|Ted Koppel, photo by Steven Biver|
Ted Koppel is the author of the new book Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath. He spent more than four decades at ABC News, and was anchor and managing editor of Nightline from 1980 to 2005. He also has written Nightline and Off Camera.
Q: Why did you decide to write a book about the danger of a cyberattack on the U.S. power grid?
A: General Keith Alexander, the former director of the National Security Agency, likes to say that there are two kinds of companies in the United States: those that have been hacked and those that don't yet know it.
His is only one voice among many in current and former U.S. government leaders warning of the ubiquitousness of cyber attacks. President Obama himself has twice warned of the danger in successive State of the Union addresses.
Former secretary of defense (and DCI) Leon Panetta warned in a speech to security company executives that the country is facing the danger of a "cyber Pearl Harbor. Janet Napolitano, after almost five years serving as secretary of homeland security, gave a similar warning in her farewell remarks at the National Press Club.
What piqued my interest was the fact that so many senior officials were issuing similar warnings and not much attention was being paid; either in the media or among the public at large. What, I wondered, were the preparations that the federal government was making to deal with a danger that so many of its leaders foresee as inevitable. I feared the answer was "not much."
Q: In the book, you describe the U.S. as a country unprepared for a cyberattack on its power grid. Why do you think this degree of unpreparedness exists today, and what are your suggestions for what the government can do to prepare?
A: For all its many virtues, democracy can be an inhibiting factor when it comes to government responding quickly and forcefully to a looming danger. The electric power industry sometimes appears more concerned about maintaining its deregulated status and preserving its privacy than it is with protecting itself against cyber attacks. As things now stand, the federal government can only enforce regulations that the industry itself has approved by a two-thirds majority.
The very fact that the power industry is made up of 3,200 companies, all of which are interconnected but many of which are poorly protected, provides would-be cyber attacks with multiple points of accessibility. Like any chain, the power industry is only as strong as its weakest link when it comes to keeping out hackers.
Add to that the fact that many key components of the industry, such as large power transformers, are (on average) 38-40 years old, very expensive ($10 million and up), huge and difficult to transport and mostly produced overseas, and you get some sense of why the industry is vulnerable.
The government cannot simply order changes and the Chamber of Commerce, in particular, has been obstructive in permitting Congress to pass cyber security legislation with real teeth.
Where the government can (and should act) is in preparing for the likelihood of a cyber attack on the grid. It should begin the process of ordering the production of freeze-dried foods in large quantities. Freeze-dried foods last for more than 25 years, would be applicable in any disaster, but require significant time (several years) to be grown, processed and stored.
Currently, the government warehouses only limited quantities of Meals Ready to Eat (MRE's), because they have a shelf life of only five years. Government is reluctant to spend billions on food that would have to be scrapped after only five years.
Q: You write that “the Internet, among its many virtues, is also a weapon of mass destruction.” What do you see as the greatest sources of potential cyberattack?
A: NSA specialists tell me that the Chinese and the Russians are already "inside" our power grids. They have, in other words, spent years mapping the grid, have penetrated the SCADA (supervisory control and data acquisition) systems that maintain the balance required between electricity produced and consumed; and are, therefore, in position to take down the grid more or less at will.
Because of our interlocking interests with both China and Russia, they are unlikely to provoke war with the United States by taking down a grid. However, a necessary qualification rests in the knowledge that it can be very difficult to trace the source of a cyber attack and that attacks may come from geographic points that appear to have nothing to do with Moscow or Beijing.
Among nations and groups with far few interlocking interests, Iran's cyber capabilities are known to be very high. North Korea is also cyber capable, as is Syria. Worst of all, ISIS, with at least $2 billion at its disposal, can buy cyber expertise and would have no qualms about attacking our infrastructure.
Q: You write in the book about individuals and organizations that prepare for disaster. What do you see as some of the more effective approaches?
A: I believe we can learn from the Mormons, who recommend to their co-religionists that each family keep a three-to-six-month supply of food and water on hand. Their own organization from the top down controls an awesome array of production and delivery capabilities.
I doubt that there are many organizations in the country capable of duplicating the Mormon example, but individual families can and should try to begin rotating long-lasting food supplies into their daily use; if only because this would put less pressure on the federal government to support those families that cannot afford to contribute to their own survival.
The collaboration of affinity groups, be they religious, social, athletic or other, can be enormously helpful, in that the larger such a group is, the more likely it is to provide access to a wide variety of useful specialties - medical, law enforcement, a variety of trades such as plumbing, building, electric.
Most of all, people living in our urban centers need to begin thinking about how they would survive in place without electric power or, alternatively, where they could be sure of receiving extended shelter. We cannot assume that other states would necessarily welcome tens or hundreds of thousands of domestic refugees for more than a few days.
There is, at the moment, no national plan for dealing with such a disaster. That borders on criminal negligence.
--Interview with Deborah Kalb