How vulnerable is the US power grid?

I keep getting spam from companies trying to sell solar powered generators, who allege that the US power grid system is hopelessly out of date, and vulnerable to terrorist attack which could bring the country to a standstill overnight.

Is this simply baseless scaremongering, or is there a grain, or more than a grain of truth in their claims?

How often does your power fail?
There’s your answer.

The grid is terribly vulnerable. Just ask all the SoCal residents who lost power for a few days a few years ago because of a forest fire in Oregon. Ask the residents of any state in a hurricane zone. All it would take would be a “perfect storm” of storms and vast areas would be powerless for weeks.

Are the solar people over-selling the danger? Of course. Is the danger still there? Also of course.

“Solar-powered generators?” WTF are those? Solar panels, maybe. But generators?

The answer is that all the grids around the world are extremely vulnerable to attack.

The nature of attack is somewhat sophisticated in concept, but not that hard. The core issue is maintaining grid stability. If a generator is making power, something must be using that power, and similarly, if someone is using power, something must be generating that power. The power demand on the grid is in constant flux, with changes in power demand varying with time and location. The entire idea of a grid is to interconnect all the generators and users of power, so that this variation evens out, and the need for reserve generation capacity can be usefully reasoned about and provided.

You need to be able to supply instantaneous power to meet a spike in demand - and this requires spinning generators with physical inertia that can meet the spike long enough for the regulating systems to add more power (ie more steam to the turbines) to meet the demand. You also need generators that can be started up very quickly to meet new demand - so things like gas turbines. Coal and nuclear provide a “base load” capacity, as neither can vary in power quickly or easily.

The way the grid is managed is to ensure that the voltage is stable, and most critically that the frequency is stable. Generators must all run in synchrony at exactly the same frequency and maintain their phase relationship. The grid demands a certain stability in frequency, and if that standard is not met the system will start to protect itself by dropping load and separating the grid components. In the worst case the entire grid can cascade into a shutdown. This can happen because as load is shed the remaining load may not be large enough to cope with the power generated, and the frequency may rise to much too quickly. The entire system is a complicated feedback loop, and feedback loop stability in such systems can be prone to be lost in the face of unexpected or unplanned for failures. The absolute worst case is that the grid fails and you end up in a black-start situation. Black start means you are trying to re-start the grid’s generators when there is no power in the grid. This a bad because - well - generators for the most part need power in order to run (to energise the field coils). Obviously when running there is power available to power do this. But if there is no power in the grid, how do you get going? This is black-start. The rule is that there must be generating capacity in the grid that does not need external power to start up, so this is brought up, and is used to bootstrap the entire system, bringing other power generating capacity back on-line. As this is done user load is reconnected to the grid carefully in order to balance each bit of new generating capacity. This can take a long time (hours to days) depending upon the scale of the outage.

So, the vulnerability is clear. Any attack that can cause network instability can, in the worst case, take down the entire grid. Which can mean the entire country’s power. And the power may be out for days.

Obviously the grids are designed to cope with credible outages, but there is only so much you can do. Outages could be caused terrorists blowing up pylons, and the like. But the big worry for power engineers is the SCADA (supervisory control and data acquisition) systems used to monitor and control the grids. Over the years these have become ubiquitous, and the entire grid in most countries is run by a huge number of SCADA computer systems in a large network. Almost all of these systems have zero security. Many don’t even have passwords - nor even the ability to add security. Access to the SCADA networks should be, in-principle, difficult, but like most things, a lack or appreciation of the issues and laziness has left a network that is potentially very vulnerable. At worst, a state level actor could infiltrate the SACDA system and shut the entire grid down. But due to the inherent stability issues, even just crippling the network or using it to bring down a small number of critical elements would be enough.

This is a significant danger, and does keep a lot of people awake at night.

Well, first of all, there isn’t one grid in the U.S. There’s an eastern grid, a western grid, and Texas (yes Texas has its own grid). Trying to combine them all into a single grid wouldn’t work very well.

Also, each of these “grids” is really a bunch of smaller systems that are all tied together.

There’s some debate about exactly how vulnerable a lot of this stuff would be to a terrorist attack. Theoretically, there are attacks that could pretty much make large sections of the grid go dark all at once. But the thing is, the folks at the power companies aren’t going to stare at their monitors and cry helplessly. Even in the worst case, probably 80 to 90 percent of the country would be back up and running fairly quickly. There might be extended outages in some areas for a few days or maybe a week at the most, but that’s probably it.

There’s no way for a terrorist group to actually destroy the grid to the point where they would have to string new wires and all of that. Most of the parts on power systems are simple things like wires and transformers (which are just coils of wire around an iron core, possibly in a container filled with oil). While the controls can be screwed with, which can cause systems to trip offline, the bulk of the power system is pretty rugged and can’t easily be broken.

If you are really concerned about losing power, a solar system is not the answer. Solar power only works when the sun is shining. You can use solar to charge batteries, but current battery technology isn’t all that great. You can spend a lot of money on batteries and not get that much electrical capacity for your dollars.

A diesel generator is probably your best bet. A generator capable of providing all of the power your house uses under normal conditions will also be rather pricey. You can have your home’s electrical circuits split into two panels, with one panel containing all of the critical circuits, like your refrigerator, furnace, water heater, maybe your oven, and then the other panel has everything else. When the power goes out, you switch the critical panel over to your generator using what is called a transfer switch (any permanently installed generator should have a transfer switch, whether the generator powers the entire house or just a sub-panel).

A lot of stuff in the “grid” is old. Power companies don’t replace all of their equipment every few years. That would be ungodly expensive. They buy stuff and then run it for decades. Calling it all hopelessly out of date seems a bit silly to me.

If you are in the northeast or southwest, you are much more likely to experience a cascade failure than a blackout due to a terrorist attack. The northeast and southwest parts of the country are a bit overloaded with their power systems. In the summer, when electrical usage is at its worst (due to air conditioners and such), these areas can barely keep up with the demand.

To understand what a cascade failure is, consider that your “grid” is made up of four systems, A, B, C, and D. A and B produce more power than they use. C produces exactly what it uses, and D uses more than it produces, so much so that it buys all of the surplus from both A and B. Now, let’s say that B fails. A can’t produce enough to supply all of D’s extra needs, so A gets overloaded and it goes offline as well. Now C, who can only produce what he uses, has to try to supply his own load, plus the extra load on D. C can’t do that, so he also goes offline. And since D couldn’t produce enough power to start with, his generators go offline as well. Theoretically, if B went offline, D should have gone offline as well, but then A and C would have had enough power for themselves. But since they are all tied together, the failure cascaded through all of the systems and they all went dark. To recover from that, all A and C have to do is isolate themselves from the grid, and they can start everything back up and they’ll be running again. B has to fix whatever problem it had that made it go offline, and then it gets to start up again. D can’t start up everything on its system though until all of the other guys are running though, so a lot of D’s customers stay dark for a long time.

Since cascade failures can be pretty severe, power companies have tried to improve their handling of faults so that in a case like the above, D immediately trips offline so that A and C can keep running. You don’t really know if these systems work though until something breaks. In 2003, a transmission line that was sagging due to overheating (from heavy load) contacted foliage and shorted out. The system that was supposed to re-route power and prevent a cascade failure from happening had a software bug, and what could have been a fairly localized blackout instead caused a widespread blackout across much of the northeast.

Most areas in the northeast had power later the same day. Large parts of New York City (basically D in the above example, because it consumes a lot more power than it generates) were without power for a couple of days. Minor blackouts persisted for a couple of days after that in some areas.

A lot of industry experts claim that the grid is more rugged now and this type of cascade failure can’t happen again. Yeah. Right. I’ve heard that before. And I have enough technical knowledge to know that you can’t say that for certain until you’ve exercised the system during actual fault conditions.

A terrorist attack would have similar results. Yes, a lot of stuff would go dark. Areas that have a huge electrical demand like New York City would stay dark the longest. Air travel is going to be screwed for days, maybe a week. Some businesses and financial institutions will be closed for days. But the country isn’t going to grind to a halt. People are resilient. Most things will be back up and running fairly quickly.

A relevant article appeared in Wired a few days ago. (I still worry, because that’s what I do.)

I just read a Gizmodo article about how a major solar storm is overdue and would incapacitate the country for weeks or months.

Judging by how much storm work my father the lineman has been going on in multiple states to work on power knocked out by bad weather like hurricanes and tornadoes I would say it’s definitely vulnerable to weather. I’m not sure about terrorism but the more things become interconnected I would think the possibility increases. I asked my Dad once when we were parked by a power substation if he could knock out the power and he assured me not only could he do it but that he could ensure that they wouldn’t be able to fix it for a long period of time but I think that would only affect a limited geographic area and not be that practical for a large scale terrorist attack.

[QUOTE=silenus;19941750"Solar-powered generators?" WTF are those? Solar panels, maybe. But generators?[/QUOTE]
As I recently discovered when my rooftop solar panels were installed, and I had to sign contracts with the for-profit power company, I am now thre owner of an “independent power generation facility”. So is any solar panel installation that is connected to the electrical grid, in grid jargon.

I suppose it’s accurate, technically – it is a facility that generates electricity, and it is power by solar energy.

P.S. All thru this process, the local power company has been dragging their feet and throwing up whatever roadblocks they, or their stooges the city inspectors can. And the contracts I had to sign to be connected to the grid were incredibly one-sided (NOT favoring my side). But by Spring, it’ll be working, and producing half the elecctricity I use, and screw the power company!

This is utterly incorrect.

EMPs are not terrorist attacks. I don’t know that there’s any likelihood of one happening all by itself. Electricity will be a trifling concern when the rest of the attack hits.

In fairness, the OP asked about terrorist attack. Not nuclear attack. Of course the entire planet is vulnerable to nuclear attack. But there are not exactly many terrorist organisations that are capable of an EMP.

A very large CME is a clear threat, and has been taken seriously. However it is important to disconnect the different failure modes. A CME triggered overload of a grid will easily shut it down. The grids will protect themselves. The issue of transformers blowing up is all about large DC offsets appearing and the subsequent saturation of their cores. There is a lot of energy sitting there, and is possible to cause a transformer to blow up. There is a reason large substations are placed inside concrete bunkers. It isn’t to protect the transformers. But with appropriate protection in the grid, and of the transformers, and mindfulness of the problem, there is no reason that infrastructure will be damaged. But you will almost certainly see black-start situations. In the worst case power utilities will shut down the grid ahead of a major solar storm hitting. There is a reason there is a 7x24 solar watch.

The point about a grid is that even in the face of loss of major components, the system can survive. It may be that there are power restrictions for some time as repairs are made, but the scenario of extended lack of power is not reasonable. Japan has been operating with a very significant fraction of its power generation capacity off ever since the Fukushima disaster. The country copes. In typical stoic Japanese style they accept that there isn’t enough power for everything they had in everyday life. Offices are hot in summer, cold in winter. “Cool-biz” means you don’t wear a tie to work because the aircon is set to a moderately high temperature in summer.

Terrorist attacks against large scale infrastructure like power grid has been rare.

OTH, the US (and other nations) grid is very vulnerable to an enemy with something resembling a working Air Force. During WW2; it was found that the electrical grid was actually pretty resiliant to attack, since there were so many small electricity producers, distributors, and many major industrial concerns made their own. So, post-war in what can only be described as a cosmic joke*the new infrastructure made electricity, production, supply and distribution much much more centralized, easy peasy to destroy; probably to raise the fly-boys morale.

*Yes I know the real reasons were efficiency and ability to produce more cheaply, but still; its a little funny.

If indeed there is a significant failure of the grid for longer than a few days for any reason, any individuals’ personal generator is not the solution.

That’s be like carrying a first aid kit in your car thinking it’ll protect you from a zombie apocalypse. IOW, the problems your going to have with all of modern society getting messed up are far bigger than running your own fridge for a week can begin to ameliorate.
IMO, the best answer is #2, modulo whether your local area is prone to rare but widespread natural disasters. e.g. where I live the power is dead-nuts reliable. But every 10-20 years a hurricane trashes it for a week-ish.
Anyone selling a device for your home as protection from national-scale terrorism is using irrational fear to sell ineffective garbage. Or at least garbage ineffective at countering the threat they claim it will counter. They’ve already demonstrated they’re liars; damn good bet they’re cheats as well.


Was it really a sagging line that shorted out? I had understood that the root cause of that cascade was something at the Davis-Besse power plant.

And CMEs can potentially cause big problems, but those problems can also be defended against. The key is in being able to detect a CME before it hits us, and while we’re still far from perfect on that, we’re a lot better at it than we were in 1989. And if you do successfully predict the event, you can completely prevent the problem just by flipping some switches, at the cost of a temporary decrease in efficiency.

So if anyone ever asks you why solar physics is worth spending money on, now you know.

Couple of observations … if the grid was all that vulnerable to terrorists’ attacks, then the grid would be attacked, maybe not in the USA or Europe at first, but certainly the Israeli grid, it seems to me … second, we do have deal with natural events causing damage to the grid, and we have a fairly sophisticated method to get the repairs done in a big hurry …

And I have a stupid question … is there any magnetic “pulsing” associated with CME’s? … something that could generate an electrical current in these very long very straight high tension wires? … because maybe just opening all the breakers isn’t enough to protect the grid …

I had to look up which plant it was since I didn’t remember it off the top of my head. It was the Eastlake, Ohio power plant that went offline. This caused a higher load on the high voltage transmission lines, which sagged under the load and contacted foliage that hadn’t been trimmed. So it’s all kinda related. If the plant hadn’t gone offline, the lines wouldn’t have been so heavily loaded and wouldn’t have sagged from the heat. If the foliage had been properly trimmed, the lines wouldn’t have shorted out and there wouldn’t have been a major failure. If the software meant to re-route the power had been working properly and the alarming software wouldn’t have bugged out leaving the operators blind to what was happening, it would have been a fairly local blackout and wouldn’t have caused a cascade failure that blacked out much of the northeast.

I’m not going to argue with anyone who says that the plant going offline was what triggered the event, but in my mind, the sagging lines are what turned it from a minor plant loss into a major cascading event. The lines sagged and shorted out, loads shifted and other lines weren’t able to handle the increased load and tripped, and generators that had been working perfectly fine began running faster since the lines had tripped and removed much of their load. When the safety systems detected that the generators were going off frequency, they also tripped out. And so on and so forth, with the problem cascading further and further until everything went dark.

So, plant failure, sagging lines, and buggy software. Remove any one of those three and the event wouldn’t have happened.

I remember seeing an article about how, in the aftermath of Superstorm Sandy, that some Long Island residents who had solar panels on the roof but weren’t getting power learned that their solar panel installations weren’t designed to allow them to run their houses off of them. So if you have solar panels on your house, you need to make sure it’s wired to allow you to go off-grid, if you’re planning for that event.

Well, if you don’t have batteries, you are not going off-grid.