Hacked at the Border: China’s Silent Attack on U.S. Infrastructure

Just 10.2 km north of the California-Mexico border lies a key energy facility where power lines and substations connect solar panels to the larger electrical grid.

The JVR Energy Park, also called Jacumba Valley Ranch Energy Park, is located in unincorporated southeastern San Diego County, near Jacumba. By 2026, the site is expected to include 300,000 solar panels, underground and overhead power lines, a substation, and access roads. It will generate 90 megawatts (MW) of solar power and have a battery system capable of storing 20 MW. This makes it a vital piece of critical infrastructure.

Site of JVR Energy Park, San Diego County.

Cory Gautereaux, founder of The Goat Initiative (TGI), a nonprofit specializing in intelligence gathering and human trafficking monitoring along the U.S.–Mexico border, says "With San Diego being home to one of the world's largest military bases and a critical hub for national defense, a catastrophic failure at the JVR Energy Park, located over an hour from the city, would demand significant resources to restore operations. Diverting these assets could weaken San Diego's defenses, leaving the military base and surrounding area exposed to potential threats from within."

His team is in possession of cell phones belonging to immigrants who have illegally crossed the Mexico-California border. They were able to hack into several of the cell phones and discovered what could be described as an intel sharing espionage hub.

One of the phones in particular contained a chat where photos of US military bases, weapons systems, and nuclear facilities were shared. These chats contain directions and instructions on how to enter large electrical power plants. In addition to these key national security items, an identification card belonging to an employee of China’s State Grid Corporation was also found.

Identification card from an employee of China's State-Grid Power Supply Company, discovered by TGI along California's US-Mexico border.

Gautereaux and his team’s findings are alarming, but not new.

In May of 2020, President Donald Trump signed an executive order for the DOE to find and ban devices from the power grid made by foreign countries that were deemed a threat to national security.

The order, not explicitly naming foreign adversaries, was followed by the 2019 seizure of a large transformer from China that arrived at the Port of Houston and intercepted by the U.S. Department of Energy and taken to the Sandia National Laboratory. The specific transformer in question was purchased by the Western Area Power Authority (WAPA) from JiangSu HusPeng Transformer Co. (JSHP). JSHP, one of the largest Chinese suppliers, is also involved in intelligent optical storage systems.

Despite this, the U.S. continues this trade practice with China. In 2024 the U.S. imported approximately $3.86 billion worth of critical electric transformers from China. This followed an incredible $4.09 billion in 2023. According to the Observatory of Economic Complexity (OEC), this makes China the second largest source of US electrical transformer imports. These transformers, 100,000 kVA, are commonly found in large industrial settings, power plants, and utility systems.

There are over 300,000 known energy-related entities in a self-regulated system with minimal oversight. There are currently no requirements to protect this vital and vulnerable infrastructure from cyberattacks, geomagnetic disturbances, extreme weather, or electromagnetic pulses.

A study was recently published noting a significant and concerning amount of technical literature by Chinese researchers focusing on the potential power grid failure in the United States and Europe. These reports include terms such as "cascading failure," "outages," and "vulnerability." The publications focus on how failures propagate through the Western power grids and how to identify, target and optimize attacks.

Is it probable that China has utilized this trade by creating a backdoor to our electric grid?

Volt Typhoon an advanced persistent threat (APT) group operating on behalf of the People’s Republic of China since at least mid-2021, has primary focused on cyberespionage against U.S. critical infrastructure. Its activities include intelligence gathering, data exfiltration, and unauthorized access to credentials. U.S. official along with Five Eyes Intelligence noting in 2024 that the group "has been pre-positioning themselves on U.S. critical infrastructure organizations' networks to enable disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies."

While National Security discussions on cyber security are generally focused on data breaches, this grossly neglects the concern for critical infrastructure, which could lead to mass chaos and even loss of life. Essentially, there is no hack needed. Only access to install hardware, which China has.

This "backdoor" threat from our adversaries applies to all of our critical infrastructure, not just the grid. This type of attack could easily be mistaken for critical equipment malfunction.

California US-Mexico border, roughly 200 yards from JVR Energy Park.

Should the U.S. be more proactive in working to prevent these types of potential attacks? Gautereaux and his team say, yes.

Gautereaux explained, "Prioritize strengthening our borders and critical infrastructure over broad foreign commitments. Washington lost vital intelligence along the southern border from the prior administration’s flawed policies. Those policies left communities at risk, with emergency calls to 911 ignored while illegals flooded in through my neighbors' backyards. To fix these gaps, Washington should create contracting opportunities for local experts to improve intelligence gathering and empower citizens to speak up."