Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Stores are closed. Cell service is failing. Broadband Internet is gone. Hospitals are operating on generators, but rapidly running out of fuel. Garbage is rotting in the streets, and clean water is scarce as people boil water stored in bathtubs to stop the spread of bacteria. And escape? There is none, because planes can’t fly, trains can’t run, and gas stations can’t pump fuel.
That is the potential scenario if the U.S. undergoes a major cyber attack against our electrical grid. We know it’s likely that the Russians have hacked several U.S. companies, both in the public and private sectors. We don’t know, however, how deeply they have penetrated our systems overall.
We’ve been warned for years that our electrical grid is vulnerable to attackers who damage critical substations. Although some steps have been taken to mitigate the problem, the threat is still serious. Now we have the added danger of a cyber attack, the kind of attack launched against the Ukrainian power structure last December 23. Admiral Mike Rogers says the Russian government hackers likely were responsible; they even studied the way the Ukrainians responded in order to slow down their recovery of electrical power. He is very concerned about the implications of that action for this country.
In contrast, the Department of Homeland Security issued a report that downplays the seriousness of these attacks against energy companies, calling them “low level cybercrime that is likely opportunistic in nature rather than specifically aimed at the sector, [and] is financially or ideologically motivated, and not meant to be destructive.” I’m not reassured.
The fact is that not only Russia is working on cyber attacks, but other rogue players such as North Korea and Iran are probably in our systems. Specialists warn that the most damaging kind of attack would be a coordinated strike against multiple power stations. If they knocked out 100 stations in the Northeast, “the damaged power grid would quickly overload, causing a cascade of secondary outages across multiple states. While some areas could recover quickly, others might be without power for weeks.”
In 2003 there was a blackout that spread from the coastal Northeast into the Midwest and Canada. Senator Susan Collins (R-Maine) has said, “If you think of how crippled our region is when we lose power for just a couple of days, the implications of a deliberate widespread attack on the power grid for the East Coast, say, would cause devastation. Researchers have run the numbers on an East Coast blackout with these results:
A prolonged outage across 15 states and Washington, D.C., according to the University of Cambridge and insurer Lloyd’s of London, would leave 93 million people in darkness, cost the economy hundreds of millions of dollars and cause a surge in fatalities at hospitals.
Another alarming aspect of a cyber attack is that the utility might not even realize what is happening:
At first, power providers may only notice a cascade of overloaded transmission lines failing in rapid succession—something that happened during the 2003 blackout, which was caused by an ordinary software bug. A major attack would trigger a series of actions laid out in the Electricity Subsector Coordinating Council playbook, and even for regional blackouts, energy companies would begin communicating instantly.
But the assistance program may also run into difficulties with a cyber attack:
“If I’m sitting in Columbus, Ohio, and I know there’s a storm in Maryland, I’m not worried about sending my resources to Maryland,” said Stan Partlow, chief security officer at American Electric Power. “We’re pretty confident when we let those crews go that we’re not in trouble. On the cyber side, if I’ve sent my resources somewhere else and I’m next on the list…”
Although there are government agencies that are trained and equipped to deal with these kinds of attacks, they have few plans on how to prepare, since there have been so few major attacks on which to create response scenarios.
So I refer you to the opening paragraph in this OP. What happens when there is a devastating cyber attack and people run out of the basic necessities? What will we do when we are isolated, frightened and hungry? Or do you think these fears are exaggerated, as DHS suggests?