Today, the FBI Director warned Congress that Chinese hackers are preparing to wreak havoc on US critical infrastructure. Critical infrastructure is just what it sounds like. Things like water treatment plants and power stations, banks and refineries, communications and emergency services. In a nutshell, the lifeblood of modernity. Without these functions, we are back to following a mule behind a plow, hoping it rains.
I will focus on the power grid. As with the last post, I am NOT an actual expert on the grid. I know quite a bit from my own interactions with them while I ran a nuclear plant, and I have read a ton on the topic. I have not (and probably never will) operated the grid, beyond the tiny portion that made up the substation at my job.
First, what is the grid? The grid is a massive machine that takes the power made in power plants and transports it over long distances to the places that need the power. I’ll break it down a little more, but the map below shows the level of complexity we are talking about.
Time to zoom in a little bit. The map below is the Minnesota grid, specifically the area around Minneapolis-St. Paul. The red lines are 345kv transmission lines. Other colors denote different voltages on the lines. The red dots are substations.
Power plants make the electricity. Each power plant has a substation. This is where it connects to the grid. The generators at power stations usually make electricity at around 25kv. This power is sent to the substation through huge circuit breakers, easily the size of a car. These work just like the ones in your home but on a much larger scale.
If the breakers are closed, the 25kv the generator made is sent into a large power transformer. These take the 25kv and increase the voltage to grid voltage. Depending on where you live, this can vary from 115kv to 500kv. You keep voltage high in order to keep current flow low. Current causes heating in the lines, and too much can cause them to droop or even fail. Some of these lines run for hundreds of miles, so this is extremely important.
In the case of the Minnesota grid above, power goes into the transformer at 25kv and leaves it at 350kv. It passes through more circuit breakers and is then sent along the high tension lines to where it is needed.
Along the way, the lines will meet up with substations that are not connected directly to a power plant. These substations have the same equipment, giant circuit breakers and transformers, but instead of raising the voltage, they lower it. Somewhere near your house or office is a substation that takes the grid voltage of 350kv and drops it down to a lower, more manageable voltage.
The lines we send into cities and neighborhoods are usually somewhere around 13kv. This keeps current flow low enough to prevent damage, but reduces the voltage to a safer level for the trip into populated areas. The small transformers on power poles, or the little green boxes in your yard, further reduce that voltage to household levels, usually 110V.
That is the grid, in its most basic sense. This is over simplified, but that’s kind of my thing, so we’ll just go with it.
All of this has to be controlled precisely. Read my post about Texas’s power grid for more on that. The power plants control the breakers for their own generators. Pretty much everything else is controlled by the power company’s dispatching centers and the independent system operators. They use computer systems to monitor and control the grid, which of course is vulnerable to hacking. I won’t go into any detail on the protections they have, because I don’t know much and wouldn’t tell you anyway.
But, in cyber war, the offense has a huge advantage. They exploit vulnerabilities in operating systems, and the overall stupidity of human beings (seriously, I know cyber security training sucks, but try to listen), to access these systems and install malware. This can sit there, undetected, until the attacker decides to activate them.
A well known example is the STUXNET attack on Iran’s nuclear enrichment facility. A virus was installed onto the controllers that ran the uranium centrifuges. Over time, this virus sped the machines up far past their normal high speeds (90000 RPM), all the while telling the control systems that everything was fine. Almost 1000 centrifuges eventually destroyed themselves. This is estimated to have set the program back years.
Russia has already hacked our grid hundreds of times according to DHS estimates. As they were invading Ukraine in 2022, Russian hackers again attacked the US. They attempted to take out about a dozen electric plants and natural gas facilities. This was unsuccessful, but serves to illustrate the risks.
There are also physical threats to the grid. In April of 2013, attackers cut the communications cables to a substation in San Jose, then proceeded to fire suppressed rifles at the transformers. This caused damage to 17 of the transformers, requiring $15 million in repairs. Analysis of the attack called it professional.
This is terrifying. Following the attack, the Federal Energy Regulatory Commission (FERC) released a report saying that if the right 9 substations were taken out in the right order at the right time, it could completely collapse the US power grid. Thankfully, they were smart enough to not list them.
As political extremism in America continues to rise, attacks on the grid are increasing. From 2021 to 2022, attacks on the grid rose by 71%. Transformers are being targeted in these attacks for a reason. A big issue with the transformers is the ability to replace them. We can’t. If more than a few of the biggest, most critical ones were destroyed, it would take years to order, manufacture, and install a replacement. We don’t make them in the US. We don’t keep many spares.
According to the DHS Cybersecurity and Infrastructure Security Agency (CISA), the electrical grid provides an enabling function for all the other sectors. No power means no water, no food, no medicine. It means a return to the 19th century, when the US population was around 50 million people.
DHS estimates that, if the grid were to go down for one year, US casualties could reach 90%. That’s 300 million people dead. We cannot support the current US population without a functioning power grid.
If that scares you (it sure as hell scares me), then you understand why this is such a big deal. The grid is incredibly complex and surprisingly fragile. It is a mix of technology from the early 1900s and modern control systems. It is so widespread that it is impossible to fully protect and controlled by so many entities that no one has overall responsibility for keeping it safe.
Currently, the 120000 miles of lines and over six thousand power plants that are the physical grid are loosely regulated by two entities. FERC, mentioned before, and the North American Electric Reliability Corporation (NERC). These two entities are not strong regulatory bodies and the power companies have a lot of sway on what regulations do and don’t get implemented.
I hope Congress listens to Wray. I hope they finally decide that leaving a mortal vulnerability up to various corporations to protect is a good way to end up with a lot of dead citizens. I hope the Chinese, or Russians, or Iranians, or North Koreans (you get the idea) don’t decide that it’s worth getting a couple nukes dropped on you to fatally injure America.
As usual, this is all open source, so here are some links:
https://en.wikipedia.org/wiki/Metcalf_sniper_attack
https://www.powermag.com/expect-death-if-pulse-event-hits-power-grid/
https://www.ucsusa.org/resources/how-electricity-grid-works
https://www.nationalgrid.com/stories/energy-explained/what-is-a-substation
https://a.co/d/bKiJqQJ (This is an Amazon link to Lights Out by Ted Koppel. It’s a much more eloquent look at this issue written by a well respected journalist. Great read.)
Sleepy Neutron's Nuclear Knowledge 
Leave a comment