Executive Summary
Although threats against infrastructure are hardly a new issue, recent warnings about a resurgence of terrorist threats to the U.S. power grids have come from members of the U.S. Congress, government agencies like the U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), and academic researchers. Ranking high among the various threats to the U.S. power grid is the threat of physical attacks by violent extremists. Both far-left and far-right domestic violent extremists (DVEs) pose threats to the transmission and distribution components of the U.S. power grid (hereafter “transmission grid”).
The transmission grid has three main vulnerabilities that violent extremists may seek to exploit:
■ Physical: damage to exposed equipment and infrastructure.
■ Cyber: machine failures induced through computer-based disruptions, such as malicious software and denial-of-service attacks.
■ Personnel: including both direct physical attacks on transmission grid workers, as well as attempts to establish malicious insiders within the workforce through recruitment/radicalization and infiltration.
Of the three attack options, DVEs such as violent white supremacists, violent militia extremists, and violent eco-extremists are most likely to favor physical attacks. This is due to their familiarity with the technical capabilities and other operational tradecraft necessary to plan and execute physical attacks as well as ideological beliefs that inform attack strategy and operational behaviors. Although physical attacks are likely to be directly executed by people, there are signs that DVEs are engaging in operational innovations and could eventually incorporate aerial drones into attack planning and execution.
The authors’ research – based on chat groups, ideology, and conspiracy theories, as well as narratives that inform targeting preferences, recent terrorist plotting arrests, and attack capability – indicates that violent far-right extremists are the most likely DVEs to physically attack the transmission grid and cause the most damage. The two submovements demonstrating the greatest intent and capacity to carry out physical attacks against the transmission grid are white supremacists and militia extremists. In addition to an ideologically motivated openness toward generating casualties, their well-established record of extensive possession of and training with caches of firearms, incendiaries, and explosives means that violent far-right attacks will likely continue to manifest in the form of shootings, arsons, and bombings.
Compared to violent far-right extremists, far-left extremists pose a much lesser (but nontrivial) potential threat of physical attacks against the transmission grid. The violent far-left extremists most likely to target the transmission grid are violent eco-extremists, violent left-wing anarchist extremists, and violent far leftists primarily motivated by social causes, such as anti-war and anti-racist movements. While there is currently a lull in attacks specifically against the electrical sector, violent far-left actors continue to merit attention because, to the extent they pose a violent threat, they have targeted other aspects of the wider U.S. energy sector (e.g., attacks against pipeline projects), which could expand into resumed targeting of the transmission grid. Any future physical attacks against the transmission grid are most likely to manifest in arson attacks and so-called monkey wrenching – acts of sabotage such as cutting wires or removing screws, nuts, and bolts from support structures. Far leftists have technical familiarity with these attack methods, and they tend to favor acts of sabotage directed at property rather than people due to an ideologically motivated aversion to generating casualties.
Although violent far-left and violent far-right actors are not known to have committed cyberattacks against the power grid, including its transmission and distribution components, this may become an increasingly attractive attack option over time, especially in simultaneous use with physical attacks. This is due in part to actors’ active online presence, as well as the growing availability of Malware-as-a-Service and Infrastructure-as-aService offerings in illicit/illegal cybermarkets that effectively outsource and rapidly scale up capabilities at minimal cost to the buyer. The potential impact of this threat is compounded by the growing use of artificial intelligence and machine learning methods among malware creators and cyberattackers.
Finally, insofar as threats to personnel are concerned, there is no evidence to currently suggest transmission grid workers are targeted for violence by violent extremists (either far-right or far-left). Currently, there are also no known cases of extremist insider threats within the transmission grid sector. However, given the lack of data on insider threat cases and the known nontrivial presence of extremists (particularly violent far rightists) in other parts of the wider energy sector, this possibility cannot be easily dismissed.
Policy Recommendations
To guard against and mitigate potential DVE threats and attacks against the U.S. electrical sector, policymakers in government should consider these recommendations:
■ Update practices related to insider threats.
■ Improve planning for future threats.
■ Expand data-driven approaches to risk assessment and resource allocation.
■ Support further research on violent extremist targeting of critical infrastructure, including electrical sector assets and personnel.
