In the Shadow of Metcalf: An attack more people should know about

The 2013 Metcalf sniper attack exposed a gap that still exists today: local law enforcement is almost always the first agency on scene at a critical infrastructure attack, but almost never trains for one. Closing that gap requires preparation before the next incident, not after.

Today marks the 13th anniversary of an attack that should have changed how we think about security, but most people have never heard of it. If you are one of the few who already know what happened that night and quietly lost hope that anyone else would ever care, the new threat environment may finally change that.

On April 16, 2013, a lone wolf or small team of attackers went to the Pacific Gas and Electric Metcalf transmission substation in Coyote, California, and nearly took out the power grid for Silicon Valley. No bombs or sophisticated technology, just rifles and a deep understanding of the substation.

Before the first shot was fired, they cut the fiber-optic lines running underground nearby, taking down communications between the station and its headquarters. Then they opened up on the substation, hitting 17 large transformers with over 100 rounds of 7.62 ammunition. It appears they specifically targeted parts of the substation that would cause it to fail in a manner that would not be obvious. They did not want explosions; they wanted a successful operation. By the time law enforcement arrived, the attackers were gone. This attack caused roughly $15 million in damage which took weeks to repair. And to this day, no one has been charged. No suspects have even been publicly identified. Investigators and security researchers still cannot conclude on the motive of the attacker or attackers. No one has claimed responsibility for this surgical operation.

Jon Wellinghoff, who was chairman of the Federal Energy Regulatory Commission (FERC) at the time, called it "the most significant incident of domestic terrorism involving the grid that has ever occurred." The Department of Homeland Security largely kept it quiet.

We moved on and the public largely forgot.

From AKs to DJI

The logic behind Metcalf did not disappear, it evolved. Small teams with low-cost tools having access to a high-value target with minimal exposure. That is the same playbook being run today with unmanned aerial systems (UAS), and the consequences are no longer theoretical.

We have already seen this logic in action. In March 2026, unauthorized drones conducted repeated incursions over Barksdale Air Force Base (BAFB) in Louisiana, home to nuclear-capable B-52 bombers and a key node in America's nuclear triad. The incursions lasted for days, causing the flight line to shut down and disrupting operations. Suspects and their motives have yet to be identified. No one has claimed responsibility.

A closer parallel to Metcalf came in July 2020, near Hershey, Pennsylvania. A crashed drone was found on the roof of a building adjacent to a PPL electrical substation outside of the city. It was a modified DJI Mavic 2, a commercially available drone, but what investigators still cannot explain is the pilot's objective. Large copper wires dangled underneath it, the serial number had been scratched off, and there was no SD card inside. The FBI, DHS, and the National Counterterrorism Center assessed it as the first known case of a modified unmanned aircraft system likely being used in the United States to specifically target energy infrastructure. Someone was clearly attempting to disrupt the grid while avoiding identification. The drone is in the possession of law enforcement. We still have no idea who did it or why. No one has claimed responsibility.

Does that sound familiar?

Metcalf's lessons, twelve years later:

The distance problem has fundamentally changed. Based on shell casing locations, the Metcalf shooters were approximately 40 yards from the perimeter fence. An attacker using a first-person view (FPV) drone carrying a small explosive payload could execute the same type of targeted infrastructure strike from kilometers away. Counter-UAS doctrine must account for this shift. We must stop thinking about the few feet past our fence line and start thinking about a bubble kilometers in diameter around what we are protecting.

Physical security is not a relic. At the time of the Metcalf attack, the energy industry was deep in the middle of cybersecurity improvements. Physical security had largely become an afterthought. Metcalf is a reminder that the most sophisticated networks in the world can be brought down by someone standing in a gravel lot with a rifle. The digital and physical threat landscapes are not competing priorities. They are trying to solve the same problem of protecting an organization's most important assets, but from different angles. Organizations that focus exclusively on one while neglecting the other are leaving a door open.

Expect the impossible. It might have sounded far-fetched on April 15, 2013 that a group of anonymous snipers would conduct an attack lasting over an hour, cause millions of dollars in damage, and never be caught. It might have sounded far-fetched in 2019 that an anonymous pilot would fly an anonymous drone with wires hanging underneath it into a power substation. Is it far-fetched to think someone with an explosive-laden drone would fly it into a crowd during the FIFA World Cup or the celebrations of America's 250th birthday? It might have been a few years ago. It should not be today.

People in power have known about these vulnerabilities for over a decade, and the public conversation has never matched the urgency. On my commute home one evening from work I was listening to a 2014 symposium featuring high-level security researchers, congressmen, and senators convened one year after the Metcalf attack to discuss what had happened and what should come next. Security researcher Frank J. Gaffney Jr. said it best in his closing remarks: "Let me just put it plainly: enemies of this country know about these vulnerabilities, the government of the United States knows about these vulnerabilities, the electric utilities know about these vulnerabilities. The only people, if I may use the expression, who are being kept in the dark about our vulnerabilities are the American people." He leaned into the microphone and delivered that with the forceful disappointment of a high school principal who had finally had enough. The power of his voice shocked me. Everyone had been demure and professional up until that point. He broke the tension in the room.

Replace the context of Gaffney's 12-year-old admonition with "drones" and that quote lands just as hard today. The people who study this threat know how serious it is. The people most at risk largely do not.

The question is not whether we are being targeted. The question is whether we would know if it was happening, and what we would do about it.

Daniel Holland is the co-founder of Crisis Prevention and Response (CPR), a security consulting and training firm that delivers practical security solutions to homes, businesses, schools, houses of worship, and other organizations. He is an active law enforcement officer with over 10 years of experience in investigations, crime prevention, and public safety. He holds Florida Crime Prevention Practitioner and Florida Crime Prevention Through Environmental Design (CPTED) Practitioner designations along with FBI-LEEDA Public Information Officer certification at both levels. He also specializes in emerging threat assessment, with a focus on the drone threat landscape and its implications for civilian organizations.