Lights Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath by Ted Koppel-
A Critical Analysis.
As editor of the ProtectGrid site, I’ve debated whether to buy the Lights Out book recently released by Ted Koppel. Would it be a worthwhile read? I’m always looking for the latest information that can help me and my readers make realistic assessments of cyber and EMP threats to the electric grid that most of us rely on for our home power needs.
As background to the lead-up of this post, realize I’ve been reading probably more than most of the general public the expert analysis about “electronic warfare” or” information warfare”. Cyberattack or cyberterrorism is only one of the ways that tech-savvy adversaries could attempt to launch an electronic assault against the critical infrastructures of the U.S.
I decided to hold off buying Ted Koppel’s Lights Out after reading a good amount of the reviews of his book on Amazon. It appears to be a valuable addition to our national conversation concerning this vital issue. Any discussion examining the level of vulnerability the modern electric grid has to a nationwide disaster scenario is the main topic we talk about here on Protectgrid.
After reading a whole bunch of the book reviews, it just felt like I probably already possessed what I needed to know concerning this national security threat to the critical civilian infrastructure.
But How Real is the Threat? Really…
Let’s try to put it in context. Cyber threats or cyberattacks are a relatively minor threat when framed within a larger context of electronic warfare. Compared with other catastrophic, all-hazard threat assessments as understood by top level authorities; the tactical capabilities of modern cyberattacks are:
It seems fair to say that the current threat posed by cyberterrorism has been exaggerated”(1.)
I recently reviewed the Congressional testimony made earlier this year (2015) in which Dr. Peter Vincent Pry who has devoted a considerable portion of his professional career to this very subject, (and is considered one of the leading national security figures in the country), very candidly asks in his official document submitted for the public record (2.) whether indeed the whole cyber threat shebang could be over-hyped.
Now don’t get me wrong. Nor should we misinterpret Dr. Pry’s sworn testimony. I’m not saying that what the Lights Out book covers is something that should be underestimated, ignored or dismissed. It just requires to be calibrated in comparison to the #1 existential threat that deserves much wider publicity than all the popular, cyber angst that’s grabbing the headlines.
So what’s the real threat for causing a light’s out catastrophe? You probably know this.
High-altitude nuclear electromagnetic pulse attack is the most severe threat to the electric grid and other critical infrastructures. A nuclear EMP attack would likely be more damaging than a geomagnetic super-storm, the worst case of severe weather, sabotage by kinetic attacks, or cyberattack”. (3.)
The All hazard approach to defending the Grid against Cyberattack
Dr. Pry further states in his document prepared for the sub-committee for National Security under the aegis of the Congressional Committee for Government Reform and Oversight.
Cyber warfare is an existential threat to the United States, not because of computer viruses and hacking alone, but as envisioned in the military doctrines of potential adversaries whose plans for an all-out Cyber Warfare Operation include the full spectrum of military capabilities–including EMP attack”.
His very well stated positon in that report is that if our nation’s technological prowess was directed at protecting and hardening the electric grid against the worst EMP disaster scenario, all other lesser threats to critical electronic equipment and infrastructure would be neutralized or abated as part of that effort.
Having said that, an explanation is required to counter the nearly universal major media televised pronouncements made by political and military leaders that cyberattack is the #1 threat to our nation. (Welcome to the chorus Ted Koppel!) After all, as Dr. Pry concedes, there are literally thousands of cyber-attacks made on U.S. civilian and military systems almost daily, most of them designed to steal information.
Let’s examine some of those reasons that may explain why the people and our leaders fall into out-sized, alarmist views concerning the threat of cyberterrorists. Among expert commentators, there is a distinction made between what is commonly referred to as “hacking” and what rises to the level of “cyberterrorism”.
The most obvious explanation that I have come across is the recognition that combatting cyberterrorism is not only a highly politicized issue but also an economically rewarding one. (4.) As well, the major media outlets have discovered that cyberterrorism headlines makes for dramatic, eye-catching copy. Mr. Koppel is counting on this appeal to give his book bestseller stardom.
Consider this. After 9/11 America launched its war on terrorism during the Bush Administration. The military security apparatus of the U.S. Federal government has since 2001 ballooned into an 80,000 + (and counting) employment opportunity for government hired security specialists, consultants and contract personnel. There is a veritable army of highly paid, professional sleuths who are in the frontlines of the nation’s war on terror. It’s the new normal of never-ending warfare.
And it supports lucrative payrolls and career advancement opportunities.
Again: Cyberterrorism in the form of an EMP attack — and this according to at least 5 separate, professionally prepared studies covering the last 14 years, poses a far graver threat to the critical electric infrastructure than anything achievable by hacker-terrorists plotting a cyberattack.
Make no mistake about it. Terrorists have discovered that the electric grid is a major vulnerability to society.
However, of all the documented incidents that have caused blackouts and grid disruption in the last few years, all have been perpetrated by actual physical attack and sabotage. Small arms and bombs have been used against the electric substations in Mexico, Yemen and here in the U.S. at the Metcalf substation in California. A private investigation at the Metcalf facility performed by instructors of the Navy SEALS has determined that this episode was a coordinated and highly professional military operation. (5.) It is surmised that its operational purpose was to conduct a “dry run” to ascertain and gain tactical intelligence perhaps as practice for a larger and more ambitious attack on the grid to be executed in the future.
None of these incidents were cyberattacks that caused real blackouts and damage to electrical components. These were physical assaults using real bullets and explosives.
Lights Out by Ted Koppel is a Bestseller on Amazon
In a special report prepared by the United States Institute of Peace, senior fellow and professor of communication at the University of Haifa, Israel, Gabriel Weimann offers some cogent reasons why there is such heavy reportage surrounding cyberattacks.
Aside from the noted instances of sabotage and physical assault, to date there has been no recorded instance of a terrorist cyberattack on U.S. public facilities, transportation systems, nuclear power plants, power grids, or other key components of the national infrastructure. Cyberattacks are common, but they have not been conducted by terrorists and they have not sought to inflict the kind of damage that would qualify them as cyberterrorism. (6.) A closer look reveals…
- Cyberterrorism plays on peoples’ fears and has dramatic and cinematic appeal to the popular imagination. Thus it gets top billing on headline news. Frankly it sells
- Mass media reports can often fail to distinguish between ordinary cyber hacking attempts and what could be truly classed as a cyberattack perpetrated by dedicated terrorists.
- Ignorance of the masses may be exploited by groups that stand to gain or otherwise exploit that ignorance. Law enforcement and security consultant firms can be highly motivated to have us believe that the threat to our nation’s security is severe.
- There may be political rewards given to politicians who heighten concern about cyber-related threats by corporations and their lobbyist allies to advance special interest agendas.
- There still persists a lack of universal agreement on what comprises a “cyberterrorist” act.
- Perhaps most importantly, there seems to be a lack of political will to confront the EMP threat head-on, and the cyberattack narrative seems to be the consolation national placeholder, (for now).
What seems most likely to occur in the arena of cyber and electronic warfare is that cyberterrorism may become more attractive and profitable as the real world gives rise to a digital and virtual world of young computer hackers and video gamers who can easily cross over into war-gaming style, subversive activities.
Computer viruses coupled with sophisticated hacking software when combined with more kinetic assaults of sabotage can create havoc/destruction with the electric grid. For instance, a terrorist group might simultaneously explode a bomb at a train station and launch a cyberattack on the communications infrastructure, thus magnifying the impact of the event.
The challenge is to confront the fact that evolving technology may arm the cyberterrorist with enhanced capacity to inflict physical harm. Presently, cyberattacks carried out today without the blunt force multiplier of physical arms/armaments is not likely to cripple the grid on a massive scale.
Lights Out all over? Only an EMP high altitude air burst of a nuclear weapon (and maybe a super solar storm ejected directly at Earth) would have that kind of impact. So say the experts.
(1.), (4.), (6.) United States Institute of Peace, A Special Report: Cyberterrorism-How Real is the Threat? by Gabriel Weimann, Senior Fellow: www.usip.org
(2.), (3.), (5.) Official document prepared by Dr. Peter Vincent Pry for the Record: Proceedings before the Sub-Committee for National Security under the aegis of the Congressional Committee for Government Reform and Oversight. Rayburn HOB Room 2247 May 13, 2015 The EMP Threat: The State of Preparedness Against the Threat of an Electromagnetic Pulse (EMP) Event