How vulnerable is the US power grid?

My understanding is that there’s a trade-off here … if you want to be connected to the grid to get electricity at night … then you’re connected to the grid and when the grid goes down so do you …

<nitpick> Technically, it was the remnants of Hurricane Sandy that made landfall on the Jersey shores … that’s an important distinction because as we rebuild this coastline we need to take into consideration what if an actual hurricane makes landfall … </nitpick>

I’m not that impressed with EMP weapons.

EMPs have been touted as the next big thing since WWII, when they promised that the new weapons would make the enemy bombers just fall out of the sky. While they were able to stop plane engines under controlled test conditions, when they actually tried them out during real battles, the EMPs failed miserably.

In the 1970s, they were touting EMPs as a way to stop fleeing vehicles. Just blast the car with an EMP, its electrical system shorts out, and the car stops. Again, it worked well in controlled test conditions, but not so well in actual field use. But, they were certain that they could work the kinks out and have the system working fairly soon.

Every few years, I hear the same story all over again. They are going to use EMPs to stop cars, and again, they just have a few more kinks to work out and the systems will be reliable. Makes me laugh. They’ve even fielded a few systems like this, but they still aren’t all that good at what they do.

EMPs suffer from the inverse-square law, meaning that the power of the EMP drops off with the square of the distance. Double the distance, and you’ve got 1/4th of the EMPs power level. At 10 times the distance, you’re at 1/100th of the power level.

With current technology, the only way to get an EMP massive enough that it can do some widespread damage is to use a nuke. And let’s face it, if we’re using nukes, we have bigger problems than just our power grid.

Another problem with EMPs is that any kind of metal box tends to shield whatever is inside from the EMP. Electric fields travel around the outside of a metal box, leaving whatever is inside unharmed. An electrical conductor moving through a magnetic field, or a magnetic field moving through an electrical conductor, causes current to flow. So the magnetic portion of the EMP gets dissipated in eddy currents induced into the metal. Car bodies (except for plastic ones), tool boxes, and metal frame construction, and all sorts of things reduce the effectiveness of an EMP.

Yes, a nuke-scale EMP can destroy a lot of stuff in power systems. I’m not going to argue with that one. But it’s not going to be quite the doomsday weapon that some folks make it out to be.

And besides, as has already been pointed out, it’s not like most terrorist groups even have the ability to launch a few dozen EMP-causing nukes over the continental U.S.

When the U.S. military wanted to knock out Iraq’s power systems, they didn’t resort to nukes or any kind of EMP weapons. They used simple metal chaff. And that actually worked very well.

I don’t know why those articles are talking about hardening military equipment from EMPs. That kinds of stuff has been done for years. Ring grounds (literally, a metal ring around the building), halo grounds (again, a ring, but up around the roof instead of down low), Faraday cages, and Ufer grounds (grounding rods encased in the building’s concrete foundation) have all been standard for decades. Nothing new there. Protects you from both EMPs and naturally occurring things like lightning and solar events.

Why are you nitpicking on the use of the word hurricane when I never used that word?

And what the article said is that the solar panels on many of these houses were designed to supply power to an inverter, that then supplied power to the house while sending the excess into the grid. But when there was a blackout, the inverter automatically shut down so power wasn’t being sent out to the grid while linemen were working on the lines.

And my point remains; if you have solar panels, you don’t necessarily have a solution for emergency power needs.

Solar power systems that can also independently power the house cost significantly more. The inverter system has a lot of extra responsibility and complexity. Usually you only bother with this if you are adding batteries.

The basic inverter is designed to essentially become part of the grid. It slaves itself to the grid frequency - producing power at the same frequency is a non-negotiable requirement - same as any power generator attached to the grid. If the grid power goes away (or goes unstable) the inverter must disconnect from the grid. It can’t power the grid itself, and it must not produce a dangerous situation on the power lines (like trying to electrocute a linesman trying to fix the cause of the outage.) So the inverter will stop.

If you want the inverter to continue to power your house it needs to have its own backup frequency source (easy) and it must fully disconnect from the grid (not just shut down) and swap to just powering your house. Once powering your house it needs to be able to balance the power against the load it sees. All of this adds significant cost. As a rough guide it close to doubles the cost of the inverter. You get these capabilities as standard if you build a system that includes batteries, but just installing a solar panel system to offset grid power (and in many places actually sell the power into the grid) doesn’t need this extra capability, and it isn’t provided.

A full backup system to allow for riding out significant power outages is not cheap.

Is it possible to protect equipment from EMPs with fuses?

Depends on the kind of equipment, the kind of EMP, and the kind of fuse.

So basically, am I correct in thinking that if the existing power grid(s) were magically removed in an instant in some kind of grid rapture, the best replacement system would be more or less an identical copy of what already exists ? No radical design changes would be necessary, and the risks would be much the same?

Not sure who you’re responding to, but no.

The existing system is antiquated and somewhat risky. And although it’s being continuously upgraded, it’s in the same class as the interstate highway system: the resources required for a thorough end-to-end recapitalization are enormous compared to the resources actually available. And there are some architectural features we’re stuck with for backcompat reasons that we’d avoid if we were starting from scratch with today’s knowledge.

I’m not sure what your point is beyond that.

Even aside from security, if we were starting over from scratch, we could make the whole thing a heck of a lot more efficient.

Besides, there’s an old joke in electronics: a $40 transistor (or $4000 circuit board) will always selflessly sacrifice itself to save a 2¢ fuse.

There is currently a bit of a revolution in ideas about both the nature of power generation and also how the grid might operate.

Renewables - eg wind - solar are becoming a big deal. But have the rather difficult problem of poorer predictability. Across a large enough country weather systems are smaller than the extant of the renewable power generation, so where the wind is now still, the weather will have moved on and somewhere else is now windy. Solar can work similarly, but can’t work at night. So you still need a base power generation capability or significant storage. The traditional storage is hydro, but work is happening on other stuff. A big grid is just what is needed here. But it isn’t enough to just use the traditional grid.

As we have discussed, the big issue is maintaining stability. When power is generated by big spinning generators you have a lot of inertia in all that spinning iron, and keeping everything synchronised isn’t too hard. Wind and solar are different. They are electronically slaved to the freqwuency they see on the grid. Wind generators have a dual fed stator (they actually have a power inverter that generates AC power to energise the field coils and this inverter runs at exactly the right frequency to make the power generated by the wind powered generator exactly match the grid.) Solar can be inverted photovoltaics, and the inverters are similarly slaved to the grid.
Next, long distance power inter-connectors have usually been AC. You need very high voltages to avoid ohmic losses, and transforming the power up to very high voltages has always been the obvious step. However at very high voltages AC has other losses, and DC turns out to be a more efficient mode. Modern inter-connectors are often DC, with large inverters to return the DC to AC. These inverters are also slaved to the grid frequency.

The question being looked into is one of not slaving all these systems to the grid frequency, but rather adding a layer of control to the system and have them all actively participate in stabilising the grid. This ultimately means you don’t need lots of spinning iron to maintain frequency as you now have lots of synthetic inertia. But you also have a much more complicated system to operate. The grid operated for many decades with hardly any centralised control, and the time needed to generate and effect changes to the grid operation in order to maintain frequency were measured in hours (and could be effected by humans talking to one another.) Now we are talking a fully automated active distributed control system. But the final answer is a grid that operates and is managed in a fundamentally different manner. One that is potentially much more efficient, and one that accommodates renewable energy sources easily, and exploits their characteristics in a manner that isn’t done now. The missing piece of an all renewable grid is storage. However there is more than enough existing traditional power generation around to provide base capacity at the moment. Tthe economics of power generation are changing rapidly. Molten salt solar can provide a level of stored power, and there are other technologies in the wings.

Absent even the current trend in renewables you would not build a new grid the same way, and with renewables in the mix, you are looking at a bit of a moving target, as the technology is currently moving fast.

A realistic terrorist attack on the grid would be by hacking into the computers that control the grid.

It has already happened (in Ukraine in 2015).

OTOH, I think the grid operators in the U.S. are nicely on top of things and it is irresponsible scaremongering to suggest that the U.S. grid is especially vulnerable. See this article (a false alarm followed by irresponsible scaremongering).

I think it would naive to think the grid operators are “nicely on top of things”. The US grid is not especially vulnerable. It is about as vulnerable as most grids in the western world. The cited article is all about a news system overblowing things, and lack of understanding. It barely touches on the core issue of actual vulnerability. At best the grid operators are about as on-top of controlling malware as Microsoft. And that is at best. Imagining that all the operators run their systems from the most up-to-date fully patched and secure computers is very naive. You are going to find entire systems running XP that cannot be upgraded without major difficulty and expense.

Now you might ask why they were so worried about an errant laptop appearing. Look back to the US initiated attack on the Iranian nuclear programme - where vulnerabilities in the SCADA system controlling the centrifuges were exploited to over-speed them and damage them. The attack vector there was via a carefully crafted worm - Stuxnet - that was designed to find its way into the Iranian systems and jump from a Windows machine into the SCADA network and then to the PLC devices that controlled the centrifuges. This is an exact mirror of the way power grids are set up. The same form of attack vector could be used again. It is well known that state based actor tend to hoard unfixed zero-day vulnerabilities. Whereas Stuxnet is now guarded against, there remain plenty of holes.

IMHO - I find the constant harping on about the Russians hacking in to be odd. It is more reminiscent of cold war rhetoric than a sensible assessment of the dominant threats.

From the article:

That’s what I meant by “on top of things”.

I assume Microsoft also cooperates tightly with private as well as government security and investigation outfits so “as good as Microsoft” is not too bad of a standard either.

That’s just clarifying what I meant. I do not disagree with anything you’re saying.

I’m curious for more detail about this statement. Do you mean that state based actors deliberately introduce them or otherwise prevent their resolution - or that due to their inertia or resistance to change, they naturally take a long time to get rectified?

Hope to hear from Francis Vaughan too, but I think he just means that state based actors run hacking operations.

Zero day vulnerabilities and exploits are not that difficult to find (if you are into this stuff). Any hacking operation “hoards” zero day exploits by collecting them and then not reporting them.

I think it is an unfounded conspiration theory to say anybody (state actor or otherwise) deliberately introduces exploits into software.

Tailored Access Operations - U.S. government hacking operation

Atlantic article

Despite rumours that they strong-arm the introduction of back-doors, this seems unlikely*. Rather they will look for exploits in the same manner as both white and black hats do. White hats report the exploit, black hats sell them, and government agencies keep them for a rainy day. Obviously there is no guarantee that exploit won’t be found and fixed, but keeping it secret means there is a good chance that if there is a real need to attack a system somewhere, there is a ready to use mechanism that has a very good chance of working. The downside is that once used it will get shut down. So they will to be used for very special purposes. There probably are not too many such zero day exploits, so their value is quite high.

Purchasing exploits on the dark web is another possibility.

  • Then again, simply intercepting shipments of equipment and installing back-doors is another matter.

And ninj’ed by Frankenstein Monster with a better summary than mine.

Incredible. Thanks, gents.