In A Cyber Attack, Dead ATMs Would Be The Least Of It
In Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, Ted Koppel explores what would happen to the United States if an enemy attacked the electrical grid — what would life look like if we lost electricity for weeks or months? Security experts agree that the grid is vulnerable and several, including Richard A. Clarke who served in senior national security positions under presidents from Ronald Reagan to Bill Clinton, are sure the Russians and Chinese penetrated it years ago. The Wall Street Journal reported in April 2009 that the Chinese had placed logic bombs in the electrical grid.
Cities are especially vulnerable with their high rise buildings that depend on electricity for moving people by elevators and pumping water for daily living. Koppel said that in an outage, stores would sell out within hours, people wouldn’t have information because televisions and radios wouldn’t work and cell phones would go dead within days. Electronic cash registers wouldn’t work, ATMs would stop functioning and thousands of people would be stuck in elevators. Yet some of the disaster preparedness experts he interviewed suggested people have a few days of food and water, extra batteries, and a crank radio — prescriptions that are completely inadequate for an outage that would last more than two or three days.
FERC (the Federal Energy Regulatory Commission) has estimated that knocking out nine key substations could black out most of the U.S. Former Rep. Ed Markey estimated that recovering from an attack could take two months to two years or more. The disruption would be massive, and much beyond the damage from storms, because this would be targeted, yet FEMA and Homeland Security don’t have plans. The military focuses on protecting its own systems — no one is in charge of protecting the electric grid which is a public resource by owned in most places by private companies.
John D. Rockefeller, D-W.Va led a bipartisan group that was looking at ways to improve the regulation and safety of the electrical industry, which is divided among 3,000 companies and through deregulation has split into producers or power and transmission companies, making it more vulnerable to disruption. But in 2011 the Chamber of Commerce and industry lobbyists moved to shut down any discussion of regulation to protect the country. Only in the last year does the fear of government interference appear to be losing ground to the need for government protection, adds Koppel, noting that SIFMA, the securities industry’s trade association has hired Keith Alexander, formerly of the NSA, for help on cyber security issues. Alexander estimates that if everyone in government got behind a solution it would still take five to seven years to implement.
Some of the senior security figures Koppel talked to are almost comedic in their ignorance. Jeh Johnson, secretary of Homeland Security said “I’m sure FEMA has the capability to bring in backup transformers.” Yet as Koppel reports, transformers are custom-made and would take a minimum of six months, and more likely one to two years, to replace. Since it was deregulated, the electric industry has invested less in inventory to protect profitability. As an aside, Koppel notes that Homeland Security ranks 19th out of the 19 largest federal agencies as a place to work.
George Cotter, a retired NSA top tech executive who now draws on public sources to write the occasional paper on cyber threats, wrote in April 2015: “…the nation has little or no chance of withstanding a major cyberattack on the North American electrical system…when such an attack occurs, make no mistake, there will be substantial loss of life and serious crippling of National Security capabilities.” Or as FEMA’s Craig Fugate said, it quickly becomes a matter of keeping as many people from dying as possible.
Koppel’s book is a quick read, especially if you skip the many self-indulgent digressions — from rants about cable news to a capsule history of the Mormon church and accounts of the survivalists, or preppers.
Richard Clarke’s Cyber War: The next threat to national security and what to do about it, takes a more prescriptive approach and criticizes both President George W. Bush and Barack Obama for not increasing regulation of private industry security practices.
“In Washington one might as well advocate random forced abortions as suggest new regulation…” Clarke contends. No agency defends financial services, transport or the power grid, he adds. “We have connected more of our economy to the internet than any other nation.”
When an American president sends U.S. forces to bomb a rogue state’s nuclear weapons factory or terrorist camp, it could respond by destroying the U.S. financial system. Or what if the U.S. moved ships to stop the Chinese from invading Taiwan and China responded by cutting all the power to Chicago, or even just to the CME? Clarke’s book, published in 2012, is still timely and stronger on policy. Koppel, with his reputation as a respected TV news reporter, easily got access to top people in government. It’s stunning how clueless many of them are.
Clarke writes that the U.S. is more vulnerable than other nations because it has connected so much vital infrastructure to the internet — electric power, pipelines, airlines, railroads, distribution of consumer goods and contractor support of the military. And in no other countries “are those private owners and operators of infrastructure so politically powerful that they can routinely prevent or dilute government regulation of their operations.”
This article was written by Tom Groenfeldt from Forbes and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.