Ted Koppel, ABC Nightline’s founding father, and one of the last old-school most-trusted TV journalists, is outraged. And Afraid. Very, very afraid.
After dusting off a 2010 letter to the House Committee on Energy and Commerce, sent in support of the dormant Grid Reliability and Infrastructure Defense Act, Koppel talked with a bunch of its supporters, few of its detractors, and damn few if any actual cybersecurity practitioners, wrote the book “Lights Out: A Cyber attack, A Nation Unprepared, Surviving The Aftermath” and went full “Prepper.”
He paints a dramatic and compelling picture of grids having to maintain a precarious balance of supply and demand – so precarious that if only one of the computerized systems maintaining that balance were hacked, there would be heck to pay. Entire regions blacked out for weeks, months, maybe even years. Vital equipment could be so torched by North Korean-launched EMP’s that there wouldn’t be enough equipment in reserve to fire up the grid in time to ward off long lasting economic and social disaster. No power, no water, no gas, no transit system! One-percenters hiring former Navy Seals to spirit their families away to safe locations. A gridlocked and ineffective Congress!! Cats and dogs living together!!! Visions of one of Kevin Kostner’s post-apocalyptic cinema bombs!!!!
Ted Koppel’s Views on Cyber Attack Doom (Paraphrased)
- The grid was designed and built in an era before cyber attacks and is thus inherently vulnerable. But even if a brand spanking new grid were built today, it is unlikely that it would be immune to cyber attack, because recent experience suggests that anything and everything controlled by the internet is inherently vulnerable.
- A former FERC chairman sees the 2013 physical attack on PGE’s Metcalf substation as a potential rehearsal for a more coordinated future attack. Backing up that assertion, he cites A FERC analysis that if nine of the country’s most critical substations were knocked out at the same time, it would cause a blackout encompassing most of the US.
- If a rogue state could launch and detonate nuclear-tipped missiles over the USA, the resulting EMP’s could transport us back to the technological equivalent of the 19th century. Or if a really well-informed and well-equipped, well-resourced and well-organized sleeper cell carried out simultaneous physical assaults on just the right grid facilities, spread over wide geographic regions, we could be paddling up a similar crap creek for an extended period of time. Mutually Assured Destruction would be no deterrent as rogue states, non-states and disaffected loners could get along very well, thank you, without a dominant 21st Century Western Civilization.
- Citing confusing, even diametrically opposing responses from various officials at Homeland Security and FEMA, he concludes that “as of this writing there is no specific plan” to protect us from such widespread catastrophes.
- Utility deregulation has produced a limited competition model that has flattened out the previous vertical integration model, leading to greater complexity and more players in the utility game. Therefore, there are more entry points for hackers and saboteurs than before deregulation, weakening the grid by linking together smaller, more diverse companies that may not have the wherewithal to invest in “world class” security systems.
- Cyber attack and/or security budgets are similarly depressed by utilities’ money-grubbing ways, and the industry has spawned deliberately weak cyber standards, with insufficient accountability against even the most toothless regulation.
- Surge arrestors and Faraday cages could protect vital grid components against EMP attack for a paltry $2 billion, but concern about diminished profits vs. such hi impact / low probability threats is leaving the grid naked to such assaults.
- Terrorism is a real threat. Terrorists are going for “Soft” targets, and according to Koppel and his selected sources, few targets would be softer than a utility grid.
- And that’s not the half of it. The book details threats posed by Stuxnetian worms and the inherent vulnerability of SCADA systems. There are disdainful interviews with top Homeland Security and FEMA officials and the captain of Koppel’s local fire station that make them all sound like boobs. There’s an argument for strict gun control in cities because ill-prepared urbanites with poor survival skills will be the first to resort to deadly force to take what they need to survive. There’s a slam on the Red Cross for being a better fund raiser than a disaster relief agency. (Hope Ted never needs blood.) And there’s an extended commercial for the National Geographic Channel’s “Doomsday Prepper” show, as well as the suggestion that practitioners of the Mormon faith could outlast us all.
(Editor’s note: If you lack the time, the patience or the Kindle app to read the book, just go to www.securethegrid.com and watch the videos, which appear to be his source material for at least the first third of his book).
Alternative View, Anyone?
We detail all this here because there has been precious little critical commentary posted in the book reviews that keep popping up in newspapers and online. Ted Koppel has been on a national tour flogging his book since October and his publisher’s press releases – disguised as actual book reviews – have been reprinted almost verbatim ever since. The only ones effectively taking him to task have been postings by actual cyber security experts and the New York Times – the latter taking his research and rhetorical style to task, more so than the merits of his case.
There have been sober, studied, comprehensive reactions to the book from EEI, IEEE and others that put the actual state of cyber security and grid resiliency into perspective, and there is a recognition that much more needs to be done in both preventive and contingent planning and action. Few outside the industry will read these measured responses. And those who do are unlikely to have their fears assuaged, especially after reading the book.
In the meantime, Koppel’s NY Times best-seller will be read by a lot of folks who are likely to develop views toward their own utilities’ ability to prevent and respond to the kinds of cyber attacks he describes. And that has serious implications for local cyber security, emergency preparedness, restoration plans, and public information policies.
For inside information on this topic, click the following hyperlinks: