Full Report
[UPDATE 20-NOV-2025] This is an updated post from the original post ‘Did a “Ninja Squirrel” Cause the Northeast Blackout in 2003?’ (dated 17-Jul-2016). It can be found here: http://scadamag.infracritical.com/index.php/2016/07/17/did-a-ninja-squirrel-cause-the-northeast-blackout-in-2003/ Several more stories from mid/late-2025 implicating squirrels as the cause of recent power outages throughout the United States. Squirrel causes power outage for hundreds of Lafayette […]
Analysis Summary
# Incident Report: Recurring Infrastructure Outages Attributed to Wildlife Interference (2025)
## Executive Summary
This summary covers multiple recurring, geographically dispersed utility disruption events throughout the US during mid-to-late 2025, specifically attributed to interference by animals, commonly squirrels. The primary impact was localized power outages affecting hundreds of customers. Response involved immediate power restoration efforts by utility providers. The recurring nature of these incidents highlights systemic vulnerabilities in physical protection measures protecting critical infrastructure components.
## Incident Details
- **Discovery Date:** Ongoing, multiple events throughout mid-to-late 2025. Specific events noted in October and November 2025.
- **Incident Date:** October 16, 2025; November 11, 2025; and other unspecified dates in late 2025.
- **Affected Organization:** Various electric utility providers across the United States (e.g., Lafayette, Grand Blanc).
- **Sector:** Energy/Utilities (Electric Power).
- **Geography:** United States (Specific mentions include Lafayette and Grand Blanc).
## Timeline of Events
*Note: Since this report compiles multiple physical events rather than a single cybersecurity breach, the timeline reflects the reported dates of failure.*
### Initial Access
- **Date/Time:** Various utility operating hours (e.g., October 16, 2025; November 11, 2025).
- **Vector:** Physical intrusion/contact with electrical infrastructure by wildlife (squirrels).
- **Details:** Squirrels making physical contact with high-voltage lines or equipment, resulting in short circuits, equipment failure, or fault conditions.
### Lateral Movement
- Not Applicable (Physical, localized failure).
### Data Exfiltration/Impact
- **Impact:** Localized power service disruption (Blackouts).
- **Scope:** Outages affected hundreds of residents in specific service areas (e.g., Lafayette, Grand Blanc).
### Detection & Response
- **Detection:** Immediate detection via SCADA monitoring, system telemetry, or customer reports indicating a loss of service.
- **Response Actions:** Utility crews were dispatched to isolate the fault, stabilize the system, and restore power service.
## Attack Methodology
Since the incidents described are physical intrusions by wildlife, standard cybersecurity methodology (MITRE ATT&CK) is not directly applicable. The "attack vectors" are defined by physical vulnerability:
- **Initial Access:** Physical contact with energized equipment by non-human agents (squirrels).
- **Persistence:** Not applicable.
- **Privilege Escalation:** Not applicable.
- **Defense Evasion:** Not applicable.
- **Credential Access:** Not applicable.
- **Discovery:** Not applicable.
- **Lateral Movement:** Not applicable.
- **Collection:** Not applicable.
- **Exfiltration:** Not applicable.
- **Impact:** Creation of a short circuit or ground fault leading to protective device trips and resultant power outages.
## Impact Assessment
- **Financial:** Costs associated with emergency crew deployment, repairs, and potential regulatory fines (Costs not specified in the text).
- **Data Breach:** None (Physical/Operational Incident).
- **Operational:** Temporary loss of service to hundreds of customers in affected areas. Squirrels reported as the "**leading cause of power outages in the Midwest**."
- **Reputational:** Negative customer perception due to recurring service interruptions.
## Indicators of Compromise
- **Network Indicators:** Not applicable (Physical event).
- **File Indicators:** Not applicable.
- **Behavioral Indicators:** Unscheduled de-energization or protective relay trips correlated with high wildlife activity reports near substation or distribution assets.
## Response Actions
- **Containment Measures:** Isolating the faulted section of the power grid via switching operations.
- **Eradication Steps:** Clearing the source of the fault (removing the animal/deris).
- **Recovery Actions:** Restoring power service to affected customers.
## Lessons Learned
- **Key Takeaways:** Wildlife interference, particularly by squirrels, represents a significant and persistent threat to the reliability of electrical distribution networks across the US.
- **What could have been done better:** Improved physical hardening or mitigation strategies around critical overhead and substation equipment are necessary given the recurring nature of these events.
## Recommendations
- **Prevention Measures for Similar Incidents:**
1. **Physical Hardening:** Implement robust physical deterrents (e.g., specialized insulation, physical barriers, or nesting prevention methods) around high-risk overhead lines and transformer bushings.
2. **Proactive Maintenance:** Increase patrols and preventative maintenance schedules for identified high-risk infrastructure locations prone to wildlife nesting or ingress.
3. **Root Cause Analysis:** Conduct thorough, organization-wide root cause analyses on all wildlife-related outages to prioritize investment in best-in-class mitigation technologies.