A U.S. Army unit in Syria comes under heavy fire from the forces of the Islamic State. As the company commander and his men hunker down, he reaches for his radio to call for back-up. When he touches the button, nothing happens. His radio has been hacked.
At a local electric utility in Ohio, the controller gets a routine notice that power from other companies’ generators will be cut back in 10 minutes. No problem. This happens every day at this time. Power companies share responsibility for generating electricity for the grid. So, according to company policy, the controller activates the generators within his own system. As he pushes the control switches, nothing happens. The utility has been hacked. Minutes later a blackout occurs. The community is in total darkness. No heat. No lights. No internet. Uncle Joe’s dialysis machine shuts off. Aunt Jane’s respirator stops.
Despite the above anecdotes, cyberattacks aren’t fiction. In July, the United States, the European Union and NATO issued joint statements condemning the Chinese government for a series of malicious cyber activities.
In April, Colonial Pipeline was hit with a cyberattack that shut down a major national gas line and crippled the fuel industry, causing backups at gas stations across America.
Many people think cyberattacks just involve the internet, or malware, or getting codes to access electronic equipment like radios and power switches. Wrong. That’s just one part of a bigger story.
Let us say an enemy country realizes that they could never physically invade the United States, but they could bring the country to its knees by detonating nuclear weapons overhead at high altitude, creating electromagnetic pulses (EMPs) that would cripple our power grid. Best selling author, Brad Thor writes about this scenario in his 2014 novel, “Act of War”. Over 30 years ago, another novel, “Warday,” dealt with a similar scenario. Today, we have a new book called, “2034: A Novel of the Next World War,” coauthored by a heavily decorated former Marine and four-star Admiral James Stavridis, who was the supreme commander of NATO. It claims to be a novel. But it looks like a prediction of what will happen if we don’t take cyberattack defense seriously.
The Federal Power Act gives the president the authority to declare a grid emergency and to delegate the authority to deal with it to the secretary of Energy. In 2015, Congress passed a law with a delightful acronym: FAST, the Fixing America’s Surface Transportation Act. This law authorizes the Energy Department to issue rules governing the secretary’s actions in a cyberattack. After deliberating for about three years, the U.S. Department of Energy finally issued a rule defining the powers of the secretary if the president declares a grid emergency. In addition, we have a Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security.
That might turn our electricity back on after a disaster strikes — but what about prevention? We clearly need a United States Cyber Force to stop disasters from happening in the first place.
On December 17, 1903, Orville and Wilbur Wright made the first airplane flight. It only took the United States 44 years to figure out the enormous impact aircraft have in defending our country. So, in 1947, we formed the United States Air Force as the fifth branch of service.
On April 12, 1961, Russian Cosmonaut Yuri Gagarin made the first manned space flight. Twenty-three days later, on May 5, 1961, Alan Shepard became the first American in space. Since then, citizens from 37 countries have flown in space and 11 countries reputedly have the ability to launch their own spacecraft. After watching the Russians and the Chinese and the other nations get into the space game, it only took official Washington 58 years to realize space was the new frontier of defense. Finally, on December 20, 2019, they created a new sixth branch of our armed forces, the United States Space Force.
During World War II, we had the Army Air Corps. Today, we have a Cyber Command. We needed a U.S. Air Force then; and we need a U.S. Cyber Force now. We must establish a seventh branch of our armed forces today to protect us from cyberattacks.
We can’t afford to wait 44 or 58 years this time. We need Congress and our government to create a United States Cyber Force now.
Michael Curley is a visiting scholar at the Environmental Law Institute and is on the advisory board of the cybersecurity organization, Protect Our Power.