Book review of Lights Out. A Cyberattack. A Nation Unprepared. Surviving the Aftermath

Preface. This is one of three posts based on Ted Koppel’s book Lights out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.

There’s also these 2 posts based on this book: “Want to survive peak everything? Become a Mormon” and another with excerpts from this one focusing on preparation.

What follows are my kindle notes. Obviously you should read the whole book, I’ve only excerpted material useful for writing future books, information new to me, and of interest to my fellow doomsters who are watching the energy crisis and limits to growth unfold, many of us for decades so far. This book also explains how the grid stays up and much more that I have not included below.

In the news:

2023-2-21 Attacks On The U.S. Power Grid Are Surging. Oilprice.com The Wall Street Journal reported that attacks on the U.S. power grid rose by 71% in 2022

Alice Friedemann www.energyskeptic.com Author of Life After Fossil Fuels: A Reality Check on Alternative Energy; When Trucks Stop Running: Energy and the Future of Transportation”, Barriers to Making Algal Biofuels, & “Crunch! Whole Grain Artisan Chips and Crackers”. Women in ecology Podcasts: WGBH, Financial Sense, Jore, Planet: Critical, Crazy Town, Collapse Chronicles, Derrick Jensen, Practical Prepping, Kunstler 253 &278, Peak Prosperity, Index of best energyskeptic posts

***

Koppel T (2015) Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.

A FERC analysis concluded that if nine of the country’s most critical substations were knocked out at the same time, it could cause a blackout encompassing most of the United States.

Without ready access to electricity, we are thrust back into another age—an age in which many of us would lack both the experience and the resources to survive. It has been estimated that only one in ten of us would survive a year into a nationwide blackout, the rest perishing from starvation, disease, or societal breakdown.

As batteries lose power, there is the more gradual failure of cellphones, portable radios, and flashlights. Emergency generators provide pockets of light and power, but there is little running water anywhere taps go dry; toilets no longer flush. Emergency supplies of bottled water are too scarce to use for anything but drinking, and there is nowhere to replenish the supply. Disposal of human waste becomes a critical issue within days. Supermarket and pharmacy shelves are empty in a matter of hours.

Emergency personnel are overwhelmingly engaged in rescuing people trapped in elevators. Medicines are running out. Home care patients reliant on ventilators and other medical machines are already dying. Round-the-clock chatter on radio and television continues, but there’s little new information and a diminishing number of people still have access to functioning radios and television sets. The tissue of emails, texts, and phone calls that held our social networks together is tearing.

Fuel is beginning to run out. Operating gas stations have no way of determining when their supply of gasoline and diesel will be replenished, and gas stations without backup generators are unable to operate their pumps. Those with generators are running out of fuel and shutting down. The amount of water, food, and fuel consumed by a city of several million inhabitants is staggering. Emergency supplies are sufficient only for a matter of days,

So many of our transactions are now conducted in cyberspace that we have developed dependencies we could not even have imagined a generation ago. The very structure that keeps electricity flowing throughout the United States depends absolutely on computerized systems designed to maintain perfect balance between supply and demand.

It is the Internet that provides the instant access to the computerized systems that maintain that equilibrium. If a sophisticated hacker gained access to one of those systems and succeeded in throwing that precarious balance out of kilter, the consequences would be devastating.

The grid is a network connecting thousands of companies, many of which still put profit ahead of security. Critical equipment that is decades old and difficult to replace sits in exposed locations, vulnerable to physical attack. Computerized systems that control the flow of electricity around the country were designed before anyone even contemplated cyberspace as an environment suited to malicious attacks.

The Department of Homeland Security has no plans beyond those designed to deal with the aftermath of natural disasters.

The deputy administrator of the Federal Emergency Management Agency (FEMA) believes that a major urban center would have to be evacuated. His boss, the administrator, does not. The administrator believes that a successful cyberattack on a power grid is possible, even likely. His deputy does not. The current secretary of homeland security is sure that a plan to deal with the aftermath of a cyberattack on the grid exists, but he doesn’t know any details of the plan.

As of this writing, there is no specific plan. We are unprepared, but why isn’t the issue higher on our list of national priorities? It is difficult for anyone holding public office to focus attention on a problem without being able to offer any solutions. Then, too, the American public needs to be convinced that the threat is real. And let the record show: it is not easy to convince the American public of anything.

Dispatching journalists into the field to gather information costs money; hiring a glib bloviator is relatively cheap, and inviting opinionated guests to vent on the air is entirely cost-free. It wouldn’t work if it weren’t popular, and audiences, it turns out, are endlessly absorbed by hearing amplified echoes of their own biases. It has never been more difficult to convince the American public of anything that it is not already inclined to believe. It’s divisive and damaging to the healthy functioning of our political system, but it’s also indisputably inexpensive and, therefore, good business.

EMP attack

In early April 2015, the Pentagon, in a move that received hardly any public attention, announced a $700 million contract with the Raytheon Corporation to relocate critical computer systems deep underground into the massive bunker under Cheyenne Mountain in Colorado to shield the electronic communications gear from an extreme solar storm or from an electromagnetic pulse (EMP) attack.

In a 2014 Wall Street Journal column, Woolsey argued that capability is reason enough for concern, given how aggressively it’s being pursued. “Rogue nations such as North Korea (and possibly Iran), will soon match Russia and China and have the primary ingredients for an EMP attack: simple ballistic missiles such as Scuds that could be launched from a freighter near our shores.

In 2004 Russian military personnel warned the EMP commission that North Korea had recruited Russian scientists to develop its nuclear and EMP attack capabilities. Woolsey contended that back in late 2012 the North Koreans successfully orbited a satellite capable of delivering a small nuclear warhead. Designated the KSM-3, this North Korean satellite could, said Woolsey, deliver a surprise nuclear EMP attack against the United States.

If Woolsey is correct and Russian scientists have transferred their knowledge of nuclear and EMP technology, the former CIA director’s concern is understandable.

The commission estimated that protecting the national electric grid against an EMP attack would cost about $2 billion.

It is unclear whether our elected representatives have decided that the threat of an EMP attack is not that realistic after all or whether the failure to act owes more to their conclusion that there are more pressing issues requiring the expenditure of more than $2 billion. In the endless competition for federal funding, Washington has grown inured to the chorus of lobbyists crying wolf on behalf of one cause or another.

Why it is so hard to make the system safer from attack

Imagine if an enemy of this country had crafted a system exposing the United States to the most devastating attack in its history. We may already have done a better job of inadvertently designing just such a system ourselves, sowing the seeds of our own downfall more effectively than any enemy of ours could have done. The federal agencies best equipped to monitor infrastructure for signs of cyberattack are precluded from doing so by laws that were designed to preserve privacy.

Where there are breaches of infrastructure security, corporations are protected by law against any mandate to share that information with competitors or the federal government. There is, quite simply, an unavoidable tension between industry’s insistence that it be allowed to operate within a free enterprise system and government’s responsibility to develop high standards of safety and security for what may be the nation’s single most critical piece of infrastructure. This tension has resulted, in the electric power industry, in a high-stakes duel between corporations and government regulators, the consequences of which are cybersecurity regulations so patchwork and inadequate as to be one of the chief sources of the grid’s vulnerability.

Now, power is often generated in one location by one company, fed over a separately managed transmission network (often overseen by either a regional transmission organization [RTO] or an independent system operator [ISO]), and ultimately passed on to yet another company for final delivery to the consumer. The consumer has no relationship with the companies that generate electricity or those that transmit it at top efficiency across vast distances. The consumer deals directly only with the local company that delivers the electricity on that final leg.

New forms of interconnections between and among firms create new pathways through which malicious cyberattacks may travel.

The electric power grid may only be as strong as its weakest link. Leaders in the industry will argue that they have invested enormous resources in protecting their infrastructure, and they have. But smaller companies with lean profit margins are simply not inclined to spend a great deal on cybersecurity. The weakest links in this system tend to be the smaller companies with the poorest security and maintenance practices. This presents a particularly serious problem within the power industry because of the interconnectedness of the grid. If you bring down the small [companies] in the right order,” it could initiate a domino-like “cascade effect. Cascading outages could compromise the systems of larger companies, quickly threatening the entire network. It’s not less well-defended companies are bad, it’s just that they don’t have the infrastructure or resources to do what actually needs to be done.

The Federal Energy Regulatory Commission can and does propose regulations for the industry. But each of those proposals has to be put to a vote by the NERC membership, which represents the entire industry. Since each regulation proposed by FERC requires approval by two-thirds of NERC’s members—large and small, major corporations and those with tighter budgets—the system is not designed to generate the most rigorous standards. Only when the industry has shaped and polished the regulations that will govern its behavior is FERC finally empowered to enforce the rules that emerge. NERC has an enforcement capacity as well, but in 2013 it levied only $5 million in penalties against utilities failing to meet mandatory defense standards. In 2014 the sum of all penalties dropped to less than $4 million. To provide context, in August 2013 the industry’s 3,200 utilities sold $400 billion worth of electricity; penalties added up to less than 0.001 percent of gross revenues.

FERC’s limited jurisdiction: American democracy rests on a foundation of competing tensions among local, state, and federal laws, and laws governing the electric power industry reflect those tensions. The nationwide transmission of electricity along high-voltage power lines is subject to federal regulations, enforced by FERC. Once the electricity has been conveyed from the generating facility to its ultimate point of distribution, though, it is no longer under federal jurisdiction. To be clear: while electricity is being conveyed across the country at maximum efficiency, the process is subject to federal regulations. Once it’s handed off to the local companies that transmit electricity to the local consumers, no federal regulations apply.

At that point, it’s under state authority—50 different jurisdictions, in which regulations focus almost exclusively on the financial side of the business. The state commissions that govern those local companies control the rates that local utilities can charge, but many of them pay scant attention to issues of grid security.

George R. Cotter’s expertise on the vulnerabilities of the electric power industry comes from a lifetime’s experience within the National Security Agency, in which he served as chief of staff, as chief scientist, and twice as head of its technology division. Cotter fumes at what he regards as the idiocy of the regulations enforcing the security of the electric power industry. The final leg of the system, Cotter explained, everywhere that electricity is actually delivered to consumers, is not covered by federal security regulations, and the industry wants to keep it that way. “Most of the critical infrastructure is in urban areas. Entire national security establishments are not covered by the law or by NERC.

The electric industrial grid is in the hands of the private sector. “Nobody’s in charge there, nobody has responsibility, nor can anybody require that they do work. One would think that FERC could direct and require more cybersecurity be employed by the owners and operators of the electric grid.

Former senator John D. Rockefeller IV (D-W.Va.), who has served as chairman of both the Senate Commerce and Intelligence Committees, has similarly given up hope of enforcing tough security measures on the electric power industry. There was a time, he told me, when he could count on the support of a number of senior Senate Republicans. “Then all of a sudden comes the Chamber of Commerce in 2011 and some lobbyist goes back there and says, ‘We gotta shut this thing down…overregulation, heavy-handed government, et cetera.’ “They were afraid,” said Rockefeller, “of having to spend money that they couldn’t prove to themselves they would actually need to spend.

With apologies to what is an infinitely more complex and sophisticated industry, imagine a giant balloon attached to a thousand different valves. Some of the valves introduce air into the balloon, while others extract it. Take too much air out and the balloon collapses. Put too much in and it explodes. Now imagine a computerized system that keeps it all in balance, so that the balloon remains perfectly inflated. That’s a very crude analogue to the system that keeps the electric power industry in balance.

“So it’s winter,” said Clarke, “and Chicago needs more electricity” between the hours of, say, 2:00 and 5:00 p.m. “Florida Power and Light, which has more capacity than it needs in the winter, says, ‘I can provide it and here’s how much I’ll charge.’ ” Assume that Florida Power and Light has offered the best deal, to the advantage of consumers in Chicago. But now that electricity has to get from Florida to Chicago, and pathways are limited. Communities are inclined to object to the presence of high-tension wires near people’s homes. Because of what’s come to be known as the NIMBY (not in my backyard) factor, there are relatively few high-power transmission lines in key locations around the country.

Clarke likes to compare those high-power transmission towers and cables to a rail line. It’s an analogy that shouldn’t be taken too literally, other experts have cautioned, but it is helpful in underscoring the fact that the conveyance of electricity along those transmission lines has to be scheduled. In our theoretical deal, Florida Power and Light has agreed to dump power onto the grid between two and five in the afternoon. The difference between trains and electricity is that electricity isn’t conveyed directly from point A to point B. The electricity leaving Florida probably won’t be delivered to Chicago. It’s all about maximum efficiency and maintaining overall balance between demand and supply throughout the system. To coordinate this, the industry has set up regional authorities, the regional transmission organizations and independent system operators, which monitor “traffic” to ensure that no transmission lines in their area become overburdened.

This monitoring process, while routine, also creates a dangerous point of vulnerability. If someone was able to hack into an RTO or ISO and deliberately overload the lines, the impact would be swift and physical. The lines would start to droop from the heavy load. They would overheat. “When the lines dip,” said Clarke, “they can set a tree on fire, or they can melt the line.” There are built-in controls to ensure that such an overcapacity never happens, but if a hacker got into the system and targeted those controls, Clarke explained, so that “the guy sitting in the operations center doesn’t see it—he sees that everything is in the green,” there would be no relationship between the operations center dashboard and reality. Such a situation could quickly escalate out of control. If you can break key transmission lines, said Clarke, you can produce cascading, potentially catastrophic outages.

Deregulation of the power industry has created a system with more vulnerable points of entry than ever existed previously, and a lot of the equipment is controlled by aging, standardized computer systems used around the world and familiar to many of America’s enemies. Businesses have concluded that the advantages of the Internet are nevertheless worth whatever vulnerabilities may emerge as by-products. The electric power industry has made the same calculation. However dangerous the consequences of conducting our businesses and operating our infrastructure on the Internet, we are simply incapable of functioning without it.

More than a hundred years ago, long before the power of the Internet gave it the force of commonplace reality, Mark Twain commented on the uneven nature of any competition between rumor and fact, gossip and reality, observing that “a lie can travel halfway around the world while the truth is putting on its shoes.”

“If a force-five storm or hurricane were to make a direct hit on Miami, the industry is equipped to lose as much as 200 billion dollars. It would not be a great day, but life would go on.” Jain estimated Berkshire’s share of that payout at anywhere from $2 billion to $7 billion. Unlike hurricane insurance, the business of cyber insurance is relatively new. It is a business intended to address new risks arising from “the Internet of things,” a field in which predicting the likelihood of events is all but impossible. It barely begins to define the challenge of insuring a power company against the cost of a catastrophic cyberattack. There are certain industries such as utilities, power, electric, water, that have unique exposures. Unique exposure” refers to the extraordinarily high risk of insuring against new, unfamiliar, and potentially catastrophic events. The industry is still plotting its own cautious road map toward coverage for those exposures; it will require a combination of traditional insurance, the involvement of a reinsurance company such as Berkshire, and government guarantees of limited liability.

No one can be expected to provide complete coverage. Even the combination of those three elements wouldn’t go much beyond $1 billion of insurance to cover a cyber-related event. That struck me as a pretty trivial amount. Here was Ajit Jain, after all, contemplating an enormous industry-wide payout in the wake of a massive hurricane striking Miami head-on, with what could be described as a $200 billion shrug. The impact of a successful cyberattack on a power grid could be far worse, I suggested, and Jain didn’t disagree. “If there were a complete blackout in a certain part of the country for a three-month stretch,” he said, “the looting and everything that [could] ensue just boggles the mind, how large the numbers [would] be. “The[se] extreme scenarios…are certainly likely, and we can all debate how likely and what do we mean between likely versus unlikely. But from the insurance industry’s perspective, the amount of exposure that we are willing to take on is nowhere close to the exposure that would come from these very extreme events.

The notion that the United States and its principal rivals routinely fire cyber shots across one another’s bows also makes sense. Few if any of these cyber skirmishes are acknowledged, but what is publicly known certainly points to the conclusion that they are taking place. Over the course of 2014, rising tensions between Moscow and Washington over events in Ukraine led the United States and its European partners to impose a series of economic sanctions on Russia. Moscow refused to back down, continuing its policy of support for pro-Russian rebels in Ukraine and continuing to apply economic and military pressure on Ukraine’s new government, trying to force it back into Russia’s orbit. Yet its public response to the U.S. sanctions was surprisingly mild.

That only applies, of course, to what can be directly attributed to Moscow. In August 2014 the New York Times reported that a Russian crime ring had “amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses.” In early October of that year, ten American financial institutions were revealed as targets of a huge cyberattack.

An anonymous senior official speculated to the Times that the attack could have been in retaliation for those U.S. economic sanctions on Moscow. George Cotter believes that the rash of cyberattacks on U.S. banks during the summer and fall of 2014 does, in fact, constitute a warning from the Kremlin, related to events in Ukraine—a demonstration to Washington of what might follow if economic sanctions escalated. In Cotter’s estimation, the calibrated application of such cyber blackmail has been under way for some years, and its users extend beyond Moscow and Beijing. It would go a long way toward explaining the on-again, off-again nature of U.S. foreign policy toward Syria. According to Cotter, Syrian leader Bashar al-Assad “has a cyber operation which he routinely runs against Wall Street,” intended as a strong message to the U.S. government. These attacks tend to be relatively low-tech distributed denial-of-service attacks against American banks, but, Cotter suggests, Assad “is demonstrating that if you unleash an attack against the Syrian armed forces, against the Syrian government, all hell will break loose” in the United States’ financial sector. Cotter believes that Syria’s sabotage capabilities have unquestionably restrained our government’s actions against Assad.

In April 2015 researchers from Norse, a cybersecurity company, and the American Enterprise Institute issued a report concluding that “Iranian hackers are trying to identify computer systems that control infrastructure in the United States, such as the electrical grid, presumably with an eye toward damaging those systems.” Among the key points in the report was that hundreds of thousands of domains registered to Iranian citizens or companies are hosted by companies in the United States, Canada, and Europe and are then used to conduct cyberattacks on America and its allies.

Until May 2012 Howard Schmidt was President Obama’s White House advisor on cybersecurity. What would he say, I asked, if the president asked him directly, “Howard, is there a way we can guarantee that a cyberattack won’t knock out one of our power grids?” “Absolutely not,” said Schmidt, who confirmed what other specialists had been telling me: the greatest cyber threats to the U.S. infrastructure are in the hands of the Russians and the Chinese. Schmidt also echoed the assumption that China and Russia, encumbered by a network of interlocking interests with the United States, would likely be constrained from launching a full-scale cyberattack on an American power grid. Could they do it? Yes. Would they? Only in the context of an expanding crisis.

What about independent actors using cyberattacks to knock out one of our power grids? Are we at that point yet? “Simple answer,” said Schmidt, “yes. And that worries me as much as a nation-state using an aggressive move for whatever reason.

George Cotter also sees a growing level of sophistication among criminal organizations, terrorist groups, and so-called hacktivists (political activists who use the Internet, such as the group Anonymous). “I believe,” said Cotter, “it is literally possible for a hacktivist group, well trained and well-motivated, to take down major portions of the grid without the industry being able to stop it.

An independent actor such as Al Qaeda or ISIS, in contrast, has as its immediate goals inflicting pain and instilling terror. These groups are, if anything, trying to provoke violent reaction from their enemies. To the degree that such groups have been inhibited from using weapons of mass destruction, it has been due to the difficulties in acquiring and deploying them. Cyber warfare employs a wide-open battlefield with multiple points of vulnerability, an easily accessible weapons system, and legions of experts available for hire. ISIS, for example, has the money (it is believed to have accumulated more than $2 billion in assets), and it has the motive. It is not yet clear whether it has found the experts. But in the opinion of the NSA’s former chief scientist George Cotter, “if ISIS can recruit a trainable, competent cyber army, then what they need to develop is available for a price in the black market.

General Lloyd Austin III is the commander of United States Central Command (CENTCOM), responsible for the 20-country area of responsibility (AOR) consisting of Iraq, Syria, Afghanistan, Pakistan, Iran, Egypt, Lebanon, Yemen, Jordan, Qatar, Kuwait, Bahrain, Saudi Arabia, the United Arab Emirates, Kazakhstan, Kyrgyzstan, Oman, Tajikistan, Turkmenistan, and Uzbekistan. If there is a likely breeding ground for a terrorist attack against the United States, it can be found somewhere on CENTCOM’s operational map. Austin cites the growing divide between the Shia and Sunni branches of Islam, the tensions between moderate and radical Islamists, and the “youth bulge,” the group of educated, unemployed, and disenfranchised young people who are prime candidates for recruitment by extremist organizations. These, fueled by widespread anti-American and anti-Western sentiments, constitute a foundation to the growing threat against vital U.S. interests.

The North Koreans, while less advanced than the Iranians, are well along in their development of cyber war capabilities, due in no small part to instruction by the Chinese and Russians.

Why, I wondered, does there seem to be such limited awareness of the impending danger? Austin’s answer was simple. “We’ve not experienced a significant effective attack against our power grid or against our transportation networks. So, like 9/11, I don’t think people realize how vulnerable you are until they see something happen. “I think some of the key folks in the banking industry, in the transportation industry, they have clearly realized that there are vulnerabilities that we need to guard against or protect, and they’re doing some things about them. But as you connect one system to the other across this nation, there’s just a lot of points of entry, a lot of points of potential failure that I don’t think people have thought through adequately.

The government agencies and civic organizations charged with enabling the nation to recover from catastrophe are also woefully unprepared. Keith Alexander’s many years in the military provide some understanding of those confronting multiple crises simultaneously. He puts it this way: “Everybody’s out there fighting today’s alligators, and we’re talking about future alligators, and they say, ‘Look, I’ve got this problem with ISIS, I’ve got this problem with Afghanistan, Gaza keeps coming up, I got this wingnut in North Korea; and you’re talking about a potential problem.’

LARGE POWER TRANSFORMERS

The nature of the electric power industry is such that it combines modern technology with antiquated equipment. Some of that equipment is so large, so expensive, and so difficult to replace that it constitutes an entire category of vulnerability. If there is one piece of hardware that deserves to be singled out as critical to the nationwide transmission of electricity, it is the large power transformer.

In order for electricity to move over great distances at maximum efficiency, its voltage has to be cranked up. That function is performed by step-up transformers, which take electricity from a generating station and send it flowing at high voltage along the massive power lines that stretch across the American landscape. At times of peak flow those lines along our roads, railways, and highways can actually be seen to sag under the load of surging electricity. At the end stage of the transmission system, a sequence of step-down transformers does what their name suggests, readjusting voltage to a low enough level that the electricity can be safely delivered to the consumer.

No country in the world has a larger base of installed large power transformers than the United States, and that base is aging. The Department of Energy reports that these “critical component[s] of the bulk transmission grid” are, on average, thirty-eight to forty years old. A senior DOE official told me that age in itself is not of great concern, as transformers have no moving parts. The number of large power transformers (LPTs) in use in the United States is staggering. There is a great deal of information that the power industry refuses to make public, and the exact number of LPTs is one such statistic. The Department of Energy can only hazard a guess as to how many large power transformers are in use, but it reports that the number “could be in the range of tens of thousands. And because LPTs are very expensive [$3 million to $10 million each] and tailored to customers’ specifications, they are usually neither interchangeable with each other nor produced for extensive spare inventories.

These transformers are so enormous—anywhere from 400,000 to 600,000 pounds—that they cannot be transported on a standard railroad freight car. It requires the use of a specialized railroad freight car known as a Schnabel. There are only about thirty of these in North America, and some of the original transformers were delivered so many years ago that the rail lines on which they were transported no longer exist. When LPTs are transported by road it calls for a modular device seventy feet long with twelve axles and 190 wheels. The unit occupies two lanes of traffic and requires special permits from each state through which the transport will pass. Because of the enormous dimensions and weight involved, these special permits often call for the prior inspection of various bridges and other pieces of infrastructure along the way.

Large power transformers remain vulnerable to cyberattack, and because of their size and because so many of them are out in the open, they are also vulnerable to a well-trained team of saboteurs armed only with semiautomatic rifles, as was demonstrated in California in 2013.

Because they are very expensive, only the largest and most profitable power companies can afford to keep backup transformers on hand. Because the transformers are custom-made, they are not easily interchangeable. Because the equipment is huge, it is not easily transported. Because these transformers are, on average, thirty-eight to forty years old, some of them were originally delivered by rail systems that no longer exist.

Because the vast majority of LPTs are built overseas, it takes a very long time to replace them.

With the passage of the Homeland Security Act in November 2002, Tom Ridge became the first secretary of the Department of Homeland Security (DHS), responsible for overseeing what had been 22 separate departments and agencies as diverse as the Secret Service, the Coast Guard, and the Immigration and Naturalization Service. The department’s mandate, conceived as it was through the prism of what had just happened, essentially boiled down to preventing another terrorist attack. During subsequent years, the department’s mission has evolved, in the public mind, to what might almost be described as a policy of “protect almost everything against almost anything.” Ridge acknowledged that the department ought to be doing even more on at least one level: ensuring security, he agrees, involves not only preventing disaster but also planning for its potential consequences. That part of the mission, Ridge told me, is almost doomed to fail. “We are not a preemptive democracy. We are a reactive one. Rare are the occasions on which we act in anticipation of a potential problem.

There have been, as of this writing, only four secretaries of homeland security. Each of them has conceded the likelihood of a catastrophic cyberattack affecting the power grid; none has developed a plan designed to deal with the aftermath.

Where, then, might a concerned citizen find advice on how to cope with the aftermath of such an attack? “There is no answer,” said Schmidt. No government agency has guidelines for private citizens because, according to Schmidt, there’s nothing any individual can do to prepare. “We’re so interconnected,” he said, that in terms of disaster preparation “it’s not just me anymore: it’s me and my neighbors and where I get my electricity from. There’s nothing I can do that can protect me if the rest of the system falters.” It’s an answer bordering on the fatalistic: the individual can’t do anything and the government won’t do anything.

Ridge recommended that people stock their homes with plastic sheeting and duct tape in the event of a chemical attack, a proposal that made him the butt of numerous late-night monologues. “Oh, yeah. I remember well,” he laughed. “It’s going to be in my obituary.” Ridge’s example and the humiliation he endured cannot have encouraged any of his successors to invest either time or effort in leading further campaigns in disaster preparedness.

Michael Chertoff estimated that a concerted cyberattack could knock one or more power grids offline for several weeks. When I asked whether he believed the American people are prepared for anything like that, he stated the obvious: “In some parts of the country, people do stock food and buy generators. In urban centers people don’t do that. In New York you’d try to move a lot of people out over a period of time.

“Really?” I asked. “More than eight million people? Where? How?

What, I wondered, could I learn from the senior officer at my local fire department? The captain on duty at the Potomac, Maryland, fire station assured me that there are secret locations where food and water have been stored. “For all of us?” I asked. “No, just for the first responders. He would next be awaiting further instructions. “And when you get those instructions, how will you communicate them to the rest of us when the electricity’s out?” “I’m due to retire in a couple of years,” said the captain. “I’m hoping it doesn’t happen before then.

But what, I wondered, if a blackout was the result of a cyberattack? What if the affected area covered several states and efforts to restore power were ineffective for weeks or even months? Is there a plan?

“There is no plan that would be adequate in that circumstance,” Napolitano conceded.

There remains a determination within the power industry and among some government officials to stress the grid’s resilience. They invariably cite as evidence the manner in which electric power has been restored in the wake of one natural disaster after another. Absent a crippling example to the contrary, the presumed consequences of a cyberattack on a power grid are bundled into the same general category as blizzards, floods, hurricanes, and earthquakes.

In September 2014, Joe Nimmich was reluctant to accept my premise of a wide-ranging, weeks-long electric power outage affecting millions of people. Still, if it did happen, he insisted, the federal government would be ready to deal with it. He was confident that electric power sufficient to avoid a catastrophe could be restored quickly. “I’ve planned for a million people being homeless, I’ve planned for tens of thousands of people being deceased. I think very easily we can convert those plans.” Nimmich was describing a scenario in which Southern California is hit by a catastrophic earthquake. “When we look at the plan…we’re talking about activating 70,000 troops.” He referenced Title X, the legal basis for the roles and missions of the armed forces, saying that he had planned for “the National Guard to keep law and order, and the Title X forces to be able to go in and actually help people move.” Relocation was central to Nimmich’s plan. “The plan is, you start moving people east. You take them out of Los Angeles, put them in hotel rooms in Nevada.

In the case of a power grid going down, urging people to stay in their homes may be exactly the right thing to do, at least in the immediate aftermath. Buildings would be essentially undamaged and bridges, roads, and tunnels untouched, leaving routes open for resupply convoys and voluntary evacuation for those who choose to leave.

I put the center of this hypothetical disaster in Manhattan. Nimmich was undeterred. “If, in fact, for some reason this is going to be a long duration, we are going to start an orderly movement of people out of Manhattan. And whether you bring buses in or you use trains, you’re going to have to move them out of the area. You know, you’re giving me two alternatives: we either find some way to restore the power or we move people to where they’re no longer in a life-threatening situation.” “You’re going to move five or six million people?”

“Sure”

To Nimmich, there is no clear answer nor is there a specific plan, and there is no plan, he patiently explained, because “the dire straits you have articulated [are] not what we have gotten from the experts that we work with.” Which is yet another way of saying, “We haven’t planned for it because we don’t think it’s going to happen.

Joe Nimmich’s boss is the administrator of FEMA, Craig Fugate. As for his deputy’s mass evacuation plan for Manhattan, Fugate was dismissive. “Can’t move ’em fast enough,” he told me.

Yeah – where would you move them?

The very agencies that would bear responsibility for dealing with the aftermath of a cyberattack on the grid have yet to find common ground on even the most fundamental questions.

If asked his plan for a prolonged and widespread power outage, Fugate replied “We’re not a country that can go without power for a long period of time without loss of life. Our systems, from water treatment to hospitals to traffic control to all these things that we expect every day, our ability to operate without electricity is minimal.”

It’s worth noting that when I interviewed Craig Fugate we were alone in his office. In Washington these days, that is a rarity. Most senior government officials are so worried about the consequences of what they say appearing in public that they like to have at least a public affairs officer present during an interview, to modify or mitigate any controversial answers. Not Craig Fugate (or Joe Nimmich as well)

What, I asked FEMA’s administrator, is the plan for a prolonged, widespread power outage? For the first couple of days, he explained, the primary burden would be on state and local governments, but if the electricity remained out for weeks or more, it would be FEMA trying to fill in the gaps. “The plan would be to support the states to keep security, to maximize what power we do have to come back online, to look at what it will take to keep food and other critical systems like water systems up and running with generators and fuel. To prioritize where we’re going to start rebuilding our economy. Fugate warned that there’s a limit to how much FEMA can do, but he’s confident in prioritizing certain objectives. “Keep the water on,” he said. “That means we need to have enough power to pump, treat, and distribute water through the system. You have to keep the water system up, and you’ve gotta then focus on the water treatment system. Backing up sewage is just about as bad. Those two pieces will buy you enough time to look at what your alternatives are. Basically, people have to drink water, they have to eat, that waste has to go somewhere, they need medical care, they need a safe environment, there has to be law and order.

In the event of a regional crisis, the first lines of authority run through state capitols. It’s up to the governor of any given state to mobilize the National Guard, up to the governor to order an evacuation, up to the governor to request federal assistance. Governor Andrew Cuomo of New York would likely first turn to his state commissioner of homeland security and emergency services.

The day may come when a cyberattack has such wide-ranging consequences that it will have to be treated as a hostile act against the United States. It will be, quite literally, an act of war. Until that time, however, the federal government tends to wait until the states request assistance.

Hauer wasted no time in expressing his lack of confidence in the federal government’s understanding of the power grids, and his conviction that a cyberattack on a control station would have devastating consequences. “If somebody gets into the network, then the ability to reroute is gone. The ability to actually monitor is gone. The ability to black out a control station leaves them [the power companies] helpless.

“We’re never going to evacuate New York City. What we’d do is set up shelters for people to basically reside in. One of the biggest problems in a city like New York is the high-rise buildings. When power goes out we have hundreds and hundreds of people stuck in elevators. I can’t tell you how many calls the fire department gets during a blackout.

Sandy created great hardship for many people, but Hauer, like Janet Napolitano, said that the scale and duration were manageable. “The federal government was terrific,” said Hauer. “They brought in millions of meals. They brought in fuel through the Defense Logistics Agency.”

There were, Hauer explained, millions of gallons of fuel in underground storage tanks, but gas station operators lacking generators to run their pumps couldn’t retrieve the fuel. It’s another example, albeit a small one, of business owners choosing profit over resilience, because those generators can cost $50,000 or more. Following Sandy, needing to get the gas stations up and running again, federal government responders pumped $14 million worth of fuel into stations along “critical routes” and New York State installed generators in the majority of these stations, free of charge. Donating fuel and generators to key stations during a short-term, localized crisis is one thing; convincing the owners of gas stations around the country to install backup generators in anticipation of a crisis is quite another. It would seem like a no-brainer, a way for owners to ensure that their pumps will function even when the power is out. But where the bottom line is at stake, small business owners are reluctant to make the investment. In such circumstances, Craig Fugate explained, bureaucrats are left with what he called the basic tools of government, “which are extortion and bribes. Either I give you grant dollars to get you to do something you would not otherwise do, or I tax you to change behavior for what you will not do otherwise.”

New York City has a population of eight million people. Without federal assistance, Hauer said, New York City “could probably last for two days.” The City of New York has warehoused millions of MREs, or meals ready-to-eat, but with a population of eight million these are nothing more than a stopgap. Any crisis lasting more than a few days would be a struggle. In the case of something as widespread as a grid outage, Hauer explained, New York couldn’t rely on federal assistance, because it would be competing with other states for food. … FEMA “only has so many millions” of MREs stockpiled, and the private companies that produce them would be overwhelmed; states would have to get in line.

The disaster relief industry, at least that segment of it dealing with producing and distributing long-lasting food supplies, has its own operational complexities.

[prepper company could produce freeze-dried food fast enough – but couldn’t get enough to freeze due to the suppliers, a problem for everyone]. There is a limit to how much fresh food is available for processing at any given time. The manufacturers who supply government relief agencies with MREs were having to wait every bit as long for product. They just couldn’t get the necessary raw materials. I had previously explained the premise of this book to Davis and Fulton, and Davis was close to speechless. “Oh, my gosh!…That kind of thing is so far beyond…The numbers would just…It would bury us within days.

Why not just build up the MRE stockpile when supplies are available? It’s an issue of shelf life, which for MREs is only five years. “So,” explained Fulton, “you look at the MRE manufacturers who are trying to build inventory post the tsunami in Japan; they overbuilt, because when buying of MREs stops, it stops and it stops fast. Having a surplus of MREs means a warehouse full of product that loses value with each passing year. Everybody wants fresh inventory that will last a full five years. So there’s no incentive for the MRE manufacturers to build up a massive backlog. The only reason to stockpile would be if they knew for sure that an emergency will happen in the next 5 years.

FEMA and other government relief agencies are in the same boat as manufacturers. Ideally, they would want to buy MREs on short notice, but the industry is incapable of meeting crisis-level demands. Loading up on inventory is another option, but the government is disinclined to spend large sums on contingency planning when there’s no immediate crisis brewing, especially given that five-year expiration date. The critical factor, then, is the supply chain. There is a limit to how much fresh food is available for processing at any given time. It cannot simply be turned on at a moment’s notice. Freeze-dried foods are a longer-lasting option than MREs—properly processed and stored, freeze-dried and dehydrated product can last up to 25 years, but even a bare-minimum supply of such food would cost at least $2,000 per person per year.

If Congress was convinced that at some point the government might need to provide emergency food supplies to, say, thirty million people for a year, it could, for $2,000 a head, provide the basics to keep them alive. Could this be part of a solution? The $60 billion cost is hardly prohibitive when you consider how many lives would be at stake. It would probably take the industry years to accumulate the necessary raw materials, but in theory it seems a viable option. What can be projected with some confidence is that any crisis—whether EMP or cyberattack—that knocked out electricity for more than a couple of weeks over a multistate area would exhaust emergency food supplies in a matter of days.

Ray Kelly served in the New York City Police Department for a total of 47 years. People have the potential to take things by force. What happens in an elderly community, where they’re certainly susceptible to being attacked in terms of taking what they have, the limited resources, least able to defend themselves?

There were reports in the wake of Hurricane Katrina that as many as 200 members of the New Orleans police department were under investigation for deserting their posts. The number of police officers ultimately charged was closer to 50, but the stresses and challenges facing first responders worried about their own families are not difficult to understand.

Winter, when there is no safe source of heat, would take a particularly heavy toll. In an environment of crowded, hungry, freezing people, each passing day would presumably elevate the potential for violence.

We are inclined, as Tom Ridge observed, to be a reactive society. We apply unimaginable amounts of money toward dealing with the aftermath of crises.

The most conservative estimates put the financial cost of the wars in Afghanistan and Iraq at around $1.5 trillion. Most estimates are significantly higher. The Transportation Security Administration, which came into being as a direct consequence of the 9/11 terror attacks, now employs 55,000 people, with an annual budget in excess of $7 billion. Over the course of the past 14 years TSA has been funded to the tune of somewhere between $90 to $100 billion of protection we didn’t know we needed before 2001.

Nor, it seems, has the money been particularly well spent. In early June 2015, the Department of Homeland Security revealed that its teams of undercover investigators were able to smuggle dummy explosives and weapons through TSA checkpoints at airports around the country in 95% of cases.

As homeland security coordinator for Park County, Martin Knapp worries about what might happen on his turf, and what to do about it if it does. Knapp has considered the prospect of an electric grid going down, but there’s been no guidance on the subject from Homeland Security in Washington. “In fact,” said Knapp, “that even goes as far down as the state level. When I’ve called or tried to say, ‘Hey, I’m working on something here if this happens. What does the state recommend, or what are you going to do?’ they won’t tell me. They refuse to fill me in because they don’t want it to get out what we’re going to do—what they’re going to do. I’ll say, ‘I thought we’re on the same team here.’ But that’s, you know, it’s secret squirrel stuff.

I want to know what I can expect from the Red Cross if I call them for resources. In late 2014, journalists from Pro Publica and National Public Radio published an article titled “The Red Cross’ Secret Disaster.” It is a devastating account, depicting an organization more concerned with bolstering its public image and raising funds than with maintaining the actual machinery of disaster relief. Among the findings: emergency vehicles taken away from relief work and staged as backdrops for press conferences; inadequate food, blankets, and batteries in locations where these were desperately needed; tens of thousands of meals thrown out because no one knew where to find the people who needed them.

If not the Red Cross, FEMA, or the Department of Homeland Security, where should the interested citizen turn? What is available online can be pathetically inadequate, boiling down to the customary recommendation for two to three days’ worth of food and water, warm clothing, a functioning battery-powered radio, and extra batteries. Disaster preparation recommendations usually include a predetermined plan for where and how the family will meet. Beyond that, citizens are largely adrift, left to find their own solutions. To the degree that government and its disaster relief operations focus our attention at all, they direct it toward the familiar: natural disasters common to our region, or variations on terrorist attacks that have already occurred. Americans have been left to select their own approaches to the prospect of a lengthy, widespread loss of electric power.

There is a growing movement around the country based on the assumption that neither government agencies nor private relief organizations can be relied upon in the event of any major disaster. A generation or two ago, they might have been called survivalists, and today “Preppers,” who can be found across the political spectrum. They are not necessarily prophets of doom, simply those who want to be ready for the worst. As such, they are accustomed to a measure of mockery; they are, after all, only rarely proved right. It takes considerable time, effort, and often money. Needed are knives, guns, fire starters, water filters and freeze-dried foods. Bill Cirmo runs the prepper-catering Bibo Outfitters, Inc. The priciest item in Cirmo’s inventory, at $18,900, is a “bug-out trailer.” This is designed, he explained to research assistant Rachel Baye, for a very long-term, high-impact event. He cited a number of examples: a nuclear explosion, an EMP attack, a chemical attack. Along with full nuclear, biological, and chemical suits and decontamination stations, the trailer carries batteries charged by the trailer’s solar panel and wind-powered generator. Cirmo assured Rachel that, equipped as it is with a water filtration and distillation system and a 30-day supply of food, one could just hook it up and drive it away.

What about outsiders fleeing the cities? How would that change the dynamic? It didn’t seem to worry him: “As far as people coming in here from a couple hundred miles away, they’re going to have to get enough fuel to get here. That’s one thing. But somebody comes in here and pulls a pistol on somebody, ‘Gimme your food’ ”—the prospect was mildly amusing to Knapp—“four people in the house pull out rifles and everything else, saying, ‘I don’t think so.’ It’s like bringing a knife to a gunfight. People around here, because there are so many guns, they’ve got ways to kind of protect themselves. And a lot of them would, without thinking twice about it.” A place like Cody might very well be brimming with “western hospitality,” but this is a place that has never been put to the test of a large-scale influx of domestic refugees. How overburdened civic organizations would respond, to say nothing of individual citizens, is unknowable.

Underlying all expectations of survivability in a major city like New York is the assumption that underpopulated places such as West Virginia or Wyoming could, in extreme circumstances, absorb a couple of hundred thousand urban refugees. And perhaps they would, because the residents of those areas really do take notions of neighborliness and community values seriously. But when Joe Nimmich of FEMA and former DHS secretary Michael Chertoff speak blithely of evacuating several million people from a city like New York, there is really no concept of where they might resettle all these refugees. Insofar as the residents of a town such as Cody, Wyoming, have maintained their traditional values, they have done so in an environment of what Jeff Livingstone described with searing if unintentional candor as “non-diversity. To just assume, however, that the underpopulated rural regions of the United States are inclined or even able to absorb tens or hundreds of thousands of urban refugees—white, black, brown, many of them poor—is to place too much reliance on the notion of neighborliness.

What can you do?

The loss of electricity for tens of millions of people, extending over many weeks, requires something altogether different. The greater the level of self-sufficiency and the larger the number of social networks able to function independently for at least a week or two, the more successful government relief efforts will ultimately be.

The Mormon church has established a model that makes good common sense, one that serves to support families in times of illness or unemployment, natural disaster or international crisis. It is designed to cushion families during hard times over an extended period. Certainly most families cannot afford to immediately lay in a six-month supply of food and water. Too many families lack the resources to meet even their daily needs. But if those who can afford it take on the responsibility of longer-term survival, supplies available to emergency management agencies can be reserved for the very neediest.

Many urban dwellers, living in small urban apartments, lack space, but when what is at stake is survival, it’s astonishing how much can be tucked away in small spaces. To establish a foundation with long-lasting, nourishing foods that have sustained needy families for generations—rice, wheat berries (and the grinder to make flour), beans—and large containers of water seems ridiculous in times of plenty, but it can become the difference between survival and starvation during an extended crisis. True, the wheat berries and grinder are not likely to find many converts among city dwellers, but the goal is to build up a supply of nonperishable goods, small amounts at a time.

What will, for most people, be the most difficult to replicate in the Mormon experience, however, is the intricately organized community, existing on both the local and national levels. There are well over 2,000 Community Emergency Response Teams (CERTs) throughout the country. They are affiliated with FEMA and provide a useful structure for implementing disaster relief, but they don’t have much of a presence in America’s cities.

Our national leaders are in a precarious place. They recognize the scale of danger that a successful cyberattack represents. However, portraying it too graphically without having developed practical solutions runs the obvious risk of simply provoking public hysteria.

Cybersecurity for small to medium-sized power companies will only function if the information can be shared across the industry and between industry and government. A truly functional, top-to-bottom cybersecurity system for the electric power industry is not likely to happen until after a major, debilitating attack on the grid has occurred. One expert summed up that until then, half of the Congress will say why we should do it, and then the other half will say why we shouldn’t do it. And then they’ll argue it, and they have no tactical understanding, most of them, about what they’re arguing. Unless there’s a true crisis, we’re going to move slow.

PHYSICAL Attacks

The scene was shortly before 1:00 a.m. on April 16, 2013, at the Pacific Gas and Electric Company’s Metcalf Transmission Substation, a few miles south of San Jose, California. To understand what happened, we rely on the exhaustive investigation by Wall Street Journal reporter Rebecca Smith. It is important to note at the outset that since her story was published in February 2014, no authority has questioned the accuracy of her work. We know that there were several saboteurs, but not how many. At least two members of the unit lifted a metal vault cover (too heavy for a single individual) leading to an underground vault containing AT&T’s fiber-optic telecommunications cables. With the cutting of those cables, the attack began. Slightly more than half an hour after cutting communications, the saboteurs attacked the actual substation, knocking out seventeen giant transformers over the course of nineteen minutes. Based on shell casings found at the scene, investigators believe that the gunmen used AK-47 assault rifles. In a remarkable feat of timing or coincidence, the saboteurs left the scene at 1:50 a.m., just one minute before the police arrived to find the substation locked. Video from surveillance cameras was of little help because the cameras were aimed toward the substation, while the shooters were positioned outside the perimeter. These attackers seemed to know what they were doing. Jon Wellinghoff, who was chairman of the Federal Energy Regulatory Commission (FERC) at the time of the attack, thinks the attackers may have been engaging in a rehearsal rather than a comprehensive sabotage operation. What they found, among other things, was that the shell casings left behind were free of fingerprints. They discovered small piles of rocks at key locations outside the substation and concluded that these might have been placed by advance scouts, establishing the most advantageous shooting locations. The experts concluded, as Wellinghoff told the Wall Street Journal, that “it was a targeting package just like they [SEALs] would put together for an attack.

The government knows this is a problem but has done nothing

Former secretaries of defense James Schlesinger and William Perry, former directors of central intelligence John Deutsch and James Woolsey, and former White House national security advisors Stephen Hadley and Robert McFarlane, sent a confidential letter, not previously released, to the chairman and ranking member of the House Committee on Energy and Commerce. Written in support of the pending Grid Reliability and Infrastructure Defense Act, the letter came to some blunt conclusions: “Virtually all of our civilian critical infrastructure—including telecommunications, water, sanitation, transportation, and healthcare—depends on the electric grid. Under current conditions, timely reconstitution of the grid following a carefully targeted attack if particular equipment is destroyed would be impossible; and according to government experts, would result in widespread outages for at least months to two years or more, depending on the nature of the attack.” The House passed the proposed legislation. It has been stuck in the Senate ever since.

Video from surveillance cameras was of little help because the cameras were aimed toward the substation, while the shooters were positioned outside the perimeter. These attackers seemed to know what they were doing. What they found, among other things, was that the shell casings left behind were free of fingerprints. They discovered small piles of rocks at key locations outside the substation and concluded that these might have been placed by advance scouts, establishing the most advantageous shooting locations.

Jon Wellinghoff, who was chairman of the Federal Energy Regulatory Commission (FERC) at the time of the attack, remains unconvinced. He thinks the attackers may have been engaging in a rehearsal rather than a comprehensive sabotage operation. The experts concluded it was a targeting package just like they [SEALs] would put together for an attack.

An analysis by FERC concluding that if nine of the country’s most critical substations were knocked out at the same time, it could cause a blackout encompassing most of the United States.

ELECTROMAGNETIC PULSE ATTACK

A report estimated that only one in ten of us would survive a year into a nationwide blackout, the rest perishing from starvation, disease, or societal breakdown. The commission estimated that protecting the national electric grid against an EMP attack would cost about $2 billion. It is unclear whether our elected representatives have decided that the threat of an EMP attack is not that realistic after all or whether the failure to act owes more to their conclusion that there are more pressing issues requiring the expenditure of more than $2 billion. In the endless competition for federal funding, Washington has grown inured to the chorus of lobbyists crying wolf on behalf of one cause or another.

The government can’t make industries ramp up their cybersecurity systems

There is an unavoidable tension between industry’s insistence that it be allowed to operate within a free enterprise system and government’s responsibility to develop high standards of safety and security for what may be the nation’s single most critical piece of infrastructure. This tension has resulted, in the electric power industry, in a high-stakes duel between corporations and government regulators, the consequences of which are cybersecurity regulations so patchwork and inadequate as to be one of the chief sources of the grid’s vulnerability.

Because the system’s maintenance and protection reside in so many different hands, though, and because its complexity has made each player more dependent on computerized control systems, the grid is also more vulnerable than it used to be. New forms of interconnections between and among firms create new pathways through which malicious cyberattacks may travel.

The electric power grid may only be as strong as its weakest link. Leaders in the industry will argue that they have invested enormous resources in protecting their infrastructure, and they have. But smaller companies with lean profit margins are simply not inclined to spend a great deal on cybersecurity. The weakest links in this system tend to be the smaller companies with the poorest security and maintenance practices. This presents a particularly serious problem within the power industry because of the interconnectedness of the grid. “If you bring down the small [companies] in the right order,” Alexander explained, it could initiate a domino-like “cascade effect.

Cascading outages could compromise the systems of larger companies, quickly threatening the entire network. “It’s not that they’re bad,” he said of less well-defended companies. “It’s just that they don’t have the infrastructure, the resources to do what actually needs to be done.

The Federal Energy Regulatory Commission can and does propose regulations for the industry. But each of those proposals must be put to a vote by the NERC membership, which represents the entire industry. Since each regulation proposed by FERC requires approval by two-thirds of NERC’s members—large and small, major corporations and those with tighter budgets—the system is not designed to generate the most rigorous standards.

Only when the industry has shaped and polished the regulations that will govern its behavior is FERC finally empowered to enforce the rules that emerge. NERC has an enforcement capacity as well, but in 2013 it levied only $5 million in penalties against utilities failing to meet mandatory defense standards.

In 2014 the sum of all penalties dropped to less than $4 million. To provide context, in August 2013 the industry’s 3,200 utilities sold $400 billion worth of electricity; penalties added up to less than 0.001 percent of gross revenues.

FERC’s limited jurisdiction. American democracy rests on a foundation of competing tensions among local, state, and federal laws, and laws governing the electric power industry reflect those tensions. The nationwide transmission of electricity along high-voltage power lines is subject to federal regulations, enforced by FERC. Once the electricity has been conveyed from the generating facility to its ultimate point of distribution, though, it is no longer under federal jurisdiction. To be clear: while electricity is being conveyed across the country at maximum efficiency, the process is subject to federal regulations. Once it’s handed off to the local companies that transmit electricity to the local consumers, no federal regulations apply. At that point, it’s under state authority—50 different jurisdictions, in which regulations focus almost exclusively on the financial side of the business. The state commissions that govern those local companies control the rates that local utilities can charge, but many of them pay scant attention to issues of grid security.

To say that this loophole sticks in George R. Cotter’s craw is to understate his passion. His expertise on the vulnerabilities of the electric power industry comes from a lifetime’s experience within the National Security Agency, in which he served as chief of staff, as chief scientist, and twice as head of its technology division. Cotter fumes at what he regards as the idiocy of the regulations enforcing the security of the electric power industry. The final leg of the system, Cotter explained, everywhere that electricity is actually delivered to consumers, is not covered by federal security regulations, and the industry wants to keep it that way. “Most of the critical infrastructure is in urban areas. Entire national security establishments are not covered by the law or by NERC.

The electric industrial grid is in the hands of the private sector. “Nobody’s in charge there, nobody has responsibility, nor can anybody require that they do work. One would think that FERC could direct and require more cybersecurity be employed by the owners and operators of the electric grid.

Former senator John D. Rockefeller IV (D-W.Va.), who has served as chairman of both the Senate Commerce and Intelligence Committees, has similarly given up hope of enforcing tough security measures on the electric power industry. There was a time, he told me, when he could count on the support of a number of senior Senate Republicans. “Then all of a sudden comes the Chamber of Commerce in 2011 and some lobbyist goes back there and says, ‘We gotta shut this thing down…overregulation, heavy-handed government, et cetera.’ They were afraid of having to spend money that they couldn’t prove to themselves they would actually need to spend.

The Balancing Act

It is winter and Chicago needs more electricity between the hours 2:00 and 5:00 p.m. Florida Power and Light, which has more capacity than it needs in the winter, says it can do this and here is the price. If it is the lowest, that electricity has to get from Florida to Chicago, and pathways are limited. Communities are inclined to object to the presence of high-tension wires near people’s homes. Because of what’s come to be known as the NIMBY (not in my backyard) factor, there are relatively few high-power transmission lines in key locations around the country. So that power isn’t guaranteed to reach Chicago. These high-power transmission towers and cables are like a rail line in that the conveyance of electricity along those transmission lines has to be scheduled. In this metaphor though, Florida Power and Light has agreed to dump power onto the grid between two and five in the afternoon, but unlike trains, electricity isn’t conveyed directly from point A to point B. The electricity leaving Florida probably won’t be delivered to Chicago. It’s all about maximum efficiency and maintaining overall balance between demand and supply throughout the system. To coordinate this, the industry has set up regional authorities, the regional transmission organizations and independent system operators, which monitor “traffic” to ensure that no transmission lines in their area become overburdened.

This monitoring process, while routine, also creates a dangerous point of vulnerability. If someone was able to hack into an RTO or ISO and deliberately overload the lines, the impact would be swift and physical. The lines would start to droop from the heavy load. They would overheat, perhaps melting the line or setting trees on fire. There are built-in controls to ensure that such an overcapacity never happens, but if a hacker got into the system and targeted those controls, so that the operations center doesn’t see it then no action will take place to stop this Such a situation could quickly escalate out of control. If you can break key transmission lines, you can produce cascading, potentially catastrophic outages.

Businesses have concluded that the advantages of the Internet are nevertheless worth whatever vulnerabilities may emerge as by-products. The electric power industry has made the same calculation. However dangerous the consequences of conducting our businesses and operating our infrastructure on the Internet, we are simply incapable of functioning without it.

A force five hurricane hitting Miami might cost $200 billion dollars, but the business of cyber insurance is relatively new, where predicting the likelihood of events is impossible. It barely begins to define the challenge of insuring a power company against the cost of a catastrophic cyberattack, and certain industries such as utilities, power, electric, water, that have unique exposure with an extraordinarily high risks that could cost more than a class 5 hurricane. So no one is likely to provide complete coverage. a complete blackout in a certain part of the country for a three-month stretch, the loss of businesses, looting and more that could ensue could cost a lot more than $200 billion

In early October of that year, ten American financial institutions were revealed as targets of a huge cyberattack. An anonymous senior official speculated to the Times that the attack could have been in retaliation for those U.S. economic sanctions on Moscow. George Cotter believes that the rash of cyberattacks on U.S. banks during the summer and fall of 2014 does, in fact, constitute a warning from the Kremlin, related to events in Ukraine—a demonstration to Washington of what might follow if economic sanctions escalated.

The calibrated application of such cyber blackmail has been under way for some years, and its users extend beyond Moscow and Beijing. It would go a long way toward explaining the on-again, off-again nature of U.S. foreign policy toward Syria where Syrian leader Bashar al-Assad has a cyber operation which he routinely runs against Wall Street, intended as a strong message to the U.S. government. These attacks tend to be relatively low-tech distributed denial-of-service attacks against American banks, but Assad is demonstrating that if you unleash an attack against the Syrian armed forces, against the Syrian government, all hell will break loose in the United States’ financial sector, which has no doubt restrained U.S. actions against Assad.

Until May 2012 Howard Schmidt was President Obama’s White House advisor on cybersecurity. What would he say, I asked, if the president asked him directly, “Howard, is there a way we can guarantee that a cyberattack won’t knock out one of our power grids?” “Absolutely not,” said Schmidt, confirming what other specialists had been telling me: the greatest cyber threats to the U.S. infrastructure are in the hands of the Russians and the Chinese. Schmidt also echoed the assumption that China and Russia, encumbered by a network of interlocking interests with the United States, would likely be constrained from launching a full-scale cyberattack on an American power grid. Could they do it? Yes. Would they? Only in the context of an expanding crisis.

North Korea is yet several notches below Iran on the capability scale but has almost no interlocking interests with the United States and therefore even fewer restraints. In some ways most worrisome of all is the realm of individual hackers, whether independent or at least not visibly associated with a national government. The North Koreans, while less advanced than the Iranians, are well along in their development of cyber war capabilities, due in no small part to instruction by the Chinese and Russians.

Why does there seem to be such limited awareness of the impending danger? Austin’s answer was simple. “We’ve not experienced a significant effective attack against our power grid or against our transportation networks. So, like 9/11, I don’t think people realize how vulnerable you are until they see something happen. “I think some of the key folks in the banking industry, in the transportation industry, they have clearly realized that there are vulnerabilities that we need to guard against or protect, and they’re doing some things about them. But as you connect one system to the other across this nation, there’s just a lot of points of entry, a lot of points of potential failure that I don’t think people have thought through adequately.

The government agencies and civic organizations charged with enabling the nation to recover from catastrophe are also woefully unprepared. Keith Alexander’s many years in the military provide some understanding of those confronting multiple crises simultaneously. He puts it this way: “Everybody’s out there fighting today’s alligators, and we’re talking about future alligators, and they say, ‘Look, I’ve got this problem with ISIS, I’ve got this problem with Afghanistan, Gaza keeps coming up, I got this wingnut in North Korea; and you’re talking about a potential problem.’

LARGE POWER TRANSFORMERS

The number of large power transformers (LPTs) in use in the United States is staggering. There is a great deal of information that the power industry refuses to make public, and the exact number of LPTs is one such statistic. The Department of Energy can only hazard a guess as to how many large power transformers are in use, but it reports that the number “could be in the range of tens of thousands.

Because LPTs are very expensive, 3-10 million each plus tailored to customers’ specifications, they are usually neither interchangeable with each other nor produced for extensive spare inventories. Because they are very expensive, only the largest and most profitable power companies can afford to keep backup transformers on hand. Because the vast majority of LPTs are built overseas, it takes a very long time to replace them.

These transformers are so enormous—anywhere from 400,000 to 600,000 pounds—that they cannot be transported on a standard railroad freight car. It requires the use of a specialized railroad freight car known as a Schnabel. There are only about 30 of these in North America. Some of the original transformers were delivered so many years ago that the rail lines on which they were transported no longer exist. When LPTs are transported by road it calls for a modular device 70 feet long with 12 axles and 190 wheels. The unit occupies two lanes of traffic and requires special permits from each state through which the transport will pass. Because of the enormous dimensions and weight involved, these special permits often call for the prior inspection of various bridges and other pieces of infrastructure along the way.

Government preparation for a long-lasting grid outage: it’s up to you!

With the passage of the Homeland Security Act in November 2002, Tom Ridge became the first secretary of the Department of Homeland Security (DHS), responsible for overseeing what had been 22 separate departments and agencies as diverse as the Secret Service, the Coast Guard, and the Immigration and Naturalization Service. The department’s mandate, conceived as it was through the prism of what had just happened, essentially boiled down to preventing another terrorist attack. During subsequent years, the department’s mission has evolved, in the public mind, to what might almost be described as a policy of “protect almost everything against almost anything.” Ridge acknowledged that the department ought to be doing even more on at least one level: ensuring security, he agrees, involves not only preventing disaster but also planning for its potential consequences. That part of the mission, Ridge told me, is almost doomed to fail. “We are not a preemptive democracy. We are a reactive one. Rare are the occasions on which we act in anticipation of a potential problem.

Each secretary of homeland security has conceded the likelihood of a catastrophic cyberattack affecting the power grid; none has developed a plan designed to deal with the aftermath. So how can a citizen cope? No government agency has guidelines for private citizens because there’s nothing any individual can do to prepare. We’re all connected, it’s not just you but your neighbors and more. So basically an individual can’t do anything and the government won’t do anything.

Michael Chertoff estimated that a concerted cyberattack could knock one or more power grids offline for several weeks. When I asked whether the American people are prepared for anything like that, he replied: “In some parts of the country, people do stock food and buy generators. In urban centers people don’t do that. In New York you’d try to move a lot of people out over a period of time.

Since moving eight million people clearly isn’t going to ever happen, I went to my local fire department where the captain told me there were secret locations of food and water, but only for the first responders.

I asked Janet Napolitano, former secretary of Homeland Security if there were a plan for a blackout that covered several states and efforts to restore power took weeks or even months? She replied that there was no plan that would be adequate in that circumstance.

In the case of a power grid going down, urging people to stay in their homes may be the right thing to do, at least in the immediate aftermath. Buildings would be essentially undamaged and bridges, roads, and tunnels untouched, leaving routes open for resupply convoys and voluntary evacuation for those who choose to leave.

Joe Nimmich at FEMA was reluctant to accept my premise of a wide-ranging, weeks-long electric power outage affecting millions of people. If it did happen the federal government would be ready to deal with it. He was confident that electric power sufficient to avoid a catastrophe could be restored quickly. “I’ve planned for a million people being homeless, I’ve planned for tens of thousands of people being deceased. I think very easily we can convert those plans.” Nimmich was describing a scenario in which Southern California is hit by a catastrophic earthquake. “When we look at the plan…we’re talking about activating 70,000 troops.” He referenced Title X, the legal basis for the roles and missions of the armed forces, saying that he had planned for “the National Guard to keep law and order, and the Title X forces to be able to go in and actually help people move.” Relocation was central to Nimmich’s plan. “The plan is, you start moving people east. You take them out of Los Angeles, put them in hotel rooms in Nevada.

When I put the grid outage in Manhattan. Nimmich was undeterred, again saying that people in Manhattan would be moved out of the area, whether by bus or train to where they’re no longer in a life-threatening situation, even if it’s 6 million people. Basically Nimmich said that there is no plan because the experts don’t think the grid could come down very long.

Joe Nimmich’s boss is Craig Fugate, the administrator of FEMA who rejected the idea of a mass evacuation plan for Manhattan since they couldn’t be moved fast enough, and where would you move them to? Nor have the agencies who’d be called on to deal with this agreed on even the most fundamental questions.

He told me that a long and widespread power outage would lead to a loss of life because our systems depend on electricity – from water treatment to hospitals to traffic control to all these things that we expect every day, our ability to operate without electricity is minimal.

If this happened, the burden would fall on state and local governments, but after weeks or more it would be FEMA trying to help support the stats to be secure, maximize what power we do have to come back online, work out what it takes to keep food and critical systems running with generators and fuel. Top priority is enough power to pump, treat, and distribute water through the system. You have to keep the water system up for sewage as well. Bottom line is that people have to drink, eat, waste has to go somewhere, medical care, and law and order.

In the event of a regional crisis, the first lines of authority run through state capitols. It’s up to the governor of any given state to mobilize the National Guard, up to the governor to order an evacuation, up to the governor to request federal assistance. The day may come when a cyberattack has such wide-ranging consequences that it will have to be treated as a hostile act against the United States. It will be, quite literally, an act of war. Until that time, however, the federal government tends to wait until the states request assistance.

Governor Andrew Cuomo of New York would likely first turn to his state commissioner of homeland security and emergency services, Jerome Hauer, who wasted no time in expressing his lack of confidence in the federal government’s understanding of the power grids, and his conviction that a cyberattack on a control station would have devastating consequences.

Hauer told me that since New York City can’t be evacuated, shelters would be set up, and the thousands of people trapped in elevators rescued.

He described how the Hurricane Sandy emergency was handled. Though it created great hardship for many people, the scale and duration were manageable. The federal government brought in millions of meals and fuel through the Defense Logistics Agency. There were also millions of gallons of fuel in underground storage tanks, but most gas station operators didn’t have generators, and no wonder, since generators can cost $50,000 or more. To get gas stations running again, the federal government responders pumped $14 million worth of fuel into stations along “critical routes” and New York State installed generators for free. Convincing the owners of gas stations around the country to install backup generators in case of a crisis would require government grants or taxation that forces them to.

Without federal assistance, New York City could probably last for two days. The City of New York has warehoused millions of MREs, or meals ready-to-eat, but with a population of eight million these are nothing more than a stopgap. Nor could NYC count on federal assistance because it would be competing with other states for food. FEMA “only has so many millions” of MREs stockpiled, and the private companies that produce them would be overwhelmed. States would have to get in line.

The Disaster Relief Industry

The segment of it dealing with producing and distributing long-lasting food supplies, has its own operational complexities. There is a limit to how much fresh food is available for processing at any given time. Producing enough MRE’s for a long grid outage is inconceivable. Even building a stockpile when supplies were available is a problem – the shelf life of MREs is only 5 years. A warehouse full of them loses value over time, so there’s no incentive to build up a massive backlog, unless it was certain there were going to be an emergency in the next five years.

FEMA and other government relief agencies are in the same boat as disaster relieve supply makers to meet crisis-level demands. Loading up on inventory is an option, but the government is disinclined to spend large sums on contingency planning when there’s no immediate crisis brewing, especially given that five-year expiration date. The critical factor, then, is the supply chain. There is a limit to how much fresh food is available for processing at any given time. It cannot simply be turned on at a moment’s notice. Freeze-dried foods are a longer-lasting option than MREs, lasting up to 25 years if properly processed and stored. But these are expensive, a bare minimum of food would cost at least $2,000 per person a year.

Even if Congress was convinced that at some point the government might need to provide emergency food supplies to, 30 million people for a year, the $60 billion cost is not prohibitive when you consider how many lives would be at stake. It would probably take years to do, but is certainly viable.

What can be projected with some confidence is that any crisis—whether EMP or cyberattack—that knocked out electricity for more than a couple of weeks over a multistate area would exhaust emergency food supplies in days.

Other problems

There were reports in the wake of Hurricane Katrina that as many as 200 members of the New Orleans police department were under investigation for deserting their posts.

Winter, when there is no safe source of heat, would take a particularly heavy toll. In an environment of crowded, hungry, freezing people, each passing day would presumably elevate the potential for violence.

As Tom Ridge observed, we are a reactive society. We apply unimaginable amounts of money toward dealing with the aftermath of crises. The most conservative estimates put the financial cost of the wars in Afghanistan and Iraq at around $1.5 trillion.

And more. The Transportation Security Administration, which came into being as a direct consequence of the 9/11 terror attacks, now employs 55,000 people, with an annual budget in excess of $7 billion. Over the course of the past 14 years TSA has been funded to the tune of up to $100 billion for protection we didn’t know we needed before 2001. The money has not been well spent. In 2015, the Department of Homeland Security revealed that its teams of undercover investigators were able to smuggle dummy explosives and weapons through TSA checkpoints at airports around the country in 95% of the time.

As homeland security coordinator for Park County, Martin Knapp worries about what might happen and what to do if it does. There’s been no guidance on the subject from Homeland Security in Washington or the state level for that matter. Neither will tell him because they don’t want it to get out what they’re going to do.

In 2014, journalists from Pro Publica and National Public Radio published an article titled “The Red Cross’ Secret Disaster.” It is a devastating account, depicting an organization more concerned with bolstering its public image and raising funds than with maintaining the actual machinery of disaster relief. Among the findings: emergency vehicles taken away from relief work and staged as backdrops for press conferences; inadequate food, blankets, and batteries in locations where these were desperately needed; tens of thousands of meals thrown out because no one knew where to find the people who needed them.

Prepare yourself, the government and Red Cross aren’t going to be able to help you

If not the Red Cross, FEMA, or the Department of Homeland Security, where should the interested citizen turn? What is available online can be pathetically inadequate, boiling down to the customary recommendation for two to three days’ worth of food and water, warm clothing, a functioning battery-powered radio, and extra batteries. Disaster preparation recommendations usually include a predetermined plan for where and how the family will meet. Beyond that, citizens are largely adrift, left to find their own solutions. To the degree that government and its disaster relief operations focus our attention at all, they direct it toward the familiar: natural disasters common to our region, or variations on terrorist attacks that have already occurred.

Americans have been left to select their own approaches to the prospect of a lengthy, widespread loss of electric power. It takes considerable time, effort, and often money.

At Bibo Outfitters, you can get knives, guns, fire starters, water filters, and freeze-dried foods from the Saratoga Trading Company. The priciest item at $18,900, is a bug-out trailer designed for a very long-term, high-impact event, such as nuclear explosion, EMP, or chemical attack. It has full nuclear, biological, and chemical suits and decontamination stations, batteries charged by the trailer’s solar panel, a water filtration and distillation system and a 30-day supply of food that you can hook up and drive off with.

Some preppers aren’t worried about people fleeing from cities hundreds of miles away, because they’d have to have enough fuel and would be met with guns if they showed up. A lot of rural people wouldn’t think twice about shooting someone. So assumptions that people in NYC could be moved to underpopulated places such as West Virginia or Wyoming is not going to work. Perhaps 200,000 could be absorbed, but not several million people. Nor is it likely that red state traditional values folks would welcome liberal city dwellers and people of color.

Conclusion

We should be focused on the wholesale threat of cyber catastrophe. In such an event, the Department of Homeland Security would be working with industry to help them restore and maintain service. It should be focused on developing a more robust survival and recovery program for the general public; but DHS has neither the capacity to defend our national infrastructure against cyberattack nor the wherewithal with which to retaliate. A criminal attack would be the responsibility of the FBI; an attack on infrastructure by a nation-state or a terrorist entity would become the immediate responsibility of the Defense Department. Anticipating and tracking external cyber threats to U.S. infrastructure should be, by virtue of capability if nothing else, the responsibility of the NSA.

We have become disoriented by the similarities between the aftermath of a natural disaster and what will be required when it comes to helping the nation deal with the aftermath of a cyberattack on a grid. We need to adapt to the realization that at an as-yet-undetermined point a cyberattack on one of the nation’s three electric power grids amounts to an attack on the United States.

It would be no less an act of war than an air raid by enemy bombers or a strike by enemy missiles. When General Alexander describes the emergency cabinet meeting that the president would convene in such an event, he pointedly compares it to what would take place in a nuclear command and control situation. What would result directly from such an attack—the population flow, the extended distribution of emergency supplies, and the likelihood of civil unrest—would require the combined expertise and resources of many government agencies, but all would fall, inevitably, under the overall control and management of the military. It is the only organization with the equipment and manpower equal to the task. That will become all too self-evident after an electric power grid is disabled.

The imposition of order, the distribution of essential supplies, the establishment of shelters for the most vulnerable, the potential management of hundreds of thousands, if not millions, of domestic refugees will be complex enough if the general public knows what to expect and what to do. In the absence of any targeted preparation, in the absence of any serious civil defense campaign that acknowledges the likelihood of such an attack, predictable disorder will be compounded by a profound lack of information. It would be the ultimate irony if the most connected, the most media-saturated population in history failed to disseminate the most elementary survival plan until the power was out and it no longer had the capacity to do so.

It is time to decide which experts we are prepared to trust. In researching this subject, I have found myself relying significantly on the expertise of George Cotter. His credentials, as former chief scientist at the National Security Agency, are a major factor, but at some point all reporters find themselves confronting a moment of decision. Almost by definition, when we are dealing with complex subjects, we tend to be less knowledgeable than the sources we are interviewing. At one point or another in this process, each of us ends up trusting his gut—deciding, quite simply, how much confidence to place in each source. I think George Cotter knows what he’s talking about. In April 2015 Cotter produced his fourth white paper in a series titled Security in the North American Grid—A Nation at Risk. He sends these white papers to policy makers and federal institutions charged with homeland defense. All the material cited is unclassified. Although the paper is technical, its conclusions are simple and stark:

With adversaries’ malware in the National Grid, the nation has little or no chance of withstanding a major cyberattack on the North American electrical system. Incredibly weak cybersecurity standards with a wide-open communications and network fabric virtually guarantees success to major nation-states and competent hacktivists. The electric power industry is simply unrealistic in believing in the resiliency of this Grid subject to a sophisticated attack. When such an attack occurs, make no mistake, there will be major loss of life and serious crippling of National Security capabilities.

Panetta warned that an aggressor nation or extremist group could launch “a destructive cyber-terrorist attack [that] could virtually paralyze the nation.” Some of the potential threats Panetta cited included the deliberate derailing of trains with passengers or lethal chemicals, the contamination of urban water supplies, and “the shutdown of the power grid across large parts of the country. The collective result of these kinds of attacks could be a cyber Pearl Harbor.

The inability to quickly discover the identity of an aggressor undermines the threat of retaliation. Deliberate misdirection and the chaos caused by the attack increases the possibility that a counterstrike may be aimed at the wrong target. Neither the American public nor the international community has come to terms yet with the notion that a major cyberattack would amount to an act of war, but a war that is as different from any previous war we have known as a nuclear conflict would be from conventional warfare. How do we prepare for something that we have not even adequately defined?

General Chuck Jacoby, recently retired as commander of the U.S. Northern Command, which has the responsibility for homeland defense and military assistance in disaster relief throughout North America. Among the challenges facing the NORTHCOM commander is the need to tread lightly while mustering the capacity to respond rapidly. There is in the U.S. a historical sensitivity toward the use of federal troops, particularly when it comes to maintaining or restoring order. “Every day,” Jacoby told me, “I used to say that the NORTHCOM commander’s job was to reconcile the will of the president with the authority of the governors. They own their state and they own their [National] Guard, and you know the power for authorities with enforcement capabilities really emanates from the people. So it comes up from the local police departments to sheriffs to the state to the Guard and then up to the president. And it’s a very, very deliberate legal issue to use federal military forces in an armed capacity in the homeland.

In anticipating the event of a power grid going down, however, the process will have to be streamlined and rehearsed. During the time that it takes to alert and dispatch military personnel and to mobilize the National Guard, local and state police will need to immediately secure the stores and warehouses containing essential supplies that will otherwise be stripped bare in a matter of hours. The authority exists, but without the regular conduct of combined exercises specifically designed to respond to the aftermath of a grid going down, critical supplies will be gone before law enforcement even arrives on the scene.

The question of maintaining security in the aftermath of a power grid being shut down can quickly be reduced to a matter of manpower. The U.S. military is a diminished force, with the army down to about 450,000 people. Whether that would be adequate, said Jacoby, is questionable. NORTHCOM could come up with 50,000 or so troops fairly quickly. He is torn between the discipline of military preparedness, with its indisputable value in a time of national crisis, and the American system, which is “designed,” as Jacoby said, “for inhibiting federal abuse of power, specifically armed power in the homeland. And that’s who we are as a people.

Jacoby is struck by the irony that while we have the most powerful means of communicating with the public that has ever existed, it will be essentially useless without electricity.

It should already be a settled issue how forces would be activated, and under whose command, as soon as the president is convinced that all or part of a power grid has been the target of a cyberattack. Maintaining public order and protecting the civilian population will become more difficult with each passing day. As FEMA administrator Craig Fugate acknowledged, it quickly becomes a matter of keeping as many people from dying as possible. It’s food, potable water, and enough generators to keep water flowing and a waste disposal system functioning. There is no emergency food supply even remotely adequate for what the demand would be.

Among what Jacoby described as the “pre-disaster stuff” that has to be figured out is a plan under which the federal government would acquire billions of dollars’ worth of freeze-dried food, sufficient to feed tens of millions of people for a period of months. This alone will take years once the money is appropriated and the contracts have been signed.

Americans are accustomed to going where they want to go, when they want to go. Many city dwellers have focused their survival plans on just driving to the nearest state in which the power is still on. There is no guarantee that they will be invited to stay. To the contrary. One former state employee from a small rural state told me of strategy sessions planning how they would handle a mass evacuation from an affected city. Traffic police, state police, the National Guard, and civilian volunteers wearing official paraphernalia would be stationed in key locations, offering food, water, and directions to the next gas station. But the message was stark and simple: “Our state doesn’t have the infrastructure to support large numbers of evacuees. Please keep moving.” These are issues that are quietly being discussed on a state-by-state basis. There is no national strategy.

When one major sector of the country is without electricity and the rest of the country has power, what happens? Do states have the right and the legal authority to require domestic refugees, who have neither guaranteed shelter nor the funds to rent or buy shelter, to keep moving? What happens to the economy of the darkened states? With a diminished ability to generate revenue, how long will those states be able to count on the generosity of the rest of the country? Will the federal government establish refugee camps? Where? We have barely begun to consider the problems, let alone find the solutions.

[I would add that despite spending many billions of dollars to house the homeless in California, their numbers are increasing, not decreasing $$$$]

The British in 1940 were as innocent of what to expect from a massive German air offensive as Americans are today at the prospect of massive cyberattacks against key elements of the U.S. infrastructure. There was clear evidence that something nasty was brewing; exactly what form it would take was less clear. The world had been introduced only recently to the concept of a deliberate bombing campaign against civilian targets. On April 26, 1937, German pilots, members of the Condor Legion, flying in support of Francisco Franco’s forces, infamously bombed the town of Guernica.

That carnage, immortalized in Picasso’s Guernica, would have been fresh in the minds of the British, but so would earlier reports of the Italian air force spraying mustard gas on civilian targets in Abyssinia in 1935 and 1936. Consider these events the emotional framework within which the German attacks on England were anticipated. The British government knew that it had to prepare, but for what, exactly, was unclear. Poison gas had been widely used during WWI. The Italian gas attacks in Abyssinia were another clue.

The resulting civil defense planning was a strange mixture of thoughtful preparation and misplaced emphasis. Parliament had passed the Air Raid Precautions Act in 1937, which provided the lion’s share of funding and an organizational structure that connected local and central government, but public bomb shelters were woefully inadequate. The great fear was poison gas. Thousands of decontamination chambers were set up, and nurses were trained to deal with the aftereffects of gas poisoning.

Great Britain declared war on Germany in September 1939, following the Nazi invasion of Poland; but Germany’s massive bombing campaign against Britain did not begin until almost a year later. That year’s grace period made a world of difference. The fact that Britain was a nation at war created an appropriate mindset; the delay provided the opportunity to prepare. “Between 1939 and 1940,” wrote Overy, “an army of regulars and volunteers was created capable of manning the front line; for the rest of the civil population habits of obedience to the blackout regulations, gas-mask drills, air-raid alerts and evacuation imposed on everyone an exceptional pattern of wartime behavior that persisted until the very end of the war.”

Both of my parents were refugees from Germany, denied British citizenship until the war was over. Until that time, my father was also denied permission to work. Age and his ambiguous national status made service in the British armed forces impossible, but he could, and did, serve in the Home Guard. And there begins my first, vague awareness of civil defense. My father and a neighbor, also a volunteer in the Home Guard, would patrol the neighborhood after dark armed with a long-handled whisk broom and the metal cover of a rubbish bin.

The Battle of Britain raged in the skies over London and other English cities during 1940 and 1941. That was the worst of the aerial bombardment, but even afterward German bombers carried out missions intent on destroying England’s infrastructure and terrorizing its civilian population. Among their weapons was the incendiary bomb, a small, finned tube filled with magnesium and carbide. It would explode on impact with an intense flame that burned for up to 15 minutes. Left alone, incendiary bombs were deadly and highly destructive, but there were relatively simple measures that were sometimes enough to counteract them. An instructional film shown at civil defense training sessions and before the feature presentation at local cinemas urged audiences to acquire hand pumps. One person would immerse the pump in a bucket of water, pushing a plunger up and down, while another member directed the stream onto a burning incendiary bomb.

That was the high-tech approach. My father and his partner had been instructed to apply what might have been called the “sweep and smother” method. If an incendiary device landed on top of a home, it would in short order burn through the roof and set the house on fire. The broom man on my father’s team had been instructed to climb onto the roof and sweep the bomb to the ground, where his rubbish lid cohort would smother the thing. That was the plan, and a plan can be a virtue in and of itself.

The government concluded there were only two viable options: shelter and evacuation. By March 1940, major cities contained shelter space for almost half of their population of 27.6 million, but this was less impressive than it sounds, since 39% of domestic shelters were regarded as likely ineffective. Nor were the public shelters much better, and Prime Minister Winston Churchill and his cabinet were initially disinclined to devote the resources or manpower that would have been necessary to improve their quality. So the emphasis was placed on evacuation.

On September 1, 1939, 1,473,500 people—children, pregnant women, new mothers, the disabled—left England’s cities for the comparative safety of the countryside, where they would be rehoused. Despite these huge initial numbers, it turned out to be a highly unpopular option, particularly in light of the fact that German bombing had not yet begun. By January 1940, wrote Overy, around 900,000 of the evacuees had returned to their urban homes. Once the bombing did begin, evacuation was no longer an option. On 7 September [1941], the first day and night of heavy bombing in London, several thousand Londoners bought tickets for the Underground and stayed put in the stations and tunnels. During the early weeks of the bombing more than 120,000 Londoners took shelter in that fashion. Around 65,000 stayed there even through the winter, though the bombing declined. The platforms and tunnels had no toilet facilities and they grew increasingly filthy. There was nothing to eat or drink, nor had anyone thought to bring cots for sleeping. In the final analysis, the vast majority of Londoners opted for neither evacuation nor the bomb shelters. People took their chances at home.

Churchill’s eloquence and the royal family’s refusal to evacuate from Buckingham Palace reinforced the population’s self-image of enduring hardship with a stiff upper lip. The British were emotionally prepared for whatever might come, even if what ultimately came was not what had been expected.

During the latter years of the war the Germans unveiled a new class of weapons to be deployed against civilian targets: the Vergeltungswaffen, or retaliatory weapons, also called “doodlebugs or buzz bombs”. Nothing would have protected our family against a direct hit, but I didn’t know that. I knew that when I heard the whistle of a V-1 that I was to race for my father’s study and duck under his desk. It was a useful concept, not just as a practical matter but also for the confidence it instilled in a child who regarded the whole exercise as something of a lark.

What lingers, after all these years, is the sense of preparedness, of having a plan, of being ready for whatever might come. In a sense, preparing for the unknown has always been the challenge facing civil defense planners. How does a country’s leadership draw the appropriate line between prudence and paranoia when neither the timing nor the exact nature of a threat to national security can be defined?

Like the British ten years earlier, American civil defense planners concluded that their options essentially boiled down to shelters and evacuation.

There is, as yet, no real sense of alarm attached to the prospect of cyber war. The initial probes—into our banks and credit card companies, into newspapers and government agencies—have tended to leave us unmoved.

Our points of vulnerable access are greater than in all of previous human history, yet we have barely begun to focus on the actual danger that cyber warfare presents to our national infrastructure. Past experience in preparing for the unexpected teaches us that, more often than not, we get it wrong. It also teaches that there is value in the act of searching for answers.

For the first time in the history of warfare, governments need to worry about force projection by individual laptop. Those charged with restoring the nation after such an attack will have to come to terms with the notion that the Internet, among its many, many virtues, is also a weapon of mass destruction.

Book review of Lights Out. A Cyberattack. A Nation Unprepared. Surviving the Aftermath

Koppel T (2015) Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.

Categories

Recent Posts