Guns, Drones, and Scissors: Lessons From the North Carolina Power Station Incident

    Cyber attacks often take center stage in public and private discussions of critical infrastructure security in the U.S. The Dec. 3 incident that left some 45,000 Duke Energy customers without power in North Carolina — as well as the ongoing Russian assaults on Ukrainian infrastructure — provide an important reminder that physical attacks remain a major threat as well. On the PBS news program Amanpour and Company, Juliette Kayyem, former Assistant Secretary in the U.S. Department of Homeland Security and author of “The Devil Never Sleeps: Learning to Live in an Age of Disasters,” observes that critical infrastructure remains unnecessarily vulnerable to physical attack, especially from domestic terrorists, as well as to the increasing danger of extreme weather. Furthermore, she explains, utility companies have an obligation to strengthen security.

    The risks are plentiful against these networks. One will clearly be the cyber risk. The second we have seen in North Carolina is the physical risk. … The third is the climate risk.

    [The way] these systems were built — our wires are above ground; our systems get flooded; electrical substations get surrounded by water, hurricanes, tornadoes, other natural disasters that are reoccurring faster and more deadly … there’s a point of failure.

    Because these [companies] are monopolies, there is no redundancy in the system. … We have built no redundancies. … These systems are going down, and we need to invest in making them more resilient to the frequency of disasters, or any threat that they are likely to face.

    — Juliette Kayyem