The Metcalf Sniper Attack

In the early morning hours of April 16th, 2013, a group or individual would attack an electrical substation just outside of San Jose, California. Armed with at least two rifles, this mysterious entity would open fire on the station's transformers, causing more than $15 million in damages. Years later, federal officials still have no idea who perpetrated this bizarre attack on America's power grid - or why.

Listen to "The Metcalf Sniper Attack" on Spreaker.

Take a moment, and think about how great it is to have access to reliable electricity. Because of it, we're able to power the numerous devices we use daily - our computers, our cell phones, our TVs - in addition to numerous other devices that make day-to-day life much easier, like our refrigerators, washers & dryers, etc. All of us that have grown up in the 20th/21st centuries have become accustomed to having regular and reliable access to electricity, as our entire society has been built off of it.

Now, take another moment, and think about how radically different your life would be if that reliable access to electricity was yanked away at a moment's notice. Just recently, I was left without power for the better part of a day (following a snowstorm here in Alaska) and I began to realize how essential the internet is to my work on this podcast. Without any power, my ability to research and produce this podcast is wiped away; and I'm sure the same could be said for many of you working from home, who constantly require access to servers or other systems. This access to reliable electricity is something we should be thankful for, but we should not take for granted.

You see, the process to create and transfer electricity is a lengthy one, which I'll attempt to briefly explain in layman's terms (after all, I don't understand all of the intricacies of it, either). Electricity is created in power plants, then transferred through transformers and then transmission lines, which allow electricity from miles away to reach its eventual destination. Here, in America, this could mean dozens - if not hundreds - of miles, with the electricity we're using at this moment having been produced in another county or state (just to give you semblance of scope).

The transformers used in this process are often custom-built for specific utilities, meaning that they can take months - if not years - to produce, and fit into specific roles. They are responsible for raising or lowering the voltage of electricity, which makes the transmission of electricity through the transmission lines possible. Without them, there's no way to convert the high voltage electricity from the transmission lines to the electricity we use in our homes or businesses.

However, because of the vast distance used to transmit electricity from point A to point B, there exist numerous vulnerabilities; which, as you might imagine, make this transfer of electricity vulnerable, as well (and explains why a fallen tree branch was able to knock out power to my entire neighborhood a month or so back). While naturally-occurring events remain an annoyance to utility providers, potential attacks on the power grid pose an even greater danger than mother nature.

In recent years, cyberattacks have grown in frequency, with many of them taking aim at government functions (such as hospital systems, local governments, and yes, even the power grid).

In March of 2019, the North American Electric Reliability Corporation (NERC) reported that a cyberattack had been perpetrated against a western U.S. electricity provider, with hackers exploiting a flaw with their system's internet-facing firewall, causing the system to consistently reboot every few minutes. Because of this, their control center lost contact with several power generation sites, and they were unable to fix the issue for several hours. The hackers had thankfully targeted a "low impact" site (according to an article on SecureWorld by cybersecurity journalist Bruce Sussman), but this was enough of a threat to begin the conversation: what would happen in the case of a large-scale cyberattack on the power grid?

The first known cyberattack on a nation's power grid took place in December of 2015 in Ukraine, when 30 substations were turned off by a malware known as Blackenergy, causing approximately 230,000 people to lose power for several hours. This was likely just a trial run for the culprit of the attack, hackers linked to the Russian government's infamous Sandworm group, who perpetrated an even larger attack on Ukraine with the NotPetya malware in 2017 (which I detailed in the second part of the Shadow Brokers series back in 2019). Mind you, this is the same Russian government that was just exposed for using similar malware to infect a large number of U.S. government systems, but I digress.

In addition to these potential cyber threats to the U.S. power grid, there exist just as many physical vulnerabilities; if not more, simply because of the immense size of this country, and the amount of electricity that is transferred over several miles (especially in more rural areas). The U.S. has more than 160,000 miles of transmission lines, almost all of which are constantly exposed to physical threats, whether natural or manmade in origin. While the effects of cyberattacks may seem to be more severe, the extreme vulnerabilities brought on by physical exposure remains much more of a potent risk... and a completely overlooked one, at that.

A 2007 report by the National Research Council, titled "Terrorism and the Electric Power Delivery System", was classified by the Department of Homeland Security almost immediately after it was finalized (with officials in the DHS likely fearing that this information could be taken advantage of). This report wasn't declassified until November of 2012 when it was released to the public for the first time and detailed just how exposed the U.S. power grid was - not only to the emerging threat of cyberattacks but physical attacks by terror groups. While the report urged government officials to reevaluate their security standards at power stations, almost none of that had been performed in the interim five years... and it seems like someone who read the report knew that, as they would go on to commit an act of extreme vandalism just months later, which a public official would describe as:

"... the most significant incident of domestic terrorism involving the (power) grid that has ever occurred."

This is the story of the Metcalf sniper attack.

The date was Tuesday, April 16th, 2013. While the rest of the world was distracted by the events unfolding in Boston, Massachusetts - namely, the bombing at their annual marathon and its subsequent manhunt - another bizarre story would begin to play out on the other side of the country.

The setting of this story is an electrical substation located just outside of San Jose, California, in the small and unincorporated community of Coyote. This nondescript substation is surrounded by little more than a chain-link fence and a couple of roads; namely, Monterey Highway and Metcalf Road, which intersect in front of the substation. This location - owned and operated by Pacific Gas and Electric Company (PG&E) - is where energy is transferred from high to low voltage and provides a lot of energy to the region known as Silicon Valley: the tech mecca of California, which headquarters a lot of prominent companies (such as Google, Apple, Facebook, Netflix, Yahoo, Adobe, Cisco... the list is endless).

At around 12:58 AM, some AT&T fiber-optic telecommunication cables were cut near the substation; not too far from U.S. Route 101, just outside of San Jose, along Monterey Highway and Coyote Ranch Road. This intentional act eliminated not only some landline and cellphone service in the area, but also shut down the region's 911 emergency line system. Whoever did this seemed to know exactly what they were looking for, using heavy wire cutters to snip the fiber lines, and doing so in a way that made it hard to repair later on.

About nine minutes later - at 1:07 AM - additional cables used by Level 3 Communications (a local internet service provider, now CenturyLink) were cut from another vault near the Metcalf substation, causing customers in the area to lose internet service. This required the culprit(s) to remove a second manhole cover to gain access to the underground vault, which seems to indicate the involvement of at least two people.

At 1:31 AM, surveillance cameras near the Metcalf substation record streaks of light, which investigators believe was a waved flashlight pointing out specific targets through the substation's chain-link fence. Unfortunately, the cameras were aimed inwards - towards the station's transformers - so the individuals involved were not visible. However, over the next couple of minutes, several sparks of light can be seen from the security footage, which are bullets being fired at the equipment in the substation; in particular, at the station's transformers.

The gunmen involved would shoot at the transformers for approximately 19 minutes, firing off more than 120 rounds of ammunition. While several shots did miss the target, many of them hit specific locations of the transformer banks, destroying at least ten transformers in one area and then three transformer banks in another. When all was accounted for, it was revealed that 17 transformers had been destroyed.

At 1:37 AM, utility provider PG&E received alarms from motion sensors along the fence, which were believed to have been triggered by bullets grazing the fence. This was the first sign that anything was wrong, nearly an hour after the attack on the substation started.

At 1:41 AM, the Santa Clara County Sheriff's Department would receive a 911 call from an employee at the Metcalf Energy Center power plant, just down the road. This employee - an engineer - still had phone service, and reported to officials that he had been hearing sporadic gunshots coming from the substation.

At around the same time, a man driving by the scene called police in Gilroy, telling them that he had been hearing "fireworks" from the substation along the Monterey Highway.

At 1:45 AM, the Metcalf transformers began to overheat, having been riddled with holes and leaking approximately 52,000 gallons of cooling oil. This would end up triggering a series of alarms at a PG&E control center about 90 miles north, informing them that the first bank of transformers had begun to crash and the substation was suffering from equipment failure. As a result, they would end up diverting power through other substations in the area, in the hopes of preventing any major blackouts.

At 1:50, another streak of light (consistent with a flashlight being waved) is caught on the security camera feed, which seems to mark an end to the attack. From this point, no more gunshots are spotted in the security feed, and it is believed that the lengthy, methodical attack came to an end at this signal.

At 1:51 - less than a minute after the attack ends - police officers arrive at the substation, reporting to calls of shots fired. Hoping to patrol the region around the substation, the officers find the gates to the location locked, and end up leaving minutes later. However, while there, they would report seeing or hearing nothing out-of-the-ordinary, and it's believed that the perpetrators of this attack knew of law enforcement's imminent arrival.

It wasn't until 3:15 AM - more than an hour after the shooting stopped - that a utility technician with PG&E would arrive at the substation to survey the damage. At this point, it was discovered that the security fence had been breached and several transformers had been severely damaged during this mysterious attack.

Investigators from the Santa Clara County Sheriff's Office would begin to investigate this incident on the morning of April 16th, 2013, discovering more than a hundred shell casings just a few dozen meters away from the destroyed transformers.

These shell casings belonged to a 7.62x39 capable weapon - likely an SKS or an AK variant of some kind. These were cheap rounds that were commonly found at almost any store that sold ammunition (at the time), so it would be nearly impossible to track down or differentiate. Making matters even more difficult, it appeared like the ammo had been carefully handled by the shooter(s), who left behind no fingerprints or traceable markings on the shell casings or rounds themselves. However, investigators would later state that at least two weapons had been fired - with as many as four being used during the shooting - which seemed to indicate a collaborative effort between two or more people.

The gunshots themselves had been centered around the coolant fins on the transformers, which seemed to have been intentionally targeted, causing the cooling oil to begin leaking (which would ultimately overheat the transformers until they crashed). This caused not only irreparable harm to transformers, but would do so without attracting much attention. If the gunmen had targeted different sections of the transformers, the damage could have resulted in extensive fire or explosions; but by targeting the coolant fins, the shooters indicated knowledge of how the transformers worked and their physical vulnerabilities, and allowed them to quietly leak until they permanently crashed.

This indicated not only knowledge of the transformers themselves, but pretty proficient shooting, as the gunmen had been firing from approximately 25 meters away. Later on, it would be revealed that they had likely scouted the location well beforehand, marking their shooting locations with small piles of rocks that were later found by federal officials examining the scene. It was also believed that they had used night-vision goggles during this shadowy operation.

Speaking about this shooting, Jon Wellinghoff, the then-Chairman of the Federal Energy Regulatory Commission would state:

"They knew what they wanted to target, they had an objective and carried it out... You don't learn from a video game how to target an AK-47 in those kinds of conditions as precisely as these people did."

Another clue that indicated some kind of insider knowledge of the substation's systems was the gunmen targeting cable wiring outside of the station.

If you recall, in the minutes preceding the attack on the substation's transformers, a series of fiber optic cables had been cut in the area around it. The gunmen had lifted two separate manhole covers to cut fiber cables belonging to AT&T and Level 3 Communications, knocking out some landline and cell phone coverage in the area as well as some local internet access. This had not only knocked out 911 communications in the region but seemed to indicate knowledge about the Metcalf substation's systematic layout, which relied upon SCADA systems (Supervisory Control & Data Acquisition), not cellular networks, as others do. By cutting the fiber cables outside of the substation, the attackers were able to eliminate any early warning systems that would alert the PG&E control centers of the transformer failures, meaning they wouldn't be aware of the damage done until the power levels in the region started to wildly oscillate... at which point, catastrophe could ensue.

Thankfully, the attack did not disrupt much of the power grid. Officials were able to reroute power around the Metcalf substation, and not only increased power plant production around Silicon Valley but asked residents to decrease their energy usage until midnight to help offset this destruction of property. But the damage the attack caused was extensive, resulting in more than $15.4 million in repairs to this one substation, which took utility workers nearly a month to fix (27 days), and causing a fluctuating level of power available to residents in the local area (extending through not only southern San Jose, but throughout Gilroy and Morgan Hill, as well).

Santa Clara County Sheriff Laurie Smith would speak to KPIX, a local CBS affiliate in the Bay Area, and stated that she believed this to be an act of "sabotage" carried out as part of the culprit's overarching plot of "shutting down the system."

Unfortunately, whoever carried out this attack seems to have successfully covered their tracks. Other than the shell casings left behind at the crime scene, they seemed to have left behind no evidence of their physical presence: no discernible boot prints were found around the substation, nor any tire tracks from a potential getaway vehicle. Authorities would scan security cameras for more than a mile in each direction around the substation, and were unable to find any evidence of the attacker(s) arriving or leaving.

This lack of any evidence - paired with the culprit(s) knowledge of the substation's systems and protocols - indicated not only an extreme level of preparation and planning but intricate knowledge of the substation itself. It was apparent that, whoever they were, they had carefully planned this operation to achieve an optimal level of service disruption, and then disappeared into the night less than a minute before the arrival of law enforcement, leaving behind virtually nothing for investigators to track them with.

Caitlin Durkovish, the assistant secretary for infrastructure protection at the Department of Homeland Security, would speak at an energy conference in Philadelphia in October of 2015, stating that - while the motivations and identities of the culprit(s) behind the Metcalf sniper attack were still not known - this crime was believed to have been carried out by an "insider."

Whoever committed this crime seemed to have pretty detailed knowledge of the electrical systems at the Metcalf substation, knowing where to go to cut fiber cables and doing so without being seen. They also knew to target the transformers at the substation, which - as I briefly mentioned earlier in the episode - are incredibly expensive and time-consuming to make.

As reported by the Wall Street Journal in 2014, each electrical transformer cost hundreds of thousands of dollars to produce, with some costing upwards of $2-3 million per. Each is also custom-made for specific utilities, so manufacturers are limited in how many they can produce at any given moment; meaning that attacks like this are an incredibly expensive setback. While the government does try to keep a stockpile of spare transformers (in the event of similar emergencies), transformers are not really "one-size-fits-all", so damage to several transformers at once can be incredibly catastrophic to a local power grid. Thankfully, this attack was isolated to a single location and not several, and happened in the middle of April; a similar attack in the middle of winter or summer, when energy levels are much higher (due to the temperature) might have resulted in blackouts throughout the San Jose area.

Speaking at a conference of security experts in November of 2013, Mark Johnson, the former vice-president for transmission operations at PG&E, stated about this attack:

"This wasn't an incident where Billy-Bob and Joe decided, after a few brewskis, to come in and shoot up a substation. This was an event that was well thought out, well planned, and they targeted certain components... These were not amateurs taking potshots... My personal view is that this was a dress rehearsal (for future attacks)."

Jon Wellinghoff, the then-chairman of Federal Energy Regulatory Commission, had been appointed to the FERC committee by George W. Bush in 2006 and was named chairman by Barack Obama in 2009. He would serve in his position through November of 2013, coming forward that same month to publicly voice his concern about the incident from San Jose, which he would describe as:

"...the most significant incident of domestic terrorism involving the grid that has ever occurred."

Wellinghoff not only believed that a widespread replication of this attack could conceivably "black out much of the country" and potentially even "take down the U.S. electric grid," but also believed that America was woefully unprepared to deal with physical attacks entirely, having spent the past few years adapting to the emerging threat of cyberattacks but ignoring the physical vulnerabilities of the power grid.

Speaking at a Bloomberg Government breakfast in Washington DC weeks after stepping down as the chairman of FERC, Wellinghoff would publicly voice his concerns:

"There are ways that a very few number of actors with very rudimentary equipment could take down large portions of our (power) grid... I don't think we have the level of physical security we need.

"We have to start anticipating what will be our future with respect to both natural events and also events that may be perpetrated by those who would do us harm in the areas of physical and cybersecurity."

The following month (Dec. 2013), California Representative Henry Waxman, the ranking member of the House of Representative's Energy & Commerce Committee, would speak out about the attack on the Metcalf substation, describing it as:

"... an unprecedented and sophisticated attack on an electric grid substation with military-style weapons. Communications were disrupted. The attack inflicted substantial damage. It took weeks to replace the damaged parts. Under slightly different conditions, there could have been serious power outages or worse."

One senior intelligence official, speaking to the Foreign Policy publication months after the attack, would recount:

"Initially, the attack was being treated as vandalism and handled by local law enforcement. However, investigators have been quoted in the press expressing opinions that there are indications that the timing of the attacks and target selection indicate a higher level of planning and sophistication."

The investigation into this bizarre attack would initially be overseen by the Santa Clara County Sheriff's Office, who operated under the assumption that this was a simple act of vandalism: perhaps a shooting spree perpetrated by a couple of agitators, who either wanted to cause chaos or had no idea about the dangers of shooting at an electrical substation. However, as more information would begin to be uncovered, it became apparent that this was no simple act of vandalism: this was a methodical and planned attack on the U.S. power grid. Perhaps not a major one, but federal officials - stepping in to oversee the investigation weeks later - feared that this could have just been a test run for the person(s) responsible.

Jon Wellinghoff, the then-chairman of FERC, flew out to California shortly after the attack and brought along with him experts from the Joint Warfare Analysis Center. Together, they walked the grounds of the Metcalf substation and theorized that this had been a coordinated effort; not just a standalone incident by a couple of random individuals from the area. The warfare experts that Wellinghoff brought with him to examine the scene pointed out small piles of rocks, which they believe had been intentionally put together by scouts to indicate the best location to shoot the transformers from. As reported by the Wall Street Journal, Wellinghoff stated:

"They said it was a targeting package just like they would put together for an attack."

These warfare experts theorized that at least 3 men had worked together to carry out this attack, although this was just an assumption, based on the available evidence.

During the federal investigation, officials would conduct a recreation of the crime and learned that - while it was unlikely - one person could have pulled off this entire scheme singlehandedly. This included the lifting of manhole covers, the cutting of fiber optic cables, and then the shooting itself. If this had been a single person - as investigators now believed possible - they would have had to have been incredibly prepared beforehand, and not only knew the intricacies of the station's systems but also had the equipment needed to monitor law enforcement communications in the area (knowing when to escape into the night without being seen).

This debate - over whether or not this attack was the collaborative effort of several people or was perpetrated by a "lone wolf" - continues to this day.

Roughly one month after the attack - May 22nd, 2013 - another bizarre incident from the Metcalf substation would be reported to local police.

At around 3:00 AM that Wednesday, a man dressed in all black was spotted by a security guard stationed at the substation. The man was in an adjacent field, near Coyote Ranch Road, who began to run away towards Monterey Highway after being spotted by the security guard's flashlight. The security guard later called police, warranting eight deputies to search the local area - obviously alarmed that this incident happened just weeks after the original attack.

This was not the only bizarre incident to happen at the location, however.

More than a year later - August 27th, 2014 - another break-in would be reported by PG&E, who had increased the security at the substation after the original attack. This time, an untold number of thieves managed to cut through the fence, doing so without triggering the alarms, managing to steal several power tools from a construction trailer on the grounds (as well as other seemingly random items). It's estimated that the thieves managed to make off with tens of thousands of dollars worth of equipment, in a theft that lasted over an hour and warranted no response from the substation's security guards.

Then, in June of 2015, the FBI would announce that they were seeking information about a series of vandalism from the preceding year, in which unknown individuals had been cutting fiber optic cables in the surrounding area (San Jose, Berkeley, Walnut Creek, Fremont, and Alamo). In this case, the group or individual responsible had been intentionally cutting fiber cables for an unknown purpose, and federal officials believed that they had been dressing up as a cable technician, as they needed to lift manhole covers to gain access to the fiber network vaults underground.

This fiber-cutting spree seemed similar to another spree from April of 2009, in which someone had cut more than 10 fiber optic lines in San Jose and San Carlos, causing people in Santa Clara, Santa Cruz, and San Benito counties to lose wireless service for upwards of a day.

Despite AT&T offering up $250,000 for both wire-cutting sprees, they both remain unsolved to this day. The FBI remains hesitant to publicly theorize that any of the events are linked, including the 2013 attack on the Metcalf substation, but because all remain unsolved, I'd say it's hard to make that judgment without knowing more. Perhaps the methods of cutting fibers differed in each, but the fact that these events all unfolded in the same general area over a roughly five-year period - without anyone being suspected or claiming credit - leads me to believe that one group or individual might have been behind it all. But that's just a guess on my part, based on very little available evidence.

In the years since this mysterious attack took place, several theories have been floated about potential culprits and motivations. I'll attempt to cover the main theories as well as I can, but just know that - based on the scant amount of evidence released by authorities - it's really hard to make heads from tails in this case.

Early on, an FBI spokesman would tell reporters with the Wall Street Journal that they did not believe a terrorist organization to be responsible, but would not go into any detail, much to the confusion of reporter Rebecca Smith, who later spoke to NPR about this clarification. While this seems odd, it does make sense in its own way, as the government cannot describe violent acts as terrorism - either domestic or international - without some kind of known motivation... since terrorism is, by its definition, violence enacted to achieve some kind of political or societal goal. In this case, there was no stated goal - no named objective - so ascribing any motive to it is rather hard to do.

That being said, it's hard not to see this as an act of terrorism when no other motive seems to make any sense.

In some discussion threads online, I've read theories about this being the result of a union dispute; since the CWA (Communication Workers of America) had been in a labor dispute with AT&T at the time of this story. However, at the time the shooting took place, the CWA had come to an agreement with AT&T, who - it's worth pointing out - played a relatively minor part in this story. Perhaps some labor group had taken issue with PG&E, the electrical company that owned and operated the substation in question, but even that doesn't seem to rise to the level of causing $15 million in damages and risking years in prison.

There is the possibility that this was an eco-terrorist group, like the ones that were prevalent decades ago, such as the Monkey Wrench Gang. But most eco-terrorists would try and push some kind of motive to the crime - a warning to other companies to change their ways, or something similar - and there seems to have been none of that in this case. At least, no motive that has been publicly released. It's possible that PG&E or the other companies involved tried to keep any apparent motive quiet, to avoid copycats... but without any proof on my part, that's just another guess.

A major reason that I don't think this act was perpetrated by some random eco-terrorists or angsty union members is that this operation showed signs of military prowess. Whoever carried out this attack knew what they were doing: they knew not only where to shoot at the transformers to permanently damage them without causing a scene, and were able to carry out this entire operation in less than an hour without being seen. This indicates a significant amount of diligence and planning, and I just don't see that happening without some kind of military training on behalf of this attack's organizer.

Some web sleuths have speculated that this operation could have been carried out by a group like Red Cell: a nickname for the U.S. government's National Security Co-ordination Team (NSCT) who are occasionally brought in to test American tactics and personnel... often in rather-extreme ways.

Retired Naval officer Richard Marcinko - the former commanding officer of SEAL Team Six - was the leader of Red Cell, who later detailed his life in the autobiographical "Rogue Warrior" (published in 1992). In it, he detailed how Red Cell would test the vulnerabilities of military bases and other government institutions by conducting thorough, often-extreme tests: they would attempt to steal government secrets, perform abductions, sneak into highly-secure areas, etc. At one point, Red Cell reportedly even planted a bomb near Air Force One. The purpose of Red Cell was to test the security of America's institutions to fix and patch flaws, so that repeated attempts would be thwarted.

Some believe that the attack on the Metcalf substation might have been one such operation, performed by a shadowy government entity or someone with a vested interest in boosting the security of electrical substations and other parts of the power grid. Maybe it wasn't even a government entity, but a security firm or contractor hoping to secure an expensive government contract by performing the security upgrades needed.

The most likely theory, in my opinion, is that an extremist group was behind this attack; perhaps one not-too-dissimilar from the militia groups that we've been seeing in the news lately. It's come to light over the past several months that white supremacist groups have been planning attacks on the U.S. power grid, hoping to begin conducting similar attacks as the Metcalf substation shooting in the event that Donald Trump lost the 2020 presidential election, which he did (thank fucking Christ). They were also planning to begin creating Nazi militant cells, similar to the neo-Nazi Atomwaffen division, and hoped that attacks on the power grid would help them in their quest to create a "fascist society" (their words, not mine).

While I believe this to be the most likely theory, it is also possible - albeit in a more terrifying and hard-to-fathom way - that the person(s) responsible for this crime were foreign agents, meant to either test the responsiveness of law enforcement or the U.S. government's response to this attack on the power grid. Perhaps both. Maybe this was a single act in a larger, Salami-slice strategy. Considering how aggressive Russia has been in spreading misinformation and attacking the U.S. infrastructure over the past couple of years (such as hacking into our government systems through the IT software Solarwinds), this option doesn't seem too far-fetched to me.

Hell, given the time period that this story happened in (April of 2013), it wouldn't be impossible for this to have been an operation carried out by ISIS/ISIL sympathizers; someone hoping to use the chaos from the other side of the nation (Boston marathon bombings) to carry out this long-planned scheme under the cover of darkness. Any of these options remain possible, in my opinion.

Speaking to the Wall Street Journal in 2014, Rich Lordan (senior technical executive for the Electric Power Research Institute) would state that the "breadth and depth of the attack was unprecedented" and believed that the motivation for it:

"...appears to be preparation for an act of war."

This event acted as a wake-up call for the energy sector, highlighting just how exposed large parts of the U.S. power grid were, not only to cyber but physical threats, which pose a persistent danger - and have, for some time.

In the episode introduction, I told you about the 2007 report from the National Research Council, which was unclassified by the Department of Homeland Security in 2012 (approximately six months before the events that unfolded outside of San Jose). But there was another report from 1990 from the Office of Technology Assessment which seemed to have made many of the same unheeded claims, warning back then that:

"... virtually any region would suffer major, extended blackouts if more than three key substations were destroyed."

This attack would lead to changes from certain entities - including California's PG&E, who pledged to make more than $100 million in security upgrades in the months afterward - as well as other government agencies, who tried to implement minor changes to electrical substations. In addition to constructing concrete walls outside of power stations, install gunshot audio sensors and seismic recorders, and begin aiming security cameras outwards (to catch anyone unlawfully encroaching upon substations). Some manufacturers have even started constructing transformers with thick, 1/2-inch armor plating, which can stop most rifle rounds.

Unfortunately, though, most of these changes do little to safely guard the U.S. power grid. Utility employees are woefully unequipped and overstaffed to securely guard every power or substation, not enough funding has been allocated to refit every transformer or safely protect it, and not enough awareness has been raised to address this issue. While some of you have heard about this story before, I'd wager that the vast majority haven't.

Large portions of the power grid remain exposed to physical threats to this day - especially in more rural areas of the United States, which are more at risk to lose power for an extended duration in the event of a catastrophe. In those areas, an attack like this one - which is perhaps more widespread and coordinated - could be absolutely devastating to the entire power grid. And that's why this story remains an urgent threat today.

Rewards of $250,000 exist for the apprehension of the culprits behind both the 2013 attack on the Metcalf substation, as well as the individual that cut fiber optic cables in the San Jose area a year later (2014). Both incidents remain unsolved, and if you know anything, you are encouraged to reach out to local law enforcement or the FBI.

Until such a time, this story will remain unresolved.

Episode Information

Writing, research, hosting, and production by Micheal Whelan

Published on on February 7th, 2021

Producers: Roberta Janson, Ben Krokum, Gabriella Bromley, Steven Wilson, Quil Carter, Travis Scsepko, Laura Hannan, Bryan Hall, Damion Moore, Scott Meesey, Amy Hampton, Scott Patzold, Marie Vanglund, Astrid Kneier, Aimee McGregor, Jo Wong, Sara Moscaritolo, Sydney Scotton, Thomas Ahearn, Marion Welsh, Patrick Laakso, Meadow Landry, Tatum Bautista, Sally Ranford, Kevin McCracken, Ruth Durbin, Michele Watson, Jared Midwood, Teunia Elzinga, Ryan Green, Jacinda C., Stephanie Joyner, and Cherish Brady