Securing the Grid:

Protecting Power Plants and Critical Infrastructure in a Changing World

As a government official overseeing utility siting and permitting, I have a front-row seat to the threats and vulnerabilities facing our energy infrastructure. The stakes are high. Power plants and other elements of our energy grid are essential to modern life, yet they are increasingly under threat from an evolving landscape of risks. Cyberattacks, physical sabotage, and supply chain vulnerabilities are no longer distant possibilities but immediate concerns requiring urgent attention.

The Threat Landscape

One of the most prominent threats facing power plants and critical infrastructure today is cyber intrusion. Modern facilities are deeply integrated with digital technologies, from operational control systems to customer data platforms. Unfortunately, this reliance on digital systems has created a significant vulnerability. Sophisticated ransomware attacks, like the one that crippled Colonial Pipeline in 2021, underscore how hackers can paralyze critical infrastructure, cause widespread disruption, and demand massive payouts.

Physical security is another pressing concern. Power plants and substations are high-value targets for those wishing to cause chaos. The 2022 gunfire attack on substations in North Carolina left thousands without power and served as a stark reminder of how physical sabotage can directly affect communities.

Supply chain vulnerabilities exacerbate these risks. Many components of our energy infrastructure, including transformers and control systems, are manufactured abroad or by a small number of specialized vendors. As a regulator, I once investigated malfunctioning equipment at a renewable energy generation facility. When I looked into replacement options, I discovered that only one vendor in the U.S. could provide the necessary parts—and per the equipment’s warranty, that same vendor had to handle the installation. This lack of diversification in suppliers creates bottlenecks that can delay repairs and make critical systems susceptible to geopolitical disruptions.

A Comprehensive Strategy for Mitigating Risks

To address these threats, we need a multipronged strategy that strengthens the resilience of our power plants and critical infrastructure against cyber, physical, and supply chain risks.

1. Enhancing Cybersecurity

Investing in robust cybersecurity measures is non-negotiable. This includes implementing advanced threat detection systems, ensuring regular patching of software vulnerabilities, and conducting frequent penetration testing to identify weaknesses. Importantly, utilities and operators must foster a culture of cybersecurity awareness among employees, as human error is often the weakest link.

Collaboration is also key. Public-private partnerships can help utilities share threat intelligence and coordinate responses. The Cybersecurity and Infrastructure Security Agency (CISA) has made strides in fostering such collaboration, but utilities must actively engage in these initiatives.

2. Bolstering Physical Security

Physical security measures must be strengthened to deter and mitigate attacks. Installing hardened fencing, surveillance cameras, and intrusion detection systems at critical facilities is essential. Additionally, utilities should establish robust response plans with local law enforcement to ensure quick action in case of an incident.

Decentralizing critical infrastructure can also reduce vulnerabilities. Microgrids and distributed energy systems can make it harder for a single attack to disrupt the entire grid.

3. Diversifying Supply Chains

The reliance on single-source vendors or foreign manufacturers for critical components is a glaring vulnerability. The U.S. must prioritize domestic manufacturing of essential energy infrastructure components, such as transformers, control systems, and renewable energy equipment. Tax incentives and public-private partnerships can help incentivize companies to invest in domestic production.

At the same time, utilities and operators should develop contingency plans to address supply chain disruptions. This could include stockpiling critical components or pre-negotiating agreements with multiple vendors to ensure redundancy.

4. Improving Regulatory Oversight

Regulators play a vital role in ensuring utilities are taking these threats seriously. Requiring utilities to conduct regular risk assessments, submit contingency plans, and meet stringent cybersecurity standards should be part of any regulatory framework. Additionally, regulators should encourage utilities to share best practices and lessons learned to improve industry-wide resilience.

Learning From Experience

The renewable energy facility I investigated wasn’t an outlier—similar dynamics are playing out across the energy sector. In 2022, the Department of Energy reported that 85% of large transformers in the U.S. are imported, and lead times for replacements can stretch into years. This makes a compelling case for both diversifying supply chains and investing in domestic manufacturing capacity. Additionally, the increasing use of specialized technologies in renewable generation—such as offshore wind turbines and advanced battery systems—often ties utilities to specific vendors, raising questions about long-term serviceability and resilience.

The Road Ahead

The threats to our energy infrastructure are real and growing. But with proactive measures, we can mitigate these risks and ensure the reliability and security of the power grid. From strengthening cybersecurity to diversifying supply chains, these steps will require coordinated efforts between the public and private sectors.

As someone who has seen firsthand how a single point of failure can jeopardize operations, I believe we have both the opportunity and the responsibility to build a more secure energy future. The lights that power our lives depend on it.

###