Full Report
“Do not do any of these things. Especially do not cover your face and destroy the many, and largely unprotected, power stations and cell towers. Electricity is a ghost, but one you can catch and kill. Do not do that. Do not become the sort of person who gets really good at blowing up power…
Analysis Summary
# Incident Report: Nevada Substation Attack and Extremist Threat
## Executive Summary
A domestic extremist, motivated by accelerationist ecofascism, attempted a physical attack against a critical infrastructure target—a LADWP power substation in Boulder City, Nevada. The attacker breached the perimeter fence and crashed a vehicle containing numerous destructive materials, ultimately dying by apparent suicide at the scene. While the physical destruction of the power infrastructure was prevented, the incident highlights the real-world threat extremists pose to largely unprotected physical critical infrastructure, specifically the power grid.
## Incident Details
- Discovery Date: February 19, 2026 (Time of crash/discovery)
- Incident Date: February 19, 2026, approximately 10:00 AM PT
- Affected Organization: Los Angeles Department of Water and Power (LADWP)
- Sector: Energy/Critical Infrastructure (Power Grid)
- Geography: Boulder City, Nevada, USA
## Timeline of Events
### Initial Access
- Date/Time: February 19, 2026, ~10:00 AM PT
- Vector: Physical Force/Vehicle Ramming
- Details: The subject (Dawson Maloney) drove a rented vehicle through the perimeter chain-link security fence protecting the substation and crashed into industrial wire reels.
### Lateral Movement
- N/A (Incident was physical intrusion, not network lateral movement)
### Data Exfiltration/Impact
- Impact: The primary goal appears to have been the destruction of the power station equipment using explosive precursors and incendiaries. The attack was thwarted before significant damage occurred. The attacker died by a self-inflicted gunshot wound.
### Detection & Response
- Date/Time: February 19, 2026, ~10:00 AM PT
- Details: The breach was reported to the Boulder City Police Department via a phone call reporting the vehicle crash. The FBI and LVMPD subsequently took over the investigation due to the ideological and terrorist nature of the act.
## Attack Methodology
*Note: Since this was a physical attack rooted in extremist ideology, standard computerized ATT&CK techniques are not directly applicable. The methodology below reflects the physical planning and execution.*
- Initial Access: Physical breach of perimeter security via a vehicle ramming attack.
- Persistence: N/A (Single, terminal event)
- Privilege Escalation: N/A (Physical attack)
- Defense Evasion: N/A (The attacker was operating alone; evasion focused on avoiding detection between NY and NV)
- Credential Access: N/A
- Discovery: Implied research/reconnaissance derived from extremist reading materials (Mike Ma books, Army handbooks on evasion) regarding infrastructure vulnerability.
- Lateral Movement: N/A
- Collection: Materials (precursor chemicals, weapons) were collected/purchased in advance.
- Impact: Attempted physical destruction/sabotage of critical infrastructure components (suggested use of thermite, gasoline, flame throwers).
## Impact Assessment
- Financial: Not quantified, but costs associated with security repair, investigation, and mitigation of the supply chain/extremist threat are implied.
- Data Breach: No known cyber data breach occurred.
- Operational: Minor, localized operational impact likely limited to immediate site lockdown and security assessment. No widespread power outage reported.
- Reputational: Potential reputational damage to energy sector security posture due to the high-profile nature of the targeted infrastructure.
## Indicators of Compromise
- **Network Indicators:** None evident (Cyber incident).
- **File Indicators:** Extremist literature found (e.g., Mike Ma's "Harassment Architecture" and "Gothic Violence," older Army handbooks on evasion/munitions).
- **Behavioral Indicators:** Attacker traveled across the country (NY to NV) after displaying suicidal ideation and terrorist sympathies to family/friends. Referencing self as the "dead terrorist son."
## Response Actions
- **Containment measures:** Law enforcement (LVMPD, Boulder City PD, FBI) secured the scene immediately following the crash.
- **Eradication steps:** All seized materials (weapons, incendiaries, precursors) were documented and removed by federal authorities.
- **Recovery actions:** Investigation into the subject's background, associates, and the broader extremist network was initiated by the FBI.
## Lessons Learned
- Physical security for critical infrastructure, particularly power substations (described partly as "largely unprotected"), remains a significant vulnerability to determined physical actors.
- Extremist materials promoting violence against infrastructure (often using coded language like "Do not do X") indicate potential attack planning and require vigilance.
- Physical surveillance and monitoring around critical infrastructure sites are crucial, as current security fencing was easily bypassed.
## Recommendations
- Immediately review and upgrade physical perimeter security measures (fencing, barriers, access control) at remote power substations.
- Enhance intelligence sharing between local law enforcement and federal agencies regarding known extremist ideologies targeting infrastructure.
- Develop and deploy physical security countermeasures capable of stopping vehicle-borne intrusion attempts at primary failure points of the grid.