by Ted Koppel
That may be where the plan implodes. “Right now,” Alexander acknowledged, “you’d have a problem with the Electronic Communications Privacy Act for industry sharing with government, and for government sharing with industry.”
As noted, this is not a good time to be arguing that the NSA needs more access to the security mechanisms protecting the U.S. power industry. But the NSA has repeatedly insisted that it is not looking at the content of communications between and among Americans, and Alexander made the same argument for an operational control system that would scan the overlapping networks of U.S. power companies. Using Alexander’s analogy to the ADT home security system, his company would merely be alerting the customer to the fact that an unauthorized party was trying to break into the house. The operative question is whether Alexander’s company could then legally pass that information on to the government or another power company, which would be equivalent to ADT calling the police or alerting a neighbor. Detecting a cyber intrusion may not involve looking at content, but determining the nature of that intrusion almost certainly would. Once the police arrive on the scene, to complete the analogy, they would check out the house, and that’s where privacy might be compromised. The advantage of the Alexander plan presumably lies in the fact that content would be monitored only when an intrusion has taken place.
Still, Alexander is a realist. He recognizes that his plan for a low-cost, home-protection-style alert system for small to medium-sized power companies will only function if the information can be shared across the industry and between industry and government. He also knows that a truly functional, top-to-bottom cybersecurity system for the electric power industry is not likely to happen until after a major, debilitating attack on the grid has occurred. Until then, “half of the Congress will say why we should do it, and then the other half will say why we shouldn’t do it. And then they’ll argue it, and they have no tactical understanding, most of them, about what they’re arguing. Unless there’s a true crisis, we’re going to move slow.” Even if everybody got behind it, said Alexander, “it would probably take five to seven years.” At the moment, it would be fair to say that everybody is not behind the plan.
Gary Dylewski, a former fighter pilot and major general in the Air Force who in 2012 cofounded Patriot Solutions International with Ken Eichmann, a retired Air Force lieutenant general, also has a plan. His idea is to supply a secure backup supply of electricity for essential facilities in the event of a grid being taken down. Among the studies his company has been hired to undertake are a few energy security initiatives sponsored by the Department of Defense. The Defense Department, it turns out, is particularly worried about energy security on military bases.
Thirty-odd years ago, Dylewski explained, military bases typically produced their own power. That was prudent from a security point of view, but the operation of those power plants was also expensive. Gradually the Pentagon ordered all but a few of the bases to work out an arrangement with their local power company, plugging into the grid for efficiency and economy. “In today’s world,” Dylewski told me, “with the threats to energy security and threats to local grids, the military is now looking at how [we can] sort of go back to the future.”
One of the answers currently being examined is nuclear plants. Not the 1,000–1,200 megawatt variety, the licensing of which became encumbered by so many safety considerations in the wake of Three Mile Island and Chernobyl that it’s been decades since one was constructed. Rather, Dylewski is talking about using small, modular reactors of the kind used in certain naval ships over the past fifty years. Those reactors do not have to go through the licensing and certification process normally required by the Nuclear Regulatory Commission because they are considered to be on military property.
Patriot Solutions is working with the center for energy security at the University of Texas. Among their advisors is Dr. Dale Klein, who used to certify nuclear power plants for the NRC. He said that small nuclear reactors are demonstrably safe, given that they haven’t had an accident during the fifty years they’ve been in use. Furthermore, Klein pointed out, if you put these reactors on military bases, you could greatly shorten the approval time for licensing and provide secure energy for the base. Since these modular reactors on military bases could produce more energy than they need, cooperative agreements could be worked out with local communities, providing emergency power to hospitals, police departments, and other first responders in the event that the grid goes down.
I asked Dylewski to lay out a best-case scenario: “If the Departments of Energy and Defense were to go to the president and say, ‘We really think we ought to do this,’ what are we looking at in terms of time?”
“If you used a technology that’s familiar to the NRC, I would say between five and ten years,” he told me. But since no one has yet authorized Gary Dylewski’s plan, the clock hasn’t even started.
It is not a hopeful scenario. One partial solution with promising implications is overshadowed by widespread and lingering concerns over the safety of nuclear power. The outline of a defensive structure against cyber intrusions on critical infrastructure runs afoul of privacy concerns and suspicions of an inappropriate scheme to cash in on an accumulation of classified background. Indeed, General Alexander’s alma mater, the National Security Agency, is so proficient at what it does, that its virtuosity makes it suspect. There is no question that the most sophisticated technology, supported by the largest budgetary allocations and administered by the most capable electronic intelligence experts in government service, is at the National Security Agency. The NSA, said David Petraeus, is “far and away the most competent, capable, best-in-the-world entity” in terms of cybersecurity and analysis. Following the revelations made by Edward Snowden, it is also, Petraeus added, “a bit radioactive in terms of domestic cybersecurity.” That sense of public mistrust has only been building since March of 2013, when James Clapper, the director of national intelligence, was asked at a congressional hearing whether the NSA collects “any type of data at all on millions or hundreds of millions of Americans.”
“No, sir,” said Clapper.
Senator Ron Wyden followed up. “It does not?”
“Not wittingly,” said Clapper. “There are cases where they could inadvertently perhaps collect, but not wittingly.” Documents released by Edward Snowden revealed that to be untrue. Clapper was subsequently obliged to make the embarrassing admission that what he had said was “erroneous” but the “least untruthful” answer he could give. By late spring of 2015 a congressional coalition of privacy advocates, libertarians, and Tea Party activists forced the NSA to surrender the bulk collection of phone records to the telephone companies themselves, requiring a court order for the NSA to gain access to those records.
General Petraeus was anticipating even further erosion of the NSA’s authority. All this bad publicity may, according to Petraeus, “accelerate the transition of some tasks that might have been performed by NSA…to the Homeland Security Department.” It was clear he didn’t think that was a good idea. “I don’t think they have the same personnel rules. They certainly don’t have the same cachet. I mean, people want to work for the NSA. They very much want to work for my old organization [the CIA]. I’m not sure the same could be said for the DHS yet.” Petraeus was, if anything, understating the problem. Even some of Homeland Security’s staunchest defenders acknowledge drawbacks. Larry Zevlin, who was until late 2014 director of the National Cyber and Communications Integration Center at DHS, told me he loved working at the department and thought the people were “phenomenal,” but he conceded that the turnover at DHS was high. Janet Napolitano, who headed up the department for nearly five years, acknowledged the same point. If you were a scientist or mathematician working on cybersecurity, she told me, the NSA was simply the place to be.
It doesn’t help that the Department of Homeland Security, whose mission, as declared on its website, is “a safer, more secure America, which is resilient against terrorism an
d other potential threats,” ranks nineteenth out of nineteen large government agencies in an annual survey of best places to work in the federal government. DHS ranked nineteenth on effective leadership, nineteenth on empowerment, nineteenth on fairness, nineteenth on its senior leadership, nineteenth on supervisors, nineteenth on strategic management and teamwork, nineteenth on training and development. The intelligence community, including NSA, was ranked second (after NASA). The question then, is this: do we resolve the issue of domestic spying by taking aspects of cybersecurity out of the hands of the most competent agency and putting them in the hands of the least competent?
The Department of Homeland Security was created in an atmosphere of national trauma. The world’s greatest superpower was made to realize its vulnerability to a handful of men armed with box cutters. Passenger planes could be reconfigured as missiles. We remain distracted to this day by the prospects of retail terrorism when we should be focused on the wholesale threat of cyber catastrophe. In such an event, the Department of Homeland Security would be working with industry to help them restore and maintain service. It should be focused on developing a more robust survival and recovery program for the general public; but DHS has neither the capacity to defend our national infrastructure against cyberattack nor the wherewithal with which to retaliate. A criminal attack would be the responsibility of the FBI; an attack on infrastructure by a nation-state or a terrorist entity would become the immediate responsibility of the Defense Department. Anticipating and tracking external cyber threats to U.S. infrastructure should be, by virtue of capability if nothing else, the responsibility of the NSA.
Limits that were established in a different era still exist on paper, but they are eroding in practice. The CIA is precluded, by law, from operating within the United States, but maintaining national boundaries in cyberspace may be impossible. Cyber Command is a military operation, tasked with organizing the defense of U.S. military networks. The extent to which it can participate in the defense of critical infrastructure within the United States remains murky, but sidelining critical U.S. defense capabilities because we haven’t quite adapted to the notion that a major cyberattack can be as devastating as an invasion makes no sense. In practice, Keith Alexander explained, should a cyberattack be launched against U.S. infrastructure, the president gets his cabinet together, and the decision-making process is similar to what would happen in a nuclear command and control situation: “Because this is happening at network speed, there are things they should lay out ahead of time….[I]f someone were coming in to take out the power grid…this could have a long-term impact on our nation.” On that conference call with the president and his national security staff would be the secretary of defense, the chairman of the Joint Chiefs, and the commander of the U.S. Cyber Command. Homeland Security would be at the table, “because they have a role there to work with industry,” but it is clear that Alexander regards their role in providing security as strictly secondary.
We have become disoriented by the similarities between the aftermath of a natural disaster and what will be required when it comes to helping the nation deal with the aftermath of a cyberattack on a grid. We need to adapt to the realization that at an as-yet-undetermined point a cyberattack on one of the nation’s three electric power grids amounts to an attack on the United States. It would be no less an act of war than an air raid by enemy bombers or a strike by enemy missiles. When General Alexander describes the emergency cabinet meeting that the president would convene in such an event, he pointedly compares it to what would take place in a nuclear command and control situation. What would result directly from such an attack—the population flow, the extended distribution of emergency supplies, and the likelihood of civil unrest—would require the combined expertise and resources of many government agencies, but all would fall, inevitably, under the overall control and management of the military. It is the only organization with the equipment and manpower equal to the task. That will become all too self-evident after an electric power grid is disabled.
The imposition of order, the distribution of essential supplies, the establishment of shelters for the most vulnerable, the potential management of hundreds of thousands, if not millions, of domestic refugees will be complex enough if the general public knows what to expect and what to do. In the absence of any targeted preparation, in the absence of any serious civil defense campaign that acknowledges the likelihood of such an attack, predictable disorder will be compounded by a profound lack of information. It would be the ultimate irony if the most connected, the most media-saturated population in history failed to disseminate the most elementary survival plan until the power was out and it no longer had the capacity to do so.
20
Summing Up
Some wish for cyber safety, which they will not get. Others wish for cyber order, which they will not get.
— DAN GEER
We are at one of those evolutionary stages in history that tracks the end of an era. It’s not so much a hinge moment as a discernible shift, a gradual transfer of control. The exercise of power, transformational power, is popping up in unpredictable places in unexpected hands. The Internet as a weapons system has traditional applications for governments seeking to project power, but its accessibility is not exclusive to nation-states. We still need to worry about what the Russians, the Chinese, the Iranians, and the North Koreans will do, and they need to be equally concerned about us. But for the first time in the history of warfare, small groups, even individuals, can undermine the critical infrastructure of a state.
It was Ed Markey, then a congressman, who back in 2010 solicited the opinions of some of the nation’s top national security experts on the vulnerability of the grid. He provided a redacted version of that confidential letter for this book. When I asked Markey to respond to officials at the Department of Homeland Security who insist that the grid is resilient, he said, “They are ignoring the warning of almost every national security expert who has studied the issue.”
It is time to decide which experts we are prepared to trust. In researching this subject, I have found myself relying significantly on the expertise of George Cotter. His credentials, as former chief scientist at the National Security Agency, are a major factor, but at some point or another, all reporters find themselves confronting a moment of decision. Almost by definition, when we are dealing with complex subjects, we tend to be less knowledgeable than the sources we are interviewing. At one point or another in this process, each of us ends up trusting his gut—deciding, quite simply, how much confidence to place in each source. I think George Cotter knows what he’s talking about. In April 2015 Cotter produced his fourth white paper in a series titled Security in the North American Grid—A Nation at Risk. He sends these white papers to policy makers and federal institutions charged with homeland defense. All the material cited is unclassified. Although the paper is technical, its conclusions are simple and stark:
With adversaries’ malware in the National Grid, the nation has little or no chance of withstanding a major cyberattack on the North American electrical system. Incredibly weak cybersecurity standards with a wide-open communications and network fabric virtually guarantees success to major nation-states and competent hacktivists. This [electric power] industry is simply unrealistic in believing in the resiliency of this Grid subject to a sophisticated attack. When such an attack occurs, make no mistake, there will be major loss of life and serious crippling of National Security capabilities. [Emphasis added.]
Cotter’s voice is merely one of the most persistent and best-informed, but his essential message hardly differs from the one Leon Panetta, then secretary of defense, delivered to an audience of security executives in October 2012. Panetta warned that an aggressor nation or extremist group could launch “a destructive cyber-terrorist attack [that] could virtually paralyze the nation.” Some of the potential threats Panetta cited included the deliberate derailing of trains, the contamination of urban water supplies, and “the shutdown of
the power grid across large parts of the country. The collective result of these kinds of attacks could be a cyber Pearl Harbor.”
Panetta was invoking the most vivid of World War II images, one that became instantly synonymous with a surprise attack. But in the case of Pearl Harbor there was no question as to the identity of the attacker. The very next day, President Franklin D. Roosevelt declared war on Japan. We would have no such immediate certainty in the event of a cyberattack. The inability to quickly discover the identity of an aggressor undermines the threat of retaliation. Deliberate misdirection and the chaos caused by the attack increases the possibility that a counterstrike may be aimed at the wrong target. Neither the American public nor the international community has come to terms yet with the notion that a major cyberattack would amount to an act of war, but a war that is as different from any previous war we have known as a nuclear conflict would be from conventional warfare. How do we prepare for something that we have not even adequately defined?
In an Oval Office conversation with New York Times columnist Thomas Friedman in April 2015, President Obama said, “Iran’s defense budget is $30 billion. Our defense budget is closer to $600 billion. Iran understands that they cannot fight us.” The president was talking to Friedman in the context of a nuclear agreement, stressing the disparity between any military force that Iran could hope to project and the U.S. military. Even so, the president certainly knew his statement to be only partly accurate. Iran surely understands that it cannot hope to wage a nuclear war with the United States and win, but Iran will continue pursuing its strategic interests by other means: terrorism, the use of surrogates, and, increasingly, cyber warfare. If it happens, when it happens, the size of Iran’s military budget will be irrelevant. We may not even know with certainty that Iran launched the attack.
