Infrastructure Council Defines Cyber/Physical Threat Combo as Potential New Danger

Natural disaster flood min

When the Big One hits, the United States won’t be ready for it.

In this case, the big one is a power outage “of a magnitude beyond modern experience” that could paralyze entire regions for weeks or months, cripple the country’s operations, and strain emergency organizations well past their ability to respond, according to a new report from the National Infrastructure Advisory Council (NIAC). Citing the increasing likelihood of both natural and manmade disasters, NIAC said the country needs to prepare now for such a catastrophic event.

“This profound threat requires a new national focus,” the report states. “The NIAC found that our existing plans, response resources, and coordination strategies would be outmatched by an event of this severity. Significant action is needed to prepare for a catastrophic power outage that could last for weeks or months.”

The council, a public-private group created to advise the White House on infrastructure protection, said the most severe outage could occur as a result of a hybrid event, such as a cyber attack conducted in concert with a physical attack, or a physical attack timed to accompany a natural disaster. An outage that severe, spanning states or regions and tens of millions of people, would quickly exhaust the resources of local, state, and Federal mutual aid organizations. “An event of this severity may also be an act of war, requiring a simultaneous military response that further draws upon limited resources,” the report points out.

The types of threats the report outlines are growing in intensity. Natural disasters, spurred by climate change and other factors, are steadily becoming more severe. Cyber threats to infrastructure also are on the rise, highlighted by Russia’s campaign earlier this year against the power grid and other sectors, and its successful 2015 cyberattacks on Ukraine’s power system. Other countries, particularly China, Iran, and North Korea, also have become more active–and aggressive–in cyberspace. And the growing importance of cyber operations as an essential element of military operations increases the likelihood of hybrid warfare that combines cyber, kinetic, economic, and other fronts.

Along with gaining better understanding of how cascading power failures can impact recovery, NIAC’s report recommends seven key steps toward improving the country’s ability to respond to a cataclysmic power loss:

  • Outline the response chain of command from the cabinet level on down and identify which Federal agencies will be involved and how;
  • Identify what infrastructure sectors, cities, municipalities, and rural areas would need to respond;
  • Provide guidance to state and local governments on how to cooperate in providing services and shelter, and maintaining health and safety;
  • Create incentives to help state and local organizations respond, including financial support, and removing financial and regulatory barriers;
  • Conduct a series of exercises both to prepare and identify gaps in the response plan;
  • Ensure that all critical natural gas pipelines meet required standards so they’re available to provide “black-start generations,” which can restore power without relying on the external electric power transmission network; and
  • Develop a flexible, adaptable, self-powered emergency communications system to connect the response operations.

The report notes that some of its recommendations are already in progress to various degrees. The Department of Homeland Security has had a National Emergency Communications Plan since 2014. The Commerce Department and AT&T this year made the FirstNet nationwide public safety communications platform available to first responders. And the Defense Advanced Research Projects Agency (DARPA) recently used a small island off the coast of Long Island to simulate an attack on the U.S. power grid. DARPA also has a program called Rapid Attack Detection, Isolation and Characterization Systems intended to enable black-start recovery of power grids taken out by cyberattacks.

At the state level, Florida Power and Light, for example, has created a model for identifying and hardening the “community circuits” that feed power to critical services to their local communities. NIAC notes that this approach could be extended to the infrastructure for fuel resupply, communications, water, and wastewater management.

NIAC urges support of these and similar initiatives, while also encouraging new projects that would improve response. The report also stresses the importance of a whole-of-nation approach involving both the public and private sectors. “The solutions we identified will require strong public-private collaboration–as NIAC has recommended previously–to address the scale and significance of catastrophic power outages,” the report states.

Categories

Recent