Picture this nightmare scenario: A U.S. adversary launches a cyberattack on a major U.S. electrical grid, knocking out power for 30 million to 50 million people.
Imagine, too, that the power would be down not for a few days but weeks or months on end.
The consequences — people caught in elevators, no lights or refrigeration, no running water to dispose of human waste, the loss of other mission-critical systems that cities depend on — could be devastating. If the cyberattack happened during a summer heat wave, and assuming also the spread of disease because of the lack of plumbing, the human toll could run into the thousands.
Sounds far-fetched? It doesn't to veteran journalist Ted Koppel, the former anchor and managing editor of ABC's "Nightline"and now a senior contributor to CBS News' "Sunday Morning" show. Koppel presented the closing general session of NAILBA 35 — the 2016 annual meeting of the National Association of Independent Life Brokerage Agencies, held Nov. 17-19 — and it was an eye-opener.
In a wide-ranging talk, Koppel, seen here in a 2005 photo on the set of "Nightline," gave his take on the presidential campaign, the increasing partisan bent of the nation's mainstream press, and how social media is contributing to an ever more polarized electorate. The most sobering part of the keynote, highlights from Koppel's new book, "Lights Out," detailed how unprepared the United States is for a major cyberattack.
The lack of readiness stems, in part, from vulnerabilities in the nation's electrical grid. Some 3,200 power companies feed juice into one of three major grids (one each covering the eastern and western regions of the United States; a third one covering). And the companies are in large measure unregulated, limiting the federal government's ability to impose conditions on the industry. Among them: measures protecting Internet-based power management systems against cybersecurity threats or requirements as to back-up power systems.
Add to the lack of oversight this fact: The smooth running of power generators and transmissions lines depend on a delicate balance; the amount of power generated must exactly match the amount consumed. Koppel compared the system to valves feeding air into and out of a balloon. If too much air goes in, the balloon explodes. If there's too little air, the balloon collapses.
"And so it is with an electric power grid," said Koppel. "If there's not a perfect balance between power in and power out among the 3,200 power companies, the system can go down."
The Russians and Chinese are already inside our power grids and can take down one of them, essentially with a stroke of a key," said Koppel. (Photo: iStock)
Where the treat comes from
Management of the power companies' Supervisory Control and Data Acquisition systems are increasingly vulnerable to hacking attacks. Government cybersecurity experts whom Koppel interviewed for his book, including top people at the National Security Agency, the Pentagon, and the U.S. Department of Homeland Security, said the Russians and Chinese pose the most dangerous cybersecurity threats.
"They're already inside our power grids and have the capability to take down one of them, essentially with a stroke of a key," said Koppel. "That's no exaggeration."
Nor is it hyperbole to state that other potential state adversaries — Iran, North Korea, or Syria — could also disrupt the nation's power systems.
The worst of the threats are terrorism organizations such as ISIS and Al Qaeda. Whereas China and Russia have greater cyber capabilities but also more inhibitions about launching an attack (given the economic and political ramifications), terrorists are more motivated to act, but don't now have cyber capabilities to match.
That may not be for long. Koppel noted that ISIS has about $2 billion cash on hand, enough to buy them "a lot of expertise" and, in the view of cybersecurity officials, spearhead a major attack on the grid within the next three to five years.
