A massive power failure this time of year could leave millions of us in the dark ... possibly for a long time. A blackout that would be all the worse if it were the result of a deliberate attack. Chip Reid reports our Cover Story:
When the lights go out, we usually know why: Mother Nature is at it again.
Most of the time we manage to get through it. But what if the power went out in a number of states affecting millions of people for weeks, even months?
As he was researching his new book about the nation's power grid, veteran journalist Ted Koppel said "frightened" was perhaps too strong a word, "but maybe I should have been."
In "Lights Out," Koppel paints a grim picture of a paralyzing power outage in the form of an all-out cyberattack on the nation's electrical grid.
"It's frightening," Koppel said. "I mean, it is frightening enough that my wife and I decided we were going to buy enough freeze-dried food for all of our kids and their kids."
"Who are the potential perpetrators here?" Reid asked. "Who do we have to fear the most? Is it Russia? China? Iran? Terrorists? Individual actors?"
"All those. The interesting thing, Chip, is the ones who are most capable are the ones least likely to do it.
"There are some experts who say they're already in."
"Well, they are in. There's no question about it. They are already in the grid. I was told that by the former Chief Scientist of NSA, he stated categorically the Russians are in, the Chinese are in. The Iranians may be on the verge of getting in. And then at the bottom of the capability scale are folks like ISIS, terrorist groups."
The power grid is the system interconnecting North America's supply of electricity. If one area has particularly heavy demand, power from another region can sometimes serve as back-up.
The downside to all this? If a hacker manages to take down an entire grid, a huge portion of the country -- along with parts of Canada -- could go down with it.
The primary reason? Like so much else these days, the grid relies heavily on the Internet.
Larry Pesce, a cyber security consultant, said, "We have sort of a joke in our security industry, that there's no secure system; the only secure one is unplugged, turned off and buried under concrete."
Pesce should know. He gets paid to find security glitches in business computer networks. In other words, he's a hacker who works for the good guys.
"In the last six years of me doing testing full-time, there has never been a customer that we have not gotten in," though some, he allowed, are easier to get into than others.
- Strengthening the nation's defense against hackers ("Sunday Morning," 04/26/15)
Wide-scale outages are nothing new. In 1965, a massive outage in the Northeast left more than 30 million without power for almost 13 hours. In 1977, New York City was plunged into darkness again, this time resulting in looting and other crimes.
And in 2003 overgrown trees were partly to blame for a blackout that affected eight states and part of Canada -- some 50 million people. That one lasted up to four days in some areas.
- Biggest blackout in U.S. history (CBS News, 08/15/03)
But our next electric failure could be just a keystroke away.
"I'm not sure why it hasn't happened yet," said Pesce. "It's definitely not for lack of capability on various parts, be it us or the enemy. I think it comes down to timing. I think we need to make the right people mad at the right time."
Koppel says the one agency that would be ready to counter a cyberattack such as this is the Department of Homeland Security. But are they ready?
"No," he said. "I've talked to every former Secretary of Homeland Security, and they all acknowledge there is no plan."
And the current Secretary, Jeh Johnson, didn't offer much guidance to Koppel, either: "I kept asking 'What's the plan?' Why wait until disaster strikes? Why not tell 'em? Do you have a plan?' And he just sort of pointed up at a shelf filled with white binders and he said, 'Look, I'm sure there's something up there somewhere.'"
We wanted to find out for ourselves, but both the White House and the Department of Energy declined our requests for an on-camera interview.
The Department of Homeland Security also refused to speak on camera. Instead we were given a statement:
"To be clear, the Department of Homeland Security has a plan. In fact, our folks developed the first National Cyber Incident Response Plan with our government and private sector partners. Further, we have used this plan as the basis for several national exercises.
We, along with the Department of Energy, coordinate national efforts to strengthen the security and resilience of the electric grid. We also work with energy sector partners to promote the security and resilience of the grid, through myriad activities both seen and unseen, including constant information sharing, voluntary security assessments, and table-top exercises. Further, the Department's National Cyber and Communications Integration Center (NCCIC), working with DOE and other partners, responds to cyber incidents impacting critical infrastructure, including the electric power industry."
--Todd Breasseale Assistant Secretary (Acting) for Public Affairs US Department of Homeland Security
Next, "Sunday Morning" reached out to some of the big electric companies. They refused to speak with us as well.
So we turned to Paul Stockton, a former Defense Department official whose duties included cyber security.
"Ted Koppel says the government has no plan. Is he right?" asked Reid.
"No, he's not right. The government is building plans very, very quickly now to help manage the consequences of an attack on the grid. but also to make sure that government systems are more resilient against attack."
"Are the power companies today prepared to respond to a large-scale cyber attack on the grid?"
"Power companies today are strengthening their ability to respond to an attack and restore power quickly," said Stockton."
Still, he admits, "Their readiness is not where it needs to be, given that the adversary continues to strengthen the sophistication of the weapons that will be used against the United States."
Ironically, it's our less-sophisticated electric providers which may have an edge here.
Take the Delta-Montrose Electric Association (or DMEA) in southwest Colorado, one of 900 power cooperatives in the United States. Not-for-profit and member-owned, it serves approximately 28,000 customers, and is far less Internet-dependent.
CEO Jasen Bronec says they rely upon the Internet mostly for non-critical functions.
"If somebody hacked into your system, how vulnerable would you be?" Reid asked.
"All of our systems put in place have an extensive amount of backup," said Bronec. "We have manual overrides that would allow us to continue to operate."
"Would you consider changing to a system that is Internet-based?"
"No, we would not," said Bronec.
Rural co-ops account for just about 12 percent of America's power distribution, serving 42 million people in 47 states. None of these co-ops relies on the Internet for the distribution of power.
But, as Koppel sees it, it's too late for utilities elsewhere to follow suit -- and pull the online plug:
"I don't think we're ever going to give up the Internet," said Koppel. "There are too many advantages to the Internet, even if it has the capacity to wreak enormous damage. All I'm saying is, at least wake up to what its capabilities are."
And since there's no turning back, it's important to think ahead.
Reid asked Stockton what the average family needs to be doing: "Do they need to be, as Ted Koppel has done, stocking up on water and freeze-dried food?"
"Those are very important measures," Stockton replied. "Average citizens need to be able to take care of their own families and their own neighborhoods and their own communities, and not assume that Uncle Sam is somehow going to magically bring in the cavalry and rescue them."
Reid asked Koppel, "In the beginning of the book, before the first page, you said, 'To our grandchildren' -- you named your seven grandchildren -- 'Here's hoping that Opie (meaning you) got it wrong.' You think you might have gotten it wrong?"
"Of course, there's a possibility. Do I believe I got it wrong? No," replied Koppel. "I spent a year and a half trying to get it right -- and unfortunately, I think I did."
For more info:
- "Lights Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath" by Ted Koppel (Crown); Also available in Large Print Paperback, eBook, Digital Audio Download, and Digital Audio CD formats
- Larry Pesce, SANS Institute
- Delta-Montrose Electric Association, Montrose, Colo.
- Dr. Paul Stockton, Sonecon
for more features.