Project Gridstrike Finds Substations To Hit For A US Power Grid Blackout

Turns out free and publicly available information can be used to determine the most critical electric substations in the US, which if attacked, could result in a nationwide blackout.

Remember that million-dollar Federal Energy Regulatory Commission (FERC) study in 2013 that found that attacks on just nine electric substations in the US could cause a blackout across the entire grid? Well, a group of researchers decided to see just what it would take for a small group of domestic terrorists to identify the USs most critical substations -- using only free and public sources of information.
While FERC relied on confidential and private information in its shocking report and spent a whopping $1 million in research, researchers at iSIGHT Partners used only so-called open-source intelligence, at a cost of just $15,000 total for 250 man-hours by their estimates. The Wall Street Journal, which obtained and
first reported on the confidential FERC report
, never publicly revealed the crucial substations IDed by FERC for obvious reasons, nor does iSIGHT plan to disclose publicly the ones it found.
Sean McBride, lead analyst for critical infrastructure at iSIGHT, says the goal of his teams so-called Gridstrike project was to determine how a small local-grown terror group could sniff out the key substations to target if it were looking to cause a power blackout -- either via physical means, a cyberattack, or a combination of the two. How would an adversary go about striking at the grid? McBride said in an interview with
Dark Reading
. He will speak publicly for the first time about the Gridstrike research next week at the S4x2016 ICS/SCADA conference in Miami.
The iSIGHT researchers drew from a combination of publicly available transmission substation information, maps, Google Earth, and grid congestion documentation, and drew correlations among the substations that serve the top ten cities in the US. They then were able to come up with 15 substations that serve as the backbone for much of the electric grid: knocking out those substations would result in a nationwide blackout, they say.
FERCs report had concluded that the US could suffer a nationwide blackout if nine of the nations 55,000 electric transmission substations were shut down by attackers.
We looked at maps and tried to … identify [power] generation facilities, and looked up both centers and what substations are in the middle that would make high-value targets, for example, McBride says. We tried to identify which substations have the highest number of transmission lines coming in and out, as well, and weighed their significance.
The researchers shared the findings from Gridstrike with their customers as well as organizations most interested from a defense perspective to such attacks, says McBride, who declined to provide any further details on the specific organizations.
We were extremely concerned about the amount of publicly available information on the critical substations, McBride says. There were several documents available publicly that should not have been: in some cases, a sensitive document was sitting on an organizations public website even though it specified that the report was not for public consumption.
The hope is that the findings will alert critical infrastructure and other organizations with ties to the power grid that understanding how an adversary thinks can help shore up defenses, McBride says. They need to manage their recon exposure.
What does all of this mean for the US power grids actual vulnerability to a physical or cyber-physical attack? McBride says the openly available intel is reason for concern. He says he worries more about the possibility of a regional, localized, grid attack targeting a city or area, than a nationwide attack.
As for the
recent power blackout in the Ukraine
that appears to have been due in part to a cyberattack, McBride says hed be surprised if the attackers didnt gather some of their reconnaissance via open source intelligence.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Project Gridstrike Finds Substations To Hit For A US Power Grid Blackout