The U.S. electric power delivery system is vulnerable to terrorist attacks that could cause much more damage to the system than natural disasters such as Hurricane Sandy, blacking out large regions of the country for weeks or months and costing many billions of dollars, says a newly released report by the National Research Council.

Read complete report here.

According to the report, the security of the U.S. electric power system is in urgent need of attention. The power grid is inherently vulnerable physically because it is spread across hundreds of miles, and many key facilities are unguarded. This vulnerability is exacerbated by a reorganizational shift in the mid-1990s, prompted by federal legislation to introduce competition in bulk power across the country, resulting in the transmission network being used in ways for which it was not designed. As a result, many parts of the bulk high-voltage system are heavily stressed, leaving it especially at risk to multiple failures following an attack. Important pieces of equipment are decades old and lack improved technology for sensing and control that could help limit outages and their consequences – not only those caused by a terrorist attack but also in the event of natural disasters.

"Power system disruptions experienced to date in the U.S., be they from natural disasters or malfunctions, have had immense economic impacts," says M. Morgan, professor and head of the department of engineering and public policy at Carnegie Mellon Univ., and chair of the committee that wrote the report. "Considering that a systematically designed and executed terrorist attack could cause disruptions even more widespread and of longer duration, it is no stretch of the imagination to think that such attacks could produce damage costing hundreds of billions of dollars."

The report recommends ways to make the power delivery system less vulnerable to attacks, restore power faster after an attack or failure and make critical social services less susceptible even if the delivery of conventional power is disrupted. The report stresses the importance of investment in power system research, and notes that the level of actual investment in this research is currently much smaller than it should be.

High-voltage transformers are of particular concern because they are vulnerable both from within and from outside the substations where they are located. These transformers are very large, difficult to move, often custom-built and difficult to replace. Most are no longer made in the U.S., and the delivery time for new ones could run from months to years. A promising solution, the report says, is to develop, manufacture and stockpile a family of universal recovery transformers that would be smaller and easier to move. They would be less efficient than those normally operated and would only be for temporary use, but they could drastically reduce delays in restoring disabled electric power systems. In line with this recommendation, the U.S. Department of Homeland Security has recently cooperated with the U.S. power industry on the RecX program to develop and test a recovery transformer.

There are also critical systems – communications, sensors and controls – that are potentially vulnerable to cyber attacks, whether through Internet connections or by direct penetration at remote sites. Any telecommunication link that is even partially outside the control of the system operators could be an insecure pathway into operations and a threat to the grid. Cyber security is best when connections with the outside world are eliminated, the report says. When interconnections are unavoidable, high-quality technical and managerial security systems should be in place, including systems that monitor for and help avoid operator error or intentional sabotage.

The report states that although it is not reasonable to expect federal support for all local and regional planning efforts, DHS and/or the U.S. Department of Energy should initiate and fund several model demonstration assessments across cities, counties and states. These assessments should systematically examine a region's vulnerability to extended power outages and develop cost-effective strategies that can be adopted to reduce or eventually eliminate such vulnerabilities. Building on the results of these model assessments, DHS should develop, test and disseminate guidelines and tools to assist other cities, counties, states and regions to conduct their own assessments and develop plans to reduce vulnerabilities to extended power outages. To facilitate these activities, public policy and legal barriers to communication and collaborative planning will need to be addressed.

This report was completed by the National Research Council in the fall of 2007, but the sponsoring agency, the U.S. Department of Homeland Security, decided at that time that the report would be classified in its entirety. After a formal request from the Research Council for an updated security classification review, the report was cleared for public release in fall 2012.

A foreword to the report, written by Ralph Cicerone, president of the National Academy of Sciences, and Charles Vest, president of the National Academy of Engineering, provides details about the delay and says that the key findings of the report remain "highly relevant." The foreword states, "We regret the long delay in approving this report for public release. We understand the need to safeguard security information that may need to remain classified. But openness is also required to accelerate the progress with current technology and implementation of research and development of new technology to better protect the nation from terrorism and other threats."