When will America protect itself against EMP, cyber and ransomware attacks?

BY PETER PRY

“A long-term outage owing to EMP could disable most critical supply chains, leaving the U.S. population living in conditions similar to centuries past, prior to the advent of electric power. In the 1800s, the U.S. population was less than 60 million, and those people had many skills and assets necessary for survival without today’s infrastructure. An extended blackout today could result in the death of a large fraction of the American people through the effects of societal collapse, disease and starvation. While national planning and preparation for such events could help mitigate the damage, few such actions are currently under way or even being contemplated.” — Congressional EMP Commission (2017)

The people of Rangely, Colo., are not waiting for Washington to protect them from a Great American Blackout caused by a solar superstorm or cyber warfare or electromagnetic pulse (EMP) attack. Like several other Western municipalities, Rangely, a town of 2,300 in northwest Colorado, home to a community college, has rolled up its sleeves and, in the best traditions of Western pioneering spirit, independence and self-sufficiency, is building redundant microgrids so they can survive anything.

Texas state Sen. Bob Hall and his colleagues aren’t waiting for Washington to “provide for the common defense,” either. Hall’s bill to protect the Texas electric grid from all hazards — including EMP, cyber warfare and sabotage — recently passed the state Senate.

Texans had a small taste of “electronic apocalypse” in February when an ice storm caused statewide rolling blackouts, resulting in property damage totaling billions of dollars, fuel shortages including a reduction in the national fuel supply, industrial accidents, including a major explosion and fire in a chemical plant, and 100 deaths. Experts have cautioned the same could happen during hot, summer weather.

Sen. Hall, a former Air Force officer and an EMP expert, has been warning Texas for years that electric grid vulnerability to EMP and cyber attack could have catastrophic consequences. The Electric Reliability Council Of Texas (ERCOT), which manages the state’s electricity infrastructure, proved in February that they and the utilities are not even prepared to cope with a severe ice storm, let alone existential threats from EMP and cyber warfare.

In South Carolina, Ambassador Henry Cooper, a former Air Force officer, EMP expert and engineer, is working with Duke Energy on the Lake Wylie project to protect a nuclear reactor from EMP — a pilot project that could result in converting 100 U.S. nuclear reactors into “islands of survivability” to help the nation recover in the event of an EMP or cyber attack, or both. The Lake Wylie project began, and continues, as a local grassroots initiative receiving no financial or technical support from the Department of Energy, Nuclear Regulatory Commission, or other agencies of the federal government.

Ambassador Cooper says he has lost faith that Washington will ever act to protect the national electric grid and other life-sustaining critical infrastructures from EMP and cyber warfare. According to Cooper, if America is to be protected, it won’t be done by an incompetent federal government but by the people and the states, working “from the bottom up.”

Now the recent Colonial Pipeline cyber attack appears to prove the ambassador is right. The official story is that Russian hackers made a ransomware attack on the business side of Colonial Pipeline’s information technology network, moving the owners, Koch Industries, to shut down the pipeline to exercise “an abundance of caution.” So supposedly, turning off the 5,500-mile artery that supplies 45 percent of petroleum to the eastern U.S. for civilian and military use — causing gas shortages and panic-buying — was self-inflicted.

Or maybe not.

The U.S. government and Koch Industries might not want to admit that Russian hackers turned off Colonial Pipeline — which they could do by manipulating the supervisory control and data acquisition (SCADA) system that controls the pipeline valves. A cyber attack could destroy the pipeline by manipulating valves to cause excessive pressure, resulting in an explosion. At minimum, the decision to turn off Colonial Pipeline proves that the ransomware threat was sufficiently credible that the government and Koch did not want to take any chances.

So why is Colonial Pipeline vulnerable to Russian hackers, and the Texas electric grid vulnerable to ice storms, and all the nation’s life-sustaining critical infrastructure vulnerable to EMP and cyber attacks?

Since President George W. Bush’s administration established the Department of Homeland Security, protection of the nation’s critical infrastructure supposedly has been high priority. But in truth, little has been done.

Much to their credit, Congress passed the Critical Infrastructure Protection Act in 2015, the White House issued an executive order to protect critical infrastructure from EMP in 2019, and Congress in 2020 incorporated the essentials of the order into the National Defense Authorization Act, giving it the force of law. This month, President Biden issued an executive order to improve cybersecurity. The White House and Congress have given the federal government all the direction and legal authority necessary to protect the nation’s critical infrastructure from existential threats — yet, again, little has been done.

The problem may be that there are too many lawyers and non-expert bureaucrats in charge of national preparedness for EMP and cyber warfare who lack deep technical expertise. The problem may be that lawyers are not forged in a national security culture that gives highest priority to winning a World War III. Lawyers are taught negotiation, compromise, achieving consensus among all stakeholders — which means critical infrastructure never will be protected.

Once upon a time, nuclear physicist Robert Oppenheimer (not a lawyer) led the Manhattan Project to invent the atomic bomb in just three years. Adm. Hyman Rickover, an engineer and not a lawyer, built the U.S. “nuclear navy.” And rocket scientist Werner von Braun, not a lawyer, ran NASA and sent Americans to the moon.

Today what is urgently needed are EMP and cyber warfare experts to run another “Manhattan Project” to quickly protect America’s critical infrastructure. Their maxim should be: “Lead, follow, or get the hell out of the way!”

Dr. Peter Vincent Pry is executive director of the Task Force on National and Homeland Security. He served as chief of staff to the EMP Commission, on the staff of the House Armed Services Committee, and was an intelligence officer with the CIA. He is author of “The Power And The Light: The Congressional EMP Commission’s War to Save America.”