Lights Out!


As power shuts down, there is darkness and the sudden loss of electrical conveniences. As batteries lose power, there is the more gradual failure of cellphones, portable radios, and flashlights.

Emergency generators provide pockets of light and power, but there is little running water anywhere. In cities with water towers on the roofs of high-rise buildings, gravity keeps the flow going for two, perhaps three days. When this runs out, taps go dry; toilets no longer flush. Emergency supplies of bottled water are too scarce to use for anything but drinking, and there is nowhere to replenish the supply. Disposal of human waste becomes a critical issue within days.

Supermarket and pharmacy shelves are empty in a matter of hours. The city has flooded the streets with police to preserve calm, to maintain order, but the police themselves lack critical information. There is a growing awareness that this power outage extends far beyond any particular city and its suburbs. It may extend over several states. Tens of millions of people appear affected. The assumption that the city, the state, or even the federal government has the plans and the wherewithal to handle this particular crisis is being replaced by the terrible sense that people are increasingly on their own. When that awareness takes hold, it leads to a contagion of panic and chaos.

Preparing for doomsday has its own rich history in this country, and predictions of the apocalypse are hardly new. We lived for decades with the assumption that nuclear war with the Soviet Union was a real possibility. Ultimately, Moscow and Washington came to the conclusion that mutual assured destruction, holding each other hostage to the fear of nuclear reprisal, was a healthier approach to coexistence than mass evacuation or hunkering down in our respective warrens of bomb shelters in the hopes of surviving a nuclear winter.

We are living in different times. Whether the threat of nuclear war has actually receded or we’ve simply become inured to a condition we cannot change, most of us have finally learned “to stop worrying and love the bomb.” In reality, though, the ranks of our enemies, those who would and can inflict serious damage on America, have grown and diversified. So many of our transactions are now conducted in cyberspace that we have developed dependencies we could not even have imagined a generation ago. To be dependent is to be vulnerable. We have grown cheerfully dependent on the benefits of our online transactions, even as we observe the growth of cyber crime. We remain largely oblivious to the potential catastrophe of a well-targeted cyberattack.

On one level, cyber crime is now so commonplace that we have already absorbed it into the catalogue of daily outrages that we observe, briefly register, and ultimately ignore. Over the course of less than a generation, cyber criminals have become adept at using the Internet for robbery on an almost unimaginable scale. Still, despite the media attention generated by the more dazzling smash-and-grab operations, the cyber criminals whose only intention is to siphon off wealth or hijack several million credit card identities should have a lower priority among our concerns. Their goal is merely grand larceny.

More worrisome is the increasing number of cyberattacks designed to vacuum up enormous quantities of data in what appear to be wholesale intelligence-gathering operations. The most ambitious of these was announced on June 4, 2015, and targeted the Office of Personnel Management, which handles government security clearances and federal employee records. The New York Times quoted J. David Cox Sr., the president of the American Federation of Government Employees, as saying the breach might have affected “all 2.1 million current federal employees and an additional 2 million federal retirees and former employees.” FBI director James Comey told a Senate hearing that the actual number of hacked files was likely more than 10 times that number — 22.1 million. Government sources were quoted as claiming that the intrusion originated in China. The Times report raises a number of relevant issues: The probe was initiated at the end of 2014. It wasn’t discovered until April of 2015. It is believed to have originated in China, but the Chinese government has denied the charge, challenging U.S. authorities to provide evidence. Producing evidence would reveal highly classified sources and methods. “The most sophisticated attacks,” the Times noted, “often look as if they were initiated inside the United States, and tracking their true paths can lead down many blind paths.” All of these issues will receive further attention in later chapters. But as disturbing as these massive data-collection operations may be, even they do not come close to representing the greatest cyber threat. Our attention needs to be focused on those who intend widespread destruction.

The Internet provides instant, often anonymous, access to the operations that enable our critical infrastructure systems to function safely and efficiently. In early March 2015, the Government Accountability Office issued a report warning that the air traffic control system is vulnerable to cyberattack. This, the report concluded with commendable understatement, “could disrupt air traffic control operations.” Our rail system, our communications networks, and our healthcare system are similarly vulnerable. If, however, an adversary of this country has as its goal inflicting maximum damage and pain on the largest number of Americans, there may not be a more productive target than one of our electric power grids.

Electricity is what keeps our society tethered to modern times. There are three power grids that generate and distribute electricity throughout the United States, and taking down all or any part of a grid would scatter millions of Americans in a desperate search for light, while those unable to travel would tumble back into something approximating the mid-19th century. The very structure that keeps electricity flowing throughout the United States depends absolutely on computerized systems designed to maintain perfect balance between supply and demand. Maintaining that balance is not an accounting measure, it is an operational imperative. The point needs to be restated: For the grid to remain fully operational, the supply and demand of electricity have to be kept in perfect balance. It is the Internet that provides the instant access to the computerized systems that maintain that equilibrium. If a sophisticated hacker gained access to one of those systems and succeeded in throwing that precarious balance out of kilter, the consequences would be devastating. We can take limited comfort in the knowledge that such an attack would require painstaking preparation and a highly sophisticated understanding of how the system works and where its vulnerabilities lie. Less reassuring is the knowledge that several nations already have that expertise, and — even more unsettling — that criminal and terrorist organizations are in the process of acquiring it. Our media report daily on increasingly bold and costly acts of online piracy that are already costing the U.S. economy countless billions of dollars a year. Cyberattacks as instruments of national policy, though, tend to be less visible because neither the target nor the attacker is inclined to publicize the event.

America unplugged: “There are three power grids that generate and distribute electricity throughout the United States, and taking down all or any part of a grid would scatter millions of Americans in a desperate search for light.

History often provides a lens through which irony comes into focus. The United States, for example, was the first and only nation to have used an atomic weapon, and it has spent the intervening decades trying to limit nuclear proliferation. And the United States, in collaboration with Israel, mounted a hugely successful cyberattack on Iran’s nuclear program in 2008 and now finds itself dealing with the consequences of having been the first to use a digital weapon as an instrument of policy. Iran wasted little time in launching what appeared to be a retaliatory cyberattack, choosing to target Aramco in Saudi Arabia, destroying 30,000 of its computers. Why the Saudi oil giant instead of an American or Israeli target? We can only speculate. Iran may have wanted to issue a warning, demonstrating some of its own cyber capabilities without directly engaging the more dangerous Americans or Israelis. In any event, Iran made its point, and a new style of warfare has, within a matter of only a few years, become commonplace. Russia, China, and Iran, among others, continue on an almost daily basis to demonstrate a range of cyber capabilities in espionage, denial-of-service attacks, and the planting of digital time bombs capable of inflicting widespread damage on a U.S. power grid or other piece of critical infrastructure.

For several reasons, the clear logic of a swift attack and response that enables a policy of deterrence between nuclear rivals does not yet exist in the world of cyber warfare. For one, cyberattacks can be launched or activated from anywhere in the world. The point at which a command originates is often deliberately disguised so that its electronic instruction appears to be coming from a point several iterations removed from its actual location. It is difficult to retaliate against an aggressor with no return address. Nation-states may be inhibited by the prospect of ultimately being unmasked, but it is not easily or instantly accomplished. For another, the list of capable cyberattackers is far more numerous than the current list of the world’s nuclear powers. We literally have no count of how many groups or even individuals are capable of launching truly damaging attacks on our electric power grids — some, perhaps even most of them, uninhibited by the threat of retaliation.

There is scant consolation to be found in the fact that a major attack on the grid hasn’t happened yet. Modified attacks on government, banking, commercial, and infrastructure targets are already occurring daily, and while sufficient motive to take out an electric power grid may be lacking for the moment, capability is not. As the ranks of capable actors grow, the bar for cyber aggression is lowered. The unintended consequences of Internet dependency are already piling up. Prudence suggests that we at least consider the possibility of a cyberattack against the grid, the consequences of which would be so devastating that no administration could consider it anything less than an act of war.

Ours has become a largely reactive culture. We are disinclined to anticipate disaster, let alone prepare for it. We wait for bad things to happen and then we assign blame. Despite mounting evidence of cyber crime and cyber sabotage, there appears to be widespread confidence that each can be contained before it inflicts unacceptable damage. The notion that some entity has either the ability or the motive to launch a sophisticated cyberattack against our nation’s infrastructure, and in particular against our electric power grids, exists, if at all, on the outer fringes of public consciousness. It is true that unless and until it happens, there is no proof that it can; for now, what we are left with, for better or worse, is the testimony of experts. There will be more than a few who take issue with the conclusions of this reporter that the grid is at risk. But the book from which this article is taken reflects the assessment of those in the military and intelligence communities and the academic, industrial, and civic authorities who brought me to the conclusion that it is.

Widespread recognition of the vulnerability of our power grids already exists. Lots of smart people are already offering partial remedies and grappling with solutions. But there is not yet widespread recognition that we have entered a new age in which we are profoundly vulnerable in ways that we have never known before, and so there is neither a sense of national alarm nor the leadership to take us where we need to go. Our national leaders are in a precarious place. They recognize the scale of danger that a successful cyberattack represents. However, portraying it too graphically without having developed practical solutions runs the obvious risk of simply provoking public hysteria.

The clear logic of a swift attack and response that enables a policy of deterrence between nuclear rivals does not yet exist in the world of cyber warfare.

The Department of Homeland Security (DHS) was created in an atmosphere of national trauma. The world’s greatest superpower was made to realize its vulnerability to a handful of men armed with box cutters. We remain distracted to this day by the prospects of retail terrorism when we should be focused on the wholesale threat of cyber catastrophe. In such an event, the Department of Homeland Security would be working with industry to help them restore and maintain service. It should be focused on developing a more robust survival and recovery program for the general public; but DHS has neither the capacity to defend our national infrastructure against cyberattack nor the wherewithal with which to retaliate. A criminal attack would be the responsibility of the FBI; an attack on infrastructure by a nation-state or a terrorist entity would become the immediate responsibility of the Defense Department. Anticipating and tracking external cyber threats to U.S. infrastructure should be, by virtue of capability if nothing else, the responsibility of the NSA.

Limits that were established in a different era still exist on paper, but they are eroding in practice. The CIA is precluded, by law, from operating within the United States, but maintaining national boundaries in cyberspace may be impossible. Cyber Command is a military operation tasked with organizing the defense of U.S. military networks. The extent to which it can participate in the defense of critical infrastructure within the United States remains murky, but sidelining critical U.S. defense capabilities because we haven’t quite adapted to the notion that a major cyberattack can be as devastating as an invasion makes no sense.

The imposition of order, the distribution of essential supplies, the establishment of shelters for the most vulnerable, the potential management of hundreds of thousands, if not millions, of domestic refugees will be complex enough if the general public knows what to expect and what to do. In the absence of any targeted preparation, in the absence of any serious civil defense campaign that acknowledges the likelihood of such an attack, predictable disorder will be compounded by a profound lack of information. It would be the ultimate irony if the most connected, the most media-saturated population in history failed to disseminate the most elementary survival plan until the power was out and it no longer had the capacity to do so.

There is, as yet, no real sense of alarm attached to the prospect of cyber war. The initial probes — into our banks and credit card companies, into newspapers and government agencies — have tended to leave us unmoved. Past experience in preparing for the unexpected teaches us that, more often than not, we get it wrong. It also teaches that there is value in the act of searching for answers. Acknowledging ignorance is often the first step toward finding a solution. The next step entails identifying the problem.

Here it is: For the first time in the history of warfare, governments need to worry about force projection by individual laptop. Those charged with restoring the nation after such an attack will have to come to terms with the notion that the Internet, among its many, many virtues, is also a weapon of mass destruction.

Lights Out by Ted Koppel
Crown Publishers

Adapted from Lights Out: A Cyberattack, a
Nation Unprepared, Surviving the Aftermath, Copyright © 2015 by Ted Koppel. Published by Crown Publishers, a division of Penguin Random House LLC.