Tens of thousands of cyber attacks on the power grid are troubling, though so far they have rarely caused damage. More alarming is news of an old-fashioned armed attack on a physical location that proved the vulnerability of the grid.

Last April, a nighttime attack destroyed a power substation in San Jose, Calif., the center of Silicon Valley. The attackers had a good understanding of the facility and how to destroy it. They broke into an underground vault off Highway 101 and cut fiber-optic cables. Then they fired on the substation for almost 20 minutes, apparently using AK-47s, and wrecked 17 of 23 transformers. News of the incident was suppressed, with Pacific Gas & Electric Co.  blaming vandalism. The damage took a month to repair.

We now have a better understanding of what happened thanks to a page-one article last week in this newspaper. Jon Wellinghoff, who was head of the Federal Energy Regulatory Commission when the incident occurred, says this could be a trial run for attacks to bring down large parts of the electrical grid.

In an interview, Mr. Wellinghoff was careful to say he doesn’t know if a terrorist group was responsible. But he called it a “purposeful attack, extremely well planned and executed by professionals who had expert training.” He visited the scene with Pentagon experts who train Navy SEALs how to destroy enemy infrastructure. They pointed to the precision of the attack and evidence of its careful preparation. Mr. Wellinghoff said this was the only time Pentagon experts have concluded that damage to the grid in the U.S. has been caused by professionals.

The power substation in San Jose, Calif., that came under attack last April. Reuters

“Coordinated attacks on just a few substations could have a devastating impact,” Mr. Wellinghoff warned. Destroying the right targets could knock out power for most of North America. Government agencies keep classified which combination of substations would create the most damage if attacked.

The FBI, which downplayed the likelihood of terrorism, still has no suspects. The bureau recently told the Los Angeles Times: “Until we understand the motives, we won’t be 100% sure it’s not terrorism.”

Former CIA director Jim Woolsey told the Commonwealth Club in San Francisco in October that three or four men operating in a “disciplined military fashion” were responsible for the attack. “This wasn’t hooliganism,” he said. “This was a systematic attempt to take down the electric grid.”

Mr. Wellinghoff, who came to Washington as an advocate for renewable energy, says physical security became a focus for him even before the San Jose attack. “I talked to anyone who would listen in the administration to say that physical security is key to the grid,” he recalled. He left office late last year frustrated that few officials seemed to care.

“Terrorism and the Electric Power Delivery System,” a National Academy of Sciences report written in 2007 and declassified in 2012, detailed the risks of a physical attack on facilities. “If it were carried out in a carefully planned way, by people who knew what they were doing, it could deny large regions of the country access to bulk system power for weeks or even months,” the report said. “Terrorist attacks on multiple-line transmission corridors could cause cascading blackouts.”

After Hurricane Sandy in 2012 we saw how much damage can be caused even by short-term, isolated outages. Areas of the Northeast lost access to the Internet, commerce came to a halt, and hospitals soon ran out of power from generators.

The power grid is especially vulnerable because many substations are in rural areas, protected only by chain-link fences. Mr. Wellinghoff urged power companies to take basic steps like building metal or concrete walls.

There are also new tools on the Internet that can be deployed to protect its source of power. Wireless digital sensors could alert security services to intruders. Mr. Wellinghoff says a Silicon Valley firm contacted him to offer sensors that can send alerts as soon as gunshots are fired. Sensors could automatically shut systems down to minimize damage from attacks.

Surveillance drones could be deployed 24/7 around especially sensitive facilities. The need for cheap, reliable drones is another reason the Federal Aviation Administration should legalize commercial uses of drones, which would accelerate their development.

Much of the discussion about surveillance in recent months has focused on the hypothetical risks to privacy from telephone metadata collected by the National Security Agency. Back in the physical world, no government agency is accountable for safeguarding the power grid. Power companies fear legal liability if they change their security systems, even to shore up defenses.

The security of the electrical grid is too important to be left to chain-link fencing. By deploying more Internet security technologies, the power grid can be empowered to help defend itself.