Keeping American Lights On: National Power Grid Security

The emergence of cyberattacks as a more prevalent form of aggression by American adversaries has caused infrastructure stakeholders to take a closer look at their security policies. This is especially true of power stations and essential distribution points on the national electricity grid.

Two recent publications that discuss power grid security are Addressing Dynamic Threats to the Electric Power Grid Through Resilience performed by The Chertoff Group and Regulation of Physical Security for the Electric Distribution System performed by the California Public Utilities Commission (CPUC).

The Chertoff Group’s report applies the classic equation for risk assessment: “Risk = Threat X Vulnerability X Consequence.” This report encompasses a wide spectrum of threats, which are displayed on a chart with “Consequence” and “Likelihood” on the X and Y axis respectively. According to the chart, the most likely attacks are Natural Disasters, Physical Attack/Theft, and Cyber Attack respectively. Attacks with the highest consequences are a Nuclear attack, an Electromagnetic Pulse, and a Pandemic respectively. What doesn’t bode well is that attacks with the highest likelihood on the graph also have relatively high consequences. This contrasts the attacks with the highest consequences, which only register low-moderate likelihood. The report goes on to discuss several initiatives, particularly in the cybersecurity realm, which are placing voluntary and mandatory standards in place to prevent cyberattacks.

The Chertoff Group also briefly discusses the physical security of power stations by providing analysis on Superstorm Sandy and the April 2013 Metcalf attack. This attack and physical security are the main focus of CPUC’s report. The Metcalf attack refers to a small arms attack on the Pacific Gas & Electric (PG&E) Company’s Metcalf substation. This attack caused “millions of dollars in damages” and “destroyed several transformer oil tanks at the facility.” Even though the attack did not result in any loss of power, the event caused the California government to take a closer look at physical security for its power plants. The bulk of CPUC’s report focuses on three facets of security analysis: (1) Physical threats to the electric grid; (2) Both state and federal initiatives/regulations; and (3) Physical security in other sectors, including nuclear, chemical, financial, and military assets.

For more resources on Cyber Infrastructure Protection, visit the Homeland Security Digital Library (some resources may require HSDL login).


Article formerly posted at

Note: you may need to login to the HSDL to view some resources mentioned in the blog.

Need help finding something?  Ask our librarians for assistance!

Scroll to Top