above.
Creating safe environments for information sharing would serve as a first step to ensuring that our electric grid protects critical national security assets. Eventually, utilities could dedicate investments and operations to the protection and restoration of important DoD installations, and DoD could place its most important assets in places most likely to recover from disruptive events like those discussed above.
DoD must also strengthen its own approaches to energy resilience, which will require a focus on policy, projects, and culture. The Department has issued policy guidelines that identify energy resilience as a mission assurance priority. These guidelines direct the Military Services to “have the capability to continuously accomplish DoD missions from installations and facilities” and encourage them to “include integrated, distributed, or renewable energy sources.” Considering the types of disruption scenarios that could prevent fuel resupplies, such directions are logical.
Strong policy, however, cannot make a difference in the absence of projects to implement those policies. DoD has spent more than a decade expanding the amount of renewable energy used within military installations but has not yet developed models for resilient energy projects that could be replicated and scaled to meet the military’s critical requirements. Because installation budgets have, in the past, often failed to cover even basic maintenance costs, DoD’s installation energy program has prioritized cost reduction.
In light of the current threat outlook, DoD should strengthen its investments in funding for energy infrastructure. Innovative approaches should be prioritized, such as DoD’s Energy Resilience and Conservation Investment Program (ERCIP), a central fund for energy projects for which installations and Military Services compete, and energy program offices, such as the Army’s Office of Energy Initiatives which develops energy projects that strengthen energy resilience and mission assurance by leveraging private sector financing.
The implementation of projects that strengthen the resilience of critical missions will begin to create a culture in which DoD mission owners and combatant commanders regard supporting infrastructure with as much importance as platforms and weapons systems. With a globally networked force reliant on uninterrupted access to electricity, our military must modernize its approach to confront today’s urgent and emerging threats.
Michael Wu is a Fellow in the Resource Security program at New America and a Principal at Converge Strategies, a consulting firm dedicated to advanced energy, resilience, and national security.