How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
CIO - Earlier this week, on Wall Street Journal This Morning, I shared my increasing concern that we aren't taking seriously the Syrian cyberattack and the possibility of a Syrian military warning shot against U.S. infrastructure.
The U.S. power grid is vulnerable, held together by little more than a prayer and bailing wire. Even if Syria doesn't strike, a broad failure is inevitable. It's therefore prudent to begin testing your short- and long-term power outage contingency plans.
Remember, a broad outage doesn't just mean failover, as it could extend to failover sites. This means your current mitigation and disaster recovery planning may be inadequate for what might end up being a near-nationwide outage.
Even if you don't buy into the Syrian cyber counterattack risk, the likelihood of a massive outage is still great enough to test your firm's ability to survive if much of the power and telecom grid suddenly fails and remains down for weeks or even months. Disaster preparedness assessments are a prudent exercise, after all, and the Japanese tsunami of 2011 showed that the U.S. isn't the only wealthy nation with fragile infrastructure issues.
Power Grid Failure Would Be Catastrophic
Massive failures typically result from a massive weather event. You don't just lose power; if the power outage goes on for a day or more, you eventually lose telecommunications, water and even gas supplies (which often fuel emergency generators). A cascading failure would cause many transformers to catastrophically fail, which is a nice way of saying "explode." Recovery time could easily move from days to months; existing transformer reserves would be inadequate, and the in-country manufacture of new transformers would paradoxically need to wait until those factories could be brought back online.
Most generating facilities - especially hydroelectric - would come back relatively quickly. If distribution is catastrophically destroyed, though, getting that power to your primary or backup sights would be problematic. You could find your in-country facilities down for the count.
Related: 10 Disaster Preparedness Questions For Cloud Service ProvidersHow-to: Plan for Disaster Recovery and Business Continuity
Corporate buildings would hardly be the only facilities affected; employees would suddenly face a world where food, water and gas supplies were unavailable for extended periods. Many would have no choice but to relocate, as extended families, to areas that were secure and had sufficient supplies.
While a downed power grid would largely leave homes intact - unlike New Orleans after Hurricane Katrina - contacting employees and their families and coordinating their movement would fail. Yes, most of today's homes use cable modems for phone service, but those must be plugged in and would be unreliable. And yes, wireless phones and cell towers would work in a power outage, offering organizations a way to deliver rally points and other critical information, but cell towers' backup power supplies only last several hours - as do the typical cell phone batteries.
Contingency plans would need to be in place before an event so everyone is more likely to emerge from it safely.
Assess Disaster Preparedness Now - And Don't Count on Help
This isn't a short-term problem. America's electrical infrastructure is in bad shape. Large-scale weather events such as Hurricane Sandy hit cellular networks and the power grid both far and wide. Groups as varied as hostile nations and anarchists are increasingly gaining the skills necessary to do significant damage.
The federal government is not willing to fund needed infrastructure upgrades. Before the U.S. starts shooting missiles at countries with strong cyberattack teams, it should harden U.S. infrastructure, but betting the government will do the smart thing has been a losing proposition of late.
All of this suggests, then, that putting major data centers near large hydroelectric sites to assure power (as Google has done) or focusing on alternative energy sources (as is the case with Apple's planned new headquarters) to assure the sites can remain operational during extended outages. You'll have to think through network transport, though; if these sites can't connect, you're still in trouble. Having failover capability in another country, such as Canada, would be advised.
Thinking strategically, the only approach that may work in countries with vulnerable infrastructure or unstable government may be an arcology. This eventual evolution of self-sustained architecture and ecology blends corporate and personal living structures, assuring that both people and equipment are safe and recognizing that an inability to protect either could result in company failure. Arcology continues to advance worldwide, but clearly they are needed most where there's a broad risk to infrastructure and/or employee safety.
In the meantime, review your disaster preparedness plans to assure they adequately address large regional or national power outages. This often makes the difference between surviving a catastrophe and becoming a statistic. If people have a plan that they know works, they're less likely to panic and do dangerous, stupid things. Don't put this off.
Rob Enderle is president and principal analyst of the Enderle Group. Previously, he was the Senior Research Fellow for Forrester Research and the Giga Information Group. Prior to that he worked for IBM and held positions in Internal Audit, Competitive Analysis, Marketing, Finance and Security. Currently, Enderle writes on emerging technology, security and Linux for a variety of publications and appears on national news TV shows that include CNBC, FOX, Bloomberg and NPR.
Read more about government in CIO's Government Drilldown.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context
- This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk
- This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain
- Confront consumerization with convergence
- Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud... All Government IT White Papers
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer...
- Charting Your Analytical Future - "Making predictive analytics part of your business processes" Webinar This session will show how predictive analytics can be used throughout the organization by anyone looking for answers and how organizations can make...
- All Government IT Webcasts