Whether the threat is coming from abroad, across the border or, as is often the case in their fevered imaginations, both, conservatives tend to imagine themselves as America's hyper-vigilant protectors. That's one of the reasons why rising GOP star Sen. Tom Cotton, when he warned of a secret collaboration between the Mexican cartels and ISIS, was not laughed out of politics. (On the contrary, he coasted his way to a blowout victory.) And it's one of the reasons why a cartoonish warmonger — or "noted death walrus," as Jeb Lund once called him — like John Bolton is still regarded by many conservatives as a foreign policy savant.
Yet for all the GOP's tough talk on national security, there's one threat to national security that Republicans have barely talked about. It's a big one, too: An attack on the nation's power grids, which are responsible for sustaining so much of the technology that defines life as we know it. And according to the celebrated, award-winning and legendary journalist Ted Koppel's new book, "Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath," an attack on America's power grids is, unlike the cooperation between ISIS and the Sinaloa, a real possibility.
Recently, Salon spoke over the phone with Koppel about power grids, his new book, and what the media should be asking of today's presidential candidates. Our conversation is below and has been edited for clarity and length.
What about the vulnerability of the power grid piqued your interest enough to write a book?
Well, there have been a number of sort of dire warnings issues by very responsible people — not the least of them the president, who in the State of the Union address in 2013 issued a warning about people who are trying to get into the power grid and cause all this damage.
Leon Panetta, back when he was secretary of defense, gave a speech in which he spoke of a equivalent of a cyber Pearl Harbor. [Former Secretary of Homeland Security] Janet Napolitano gave a similar kind of warning.
What piqued my interests was, despite the fact that these were responsible people who have been in high government jobs, and that the warnings were very relatively unambiguous and pretty dire, it got almost no public attention.
So the first question I asked myself was, what has been done to prepare the public for the eventuality [of an attack on the nation’s power grids]. And my hunch was that the answer would be, not much. My finding was that it doesn’t even rise to that high a level.
You’ve heard plenty of high-ranking public officials say things that turned out not to be true, though — especially on the subject of “national security.” What convinced you that this was not one of those cases?
To begin with, it’s not as if cyber attacks are a rarity these days.
They’ve been enormously successful in areas of grand larceny, in areas of scooping out lots of private information, in areas of intelligence scandals. Hackers have been able to steal enormous sums of money, to accumulate millions of private files, and, most recently, the Chinese apparently hacked into and acquired files of more than 22 million current and former government employees.
So, if it’s happening in all of those areas, it doesn’t on the face of it seem that unlikely that it could also happen in the area of hacking into our infrastructure.
What did people who were familiar with this sector, but not in the government, tell you?
I don’t want to leave you with the impression that everyone told me, “Yes, absolutely, this will happen.” But enough people whose opinions I came to respect did say that.
For example, those in the industry, and in the industry trade organizations, who were staunchly insisting that it could not or will not happen, they were not all that compelling in the arguments they made.
As a reporter, there simply comes a point at which you have to go with your gut: What do I believe? At the end of the better part of a year of research, I believed those who said they think it can or will happen.
We talk about “the power grid,” but there’s more than one, right?
There are three power grids. There’s the Eastern Interconnect, which is by far the biggest of them and covers the entire East Coast, way into the Midwest. Texas has its own power grid; and then there’s a third power grid for the West Coast.
And what do they do, exactly?
Essentially, what the power grids do is connect thousands of power companies.
There was a time, until deregulation, when there were only a handful of power companies and they were vertically integrated companies that controlled everything from the generation of the electricity to the transportation of electricity across great distances and then ultimately, the delivery of electricity to customers at the local market.
With the deregulation of the power industry, we now have approximately 3,200 companies.
What do these companies do to protect themselves?
Some of these companies, the biggest [ones], have done extraordinary work in terms of defending their equipment and the connections that they have with the private customers. But the smaller companies simply don’t have the resources to engage in that kind of defensive behavior. Where the problem arises is, a really skilled hacker could hack into one of the smaller ones, or several of the smaller ones.
It’s incredibly complex, but there is no question that the Chinese have successfully hacked into at least one of our power grids. The Russians have done so also. The Iranians, the North Koreans and possibly individual [hackers] are on the verge of being able to do so, if they haven’t done it already.
Why would a state government try to do this? What would be the goal of an attack on a power grid?
Let’s start with the reverse of the question, if you don’t mind.
Those two nations who have the greatest capability, the Chinese and the Russians, they are the least likely to [attack], because they know the United States could do the same thing to them. There is the equivalent of a sort of “mutually assured destruction.” On the other hand, you also have thousands upon thousands of interrelationships between Chinese business, Chinese industry, Chinese government and the United States. And despite the fact that relations with Russia these days are not that good, we also have thousands of relations with the Russians.
The North Koreans are often mentioned in the context of possible cyber-attack backers. What about them?
The North Koreans are really unpredictable — to say that is almost ludicrously obvious.
It can be relatively easy to hide the origin of a cyber attack. Simply look back at what happened after the North Koreans, almost indisputably, hacked into Sony Pictures. There were warnings and threats from the president that there would be consequences. But the consequences were so trivial, that they were unlikely to [stop] the North Korean government.
Part of the problem is that North Korea — if you ever look at one of those photographs from space-satellites of North and South Korea, at night, South Korea is just lit up with millions upon millions of lights while North Korea is essentially dark. So they don’t have a great deal of vulnerability to a cyber attack for the simple reason that they don’t have much of an infrastructure. There’s not much to hit.
What would the government need to do to ensure that all of these 3,200 companies are adequately protected from attack?
In order to impose government regulations, you would have to re-regulate the power industry. I had a long conversation with [former] Senator Jay Rockefeller, who served on the Senate Intelligence Committee and was the Chairman of the Commerce Committee, and I asked him why is it that the senate hasn’t passed more rigorous regulation. He pointed to big business and the power industry itself; they don’t want to be re-regulated. They’ve been using their lobbying capabilities to prevent that from happening.
So what would you be asking of the presidential candidates in this regard if you were on the campaign trail?
My question to the candidates would be, “What is are you doing to prepare the public [for an attack]?”
I’ll tell you, at this point, the answer to that question is: zip, nothing. What’s being done to the public, is essentially, a repetition of the kind of advice given if there’s a hurricane coming or a major blizzard on it’s way. You know, like, have two or three days of food and water, make sure you have extra batteries for your portable radio, make sure you have adequate medicine for two or three days, etc.
But we’re not talking about two or three days, here; we’re talking about weeks, maybe months, maybe longer. And, so far, the government has no plan. That, I find irresponsible.