Lights Out Read online

  Fifty years ago, in the era of Walter Cronkite, Chet Huntley, David Brinkley, Howard K. Smith, and Eric Sevareid, Americans communed by the tens of millions before their television sets in a willing, if temporary, suspension of partisanship. In hindsight, the notion that Cronkite, a television anchorman, polled regularly as “the most trusted man in America” seems quaint. Brinkley twinkled a little, but for the most part, all of those somber, gray men took themselves and their nightly presentation of important events seriously, and their viewing public, without easy alternatives at hand, tended to reflect that broad-based, middle-of-the-road sobriety. There was, even back then, an undercurrent of irritation at the “liberal tendencies” of the television news networks, but this was in an era before CNN, Fox News, and MSNBC—indeed, before the existence of cable television. The broadcast networks were the only game in town. If there was anything approaching a common denominator, providing the American public with a foundation of shared civic values, it was those three newscasts on CBS, NBC, and ABC.

  Today, reports of the day’s events are conveyed to the viewing public by way of alternate universes. The Fox News cable channel conveys its version of reality, while at the other end of the ideological spectrum MSNBC presents its version. They and their many counterparts on radio are more the result of an economic dynamic than a political one. Dispatching journalists into the field to gather information costs money; hiring a glib bloviator is relatively cheap, and inviting opinionated guests to vent on the air is entirely cost-free. It wouldn’t work if it weren’t popular, and audiences, it turns out, are endlessly absorbed by hearing amplified echoes of their own biases. It’s divisive and damaging to the healthy functioning of our political system, but it’s also indisputably inexpensive and, therefore, good business. And cable television and talk radio remain models of objectivity and restraint compared to what is routinely exchanged as “information” and “news” on the less restrained regions of the Internet. Even as digital tools elevate worthy voices once shut out of mainstream civic discourse, the Internet is also giving rise to “filter bubbles” that decrease users’ exposure to conflicting viewpoints and reinforce their own ideological frames. As these various opinion echo chambers grow in influence, the broadcast news networks continue to lose audience and traditional newspapers struggle to survive.

  Daniel Patrick Moynihan, the late senator from New York, once famously suggested that while everyone is entitled to his own opinion, he’s not entitled to his own facts. The implication was that opinions could be, indeed should be, modified by facts. Nowadays, though, when facts themselves frequently become the object of partisan disagreement, opinions simply calcify into certainties. Attempting to alert the American public to an impending crisis becomes more difficult when the subject itself is complicated and defies easy or brief explanation. If only we could defer to the experts—but in today’s political environment we have become conditioned to the notion that there is an expert to support almost any point of view. It has never been more difficult to convince the American public of anything that it is not already inclined to believe.

  —

  Ours has become a largely reactive culture. We are disinclined to anticipate disaster, let alone prepare for it. We wait for bad things to happen and then we assign blame. Despite mounting evidence of cyber crime and cyber sabotage, there appears to be widespread confidence that each can be contained before it inflicts unacceptable damage. The notion that some entity has either the ability or the motive to launch a sophisticated cyberattack against our nation’s infrastructure, and in particular against our electric power grids, exists, if at all, on the outer fringes of public consciousness. It is true that unless and until it happens, there is no proof that it can; for now, what we are left with, for better or worse, is the testimony of experts. There will be more than a few who take issue with the conclusions of this reporter that the grid is at risk. This book reflects the assessment of those in the military and intelligence communities and the academic, industrial, and civic authorities who brought me to the conclusion that it is.

  On April 13, 2010, a bipartisan group of ten former national security, intelligence, and energy officials, including former secretaries of defense James Schlesinger and William Perry, former directors of central intelligence John Deutsch and James Woolsey, and former White House national security advisors Stephen Hadley and Robert McFarlane, sent a confidential letter, not previously released, to the chairman and ranking member of the House Committee on Energy and Commerce. Written in support of the pending Grid Reliability and Infrastructure Defense Act, the letter came to some blunt conclusions: “Virtually all of our civilian critical infrastructure—including telecommunications, water, sanitation, transportation, and healthcare—depends on the electric grid. The grid is extremely vulnerable to disruption by a cyber- or other attack. Our adversaries already have the capability to carry out such an attack. The consequences of a large-scale attack on the U.S. grid would be catastrophic for our national security and economy.”

  It went on to say: “Under current conditions, timely reconstitution of the grid following a carefully targeted attack if particular equipment is destroyed would be impossible; and according to government experts, would result in widespread outages for at least months to two years or more, depending on the nature of the attack.”

  The House passed the proposed legislation. It has been stuck in the Senate ever since.

  2

  AK-47s and EMPs

  This wasn’t an incident where Billy-Bob and Joe decided, after a few brewskis, to come in and shoot up a substation.

  — A FORMER VICE PRESIDENT FOR PG&E

  While cyberattack is the most serious threat to our electric power system and is the primary focus of this book, it is not the only threat. Later in this chapter we’ll examine the impact of an electromagnetic pulse, or EMP, attack. If it sits at the far end, or least likely end, of the spectrum, the simplest and, therefore, most likely form of attack has already taken place. Who was responsible and why remain, at this writing, as much of a mystery as when the attack took place. We cannot even conclude with any confidence that the attackers intended to inflict maximum damage. Whatever the goals of the attack, it provides an introduction to the shortcomings of grid security.

  The scene was shortly before 1:00 a.m. on April 16, 2013, at the Pacific Gas and Electric Company’s Metcalf Transmission Substation, a few miles south of San Jose, California. To understand what happened, we rely on the exhaustive investigation by Wall Street Journal reporter Rebecca Smith. It is important to note at the outset that since her story was published in February 2014, no authority has questioned the accuracy of her work. We know that there were several saboteurs, but not how many. At least two members of the unit lifted a metal vault cover (too heavy for a single individual) leading to an underground vault containing AT&T’s fiber-optic telecommunications cables. With the cutting of those cables, the attack began.

  Slightly more than half an hour after cutting communications, the saboteurs attacked the actual substation, knocking out seventeen giant transformers over the course of nineteen minutes. Based on shell casings found at the scene, investigators believe that the gunmen used AK-47 assault rifles. In a remarkable feat of timing or coincidence, the saboteurs left the scene at 1:50 a.m., just one minute before the police arrived to find the substation locked. Video from surveillance cameras was of little help because the cameras were aimed toward the substation, while the shooters were positioned outside the perimeter.

  The Metcalf substation provides power to Silicon Valley. Electric grid officials were able to avoid a blackout by rerouting power and calling on other plants in the region to provide additional power. The attack caused significant damage—it took utility workers twenty-seven days to bring the substation back online—but hardly the catastrophic result such a coordinated attack might have produced. These attackers seemed to know what they were doing. As a former vice president of transmission for PG&E told a utility secu
rity conference seven months after the attack, “This wasn’t an incident where Billy-Bob and Joe decided, after a few brewskis, to come in and shoot up a substation. This was an event that was well thought out, well planned and they targeted certain components.” Still, if the attackers’ goal was a widespread regional power outage, it failed. This interpretation aligns with industry claims that the power grid is far more resilient than critics suggest.

  Jon Wellinghoff, who was chairman of the Federal Energy Regulatory Commission (FERC) at the time of the attack, remains unconvinced. He thinks the attackers may have been engaging in a rehearsal rather than a comprehensive sabotage operation. While he was still chairman of FERC, Wellinghoff assembled a team of experts from the U.S. Navy’s Dahlgren Surface Warfare Center, which trains Navy SEALs, and took them out to the Metcalf substation. What they found, among other things, was that the shell casings left behind were free of fingerprints. They discovered small piles of rocks at key locations outside the substation and concluded that these might have been placed by advance scouts, establishing the most advantageous shooting locations. The experts concluded, as Wellinghoff told the Wall Street Journal, that “it was a targeting package just like they [SEALs] would put together for an attack.” Wellinghoff’s concern is that the attack on the Metcalf substation may have been a dry run for a far more devastating act of sabotage. Wellinghoff cited an analysis by FERC concluding that if nine of the country’s most critical substations were knocked out at the same time, it could cause a blackout encompassing most of the United States.

  In a conversation almost two years after the event, a senior executive for one of the nation’s largest electric power companies dismissed Wellinghoff’s comment as “idiotic.” Was it “idiotic,” I asked, because he shouldn’t have made the statement, or because it wasn’t true?

  “Both,” the executive replied.

  We may never know whether the Metcalf attack was intended as a full-scale effort to disable part of the western grid or whether it was designed to pave the way for some future attack. In this instance, at least, damage to the grid was contained in relatively short order.

  Understandably, the agencies most attuned to defending against attacks of all kind reside within the military. The North American Aerospace Defense Command (NORAD) is, in many respects, the nation’s first line of defense. During the height of the Cold War, there was a greater public awareness of NORAD than there is today. In the event that Soviet bombers were headed our way, NORAD would provide the first alert, and U.S. fighter planes and bombers would scramble based on that intelligence. More ominously, NORAD would have also provided word if Soviet missiles had left their silos, giving the president and other top U.S. decision makers something less than half an hour before the missiles hit. During those thirty minutes they would have to decide whether to launch the first wave of retaliatory strikes. These days, NORAD’s peak period of public visibility is at Christmastime when it tracks the course of Santa and his sleigh. Lower visibility notwithstanding, NORAD remains actively engaged in the nation’s defense.

  In early April 2015, the Pentagon, in a move that received hardly any public attention, announced a $700 million contract with the Raytheon Corporation to relocate critical computer systems deep underground into the massive bunker under Cheyenne Mountain in Colorado. These included the communications gear—computers, sensors, and servers—of the U.S. Northern Command (NORTHCOM), which is tasked with providing homeland defense, as well as the electronic gear serving NORAD, which continues to provide aerospace and maritime early warning against enemy attack. The Cheyenne Mountain bunker had been built back in the 1960s to withstand a Soviet nuclear missile or bombing strike, but now it was being modernized to withstand a different kind of attack. Admiral William Gortney, who in December 2014 took command of NORAD and NORTHCOM, explained that the move was designed to shield the electronic communications gear from an extreme solar storm or from an electromagnetic pulse (EMP) attack.

  The potential impact of an EMP attack is so disastrous that it makes even the potential consequences of the Metcalf substation attack pale by comparison. It is literally the stuff of postapocalyptic fiction, receiving significant popular attention with the publication of William Forstchen’s 2009 novel, One Second After. In Forstchen’s telling, the Iranians and North Koreans have launched nuclear armed missiles from container ships off the coast, exploding them at high altitude over the United States. The resulting electromagnetic pulses have wiped out all electric power across most of the country, with truly horrific consequences for the entire nation. To all intents and purposes, and setting aside the issue of which nation might do it, that is how an EMP attack would likely be launched. It differs from any other nuclear attack in that its destructive power lies not in its radioactive fallout or in the physical destruction of population and structures but in its destruction of electronic equipment over an extremely wide area.

  Forstchen’s novel focuses on the consequences of such an attack, exploring how the community of Black Mountain, North Carolina, might approach the struggle for survival amid growing evidence that other parts of the country have totally disintegrated. While his vision is well researched and convincingly imagined, it is, in the end, fiction. Yet it follows closely the findings of a congressional commission tasked in 2008 with identifying what the impact of an EMP attack would be on our civilian infrastructure. The commission’s report, available online, outlines in matter-of-fact fashion the technical vulnerabilities of the power grid and predicts the likely impact of an EMP attack. Some projections are so extreme as to effectively numb the brain. There is simply no reasonable way to respond to those few lines in the commission report estimating that only one in ten of us would survive a year into a nationwide blackout, the rest perishing from starvation, disease, or societal breakdown.

  When asked to identify all hostile actors who might launch an EMP attack by 2023, the commission concluded that there were several nation-states capable of such an attack; even more alarming was its conclusion that such an attack could be carried out by a terrorist organization. But why would any of the world’s nuclear powers consider the detonation of an EMP device when the specter of nuclear attack has conjured up such alarming visions of retaliation and widespread destruction that the option has largely been shelved?

  Former director of central intelligence James Woolsey, who warned of the growing threat of an EMP attack in a 2014 Wall Street Journal column, argued that capability is reason enough for concern, given how aggressively it’s being pursued. “Rogue nations such as North Korea (and possibly Iran),” wrote Woolsey, “will soon match Russia and China and have the primary ingredients for an EMP attack: simple ballistic missiles such as Scuds that could be launched from a freighter near our shores.” Particularly since Iran and North Korea still lack the capability to reach the continental United States with their intercontinental ballistic missiles, an EMP attack would give them a nuclear option. Woolsey filled in some of the blanks as to how the North Koreans may have acquired their EMP expertise, revealing that in 2004 Russian military personnel warned the EMP commission that North Korea had recruited Russian scientists to develop its nuclear and EMP attack capabilities. Woolsey contended that back in late 2012 the North Koreans successfully orbited a satellite capable of delivering a small nuclear warhead. Designated the KSM-3, this North Korean satellite could, said Woolsey, deliver a surprise nuclear EMP attack against the United States.

  If Woolsey is correct and Russian scientists have transferred their knowledge of nuclear and EMP technology, the former CIA director’s concern is understandable. North Korea, rogue state that it is, would stand out as one of the only regimes in the world whose rational restraint cannot be taken for granted.

  James Woolsey argued that protection of the national electric grid against an EMP attack is possible, that it is not prohibitively expensive, and that necessary congressional action is long overdue. In its 2008 report the EMP commission recommended that measures taken by the D
efense Department to protect crucial military installations, including the installation of surge arrestors and Faraday cages, could usefully be applied to civilian infrastructure also. The commission estimated that protecting the national electric grid against an EMP attack would cost about $2 billion. Such estimates are easily made in the abstract, but reality is another matter. No action was taken on the commission’s recommendations for protecting the electric power grid.

  Two pieces of legislation have been generated by later congressional committees. In an apparent bid for most tortured acronym of the year, the Secure High-Voltage Infrastructure for Electricity from Lethal Damage (SHIELD) Act was introduced in June 2013. The Critical Infrastructure Protection Act was introduced in October 2013. Neither piece of legislation, noted Woolsey, has made it out of committee. It is unclear whether our elected representatives have decided that the threat of an EMP attack is not that realistic after all or whether the failure to act owes more to their conclusion that there are more pressing issues requiring the expenditure of more than $2 billion. In the endless competition for federal funding, Washington has grown inured to the chorus of lobbyists crying wolf on behalf of one cause or another.