This is a disturbing statistic. Federal energy records indicate that there is an attack – either physical or cyber – on the United States power grid, on average, every three to four days. But before we get into too much of a panic, this doesn’t sound like some sort of concerted terrorist strategy. Still, a definite cause for concern.

About once every four days, part of the nation’s power grid — a system whose failure could leave millions in the dark — is struck by a cyber or physical attack, a USA TODAY analysis of federal energy records finds.

Although the repeated security breaches have never resulted in the type of cascading outage that swept across the Northeast in 2003, they have sharpened concerns about vulnerabilities in the electric system. A widespread outage lasting even a few days could disable devices ranging from ATMs to cellphones to traffic lights, and could threaten lives if heating, air conditioning and health care systems exhaust their backup power supplies.

Some experts and officials fear the rash of smaller-scale incidents may point to broader security problems, raising questions about what can be done to safeguard the electrical grid from an attack that could leave millions without power for days or weeks, with potentially devastating consequences.

While cyber attacks garner a lot of the media attention, they aren’t as numerous as the headline numbers would indicate. The report lists 362 attacks on power stations and utilities between 2011 and 2014, but of those, only 14 were cyber attacks. The vast majority of assaults were “physical” in nature and the method may come as something of a surprise. People are shooting up transformers. A lot of these might be attributed to random acts of vandalism or drunken stunts by teenagers. In 2013, however, there was an actual assault which was clearly more than just dangerous hijinks.

Some of the worst fears of those in charge of the power grid’s security came true shortly before 1 a.m. on April 16, 2013, when unknown attackers unleashed a coordinated attack on Pacific Gas & Electric’s Metcalf substation in northern California.

The attackers severed six underground fiber-optic lines before firing more than 100 rounds of ammunition at the substation’s transformers, causing more than $15 million in damage.

The intentional act of sabotage, likely involving more than one gunman, was unlike any previous attack on the nation’s grid in its scale and sophistication.

The Metcalf attack was fairly well covered in the press, but the story faded quickly from the national consciousness. The reason for this is something which might inspire a bit more confidence in the current system than some analysts are demonstrating. Even though the attackers essentially destroyed some huge, expensive transformers and severed multiple cables, there was no power outage as a result of it. The grid adjusted, shifted the loads and kept the power flowing. To take out a large section of the grid takes a bit more effort – and knowledge – than that.

But that’s not to say that it can’t happen. The report indicates that the majority of these physical attacks take place at substations which have minimal security to say the least. They generally have a chain link fence around them, a few lights and – in some cases – a rather low tech security camera. This seems to be proven by the fact that the multiple, well armed individuals who took out the Metcalf station were never apprehended, nor were the people who shot up dozens of other stations around the country. They also note that industry reps express concerns that local police generally don’t treat these incidents as very serious crimes, thinking of them more along the lines of somebody breaking windows or knocking over gravestones.

All of this does point to a security vulnerability, though, and the industry needs to step up and beef up their protection. We’re not seeing a massive outage at this point because none of these incidents were large scale, coordinated attacks. But the fact that it seems to be so easy means that things could go downhill quickly if someone actually does try this on a large scale.