This is a straight assessment. Adversaries have shown the will to weaponize cheap drones. Western policymakers and infrastructure owners have not yet matched that will with consistent, layered defenses. The scenario below is a plausible, low-cost pathway that an ISIS-affiliated actor or inspired network could use to try to cripple parts of the U.S. electric system. I will be blunt about how it could work, what it would take, and what to do first.

Baseline facts that matter. ISIS and affiliated groups have weaponized commercial drones in combat, using them for surveillance, explosive delivery, and even kamikaze strikes during operations in Iraq and Syria. This is not theory. The group organized a dedicated unmanned aircraft effort and fielded modified quadcopters and other small UAVs to drop explosives and conduct attacks.

There is also precedent of UAS incidents in the United States that targeted energy infrastructure. Federal reporting on an event in 2020 shows a modified drone crashed near a Pennsylvania substation and was assessed as likely intended to short or damage equipment. Federal partners issued intelligence notices afterward because the incident represented the first known case in the U.S. where a UAS appeared to target energy infrastructure specifically.

Finally, real-world campaigns show how physical strikes on electric infrastructure produce outsized effects. Attacks against Ukrainian power assets caused sustained outages, damage to substations, and long restoration timelines. The Ukrainian experience demonstrates how relatively small physical strikes against long-lead components such as transformers and high-voltage substations can create cascading, costly disruption.

How an ISIS-affiliated swarm campaign could be executed.

1) Reconnaissance and targeting. Operators use off-the-shelf drones to map rural and semi-urban substations, switching yards, and key transmission nodes. Publicly available imagery, local observation, and brief overflights provide the approach vectors and blind spots for physical security. This is basic tradecraft and is cheap to achieve.

2) Weaponization and kit. The group modifies multiple commercial quadcopters to carry small shaped charges, incendiary packages, or cutting tools aimed at insulators and exposed bus work. Past ISIS operations show they are capable of modifying commercial platforms to carry explosives and to develop detonation or release mechanisms.

3) Massed, synchronized attacks. Rather than relying on a single precision strike, the adversary coordinates dozens of drones to hit multiple assets nearly simultaneously. The operational logic is to overwhelm the local security response and create enough physical damage or fires to force long equipment replacement times or to drive cascading outages. Small drones cannot replace missiles in destructive power, but coordinated hits against vulnerable, unguarded equipment can be operationally significant.

4) Complexity through deception. The campaign may use decoys and benign-appearing flights to force defenders to reveal detection gaps. A single downed drone left as a booby-trap is a known tactic observed in conflict zones.

Why the grid is vulnerable today.

  • Many substations and transformers are in remote locations with minimal on-site security and limited physical hardening. An adversary can approach those sites from standoff distances and operate during low-visibility hours.

  • Airspace awareness at facility level is uneven. Agencies and owners have guidance and detection options, but comprehensive, real-time low-altitude UAS monitoring is not universally deployed. Federal guidance and multiagency warnings about UAS risks highlight that the threat mixes physical and cyber risk and that Chinese-manufactured and other off-the-shelf UAS can introduce additional risk vectors.

  • Defensive tools for drone swarms exist in the defense sector, but deployment is limited and largely military. High-power microwave counter-swarm systems have been prototyped and delivered to U.S. Army evaluation units as a response to the swarm threat, but those systems are not a nationwide shield for civilian critical infrastructure. That capability demonstrates the technical path to defeat swarms, but it also underlines the gap between military acquisition and civilian protective deployment.

Likely operational outcomes in the scenario.

  • Localized but prolonged outages. A coordinated, physically damaging attack on several substations could produce outages lasting days to weeks for affected regions because of transformer lead times and the complexity of repairing high-voltage equipment. The Ukrainian campaign proves this is not hypothetical.

  • Significant economic and societal disruption proportional to the footprint hit. Even without national blackout, the loss of key nodes affects hospitals, water pumping, communications, and emergency services.

  • Attribution and deterrence problems. If attackers stage operations through cutouts or inspired lone operators within the U.S. or through proxies abroad, attribution will be messy and timely retaliation difficult.

Immediate, practical mitigations I would prioritize now.

1) Harden the obvious choke points. Inventory transformers and substations with long replacement lead times and apply hardening measures now. Barrier protection, fire suppression, and shielded or elevated critical bus connections reduce the yield of a small aerial attack.

2) Field detection and layered response for UAS at critical sites. Low-altitude radar, passive RF detection, and video analytics can provide early warning. Integrate those sensors into utility SOCs and local law enforcement response plans. CISA and federal partners have been explicit about the need to treat UAS threats as part of critical infrastructure planning.

3) Pre-position rapid restoration resources. Mutual aid, mobile transformers, and prioritized restoration plans shorten outage durations. If operators accept that physical attacks can occur, preparation materially blunts the impact.

4) Expand authorities and rules for mitigations. Civilian sites need clearer legal pathways to employ counter-UAS measures in emergencies. Military-grade counter-swarm weapons are not the near-term answer for utilities, but shorter-range defeat options and controlled interdiction approaches exist and must be lawfully available to protect life-critical infrastructure.

5) Improve intelligence fusion and sharing. Local detection without national fusion gives attackers a time window. Federal, state, and private sector intelligence must feed rapid protective action. Past U.S. incidents and foreign experience both show early warning matters.

Longer-term steps.

  • Invest in affordable, scalable counter-swarm technologies for civilian use that do not themselves create new hazards. The defense sector has shown directed-energy and HPM concepts that can defeat swarms, but those technologies need adaptation, safety standards, and rules for civilian deployment.

  • Reduce single points of failure. Move away from designs that make single substations or transformers systemic kill points. Increased redundancy, modular transformer stockpiles, and alternative routing reduce strategic value of any one attack.

  • Regulate high-risk components and supply chains for UAS where national security exposure is clear. Enforcement and tracking of large or military-capable UAV purchases will complicate attack logistics for adversaries.

Bottom line. The combination of historic ISIS use of weaponized UAS, evidence of attempted targeting of U.S. energy assets, and examples from Ukraine shows the attack vector is real and actionable. The United States has technical and policy options that work if applied with urgency and discipline. Start with hardening, detection, legal clarity for defensive measures, and a national fusion posture that treats low-altitude airspace security as part of critical infrastructure protection. Do these things now. Waiting for a catastrophic outage to force action will be a strategic failure.