lolloj - Fotolia
“We are our own worst enemies,” he told Intel Security’s annual Focus conference in Las Vegas, saying that despite the risk of a cyber attack blackout, the US is unprepared for the consequences.
The most pressing consequences would be the lack of food and a migrant domestic refugee population of people going in search of it.
Koppel said when he asked the secretary of homeland security Jeh Johnson what the government has done specifically to prepare for an attack on the power grid, he kept giving answers appropriate for every natural disaster that a country could confront.
But Koppel said the loss of the power grid is different because there is an “agent of evil” that can manipulate what is happening and can keep it going with catastrophic effect.
“When I asked if there was a plan, he pointed to a shelf full of files and said he was sure there was a plan up there somewhere,” said Koppel, adding that he took this to mean that there is no plan.
“This is a new kind of warfare, and the problem of escalation can happen very quickly and can get out of control very quickly.
“If ever there was a subject in an intelligent democracy that needs public discussion, where we need to raise public awareness, I think this is it,” he said.
Question of attribution
While Koppel believes that cyber attacks by powerful nation states are unlikely because of fears of reprisals, he is concerned about countries and interest groups.
“The Russians and Chinese are inside our power grids, but we are inside theirs, and anything they can do to us, we can pretty much do to them,” he said.
“An attack that takes out the power grid would be an act of war, so it is unlikely to happen, but it can and almost surely will because while it is not in the interest of the Russians and Chinese to go to war with the US, but less so when you start talking about Iran, North Korea, Syria and Islamic State.”
According to the NSA, said Koppel, IS could in the next two to three years have the capability of launching a cyber attack on the US power grid.
“If any of you has any doubt whatsoever that Islamic State would do it if they could, get rid of that doubt. So there you have the danger, and what enhances that danger is the question of attribution,” he said.
“There has never before been a style of warfare in which the question of attribution has been more fraught, more complex or more ambiguous.
“If you think it was the Russians, but you can’t know for sure, do you respond? We have the capability, but if you respond either the target will be so intimidated that they never do it again, or, more likely, they escalate it and hit you harder,” he said.
US ‘most vulnerable nation’ in the world
If that is not bad enough, Koppel added that the US is probably the most vulnerable nation to cyber attack in the world because it is probably the most dependent nation in the world on the internet.
Part of the reason that governments and countries are not as well prepared for cyber attack as they could be, he said, is that when information security professionals ask for budget, they are unable to say for certain that the investment will guarantee safety from attack.
“The fact is the best cyber security in the world may not work because the attackers have only got to succeed in getting in once,” said Koppel.
“In the US, there are 3,200 companies that support the power grid, and while the biggest of these will have the best security, the smallest do not and represent attack surfaces that may just allow attackers to get into the systems that will enable them to take down the power grid.
“All the power officials I have spoken to concede that it is a possibility, but claim it is not very likely because the power grid is much more resilient than they think I realise.
“I hope that is true, but many of the US intelligence agencies are not convinced, and I suspect many power industry officials would rather risk cyber attack than come under government control,” he said.
In conclusion, Koppel said while there is no harm done by being prepared whatever happens, he reiterated that a failure to prepare for cyber attack could have catastrophic consequences.
Read more about cyber war
- Terror groups are more likely than nation states to unleash cyber weapons and critical infrastructure is the most likely target, warns Kaspersky Lab chief
- There is a lot of “fog” surrounding cyber weapons and cyber war because there is no way of knowing the true capability of any country, says security expert Mikko Hypponen.
- Countries are not attacking each other but striking at the IT infrastructure of enterprises in rival states, says security pundit Bruce Schneier.
- Armed forces minister Nick Harvey has revealed the UK is working on a cyber-weapon programme with offensive capabilities to counter cyber warfare threats to national security.