Our electrical grid is in danger – threatened by cyber attacks, solar storms, earthquakes, and more.
If the grid is damaged or disabled, society will suffer greatly. Helena is working to shield it.
Our electrical grid is in danger – threatened by cyber attacks, solar storms, earthquakes, and more.
If the grid is damaged or disabled, society will suffer greatly. Helena is working to shield it.
Explore the Members, experts, and locations of Shield.
Problems and Solutions
Without electricity, our way of life is untenable. We rely on an uninterrupted supply of power to bring food to our supermarkets, water into our homes, and prosperity to our citizens. Even minor blackouts, like that of the Atlanta airport in December 2017, cause severe disruption. Yet the critical electric infrastructure we depend on to sustain our society has been built for efficiency, not for resilience. It is fragile.
Our electrical grid is constantly threatened by cyberattacks and hurricanes, solar storms and terrorist strikes, electromagnetic pulses, and earthquakes. And the odds are not in our favor. Each decade, we face a one in ten chance of losing much of our grid to a solar storm – a burst of radiation from the sun that would affect the Earth’s atmosphere and compromise our power grid.
In fact, Lloyd’s of London concluded that such a storm is so likely, and its effects so devastating, that it refuses to offer insurance against one. The entire grid can be shut down by destroying just nine critical transformer substations, like the one crippled in minutes by a team of armed attackers near San Jose, California in 2013.
ABOVE: CORONAL MASS EJECTIONS (SOLAR STORMS) CAPTURED IN RENDERINGS BY NASA
It is only a matter of time until one of these events – manmade or natural – triggers a catastrophic blackout on the mainland United States. Experts estimate it would result in the loss of trillions of dollars in economic value and millions of American lives – many times greater than the losses from Hurricanes Harvey, Sandy, and Katrina combined. And with no outside force to rescue us, a country-wide blackout could last more than a year and would be next to impossible to recover from.
This tragedy is preventable. We know how to defend our electrical infrastructure, and we can afford to do so. More intelligent federal resiliency standards, a greater density of micro-grids, and individual state action to harden infrastructure would offer enough protection to turn an existential catastrophe into a minor disaster. In a sweeping blackout, the difference between 30% electrical coverage and 0% could prove the difference between civilization and none.
We have sat on this knowledge for years without acting. Our government first learned of the threat from electromagnetic pulses in the 1960s. In 1989, a small solar storm left millions of people without power in Quebec. In the Ukraine, cyberattacks have cut the power to hundreds of thousands of homes twice since 2015. To this day, Hurricane Maria is showing how difficult it can be to restore electricity after a massive outage, even to a small and contained area.
It often takes tragedy to catalyze change. If we wait until after a cyberattack, solar storm, or earthquake has plunged part of our nation into chaos and destruction, it will be too late to act. We cannot afford such complacency now.
That is why Helena is working with public and private sector actors to support fundraising, educational, and operational efforts to secure the United States’ electrical grid against the threat of prolonged blackout.
As of July 2018, Helena’s educational efforts have successfully resulted in the drafting, introduction, and passage in the California State Senate of two bills designed to protect the electrical grid – SJR 20 and SB 1076.
As a people, we rely on a handful of infrastructural systems for our society to function, systems that are integral to our way of life. Our agricultural system, for example, or our transportation and communications systems. Together, they comprise our country’s “critical infrastructure,” which The Patriot Act in 2001 defined as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” The official list of the different systems that make up our critical infrastructure was most recently compiled in 2013 as part of the National Infrastructure Protection Plan. Sixteen sectors were identified:
These were chosen based on the criterion that if any one of them were to be significantly disrupted, the societal consequences would be both severe and pandemic.
But what if they were all to collapse? If the failure of just one would lead to almost irreparable societal harm, what would the failure of all sixteen lead to? It is a scenario that is unsettlingly possible, because each one of those systems is critically and immutably reliant on one thing: electricity. Telecommunications satellites and law enforcement; sewage and refrigerators; gas pumps, banks, production factories; hospitals. Without power, they all fail – in 2011, the Fukushima Nuclear Power Plant melted down because there was no power to cool the reactors after tsunamis disabled the area’s electrical grid. No running water or complex food production. No internet or credit cards. No advanced medical care or ambulances. Cars and trucks would be useless in days. Cell phones would be fragile paperweights; computers would be typewriters with two-hour lifespans and no printing capabilities. Almost overnight, our society would be transported back to the early 1800’s.
Electricity is arguably our civilization’s most important asset, and an extensive, reliable, and resilient electrical grid is vital to our country’s continued prosperity. However, although the extent and reliability of the national grid have been steadily increasing, its resiliency has not. The grid is, at present, highly vulnerable to a host of potential threats from a variety of sources, from cyberwarfare to solar flares, from ballistic EMP devices to inclement weather.
The Failure of Grid Transformers: What Happens and Why It Matters
A main vulnerability of the national electrical grid stems from its reliance on Extra-High Voltage (EHV) transformers to get electricity from producers (power stations) to consumers.
In its lifecycle, electrical current usually must pass through EHV transformers at two specific points: the first is at the point of production, where Generator Step-Up Transformers increase the voltage of electricity so that it can be transmitted long distances; and the second is at the point of distribution, where Substation Step-Down Transformers decrease the voltage of electricity so that it can be distributed and used by consumers.
The transformers at both of these nodes are critical, since without them the power produced would be either intransmissible or undistributable—either way rendering it inconsumable. The Department of Homeland Security (DHS) estimates that 90% of the country’s consumed power passes through an EHV transformer at one or both of these nodes.
If a transformer fails, the national grid is designed to compensate for it—its electrical load is rerouted to adjacent transformers until the failed transformer can be reactivated. This interconnectedness, however, has a potential drawback: when a transformer shuts down and its power is reallocated, the same amount of current is then flowing through fewer transformers, amplifying the strain on those transformers and increasing the likelihood that they, too, overload and fail. This can have a domino effect, called a cascading power failure.
Consequently, just a few malfunctioning transformers can have repercussions that extend exponentially over large geographical areas. The Northeast Blackout of 2003, for example, which affected over fifty million people in the northeast United States and Canada, was the result of a cascading power failure that started with the disruption of three power lines in Ohio – allegedly due contact with tree branches.
According to a study by the Federal Energy Regulatory Commission, taking down just 9 of the most critical transformer substations could lead to a cascade of shutdowns that would disable the entire electrical grid of the United States.
The average age of installed transformers is almost forty years old, and replacing them – particularly in the event of a blackout where large numbers were damaged – would be immensely difficult, if not impossible. They weigh anywhere from 100 to 400 tons (20,000 to 80,000 pounds), have production costs in the millions of dollars (the large quantities of copper and electrical steel alone account for more than half of this), and, because many of them are unique in their design, must be custom-built substation by substation.
And the manufacturing of transformers is rarely done domestically; although the United States’s domestic production capacity is increasing, it still must import the vast majority of its EHV transformers from Germany and South Korea. Due to all of these factors, installing a new or replacement EHV transformer can require a lead time of more than twenty months.
The national grid employs over 2000 EHV transformers, and they are connected to 6000 power plants, 390,000 miles of transmission lines, and 200,000 miles of high-voltage lines in an expansive, intricate web. All told, the asset value in the North American electrical grid is more than $1T.
As technology has developed, the national electrical grid has become increasingly interconnected and automated. (And with the ongoing development of the Smart Grid—an initiative to overlay the existing grid with computing and communications systems in order to automate grid monitoring, routing, and allocating—this trend will only increase.) While this is beneficial in many ways, an increase in automation means an increase in cyberwarfare susceptibility.
Cyberattacks present the threat of both short- and long-term grid failure. To cause failure in the short-term, a cyberattack can deactivate a portion of the grid remotely without physical damage; in this scenario, power can generally be restored relatively quickly, but the financial damages are still significant. Ukraine was hit by a cyberattack in 2017—called the NotPetya attack—that affected government, financial, and energy institutions and resulted in damages in the hundreds of millions of dollars.
In a more domestic example, Lloyd’s of London and the University of Cambridge’s Centre for Risk Studies issued a report called “Business Blackout” in 2015 that imagined a scenario in which a coordinated cyberattack shut down enough substations to cause a 15-state cascading blackout in the Northeast United States. The duration of the blackout was short—days for some areas, a few weeks at the most—but the estimated losses were greater than $1T.
Since a cyberattack often results in a remote agent gaining digital control of a physical system, permanent, long-term damage to the grid can be inflicted nearly as easily. In the Aurora Generator Test in 2007, the Idaho National Laboratory used two lines of code to de-synchronize a power generator’s circuit breaker operations. Less than three minutes later, the generator exploded due to the stress caused by the unsynchronized breakers.
The US-Israeli Stuxnet worm, deployed to hinder Iran’s nuclear development and discovered in 2010, destroyed almost 1000 uranium-enriching centrifuges while at the same time disguising its existence by giving false readings on the Iranian technicians’ control panels. In Ukraine two years before the NotPetya attack, hackers remotely took controlof three power distribution centers, shutting down almost sixty substations and the power to 230,000 people.
The fact that the hackers deactivated but did not destroy the substations influenced some analysts to conclude that the intention of the attack was to send a message rather than to inflict harm, since once the hackers had control of the power centers, it would have been relatively simple for them to overload and permanently cripple the substations instead of simply switching them off.
Cyberattacks are particularly troubling because they represent asymmetric threats that are difficult both to predict before they occur, and to trace after. The attack on Ukraine in 2015, for example, has still not been definitively attributed (though it is widely believed that it was of Russian origin, due to tensions over Crimea). Actors can work alone or in coordinated teams, from locations concentrated or disparate, under the banner of a nation, an organization, a cause, or no banner at all.
Natural Weather Events and Their Effect on the Grid
Natural disasters pose as much of a threat to the United States’s electrical infrastructure as they do to its physical one. After Hurricane Maria struck Puerto Rico in September of 2017, the damage to the territory’s electrical system was so extensive that the territory requested $17B in aid solely for grid repairs. By June of 2018, more than eight months later, the territory was still two months away from full power restoration, and even the areas that did have power remained vulnerable to intermittent rolling blackouts. In that time, according to a study conducted by researchers at the Harvard T.H. Chan School of Public Health, more than 4,645 people died due to a lack of food, water, and medical care. (The official death count for the storm is just 64.)
Even normal weather conditions can have far-reaching consequences. The Northeast Blackout of 2003—the second biggest blackout in history, affecting over fifty million people in the northeast United States and Canada—was the result of a cascading power failure that had its genesis when a few power lines in Ohio, overburdened with both snow and electrical load, sagged into tree branches and short-circuited. The Wall Street Journal estimated that between 2011 and 2014, there were more than seven hundred instances of “weather-related” damage to electrical infrastructure.
Coronal Mass Ejections (CME)
The sun, with great regularity, launches bursts of magnetized plasma from its surface. These bursts are called coronal mass ejections (CMEs), or solar storms. Because they are shot indiscriminately, they occasionally strike Earth. Most of these collisions are relatively benign—their only noticeable effects are the beautiful borealis or australis aurorae near Earth’s magnetic poles—but massive CMEs are occasionally released as well. If a massive CME were to hit our atmosphere, the effect would be almost identical to the detonation of a massive high-altitude nuclear electro-magnetic pulse: current would flood the country’s transmission lines and destroy much of its electrical infrastructure.
There is historical precedent for this. In 1859, a solar superstorm—later called the Carrington Event—struck Earth. It overloaded the North American and European telegraph systems and saturated the air with enough current that messages could be sent without connection to a power source. In 1989, the entire Canadian Province of Quebec lost power due to a much smaller (but still significant) solar storm. In 2012, a CME at least as large as the Carrington Event missed Earth by astronomical inches.
Once the sun releases a CME in Earth’s direction, there is nothing that can be done to block or divert it, so, we are constantly playing a society-wide game of chance that the next massive CME doesn’t happen to fly in our direction. Lloyds of London, an insurer, issued a report
Refusing to insure against solar superstorm impact because the insurer determined the likelihood of that eventuality too high, and the risk too great. (It estimated the initial damages to infrastructure to be roughly $2T, and that was without accounting for the second order effects of disruption to business, communication, and other basic societal functions.) Physicist Pete Riley of Predictive Sciences Inc., in a paper published in Space Weather in 2014, estimated that there is an approximately twelve percent chance of a Carrington-level solar storm striking in the next ten years. And the simplest statistic—and the most widely-disseminated one—is that a solar superstorm should hit Earth roughly every 150 years. (The Carrington Event, unnervingly, was 159 years ago.) The threat, inarguably, is existential.
In 2013, a small team of terrorists crouched in the hills around the Metcalf substation just outside San Jose, California and fired their AK-47 assault rifles through the chain-link fence at the transformers inside. They crippled seventeen transformers in nineteen minutes and were never apprehended. In 2016, a fifty-seven year-old man fired four bullets into the radiator of a transformer at the Buckskin substation in Utah; the transformer soon overheated and failed. Although the damage inflicted from both of these attacks was eventually reparable, the success and relative ease of the attacks themselves demonstrated how vulnerable so many of the grid’s individual infrastructural pieces are to simple, crude acts of terrorism.
As was mentioned earlier, the grid was designed to withstand isolated transformer failures (neither of the two incidents above resulted in any noticeable difference to consumers). However, the extent of the grid’s vulnerability becomes evident when the number of incapacitated transformers grows. This is because there exists some tipping point—a critical number of inoperable transformers—where the rerouted electrical load would suddenly become too much for the remaining, functional ones to bear. That critical number is up for debate (and obviously depends on which transformers go down, since not all substations are equally load-bearing), but, according to an internal study by the FERC, the number could be as low as the number of transformers in just nine substations. (That is to say, there exists a certain combination of nine substations that, if sabotaged, could cause a complete grid collapse.) Thus even a small, fledgling terrorist organization is theoretically capable of executing a devastatingly asymmetric attack: it would need coordinate just nine attacks similar to the one on Metcalf to potentially collapse the entire national grid.
What EMPs Are and How They Work
An EMP is a surge of electromagnetic energy that can overload electronic equipment, disrupting or even destroying the equipment depending on the intensity and frequency of the surge. EMP weapons have been in various stages of development and testing since the 1960’s, and high-altitude nuclear EMP weapons (HEMPs) probably represent the most comprehensively-destructive threat to the national electrical grid.
Weaponized EMPs can be nuclear or non-nuclear. Nuclear EMP (NEMP) produces gamma ray energy and has three components: E1, E2, and E3. E1 is fast-acting and intense (it is over in 1000 nanoseconds), with a relatively small pulse radius (small enough, in fact, that the effect of E1 from a surface blast is generally lost since the physical blast from the nuclear warhead probably incinerated almost everything E1 would affect); E2 is a little slower and acts like lightning (and is therefore largely protected against); E3 is the slowest but potentially farthest-reaching, and it can induce power surges that travel along transmission lines and overload transformers.
Non-nuclear EMP weapons (NNEMP), or radio-frequency weapons, do not produce gamma ray energy and have much smaller pulse radii and energy capacities, but they are a much more ubiquitous threat. They are easier to acquire, easier to transport, and easier to launch, and can therefore come from a much wider variety of sources than NEMP, and to small, precise targets, they can be just as devastating.
The most efficient way to attack the national electrical grid would be with a high-altitude EMP (an HEMP); a nuclear warhead detonated a few hundred kilometers above the Earth’s surface, in low Earth orbit. At that height, the gamma radiation released from the detonation would become trapped in the Earth’s magnetic field and would create an oscillating electrical current that would sweep out in an expansive circle many times greater than the blast radius. A blast 400km above Kansas, for example, would emit a pulse that would cover the entire continental United States. That height is commonly reached by rockets; the International Space Station, for example, floats in low Earth orbit.
EMP is unique among all the threats to the grid in its destructive capacity. This is because the E1 component from an HEMP – as distinct from the purely E3 component released by a coronal mass ejection from the sun – would damage small electrical items rather than large, infrastructure-scale electric wiring. This means an HEMP would disable most electronic devices – from smartphones and laptops to cars and radios, unleashing colossal societal damage.
The EMP Commission, first established in 2000 and then re-established in 2016, has repeatedly emphasized both how existential the EMP threat is, and how catastrophic its impact would be. (In the last five years alone, North Korea has launched two separate satellites into low Earth orbit on almost the exact trajectory to maximize the pulse radius of an HEMP blast.) In a famous statistic from its 2008 Report, it estimated that up to 90% of the US population would die as a result of the societal collapse that would occur from a year-long national blackout.
Further Information on the Smart Grid Program
The Smart Grid program—proposed in Title XIII of the Energy Independence and Security Act (EISA) of 2007—was first implemented after the Recovery Act of 2009 issued $4.5B to the U.S. Department of Energy in order to modernize the electrical grid.
The Smart Grid website defines its idea of a “smart” grid as one that “allows for two-way communication between the utility and its customers,” and specifies that “the sensing along the transmission lines is what makes a grid smart. Like the Internet, the Smart Grid will consist of controls, computers, automation, and new technologies and equipment working together, but in this case, these technologies will work with the electrical grid to respond digitally to our quickly changing electric demand.” The goal is that, by overlaying these communication channels onto the power grid, the existing infrastructure and resources will be used more efficiently and overloaded less frequently, leading to fewer power disturbances and lower costs, as well as more efficient responses when disturbances do occur. Other power sources—wind or solar, for example—can be connected more efficiently as well.
By automating more of the monitoring, analysis, control, and communication in the electrical delivery system, the Smart Grid hopes to give consumers far more information—and therefore far more control—of their individual power use.
The NotPetya cyberattack occurred on June 27th, 2017 and primarily targeted computer systems in Ukraine, with companies in France, Germany, Italy, Poland, Russia, the United Kingdom, and the United States also hit. (Russia and, to a lesser extent, Germany were far more affected than the others.)
Petya is a form of ransomware; it isolates and encrypts the files on an infected computer, then asks the user for money to decrypt them. NotPetya is mock ransomware: it acts like Petya (except it encrypts far more files and spreads more quickly), but, although it still demands money, the money itself is not the point as the files are largely irretrievable. NotPetya was designed to be destructive to the victims rather than profitable to the engineers.
All told, the attack caused roughly $1.2B in damages. Financial institutions (including the Nationa Bank of Ukraine) appeared to be the main targets of the attack, but energy companies, metro systems, and governmental ministries were affected as well. Outside of Ukraine, damage was felt by companies in disparate fields, including advertising, pharmaceutical, construction, law, and consumer goods. The total cost to Danish shipping company Maersk alone was estimated to be north of $250M.
Although no entity has officially taken accountability for the attacks, the CIA announced in January findings that the source was the Russian military spy agency GRU, an attribution echoed in February by the British Foreign and Commonwealth Office. The attack was believed to be politically-driven, as it hit the night before Ukraine’s Constitution Day.
The Stuxnet worm, most likely created by the U.S. and Israel, was designed to sabotage the development of Iran’s nuclear program. It targeted the centrifuges in the uranium enrichment facility at Natanz, increasing the rotor speed until the centrifuge would break, while simultaneously sending signals to technicians’ computers that nothing was wrong. The worm was discovered in 2010, though it had probably been in development since 2005 and deployed in 2009.
When installed on a computer, Stuxnet would target a specific SCADA (Supervisory Control and Data Acquisition) system, and, if it located that system, would take control of the programmable logic controllers (PLCs) that controlled the centrifuges. It was malware designed for a very specific purpose; if installed on a computer without the specific SCADA system (practically any computer not associated with Natanz), the worm would lie dormant and harmless.
Stuxnet was discovered in 2010, with The New York Times attributing it to Israel and the U.S. in an article in 2012, though neither has officially confirmed its involvement. It is thought to be a part of a classified program called “Operation Olympic Games,” which was begun in the George W. Bush administration and expanded in the Barack Obama administration.
PLC and SCADA systems are very common in infrastructural computer systems, including those that power the electrical grid.
The Ukraine power grid cyberattack occurred in the afternoon of December 23rd, 2015. Hackers took over the control centers for three Ukrainian power distribution companies, remotely deactivating almost sixty substations and initiating a blackout that affected almost a quarter million people and lasted between one and six hours.
The attack was intricate and well-planned, with analysis later finding evidence of extensive preparation. The security networks had been compromised in the months prior through spear-phishing emails and the gradual harvesting of corporate account information.
In the months prior, the attackers overwrote the code for the uninterruptible power supply and wrote malicious firmware for the serial-to-Ethernet converters in multiple substations. They even coordinated a simultaneous telephony denial of service attack on the companies’ call centers to keep the blackout from being reported, giving them more time. Once the attack was initiated, they replaced the existing firmware with their prewritten malicious firmware and executed a malware program called KillDisk that deleted system files, causing computers to crash without the possibility of rebooting.
The result was complete remote control of the control centers, a temporary blackout, and substation control systems that, months after the attack, continued to have to be run manually due to the inoperability of the computer systems.
Similar to the 2017 NotPetya attack, the 2015 power grid cyberattack has no definitive perpetrators, though Russia is again suspected due to the state of Russian-Ukrainian relations at the time and the fact that the computers used to instigate it had Russian IP addresses.
The First Helena Meeting
In August 2017, Helena held a meeting in Los Angeles, California between a small group of our members. The issue of grid security was raised, and members reacted with a degree of incredulity that a threat this severe could exist in developed economies without drawing government attention and remedial regulation.
Our members agreed that it was worth investigating further whether a grid shutdown a) would cause an enormous amount of harm and disruption, b) had a non-trivial probability of occurrence, c) was within our financial and technological capabilities to prevent.
Helena began to undertake that investigation, and Shield was born.
Surveying the Experts
Shortly after the initial member meeting in August of 2017, Shield entered its research phase. Helena and a select group of our members interviewed experts from NASA, NOAA, USGS, the CIA, Stanford University, the Congressional EMP Commission, the RAND Corporation, and the United States Congress to investigate threats to the US electrical grid.
Three areas of consensus emerged from these meetings:
1) A prolonged loss of electric power due to a partial or total failure of the United States’ electrical grid would result in an extremely high magnitude of harm to American society.
2) The probability of such a prolonged loss of power is non-trivial.
3) This impending catastrophe is avoidable; it is well within our financial and technological means to prevent through simple grid hardening.
We then conducted an analysis of the current state of affairs around grid hardening in the United States. We researched and spoke with a cross-section of public, private, and nonprofit entities with varying opinions, positions, and activities related to grid security and hardening. Our aims were to investigate:
1) What other efforts to solve the problem currently existed, and whether Helena could add anything non-duplicative to those efforts, either as a partner or an independent actor.
2) Why those existing efforts had not succeeded in fixing the problem; what mistakes had been made, and how Helena could avoid making them.
3) The avenues to potential success in hardening the grid, and the relative merits and demerits of each.
During our research, four research reports stood out as being of particular significance in the field. They came from the Congressional EMP Commission, Lloyds of London, the National Academies of Sciences, and the RAND Corporation. Select reports are embedded below:
Bringing Together the Stakeholders
After the conclusion of the project’s research phase, Helena began educational outreach work with state and national legislators and agencies to secure the United States’ electrical grid against the threat of prolonged blackout. We held extensive meetings with Helena members, public regulators, private corporations, nonprofit entities, and other stakeholders to this end.
Hertzberg Drafts and Introduces Two Bills to Protect the California Electric Grid
California State Senator and Helena Member Robert Hertzberg drafted and introduced two bills into the California State Senate: SJR 20, and SB 1076.
These bills aim to secure the Californian and Federal electrical infrastructure against threats of prolonged blackout. SJR-20 expresses the acknowledgement of the California State Senate that the electrical grid is under threat – from geomagnetic storms, EMPs, and more – and “urges the President and the Congress of the United States to work together to implement grid hardening measures and to help ensure our nation’s critical electrical infrastructure is protected from threats from electromagnetic pulses and physical attacks on the infrastructure”.
California’s Office of Emergency Services (roughly analogous to CA’s version of FEMA) plans state responses to many disaster scenarios – terrorist attacks, earthquakes, etc. It does not currently issue plan for how to deal with a large-scale blackout or brownout across the electrical grid. The Federal Government has no such plan – nor do most states in the union. SB-1076 aims to change that reality by requiring “the State Emergency Plan to include preparedness recommendations to harden the critical infrastructure of electrical utilities against an electromagnetic pulse attack, geomagnetic storm event, or other potential cause of a long-term outage”.
In the coming months, Helena’s Shield will support fundraising and educational efforts encouraging legislation to secure the electrical grid in California and across the nation.
Making the National Strategy Document for the First Time
In January 2018, the Department of Defense released the 2018 National Defense Strategy document, which acknowledges threats to critical infrastructure from hostile physical and cyberattacks for the first time.
“attacks against our critical… economic infrastructure must be anticipated.”
2018 National Defense Strategy of the United States of America
Officials Express Alarm at Cyber Vulnerabilities
On July 31st, 2018 ,The Department of Homeland Security (DHS) held a National Cybersecurity Summit in New York City on July 31st. Attendees included the Vice President, the Secretaries of Energy and Homeland Security, the Commander of US Cyber Command, the directors of the FBI and NSA, and “top CEOs from the financial services, energy, information technology, and telecom sectors”.
The summit marked the kickoff of a DHS initiative to improve cybersecurity defenses across US critical infrastructure. In the wake of revelations that Russian hackers infiltrated U.S. electrical utilities last year, government officials’ statements expressed increasing concern over the vulnerability of US critical infrastructure to cyberattack.
“There is an evident need… to protect our nation’s critical infrastructure from the growing cybersecurity threat.”
Christopher C. Krebs, Under Secretary for the National Protection and Programs Directorate, U.S. Department of Homeland Security
Just days earlier, the United States Department of Defense declassified two reports relating to solar geomagnetic disturbances. The reports describe an immediate and pressing threat to critical infrastructure posed by the sun, and the insufficiency of the USA’s Federal resiliency standards. Both are embedded below:
DoD Report 1
DoD Report 2
The California State Senate
On September 11th 2018, SB-1076 was signed into law by California Governor Jerry Brown.
Introduced by Helena Member Robert Hertzberg, the bill mandates that California’s Office of Emergency Services create a plan for how to reduce the risk of geomagnetic storms, EMPs, and other threats. It was passed unanimously by the California State Senate on May 29th by 38 votes to 0, then passed unanimously in amended form by the California State Assembly 79-0, and passed again by the Senate 39-0.
SB-1076 represents a watershed moment in the fight to secure the grid, after similar bills failed in Maine, Virginia, Florida, and Texas. The unanimous support for the bill marks an acknowledgement by California’s government of the gravity of the threats to our infrastructure, and sets an example for other states to follow.
Watch Senator Hertzberg introduce the bill, and discuss his experience meeting “with the (Helena Member and) former Central Intelligence Agency Director Jim Woolsey… and whole bunch of other experts” from Helena.
“The bottom line is that we have a society where we rely on electricity for everything.”
Sen. Robert Hertzberg
It followed the unanimous adoption of SJR-20, the resolution introduced by Helena Member Robert Hertzberg, which passed the California State Senate in May 2018.
Watch the debate on SJR-20 during the California State Senate’s May 3rd, 2018 floor session.
The White House
On March 26th 2019, President Donald Trump signed a comprehensive executive order on EMPs.
In the first ever action of its kind, the order uses the executive power of the US Presidency to marshal a whole-of-government response to the full spectrum of threats posed by natural and manmade EMPs.
It mandates action by the Departments of Defense, State, Energy, Homeland Security, Commerce, and the Interior to prevent, prepare for, and mitigate the effects of electromagnetic threats to the US grid. This action spans private and public sector R&D, diplomatic deterrence, infrastructure hardening, and more.
This Executive Order represents a watershed victory for a critical cause that has seen little progress over the past 20 years. If fully implemented, it will produce meaningful advances in the security of the US electrical grid and the society it undergirds.
In an official statement, California Senate Majority Leader and Helena Member Robert Hertzberg declared:
“If we wait until after a cyberattack or solar storm has plunged part of our nation into chaos and destruction, it will be too late to act. Last year, I worked with Helena– a new type of organization dedicated to taking on urgent societal problems – to pass SJR 20, which called on the federal government to meet this urgent need to implement electrical grid hardening measures nationwide and SB 1076, which paved the way to do so in California. I am relieved, and excited, at the news of the new Executive Order to strengthen Washington’s efforts on this critical issue.”
The full text of the Executive Order is available here.
On December 20, 2019, President Donald Trump signed the National Defense Authorization Act for Fiscal Year 2020. The legislation received broad bipartisan support, with the House passing it on a vote of 377 to 48 and the Senate 86 to 8.
The Act is an important step in increasing the resiliency of the country’s electrical grid, as it implements and signs into law the provisions in the March 2019 Executive Order that called on the government to harden critical electrical infrastructure against both natural and manmade EMPs. These provisions include mandating the Department of Defense to submit a report every three months on the status of the EMP threat, mandating the National Guard to evaluate the country’s readiness in dealing with a multi-state electromagnetic pulse event by September, and mandating the Administrator of the Federal Emergency Management Agency to develop plans and procedures for dealing with such an event by June.
The full text of the NDAA is available here.