Picture this nightmare scenario: A U.S. adversary launches a cyberattack on a major U.S. electrical grid, knocking out power for 30 million to 50 million people.
Imagine, too, that the power would be down not for a few days but weeks or months on end.
The consequences — people caught in elevators, no lights or refrigeration, no running water to dispose of human waste, the loss of other mission-critical systems that cities depend on — could be devastating. If the cyberattack happened during a summer heat wave, and assuming also the spread of disease because of the lack of plumbing, the human toll could run into the thousands.
Sounds far-fetched? It doesn’t to veteran journalist Ted Koppel, the former anchor and managing editor of ABC’s “Nightline”and now a senior contributor to CBS News’ “Sunday Morning” show. Koppel presented the closing general session of NAILBA 35 — the 2016 annual meeting of the National Association of Independent Life Brokerage Agencies, held Nov. 17-19 — and it was an eye-opener.
In a wide-ranging talk, Koppel, seen here in a 2005 photo on the set of “Nightline,” gave his take on the presidential campaign, the increasing partisan bent of the nation’s mainstream press, and how social media is contributing to an ever more polarized electorate. The most sobering part of the keynote, highlights from Koppel’s new book, “Lights Out,” detailed how unprepared the United States is for a major cyberattack.
The lack of readiness stems, in part, from vulnerabilities in the nation’s electrical grid. Some 3,200 power companies feed juice into one of three major grids (one each covering the eastern and western regions of the United States; a third one covering). And the companies are in large measure unregulated, limiting the federal government’s ability to impose conditions on the industry. Among them: measures protecting Internet-based power management systems against cybersecurity threats or requirements as to back-up power systems.
Add to the lack of oversight this fact: The smooth running of power generators and transmissions lines depend on a delicate balance; the amount of power generated must exactly match the amount consumed. Koppel compared the system to valves feeding air into and out of a balloon. If too much air goes in, the balloon explodes. If there’s too little air, the balloon collapses.
“And so it is with an electric power grid,” said Koppel. “If there’s not a perfect balance between power in and power out among the 3,200 power companies, the system can go down.”
The Russians and Chinese are already inside our power grids and can take down one of them, essentially with a stroke of a key,” said Koppel. (Photo: iStock)
Where the treat comes from
Management of the power companies’ Supervisory Control and Data Acquisition systems are increasingly vulnerable to hacking attacks. Government cybersecurity experts whom Koppel interviewed for his book, including top people at the National Security Agency, the Pentagon, and the U.S. Department of Homeland Security, said the Russians and Chinese pose the most dangerous cybersecurity threats.
“They’re already inside our power grids and have the capability to take down one of them, essentially with a stroke of a key,” said Koppel. “That’s no exaggeration.”
Nor is it hyperbole to state that other potential state adversaries — Iran, North Korea, or Syria — could also disrupt the nation’s power systems.
The worst of the threats are terrorism organizations such as ISIS and Al Qaeda. Whereas China and Russia have greater cyber capabilities but also more inhibitions about launching an attack (given the economic and political ramifications), terrorists are more motivated to act, but don’t now have cyber capabilities to match.
That may not be for long. Koppel noted that ISIS has about $2 billion cash on hand, enough to buy them “a lot of expertise” and, in the view of cybersecurity officials, spearhead a major attack on the grid within the next three to five years.
Were that to happen — and assuming, as in Koppel’s scenario, that a region-wide power outage lasted for months — then the United States would be caught woefully unprepared. That goes, too, for the nation’s insurers.
In Koppel’s telling, Berkshire Hathaway Reinsurance Co. could allocate as much as $5 billion to cover losses, a “drop in the bucket” given the scale of the imagined attack. But the carrier is disinclined to insure beyond this amount because the chance of a cyberattack is “high enough” and because the “consequences are almost unimaginable.”
Journalist Ted Koppel compared defense appropriations since 2001 to a business that, begun in the year of Jesus Christ’s birth, lost $1 million per day to the present time. The total, $1 trillion, would be just one-third of the amount spent on the wars in Afghanistan and Iraq. (Photo: iStock)
U.S. not ready for an attack
Why hasn’t the U.S. done more to prepare for the threat? During the keynote’s guestion-and-answer session, Koppel said the nation’s security apparatus lumps the danger with other threats, such as natural disasters, as well as non-cyber threats posed by foreign governments. The United States, he noted also has a less-than-stellar record in taking preemptive action to guard against the hypothetical.
There is, too, the question of cost.
The Department of Homeland Security for New York has only 21 million “meals ready to eat,” enough to feed New York City’s residents for just three days. The government doesn’t want to pay billions more because, Koppel noted, the emergency meals have only a shelf-life of five years; they thus would regularly have to be dumped and replaced.
An alternative, freeze-dried food, can last for up to 25 years. But building a stockpile to feed 30 million people for two months would cost an estimated $100 billion (evidently too much for a Congress that doesn’t even want fund development of a vaccine to ward off the Zika virus). And it would take two to three years to get the job done. More money might have been available in prior years to guard against cyber threats, Koppel suggested, if not for the wars in Afghanistan and Iraq. The two conflicts, now into their second decade, have cost the United States a whopping $3 trillion.
To convey how much money this is, Koppel compared defense appropriations since 2001 to a business that, begun in the year of Jesus Christ’s birth, lost $1 million per day, hemorrhaging this amount every day to the present time. Today, the losses would total $1 trillion; another 1,000 years (3,000-plus years altogether) would need to pass before the business’ losses equaled the dollars spent on the two Middle East wars.
Echoing the words of President-elect Donald Trump, Koppel asked sardonically, “And who said America isn’t a great country?” To that question, no one attending the closing keynote, including your humble reporter, proffered an answer.
We’re on Facebook, are you?