NEW YORK — The internet is a "weapon of mass destruction," renowned newsman Ted Koppel said at the International Conference on Cyber Security here this week.
Speaking on a panel that included former National Security Agency director Gen. Keith Alexander and government cybersecurity experts from the United Kingdom and Israel, Koppel stressed that the North American electrical grid was vulnerable to cyberattack, a topic he investigates at length in his book "Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath."
"A cyberattack on our infrastructure is a greater threat than nuclear war, because it is more likely," Koppel said. "Attackers have penetrated our power grid and could take it down at a moment's notice."
"The countries that could do so are China and the Soviet Union," Koppel said, apparently referring to modern-day Russia. "Those that have the most capability are the least likely to do it, but those most likely to do it," whom Koppel identified as non-state actors such as ISIS or hacktivist groups, "are increasing their capability."
"This threat cannot be stopped by a wall at the southern border, or by deporting people that we consider threats," he said in an oblique reference to Republican presidential nominee Donald Trump's major homeland-security proposals.
Wait for the blackout
In fact, many information-security experts consider the electric industry to be one of the more robust sectors of the economy in terms of protecting its network. That view was reiterated here today (July 28) by Alejandro Mayorkas, the deputy secretary of the Department of Homeland Security, and Manny Cancel, chief information officer of New York's primary electric company, Consolidated Edison. (Mayorkas told Tom's Guide that he hadn't read Koppel's book.)
Nevertheless, Koppel cited the 2003 Northeast blackout as an example of what could happen in a cyberattack targeting the power grid. Even though the ultimate trigger for the blackout was a tree limb falling on a power line near Cleveland, it was aided by a computer failure at the local power company.
"The tree branch downing the line caused a race condition in the software, which put a transformer offline," former NSA chief Alexander explained. "The fact that it was a software problem shows that a cyberattack doing the same thing is possible."
"Can it be stopped?" Alexander wondered. "Not right now, because government agencies can't see the problems" in the networks of the roughly 3,200 power companies in the United States and Canada.
But, Alexander added, he hoped the Cyber Intelligence Sharing Act, passed last December and currently being implemented, would soon result in greater information flowing between private companies and the government.
The conversation turned to the hacking of the Democratic National Committee's servers, apparently by Russia, and the subsequent dumping of thousands of embarrassing DNC email messages on the internet by WikiLeaks.
"We are now confronting the possibility that a major power is using a cyber hack to influence the future of the United States," Koppel said. (The panel discussion took place Tuesday, the day before Trump appealed to Russia to "find" the missing email messages from Democratic nominee Hillary Clinton's private mail server.)
"When the media is as open as it is, is it possible to prevent this kind of meddling in internal affairs?" Koppel asked Alexander.
"Where we are today, it's not possible to prevent," Alexander replied. "The ability of foreign attackers to attack us and influence us is too easy. The internet is a way to attack us. Nation-states can use it to make events happen."
The four panelists agreed that the situation was only getting worse.
"I fear that in a year's time we will not be talking about the DNC hack," said Steve Hill, political counselor to the United Kingdom's mission to the United Nations. "Something worse will have happened."
"Trust me: A nation-state with nation-state tools can take down any industry," Alexander said. "Period."
Asked by Tom's Guide why the electric industry's own umbrella association, the North American Electric Reliability Corporation, couldn't spur the industry to make quicker progress in bolstering its network security, Koppel had a blunt answer.
"Because the industry doesn't want to," he said. "When the energy industry was deregulated 20 years ago, it was done because it made for better efficiency from a business standpoint. No one thought about protecting its networks.
"When the internet was created," Koppel added, "it was meant to be a fabulous tool by which people all over the world could share information. No one thought it could come under attack. No one thought it would be used by one country to attack another."