Skip to main content
Subscribe

LOOKING FOR SOMETHING?

Sign of the Times: Using Federal Law to Help Deter Substation Attacks

Written by Ross Johnson on . Posted in .

In the last issue of Utility Security Magazine, I mentioned a federal law that the United States has in place to combat attacks in the energy sector in my article on strategies to defeat copper theft in substations.

In this article, I’m going to use the theft triangle to show how this law (and a similar one in Canada) can be used to deter substation attacks and intrusions. 

This is how it works: in the theft triangle, there are three elements at play: motive, opportunity and rationalization. (This triangle is also called the fraud triangle. It’s versatile and can be adapted to most forms of criminal activity.)

Motive is the reason the adversary has for the intrusion or attack. In theft, it could be money, or peer pressure. For radical groups, it could be the belief that damaging the substation will help further their ideology. Either way, as an asset owner/operator, there isn’t a lot you can do to influence motive.

To commit a crime, the adversary needs an opportunity. Substations are usually unmanned, often remote and if the intent is theft, copper wire is easy to cut with hardware store tools. Because it is rarely identifiable later, investigations don’t often go anywhere once the stolen copper has entered the recycling stream. If the adversary is there for ideological reasons, critical components are exposed and easily identifiable. 

The third element is rationalization. People often need to convince themselves that the crime they are about to commit isn’t as serious as it is and that they aren’t common criminals. People will tell themselves that if it was a real crime, then it would be better protected; or it’s a victimless crime because the site is insured; or if they don’t do it someone else will. 

This third element is especially important in insider risk. Employees are subject to the same motivations as outsiders but have far more opportunity. Good human resource policies, fair compensation, respectful workplaces and good security measures play a big role in reducing the odds of an employee talking themselves into stealing company property. 

Both Canada and the United States have laws that can be used to protect electric sector assets and we can use these laws to reduce the rationalization element of the theft triangle. 

In Canada, the law is found in Criminal Code RSC 1985 C-46 s430 Mischief. Anyone who destroys or damages property; renders property dangerous, useless, inoperative, or ineffective; obstructs, interrupts or interferes with the lawful use, enjoyment or operation of property; or obstructs, interrupts or interferes with any person in the lawful use, enjoyment or operation of property is guilty of mischief. 

If the damage is $5,000 or more, the adversary is liable for imprisonment up to ten years. If it causes actual danger to life, the adversary may be subject to imprisonment for life. If the value is less than $5,000, the maximum term of imprisonment drops to two years.

If copper thieves are charged with theft only (and not mischief), then the amount of damage is restricted to the value of the stolen items, although the financial impact of the loss through the repair process may be much higher. Using the Mischief laws allows the full financial impact of the theft to be considered by the courts, including replacement costs, overtime pay, repair to damaged fences, etc.

In the United States, the applicable law is Title 18 US Code Section 1366 — Destruction of an energy facility. The law states: 

(a)Whoever knowingly and willfully damages or attempts or conspires to damage the property of an energy facility in an amount that in fact exceeds or would if the attempted offense had been completed, or if the object of the conspiracy had been achieved, have exceeded $100,000, or damages or attempts or conspires to damage the property of an energy facility in any amount and causes or attempts or conspires to cause a significant interruption or impairment of a function of an energy facility, shall be punishable by a fine under this title or imprisonment for not more than 20 years, or both.

(b) Whoever knowingly and willfully damages or attempts to damage the property of an energy facility in an amount that in fact exceeds or would if the attempted offense had been completed have exceeded $5,000 shall be punishable by a fine under this title, or imprisonment for not more than five years, or both.

It is easy for a criminal to reach $5,000 in damage to a substation when stealing copper and even easier to reach $100,000 in damage when transformers and circuit breakers are attacked. And the penalties apply even if the adversary isn’t successful and doesn’t damage anything. Merely planning the attack is enough for charges to be brought.

The US law has been used in several cases involving substations. The Christmas 2022 substation attacks in the Tacoma area led to two people charged and convicted under the Section 1366 law. The man who plotted to destroy a Nashville, Tennessee substation with a drone carrying an explosive device in September of 2024 has been charged under that law, but has not yet gone to trial.

We need to use these laws as part of our deterrence planning. We don’t want our adversaries first finding out about the existence of these laws when they are arrested—we want them to know the jeopardy they are exposing themselves to before they commit the act. We want them to consider the impact that these laws could have on their future before they decide to act.

In our sector, we use signage to convey warnings about hazards and we should expand this to include the legal consequences to those who would damage the site. I have included two signs that could be used by utilities when designing their own substation security signage. 

The purpose of the crests on the signage is to send the message that the utility that owns the site has powerful allies. Note, should you create your own signs like these, please get approval to use any logos or crests from each respective agency or organization. 

In the United States, the Federal Bureau of Investigation is responsible for federal policing. In Canada, it could be the Royal Canadian Mounted Police, the Ontario Provincial Police, the Sûreté du Québec, or the Royal Newfoundland Constabulary. 

The warning signage should be distributed on the fence line using similar logic to the other hazard or trespassing signs that you use now. One sign per site won’t be enough.

I believe that if our adversaries understood the legal consequences of damaging our sites then some of them would be deterred, but they won’t know if we don’t tell them. Signage is a good start.

About Ross Johnson:
Ross Johnson has over four decades of experience in all aspects of security management, including tenures as a professional security manager where he oversaw regulatory requirements, budgets, personnel shortages and an endlessly expanding threat portfolio. Having spent much of his career in the high-impact/low-frequency quadrant, he now assists organizations by developing programs that help them define the appropriate level of attention and resourcing that their risks need. Johnson has worked in the electric sector since 2006 and held executive committee positions on NERC and Electricity Canada’s security and infrastructure protection committees, including representing Canada on the CIP-014 Standards Drafting Team. He is currently the chair of E-ISAC’s Physical Security Advisory Group and co-facilitates the DBT/VISA workshop for NERC’s E-ISAC. He is also a Senior Fellow at Electricity Canada, and advises them on security and emergency management. Reach him at ross@bridgeheadsecurity.com.