 |
| Ted Koppel, photo by Steven Biver |
Ted Koppel is the author of the new book Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath. He spent more than four decades at ABC News, and was anchor and managing editor of Nightline from 1980 to 2005. He also has written Nightline and Off Camera.
Q: Why did you decide to write a book about the danger of a
cyberattack on the U.S. power grid?
A: General Keith Alexander, the former director of the
National Security Agency, likes to say that there are two kinds of companies in
the United States: those that have been hacked and those that don't yet know
it.
His is only one voice among many in current and former U.S.
government leaders warning of the ubiquitousness of cyber attacks. President
Obama himself has twice warned of the danger in successive State of the Union
addresses.
Former secretary of defense (and DCI) Leon Panetta warned in
a speech to security company executives that the country is facing the danger
of a "cyber Pearl Harbor. Janet Napolitano, after almost five years
serving as secretary of homeland security, gave a similar warning in her
farewell remarks at the National Press Club.
What piqued my interest was the fact that so many senior
officials were issuing similar warnings and not much attention was being paid;
either in the media or among the public at large. What, I wondered, were the
preparations that the federal government was making to deal with a danger that
so many of its leaders foresee as inevitable. I feared the answer was "not
much."
Q: In the book, you describe the U.S. as a country
unprepared for a cyberattack on its power grid. Why do you think this degree of
unpreparedness exists today, and what are your suggestions for what the
government can do to prepare?
A: For all its many virtues, democracy can be an inhibiting
factor when it comes to government responding quickly and forcefully to a
looming danger. The electric power industry sometimes appears more concerned
about maintaining its deregulated status and preserving its privacy than it is
with protecting itself against cyber attacks. As things now stand, the federal
government can only enforce regulations that the industry itself has approved
by a two-thirds majority.
The very fact that the power industry is made up of 3,200
companies, all of which are interconnected but many of which are poorly
protected, provides would-be cyber attacks with multiple points of
accessibility. Like any chain, the power industry is only as strong as its
weakest link when it comes to keeping out hackers.
Add to that the fact that many key components of the
industry, such as large power transformers, are (on average) 38-40 years old,
very expensive ($10 million and up), huge and difficult to transport and mostly
produced overseas, and you get some sense of why the industry is vulnerable.
The government cannot simply order changes and the Chamber
of Commerce, in particular, has been obstructive in permitting Congress to pass
cyber security legislation with real teeth.
Where the government can (and should act) is in preparing
for the likelihood of a cyber attack on the grid. It should begin the process
of ordering the production of freeze-dried foods in large quantities.
Freeze-dried foods last for more than 25 years, would be applicable in
any disaster, but require significant time (several years) to be grown,
processed and stored.
Currently, the government warehouses only limited quantities
of Meals Ready to Eat (MRE's), because they have a shelf life of only five
years. Government is reluctant to spend billions on food that would have
to be scrapped after only five years.
Q: You write that “the Internet, among its many virtues, is
also a weapon of mass destruction.” What do you see as the greatest sources of
potential cyberattack?
A: NSA specialists tell me that the Chinese and the Russians
are already "inside" our power grids. They have, in other words,
spent years mapping the grid, have penetrated the SCADA (supervisory control
and data acquisition) systems that maintain the balance required between
electricity produced and consumed; and are, therefore, in position to take down
the grid more or less at will.
Because of our interlocking interests with both China and
Russia, they are unlikely to provoke war with the United States by taking down
a grid. However, a necessary qualification rests in the knowledge that it can
be very difficult to trace the source of a cyber attack and that attacks may
come from geographic points that appear to have nothing to do with Moscow or
Beijing.
Among nations and groups with far few interlocking
interests, Iran's cyber capabilities are known to be very high. North Korea is
also cyber capable, as is Syria. Worst of all, ISIS, with at least $2 billion at
its disposal, can buy cyber expertise and would have no qualms about attacking
our infrastructure.
Q: You write in the book about individuals and organizations
that prepare for disaster. What do you see as some of the more effective
approaches?
A: I believe we can learn from the Mormons, who recommend to
their co-religionists that each family keep a three-to-six-month supply of food
and water on hand. Their own organization from the top down controls an
awesome array of production and delivery capabilities.
I doubt that there are
many organizations in the country capable of duplicating the Mormon example,
but individual families can and should try to begin rotating long-lasting food
supplies into their daily use; if only because this would put less pressure on
the federal government to support those families that cannot afford to
contribute to their own survival.
The collaboration of affinity groups, be they religious,
social, athletic or other, can be enormously helpful, in that the larger such a
group is, the more likely it is to provide access to a wide variety of useful
specialties - medical, law enforcement, a variety of trades such as plumbing,
building, electric.
Most of all, people living in our urban centers need to
begin thinking about how they would survive in place without electric power or,
alternatively, where they could be sure of receiving extended shelter. We
cannot assume that other states would necessarily welcome tens or hundreds of
thousands of domestic refugees for more than a few days.
There is, at the moment, no national plan for dealing with
such a disaster. That borders on criminal negligence.
--Interview with Deborah Kalb
No comments:
Post a Comment