(U//FOUO) DHS Infrastructure Protection Note: Most Significant Tactics Against the Electricity Subsector

The following document was included in a collection of records released January 30, 2015 by Pacific Gas & Electric in response to a ruling from the California Public Utilities Commission.


IP Note: Most Significant Activity Surrounding Tactics, Techniques, and Procedures Against the Electricity Subsector

  • 11 pages
  • March 26, 2014


(U) The Department of Homeland Security’s Office of Cyber and Infrastructure Analysis (DHS/OCIA) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Infrastructure Protection (IP) Notes to provide information on risks impacting the critical infrastmcture community.

(U//FOUO) This IP Note is a joint publication of OCIA and the DHS Office of Intelligence and Analysis (I&A) Homeland Counterterrorism Division. It is intended to identify high- consequence tactics, techniques, and procedures (TTPs) used during attacks and incidents that occurred at electrical substations, facilities, and associated electrical infrastructure from 2002 to 2013. The incidents identified in this report have no known nexus to terrorism.

(U//FOUO) This IP Note utilizes information obtained from the Federal Bureau of Investigation (FBI), and has been coordinated with Department of Energy (DOE). Input was received from the National Protection and Programs Directorate’s Federal Protective Service, and the Office of Infrastructure Protection’s Sector Outreach and Programs Division, and the Protective Security Coordination Division. Information was also derived from open source reporting.


■ (U//FOUO) Electricity subsector infrastructure components are vulnerable to many tactics. The most likely high-profile and potentially consequential TTPs are targeted shootings, intentional downing of power lines, and bombings.

■ (U//FOUO) Targeted shootings at electrical substation critical infrastructure can cause extensive damage, but due to system resiliency, the effects may not result in significant impacts to customers.

■ (U//FOUO) Intentional downing of power lines often result in immediate consequences in terms of short-term power outages.

■ (U//FOUO) Bombings targeting substations have rarely been successful; however, a well-placed device can greatly reduce the capabilities of the substation.

■ (U//FOUO) The financial impact from attacks against electricity subsector infrastructure can range from hundreds of thousands to millions of dollars in repair costs, even when power outages do not occur.


(U//FOUO) Three high-consequence TTPs are most commonly found in the available data; targeted shootings, intentional downing of power lines, and bombings. These TTPs are considered high consequence because they can create significant financial impacts to the subsector owner-operators, and costly power outages which impact customers. Within the data, these TTPs are categorized as vandalism, trespassing, and various other illegal acts. All of the reported events and their associated TTPs were considered criminal in nature.


(U) Shootings at electric infrastructure have ranged from a single shot fired at a power line insulator to multiple coordinated shootings that impact an entire local system. Targeted shootings can be difficult to protect against given the stand-off distance from a target that firearms provide. In addition, the distance between the perpetrator and the targeted infrastructure may make it difficult to determine where the gunfire is coming from and may allow the perpetrator to escape unseen. Other vulnerabilities include the often remote and isolated locations of many electric power components. Most of these attacks are random acts of vandalism—particularly the shooting of insulators—rather than deliberate attacks on the sector, further complicating their characterization.

(U) There have been many incidents of gunfire targeting electric power components from 2011 to 2013. Notable incidents include the following:

■ (U//FOUO) On 11 July 2013, a 500-kilovolt (kV) transmission line in the vicinity of Phoenix, Arizona, was damaged by rifle fire that targeted multiple insulation bells along the Navajo-Dugas line. No outages resulted.

■ (U//FOUO) On 16 April 2013, the PG&E Metcalf transmission substation in San Jose, California, was heavily damaged by gunfire targeting the radiators used to cool the transformers. Without functioning radiators to prevent overheating, the transformers were taken out of service. In a potentially related incident, just prior to the shooting, nearby underground fiber optic communication cables were severed in 2 separate locations, which disrupted 911 services in the area and affected some landline and cell phone service. However, no electrical outages resulted from the shooting.

■ (U) On 18 August 2011, a Greenville, North Carolina, Red Oak Community Rural Fire Department chief and an assistant chief were charged with shooting a 115-kV power line. Two insulators on a transmission line were shot, which severed the 115-kV line. The line fell to the ground and started a fire. The incident resulted in a 30-minute power outage affecting 16,000 customers.

■ (U) In December 2008, in Lebanon, Oregon, 4 campers shot at and destroyed 3 ceramic insulators attached to a large transmission tower that held several high-voltage power lines. The shooting downed a 115-kV electrical line. The damage resulted in an 80- minute power outage that affected thousands of customers. The 4 men were sentenced to 5 years probation and ordered to pay the Bonneville Power Administration over $13,000 in restitution, by order of the Federal court that prosecuted the case.

(U//FOUO) The consequences of various shooting incidents differ depending on multiple factors, such as redundancies in the affected electric systems, intent of the incident, time of the incident, and the ability of the perpetrators to damage the most critical specific electric components. Based on historical data from open source and media reporting, more damaging attacks do not necessarily lead to power outages or other effects noticeable to consumers. For example, although the Metcalf shooting (referenced above) damaged 6 of 21 transformers and had the hallmarks of a perpetrator with insider or in-depth knowledge of that substation,
PG&E was able to continue operations with no loss of service. It is likely, however, that if the incident had occurred during the day under peak loading conditions, instead of at night, the impact would have been more serious.


(U) Power lines are an especially vulnerable component of the electric grid because there are hundreds of thousands of miles of transmission and distribution lines across the United States. Generally, power lines are easily accessible and have no particular protection, though they are also generally repairable within a short period of time. This may make them especially attractive targets to perpetrators who may have little or no specialized skills, but a desire to cause immediate, visible, though usually temporary, damage.


(U) Homemade bombs, also referred to as improvised explosive devices (IEDs), have generally been deployed against substations and pylons or lower voltage power poles. This TTP is often unsuccessful at transformer stations and other facilities because some degree of specialized knowledge in bomb construction and placement is required for maximum impact, and facilities are more likely to have security than remote power lines. Substations are complex facilities that house many types of equipment, often with redundant connections, so damage to part of a substation will not necessarily lead to the total loss of the substation or power outages for customers, depending on a substation’s design or layout. Bombs placed on power pylons can be effective because it can take several days or weeks to replace a high voltage tower that can be toppled with a relatively small explosive device due to the weight load and torque placed on towers by power lines.


(U) A number of the reviewed incidents involved the attempted or successful act of copper theft. The rising price of copper, combined with the ongoing economic crisis, has spurred perpetrators to steal copper grounding wires on utility poles, inside transformers and in substations, as well as copper wire from spools in unguarded or unlocked storage areas. Although we assess the majority of incidents involving copper theft is economically motivated, perpetrators can cause electrical blackouts as well as possible injury or death to utility company employees responsible for maintaining, servicing, and repairing damaged equipment.


Share this: