Richard Catherina, Austin Taylor, Aman Barekzai, Erin Zalaoras; EMH2
Week of: March 1, 2021
We assess that extremist groups will plan to take advantage of winter storms in the United States of America (USA) as opportunities to carry out attacks on critical infrastructure, particularly energy-producing facilities, in the near future. We are highly confident that this will happen based on extremists’ previous and current interest in shutting down power grids in the USA, as well as the deadly consequences of not having power during a winter storm brought into focus by the recent weather in Texas.
Extremists want to shut down critical infrastructure during winter storms: HIGH probability
Increasing number of winter storms: HIGH probability
Armed assaults on critical energy infrastructure: MEDIUM-HIGH probability
Bombings on critical energy infrastructure: MEDIUM probability
Insider threats towards critical energy infrastructure: MEDIUM-HIGH probability
Cyber attacks on critical energy infrastructure: MEDIUM-HIGH probability
It is also possible that some extremist groups, particularly foreign extremist groups, will completely eschew physical attacks on critical infrastructure in favor of cyberattacks. Going forward, critical infrastructure sites will need to improve physical and cybersecurity and be on high alert during winter storms.
Extremists Want to Shut Down Critical Infrastructure During Winter Storms:
Winter storms provide an opportunity for extremists to attack critical energy infrastructure and harm those who rely on this infrastructure for heating and power. Extremist groups see critical infrastructure as high-value targets. In an FBI affidavit that was accidentally unsealed in December, white supremacists allegedly planned to attack power stations throughout the southeastern USA. Recent winter storms in Texas have sparked discussions of shutting down power grids in extremist Telegram channels associated with Boogaloo and the Oath Keepers. For instance, users shared maps of North American energy grids. Guides on how to shut down power grids have circulated in far-right Telegram channels since 2019. Extremists’ interest in power stations and grids likely stems from the damage that can be caused by shutting power off.
Map of Interconnected North American Power Grids Shared in Boogaloo Telegram Channel
The recent weather that impacted the southern USA, particularly Texas, has shown the deadly consequences of not having power during a winter storm. Texas authorities believe at least 40 people died in the storm of causes such as accidents on icy roads, freezing to death, being trapped in home fires, or carbon monoxide poisoning. Extremists have likely observed this and begun thinking about how a critical infrastructure attack during a winter storm could be deadlier and more damaging than an attack in normal circumstances. Boogaloo supporters probably see winter storms as opportunities to cause chaos. White supremacists may see them as opportunities to harm minorities or accelerate societal collapse and race war. Foreign groups might think about using cyberattacks during winter storms to retaliate for American foreign policy decisions.
Ideology would play a role in an attacker’s choice of plant to attack. White supremacists might choose a power station that provides energy to minority communities. Foreign groups might focus an attack on power stations near military bases or that power government buildings. Boogaloo supporters might choose power stations near major cities to create as much chaos as possible.
Extremist groups have multiple potential methods to attack power stations during winter storms. They include low-sophistication physical attacks with firearms and/or explosives, recruiting insiders to sabotage systems, and high-sophistication cyber attacks. Choice of attack will depend on extremist group members’ skills and tools, as well as proximity to their target. Groups that are closer to target sites will likely be more inclined to use physical attacks, while groups that are farther away will probably prefer to use a cyber attack. We assess that the probability of extremists planning to target critical infrastructure in the near future is HIGH. Based on the evidence, we have high confidence in this assessment.
Increasing Winter Storms
Severe winter storms, carrying heavy snow and cold outbreaks, have ensued as a result of climate change. As we continue to burn fossil fuels for electricity, heat, and transportation, carbon dioxide will continue to be released into our atmosphere, inevitably causing the temperature on Earth to rise. Climate change is expected to exacerbate the intensity and frequency of weather events, thus cities across the country must be prepared to withstand extreme weather. It is unlikely that the factors mentioned above, which heavily contribute to climate change, will cease or lessen in the foreseeable future. As a consequence of this, it is expected that severe winter storms will continue or increase.
Impact of February 2021 Winter Storm in Texas
Climate change drastically impacted Texas this winter. In January 2021, temperatures in the atmosphere above the North Pole increased from -110°F to -10°F, creating a polar vortex, which caused the cold air to plunge to the south. This brought a plethora of overwhelming conditions to Texas and set many record cold temperatures. It is likely that as climate change continues, there will be more polar vortexes and more associated temperature plunges and winter storms. We assess that the probability of winter storms increasing and becoming more severe is HIGH.
Threat of Armed Assault
With assaults on critical infrastructure increasing to more than 25 a year since 1990, extremist and foreign terrorist organizations may take advantage of growing winter storms to carry out an armed assault against critical infrastructure. The far-right domestic extremist threat puts power grid components, specifically substations, at serious risk. According to a report published by ProPublica, far-right extremist organizations such as Atomwaffen Division (AWD) have discussed and planned attacks on USA power grids. For instance, the leader of AWD, Michael Hubsky, posted in a chat room that “in any war, you need to cut off your enemy’s ability to shoot, move and communicate,” and “You would want to target things like: Substations, water filtration plants, etc.” This indicates that far-right extremist organizations will prioritize armed assaults against critical infrastructure since they believe it is the most devastating and effective form of attack.
The latest winter storms suggest an opportune time for a terrorist attack against critical infrastructure since local law enforcement is busy with other priorities. Attacks on various power grid components may result in extensive damage, resulting in expensive repairs and power outages. For instance, on September 25, 2016, an individual armed with a high-powered rifle shot and destroyed Garkane Energy’s main transformer, which left 13,000 residents without power for eight hours. According to a spokesperson for Garkane Energy, the damage exceeded $1 million USD and took between six months to a year to fully repair. Had this occurred during a winter storm, freezing rain, sleet, and snow may have increased response time from local law enforcement, which could have resulted in further damage. Far-right extremist organizations may prioritize armed assaults on critical infrastructure during the months of winter storms due to horrible conditions, which contribute to delayed responses, blocked roadways, lack of personnel, and individuals confined in one place.
The challenges associated with reducing vulnerabilities against the USA power grid, combined with far-right extremist groups’ desire to target and destroy various components, demonstrate the significant threat of an armed assault. The lack of security at various substations makes it easier for far-right extremist organizations to either infiltrate and destroy or infiltrate and steal expensive equipment. We assess that the probability of far-right extremist organizations planning to conduct an armed assault against critical infrastructure in the foreseeable future is MEDIUM-HIGH. Based on the evidence, we have low confidence in this assessment due to a lack of data illustrating far-right extremist efforts.
Threat of Bombing
On December 25, 2020, a bomb was detonated from a recreational vehicle (RV), destroying twelve buildings and causing damage to many more. The motivation in this attack was to demolish critical infrastructure, and attacks like such can occur at any given moment. The midst of a winter storm offers a terrorist the perfect opportunity to inflict damage to critical infrastructure. During a winter storm, navigating the roads to one’s place of work can be dangerous, inclining workers to stay at home, including security personnel. While this may be the safest choice for themselves, this creates a vulnerability at their place of work. If a terrorist gains the knowledge that a building is unarmed, therefore lacking security, that building will likely become a target, as was seen in the Nashville bombing. A terrorist’s ability to access and destroy critical energy infrastructure becomes much easier once a winter storm distracts their adversaries.
The bombing of critical infrastructure during a winter storm could have a detrimental impact on those who rely on it for power. People who rely on the power for heating or for preserving food in refrigerators would no longer have it. By attacking critical energy infrastructure during a winter storm, terrorists could sabotage an electrical grid and the ability to effectively respond to citizens in need. Additionally, a bombing could put emergency responders in danger.
From a logistical sense, responding to the bombing of critical infrastructure would put a strain on emergency response capabilities that are already being used to help people in the storm. It would put first responders at greater risk by forcing them to respond to a bombing in the middle of a winter storm when travel conditions could be dangerous. We assess that the probability of terrorists carrying out a bombing on critical infrastructure in the near future is MEDIUM. There is insufficient evidence to come to a confident decision.
Threat of Insider Sabotage
Extremists could use a sympathetic insider to sabotage a power plant during a winter storm. White supremacist groups have long attempted to recruit insiders from, and infiltrate themselves into, police departments. By infiltrating police departments, extremists gain training, access to political figures and restricted areas, opportunities to abuse their power to harm minorities, and intelligence they can use to avoid arrest. Recruiting members who work at power stations, or having current members obtain jobs at power stations, could provide similar advantages to terrorist groups.
Terrorists have a strong incentive to recruit power plant employees. Depending on the type of energy, some number of workers must be onsite to operate a power plant. This necessity provides an excellent opportunity for terrorists to inflict damage by recruiting essential personnel who could sabotage a power plant during a storm. While there is currently no direct evidence of active attempts to recruit power plant personnel, insider threats to critical infrastructure are not uncommon. In 2014, a report found that 67% of critical infrastructure companies reported security breaches. Among the companies surveyed, insider attacks were the root cause 24% of the time. The intense interest that extremist groups show in critical infrastructure, and the use of insider infiltration elsewhere, suggest that this tactic may be used in the future.
A sympathetic insider at a power plant could inflict similar damage similar to an insider in a police department. A technician or plant operator could take advantage of a winter storm to sabotage controls that they have access to, cutting off electricity or heating for the plant’s customers. They could provide information about a plant’s layout or security vulnerabilities to comrades to facilitate an armed assault or bombing attack. They could also provide their security credentials to help carry out a cyber attack. We assess the risk of insider threats at power plants that are sympathetic to extremist groups to be MEDIUM-HIGH. We have low confidence in this assessment due to a lack of data showing active efforts.
Threat of Cyber Attack
The threat of a possible cyberattack during a winter storm is a serious concern. It is crucial during winter storms that citizens have access to the needed power to stay warm. A possible cyberattack on critical infrastructure including power grids or medical facilities during a severe winter storm is a serious threat that could cost many lives. In 2020, the number of cyberattacks on health care, manufacturing, and energy facilities doubled from 2019 according to a report by IBM Security X-Force. Additionally, a Government Accountability Office report found that the electric grid is becoming increasingly vulnerable to cyber-attacks and that threat actors are becoming more capable of carrying out an attack.
Many foreign non-state groups have the capability of conducting a cyberattack on the USA critical infrastructure. One such group is known as “Dragonfly” and is based in Russia. This hacking group is known for conducting cyberattacks on numerous facilities including power grids, water treatment plants, and nuclear power plants. Other foreign non-state cyber groups with proven hacking capabilities include “Cozy Bear” and “Fancy Bear” based in Russia, along with many Chinese-based non-state hacking groups. Though there are currently no known domestic groups in the USA with the capability and intent of conducting sophisticated attacks on critical infrastructure, lone wolf cyberattacks continue to be a threat with the most recent attack being conducted on a water treatment plant at Oldsmar Florida. We assess the risk of cyber attacks on critical infrastructure from foreign non-state groups and individual domestic groups to be MEDIUM-HIGH with the likeness to further increase.
Although far-right extremist organizations may be inclined to conduct an attack against critical infrastructure, it is unlikely that foreign terrorist organizations will. Despite various examples of terrorist organizations attacking critical infrastructure across the world, to date, foreign terrorist organizations have demonstrated little interest in attacking the USA’s critical infrastructure. For traditional foreign terrorist organizations, an attack on critical infrastructure would lack the dramatic effect of attacks similar to 9/11. A terrorist attack against critical infrastructure would not yield the same amount of media coverage since it would not immediately kill many people. Instead, foreign terrorist organizations will be more prone to pursue cyberattacks, but will only pose a limited threat since they are less developed in computer capabilities. Therefore, we assess that armed assault against critical infrastructure by foreign terrorist organizations is LOW. Terrorist organizations are more likely to continue utilizing traditional methods to generate the maximum amount of fear and casualties.
The latest winter storm in Texas and the consequences it caused too many citizens is the result of climate change, with many southern states rarely experiencing extreme winter weather. These states may experience more extreme winter weather in the coming years. Additionally, many possible threats may impact critical infrastructure in the USA next winter. Threats include possible cyber attacks from foreign non-state groups to possible armed assaults by domestic extremist groups and insider sabotage. Likely, the threat of cyber attacks on critical infrastructure from both foreign and possible domestic groups will continue to increase. It is also likely that threats of insider sabotage along with possible armed assaults on critical infrastructure by domestic extremist groups will continue to increase.
The Counterterrorism Group (CTG) works to detect, deter, and defeat terrorism around the world by analyzing worldwide data, searching for hidden information, developing knowledge, and providing solutions. The CTG Emergency Management, Health, and Hazards (EMH2) Team works to mitigate the negative impacts of emergencies, health threats, global hazards, and related terrorist activity. The EMH2 Team will continue to develop intelligence on the ongoing effects of climate change and the increasing winter storms. Reports of cyberattacks on critical infrastructure will and possible extremist activity will continue to be monitored.
________________________________________________________________________ The Counterterrorism Group (CTG)
 FBI: White Supremacists Plotted Attack on US Power Grid, US News and World Report, December 2020, https://www.usnews.com/news/us/articles/2020-12-22/fbi-white-supremacists-plotted-attack-on-us-power-grid
 TRACWatch Weekly Analyst Review, Terrorism Research and Analysis Consortium, February 2021, https://myemail.constantcontact.com/---TRACWatch---Weekly-Analyst-Briefing.html?soid=1107520269808&aid=HP5KBLGpUDw
 Will Texas ever figure out how many people died in the winter storm?, The Dallas Morning News, March 2021, https://www.dallasnews.com/news/2021/03/01/will-texas-ever-figure-out-how-many-people-died-in-the-winter-storm/
 Climate Change and Extreme Snow in the U.S., NOAA, January 2016, https://www.ncdc.noaa.gov/news/climate-change-and-extreme-snow-us
How Climate Change Is Fueling Extreme Weather, EarthJustice, February 2021 https://earthjustice.org/features/how-climate-change-is-fueling-extreme-weather
 Extreme Weather and Climate Change, Center for Climate and Energy Solutions, January 2021 https://www.c2es.org/content/extreme-weather-and-climate-change/#:~:text=Climate%20change%20is%20expected%20to,on%20water%20supplies%20during%20droughts.
 What Climate Change Means for Texas, EPA, August 2016 https://www.epa.gov/sites/production/files/2016-09/documents/climate-change-tx.pdf
Climate change and record cold: What's behind the arctic extremes in Texas, CBS, February 2021 https://www.cbsnews.com/news/climate-change-texas-winter-storms-arctic-cold/
 When the Lights Went Out: On Blackouts and Terrorism, The MIT Press Reader, August 2019, https://thereader.mitpress.mit.edu/blackouts-terrorism-history/
 Inside Atomwaffen As It Celebrates a Member for Allegedly Killing a Gay Jewish College Student, ProPublica, February 2018, https://www.propublica.org/article/atomwaffen-division-inside-white-hate-group
 Power company offers rare $50K reward for information on vandalism, KSL, September 2016, https://www.ksl.com/article/41667428/power-company-offers-rare-50k-reward-for-information-on-vandalism
 Nashville bombing: Where the investigation, recovery stand at the start of Week 3, Tennessean, January 2021 https://www.tennessean.com/story/news/local/2021/01/11/nashville-bombing-update-week-3/6578422002/
 Investigators hunt for a motive in blast that shook Nashville, The Washington Post, December 2020 https://www.washingtonpost.com/national/nasvhille-explosion-investigation/2020/12/28/ffbf5888-4956-11eb-9025-57b4c8818a4a_story.html
 White Supremacist Infiltration of Law Enforcement, Federal Bureau of Investigation, October 2006, https://oversight.house.gov/sites/democrats.oversight.house.gov/files/White_Supremacist_Infiltration_of_Law_Enforcement.pdf
 Utility Jobs Lost as New Power Plants Need Fewer Workers, Wall Street Journal, January 2018, https://www.wsj.com/articles/utility-jobs-shrink-as-new-power-plants-need-fewer-workers-1516021200
 Critical Infrastructure: Security Preparedness and Maturity, Ponemon Institute LLC, July 2014, https://www.huntonak.com/files/upload/Unisys_Report_Critical_Infrastructure_Cybersecurity.pdf
 IBM Report: Attacks on Healthcare, Manufacturing and Energy Doubled in 2020, Homeland Security Today, March 2021, https://www.hstoday.us/industry/ibm-report-attacks-on-healthcare-manufacturing-and-energy-doubled-in-2020/
 CRITICAL INFRASTRUCTURE PROTECTION Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid, Government Accountability Office, August 2019, https://www.gao.gov/assets/gao-19-332.pdf
 Russians Who Pose Election Threat Have Hacked Nuclear Plants and Power Grid, The New York Times, October 2020, https://www.nytimes.com/2020/10/23/us/politics/energetic-bear-russian-hackers.html
 The Oldsmar water treatment facility hack was entirely avoidable – and it can happen again, Cybernews, February 2021,https://cybernews.com/editorial/oldsmar-water-treatment-facility-hack-was-avoidable-can-happen-again/