Note: This article first appeared at InCyberDefense.
By Kenneth L. Williams, Ph.D., CISSP, ITiLv3
Executive Director, Center for Cyber Defense, American Public University System
The threat of an Electromagnetic Pulse (EMP) event – and its potential impact on millions of people – is highly probable and currently unmanageable. This reality is amplified, given the level of dependency of the world population on the uninterrupted flow of electrical power.
An EMP event introduces a grid-down situation with an interrupted power supply for an extended period. This threat, initially theorized by Nobel Laureate and Manhattan Project physicist Enrico Fermi, was uncovered during the discovery of excessive atmospheric electrons following the bombing of Hiroshima and Nagasaki at the end of World War II.
The excessive neuron levels lasted several months and destroyed low-altitude satellites along with other types of communications. Scientists from the United States and Russia further confirmed this excessive neurons effect during controlled nuclear weapons tests in 1962.
The U.S. tests involved a 1.45-megaton Starfish nuclear explosion, whose effects were noted 600 miles away on the island of Hawaii. The impact took the form of damaged electrical circuits, power lines and streetlights.
Lightning Electromagnetic Pulse (LEMP)
- Confined to the area of strike
- Not normally a threat to electronics
Electrostatic Discharge (ESD)
- Result of two charged objects coming into proximity of contact
- Also known as static electricity
Coronal Mass Ejection (CME)
- Sometimes called a Coronal Magnetic Pulse (CMP)
- Also known as a solar flare
Nuclear Electromagnetic Pulse (NEMP)
- Can be a High-Altitude Electromagnetic Pulse (HEMP), reaching 50kV/m at ground level
- One megaton nuclear explosion detonated 300 miles above the center of the United States would damage much of the power grid in the lower 48 states
EMP Events Can Be Manmade or Occur Naturally
Since that 1962 test, much has been done to protect common devices from EMP events. However, those efforts are now challenged due to the ever-expanding presence of electronics in our cell phones, automobiles and computers.
The overarching threat concerns the delivery of a high-altitude nuclear missile by a rogue nation like North Korea or Iran, resulting in the release of electromagnetic pulses over a wide area. Even a relatively low-altitude EMP attack — where the nuclear warhead is detonated at an altitude of 30 kilometers (1.9 miles) — would generate a damaging EMP field over a vast area.
This type of attack could potentially affect a region equivalent to the size of New England, all of New York and half of Pennsylvania. Similarly, a nuclear weapon detonated at an altitude of 400 kilometers (248.5 miles) over the center of the United States would place an EMP field over the contiguous United States and parts of Canada and Mexico.
An EMP event can also be a natural occurrence and is commonly seen in the wake of a typical lightning strike which threatens nearby electrical circuits. The typical EMP emits over 10,000 volts per meter and can overpower surge protectors, suppressors, AC outlets and modem jacks. An EMP may also affect critical control systems such as water supplies, telephone networks and data networks.
An EMP burst occurs in three waves and lasts from seconds to a few minutes. The first wave, known as E1, is almost instantaneous with impact on devices such as electronic sensors, communications circuits, connected computer systems and computers.
E2 is the second wave, which is smaller and similar to a lightning strike. Normally, this second wave does not affect the power grid because the grid is designed to resist a typical lightning strike. In reality, it does make an impact because E2 is delivered shortly after the first wave, compounding the problem.
The final wave, E3, is longer than the previous two and can last from seconds to several minutes. E3 is associated with a detonation that envelops the Earth’s magnetic field or a CME. This last wave has the greatest impact on the power grid, damaging distribution centers and fusing power lines.
The Threat of Coronal Mass Ejection
Naturally occurring EMP risks such as a CME or solar flare are considered abnormal, but these events can potentially affect the entire planet. Scientists can monitor these events, but they are not equipped to provide any advance warning.
On July 23, 2012, the sun emitted a massive CME that would have rendered most of the electric devices on our planet useless and resulted in worldwide electric grid loss. Fortunately, the flare was emitted on a part of the sun not facing the earth at the specific time of the event.
The last recorded instance of a CME occurred more than 150 years ago. Known as the Carrington Event, it occurred in 1859, when there were no satellites or GPS devices.
Geomagnetic storms rarely affect the United States, but regularly inflict damage on nations located in far northern latitudes, including Canada, Norway, Sweden, Finland and Russia. In 1989, a geomagnetic storm over Canada destroyed the hydropower utility grid and electric power grid in Quebec. Six million customers in northern Canada were without electricity for over nine hours. This was the largest outage ever recorded from a CME.
In 2014, the EMP Commission first reported the potential occurrence of sun flares every hundred years. Like a NEMP, geomagnetic events produce E3 electromagnetic pulses that can envelop entire continents or the entire planet. As previously noted, E3 is lethal to modern power grids with its impact on high voltage transformers and other electronics that require years to repair or replace.
EMP Impact on Our Society at Large
A major EMP event – whether natural or manmade – would be devastating for the United States and the planet. Without electricity, much of life as we know it would cease in short order.
For example, oil refineries would be offline, resulting in fuel shortages and problems powering backup generators that maintain operations at hospitals, telecommunications earth stations, global positioning satellites (GPS) and cell towers. Sewer and water systems would also go offline, resulting in mass panic and challenging the food supply as well as police, fire and emergency services.
Potential Impact of an EMP Event on US Power Grids and Organizations
U.S. power grids are a patchwork of connected semiconductors, actuators and transformer link generators to transmission lines. Large Power Transformers (LPTs), of which there are approximately 2,000 across the U.S. grid, are used to step-up and step-down electricity to a usable voltage for the customer.
A major concern of U.S. power companies, however, is the difficulty in replacing a failed LPT. LPTs cost millions of dollars and require a long lead time for repair.
An LPT’s life expectancy is about 38 to 40 years. Currently, about 70% of the U.S. LPTs are over 25 years old, custom-built and not easily replaced.
Physical Characteristics of Large Power Transformers
In the face of an EMP event, organizations would face a multitude of challenges. Internet service providers (ISPs) would be unable to ensure the confidentiality, integrity and availability of data.
Similarly, government organizations at all levels would struggle to provide the most basic and essential services. Telecommunications service would be inconsistent and data breaches would increase. Crime would also increase as the level of protection of financial centers and important facilities diminishes.
US Response to the EMP Threat
The Grid Reliability and Infrastructure Defense (GRID) Act was introduced in the House and Senate in 2010. This bill was designed to authorize the Federal Energy Regulatory Commission (FERC) to manage physical, cyber, electromagnetic pulse and other related threats to the U.S. electric grid. The bill passed in the House, but was not acted upon in the Senate.
A second piece of legislation – the Secure High-Voltage Infrastructure for Electricity from Lethal Damage (SHIELD) Act – was introduced in the House in June 2013; it failed to pass. The intent of the bill was to amend the Federal Power Act of 1920 and allow for the protection of the bulk power system and electric infrastructure from the effects of a natural or manmade electromagnetic pulse (EMP).
In the private sector, there have been a number of initiatives to plan for and mitigate the impact of an EMP on the U. S. electric grid. These efforts have included the recent conference known as GridEx, a biennial conference of federal agencies and utility executives.
At this conference, officials responsible for hundreds of local utilities engage in game-like scenarios – including both physical and cyber-attacks – to respond to power grid failures across North America. The April 2018 conference included a rehearsal around an EMP nuclear blast delivered by a North Korean missile or satellite detonated miles above the Earth.
EMP Response: The Role of Government, Industry and Academia
Beyond this legislation and government-industry collaboration, what can be done to mitigate the effects of an EMP event? The answer likely involves an expansion of involvement, action and cooperation on the part of government, industry and academic institutions.
A continued focus by government institutions is a must. Congress, after receiving recommendations in a 2004 EMP Commission report, provided a range of strategies and options to relevant federal agencies on how to prevent an EMP event from becoming a catastrophic disaster.
Some of these EMP recommendations were acted upon, as seen in the 2018 National Cybersecurity Strategy even as other initiatives, including the GRID and SHIELD Acts, failed. With ongoing threats posed by North Korea and Iran – not to speak of the possibility of a CME/solar flare – the federal government should continue to make EMP preparation and mitigation a top priority.
The EMP Commission also has offered many recommendations to the U.S. electric power sector that should be adopted. Similarly, the efforts demonstrated at the biennial GridEx conference should be continued. Along with an analysis of an EMP effect on the U.S. electric power grid, the Commission also has analyzed and offered recommendations to many other commercial sectors, including telecommunications, banking and finance, fuel/energy transportation, food and water.
Finally, academic leaders can benefit from testing and validating the EMP Commission recommendations, along with ideas forwarded by scholars such as Dr. Peter Pry during his October 2017 testimony before Congress. Such important work should serve as the basis for the development of cyber security curricula and the attainment of Centers of Academic Excellence in Cyber Defense and Cyber Operations designations.
These designations not only require the development of rigorous cybersecurity curricula. They also encourage enhancing student awareness of the EMP threat and producing research and testing of EMP mitigation solutions.
The bottom line is that the EMP threat is real, probable and only partly predictable. An ongoing, focused and cooperative effort on the part of our government, industry and academic leaders is essential if we are to survive and recover from such an unthinkable event.
About the Author
Kenneth Williams is the Executive Director for the Center for Cyber Defense at American Public University System. He holds a doctoral degree in cybersecurity and a master’s degree in information security/assurance from Capella University.
In addition, Kenneth is a Certified Information Systems Security Professional (CISSP) and holds Security+ and CompTIA certifications. In the past, he has also held positions such as President/Chief Information Officer for Thelka Professional Associates; Adjunct Professor for Northern Virginia Community College, DeVry University and Sullivan University; IT Specialist/Cybersecurity Compliance Auditor for the U.S. Army Inspector General; Information System Security/VOIP Engineer and Contract Lead for the U.S. Army’s CECOM; and Information System Security Engineer and Technical Manager/Chief Information Officer for Onyma, Inc. He is an Army veteran with over 14 years of service.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.