By Jonathan Hollerman
Did America just use an EMP attack against Venezuela’s grid?
Venezuela is once again in the news. If only I had a dollar for every instance someone has asked me what is going on with the Venezuelan electric grid. For the record: I don’t know what is going on with their country’s electric grid or why it keeps failing. All I know is what you know, what is reported in the news. A couple of days ago, Venezuela President Maduro claimed that their electric grid was taken down by “an electromagnetic pulse” attack. I have to assume he’s not claiming a high-altitude nuclear EMP was utilized but implying a localized, directed-energy EMP attack. However, he is making these claims without presenting a single shred of evidence to bolster his assertion. Therefore, I’m inclined not to believe him. However, the convenient timing of these “grid failures” each time the U.S. starts to ramp up pressure for Maduro to step down sure are suspicious and convenient to foreign adversaries that want to blame the U.S. for every evil in the world. Am I claiming that the U.S. is sabotaging their electric grid to turn public opinion against Maduro as others have opined? No, but I agree the timing and optics sure don’t look good. Without clear evidence to the contrary, there is a very strong likelihood that the cause for the blackouts is purely the Venezuelan government’s mismanagement of their grid, just like most American media outlets are reporting. Heck, maybe it was a goat that chewed through the Home Depot extension cord distributing power out of a broken-down Venezuelan power plant that caused the outage. Who knows?
So, if we don’t know what is truly going on in Venezuela, and I don’t have any answers, why am I even bringing up the subject? Optics. It’s not about what you can prove, it’s about what you can make the general population believe. In this current climate of fake news, politicized social-media news algorithms, and manufactured search engine results, it’s not hard to change public opinion if you push enough misinformation from multiple sources for an extended period of time. My concern on this subject is if the international community starts to believe that the U.S. is openly using offensive cyberattacks against our political opponents’ electric grids. If the world believes that narrative, couldn’t we be opening Pandora’s Box and inviting an attack against the American homeland under the same premise of a “proactively defensive” cyberattack? The oxymoronic nature of that term I’ve seen bantered around in the news during the last year makes my head spin.
How the media – and our enemies – perceive the EMP and cyber threats
Let’s change gears for a moment and dig deeper. The American media usually portray the various threats to our electric grid (cyber, EMP, GMD, and physical attacks) as no big deal, without serious consequences, and they certainly don’t give these threats the attention they deserve. Did you know that Iran has the fourth-largest cyber army in the world? Iran began to aggressively build their cyber army decades ago after watching how easily we dismantled Saddam Hussein’s massive conventional army on the field of battle. Read this excerpt from an Iranian Military Journal stating the key to defeating the United States is an attack on a country’s electric grid and that:
“If the world’s industrial countries fail to devise effective ways to defend themselves against dangerous electronic assaults, then they will disintegrate within a few years…American soldiers would not be able to find food to eat nor would they be able to fire a single shot.”
Here’s the kicker: that was written as part of Iran’s war doctrine over twenty years ago! Let that sink in. They’ve been investing in and planning electronic warfare for over twenty years now while America has been totally ignoring the threat from a defensive standpoint. How are those American-Iranian relations going these days? Iran is not stupid and they are NOT going to attack us with their conventional army. You can quote me on that (as some in the media have recently done).
If you aren’t following the cyber threat forums and you are solely trusting in the mainstream media to keep you informed, you’d be unlikely to know that Iran has been infiltrating our electric grid for years preparing for an attack. Did you know that the U.S. conducted an officially sanctioned, and openly reported cyber-attack against Iran less than a week ago? Also, did you know that the U.S. openly infiltrated the Russian power grid just last month? I could give countless more cyberattack related stories that the major media outlets just plain ignore.
The “wild west” of cyber
The United States Cyber Command has been conducting cyber warfare for decades behind the secret doors of the NSA, which I wholeheartedly support. However, the decision to take off the mask and openly declare our offensive cyber-warfare operations to the public is a massive mistake. I believe we are playing with fire and are likely to get burned as a result. If you have yet to watch the Showtime documentary Zero Days, I strongly advise you to make the time. Zero Days discusses the U.S.-led “Stuxnet” attack against the Iranian Nuclear facilities during the Obama administration. Towards the end of the documentary, it presents the current international cyber realm as being “the Wild West” with no Geneva Conventions to rule the field or garner fair play. It’s a very dangerous situation, which is getting far worse the more and more our society grows dependent on technology and electricity to provide every life-sustaining function like access to food and clean water.
Pushing and shoving on the schoolyard is always going to happen as countries jockey for position and power within the international community. Secret, backdoor, and state-sponsored cyber operations have been happening ever since Al Gore first “invented” the internet. Everyone in the intelligence community knows what’s happening behind closed doors and everyone winks and nods about secret cyber operations. In the past year, the pushing and shoving has drastically increased. So then, why has the U.S. suddenly decided to take off the gloves and start throwing haymakers out in full view of the public? I don’t understand the reasoning behind this new offensive cyber strategy that the Trump administration implemented last year. I am a strong proponent of Teddy Roosevelt’s “walk softly but carry a big stick” and Regan’s “peace through strength” strategies, but you have to be standing in a position of strength to implement it. America might carry a really big, offensive stick, but we also have a very soft and woefully unprotected underbelly: the North American electric grid.
Which finally brings me to the July 12 congressional cybersecurity hearing on The Hill (you can watch it here). While the right-leaning news outlets will report rosy outcomes from the hearing on how all the politicians are now going to suddenly work together on the problem (excuse me if I don’t hold my breath), and the left-leaning outlets are clearly placing the fault at the feet of our current president even though this is a storm that’s been brewing for a decade or more. While it pains me to link to the New York Times, Mother Jones, and Politico as reliable sources of information, on the subject of cybersecurity, the left is clearly reporting the threat more accurately than the right. You just need to slog through the anti-Trump rhetoric to get to the nuts and bolts of the articles. Over the years, Big Tech and major corporations have dove head-first into cybersecurity and spent hundreds of millions of dollars in protecting their intellectual property from cyber intrusion and cyber theft. The public utilities, however, are made up of hundreds of electric companies of varying size and different levels of access to financial resources; a lot of the small rural utility companies can’t afford the massive investments needed in cyber-security.
NERC: a giant self-licking ice cream cone
Instead of confronting the cyber threat head-on and fixing the problem, the electric utilities’ self-governing authority, the North American Electric Reliability Corporation (NERC), has not tackled cost recovery to pay for more infrastructure improvements or increased security. NERC would rather hide the massive cybersecurity slip-ups happening in the industry and pretend they don’t exist. While the Wizard of NERC is insisting that nobody look behind the emerald curtain, cyber experts, regulators, and oversight boards have been warning about cyber intrusion and potential cyberattacks against the North American electric grid for decades and literally nothing is being done (or at least nothing of merit in relation on a scale to fix the problem).
If a bunch of the high voltage transformers in this country were critically damaged, it would be months or years before we’d receive replacement transformers. In the case of an EMP attack or massive solar flare that destroys large swaths of the electric grid, a congressional commission report estimates as many as 90% of the population would die as a result of starvation, disease, and the violence of living in a country with no rule of law. The government and military can’t feed 350 million people spread out over a massive landmass like North America without electricity and interstate trucking. It can’t happen. In the case of a cyberattack, it really depends on the attacker’s desire. We’ve seen numerous instances of foreign utility companies being shut down or held for financial ransom. Typically, this is done as a shot across the bow and designed to send a message, or the utility network is held for ransom for financial gain. As of yet, we haven’t seen a competent attacker try and actually destroy the unprotected SCADA (Supervisory Control and Data Acquisition) equipment that makes up such a critical part of any electric grid. If an attacker actually destroyed physical equipment, which we know is possible and is currently the first-strike war doctrine for every one of America’s adversaries, the U.S. could be without power for weeks or months while repairs are made. Millions of people would likely die in a national, long-term grid-down event.
Sadly, like 9/11, it might just take a horrific catastrophe and countless dead Americans before our government takes cyber protection and hardening of our electric grid seriously. During my recent participation as a member of the Electromagnetic Defense Task Force at the Lemay Wargaming Center where we were instructed to wargame a national grid-down event, I heard someone refer to NERC as, “a giant self-licking ice cream cone” and I couldn’t imagine a more fitting description. Even with Federal Energy Regulatory Commission (FERC) oversight, our government does not have any direct regulatory authority over how the electric utilities maintain the security and protection of our nation’s critical infrastructure, they can only make recommendations to NERC. Through NERC, the industry supposedly self-regulates itself and the individual electric companies are required to “self-report” if there has been a cyber intrusion into their network or if they have made any security errors. That self-reporting typically results in fines, and sometimes those fines are in the millions of dollars. Somehow, we are expected to believe and trust that all these companies – about 1500 of them – are just turning themselves in and never hiding any security lapses or cybersecurity shortfalls.
The problem with that trust is when NERC and FERC refuse to be honest, upfront, and release the names of the companies who are breaking Critical Infrastructure Protection (CIP) Standards, possibly cooperating with foreign cyber hackers, and receiving handshake penalties for unspecified offenses. Since FOIA requests to FERC are being refused, there is no way to know if the self-regulating agency is actually self-regulating its own industry or not. NERC is evenwilling to peddle discredited and junk science to persuade the uninformed and offer wavering politicians political cover for their inaction. These dishonest reports claim there isn’t even a threat to the grid and there is little to no risk. The reports they peddle as science are written by their own lobbyists and paid for by the electric industry themselves. They are no more reliable than the cigarette industry reports in the 1950s that insisted the science showed no link between cigarettes and cancer. We are required to take NERC’s assurance they are keeping us safe on blind faith and ignore all the other lies and misinformation they peddle in the name of self-regulation. A self-licking ice cream cone indeed.
Fix the broken regulation of the electric grid
In my opinion, now is the time that the government needs to step in, label the electric grid “Mission Critical Infrastructure,” harden our electric grid against EMP, GMD’s, and officially regulate the cybersecurity aspects of the electric utility industry. Now, I’m not a raving socialist that wants to take over massive swaths of private industry for the government to control how they operate and how the industry’s money is distributed. I could care less about how much the CEO of Con Edison makes each year, but we MUST have a government department with the regulatory authority to insist certain base-level security measures are implemented and enforced. This is a national security issue. The government currently regulates what we can watch and listen to through the FCC. The government regulates automobile design standards. The government regulates the banking industry (that one is debatable). Why is it that the single most important industry – electricity – that is critical to provide every aspect of human life in the 21st century is left completely unprotected and unregulated?
Did you know that 99% of our military is entirely reliant on the civilian electric grid? That’s right, if the grid comes down, military bases only have enough backup power to function for 24-48 hours. No one is coming to help you, install martial law, or quell the ensuing rioting. Unlike the portrayal in most post-apocalyptic Hollywood movies, the government and military can’t help you, feed you, or save you without access to electricity. They reside in the same sinking ship that you are in. One week without electricity and it will be every man for himself and survival of the fittest, with the populace fighting over every last scrap of rotten food at the local grocery store. Without a functioning electric grid, you have no interstate trucking, no internet, no communication networks, no banks or access to money, no food distribution networks, no water and sewer facilities. Without electricity, millions will die within the first few weeks. That is not fearmongering or hyperbole, that is a reality.
So let me bring the ship into port. Did the United States really attack Venezuela and destroy its electric grid with a directed energy EMP weapon? Who cares! What are the optics? We know what the U.S. media sources are reporting. What does the international community believe and what are they reporting about the incident? How will foreign public opinion change in the future as we continue to flaunt our Offensive Cyber Warfare capabilities and continue attacking our adversaries in the bright light of day? Remember we do this as we foolishly [insanely] have our soft underbelly exposed by refusing to harden our electric grid and hold NERC accountable to provide the truth behind the cybersecurity of our electric grid. Does anyone else see a major problem here? Does no one else see the existential threat that our country faces right now as we escalate tensions with Iran, the fourth largest cyber army in the world, the one that’s been infiltrating our electric grid for a decade?
Does no one care that hundreds of millions of Americans will likely die if one of our enemies destroy our old and decrepit electric grid? We are openly using cyberattacks to go after and destroy Iranian infrastructure and embed ourselves into the Russian electric grid. Is it that far fetched to believe an adversary, if pushed too far, might decide to use the same cyber warfare tactics against us in retaliation? I realize there are no rules of engagement on the battlefield inside the electromagnetic spectrum, but the United States should be leading the way in establishing agreements and partnerships on how the international community conducts themselves in cyberspace. Instead, we are potentially leading the way into an all-out cyberwar. How can America claim the moral high ground if we are currently utilizing the exact same tactics we would decry another country using against us? Because we are the good guys? By embracing overt cyber warfare, we’ve opened Pandora’s box. By leaking that we’ve cyberattacked the Russians, we are poking the bear. I certainly hope that some adult in the room will soon step out onto the playground, grab the instigators by their ears, and sort this mess out. I’m not holding my breath though.
As always, “Prepare for the Worst, Hope for the Best, and let God do the rest…”
Jonathan Hollerman is a former USAF S.E.R.E. Instructor (Survival, Evasion, Resistance, and Escape) and a foremost expert in survival and preparedness. He is the author of the #1 Bestseller, Survival Theory: A Preparedness Guide and three other top ten best-selling books on preparedness. Jonathan also owns and operates Grid Down Consulting, where he offers his services as an Emergency Preparedness Consultant specializing in “Survival Retreat Design.” You can purchase Jonathan Hollerman’s books on Amazon.