by Bobby Akart
Most critical infrastructure system vulnerabilities can be reduced below the level that potentially invites attempts to create a national catastrophe. By protecting key elements in each critical infrastructure and by preparing to recover essential services, the prospects for a terrorist or rogue state being able to achieve large-scale, long-term damage can be minimized. This can be accomplished reasonably and expeditiously.
Such preparation and protection can be achieved over the next few years, given a dedicated commitment by the federal government and an affordable investment of resources. We need to take actions and allocate resources to decrease the likelihood that catastrophic consequences from an EMP attack will occur, to reduce our current serious level of vulnerability to acceptable levels and thereby reduce incentives to attack, and to remain a viable modern society even if an EMP attack occurs. Since this is a matter of national security, the federal government must shoulder the responsibility of managing the most serious infrastructure vulnerabilities.
Homeland Security Presidential Directives 7 and 8 lay the authoritative basis for the Federal government to act vigorously and coherently to mitigate many of the risks to the Nation from terrorist attack. The effects of EMP on our major infrastructures lie within these directives, and the directives specify adequate responsibilities and provide sufficient authorities to deal with the civilian sector consequences of an EMP attack.
In particular, the Department of Homeland Security (DHS) has been established, led by a Secretary with authority, responsibility, and the obligation to request needed resources for the mission of protecting the US and recovering from the impacts of the most serious threats. This official must assure that plans, resources, and implementing structures are in place to accomplish these objectives, specifically with respect to the EMP threat. In doing so, DHS must work in conjunction with the other established governmental institutions and with experts in the private sector to most efficiently accomplish this mission. It is important that metrics for assessing improvements in prevention, protection, and recovery be put in place and then evaluated and that progress be reported regularly. DHS must clearly and expeditiously delineate its responsibility and actions in relation to other governmental institutions and the private sector, in order to provide clear accountability and avoid confusion and duplication of effort.
Specific recommendations are provided below with respect to both the particulars for securing each of the most critical national infrastructures against EMP threats and the governing principles for addressing these issues of national survival and recovery in the aftermath of EMP attack.
It will not be possible to reduce the incentives for an EMP attack to an acceptable level of risk through defensive protection measures alone. It is possible to achieve an acceptable level of risk and reduced invitation to an EMP attack with a strategy of:
· Pursuing intelligence, interdiction, and deterrence to discourage EMP attack against the US and its interests
· Protecting critical components of the infrastructure, with particular emphasis on those that, if damaged, would require long periods of time to repair or replace
· Maintaining the capability to monitor and evaluate the condition of critical infrastructures
· Recognizing an EMP attack and understanding how its effects differ from other forms of infrastructure disruption and damage
· Planning to carry out a systematic recovery of critical infrastructures
· Training, evaluating, “Red Teaming,” and periodically reporting to the Congress
· Defining the Federal Government’s responsibility and authority to act
· Recognizing the opportunities for shared benefits
· Conducting research to better understand infrastructure system effects and developing cost-effective solutions to manage these effects
The cost for such improved security in the next 3 to 5 years is modest by any standard—and extremely so in relation to both the war on terror and the value of the national infrastructures involved. Costs at later times may be adjusted to deal with the then-apparent threat and future levels of effort required.
INTELLIGENCE, INTERDICTION, AND DETERRENCE
The federal government’s efforts to establish and maintain a global environment that profoundly discourages potentially catastrophic attacks is our first line of defense. The development, trading, and movement of critical materials and weapons useful for mounting WMD attacks, including those that are based on the use of EMP, must be identified as early in the process as possible. The methods and materials that could encourage an EMP attack must be added to the list of threats presently being sought out and annihilated. The US and its allies against transnational terrorism must make it exceedingly difficult and dangerous for organizations to position themselves to be a threat, or allow others to use their country and its assets in order to become a threat, specifically including EMP threats. We must hold potential perpetrators at risk of capture or destruction, whenever and wherever in the world they operate.
PROTECTING CRITICAL COMPONENTS OF THE INFRASTRUCTURE
Some components of critical infrastructures, such as large turbines, generators, and high-voltage transformers in electrical power systems, and electronic switching systems in telecommunication systems, would require long periods of time to repair or replace. These components should be configured so that even under electronic disruption and damage, such as could be produced by EMP, they do not become further damaged in the course of shutting down or attempting to restore themselves. This type of damage has occurred in the past. During the Northeast power blackout of 1965, Consolidated Edison generators, transformers, motors, and auxiliary equipment were damaged by the sudden shutdown. In particular, the #3 unit at the Ravenswood power plant in New York City suffered damage when the blackout caused loss of oil pressure to the main turbine bearing. The damage kept that unit out of service for nearly a year, and more immediately, complicated and delayed the restoration of service to New York City.
MAINTAINING THE CAPABILITY TO MONITOR AND EVALUATE THE CONDITION OF CRITICAL INFRASTRUCTURES
After an EMP attack, system operators and others in positions of authority and responsibility must have immediate access to information sufficient to characterize the state of their critical infrastructure systems. Without such system monitoring and reporting information, the system operators will not have the information required to evaluate the extent of the loss of infrastructure and know how to begin restoration of their systems. They may even induce further damage by taking inappropriate actions or failing to take necessary actions. During the time leading up to the August 14, 2003, Midwest power blackout that affected both the United States and Canada, key system operators did not have a functioning alarm system, did not recognize that the alarm system was not functioning, and had only fragmentary information on the changing configuration of the rapidly collapsing power grid for which they were responsible.
RECOGNIZING EMP ATTACK
Electronic upsets and failures occur under normal operating circumstances, even in high-reliability equipment such as that supporting critical infrastructure. EMP-induced upsets and failures, however, are different from those encountered in the normal operation of infrastructure systems, and in fact have unique aspects not encountered under any other circumstances.
EMP produces nearly simultaneous upset and damage of electronic and of other electrical equipment over wide geographic areas, determined by the altitude, character, and explosive yield of the EMP-producing nuclear explosion. Since such upset and damage is not encountered in other circumstances and particularly not remotely to the same scale, the normal experience of otherwise skilled system operators and others in positions of responsibility and authority will not have prepared them to identify what has happened to the system, what actions to take to minimize further adverse consequences, and what actions must be carried out to restore the impacted systems as swiftly and effectively as possible.
Special system capabilities an
d operator awareness, planning, training, and testing will be required to deal with EMP-induced system impacts. The first requirement is for the operators of critical infrastructure systems to be able to determine that a high-altitude nuclear explosion has occurred and has produced a unique set of adverse effects on their systems. That information can be provided by local electromagnetic sensors, by information from Earth satellite systems, or by other means. Whatever the means, the operators and others in positions of authority and responsibility must receive the information immediately. Therefore, the EMP event notification system must itself be highly reliable during and after an EMP attack.
Operators and others in positions of authority and responsibility must be trained to recognize that an EMP attack in fact has taken place, to understand the wide range of effects it can produce, to analyze the status of their infrastructure systems, to avoid further system degradation, to dispatch resources to begin effective system restoration, and to sustain the most critical functions while the system is being repaired and restored. Failures similar to those induced by EMP do not occur in normal system operation; therefore, the training for, and experience developed in the course of, normal system operation will not provide operators with the skills and knowledge base necessary to perform effectively after EMP-induced system disruption and failure. Training, procedures, simulations, and exercises must be developed and carried out that are specifically designed to contend with EMP-induced effects.
PLANNING TO CARRY OUT A SYSTEMATIC RECOVERY OF CRITICAL INFRASTRUCTURES
A crisis such as the immediate aftermath of an EMP attack is not the time to begin planning for an effective response. Plans to avoid causing further damage to critical infrastructures and to carry out a systematic recovery of those infrastructures must be in hand at the earliest possible time. Planning for responding to an EMP attack should begin now and should be carried out jointly by system operators, hardware and software providers, and experts in both the government and private sectors.
Individual infrastructure systems have many similar electronically based control and monitoring functions. The primary features of EMP attack mitigation in each infrastructure include elements of protection of critical functions, identifying where damage within the system is located, dispatch/allocation of resources to allow for timely restoration and development of operational procedures including simulation of both individual and interacting infrastructures, training, testing, and governance. This requires test and evaluation of both existing and future systems to identify weak spots subject to EMP damage and focus mitigation activities accordingly. EMP protection thus has a substantial aspect focused on individual functioning units within each system that contains electronic components, although not necessarily on the individual electronic subcomponents of these units themselves. These units include distributed Supervisory Control and Data Acquisition (SCADA) modules, mobile communicators, radios, embedded control computers, etc. New units can be EMP-hardened for a very small fraction of the cost of the non-hardened item, e.g., 1% to 3% of cost, if hardening is done at the time the unit is designed and manufactured. In contrast, retrofitting existing functional components is potentially an order of magnitude more expensive and should be done only for critical system units. It is important to note, however, that for protection to remain functional, it must be tested and maintained in its operational mode with rigor and discipline.
TRAINING, EVALUATING, RED TEAMING, AND PERIODICALLY REPORTING TO THE CONGRESS
Identifying an EMP attack, understanding the state of the system after attack, developing and implementing plans for system restoration, and having operators and others in positions of authority and responsibility trained to recognize and respond effectively are elements of strategy that are common to managing the effects of EMP for each of the Nation’s critical infrastructure components. Conducting and evaluating the results of training, simulations, tests, and Red Team activities, and periodically reporting the results to senior executive branch leaders, the Congress, and the public are important elements of being well-prepared for EMP attack, which in turn will sharply reduce the incentives for conduct of such an attack.
DEFINING THE FEDERAL GOVERNMENT’S RESPONSIBILITY AND AUTHORITY TO ACT
Governance of the critical infrastructures such as electrical power systems and communications is presently distributed among statutory governmental entities at the federal, state, regional, and municipal levels, as well as among a variety of non-governmental entities. A multiplicity of statutory bodies, private companies, associations, and individual owners also participate in determining decisions and actions. Nevertheless, the process is coordinated, albeit loosely, to produce normal efficient, reliable, and high quality service that is the envy of the world—in a peacetime environment.
A terrorist threat—let alone a terrorist attack—is outside the ambit of normal governance of the key national infrastructures. In dealing with such threats, the Department of Homeland Security has the unique and sole responsibility and authority to govern the specific actions and involved parties within the US, including requesting enabling Congressional funding as appropriate and necessary. DHS must interact with other governmental institutions and the private sector in defining liability, responsibility and funding in order to enable private and government facilities, such as independent power plants, to contribute their capability in a time of national need, yet not interfere with market creation and operation to the maximum extent practical.
Industry associations, system owners/providers, private consultants, and universities all will be able to contribute useful levels of knowledge and skills. DHS is responsible for making the prudent trade-offs within each mitigation activity between performance, risk, schedule, and cost in relation to consequent system protection and then-expected risk in order to achieve maximum protection. For example, some actions taken to protect a system from an EMP attack may diminish the reliability or quality of that system’s normal commercial performance, while other actions may improve the performance.
As an example of resources readily available to DHS with respect to the electric system, the North American Reliability Counsel (NERC) and the Electric Power Research Institute are well-positioned to provide much of the support needed in regard to the EMP threat. Working closely with industry and these institutions, the DHS should provide for the necessary capability to control the national bulk electricity supply system in order to protect critical services, minimize its self-destruction in the event of an EMP attack, and recover its normal capabilities as rapidly and effectively as possible thereafter.
RECOGNIZING THE OPPORTUNITIES FOR SHARED BENEFITS
Most of the following initiatives and actions the Commission recommends militate against more than an EMP attack. The protection and/or rapid restoration of critical infrastructures in the civilian sector from an EMP attack also will be effective against other types of infrastructure disruptions, such as attacks aimed at directly damaging or destroying key components of the electrical system, and natural or accidental large-scale disruptions are also significantly mitigated by these same initiatives. Some of these steps also enhance reliability and quality of critical infrastructures, which is a major direct benefit to the US economy and to our way of life.
CONDUCTING RESEARCH AND DEVELOPMENT
Very little research and development addressing EMP-related system response protection and recovery issues has been done for more than a decade. Conducting research to better understand infrastructure system effects and developing cost-effective solutions to manage these effects will be important to understanding the implications of the rapid evolution of electronics and electrical systems, and their growing role in controlling and operating modern critical infrastructure.
ELECTRIC POWER INFRASTRUCTURE
NATURE OF THE PROBLEM
Electric power is integral to the functioning of electronic components. For highly reliable systems such as commercial and military telecommunications, electric power usu
ally comes from batteries (in the short term), local emergency power supplies (generally over time-intervals of less then 72 hours), and electricity delivered through the local electrical utility (“power” lines in the home, office and factory). Local emergency power supplies are limited by supplies of stored fuel. Increasingly, locally stored fuel in buildings and cities is being reduced for fire safety and environmental pollution reasons, so that the emergency generation availability without refueling is limited.
Geomagnetic storms, a natural phenomenon driven by the solar wind, may, by a different physical mechanism, produce ground-induced currents (GIC) that can affect the electrical system in a manner similar to the E3 component of EMP. Disruptions caused by geomagnetic storms, such as the collapse of Quebec Hydro grid during the geomagnetic storm of 1989, have occurred many times
Depending on the explosive yield of the nuclear weapon used, EMP-induced GIC may be several times larger than that produced by the average geomagnetic storm, and may even be comparable to those expected to arise in the largest geomagnetic storm ever observed. It may also occur over an area not normally affected by historic geomagnetic storms.
The North American economy and the functioning of the society as a whole are critically dependent on the availability of electricity, as needed, where and when needed. The electric power system in the US and interconnected areas of Canada and Mexico is outstanding in terms of its ability to meet load demands with high quality and reliable electricity at reasonable cost. However, over the last decade or two, there has been relatively little large-capacity electric transmission constructed and the generation additions that have been made, while barely adequate, have been increasingly located considerable distances from load for environmental, political, and economic reasons. As a result, the existing National electrical system not infrequently operates at or very near local limits on its physical capacity to move power from generation to load. Therefore, the slightest insult or upset to the system can cause functional collapse affecting significant numbers of people, businesses, and manufacturing. It is not surprising that a single EMP attack may well encompass and degrade at least 70% of the Nation’s electrical service, all in one instant.