When it comes to cyberwar and cyberterrorism, we need to think the unthinkable, says veteran TV journalist Ted Koppel. And for Koppel, the unthinkable is this: Someone hacks into the nation’s electric power grid and causes large parts of it to crash for a prolonged period.
Anyone who has endured a blackout from a storm or mechanical breakdown — probably most Americans — knows how frustrating and infuriating it can be. You lose your lights, refrigeration, communications and sense of control. But two certitudes limit the anger and anxiety: First, outages are usually small geographically; and second, we know that power will be restored in days or weeks.
Not so with a cyberattack, which aims to cripple the system and cause chaos. Lengthy disruptions may be widespread. Then the effects become horrific, as Koppel writes in his new book, “Lights Out.”
Darkness descends on cities and suburbs. As refrigeration fades, food inventories are exhausted. Resupply is difficult, because — among other reasons — “gas stations without backup generators are unable to operate their pumps.” Water supplies are also paralyzed by inert pumps. “There is little running water . . . toilets no longer flush.” Routine payments, being mostly electronic transfers, are virtually impossible. People feel increasingly isolated and vulnerable.
There are emergency plans, Koppel writes, for natural disasters and electrical outages “of a few days” but no plan for many millions losing electricity “for months.” Once people realize they’re “on their own,” there’s a “contagion of panic.” The likelihood of looting is obvious.
Let’s concede: We may exaggerate the danger. Cybergeddon may not be inevitable. There’s a long history of false alarmism. In the 1950s, people feared thermonuclear war. At the turn of the century, the Y2K computer bug allegedly threatened havoc. After 9/11, there were widespread warnings of terrorism using chemical or biological agents, as well as a “dirty” nuclear bomb. More recently there was an Ebola scare. As yet, none of these predicted calamities has occurred.
Some self-restraint may be built into the system. It’s likely, experts tell Koppel, that both the Chinese and Russian governments have penetrated vital U.S. cybernetworks, but they may be deterred from mounting destructive attacks for fear of retaliation. The United States, said one general, has the world’s best “cyber offense” — the ability to damage other countries’ networks — but a weak defense. Highly networked countries may refrain from mutual destruction.
Still, Koppel has an easy time building a case for worry. When he asks Janet Napolitano, former secretary of homeland security, the chances that some adversary will knock out a significant part of the power grid, she responds, “Very high — 80 percent, 90 percent.” More troubling: Koppel cites George Cotter, a former chief scientist at the National Security Agency, who has repeatedly contended that the grid is dangerously porous to hostile intrusions.
What especially bothers Cotter is the deregulation and restructuring of the electric utility industry. Traditionally, the industry was dominated by a small number of large companies responsible for generating, transporting and delivering power to customers. But in recent decades, these various functions (generation, transportation and delivery) have been split among separate firms. Cybersecurity becomes harder, because the task of protecting the grid is spread among many more businesses.
To be fair, Koppel quotes utility executives as asserting that the grid is highly resilient. Taking down the grid, said one manager, “is not nearly as simple as I think some people . . . believe.”
It’s hard for outsiders to referee these technical disputes. But we should not assume that the self-restraint of major countries will keep us safe. We’re also vulnerable to rogue states (think North Korea or Iran) and groups of terrorists and anarchists. The Internet empowers the weak: The thought of an Islamic State hacker probing for openings in European and U.S. networks is chilling.
So far, hacking has involved mostly commercial and criminal misdeeds. These are costly and inconvenient. But they are a lesser danger. The real threat is hacking intended to destabilize entire societies. Along with the grid, communications and financial networks pose similar dangers. There are limits to how much we can protect ourselves, but any improvement requires a change in consciousness.
There’s a conflict — largely ignored — between exploiting all the Internet’s economic opportunities and reducing its threats to social peace. “There is not yet widespread recognition,” writes Koppel, “that we have entered a new age in which we are profoundly vulnerable in ways we have never known before.” That’s our dilemma. The more functions we put on the Internet, the more dependent on it we become. And today’s dependency is tomorrow’s vulnerability.
Read more from Robert Samuelson’s archive.