How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
CIO - Earlier this week, on Wall Street Journal This Morning, I shared my increasing concern that we aren't taking seriously the Syrian cyberattack and the possibility of a Syrian military warning shot against U.S. infrastructure.
The U.S. power grid is vulnerable, held together by little more than a prayer and bailing wire. Even if Syria doesn't strike, a broad failure is inevitable. It's therefore prudent to begin testing your short- and long-term power outage contingency plans.
Remember, a broad outage doesn't just mean failover, as it could extend to failover sites. This means your current mitigation and disaster recovery planning may be inadequate for what might end up being a near-nationwide outage.
Even if you don't buy into the Syrian cyber counterattack risk, the likelihood of a massive outage is still great enough to test your firm's ability to survive if much of the power and telecom grid suddenly fails and remains down for weeks or even months. Disaster preparedness assessments are a prudent exercise, after all, and the Japanese tsunami of 2011 showed that the U.S. isn't the only wealthy nation with fragile infrastructure issues.
Power Grid Failure Would Be Catastrophic
Massive failures typically result from a massive weather event. You don't just lose power; if the power outage goes on for a day or more, you eventually lose telecommunications, water and even gas supplies (which often fuel emergency generators). A cascading failure would cause many transformers to catastrophically fail, which is a nice way of saying "explode." Recovery time could easily move from days to months; existing transformer reserves would be inadequate, and the in-country manufacture of new transformers would paradoxically need to wait until those factories could be brought back online.
Most generating facilities - especially hydroelectric - would come back relatively quickly. If distribution is catastrophically destroyed, though, getting that power to your primary or backup sights would be problematic. You could find your in-country facilities down for the count.
Related: 10 Disaster Preparedness Questions For Cloud Service ProvidersHow-to: Plan for Disaster Recovery and Business Continuity
Corporate buildings would hardly be the only facilities affected; employees would suddenly face a world where food, water and gas supplies were unavailable for extended periods. Many would have no choice but to relocate, as extended families, to areas that were secure and had sufficient supplies.
While a downed power grid would largely leave homes intact - unlike New Orleans after Hurricane Katrina - contacting employees and their families and coordinating their movement would fail. Yes, most of today's homes use cable modems for phone service, but those must be plugged in and would be unreliable. And yes, wireless phones and cell towers would work in a power outage, offering organizations a way to deliver rally points and other critical information, but cell towers' backup power supplies only last several hours - as do the typical cell phone batteries.
Contingency plans would need to be in place before an event so everyone is more likely to emerge from it safely.
Assess Disaster Preparedness Now - And Don't Count on Help
This isn't a short-term problem. America's electrical infrastructure is in bad shape. Large-scale weather events such as Hurricane Sandy hit cellular networks and the power grid both far and wide. Groups as varied as hostile nations and anarchists are increasingly gaining the skills necessary to do significant damage.
The federal government is not willing to fund needed infrastructure upgrades. Before the U.S. starts shooting missiles at countries with strong cyberattack teams, it should harden U.S. infrastructure, but betting the government will do the smart thing has been a losing proposition of late.
All of this suggests, then, that putting major data centers near large hydroelectric sites to assure power (as Google has done) or focusing on alternative energy sources (as is the case with Apple's planned new headquarters) to assure the sites can remain operational during extended outages. You'll have to think through network transport, though; if these sites can't connect, you're still in trouble. Having failover capability in another country, such as Canada, would be advised.
Thinking strategically, the only approach that may work in countries with vulnerable infrastructure or unstable government may be an arcology. This eventual evolution of self-sustained architecture and ecology blends corporate and personal living structures, assuring that both people and equipment are safe and recognizing that an inability to protect either could result in company failure. Arcology continues to advance worldwide, but clearly they are needed most where there's a broad risk to infrastructure and/or employee safety.
In the meantime, review your disaster preparedness plans to assure they adequately address large regional or national power outages. This often makes the difference between surviving a catastrophe and becoming a statistic. If people have a plan that they know works, they're less likely to panic and do dangerous, stupid things. Don't put this off.
Rob Enderle is president and principal analyst of the Enderle Group. Previously, he was the Senior Research Fellow for Forrester Research and the Giga Information Group. Prior to that he worked for IBM and held positions in Internal Audit, Competitive Analysis, Marketing, Finance and Security. Currently, Enderle writes on emerging technology, security and Linux for a variety of publications and appears on national news TV shows that include CNBC, FOX, Bloomberg and NPR.
Read more about government in CIO's Government Drilldown.
This state transportation department uses computer science students from a local university as programming interns, and everyone is happy with the arrangement -- until one intern learns how to bring down the mainframe.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Path Selection Infographic
- Path Selection Infographic
- Hyperconvergence Infographic
- A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era
- From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs
- If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity... All Government IT White Papers
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- How to Protect Enterprise Data Yet Enable Secure Access for End Users Learn how BYOD, Big Data and the use of rogue applications and devices is putting corporate data at risk, best practices from IT...
- All Government IT Webcasts