Opinion | Cybersecurity

We weren't ready for a pandemic — imagine a crippling cyberattack

We weren't ready for a pandemic — imagine a crippling cyberattack

Amid the tumult surrounding the coronavirus, it is now crystal clear that an existential threat can engulf our entire nation with a speed and level of impact that we previously believed was impossible. 

It does not matter that we are the United States of America, that we are the most technologically and, in this case, medically advanced nation in the world, or that we are the strongest and wealthiest. When it really mattered, even though the warning signs were blinking red, we did not organize promptly, which left us unprepared to deal with the threat swiftly and effectively.  

We’ve also been warned repeatedly over the past two years about another “lights are blinking red” threat to our national security and economy that has equal or greater potential than the coronavirus to cast us quickly into collective national chaos: the vulnerability of our national electricity delivery system, generally known as the grid.  

ADVERTISEMENT

As crippling as the coronavirus situation is for our nation, a major grid catastrophe likely would be considerably worse, for one simple reason: In today’s world, our critical infrastructure cannot function properly without electricity.  

In a recent memorandum, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency lists critical infrastructure industries as medical and health care, telecommunications, defense, food and agriculture, transportation and logistics, electric power, petroleum, water, wastewater, law enforcement and public works. 

It is some comfort that electric power is included on that list, but it is more important to acknowledge what is not stated — that all the other critical industries listed depend heavily on electric power to operate.  

ADVERTISEMENT

Indeed, as we have transitioned to remote work and life, we are even more dependent on the technology of communications, which require power to keep everything from Netflix to personal computers, video conferencing platforms and mobile phones working.

Imagine a United States in which phones, the internet and television cease to operate; cars, trucks, trains and airplanes are idled because fuel pumps and charging stations are disabled; banks and ATMS are inoperable; home heating and air conditioning systems no longer work; food and clean water supplies dwindle, and hospitals and other emergency services are largely unavailable. 

It is not an exaggeration to suggest that if our supply of electricity is severely reduced or eliminated, our nation will grind to a halt in a matter of days. Studies indicate that in such situations, a large number of deaths are likely, and that a societal breakdown could begin in as little as one week.

Against this bleak backdrop, a ray of hope was delivered recently by a bipartisan, blue-ribbon group known as the Cyberspace Solarium Commission, which laid out the framework of a clear and effective plan for dealing with a major cyber attack against the United States, including the electric grid.

ADVERTISEMENT

The congressionally-appointed commission was chaired by Sen. Angus KingAngus KingMemorial Day weekend deals latest economic blow to travel industry Bipartisan senators introduce bill to make changes to the Paycheck Protection Program Senators weigh traveling amid coronavirus ahead of Memorial Day MORE (I-Maine) and Rep. Mike GallagherMichael (Mike) John GallagherRep. Banks launches bid for RSC chairman Hillicon Valley: House FISA bill in jeopardy | Democrats drop controversial surveillance measure | GOP working on legislation to strip Twitter of federal liability protections Lawmakers introduce bill to invest 0 billion in science, tech research MORE (R-Wis.), and included the director of the FBI, the deputy Defense secretary, the acting deputy director of national intelligence, the acting deputy secretary of Homeland Security, and the CEO of Southern Company, among others.

While the group’s 75-plus specific recommendations cut a wide swath across critical infrastructure industries and agencies, their most important and cross-cutting recommendation is relatively simple — better planning and preparation for foreseeable threats and disasters, supported by strong leadership and execution.  

With regard to the electric grid, the accuracy of this overarching recommendation is verified and validated by our experience in numerous prior natural and manmade disasters, including Hurricanes Sandy in the Northeast and Maria in Puerto Rico. As those examples illustrate, the scope, duration and impacts of a major power outage are directly related to the effectiveness of efforts to build protection and resiliency into the grid before an event occurs.

As columnist David Ignatius observed recently, COVID-19 has given us all a taste of what a crippling cyberattack might look like, and one truth is self-evident: We weren’t ready for a pandemic, just as we aren’t as ready as we should be for a broad cyberattack.

The good news is that we now have no excuse. We know that our belief that “it cannot happen here” is false, and we have a smart set of more than 75 recommendations on what needs to be done, including new, sharply-focused federal leadership and recognition that resilience is the key to surviving a cyberattack.  

ADVERTISEMENT

The commission report also proposes a “continuity of the economy” program that would clarify how our power supply, banking, health care, food and other essential services and goods could survive a major cyberattack, and provides guidance for state and local governments and private companies.  

Sen. King and Rep. Gallagher were blunt and candid when they released the report: “We are doing a ‘9/11 report’ to prevent a ‘9/11’ in the future.” 

That is a lesson we should have learned after 9/11, after the devastating hurricanes and tornadoes since then, after we were warned in 2017 of Russian cyber infiltration into U.S. power plant control rooms, and after former as National Intelligence Director Dan CoatsDaniel (Dan) Ray CoatsGerman lawmaker, US ambassador to Germany trade jabs Intelligence agencies have hired outside consultants to improve communication with Trump: report Senate confirms Ratcliffe to be Trump's spy chief MORE told Congress in 2019 that “the warning lights are blinking red.” 

The coronavirus pandemic has proven that we have no time to waste in implementing the recommendations of the Cyberspace Solarium Commission. We need the president to direct relevant agencies to initiate needed rule-makings, and we need congressional leaders to schedule hearings and review draft legislation. As we are witnessing, the cost of being unprepared is unacceptable and, in the case of the electric grid, wholly unnecessary.  

John E. Shkor is a retired U.S. Coast Guard vice admiral, having served as Atlantic Area Commander and twice chief counsel of the Coast Guard. He was chief operating officer for the Transportation Security Administration following 9/11, and now serves on the board of directors of Protect Our Power, a nonprofit organization whose mission is to strengthen the security and resilience of the U.S. electric grid.