I was about ten years old, my father and I were going fishing one day. I went in to find him in our living room in Tulsa, Oklahoma. My father, a lawyer, had spread out on a card table a whole lot of yellow pads; he was taking notes and putting slips in the books and so forth, and I said, “Dad, what are you doing?” And he said, “I’m really sorry that we’re going to have to put off the fishing trip. I’m getting ready, since I’m now expecting to go to trial on Monday, and I need to get a lot of work done.” I said, “Well, what are you doing right now?” “I’m figuring out the opposition’s cleverest strategy.” I said, “Why do you do that?” And he said, “Because it’s not only the opposing case that you think you’ll likely be facing, but the strongest, most powerful, cleverest, sneaky and crafty thing that is possibly imaginable that you prepare for. Figure out how defeat that and then you’re more likely to win.
Well, I thought that that was kind of an interesting approach to debates and lawsuits, and I’ve always tried to follow it.
Let me suggest an approach a bit like that with regard to cyber security. Today, Kim Jong Un, Ahmadinejad, and some of their buddies in other countries like China like to steal money from us over the Internet, and that’s a serious matter. We have to protect ourselves and deal with all such important issues. But for some of them, their objective may be a lot worse than that, say destroying us. Now a common way of discussing these latter sorts of existential issues is to say of somebody–fill in the blank: Kim Jong Un, Ahmadinejad–that is not crazy. If they tried that, then they’d know we might go back and attack them or even, you know, use a nuclear weapon, and since they’re not crazy, we have little to worry about–they’ll be deterred. Well, the problem is that there are at least two kinds of crazy
I once wrote a paper on Hitler’s diplomacy. I can assure you that although his objectives were absolutely hideous (to conquer Europe and rule it for a thousand years as an empire and to kill all the Jews), his skills as a diplomat were superb. From 1933 to 1939, Hitler had the chancelleries of Europe eating out of his hand. He was as good as Metternich. It is not inconsistent for a sociopath like Hitler, or Kim Jong Un, or Ahmadinejad, to have a crazed, evil world-destroying objective, but still be a crafty dude. We have, I think, lapsed into a mode of thinking about the Kim Jong Uns or the Ahmadinejads that they can be treated like your average Soviet leader.
Let me be clear about what I mean when I say that. I kind of miss the Soviet Union, but only in a sense. I spent a lot of years trying to figure out how to deter them, what kind of weapons systems to buy to defeat them, and how to spy on them. But I also negotiated with them four times. Sometimes my Soviet counterpart and I would get really intense at a meeting, but then we’d go out to dinner together and after a couple glasses of wine, we’d start talking about our families and maybe trade some Jewish jokes. And sometimes in the negotiations we could then kind of make a few things work.
The Soviet military kept Fidel Castro from persuading the Soviet Government to use a nuclear weapon during the Cuban Missile Crisis. We now know from the materials released that Castro badly wanted a nuclear weapon used during the Cuban Missile Crisis. Why? Because he wanted to destroy the United States. But he would have consequently also destroyed Cuba, right? Well, yes, but did he care? Not that much. A Soviet Navy Captain stopped his small flotilla from using a nuclear torpedo during the Cuban Missile Crisis, something that could have set off nuclear war between the U.S. and the Soviet Union. So bless the more or less common sense of at least some Soviet military people. They didn’t really want to die for the principle of “from each according to his ability, to each according to his need.” They wanted to remodel their dachas, their country homes outside Moscow.
So we got used to dealing with an enemy that was very bureaucratic, and would allow its economy, which we substantially outperformed, to wither away. And they produced a Gorbachev, who was a pretty decent guy. The enemies we have now, I would say, Kim Jong Un and Ahmadinejad and those around them, are quite capable of creating a lot more tension than what we ordinarily had with the Soviets. They appear to be quite capable of Hitler-like thinking, behavior, and objectives.
Now if they were thinking about attacking us, using my father’s approach, as described above, what might they do?
Well, first of all, they would notice that the United States has eighteen critical infrastructures: food, water, electricity, natural gas, financial markets, and so on. All seventeen of the others depend on electricity. If the electric grid goes out, not just for a few days as in super storm Sandy, but for months to years, we don’t have stockpiles of things like transformers–it’s not just that your lights would go off. You couldn’t pump gasoline at the filling station, because the pump is electric. You couldn’t get food because the food delivery system depends on things that are electric in one way or another. You couldn’t get water, because the pumps don’t work. You would not be back in the 1980’s, pre-world-wide-web. You would be back in the 1880’s, pre-electric-grid.
I doubt very seriously that we have enough water pump handles and plow horses and seed to function in a 19thcentury economy. So the estimate on what would be the result of the grid’s going down for a substantial period of time, let’s say a year or more, looks at the possibility that you would have two hundred million of the three hundred million people in the United States dead, because the agricultural system that we have is highly technological and feeds all of us, while only two percent of us work on farms. The end of that system means lots of people starve. In that post-electric future we would not see more than about a hundred million people surviving in a non-electrical, non-networked country.
So, we are talking about the ability of an Ahmadinejad or a Kim Jong Un to seriously consider, if he hated us as much as Hitler hated the Jews, the possibility of taking down the grid, or at least a big chunk of it, for a substantial period of time. It could be something more devastating than some scenarios in which nuclear weapons are used. An effective attack by a few nuclear weapons might destroy several cities. And while that would kill a large number of people, it’s probably not going to fundamentally undercut all of our infrastructure. So what about the possibility of North Korea or Iran or somebody else hacking into the grid and taking it down?
Well, the way that I feel about the electric grid is kind of bipolar. It’s true, the National Academy of Engineering said not too long ago that, in a way, it’s the most remarkable invention of the 20th century. It’s a just-in-time system, and, generally speaking, except when there’s a big outage such as from Sandy, it’s given us the electricity that we need, so in a sense, it’s really remarkable. On the other hand, the electricity grid has been, from the first instance, and it is now, highly fragile. It was first put together in the beginning of the 1880’s, and because Tesla won out over Edison, as an alternating current system, which makes long distance transmission possible. But it is a just-in-time system, so if any part of it is interrupted a lot of things can be thrown off.
It used to be, in the time of childhood or even young adulthood for most of us, a simply-operated system. If you were at a utility in Idaho, and you saw some kind of outage developing that made you need some added electricity, you would pick up the phone, probably something with a dial that hung on the wall, and you’d dial long distance to folks at a utility over in Washington State. You’d say, “Hey, we’re going to need a boost here in about thirty minutes. So, can you help out?” “Yeah, we can, we can do that. We’ll work it out and give you a call.”
But after a while, with the coming of the computer, it was not a couple of guys on the phone but computers communicating on unique software that some local vendor had sold them so they could communicate a bit faster than they could on the phone. It would have been pretty hard for any outsider to get into it. Then in the mid-1990s, we got worried about Y2K, so as we fixed that problem, we started basically putting the electric grid’s control systems on the web. About the same time we basically de-regulated electricity, and let it be bought and sold on an open market. So you now have an open market all over the country, on the web, with a lot of very standard software, and the control systems are ones that lots and lots of people know how to hack.
And so we now have a system, important parts of which can be disrupted relatively easy. I’ll use one example: the Department of Homeland Security cleared some information to go on CNN about three years ago. I don’t think it should have been cleared, but it was and it was all over the web. It was a pretty simple hacking maneuver. When you have a spinning machine, at sixty cycles, and you want to put another machine into the mix, and you need to synchronize it, instead of putting them so they synchronize properly, what you do, if you’re a hacker, is turn off the control of one of the machines. One of them then spins very much faster than the other because of the torque, and then, within a few seconds or so, you put them back together again. The spinning one then destroys the other. It was on a demonstration up in Idaho three years or so ago. There are other relatively simple tricks.
Who’s in charge of the electric grid? Clearly somebody must be. Not really. There are fifty public utility commissions that are sort of in charge of electricity in each of the states. They are more or less run predominantly by retired utility executives in each state. There are not very many of them that are up to date with respect to new research and development in electrical matters. A Former Deputy Director of ARPA-E in the Department of Energy told me a couple of weeks ago that if you take research and development done last year by all three-thousand, five hundred American utilities and add it together, it is less than the R & D that is done by the American dog food industry.
There is very little interest in the industry in dealing with these problems. There is a tragedy of the common problems with these utilities. Each essentially says “If I stockpile transformers and my neighbor’s utility goes down, he’ll probably take me down too, so that stockpiling will turn out to have been a waste of money, so I’m not going to do anything unless everybody has to do it.” Who would everybody be? Certainly not fifty public utility commissions. How about the Department of Energy? They have a small electric office and no authority to regulate transmission. What about the Federal Energy Regulatory Commission? Not really. They can regulate transmission but not distribution. Why don’t we have a national energy strategy? Because nobody’s in charge.
We are in a situation where a whole set of electricity issues–substantive and organizational–is extremely troubling. Now, since I’ve been so happy and optimistic, let me leave you with one other–I’m afraid–rather difficult problem. We’ve heard about EMP (Electro-Magnetic Pulse). Apparently it’s the case that, about once a century, we have a very large solar event–it’s called a Carrington Event–and there’s a huge electromagnetic pulse, naturally caused. The last time we had a very large one was a century and a half ago, in 1859. There were just a few telegraphs around to show what happened to electrical equipment, but everybody is quite clear: It was a devastating electrical storm.
There have been lesser events that were still quite devastating to more modern electronics. There was one in the 1920s that was reported in Russia and to a limited extent, in the Western Hemisphere. As far as man-made EMP events are concerned, open-air nuclear detonations sometimes occurred from 1945 until 1963 before the atmospheric test-ban treaty took effect. There were not many transistors in the early ’60s, and vacuum tubes aren’t affected by EMP, but by looking at the effect of those open-air tests, both the Americans and the Soviets came to the conclusions that a storm of the sort that occurred in 1859, or a comparable powerful nuclear explosion, particularly at a very high altitude–could be absolutely devastating to electronics.
The Russians, the Chinese, now the Israelis and the British, are all getting their electrical systems protected against electromagnetic pulse, whether caused by the sun or by a nuclear explosion. We’re not, because nobody’s in charge.
One final point. It’s possible to create such a pulse with the detonation of a relatively simple nuclear weapon. It doesn’t have to be sophisticated; it just has to go off a few hundred miles above the target area. So, we have, to put it mildly, a very major cyber problem with the grid and at the same time we have a solar and a nuclear explosion problem. The electric grid is vulnerable in more than one way and we have not done a responsible job in taking care of it or the rest of our infrastructure. We’ve got a lot of work to do, and it needs to be done quickly.
** Mr. Woolsey, former Director of Central Intelligence, servers on the National Commission on Energy Policy, is ACD’s Board member.