A Movie Studio? What If It Had Been the National Grid?
America's soft underbelly is its electrical power network Jan 2 2015A little over a year ago, an unseen enemy bombed transformers and substations, knocked out power lines and injected viruses into computer control systems in an
attempt to take down the entire U.S. power grid. They were disturbingly successful, but the attack didn't even make the front pages.
That's because it was a simulation, a war game called Grid Exercise II, successor to a smaller simulation that took place a year earlier, in which close to 10,000 electrical engineers, cyber-security experts and FBI agents took part across the country in a two day battle to ward off everything the red team attackers could think of to throw at them and keep America's lights on. They came thick and fast. “They were trying to drive their people to saturation,” one participant said. In all, 210 companies participated, including those in Mexico and Canada that are linked into our grid.
The outcome? Tens of millions of notional Americans lost power and were shrouded in darkness; hundreds of transmission lines were destroyed or damaged; seven police, fire and utility workers were figuratively killed when they went to investigate equipment failures and were confronted by simulated attackers still at the sites.
back to realityAmericans are mostly oblivious to the hundreds of daily cyber probes by foreign governments and militaries into our corporations to steal industrial secrets and probe for weaknesses. It is telling that it took hacking into a movie company and exposure of gossipy insider e-mail to spark the public's interest.
But apart from Sony Pictures' spineless cave-in to North Korean threats and a willingness to throw free speech into the trash bin, this was just an embarrassing incident compared to what a successful cyber attack against an essential industry could bring.
The most essential of all industries is the national electrical grid of 3,200 utilities that deliver power over 2.7 million miles of power lines, what Bloomberg/BusinessWeek called "the largest machine in the world". The interconnections between the nation's three separate electric systems are such that saboteurs could bring about a coast-to-coast blackout by knocking out just nine of the country's 55,000 electric-transmission substations four in the East, three in the West and two in Texas. That was the conclusion of the Federal Energy Regulatory Commission (FERC) last March in an analytical report that when announced was completely ignored by the evening and morning news programs on ABC, CBS, and NBC in favor of the usual trivial fare (a new revelation about Princess Diana, an obituary for a movie-trailer voiceover artist, the latest winter storm, e.g.).
The U.S. has experienced a number of regional outages, most recently from Hurricane Sandy, which left 20 million people without electricity, some for longer than a week. In August 2003 power failed from Detroit to New York, affecting 50 million (not taken all that seriously: there was a festive mood in New York City that night as people left their darkened apartments and crowded the streets and outdoor restaurants).
porous defensesBut compared to an outage caused by a temporary equipment failure, Americans have no conception of the consequences of an attack should it succeed in destroying key components of the grid. Transformers at substations boost the voltage of electricity so it can cover distance. They then reduce the voltage to a level that homes and businesses can use. Many are in remote locations, with cameras and chain-link fences their only protection. If key units among the 2,000 transformers in the U.S. were destroyed, there are only a few U.S. factories that build them seven, says the Wall Street Journal.
A cyber attack might take the form of Stuxnet, the successful sabotage of Iranian centrifuges assumed to have been by the U.S. and Israel that made them spin out of control. The worm that found its way into the centrifuges manipulated the industrial control devices of the sort that open and close valves, govern speed and temperature, etc. equipment that is in use throughout industry around the world.
A physical attack might take the form of bombing or the incident still unsolved it seems where in April of 2013 shooters opened fire on a California substation and took out 17 large transformers that supplied power to Silicon Valley. It took 27 days to make repairs.
Replacement is another matter. Transformers are custom made, weigh up to 500,000 pounds, and can cost millions. "I can only build 10 units a month," the general manager of one plant told the Journal reporter.
That means, according to an after-action report from the FERC war game, that if an enemy knew which nine substations to take out, "the entire United States grid would be down for at least 18 months, probably longer".
worst case"A cyber Pearl harbor", said Leon Panetta when still defense secretary, trying to goad the government into preventive action. Actually, it would be far worse.
Darkness would be the least of it. A coordinated strike on the grid would devastate the country. Air traffic control would immediately go blind, with planes aloft having to coordinate with other aircraft on their own in attempting to land. Collisions would be almost inevitable.
Train traffic controls would go blank as well. Energy pipelines would shut down, as would the pumps on which the water supply depends. Cell phone towers would fall silent. We'd lose connection to the Internet and fall into a near total information void with little other than landline phones working.
Bank systems would go dark. Cash would be unavailable at ATMs or at bank counters, where clerks would be unable to see accounts and balances. Credit and debit cards would no longer work. In other words, with few now carrying paper money, people would have no money for months and need to barter for food.
Gas and diesel pumps would not work. Trucking would therefore screech to a halt, as would deliveries of that food. People would be unable to commute to work, or would not be of much use once they got there. The economy would collapse.
And very quickly, fear and panic would lead to violence. Imagine this being the condition for 18 months.
That worst case scenario is far-fetched when considered as a physical attack. How unlikely is it that some domestic organization could divine which are the nine substations and launch a coordinated attack across the United States with no prior detection? It is nevertheless important to awaken the public to just how severe any level of disruption would be so that we force action from our so-called leadership.
The cyber threat is another matter, an attack from outside the country. Of Russia, North Korea and China, the most likely transgressor would be China, which already employs software engineers in the thousands to infiltrate American corporations and steal their technology thefts that are believed to have cost hundreds of billions of dollars in stolen R&D.
That same technological ability to worm into a corporation's innards could be redirected to sabotage. In February 2013, The New York Times broke the story that American intelligence has known for years that "an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate" from a single building in a non-descript neighborhood of Shanghai and that all indications are that the operation is run by the Chinese army.
ultimate zapsIf hostilities between advanced nations are allowed to intensify in this fractious world, a far worse possibility is a nuclear-tipped missile designed to detonate at high altitude. Interacting with Earth's magnetic field, it would generate an electromagnetic pulse (EMP) of high amplitude that would play havoc with electrical equipment on the ground.
Solar flares, too, produce EMPs on Earth from 93 million miles away, and we are in a period of high solar activity. A solar flare took down the electric system in Labrador in the middle 1990's. A flare with an aurora one "could read a newspaper by" took out most of the telegraph system in the United States in 1859. Experts say if such a flare hit the U.S. today it would take down the grid for about 10 years. In an area struck by an EMP, power lines are turned into generators that overload and burn up high voltage transformers.
Not much. It might seem that nothing could be done about a solar or nuclear EMP, but in fact transformers can be hardened to withstand such an event. We saw that the utilities are at least imagining what could happen, but we found little to indicate they are taking it upon themselves to install cyber shields and physical fortifications. In America, money and profit are all, and making and keeping are worth courting disaster.
For a disinterested public, it's a mundane industry taken for granted. Movies and books paint the horror pictures just described, but Americans compartmentalize that as fantasy. So while the populace should be marching on Congress to demand laws, we are silent.
In 2009, President Obama had already called the cyber threat "one of the most serious economic and national security challenges we face as a nation…the very technologies that empower us to create and to build also empower those who would disrupt and destroy". He would later, in the wake of congressional inaction, only ask industry to set standards for securing their computer networks, offering help from the Department of Homeland Security to better protect critical infrastructure.
That inaction took place in 2012, with nothing done since. Senate bill S 3414 sought to give water facilities and electric utilities incentives to meet cyber-security goals. But this was met with adamant resistance from the U.S. Chamber of Commerce a business lobby that influences campaign contributions and that led to a Republican filibuster that blocked the bill from becoming law even though compliance would be only voluntary, even though it would be left to businesses to decide for themselves what defensive measures to take, even though taking such measures would indemnify them by law from suits by customers arising from damages of cyber attacks. The chamber warned its corporate sponsors that what is voluntary now would become mandatory which of course the protection of critical infrastructure should be. Yet Republican senators were persuaded that such requirements impose too great a regulatory burden. So we are witness to the harm of money in politics extending so far as to leave the country existentially vulnerable.
Please subscribe if you haven't, or post a comment below about this article, or
click here to go to our front page.
This is an excellent article pointing out the huge vulnerability of our electrical grid to both natural (e.g., solar flares) and man-made (e.g., cyber attacks) that could bring us (individually and as a nation) to our knees. It takes only a couple of minutes to contemplate all the facets of our lives that depend on electricity. In all probability, only those living in the woods and growing their own food would survive. Very few would be able to emulate Daniel Boone.
It is mind-boggling to see that even minimal defenses to such threats to our survival are held in thrall to corporate profit and the Chamber of Commerce.