Computer expert, author and technical trend forecaster James Martin says what many others, including ourselves, have warned about for quite some time.
The electric and utilities power grid of the United States is completely unsecured and vulnerable to attack via the internet:
There is quite a lot of evidence that people have been hacking into the American grid, and probably the grids of other countries too, Martin said.
In the American grid they’ve found quite a large number of Trojan horses and trap doors, they’ve found quite a lot of hidden malware, not coming from the States but coming from somewhere outside the States, he said.
If you knocked out all the power in America, it would be devastating. Normally when you get a blackout it comes back very quickly but there have been some that don’t. If it was a deliberate attack, then the people attacking it would try to do damage that could not be repaired quickly, he said.
If they caused the grid to crash it would be much worse than 2008. This is known today, but what I find rather alarming is that although it is known the authorities are not really trying to stop it by making it secure.
Certainly an outside entity could have a capability today to send many different malware messages into the grid at the same time in such a way that you could take down most of the grid, and may be all of the grid,he said.
The grid is full of huge transformers and pumps that are one off, which means that if you knock them out you can’t go and buy them off the shelf. If you picked out the things that could not be bought or not replicated quickly, and there a lot of those, then that would be damage that you couldn’t repair quickly.
‘You have a large amount of company-to-company automation and all of that could be put out of operation. If it was put out of operation it could do immense financial damage, enormously greater than the 2008 crash,he told The Independent.
Source: UK Independent
Forget about financial damage – that would be the least of our worries if the power grid was attacked in any sort of meaningful way. A complete power grid failure, or one that took out large regions in unison would put a complete stop to commerce across the North American continent. Yes, there would be financial damage, but more importantly, there would be no way to re-supply our just-in-time inventory systems. That means there would be no gas, no food, and no way of getting those things delivered until the grid came back up.
As Mr. Martin points out, a coordinated attack focused on the ‘one-off’ elements of the grid would mean that once that hardware was destroyed there would be no way to replace it quickly. And that means not days or weeks, but potentially months, perhaps even years before things were back to normal. When Hurricane Ike rampaged the Houston, TX area in 2008 it took down 95% of the metropolitan grid. This author was about 25 miles north-west of Houston at the time and can attest to the difficulties utility workers had with restoring power. It took over 3 weeks to get power running to the outlying areas of the city – and it would have taken much longer had those repair workers not traveled from as far as Florida to assist Texas. Now, consider if a disaster that took out the grid included not one, but several regional areas, where no workers would be able to come assist.
At the time of the Houston-area outage the first things to go were water, food and gas. Fights were literally breaking out at local gas stations. Those with home generators found them useless, as there was no fuel to keep them going. Grocery stores did not have reserve power, and those that did had it for maybe 12 hours, at which point all refrigeration came to a halt. City water filtration was non-existent, and “Boil Water” notices were posted all over the city – but there was no electricity available, so only those lucky enough to have fuel reserves for their generators or those with natural gas powered stoves were able to drink clean water. Luckily, this only affected a single major city and surrounding areas, and within a week water and emergency rations became available.
Consider, for a moment, the ramifications of a full-out extended down-grid scenario affecting multiple regions. It would be much like an EMP attack, though some electronic systems may remain operational. Nonetheless, researchers have estimated that a worst-case EMP scenario could lead to 90% casualty rate over the course of a year. We would hope that a grid-attack could be resolved much quicker than an EMP attack, but there would likely still be mass casualties as food stocks ran low, emergency response personnel stayed home to care for their families and violent crime and looting ran rampant.
How susceptible are we?
This is a topic of debate. Most of those people who have the power to harden and secure our grids will take no action until after a wide-scale event were to occur – at which point it would be much too late to do anything.
A close friend works for a large power company in the north-east. It just so happened that we had this very discussion a couple of weeks ago. He is a higher level executive at the company and when I asked how secure his company’s grid was in the event of a solar flare, cyber attack or EMP attack he responded, “Officially, we’re prepared to handle whatever comes our way. Unofficially, it will be a complete and utter disaster and we are simply not equipped to handle a mass failure.”
It is common knowledge that many elements of the U.S. power grid are decades old. We hear about smart meters being installed, but according to the friend at the power company, the smart grid portion is less than 1% of the complete grid. That means 99% of of the physical grid is essentially running on equipment that has been around since the 70’s and 80’s. All of that old equipment is plugged into computer systems, and all of the computer systems are plugged into and fully accessible via the internet.
According to James Martin and other computer experts, our systems have likely already been breeched and there is a real and serious possibility that trojans, malware and trapdoors have already compromised our systems. They may very well just be sitting there waiting to be activated, at which point they could launch a massive, coordinated cyber attack on essential parts of our power grid infrastructure.
We’re not just talking about software glitches that can be fixed with a quick reboot. We’re talking about cyber attacks that target the physical hardware.
Hard to believe that a computer program can destroy hardware? Think again.
Consider the Stuxnet worm that was recently used to take down 1/5 (or more?) of Iran’s nuclear facilities. According to the New York Times, the Stuxnet worm utilized advanced programming to remain dormant for a time, and once launched, attacked the physical centrifuges used to enrich uranium. While the worm spun centrifuges to the point they destroyed themselves, a portion of the program responsible for sensors and warnings sent human operators and monitoring systems the green light that everything was running like normal. Iran’s nuclear plants, much like the power grid of the United States, utilized old computer systems that were simply not equipped to handle advanced cyber-attacks that utilized 21st century cyber combat techniques.
There are plenty of enemies of the state who could bring down the US power grid infrastructure – China and Russia to name just a couple. And it’s no secret that the Chinese have been having their way with our networks for quite some time, so it is clearly a real and present danger. The US government regularly runs tests to Simulate Cyber Attacks on US the Internet Infrastructure.
In 900 Seconds: Cyber Attack Wouldn’t Take Long to Bring Down the USA, we previously outlined how a cyber attack might play out based on a report from Richard Clark, a one-time counter terrorist specialist with the US government:
In his warning, Mr Clarke paints a doomsday scenario in which the problems start with the collapse of one of Pentagonâ€™s computer networks.
Soon internet service providers are in meltdown. Reports come in of large refinery fires and explosions in Philadelphia and Houston. Chemical plants malfunction, releasing lethal clouds of chlorine.
Air traffic controllers report several mid-air collisions, while subway trains crash in New York, Washington and Los Angeles. More than 150 cities are suddenly blacked out. Tens of thousands of Americans die in an attack comparable to a nuclear bomb in its devastation.
Yet it would take no more than 15 minutes and involve not a single terrorist or soldier setting foot in the United States.
The threat is real, and if it were to ever occur, it would likely come around the same time as an attack on our financial systems – which, as we saw in the May 2009 “fat finger” controversy that brought the stock market down 1000 points in a matter of minutes, is not so difficult to accomplish.
The biggest concern for the average American should be that there is really no emergency response ready to deal with the possibility of a wide-spread power grid cyber attack. The US government has specifically said, through FEMA, that they will not be able to help everyone in the event of a major emergency (think Hurricane Katrina). That meansÂ you need take responsibility for yourself and family now, and Be Prepared to Be Without The System – Make It A Policy.
What will you do if there comes a time when there is no electricity, no gas, no clean water and no access to food for several weeks or months?