The dramatic destruction of parked Russian strategic bombers through a daring operation of the Ukrainian intelligence service has once again shone a spotlight on the power of asymmetric warfare. After initial reactions of delight in the West at seeing Russian aircraft burn, such feelings quickly turned to concern that similar events could relatively easily happen here as well.
The fact that cheap, low-end systems could wreak havoc on advanced military forces is indeed fear inducing—and unfortunately, that risk extends beyond jets parked on an airfield apron.
The electrical grid has been described as “the world’s largest machine.” In terms of defending it, a better mental model is that of a very complex supply chain. Electrons are produced from molecules pulled from the ground, atomic reactions, or the movement of wind, water, or sun. Those electrons are transported through a vast network of wires to their ultimate end use.
Notably, that end use—whether light, warm or cold air, artificial intelligence inference, or a Netflix movie—is all that matters. The electrons in an intermediate form or location are useless to a human being, so disruptions anywhere along the supply chain are functionally equivalent.
Attacking energy infrastructure has long been recognized as a useful combat tactic because those electrons are a precursor to many legitimate military end uses. Attacking electric power can also terrorize civilian populations, best evidenced in Ukraine by thousands of Russian attacks against the grid by high-end cruise missiles and guided weapons.
The number of global actors with access to cruise missiles is, thankfully, limited. But that does not reduce the risk to the grid. Being able to disrupt end use anywhere along the electron supply chain is a boon to the asymmetric attacker, who can find plenty of choke points along that chain. They can look for targets with the greatest impact at the lowest cost in time, resources, and risk.
To combat these threats, discussion of asymmetric risk vectors has increasingly focused on cybersecurity vulnerabilities. Recent revelations that the global supply chain for solar power inverters has been compromised by Chinese manufacturers is another reminder of the sector’s cyber vulnerabilities. The North American Electric Reliability Company (NERC), through its Critical Infrastructure Protection (CIP) program strives to address these risks through compliance activity, and players in the electric power ecosystem have invested heavily in software and processes to defend against cyberattacks.
Beyond cyber, attention is often focused on physical risk to the generation end of the electron supply chain. Certainly, it is easy to envision both attacking and defending a large, fixed piece of infrastructure like a power plant from an asymmetric attacker’s drones. The same applies to substation infrastructure. But what if one were to push the imagination a little further?
Electric utilities across the United States must constantly deal with outages from technical challenges, weather, animals, and even mylar balloons, which have disrupted utility services for years.
Listings on Amazon and Alibaba show that approximately 10,000 mylar balloons could be filled and released for less than $15,000 (with 95 percent of that being the cost of helium). Given that electric transmission and distribution infrastructure is in fixed, known locations—often highly visible and open to the air—it is acutely vulnerable to aerial attack.
Such an attack wouldn’t require smuggling drones and explosives, clandestinely attaching them to trucks in an action worthy of a Hollywood spy thriller—it would just require waiting for a delivery from the attacker’s e-commerce provider of choice. Think less of a spy thriller, and more of a dark remake of Up.
Infrastructure risk is increasing on two fronts—from the diffusion of high-end digital technology and from an evolving understanding that high-end energy systems can be threatened by cheap and low-tech weapons, or weaponized commercial products.
To counteract this threat landscape, policymakers are trying to support infrastructure owners and operators in protecting the grid. In addition to NERC CIP measures for infrastructure security, there is legislation pending that would hold states to the same federal standard as interstate transmission infrastructure, or elevate the US Department of Energy’s leader responsible for emergency response to a Senate-confirmed position.
This is not a call to action to ban mylar balloons—though some states are trying. Instead, infrastructure stakeholders must realize that the threat environment is broadening at both the high and low ends of the spectrum. After watching videos of burning Russian bombers, the sinking feeling that society is more vulnerable today than it was yesterday extends far beyond the military domain.
Travis Nels is a Veterans Advanced Energy fellow with the Atlantic Council’s Global Energy Center and the vice president of planning, analytics, technology, and transformation at AES Corporation in Arlington, Virginia. The views and ideas expressed in this article are his own.
MEET THE AUTHOR
RELATED CONTENT
OUR WORK
The Global Energy Center develops and promotes pragmatic and nonpartisan policy solutions designed to advance global energy security, enhance economic opportunity, and accelerate pathways to net-zero emissions.
Image: Attacking energy infrastructure has long been recognized as a useful combat tactic because those electrons are a precursor to many legitimate military end uses. Unsplash/American Public Power Association https://unsplash.com/photos/transmission-towers-and-wind-turbines-on-the-field-znytbxrOv_4