Gunshots Damage Two North Carolina Substations, Disrupting Electric Service

Gunfire at two electrical substations in North Carolina on Saturday night disrupted service for thousands of people and launched an investigation to apprehend the culprits.

Moore County and Duke Energy officials said intentional damage from firearms at two substations around 7:00 p.m. local time on 3 December caused power losses for 45,000 customers, according to the News Observer. Officials are still searching for the individuals responsible and have implemented a curfew from 9:00 p.m. to 5:00 a.m.—part of a countywide state of emergency proclamation.

“No group has stepped up to acknowledge or accept that they’re the ones who’ve done it, so I call them cowards,” said Moore County Sheriff Ronnie Fields, who is investigating the incidents with assistance from the State Bureau of Investigation and the FBI.

Thirty-four thousand customers were without power Sunday night, and Duke Energy—the electricity provider for the county—said full service might not be restored until Thursday. Moore County has opened a shelter at a local sports complex to accommodate 250 residents.

“Acts of vandalism in Moore Co. have caused significant damage to components of the electric grid resulting in widespread outages across the county,” according to an outage update on Duke Energy’s website. “Equipment replacement is needed in some areas where damage is beyond repair. Technicians are working in 24-hour shifts to bring service back on as quickly as possible; however, due to the nature of the damage incurred, full restoration will take up until mid-day Thursday.” 

Fields said the damage was caused by an individual who pulled up and “opened fire on the substation, the same thing with the other one,” the Associated Press reports. Fields is calling the attacks targeted and confirmed with the AP that law enforcement would be providing additional security at substations and businesses overnight.

At first glance, the incident in North Carolina might spark comparisons to the sniper shooting at an electrical substation in Metcalf, California, in April 2013. 

“Metcalf looked like it was targeting the substation; this one in North Carolina appears it may have been targeting a community, village, or town, using the infrastructure as a weapon,” says Nicholas Weber, CPP, PCI, PSP, chair of the ASIS Utilities Security Community Steering Committee and president at Archer International, citing the two firearm discharges at two substations in a single service area.

Security regulations and training scenarios for utility providers have focused on the impact of a firearm attack, but the idea of targeting critical infrastructure to cause harm is still concerning, adds Weber, who previously worked for the U.S. Department of Homeland Security (DHS). That was always the biggest worry, “to attack the infrastructure to cause the follow-on impact to the intended target,” Weber says, adding that he’s concerned about the potential for copycat attacks.

This highlights the need for security teams and utility operators to have conversations and conduct table-top exercises together, so they’re better prepared to respond and mitigate the effects of a physical attack on their systems.

For instance, Weber was involved in an exercise roughly one year ago with a substation operator that used a gunshot detection system. The Security Operations Center (SOC) thought it was a nuisance to alert operators every time a gunshot was detected. But during the exercise, operators clarified that they wanted to know every time an alert for a firearm came up so they could correlate it to other system information to identify if anything was amiss, allowing them to respond faster to a potential problem.

Weber also notes that it is key for security practitioners to conduct vulnerability assessments of their sites, such as using the CARVER methodology, and reach out to partners in the space—including the ASIS Utilities Security Community and Critical Infrastructure Community. 

Organizations that are not utility providers can also take steps to mitigate the effects of an incident like the one in North Carolina, Weber adds, such as assessing how a prolonged power outage might impact the business. 

“We do see bigger power outages from storms, but it’s different when it’s human caused,” he says.

In North Carolina, the electric service disruption has impacted cellphone systems and Internet service, as well as schools and local healthcare providers. FirstHealth Moore Regional Hospital, for instance, is running on backup generator power, but due to prior planning has enough fuel to last five days without electric service—as well as the ability to procure more fuel for its generators.

“We’re fully staffed, so we don’t have any concerns,” said Gretchen Kelly, a spokesperson for the hospital, in an interview with The New York Times. “We’re ready to take care of the community as needed.” 

Some organizations may have established programs that conduct this work already, but for those just getting started the U.S. federal government has created a Business Power Outage Toolkit that is applicable for natural and manmade disasters. 

This is an evolving news story. As more details are confirmed about the attack and those responsible, Security Management will update this article.