In a world where the term cyber-attack is front of mind on the stewards of the nation’s critical infrastructure, the clear and present danger to America’s transmission grid is far less reliant on advanced technology.

Despite the grid’s vulnerability to cyber attack due to its increasing reliance on software intensive management, only 18 cyber attacks were reported between 2011 and 2014 which resulted in outages. None were reported in 2015 nor in the first eight months of 2016. While this number may seem high, it pales in comparison to a disturbing trend that resulted in hundreds of outages during the same period.

Power outages and their causes are reported by the nation’s energy providers to the Department of Energy via the OE-417 Electric Emergency Incident and Disturbance Report. Data from these reports compiled by Inside Energy and fully analyzed by Energy Ink Magazine reveals disturbing information not being reported in the mainstream media about the nature of such outages. (Data for 2015 and 2016 was compiled by Energy Ink).

During the ten year period from 2001 to 2010, there was a total of 815 reported outages nationwide. One was a result of a cyber attack. Three were reported as being caused by vandalism. The remaining were due to a variety of causes including weather (which accounted for about 64% of the total), load shedding, lack of generating resources, and other typical causes. But in 2011, something dramatic happened. In what seemed to be a coordinated effort by unknown assailants across the nation, 117 actual physical sabotage events resulted in power outages in twenty-four states. The tool of choice in these attacks – bullets.

From 2012 to 2016 (as of August 1), an additional 288 attacks resulting in outages have been reported. Despite the immediate assumption by some that such attacks are endemic of a drunken fool wanting to see sparks fly by shooting at transformers, many of these attacks were coordinated, multiple assailant assaults on critical grid infrastructure.

Typically, such attacks are not reported to or by the press as official outage reports do not require details beyond indication of cause of outage. Such attacks are listed as “sabotage, suspected sabotage, or vandalism.” But more brazen attacks have garnered headlines. USA Today reported that on April 16 of 2013, six men launched a nearly twenty minute long attack on ten transformers at a substation south of San Jose, California. After breaking into an underground telecom hub and cutting communications lines for alarms at the substation, the attackers fired “more than 100 rounds of .30-caliber rifle ammunition” at the transformer, according to CNN Money. It was considered “the most significant incident of domestic terrorism involving the grid that has ever occurred” by former Federal Energy Regularity Chairman, Jon Wellinghoff. Despite the organized nature of the attack, power was not lost to customers, and thus, was not officially reported as a “sabotage resulting in an outage.” This attack, thus, is not one of the reported 405 acts of sabotage or vandalism taking place from 2011 to August of 2016. Regardless, the attack caused $15 million in damage

Though these attacks have not resulted in a cascading network outage, the concern is that if such assailants begin to discover the more critical junctures in the nation’s interconnections, tens of millions of power customers will be left in the dark. Former energy security regulator Josh Axelrod speaking at a 2013 security conference in Kentucky, explained that just seven well placed bullets targeting seven critical points in the Eastern Interconnection could result in a cascading failure that would leave 37 states without power. As reported by USA Today in a March 2015 article, Axelord detailed that “If you know where to disable certain transformers, you can cause enough frequency and voltage fluctuation in order to disable the grid and cause cascading outages.”

Cascading power failures occur due to the interconnectivity of the grid. If one vital component fails, like a substation transformer, power still wants to flow through that system. This power has to go somewhere and thus, the remaining system has to handle more of the energy load. High voltage lines are designed to handle increased current during times of increased load demand, but if the current exceeds capacity, the relays built into the system to shut down lines before they fail shut the lines and connected components off. Once the relay trips, the line is “isolated” from the rest of the grid and thus, other lines and systems must quickly take on the added load. This sudden shift of load to these lines can then be enough to trip other relays to protect those lines. When they shut down, still more lines have to carry the extra burden. This cascading effect will continue until power generation can be reduced or until the entire interconnection shuts down.

This happened in 2003 when the nation’s worst power failure occurred in the Northeast. On August 14, an overloaded transmission line contacted a tree limb in Ohio which triggered faulty control software. Generators were unable to adjust to the change in load and in five minutes, 50 million people lost power for four days in areas of the Northeast, Midwest and parts of Canada. Damage to the system was estimated between $4 and $10 billion dollars. Total economic losses to commercial and industrial customers reached $79 billion.

More disturbing is that no arrests have ever been made in connection with these attacks. Certainly, some attacks were the result of simple copper theft, but when looking at the map where physical sabotage has taken place, it is clear specific areas are being targeted for destruction. In 2011, of the 117 reported sabotage and vandalism incidents, 24 of them took place in the Tacoma, Washington area. Some of these attacks were launched against the same substation seven separate times from June to September.

The industry is responding to the threat, as best they can, by installing bullet resistant fencing. Some component providers are also developing bullet proof materials to encase critical components. But with there being no arrests, no suspects, and no claims of responsibility, the true motives behind the attacks remains unclear.

Cyber attacks are most certainly a threat. The Department of Homeland Security received reports of 151 “cyber incidents” related to the energy industry in 2013 according to USA Today, though clearly, most of them failed. In 2015, CNN Money flatly stated in the headline of one article “The Islamic State [ISIS] is trying to hack American electrical power companies -- but they are terrible at it.” According to one FBI section chief, ISIS has “strong intent [but] thankfully, low capability…but the concern is that they’ll buy that capability.”

But the physical attacks appear to be of domestic nature. And though they too have “low capability” in that they’ve not yet determined where to hit critical infrastructure to truly create a region-wide blackout, attacks continue. Based on information gleaned from the Department of Energy’s reports, 2016 may end up seeing nearly 60 total attacks. Where before 2011, such attacks were virtually unheard of, they are now common place.

After the coordinated attack on the San Jose station, Wellinghoff toured the site with Navy Seals, who, according to the Atlantic.com “were convinced that it was a professional job.” But who these “professionals” are and what is driving this spike of attacks is literally a mystery.