Lights Out Read online

  More Praise for

  LIGHTS OUT

  “A bold enumeration of the challenges posed by the digital age; an appeal to safeguard new instruments of human flourishing by studying the ways in which they could be exploited.”

  —Henry A. Kissinger

  “Try to imagine what a malevolent government, armed with the latest computer sophistication, could do to another nation’s complex and entirely digital-dependent economy and social infrastructure. Fortunately, Ted Koppel has imagined it for us. We have been warned.”

  —George F. Will

  “In Lights Out, Ted Koppel uses his profound journalistic talents to raise pressing questions about our nation’s aging electrical grid. Through interview after interview with leading experts, Koppel paints a compelling picture of the impact cyberattacks may have on the grid. The book reveals the vulnerability of perhaps the most critical of all the infrastructures of our modern society: the electricity that keeps our modern society humming along.”

  —Marc Goodman, author of Future Crimes

  “When the lights go out after the cyberattack, this is the book everyone will read.”

  —Richard A. Clarke, author of Cyber War and former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism

  Copyright © 2015 by Edward J. Koppel

  All rights reserved.

  Published in the United States by Crown Publishers, an imprint of the Crown Publishing Group, a division of Penguin Random House LLC, New York.

  www.crownpublishing.com

  CROWN and the Crown colophon are registered trademarks of Penguin Random House LLC.

  Library of Congress Cataloging-in-Publication Data is available upon request.

  ISBN 9780553419962

  eBook ISBN 9780553419979

  Cover design by Tal Goretsky

  Cover photograph by NOAA/Science Source

  v4.1_r1

  a

  To our grandchildren:

  Jake and Dylan, Aidan, Alice and Annabelle, Cole and Grace Ann(e). Here’s hoping that Opi got it wrong.

  CONTENTS

  Cover

  Title Page

  Copyright

  Dedication

  PART I: A CYBERATTACK

  1. Warfare 2.0

  2. AK-47s and EMPs

  3. Regulation Gridlock

  4. Attack Surfaces

  5. Guardians of the Grid

  6. What Are the Odds?

  7. Preparing the Battlefield

  8. Independent Actors

  PART II: A NATION UNPREPARED

  9. Step Up, Step Down

  10. Extra Batteries

  11. State of Emergency

  12. Press Six If You’ve Been Affected by a Disaster

  PART III: SURVIVING THE AFTERMATH

  13. The Ark Builders

  14. Some Men Are an Island

  15. Where the Buffalo Roamed

  16. The Mormons

  17. State of Deseret

  18. Constructive Ambiguity

  19. Solutions

  20. Summing Up

  Epilogue: The Virtue of a Plan

  Notes

  Acknowledgments

  About the Author

  1

  Warfare 2.0

  Everyone is not entitled to his own facts.

  — DANIEL PATRICK MOYNIHAN

  Darkness.

  Extended periods of darkness, longer and more profound than anyone now living in one of America’s great cities has ever known.

  As power shuts down there is darkness and the sudden loss of electrical conveniences. As batteries lose power, there is the more gradual failure of cellphones, portable radios, and flashlights.

  Emergency generators provide pockets of light and power, but there is little running water anywhere. In cities with water towers on the roofs of high-rise buildings, gravity keeps the flow going for two, perhaps three days. When this runs out, taps go dry; toilets no longer flush. Emergency supplies of bottled water are too scarce to use for anything but drinking, and there is nowhere to replenish the supply. Disposal of human waste becomes a critical issue within days.

  Supermarket and pharmacy shelves are empty in a matter of hours. It is a shock to discover how quickly a city can exhaust its food supplies. Stores do not readily adapt to panic buying, and many city dwellers, accustomed to ordering out, have only scant supplies at home. There is no immediate resupply, and people become desperate.

  For the first couple of days, emergency personnel are overwhelmingly engaged in rescuing people trapped in elevators. Medicines are running out. Home care patients reliant on ventilators and other medical machines are already dying. One city has hoisted balloons marking the sites of generators, hauled out of storage to serve new emergency centers. Almost everyone needs some kind of assistance, and no one has adequate information.

  The city has flooded the streets with police to preserve calm, to maintain order, but the police themselves lack critical information. People are less concerned with what exactly happened than with how long it will take to restore power. This is a society that regards information, the ability to communicate instantly, as an entitlement. Round-the-clock chatter on radio and television continues, but there’s little new information and a diminishing number of people still have access to functioning radios and television sets. The constant barrage of messages that once flowed between iPhones and among laptops has sputtered to a trickle. The tissue of emails, texts, and phone calls that held our social networks together is tearing.

  There is a growing awareness that this power outage extends far beyond any particular city and its suburbs. It may extend over several states. Tens of millions of people appear affected. Fuel is beginning to run out. Operating gas stations have no way of determining when their supply of gasoline and diesel will be replenished, and gas stations without backup generators are unable to operate their pumps. Those with generators are running out of fuel and shutting down.

  The amount of water, food, and fuel consumed by a city of several million inhabitants is staggering. Emergency supplies are sufficient only for a matter of days, and official estimates of how much help is needed and how soon it can be delivered are vague, uncertain. The majority who believed that power outages are limited in duration, that help always arrives from beyond the edge of darkness, is undergoing a crisis of conviction. The assumption that the city, the state, or even the federal government has the plans and the wherewithal to handle this particular crisis is being replaced by the terrible sense that people are increasingly on their own. When that awareness takes hold it leads to a contagion of panic and chaos.

  There are emergency preparedness plans in place for earthquakes and hurricanes, heat waves and ice storms. There are plans for power outages of a few days, affecting as many as several million people. But if a highly populated area was without electricity for a period of months or even weeks, there is no master plan for the civilian population.

  —

  Preparing for doomsday has its own rich history in this country, and predictions of the apocalypse are hardly new to people of my generation. We lived for decades with the assumption that nuclear war with the Soviet Union was a real possibility. We learned some useful lessons. (We’ll ramble through the age of bomb shelters and civil defense in a later chapter.) Ultimately, Moscow and Washington came to the conclusion that mutual assured destruction, holding each other hostage to the fear of nuclear reprisal, was a healthier approach to coexistence than mass evacuation or hunkering down in our respective warrens of bomb shelters in the hopes of surviving a nuclear winter.

  We are living in different times. Whether the threat of nuclear war has actually receded or whether we’ve simply become inured to a condition we cannot change, most of us have fina
lly learned “to stop worrying and love the bomb.” In reality, though, the ranks of our enemies, those who would and can inflict serious damage on America, have grown and diversified. So many of our transactions are now conducted in cyberspace that we have developed dependencies we could not even have imagined a generation ago. To be dependent is to be vulnerable. We have grown cheerfully dependent on the benefits of our online transactions, even as we observe the growth of cyber crime. We remain largely oblivious to the potential catastrophe of a well-targeted cyberattack.

  On one level, cyber crime is now so commonplace that we have already absorbed it into the catalogue of daily outrages that we observe, briefly register, and ultimately ignore. Over the course of less than a generation, cyber criminals have become adept at using the Internet for robbery on an almost unimaginable scale. Still, despite the media attention generated by the more dazzling smash-and-grab operations, the cyber criminals whose only intention is to siphon off wealth or hijack several million credit card identities should have a lower priority among our concerns. Their goal is merely grand larceny.

  More worrisome is the increasing number of cyberattacks designed to vacuum up enormous quantities of data in what appear to be wholesale intelligence gathering operations. The most ambitious of these was announced on June 4, 2015, and targeted the Office of Personnel Management, which handles government security clearances and federal employee records. The New York Times quoted J. David Cox Sr., the president of the American Federation of Government Employees, as saying the breach might have affected “all 2.1 million current federal employees and an additional two million federal retirees and former employees.” FBI director James Comey told a Senate hearing that the actual number of hacked files was likely more than ten times that number—22.1 million. Government sources were quoted as claiming that the intrusion originated in China. The Times report raises a number of relevant issues: The probe was initiated at the end of 2014. It wasn’t discovered until April of 2015. It is believed to have originated in China, but the Chinese government denied the charge, challenging U.S. authorities to provide evidence. Producing evidence would reveal highly classified sources and methods. “The most sophisticated attacks,” the Times noted, “often look as if they were initiated inside the United States, and tracking their true paths can lead down many blind paths.” All of these issues will receive further attention in later chapters. But as disturbing as these massive data collection operations may be, even they do not come close to representing the greatest cyber threat. Our attention needs to be focused on those who intend widespread destruction.

  The Internet provides instant, often anonymous access to the operations that enable our critical infrastructure systems to function safely and efficiently. In early March 2015 the Government Accountability Office issued a report warning that the air traffic control system is vulnerable to cyberattack. This, the report concluded with commendable understatement, “could disrupt air traffic control operations.” Our rail system, our communications networks, and our healthcare system are similarly vulnerable. If, however, an adversary of this country has as its goal inflicting maximum damage and pain on the largest number of Americans, there may not be a more productive target than one of our electric power grids.

  Electricity is what keeps our society tethered to modern times. There are three power grids that generate and distribute electricity throughout the United States, and taking down all or any part of a grid would scatter millions of Americans in a desperate search for light, while those unable to travel would tumble back into something approximating the mid-nineteenth century. The very structure that keeps electricity flowing throughout the United States depends absolutely on computerized systems designed to maintain perfect balance between supply and demand. Maintaining that balance is not an accounting measure, it is an operational imperative. The point needs to be restated: for the grid to remain fully operational, the supply and demand of electricity have to be kept in perfect balance. It is the Internet that provides the instant access to the computerized systems that maintain that equilibrium. If a sophisticated hacker gained access to one of those systems and succeeded in throwing that precarious balance out of kilter, the consequences would be devastating. We can take limited comfort in the knowledge that such an attack would require painstaking preparation and a highly sophisticated understanding of how the system works and where its vulnerabilities lie. Less reassuring is the knowledge that several nations already have that expertise, and—even more unsettling—that criminal and terrorist organizations are in the process of acquiring it. Our media report daily on increasingly bold and costly acts of online piracy that are already costing the U.S. economy countless billions of dollars a year. Cyberattacks as instruments of national policy, though, tend to be less visible because neither the target nor the attacker is inclined to publicize the event.

  History often provides a lens through which irony comes into focus. The United States, for example, was the first and only nation to have used an atomic weapon, and it has spent the intervening decades trying to limit nuclear proliferation. And the United States, in collaboration with Israel, mounted a hugely successful cyberattack on Iran’s nuclear program in 2008 and now finds itself dealing with the consequences of having been the first to use a digital weapon as an instrument of policy. Iran wasted little time in launching what appeared to be a retaliatory cyberattack, choosing to target Aramco in Saudi Arabia, destroying thirty thousand of its computers. Why the Saudi oil giant instead of an American or Israeli target? We can only speculate. Iran may have wanted to issue a warning, demonstrating some of its own cyber capabilities without directly engaging the more dangerous Americans or Israelis. In any event, Iran made its point, and a new style of warfare has, within a matter of only a few years, become commonplace. Russia, China, and Iran, among others, continue on an almost daily basis to demonstrate a range of cyber capabilities in espionage, denial-of-service attacks, and the planting of digital time bombs, capable of inflicting widespread damage on a U.S. power grid or other piece of critical infrastructure.

  For several reasons, the clear logic of a swift attack and response that enables a policy of deterrence between nuclear rivals does not yet exist in the world of cyber warfare. For one, cyberattacks can be launched or activated from anywhere in the world. The point at which a command originates is often deliberately disguised so that its electronic instruction appears to be coming from a point several iterations removed from its actual location. It is difficult to retaliate against an aggressor with no return address. Nation-states may be inhibited by the prospect of ultimately being unmasked, but it is not easily or instantly accomplished. For another, the list of capable cyberattackers is far more numerous than the current list of the world’s nuclear powers. We literally have no count of how many groups or even individuals are capable of launching truly damaging attacks on our electric power grids—some, perhaps even most of them, uninhibited by the threat of retaliation.

  There is scant consolation to be found in the fact that a major attack on the grid hasn’t happened yet. Modified attacks on government, banking, commercial, and infrastructure targets are already occurring daily, and while sufficient motive to take out an electric power grid may be lacking for the moment, capability is not. As the ranks of capable actors grow, the bar for cyber aggression is lowered. The unintended consequences of Internet dependency are already piling up. Prudence suggests that we at least consider the possibility of a cyberattack against the grid, the consequences of which would be so devastating that no administration could consider it anything less than an act of war.

  This book is about dealing with the consequences of losing power in more than one sense of the word. Without ready access to electricity, we are thrust back into another age—an age in which many of us would lack both the experience and the resources to survive. Precisely how that happens is, ultimately, less important than how prepared we are for the consequences. It would be reassuring to report that the grid is adequate
ly defended against cyberattack. It is not. The grid is a network connecting thousands of companies, many of which still put profit ahead of security. Critical equipment that is decades old and difficult to replace sits in exposed locations, vulnerable to physical attack. Computerized systems that control the flow of electricity around the country were designed before anyone even contemplated cyberspace as an environment suited to malicious attacks. It would be comforting to report that those agencies charged with responding to disaster are adequately prepared to deal with the consequences of a cyberattack on the grid. They are not. The Department of Homeland Security has no plans beyond those designed to deal with the aftermath of natural disasters. The deputy administrator of the Federal Emergency Management Agency (FEMA) believes that a major urban center would have to be evacuated. His boss, the administrator, does not. The administrator believes that a successful cyberattack on a power grid is possible, even likely. His deputy does not. The current secretary of homeland security is sure that a plan to deal with the aftermath of a cyberattack on the grid exists, but he doesn’t know any details of the plan. As of this writing, there is no specific plan.

  We are unprepared, but why isn’t the issue higher on our list of national priorities? It is difficult for anyone holding public office to focus attention on a problem without being able to offer any solutions. Then, too, the American public needs to be convinced that the threat is real. And let the record show: it is not easy to convince the American public of anything.

  For example, in February 2014 the British market research company YouGov posed the following question about President Obama to a sampling of one thousand American adults: “Would you say you know for sure he was born outside the U.S., or do you think it is possible he was born in the United States?” Thirty-nine percent of those sampled stated with confidence that they “know for sure he was born outside the U.S.” And in 2013 the Pew Research Center released the results of a global survey conducted in thirty-nine countries and involving 37,653 respondents. One of the key questions sought to establish whether people consider global warming a threat to their country. Only 40 percent of Americans did, placing the United States among the least concerned countries, along with China, Pakistan, Egypt, the Czech Republic, Israel, and Jordan. One year later, another Pew Research Center survey examined the impact of political ideology on the issue of global warming. The survey found that 91 percent of people identifying themselves as “solid liberals” believed that “the earth is getting warmer,” while only 21 percent of those identifying themselves as “steadfast conservatives” agreed.