What really happened? WRAL Investigates tests Moore County's power grid security after December 2022 attacks
Thousands of electric substations dot our nation’s landscape.
Metal boxes and high-voltage wires often in full view behind a chainlink fence.
In December 2022, power station attacks in Moore County exposed just how reliant communities are on even one station.
So, what really happened in Moore County? One engineering expert has a theory.
The first substation attacked was in Carthage, where a lower voltage distribution substation is located. However, the most critical damage happened next at the West End substation, which is connected to a high-powered line. A few gunshots took down the electrical loop that circles Pinehurst and Southern Pines, robbing power from 45,000 customers.
Duke Energy spokesperson Jeff Brooks said those attacks led to action from the power company.
"We have gone back and looked at a lot of our systems since the events of Moore County to evaluate opportunities for making improvements," Brooks told WRAL Investigates.
Changes already in place include physical security, like improved mesh fencing at substations, but also surveillance and technology to reroute power when systems fail.
"There’s some things you see and there’s some things you can’t see," Brooks said. "Security is a multi-layered approach that we take."
WRAL Investigates visited both those Moore County substations earlier this month. West End now includes a perimeter fence blocking traffic, well away from the site.
Within 10 minutes of our unannounced arrival, a sheriff’s deputy pulled up. He questioned us, then ran our driver’s licenses in the system and kindly warned us to abide by the "no trespassing" signs.
WRAL Investigates found the Carthage station still quite visible next to the road. However, security cameras now monitor the site. While no one ever checked on us, Duke Energy later shared surveillance pictures of our visit.
For years, experts have raised red flags about substation security across the country.
"I don’t think we should be panicking, but we should certainly be quite concerned," said Carnegie Mellon University Engineering Professor Granger Morgan.
Morgan headed up three major reports on the power grid for the National Academy of Sciences. He said recommended security upgrades are slow to happen, especially when it comes to oversight.
"The problem that there’s really nobody with responsibility over the the entire resilience issue across the board in a power system is something that hasn’t had enough attention," Morgan said.
However, the security concerns go beyond physical deterrents, like fences and barriers. In some cases, those that want to target the power grid have insider information.
"The documents are already out there," said Jack Reedy, a digital security expert with INE.
Reedy warns there’s a virtual "how-to" guide to attack power stations circulating online for those up to no good.
While the information is already in the public domain, Reedy said power companies can use that information for good.
"That’s where we have to start figuring out what’s in the guide and hardening against those attacks," Reedy said.
Reedy asked a colleague who’s currently active on the dark web to see what he could find. Whether it’s a dark web marketplace or a chat, his colleague found what he was looking for.
"Detailed schematics, equipment manufacturers in addition to standard operating procedures of those particular areas," said Reedy of the documents discovered.
"I’m sure if you went through that target package there’s probably Google map images on there of the roads and stuff like that," he added.
Reedy thinks some of the information his company found came from public websites, but he believes the schematics information was likely obtained nefariously by hackers.
The combination of physical and cyber security concerns put our electricity at risk.
"The power system is inherently vulnerable, Morgan said.
Morgan suggests blocking the easy view, adding surveillance, and better protection for transformers at the most critical substations. Just as important, resilience, which is the ability to reroute power.
Brooks agrees, "You can do everything right on your system and still have an attack. If we can’t stop it from happening, we want to contain the impacts to a smaller area and get power back up faster."
Most times, it’s bad weather causing outages, but a new Homeland Security bulletin warns extremist groups keep spreading information on how to attack the grid.
In a statement to WRAL Investigates, Democratic North Carolina Gov. Roy Cooper's office outlined concerns, as well as solutions, to protect the grid:
“Attacks on North Carolina’s power stations show the importance of smart investments to make the energy grid and its systems resilient and capable of recovering quickly from any damage. The Governor supports security measures for power stations that are cost-effective and prioritize protecting power sources for critical services like hospitals and fire stations. The Governor’s budget recommendations included funding for the State Energy Office to conduct a study determining the best strategies for protecting our power stations and he encourages state emergency management officials and legislators to work together to secure North Carolina’s power grid.”
To date, no one has been arrested for the Moore County attacks, despite tens of thousands of dollars in reward money for tips that lead to the attackers.
