Much of the world, and America is particular, is heavily networked through a vast, distributed communication system of computers, cables, and transceivers. All this runs on electricity. Our major infrastructure is dependent on electrical power: water, sanitation, healthcare, communication and transportation. These systems, indeed even the systems that generate and distribute electricity are increasing controlled by networked computers.
This makes America extremely vulnerable to cyberattacks aimed at the electric system. If a major section of the power grid goes out, millions of people could be left without clean water, waste disposal and food. A well-orchestrated cyberattack could leave large parts of the country without power for as long as a year.
Journalist Ted Koppel explores this situation, and criticizes America’s state of unpreparedness and sometimes denial, in his book Lights Out. There are three major parts to his book.
First, he explores the vulnerability of the electrical system to cyberattack. I think he makes a fairly convincing case that the system is vulnerable and that some agents very likely already have the capacity to cause major damage to the system that could affect huge parts of the country.
Second, he looks into the state of our policies and preparedness. As you might expect for a nation of 50 co-sovereign governments, it is a patchwork. In addition, the major actors in preventing, planning for, and responding to catastrophes are focused on natural disasters or physical attacks by terrorists. These things shouldn’t be ignored, but the scale of a cyberattack on the electrical system could have a much larger scope in terms of the populations and territories affected.
Finally, he looks at how prepared the country is for the aftermath of such an attack. The answer is we are woefully unprepared. He looks into the prepper movement and the vast resources the Church of Jesus Christ of Latter Day Saints has put into readiness. He finds some models there, but no one has the resources to respond to such a massive disaster.
Of course, the issue is not simple. Preventing such an attack is difficult even if all the competing interests (utilities, federal agencies, local and state governments, privacy advocates, and many others) could agree on what to do, who should do it, and how far their authority should extend. It is all hugely expensive, especially preparing to respond to a massive outage, and it would take years to get ready.
Even so, Koppel clearly thinks we should acknowledge this vulnerability and start doing something about it. An imperfect plan, even if it is too little to late (it’s already too late because cyberattacks are already happening and major attacks could be launched with the press of a button), is better than no plan. He looks to the civil defense planning during World War II and the Cold War. Much of it was misguided or for show, but we learned valuable lessons that helped us make more effective responses and develop better policies.
Koppel writes as a journalist for a wide audience, and that was his intention. Readers do not need a background in engineering, utilities or security to understand the issues he brings up or their implications.
If you’re interested in this book, you may also be interested in