Like a morning cup of coffee, espresso, energy drink, or wheatgrass smoothie—power grids, computer networks, water treatment facilities, pipelines, and communication systems fuel life's pace.
And they’re increasingly being attacked.
Threats against power, water, energy, fuel, and communications systems have experienced a significant uptick in frequency. For example, POLITICO recently analyzed federal records and reported that physical and computerized assaults against power facilities were at their highest level since 2012. There were at least 101 reported through August 2022.
The following stories describe critical infrastructure attacks, who are committing these crimes, and the possible damage in the blink of an eye.
Warning: all of the following events are real. These sites must be assessed, secured, and proper security precautions must be taken to prevent malicious attacks.
In the words of Kevin McCallister from the movie Home Alone, “Don’t get scared now.”
1. Power Grids
"If we can pull off what I'm hoping … this would be legendary," Sara Beth Clendaniel said on January 29, according to court records. She called a plan to take down Maryland’s power grid "definitely doable."
Clendaniel and her accomplice/boyfriend were captured in an attempted bomb attack on power transformers in February 2023. Their goal? Destroy the entire city of Baltimore.
According to CBS News, a Department of Homeland Security (DHS) bulletin warned that violent domestic extremists “have developed credible, specific plans to attack electricity infrastructure since at least 2020, identifying the electric grid as a desirable target.”
This alert has been proven credible for two reasons. First, there has been an uptick in the number of shots fired into power stations across the US. Second, the explosion of cyber attacks against utility stations is part of a more significant threat to critical infrastructure providers because they are most likely to pay ransoms.
For example, a few weeks before this bombshell disaster plot was busted, shots were fired into several Washington and New York substations. While these attempted attacks on power stations were unsuccessful, bullets fired into a power station in North Carolina unfortunately were. As a result, an estimated 50,000 customers lost power.
Power grids are also at risk of failure from aging infrastructure. For example, in the northeast blackout of August 2003, 55 million people lost power. While the cause of this event was unrelated to terrorism, it resulted from strained budgets, inadequate funding, and outdated technology.
The same issues plague current critical infrastructure companies and governing organizations.
The following recommendations were made after the incident:
- Upgrade infrastructure
- Educate employees
- Comply with industry standards, and if not in compliance, enforce penalties
- Increase funding
I was getting on a plane and was personally impacted by the blackout. I was shocked at how instantly life could move backward 50 years. Employees had to use metal keys to open airline gate doors. Stairways were pushed out onto the runway, and bag checks had to be done manually. There was no air conditioning. Passengers stood in long lines that resembled hot, smelly snakes.
I witnessed how a disruption in power impacts much more than lights or refrigeration. It had a significant domino effect. It is critical that power substations, infrastructure, and transmitters are protected. Society is increasingly dependent on technology fueled by power sources. Common, everyday conveniences like charging phones, water filtration, gas pumps and paying for goods and services are entirely reliant on power that comes through wires and into our homes. Protecting power sources is critical to maintain basic daily living.
Cyberattacks, malware coders, and hackers are all becoming increasingly aware of the profitability of attacking critical infrastructure providers. Unfortunately, this has created the most significant increase in theft for businesses.
In May 2021, the Dark Side gang shut down east coast fuel suppliers for days until they paid $4.4 million in ransom. Not only do energy companies have the capital to fund the ransom, but they also have millions of people depending on their service. Their company's reputation depends on trust. They have to keep that trust and keep the business up and running.
It is vital to not only secure the software and cloud services but the physical servers and network itself from malicious activity.
3. Water Treatment Facilities
Wastewater and water treatment facilities are also particularly vulnerable. Often owned by cities, and small towns, or run as independent businesses, these essential service providers have limited budgets and onsite staffing capabilities. There are currently more than 153,000 public drinking water systems in the US and 16,000 publicly owned wastewater treatment plants in the US.
Not only are pipelines and water treatment facilities targets for criminals, but the sewers themselves can also be targets or accessible routes for a crime. Access is prohibited in sewers beneath infrastructure sites. Eleven people recently found that out the hard way.
There has been no word if they turned into Teenage Mutant Ninja Turtles after they were arrested for storm sewer trespassing.
The Minnesota residents were caught and charged after they passed under two critical infrastructure locations—a water treatment facility and a railroad—on their way to the Mississippi River. Police suspected they were taking part in catalytic converter theft. The sewer connected locations with high-value merchandise.
By car, the trip on Google Maps was estimated to take about 17 minutes. Unfortunately, no Google Sewer route estimates were available.
Extensive, accessible, often unattended water treatment sites and sewer access points can easily be secured with remote monitoring. Because mobile security units are designed to fit in various locations and do not require external power sources, sites like the one that allowed these criminals to get to the Mississippi can be locked down instantly.
Clearly, the thieves wanted to avoid being detected. A camera monitoring the access points would have deterred the criminals and kept them out of the gutter.
September 21, 2022, a gigantic explosion rocked the Nord Stream and Nord Stream 2 pipeline in the Baltic Sea. The natural gas pipeline was not used, but it’s a true crime mystery still waiting to be solved. The perpetrators used boats and may have used divers to place explosives that permanently disabled four pipelines.
Multiple countries and governments are investigating the pipeline attack. The ongoing war between Russia and Ukraine has emphasized securing energy sources. Entire regions of the globe depend on natural gas distribution.
The threats of an attack on pipelines are genuine. One month after the Nord Stream pipeline explosion, an alleged Russian spy was arrested in October 2022. He attended a presentation entitled “How to respond to a pipeline explosion” in Norway. Since then, Norwegian oil and gas suppliers have been increasing their efforts to protect critical infrastructure components. Norway has become a crucial supplier of oil and gas to Europe since the beginning of the war on Ukraine.
On land, pipeline attacks and protests by activists and eco-terrorists frequently make headlines. Individuals encouraged with a “greater good” stop work, threaten, protest, vandalize, and damage oil and gas pipelines across North America.
Last year the Canadian government condemned an attack on workers at the Coastal GasLink work camp. Wielding axes, protesters entered the camp and threatened the workers. In addition to axes, they wore masks, fired flare guns, and tried to set a vehicle on fire. There were about 20 individuals involved in the crime that occurred off a remote forest road.
The workers fled, and the criminals proceeded to damage heavy construction equipment. The repairs were estimated to be in the millions of dollars. When police attempted to arrive on-site, they found the road blocked with downed trees, wires, and boards with nails.
On Christmas Day 2020, the son of an AT&T worker, and a former AT&T worker himself, set off a bomb in downtown Nashville that devastated communications for days and weeks in an instant.
The disgruntled employee was fueled by paranoia and conspiracy theories. He blew up an RV next to a network facility. He killed himself and injured eight others. He single-handedly disrupted service to 9-1-1, local nonemergency lines, cell phones, landline telephones, U-Verse subscribers, the COVID-19 hotline, some hospital phones, and some T-Mobile and aviation communications. The emergency took days and weeks to correct.
As demonstrated by this incident, taking out a central communications hub has a rippling effect on consumers, emergency service providers, and airline traffic controllers.
6. Dams and Bridges
Dams generate power and control the flow of water between two areas. If suddenly destroyed, the loss of a barrier would flood tens of thousands of homes, towns, and economies. The land could not quickly handle the water.
Crops would be destroyed. Businesses could not function.
The power of attacking dams as pieces of critical infrastructure were demonstrated when Russia used missiles to destroy an essential dam in October 2022. Russia puts millions at risk of flood and freezing by taking out two dams during a time of year when people rely on heat and controlled water flow to stay safe and powered with electricity.
Russia used attacks on critical infrastructure to maximize the damage caused to citizens by the climate during this time of the year. This shift was intentional and tactical.
Russia has also targeted main bridges in its attacks on Ukraine. To stop those attacks and become less dependent on existing critical infrastructure components like fixed bridges, the US approved a $400 million aid package in March that included armored vehicles that can launch bridges. The bridges are 60 feet in length, foldable, and carried on top of armored tanks.
In July 2022, a publication cleverly named “The Terrorgram” advocated damaging and destroying bridges as part of a broader campaign against American infrastructure.
However, plots against bridges are rarely successful in the US. Terrorism experts believe this is because bridges are heavily monitored. In addition, successfully attacking a bridge would be very expensive. It would require a lot of people and planning. Cutting large steel cables or damaging steel and concrete beams would be challenging, time-consuming, and require special equipment.
All it takes is one person with a devastating plan to disrupt life as we know it. The frightening truth is that if the wrong individual has access to powerful equipment, networks, or machinery, lives can be lost quickly. Money or resources can also be lost when critical infrastructure networks are damaged. Computer networks, telecom equipment and networks, pipelines, and water treatment facilities can all be negatively impacted by the actions of one person with a plan to hurt others.
So what’s to be done?
How to prevent critical infrastructure attacks
Individuals, businesses, and governments increasingly know the importance of securing critical infrastructure sites. Nineteen states have quietly enacted more significant penalties for tampering with equipment at essential sites of infrastructure. Railroads, oil and gas providers, and power facilities are named as specific sites needing additional protection through this legislation.
Individuals could be sentenced to up to five years in prison if convicted. If found guilty of a first-degree offense, they could be sentenced to life. The severity of penalties is highly controversial. They reflect the intense desire to protect the parts of society that keep life humming along as expected.
And if bad guys aren’t enough, nature can do a number with rain, flooding, fire, hurricanes, or tornadoes.
While there’s no way to prevent natural disasters or unexpected attacks from foreign governments or terrorists, individuals and businesses are taking control. They are using technology to increase surveillance and reduce the likelihood of service disruptions.
Unauthorized activity, onsite conditions, and identifying features of individuals and vehicles can be detected and recorded in high definition. Placed in vulnerable access points and viewable 24/7 with day and night telescoping cameras, police can be alerted at any time. This includes places where emergency services are hours away.
Adding infrastructure like power sources or fencing is optional. Mobile security solutions do not require any additional onsite support. Units are delivered, set up quickly, and ready to go.
It is essential to know that there are options to prevent the cascading effects of damage to critical infrastructure. Individuals, businesses, and governments need to not only enact policies and procedures to protect life as we know it, but they also need to invest in world-class surveillance systems. These onsite security solutions represent a crucial opportunity to combat dangerous threats and evil forces worldwide.
The people behind critical infrastructure attacks may be motivated by many things. They may have a severe mental illness, as was the case in the AT&T attack, or they may be working together with a group. Motivations range from racial and ethnic extremism to money (as in the case of cyberattacks), desire for power, eco-terrorism, or state-sponsored terrorism. The individual acts can be perpetrated by disgruntled employees, activist groups, individual extremists, nation-states, criminal gangs, or cyber-terrorists.
Regardless of the motivation, the intent is the same: disrupt life significantly. Prevent attacks on humanity. Help people keep their ability to move, drink, eat, get help, or have adequate shelter.
Contact LVT for a demo today.