Months or years of uninterrupted blackouts. A rising death toll from disease and societal chaos. And all because of a preventable vulnerability.
The new book "Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath" looks at the risk of cyberattack facing the power grid in the United States and the inadequate measures being taken to protect it, despite clear warnings from an array of experts.
"Lights Out" is the new book from veteran journalist Ted Koppel, most widely known as the anchor and managing editor of "Nightline" on ABC from 1980 until 2005.
"It's not me giving this as a figment of my imagination," Koppel said on "Chicago Tonight." "Back in 2010, 10 former senior top officials–two former directors of the CIA, two former secretaries of defense, two former national security advisers–wrote a letter to a congressional committee. It was a secret letter, which spelled out their findings after dealing with the best experts they could find within the government. They came to the conclusion that tens of millions of people, in the wake of a cyberattack on one of the grids, could be without power for a period up to two years."
"The likelihood is great," Koppel added. "The current director of the NSA, Admiral Mike Rogers, said only a couple of weeks ago it is inevitable that one of our enemies will launch an attack like this, a cyberattack, on our infrastructure. The current commander of CENTCOM, General Lloyd Austin, told me it's not a question of if, it's only a question of when."
Play the video to hear our full conversation with Koppel, who also discusses the 2016 presidential candidates and recent GOP debate on CNBC. Below, an excerpt from "Lights Out."
There are plans. Of course there are plans—dozens of them, possibly hundreds.
As we’ve seen, for all the warnings from within the government and from high-ranking members of the military and intelligence establishments, and despite the known vulnerabilities of the transformers critical to the viability of the grid, there remains a determination within the power industry and among some government officials to stress the grid’s resilience. They invariably cite as evidence the manner in which electric power has been restored in the wake of one natural disaster after another. Absent a crippling example to the contrary, the presumed consequences of a cyberattack on a power grid are bundled into the same general category as blizzards, floods, hurricanes, and earthquakes.
On one level, this is understandable and even prudent. Experience is a more compelling instructor than speculation. Indeed, negative experience, such as that accumulated by the Federal Emergency Management Agency during the aftermath of Hurricane Katrina in New Orleans, can be especially instructive. FEMA is a far better-led organization today than it was in 2005. That’s the good news. FEMA is, after all, the agency within the Department of Homeland Security that will bear the heaviest and most immediate burden of recovery, no matter what happens or why. A cyberattack may be different from anything FEMA has previously dealt with, but it is not unreasonable for the agency to focus on the experience it has gained from natural disasters.
This approach falters, however, when relevant federal agencies fail to provide for (or in some cases even contemplate) the difference in magnitude between the effects on the grid of any recorded natural disaster and the potential effects of a massive cyberattack. For one thing, the affected area could be much greater. Even the partial blackout of a grid could leave half a dozen or more states without electricity. Also, unless one credits the Old Testament–style intervention of an angry deity, storms do not deliberately target a system’s critical weaknesses. Cyberattacks do, and if we assume that the attackers are predisposed to inflict maximum damage, they will try to conceal what they are doing. Stuxnet succeeded in spinning those Iranian centrifuges into a self-destructive mode over an extended period of time, precisely because Iranian engineers were misled into believing that everything was functioning normally, even as the damage was being inflicted.
The associate administrator for response and recovery at FEMA came to the agency from the Coast Guard, from which he retired with the rank of rear admiral. When we talked in September 2014, Joe Nimmich was reluctant to accept my premise of a wide-ranging, weeks-long electric power outage affecting millions of people. Still, if it did happen, he insisted, the federal government would be ready to deal with it. He was confident that electric power sufficient to avoid a catastrophe could be restored quickly. “I’ve planned for a million people being homeless, I’ve planned for tens of thousands of people being deceased. I think very easily we can convert those plans.” Nimmich was describing a scenario in which Southern California is hit by a catastrophic earthquake. “When we look at the plan . . . we’re talking about activating seventy thousand troops.” He referenced Title X, the legal basis for the roles and missions of the armed forces, saying that he had planned for “the National Guard to keep law and order, and the Title X forces to be able to go in and actually help people move.” Relocation was central to Nimmich’s plan. “The plan is, you start moving people east. You take them out of Los Angeles, put them in hotel rooms in Nevada.”
A cursory online check revealed 124,270 hotel rooms throughout Nevada. Assuming that they could all be emptied out before the evacuees were brought in, this would suggest about eight people per room. Granted, that is a quibble. In the face of such a catastrophe, people would open their homes, convention centers and basketball arenas would be adapted, and hundreds of thou- sands of refugees would be transported to other states. Somehow, shelter would be found.
Excerpted from LIGHTS OUT: A Cyberattack, A Nation Unprepared, Surviving the Aftermath Copyright © 2015 by Ted Koppel. Excerpted by permission of Crown Publishers, an imprint of the Crown Publishing Group, a division of Penguin Random House, LLC. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.