By John Shkor
September 19, 2018 at 5:00 am ET
The dot-com bubble of 2001 and the 2008 financial crash of the housing market brought the term “black swan” into common usage and taught us to pay attention to nominally unforeseeable events with potentially catastrophic consequences.
Today, warnings that the nation’s electrical grid is being hacked by hostile entities tell us that wholesale disruption of our electricity supply may be the next black swan.
We think of our electrical system as steady and reliable and take for granted that it will always be there. But it isn’t. Recent estimates of annual losses due to electrical outages range from $79 billion to more than $200 billion per year. Most are caused by localized weather events. That suggests an element of frailty rather than reliability and resilience.
We are beginning to see the grid as a single point of failure that cuts across every aspect of our economy. Experience shows that the economic, human health and public safety consequences of a major, large-scale shutdown of the grid could impact every company, corporation, organization and home in America.
Even a modest attack on the grid will severely affect businesses and people over a wide geographic area. A detailed 2015 report by Lloyd’s of London and the University of Cambridge posited a cyberattack on a number of generators in the Northeast. They estimated the impact on the U.S. economy from the resulting 15-state blackout at $243 billion, with a potential to exceed $1 trillion.
These numbers should cause alarm from Washington to Wall Street.
This presents a classic asymmetric warfare opportunity to our enemies — an ability to impose massive economic damage at minimal cost and risk. We should not believe that the threat of retaliation by the United States is a sufficient deterrent against cyberattacks. Because the identity of an attacker can be masked or obfuscated, the risk of retaliation is minimized and, in the case of non-state actors, deterrence goes to zero. This could make the game worth the candle in some quarters.
Our enemies already see this vulnerability, as confirmed by a stream of reports from the intelligence community about cyber-intrusions emanating from Russia, China and North Korea. — not just attacks on the gates, but successful intrusions into electrical control systems. Unfortunately, our agencies seemed to have inherited the curse of Cassandra — an ability to see the future, but not to be taken seriously.
The Department of Defense, thankfully, is taking this threat seriously and has established the U.S. Cyber Command, whose responsibilities include protecting the domestic electric grid from cyberattacks in certain circumstances.
At the same time, the Defense Department is installing generators, microgrids and other equipment to make its U.S. facilities energy self-sufficient “islands,” so they can continue to operate even if grid-supplied electricity disappears for months. This approach reflects a hard-eyed conclusion that, even with Cyber Command protection, the U.S. electric grid is not sufficiently hardened or protected to be relied upon for essential military activities.
As a nation, we have yet to mount an effective response to this foreseeable threat, and it is reasonable to be asking why and demanding more.
The financial and insurance industries, who have a lot to lose, should certainly be clamoring for tangible action. The last black swan of 2008 caused banks and investment houses to fail, required government bailout action and triggered the recession from which we are only now emerging. The overall damage to the economy and the loss of personal wealth from that event are estimated by the Government Accountability Office at more than $22 trillion.
Congress and some federal agencies are endeavoring to make progress, and the leaders in electric generation and distribution are working to make the grid more secure and resilient, but they need prodding and support.
Just as “war is too important to leave to the generals,” ensuring that our electricity supply is protected is too important to leave to the utility industry and government officials alone. We need the leadership and commitment of those in business, industry and finance. Corporate boards must understand the costs and risks resulting from grid vulnerability. Executives in technology, finance, insurance and manufacturing should be engaging Congress and the administration to insist that the nation’s electric generation and distribution systems be made more secure.
At bottom, the electricity-driven economy of the United States is as essential to our national security as the ships, airplanes and soldiers of our military establishment. It is unacceptable to leave in place a known existential vulnerability by failing to adequately protect the electric grid.
We must pay attention to black swans — whatever form they take — for we unquestionably ignore them at our peril. The good news is that we can see this black swan coming, but it is good news only if we pay attention and act now.
John E. Shkor is a retired U.S. Coast Guard vice admiral, having served as Atlantic area commander and twice as chief counsel of the Coast Guard, and he also served as the chief operating officer for the Transportation Security Administration following 9/11 and now serves on the board of directors of Protect Our Power, a not-for-profit organization whose mission is to strengthen the security and resilience of the U.S. electric grid.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.