BC Hydro stepped up security after last November’s spate of physical attacks on electric substations in Oregon and Washington.
A BC Hydro security report, obtained via freedom of information (FOI), said there was no direct threat to B.C., but the incidents led the corporate security team to “augment the security posture at some of our stations closer to the U.S. border.”
A Dec. 1 email from a manager to a vice-president said the Federal Bureau of Investigation and state officials were investigating the incidents, and asked other utilities to notify them if they experience any similar incidents.
“Our mobile security personnel will be advised to be on heightened awareness when patrolling sites and engage with anyone, again out of the ordinary,” Ben Peco, BC Hydro’s senior manager of security and emergency management, wrote to senior vice-president of safety Kirsten Peck.
The email also said BC Hydro was monitoring social media for any related chatter and notifying leaders in stations field operations and transmission and distribution system operations to be on “heightened awareness.”
Peco’s email summarized details of the incidents.
A Washington state utility, whose name was omitted, found a distribution substation control house on Nov. 22 that had been damaged by fire. Suspects sprayed automatic transmission fluid over electrical equipment and left lit road flares inside the control house. They did not cause an outage.
On the same day, a suspect shot a small-calibre gun from outside another Washington state company’s 115-kilovolt transformer toward a distribution substation, causing a 5,000-customer outage.
On Nov. 24, sabotage at a Bonneville Power Authority substation in Oregon City, Ore. A suspect penetrated a reactor unit’s cooling radiators with three bullets.
Four days later, on Nov. 28, the substation operator in Clackamas, Ore. found significant damage to the communications equipment and computer control system.
An electricity information sharing and analysis centre (E-ISAC) member had also reported two break-in and vandalism incidents at separate Washington substations within a close geographical proximity. BC Hydro withheld the dates, locations and other facts over an alleged concern about third-party trade secrets.
Peck emailed CEO Chris O’Riley on Dec. 2 to say that BC Hydro meets monthly with the Western Electricity Coordinating Council’s security committee.
“There is one upcoming where we might learn more,” Peck said. “We haven’t heard anything from Canadian intelligence at this point.”
Peck said BC Hydro had earlier been asked to develop training scenarios which “would help in a situation like this so that we can react quickly if/when sabotage occurs.”
Also in Washington, two men were charged after four substations near Tacoma were sabotaged on Christmas Day, leaving 14,000 customers in the dark. Authorities allege Matthew Greenwood, 32, and Jeremy Crahan, 40, of Puyallup, Wash. were motivated to disrupt power in order to commit a burglary.
A 60 Minutes investigation last August pointed to the vulnerability of the U.S. electricity grid, a network of 55,000 substations run by 3,000 private and public utilities that lacks a single, overarching regulator. 60 Minutes quoted Grid Security Now website operator Michael Mabee who analyzed 1,000 physical attacks over the last decade and blamed a general lack of security.
In B.C., there are 18,000 kilometres of high-voltage lines and underwater submarine cables, and 292 substations. The BC Hydro grid connects by three lines to Alberta and four to the U.S.
B.C.’s most-famous attack occurred in May 1982 when the 麻豆社国产Five (aka Direct Action) eco-terrorist group bombed the Dunsmuir substation near Qualicum on Vancouver Island and caused $3.8 million in damage.
Since then, the biggest security incident on an energy-related site occurred almost a year ago. Approximately 20 people in disguises, some wielding axes, attacked security guards and destroyed equipment and vehicles at a Coastal GasLink pipeline work camp in a post-midnight rampage on Feb. 17, 2022.
In December, the Independent Contractors and Businesses Association and Crime Stoppers offered a $100,000 reward for information to solve the crime.
The documents released via FOI also included heavily censored internal security reports for Nov. 28-Dec. 5 and Dec. 19-26. BC Hydro uses a five-step scale for physical security and cybersecurity threats, from low to imminent, but the actual ratings were censored.
For the two periods, cybersecurity operations received 50 incident reports, including one of note, and issued 75 threat advisories. There were also 180 new physical security files.
The one cyber incident of note was deemed low-risk phishing.
"Three lookalike BC Hydro domains were discovered, including one that was reported by an employee who received a smishing [SMS phishing] text.” The phishing attempt via text message mentioned the Crown corporation’s one-time $100 credit to BC Hydro residential customers.
“Cybersecurity operations blocked all the domains in question and issued a takedown request,” said the confidential weekly security report.
Under physical security incidents, a thief smashed the window of a BC Hydro cable van in for repairs at a Ford dealer in Victoria and stole tools overnight on Dec. 17 and Nicola substation surveillance camera footage was reviewed after a Dec. 22 incident. The reason for the manager’s report was censored, but concluded that nothing suspicious was found.