FLASH ALERT: INCREASED RISK TO POWER SUBSTATIONS FOLLOWING ATTACKS IN NORTH CAROLINA
Rhiannon Thomas, Jan García, Claudia Santillan Vazquez, Nancy Lattimer
Rohan Rajesh, Deepankar Patil, Editors; Jennifer Loy, Chief of Staff
Tuesday, December 6, 2022
Map highlighting the location of Moore County, North Carolina
The Counterterrorism Group (CTG) is issuing a FLASH ALERT to local law enforcement and power substation managers following a series of targeted attacks on North Carolina power stations, which left Moore County without power for several days. Over the weekend, utility workers investigating the power outages found broken access gates and evidence of gunfire, prompting a criminal investigation. Local police have not identified a suspect and are working with federal agencies, like the Federal Bureau of Investigation (FBI). The county has declared a state of emergency.
Damage to power substations significantly impacts the local population and other critical infrastructure, including schools and roads. Individuals planning to conduct attacks against the US will very likely try to attack critical infrastructure in a similar manner. Investigations indicate those responsible knew how to take out substations, and those responsible will very likely share their knowledge online to enable others to conduct similar attacks.
CTG is on HIGH alert due to the likelihood of similar attacks on power stations throughout the US. The motive and suspect for the attack are unknown, but law enforcement is investigating the incident as a deliberate attack. Extensive damage to the substations suggests the perpetrator or perpetrators knew how to disable the electrical system, which they accessed after bypassing the access gates. Power outages have impacted traffic, communications, businesses, and emergency management efforts in Moore county. The feasibility and high impact of this attack will LIKELY inspire copycats, who will VERY LIKELY target critical local infrastructure that is not heavily secured. There is a ROUGHLY EVEN CHANCE those responsible for this attack will post their knowledge of the substations online. Individuals inspired to attack the US will ALMOST CERTAINLY discuss US infrastructure vulnerabilities on social platforms, like Telegram, LIKELY increasing the threat of copycat attacks.
A mass power outage in Moore County, North Carolina has left around 40,000 without power since Saturday night. Local authorities implemented a curfew from 2100 to 0500 on Sunday and declared a state of emergency. The incident became a criminal investigation when utility members found signs of vandalism at different sites, including gunfire at two power substations. The FBI has joined local forces to investigate the incident, which is believed to be “intentional” and “targeted.” There are currently no suspects, and no motive has been announced, with no groups claiming responsibility. Law enforcement has found no evidence to indicate the attacks were protests against a planned drag show set on Saturday, as online speculation suggested.
Power outages will almost certainly continue to hinder Moore County’s essential services, like schools and healthcare, in the next few days. Locals will very likely struggle to heat their homes, almost certainly leaving them exposed to low temperatures. Power outages will almost certainly affect households that depend on electricity to cook and refrigerate food. Prolonged power outages will very likely expose citizens who are unable to follow proper food safety measures to foodborne bacteria. Local grocery stores and restaurants will almost certainly be unable to sell refrigerated products, likely decreasing their revenues. Hospitals will very likely triage patients and divert non-emergency care to healthcare facilities in neighboring counties, likely increasing demand for patient care in Lee and Hoke Counties and causing treatment delays there. Without power, health records stored on computers will almost certainly be inaccessible, very likely resulting in doctors and nurses not knowing the patients’ allergies, previous interventions, or congenital diseases. Power outages will very likely affect other workers relying on computers, like remote workers. Moore County citizens will likely not be able to power up phones, laptops, and televisions, reducing access to updates regarding the power outages. Lack of power for public utilities, like traffic lights, will very likely result in car crashes and pedestrian injuries after sunset. Other means of transport will very likely suffer cancellations due to the lack of power, very likely disrupting Amtrak’s Silver Star route and operations at Moore County Airport. The outage will likely reduce US military readiness. US Army installation Fort Bragg is next to Moore County, and military personnel who reside there will likely need to take time off to address concerns related to the outage, like lack of childcare for students unable to go to school. This will likely reduce the number of military personnel able to respond immediately to emergencies and national security events and will likely delay deployments.
CTG recommends electrical substation managers immediately increase patrols around key power substations, as the likelihood of a repeat or copycat attack is more likely immediately after the original attack. Security at power stations should be increased, with regular patrols, continuous use of CCTV cameras, and regular inspections of security measures, like fences, to limit access and discourage potential attackers. Managers should only give sensitive information about security measures, like keypad access codes or security detail schedules, to key security personnel. CTG also recommends local and federal law enforcement agencies monitor online conversations on the attacks, including those praising the attacks and those sharing details on how to conduct a similar attack, to detect potential threats. CTG recommends local authorities increase door-to-door and radio communications to inform the public of where to access food, heating, shelter, and medical services. Civilians should avoid driving unless necessary to avoid traffic accidents due to stop lights not working.
CTG assesses that the current threat climate is HIGH due to the potential for other individuals and groups to plan similar attacks against power stations throughout the US. The perpetrators will very likely share their plans and knowledge of power substations on encrypted social networks such as Telegram, almost certainly increasing the chances of copycat attacks throughout the US in the short term. Other attacks will very likely target other critical infrastructure, such as transportation, healthcare facilities, and water treatment plants.
Analysis indicates that there is a HIGH PROBABILITY this attack will inspire copycat attacks on US local critical infrastructure, like electrical systems. Moore County citizens will very likely continue to face the effects of power outages in the short term. Fort Bragg is unlikely to effectively respond to a national security emergency in the short term due to a likely reduction in personnel. There is a HIGH PROBABILITY that online discussions of US critical infrastructure will increase on social platforms like Telegram. Individuals seeking to attack the US will likely request and share information on infrastructure operations and security weaknesses, likely increasing public knowledge of system vulnerabilities.
 North Carolina electric grid shooter 'knew exactly what they were doing,' sheriff says, Reuters, December 2022, https://www.reuters.com/world/us/attack-north-carolina-electric-grid-new-level-threat-governor-says-2022-12-05/