Book Club: Lights Out

Your favorite books and links
Post Reply
User avatar
jennypenny
Posts: 6851
Joined: Sun Jul 03, 2011 2:20 pm

Book Club: Lights Out

Post by jennypenny »

Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, by Ted Koppel

“Electricity is what keeps our society tethered to modern times.”

I was eager to read this book. I’ve read and edited many, many writings by my prepper crowd, and most are based on second-hand information or military experience. I had heard that Koppel had access to the top players in the field and knew he would get the best first-hand information he could and deliver it in an intelligent and unbiased way. Editing lapses and personal indulgences aside, he did. He interviewed the current and all former heads of DHS. He interviewed Craig Fugate of FEMA, George Cotter from the NSA, and several experts from the military and the power industry. He didn’t have to guess at whether there were plans in place and he didn’t have to make assumptions like my tinfoil hat friends because he could ask the officials who would know. I still think there were some shenanigans going on, but I’ll explain that at the end.

The book is broken into three, parts so I used that structure. The first section deals with the problem of cyberattacks and the peculiar and potentially devastating effects one might have on the electric power grid. The second deals with the technical issues of repairing the grid and the enormous issues the government would face and how woefully unprepared our government is. The third part discusses groups that might be prepared and what can be learned from them. I’m going to quote heavily from the book for those who haven’t read it so they can participate. In the resources section at the bottom there are a few videos of Koppel discussing the book. If you haven’t read the book, you could view a couple of those now before reading the review. The book is heavy in details, but the gist is pretty straightforward and easy to pick up in the interviews with Koppel.

Koppel discusses cyberattacks in general and how “As the ranks of capable actors grow, the bar for cyber aggression is lowered. … This book is about dealing with the consequences of losing power in more than one sense of the word. Without ready access to electricity, we are thrust back into another age— an age in which many of us would lack both the experience and the resources to survive.” He is very critical of the government for the lack of preparation to deal with a widespread power outage, which he restates several times in the book. I’m going to skip talking about cyberattacks in general because that discussion is better suited for the Future Crimes book review. A brief quote on cyberattacks in general: “It is difficult to retaliate against an aggressor with no return address.” This is a key difference with cyberattacks. It adds an element of randomness, and it’s impossible to fight an aggressor if you can’t identify them. Koppel continues … “We literally have no count of how many groups or even individuals are capable of launching truly damaging attacks on our electric power grids— some, perhaps even most of them, uninhibited by the threat of retaliation.”



Part I: A Cyberattack

As I said, I'll focus on cyberattacks targeting infrastructure, and leave the general topic of cyberattacks for the next book. In chapter one, Koppel points out the difference between larceny and something more sinister that could be considered terrorism or an act of war. He concedes that massive data collections are disturbing and, sadly, that we’ve already learned to absorb such occurrences without much fanfare, but “Our attention needs to be focused on those who intend widespread destruction.”

He goes on to say “The Internet provides instant, often anonymous access to the operations that enable our critical infrastructure systems to function safely and efficiently. In early March 2015 the Government Accountability Office issued a report warning that the air traffic control system is vulnerable to cyberattack. This, the report concluded with commendable understatement, “could disrupt air traffic control operations.” Our rail system, our communications networks, and our healthcare system are similarly vulnerable. If, however, an adversary of this country has as its goal inflicting maximum damage and pain on the largest number of Americans, there may not be a more productive target than one of our electric power grids.”

The grid is particularly vulnerable because of its structure. The first sentence of chapter four ... “It is not easy to convey how and why the electric power grid is so surpassingly vulnerable to cyberattack.” pretty much sums it up. In the US, there are three distinct grids that generate and distribute electricity. Those systems depend on computerized systems that must maintain a perfect balance between supply and demand to function properly. Because of the precarious balance required, a cyberattack that took down any part of those grids could potentially have a domino effect that would dismantle the rest of the grid. The SCADA system that runs all of the software is the same almost everywhere. Worse yet to my mind was how un-computerized it all was. "When he [Major General Brett Williams, former director of operations for U.S. Cyber Command] left Cyber Command in the spring of 2014, threat information was still being communicated between U.S. intelligence agencies and the electric power industry the “old-fashioned” way, via phone calls and emails. … Cyber defense demands speed. “I would argue we just don’t have time to go through the same process that we go through with legacy types of intelligence. Obviously, we can’t defend against everything; but right now we’re vulnerable to almost everything.”

Chapter two discusses an attack on PG&E’s Metcalf Transmission Substation near San Jose, California in April of 2013. If you have a WSJ subscription, you can read a good account of the attack here. If not, here’s an excerpt from the book … “We know that there were several saboteurs, but not how many. At least two members of the unit lifted a metal vault cover (too heavy for a single individual) leading to an underground vault containing AT&T’s fiber-optic telecommunications cables. With the cutting of those cables, the attack began. Slightly more than half an hour after cutting communications, the saboteurs attacked the actual substation, knocking out seventeen giant transformers over the course of nineteen minutes. Based on shell casings found at the scene, investigators believe that the gunmen used AK-47 assault rifles. In a remarkable feat of timing or coincidence, the saboteurs left the scene at 1: 50 a.m., just one minute before the police arrived to find the substation locked. … The attack caused significant damage— it took utility workers twenty-seven days to bring the substation back online— but hardly the catastrophic result such a coordinated attack might have produced. These attackers seemed to know what they were doing. As a former vice president of transmission for PG& E told a utility security conference seven months after the attack, “This wasn’t an incident where Billy-Bob and Joe decided, after a few brewskis, to come in and shoot up a substation. This was an event that was well thought out, well planned and they targeted certain components. …

Jon Wellinghoff, who was chairman of the Federal Energy Regulatory Commission (FERC) at the time of the attack, remains unconvinced. He thinks the attackers may have been engaging in a rehearsal rather than a comprehensive sabotage operation. While he was still chairman of FERC, Wellinghoff assembled a team of experts from the U.S. Navy’s Dahlgren Surface Warfare Center, which trains Navy SEALs, and took them out to the Metcalf substation. What they found, among other things, was that the shell casings left behind were free of fingerprints. They discovered small piles of rocks at key locations outside the substation and concluded that these might have been placed by advance scouts, establishing the most advantageous shooting locations. The experts concluded, as Wellinghoff told the Wall Street Journal, that “it was a targeting package just like they [SEALs] would put together for an attack.” Wellinghoff’s concern is that the attack on the Metcalf substation may have been a dry run for a far more devastating act of sabotage.”

I’m focusing on this part because I agree with Koppel that it’s a significant incident, and I know for a fact that it’s not an isolated one. I know firsthand of two other incidents like the one at Metcalf where similar attacks were carried out at military installations. Those have not been made public. There are rumors of others, but I can only confirm two. I think it lends credence to the suggestion that these attacks are rehearsals, but for what? Such an attack doesn’t even fall under the heading of cyberattack, but it shows yet another way that the grid is vulnerable and the wrong people know it. The military is taking steps to move its most critical computer systems underground, but if the rest of the country is without power--including military installations--it would serve as no more than a severed head after a widespread outage. Even systems that are thought to be secure and “air-gapped” are occasionally knocked offline because of inadvertent use of thumb drives or cell phone hot spots. The military tracks this and acts immediately when it happens, but it’s a reactive response and does nothing to prevent the intrusion and its effects. [Sidenote: Feel sorry for the poor employee who accidentally crosses the airgap in certain military outfits. The reaction is swift and painful. It reminds me of this scene in Monsters Inc. It’s why some people who know the rules at that level are so critical of Petraeus and Clinton’s homebrew server.]

Koppel cites other officials who confirm the ability of other actors like China, Russia, and soon North Korea to launch an EMP attack on the US. North Korea is significant because as a “rogue state” it doesn’t have a balance of power to maintain like China and Russia.

In chapter three , Koppel discusses the large blackout in the US in 2003. [DH was consulting a little for First Energy at the time, and no one there was surprised by what happened. NO ONE.] The report of the task force convened to study the outage included in their report that the grid was vulnerable to a malicious cyberattack, even though it was completely unrelated to the actual cause of the 2003 outage.

He goes on to discuss the bureaucratic behemoth that is the electric power industry in the US. He touches on the effects of deregulation and the structure of the system, which seems designed to facilitate a crippling attack. The biggest surprise to me was that the federal government does not have the power to impose security or maintenance standards on the industry. Every critical industry in this country – agriculture, health care, water supply, sanitation, transportation – relies on uninterrupted electrical power. To my mind, that raises it to the level of national security and like the military, it should be under tighter federal control. You know me – I’m a small government person. Yet, I can’t help but think that the biggest, most likely SHTF threat to my existence is an extended power outage, whatever the cause. The power supply is the key to all other life-sustaining systems.

Here is a link to the EMP commission’s report online. The executive summary included the following … “Depending on the specific characteristics of the attacks, unprecedented cascading failures of our major infrastructures could result. In that event, a regional or national recovery would be long and difficult and would seriously degrade the safety and overall viability of our Nation. The primary avenues for catastrophic damage to the Nation are through our electric power infrastructure and thence into our telecommunications, energy, and other infrastructures. These, in turn, can seriously impact other important aspects of our Nation’s life, including the financial system; means of getting food, water, and medical care to the citizenry; trade; and production of goods and services. The recovery of any one of the key national infrastructures is dependent on the recovery of others. The longer the outage, the more problematic and uncertain the recovery will be. It is possible 1 for the functional outages to become mutually reinforcing until at some point the degradation of infrastructure could have irreversible effects on the country’s ability to support its population.” It concludes that only 1 in 10 of us would survive an extended outage lasting a year.

Given that an extended outage could result from an EMP, solar storm, cyberattack, or simply through an unimagined series of storms that took down key components leading to a collapse of the system, it seems to me that of all the SHTF scenarios, this one should be at the top. I understand that a climate activist might argue that global warming is a bigger concern because our current trajectory guarantees global destruction, and doesn’t just put us at risk like a power outage. A complete reassessment of our global power structure from production to usage levels might be needed to avoid the devastating effects of both climate change and power failures.

One expert that Koppel obviously likes is George Cotter from the NSA. I listed some resources for him at the end, including a good white paper. Cotter and Koppel discuss Independent Actors, which ties into the idea that nation-states are becoming less relevant overall (something we've discussed on the forum). Giant organizations and corporations are in a better position to prevent such attacks and to instigate such attacks against each other. Cotter also sees a growing level of sophistication among criminal organizations, terrorist groups, and so-called hacktivists (political activists who use the Internet, such as the group Anonymous). “I believe,” said Cotter, “it is literally possible for a hacktivist group, well trained and well motivated, to take down major portions of the grid without the industry being able to stop it.”

What is most dangerous about Pyongyang and its mercurial leadership is not only its unpredictability but also its degree of immunity to cyberattack. North Korea has so much less to lose in a high-stakes cyber war than the cyber-dependent United States; it is neither easy nor particularly effective to isolate a hermit kingdom. The concern that President Obama expressed a few years back to his aides about the vulnerability of the U.S. infrastructure and America’s dependence on computer systems applies inversely to North Korea. As of late 2014, the total number of Internet protocol addresses in North Korea was estimated at 1,024—“ fewer than many city blocks in New York,” the New York Times observed.




Part II: A Nation Unprepared

This section illustrates with sad clarity our disconnected government in all its glory. Koppel has access to, and interviews, many high-ranking officials. Almost to a person, they demonstrate the ineptitude of government agencies. He’s particularly critical of DHS.
Those charged most directly with protecting the nation’s security are ambivalent about the actual danger of an EMP attack. Janet Napolitano, the former secretary of homeland security, all but dismissed the threat. “You know, if I had to rack and stack the most likely risks that we were dealing with,” she told me, “I would not put that [an EMP attack] in the top, certainly not in the top ten threats to our infrastructure.” Meanwhile, as noted, NORAD and the nation’s Northern Command are moving their most sensitive communications equipment to a bunker below Cheyenne Mountain. Conflicting risk assessments among our national leaders and foremost experts will become a recurring theme.

Poor Jeh Johnson looks the least qualified for his position based on his comments. Johnson told Koppel “I’m sure FEMA has the capability to bring in backup transformers,” Johnson said. “If you want an inventory and a number, I couldn’t give you that.” But then Koppel continues … I had spent part of an afternoon at FEMA headquarters only a few weeks earlier talking with the agency’s administrator, Craig Fugate, about the same issue. Contrary to Johnson’s assurances, Fugate had pinpointed the failure of large transformers as one of his greatest areas of concern: “If you cause overloads and you cause significant damage to the very large transformers, that’s probably one of the most difficult things” for us to respond to, “because there [are] very few manufactured in the United States.” Asked what he would say were Jeh Johnson or the president to ask whether FEMA was prepared for such a scenario, Fugate responded bluntly, “No.” He continued, “Most people expect… that somehow we have enough tools in the tool chest to get power turned back on quickly. The answer is no.” Koppel obviously likes Fugate, who had this to say … “We’re not a country that can go without power for a long period of time without loss of life. Our systems, from water treatment to hospitals to traffic control to all these things that we expect every day, our ability to operate without electricity is minimal.” The FEMA administrator expressed a frustration likely common among senior government bureaucrats: “I’ve got to deal with the consequences” despite not “really hav[ing] any say on the front end as to why we got in this situation.”

Further in the interview … So what, I asked FEMA’s administrator, is the plan for a prolonged, widespread power outage? For the first couple of days, he explained, the primary burden would be on state and local governments, but if the electricity remained out for weeks or more, it would be FEMA trying to fill in the gaps. “The plan would be to support the states to keep security, to maximize what power we do have to come back online, to look at what it will take to keep food and other critical systems like water systems up and running with generators and fuel. To prioritize where we’re going to start rebuilding our economy.” Fugate warned that there’s a limit to how much FEMA can do, but he’s confident in prioritizing certain objectives. “Keep the water on,” he said. “That means we need to have enough power to pump, treat, and distribute water through the system. You have to keep the water system up, and you’ve gotta then focus on the water treatment system. Backing up sewage is just about as bad. Those two pieces will buy you enough time to look at what your alternatives are. Basically, people have to drink water, they have to eat, that waste has to go somewhere, they need medical care, they need a safe environment. There has to be order of law there.”

Fugate is not a man to mince words. There is traditional disaster response work, which is about reestablishing normalcy very quickly. Then there is uncharted territory, he acknowledged, “where normalcy [wouldn’t] get established quickly. We [would be] trying to hang on and keep as many people [as possible] from dying until the system comes back.” That’s not the sort of message that would inspire widespread confidence in a concerned public, but it has the ring of authenticity to it.


One thing that stuck with me when reading this section was why is the government so unprepared? You know they’ve considered this possibility. I’ve read some white papers and position papers on the topic that came from FEMA and DoD officials. Why is there no “official” plan? Koppel asks the same question over and over again. Koppel insists that if there is a plan it’s best to share it with the public now instead of waiting for an outage that would make it almost impossible to communicate with large numbers of people. I figure there are two reasons for the government silence regarding a plan to deal with an extended outage.

One reason might be that they’ve concluded that there’s no way to effectively deal with an outage of that magnitude. They’ve prepared for continuity of government and operations (like burying the severed head under NORAD), but they’re prepared to let most people fend for themselves until the crisis has passed. This is a common assumption amongst my tinfoil hat cohort. They believe the plan is to let the population die off until the population numbers are small enough to deal with effectively. I’ve read terrible scenarios about such things. You can imagine it – prison populations starving to death in abandoned prisons, elderly and infirm dying in large numbers in LTC communities, inner-city poor succumbing to violence, fire or starvation—basically all of the communities that are a perceived drain on the government would die in large numbers, leaving behind the healthiest and most able-bodied (but in a weakened state from the conditions so they couldn’t fight back if they didn’t like the direction the new government was taking). It’s straight out of Conspiracy 101, but it makes sense on some level. If you think you can’t save everyone, figure out who and what is worth saving and plan for that instead.

The other reason they might not share the plan is because people wouldn’t like it. Even a plan that’s a lot less draconian than the one I described above might still ruffle some feathers. What if they limited medicine to people between aged 6 and 60? Or closed throughways into and out of major cities to limit crime and disease? The mere suggestion of that kind of plan could start riots. What about relocation plans, or confiscation of food and other supplies so the government could dole them out equitably? It would seem reasonable on paper but would stoke the Tea Party side of the aisle.

What I don’t understand is why they don't at least develop a plan for PREVENTING the problem. Hardening the infrastructure seems like a good first step. How about the next time our dear leaders suggest invading somewhere, let’s not and say we did, and then use the money to shore up our infrastructure instead?

If you want to know specific details about the electric grid and how antiquated the infrastructure really is, read chapter nine. The biggest issue in this section is the decaying population of large power transformers (LPTs). They estimate there are tens of thousands in use. [I found it shocking that the government didn’t actually know the exact number because it’s proprietary. WTF??] LPTs are dinosaurs and very, very hard to replace …
“An LPT is a large, custom-built piece of equipment,” the DOE report explained. “Because LPTs are very expensive [$ 3 million to $ 10 million each] and tailored to customers’ specifications, they are usually neither interchangeable with each other nor produced for extensive spare inventories.” Consider the sum of all those factors. Conservatively, there are thousands of aging transformers, most custom-built, unable to be ordered from a catalogue or mass-produced, each costing somewhere in the neighborhood of $ 3 million to $ 10 million. Add to this that there are only a handful of plants in the United States capable of building an LPT— as of this writing, ten such facilities. The vast majority of large power transformers are built overseas, and more than 75 percent of those purchased by the U.S. energy sector must be procured overseas. The estimated lead time, the time from production through shipping to delivery, is commonly between one and two years, and never less than six months. These transformers are so enormous— anywhere from 400,000 to 600,000 pounds— that they cannot be transported on a standard railroad freight car. It requires the use of a specialized railroad freight car known as a Schnabel. There are only about thirty of these in North America, and as one senior FEMA official conceded, some of the original transformers were delivered so many years ago that the rail lines on which they were transported no longer exist.

The industry claims it has hundreds of back-up transformers as spares, but it won’t give the exact number (again, claiming it’s proprietary), and admits that one size doesn’t fit all. The current wait time for a newly built transformer is over a year. It’s worth noting that only the largest companies can afford to keep backups. If you were factoring in grid resiliency in deciding where to live, pick an area supplied by one of the largest power companies.

Koppel goes on to discuss the aftermath wrt people and again how there is no plan beyond a short-term disruption. One interviewee actually suggested that NYC be evacuated, but moving people out of urban areas en masse—even with the power on—is a pipe dream. Even Koppel finds the suggestion ludicrous. He spoke with Johnson and all former DHS heads. Tom Ridge comes across as the most realistic, but only in recognizing the problem and admitting that the government has no plan and a workable one is probably not forthcoming. Johnson looks clueless in the book, and Napolitano sounds like a typical cavalier politician. I’m not trying to take a political side here. Even Ridge offers no real hope of dealing with this kind of crisis. He says “We are not a preemptive democracy. We are a reactive one.” When pressed, most officials and industry leaders that Koppel spoke with admitted there was no real plan, and further, that no plan would be adequate to deal with the magnitude of a grid-down crisis.

Where, then, might a concerned citizen find advice on how to cope with the aftermath of such an attack? “There is no answer,” said Schmidt. No government agency has guidelines for private citizens because, according to Schmidt, there’s nothing any individual can do to prepare. “We’re so interconnected,” he said, that in terms of disaster preparation “it’s not just me anymore: it’s me and my neighbors and where I get my electricity from. There’s nothing I can do that can protect me if the rest of the system falters.” It’s an answer bordering on the fatalistic: the individual can’t do anything and the government won’t do anything.

One of Koppel’s main points in this section is that the government is approaching this problem like it approaches all emergency management, yet Koppel believes a grid-down scenario is fundamentally different. “On one level, this is understandable and even prudent. Experience is a more compelling instructor than speculation. … A cyberattack may be different from anything FEMA has previously dealt with, but it is not unreasonable for the agency to focus on the experience it has gained from natural disasters. This approach falters, however, when relevant federal agencies fail to provide for (or in some cases even contemplate) the difference in magnitude between the effects on the grid of any recorded natural disaster and the potential effects of a massive cyberattack.” Koppel goes on to compare different disasters, like earthquakes, and show the flaws in applying universally accepted disaster relief models to a large-scale power outage.

When discussing specific areas like NYC with other officials, the outlook was just as grim. “The city, though; how long could that hold up? Without federal assistance, Hauer said, New York City “could probably last for two days.” OTOH, when he addresses what the situation would be in rural areas like Wyoming, he’s more optimistic. The general conclusion is that the less an area relies on government services now, the better off it will be after a significant crisis like a grid-down event.

Koppel doesn’t pull any punches in his assessment of the situation. He singles out the Red Cross for a rather scathing rebuke, and as you've seen, he is very critical of DHS. He sees that organization (DHS) as money wasted that could have been spent on addressing this problem. Same with the wars in Iraq and Afghanistan…
We are inclined, as Tom Ridge observed, to be a reactive society. We apply unimaginable amounts of money toward dealing with the aftermath of crises. The most conservative estimates put the financial cost of the wars in Afghanistan and Iraq at around $ 1.5 trillion. Most estimates are significantly higher. The Transportation Security Administration, which came into being as a direct consequence of the 9/ 11 terror attacks, now employs fifty-five thousand people, with an annual budget in excess of $ 7 billion. Over the course of the past fourteen years TSA has been funded to the tune of somewhere between $ 90 billion and $ 100 billion of protection we didn’t know we needed before 2001. Nor, it seems, has the money been particularly well spent. In early June 2015, the Department of Homeland Security revealed that its teams of undercover investigators were able to smuggle dummy explosives and weapons through TSA checkpoints at airports around the country in 95 percent of cases. We tend to come up with funding after disaster strikes.



Part III: Surviving the Aftermath

This section talks about preppers and Mormons and if there is any way at all to survive such a catastrophe. Koppel is respectful in his assessment of preppers … “There is, in any event, a growing movement around the country based on the assumption that neither government agencies nor private relief organizations can be relied upon in the event of any major disaster. A generation or two ago, they might have been called survivalists, but there was an extreme rightwing aura attached to that term, conjuring images of bunkers built to sustain life against aerial bombardment. While such groups continue to exist, they have been modified and largely displaced by a much larger group for whom ideology is less relevant. “Preppers,” perhaps most easily described as “those who prepare,” can be found across the political spectrum. They are not necessarily prophets of doom, simply those who want to be ready for the worst.”

IMO, the book really veers off course here. I enjoyed this section, but it seemed out of place in the context of the rest of the book. Too much discussion is devoted to the Mormons and their history. The Mormon story is compelling and uniquely American in many respects, but too much detail bogged down the book. I think what Koppel was ultimately getting at is the Mormon focus on prepping and the enormous infrastructure the LDS has developed over the last few decades. They have vertically integrated their preps from the farm to distribution. If an EMPocalypse really happens, the Mormons might be the biggest community to survive intact. Many lessons can be learned from them. I’ve used many of the LDS’s online resources (some are listed in the resources section), and through my prepping contacts I have befriended many Mormons. I have found them to be, IMHO, the perfect blend of preparation and generosity. I know of other criticisms of the LDS lifestyle, particularly in relation to the role of women, but their approach to survival and preparedness seems to be the epitome of ‘prepare for the worse, hope for the best’.

A related point was that the community structure of the Mormons makes their preparations much easier to accomplish. It’s something that’s lacking today in many segments of society, which we’ve touched on before on the forum. Government mandated preps might be useful, but the plans would be more cohesive and meet with less resistance if they were a part of a community-based group instead of a top-down, government-imposed plan. I’m not sure how to accomplish that. Certainly, other civic and church groups could look to the LDS model to see what can be done. I know that Catholic Charities has at least a small infrastructure in place as a starting point. A friend in Alabama says his church has a large network for dealing with disasters with his state, Tennessee, and Mississippi. Maybe what’s needed is for the DHS or FEMA to assist regional and local groups in developing plans for disaster relief? Koppel discusses that in chapter nineteen … The LDS church has established a model that makes good common sense, one that serves to support families in times of illness or unemployment, natural disaster or international crisis. It is designed to cushion families during hard times over an extended period. Certainly most families cannot afford to immediately lay in a six-month supply of food and water. Too many families lack the resources to meet even their daily needs. But if those who can afford it take on the responsibility of longer-term survival, supplies available to emergency management agencies can be reserved for the very neediest. Many urban dwellers, living in small urban apartments, lack space, but when what’s at stake is survival, it’s astonishing how much can be tucked away in small spaces. To establish a foundation with long-lasting, nourishing foods that have sustained needy families for generations— rice, wheat berries (and the grinder to make flour), beans— and large containers of water seems ridiculous in times of plenty, but it can become the difference between survival and starvation during an extended crisis. True, the wheat berries and grinder are not likely to find many converts among city dwellers, but the goal is to build up a supply of nonperishable goods, small amounts at a time. These are measures to be undertaken gradually, over time. Eventually the supplies become part of a natural pattern— rotation of the older food into a pattern of daily consumption, always to be replaced with fresh supplies.

What will, for most people, be the most difficult to replicate in the Mormon experience, however, is the intricately organized community, existing on both the local and national levels. There are well over two thousand Community Emergency Response Teams (CERTs) throughout the country. They are affiliated with FEMA and provide a useful structure for implementing disaster relief, but they don’t have much of a presence in America’s cities. There is, for example, only one CERT in the nation’s capital. Still, it is a place to start, and if you go to the CERT website, you will find the name and contact information for the organization nearest you. Many religious communities already have a structure and sense of connection in place, as do any number of social and civic organizations. Some of these have already made thorough preparations for disaster relief. For those that have not, but where organization and a sense of community are in place, it should be a relatively manageable matter to modify what already exists.


Another point Koppel seems to be making is that even though the people in rural areas, like Mormons, might be willing to help the less fortunate during a prolonged outage, the notion of urbanites fleeing to the countryside for refuge is misguided and ultimately unworkable. I think a better way to look at it is in the context of FEMA and government assistance, which surprisingly Koppel spends little time on in the book. If I were running FEMA and developing a plan, I would first look at a map and mark off all of the areas that could probably get by without government assistance--like those with large LDS populations or prepper mindsets--and focus all planning on the areas that couldn’t possibly survive without a strong government presence (like the megalopolis).

I think this is the biggest takeaway I had from the book. It made me look at location a little differently. I think there are workable plans for many different areas. Obviously, if you can live off-grid now in a remote location, then all you need to worry about are your medical needs and safety. If you live in a suburban area, make sure you live somewhere that’s part of a large electrical network and ‘important’ enough that it would be a priority when they are repairing the grid and distributing emergency supplies. Large urban dwellers, well … you’re still SOL I think. Sorry.

I think Koppel’s ultimate point is that the government should be focused on prevention while individuals should focus on preparation … There is, unfortunately, a whiff of defeatism about preparation. It implies the inevitability of an impending catastrophe when time, effort, and money might more proactively be expended on prevention. The one should not preclude the other; the overall utility of preparing for hard times, with a rotating larder, participation in a social network, and the establishment of a financial safety net, is eminently adaptable and useful even in the absence of catastrophe. On the other hand, defending against a cyberattack is something that only a coalition between government and industry can even attempt. So it is to be expected, perhaps, that government’s primary emphasis remains on prevention. All of the details Koppel includes in the book show that the government isn’t really making any progress on their end, and although prepping has at least made it into the general lexicon, the public is only marginally more prepared than the government for a large-scale grid-down event. He is also firmly on the side of increased government oversight of the internet and wholesale data collection as part of the intelligence community’s attempt to prevent cyberattacks.



Back to my comment about shenanigans … One thing that struck me as a little odd when I first read the book was the timing of its publication and Koppel’s relentless marketing of it. Then DARPA made their big announcement, and I wondered if maybe Koppel was given such incredible access to government personnel and information in exchange for coordinating the timing of the book with the expansion of the DARPA program related to preventing a grid-down event. See here, and here, and here, and here. Convenient timing, yes?



FURTHER RESOURCES:
Google Talk with Koppel https://youtu.be/1dcSyibsF2w

Koppel on Charlie Rose (he’s up first) https://youtu.be/3ZQouyI1giA

Koppel speaking at UChicago Institute of Politics https://youtu.be/klBYGH9qhpM

EMP Commission website (US) http://empcommission.org/index.php

US Department of Energy report from April 2014: Large Power Transformers and the U.S. Electric Grid: Infrastructure Security and Energy
Restoration http://energy.gov/sites/prod/files/2014 ... 040914.pdf

George Cotter White Paper from April 2015, Security in the North American Grid: A Nation at Risk http://pbadupws.nrc.gov/docs/ML1511/ML15114A348.pdf

DARPA http://www.darpa.mil/

Joe Weiss’s blog on industrial security http://www.controlglobal.com/blogs/unfettered/

George Cotter discussing cyberattacks and grid security https://istcolloq.gsfc.nasa.gov/fall201 ... cotter.mp4
He’s really dry. You can skip the beginning unless you’re really into this topic. Jump ahead to 1:03:30 to get to the applicable part. He’s much better in the Q & A. Here’s a PDF of his slides https://istcolloq.gsfc.nasa.gov/fall201 ... cotter.pdf .

DHS guidelines for preparing for a disaster http://www.dhs.gov/how-do-i/prepare-my-family-disaster

LDS guidelines for preparing for a disaster https://www.lds.org/topics/emergency-pr ... s?lang=eng and the LDS Preparedness Manual (free download) https://www.ldsavow.com/PrepManualGeneral.html

Modern Survival Blog’s guide with a to-do list http://modernsurvivalblog.com/preps/lds ... checklist/

Tess Pennington’s 52 Weeks to Preparedness http://readynutrition.com/resources/52- ... _19072011/



QUESTIONS: (Don't feel obligated to answer them if all you want to do is comment on the book!)
1. Do you think governments have planned for such an event, whatever the cause? Or do you think they are just hoping to apply basic disaster preparedness plans to a prolonged outage?
2. Why do you think the government doesn’t share more information about preparing for disasters beyond the recommendation of three days of supplies?
3. Does your local government have a plan in place? Do you know what it is?
4. What would you do? Would you leave? How long would you stay? Where would you go?
5. What do you think the government should do or plan for?

Question #6 is for the Europeans -- Wasn't there talk of a super grid in Europe? Did they complete it? Does it make you more vulnerable to a continent-wide grid-down event?



And if you’ve actually read all the way to the end of this post, here’s a bonus clip of George Carlin on what would happen if we didn’t have electricity :D https://youtu.be/3ZWA_cw9tss
Last edited by jennypenny on Sat Jan 02, 2016 8:04 pm, edited 1 time in total.

henrik
Posts: 757
Joined: Fri Apr 13, 2012 5:58 pm
Location: EE

Re: Book Club: Lights Out

Post by henrik »

Thank you for this review. Your posts are never as long as they seem, mostly because you write very well.

The content provokes some initial reactions, but I'll have to think about it and possibly now even read the book (I wasn't originally going to).

There is at least one completely true sentence above that is probably nothing new to anyone who's had anything to do with government level disaster preparedness:
We tend to come up with funding after disaster strikes.

heyhey
Posts: 113
Joined: Sat Jul 19, 2014 7:17 pm
Location: Herts UK

Re: Book Club: Lights Out

Post by heyhey »

This sounds interesting. It's good to know humanity is likely to survive through the Mormon community if nowhere else :)

I read a disaster novel recently which was not very good but did have the effect of making me realize how dependent I am on electricity. I do not have any other means of heating. Foods like wheat, rice and dried beans are no good for me to stock up on because I could not be sure of being able to cook them. I go for oats and cans in my small store. I probably wouldn't survive long, but then, it would be more use to humanity if younger people than me were the ones who survived.

User avatar
jennypenny
Posts: 6851
Joined: Sun Jul 03, 2011 2:20 pm

Re: Book Club: Lights Out

Post by jennypenny »

@henrik -- That's awfully kind considering how many typos I just corrected when I reread what I wrote LOL. Sorry, I was in a hurry because I had another deadline to meet today.

Dragline
Posts: 4436
Joined: Wed Aug 24, 2011 1:50 am

Re: Book Club: Lights Out

Post by Dragline »

Wending my way through part III now. (I got sidetracked by "Violence Unveiled" by G. Bailie.

I have to say I think I still hold the record for the longest post, though. ;-)

henrik
Posts: 757
Joined: Fri Apr 13, 2012 5:58 pm
Location: EE

Re: Book Club: Lights Out

Post by henrik »

Hm, maybe I should wait for Dragline's opinion on whether the book actually has anything interesting to add to the OP:)

@jp - I can't reply to your PM, I'm told you have receipt of private messages disabled.

User avatar
jennypenny
Posts: 6851
Joined: Sun Jul 03, 2011 2:20 pm

Re: Book Club: Lights Out

Post by jennypenny »

Sorry henrik. You're the second person who's had that problem recently. I keep setting it to accept PMs, but it keeps changing back. I think the internet fairies are messing with me again.

@D--Did you like Bailie?

Dragline
Posts: 4436
Joined: Wed Aug 24, 2011 1:50 am

Re: Book Club: Lights Out

Post by Dragline »

OT, Yes, his book was interesting and informative. I've been reading a lot of mimetic theory-themed things recently since Rene Girard's passing in November, which I really did not discover until the past year or so. Somewhere at the intersection of the ideas of Girard and Benoit Mandelbrot peppered with a little Strauss & Howe may be the truth about everything . . .

Dragline
Posts: 4436
Joined: Wed Aug 24, 2011 1:50 am

Re: Book Club: Lights Out

Post by Dragline »

So I finished it. I thought it was kind of haphazard in its approach and too much like an extended Nightline episode for my tastes. I wish Koppel had interviewed some more technically oriented people who could explain that aspect of it better, instead of just executives who had reasons to stress problems, either because it makes their job more important or they actually have a financial interest in solving them. He seemed to like to remind the reader of his connections.

So, for instance, the whole transformer discussion did not make a lot of sense to me. Koppel assumed that the transformers would be destroyed in such a way that they would need to be completely replaced. I think this assumption is probably wrong, because it is likely they would be repaired, not replaced. This was, in fact what happened in the targeted vandalism episode in California that he documented. His technical ignorance was kind of on display in this section of the book.

I agree that the protecting against an EMP attack is something that should be done, as it does not appear that it is even that expensive on a national scale ($200 million for the whole country). This was explored in this podcast from a few months back: http://www.peakprosperity.com/podcast/9 ... emp-threat

I disagree that we ought to lump state-to-state acts of war with non-state sponsored terrorism or vandalism, which ought to be treated like criminal acts. I was not convinced by the book that the latter could take out power grids for extended periods of time, probably due to the lack of technical details as to how it would work other than comparisons with Stuxnet – which was a state-sponsored effort. And to prevent all crime essentially requires the imposition of a police state.

I thought that the discussion of preppers and Mormons was kind of a frolic and detour, as it was more about general preparations for any kind of disaster than this specific one.

Finally, I thought that Koppel may be misled by his childhood memories of WWII in London of “extreme disruptions”. In fact, although people panicked before the war and when the first bombs fell, after a year or two of bombings and even with the terrible devastation and deaths, people began to realize that their individual chances of being hit were small and began to go about their business in a more normal manner. In effect, they became used to the actual risks instead of inflating the theoretical ones. The same phenomenon is observable in modern Israel, where terrorist attacks are viewed as part of the normal risks of living there and they are treated as crimes. Their society does not stop when a bomber hits a mall or a café. Life goes on while the authorities go after the perpetrators. (Still, I note that Israel has a lot more aspects of a police state that would not be acceptable in present-day US.)

Questions:

1. Do you think governments have planned for such an event, whatever the cause? Or do you think they are just hoping to apply basic disaster preparedness plans to a prolonged outage?

I honestly don’t know. I doubt that there has been any comprehensive planning.

2. Why do you think the government doesn’t share more information about preparing for disasters beyond the recommendation of three days of supplies?

Mostly, because they don’t have useful answers. And there is not the same impetus that Koppel noted that motivated nuclear war preparedness in the 1950s and 1960s, which was outward signaling to the Soviet Union.

There is a “food pyramid” aspect to this. If the government did come up with such plans, people would immediately begin to criticize them as being inadequate or wrong, which they likely would be, depending upon the disaster forecasted.

3. Does your local government have a plan in place? Do you know what it is?

For this kind of electrical shutdown? No, not really. Many people around here lost power for a week or more when Hurricane Isabel went through here, but it was just the usual way of dealing with storms.

4. What would you do? Would you leave? How long would you stay? Where would you go?

If I thought it was going to last a long time, I’d go live with relatives in another part of the country (or even another country). But I think you would see the military air lifting in the giant generators they use to support command centers. GE would be cranking up their factories to build more.

5. What do you think the government should do or plan for?

We should protect against an EMP attack. I understand that a number of countries have done this already. And we should use our own very skillful hackers to test-sabotage the grid and run simulations. There may be many other defensive measures that could be taken at relatively minor costs.

henrik
Posts: 757
Joined: Fri Apr 13, 2012 5:58 pm
Location: EE

Re: Book Club: Lights Out

Post by henrik »

The main reason why I said I should read the book was I was hoping to get some technical clarity to some of the claims that JP quoted in her review. For example, it's hard for me to understand how the grid system can be vulnerable to cyber attacks and "un-computerized" at the same time. Also, why would anyone put life critical systems on the Internet in the first place (network != Internet). I was also wondering why he would go to heads of agencies with questions about preparedness rather than planners or technical specialists. But then maybe this is not the right book to get those things explained?

User avatar
GandK
Posts: 2059
Joined: Mon Sep 19, 2011 1:00 pm

Re: Book Club: Lights Out

Post by GandK »

Thank you for your overview of this book, Jenny. I have added it to the reading list I'm WAY behind on. Here are my present thoughts on your discussion questions:
jennypenny wrote:1. Do you think governments have planned for such an event, whatever the cause? Or do you think they are just hoping to apply basic disaster preparedness plans to a prolonged outage?
I think there's a high-level SHTF plan that covers certain people and functions only, and most of us would be appalled if we read it. I don't think for one second that there isn't a plan in place that protects the President in every possible situation that could arise. But the farther you, personally, get from national importance, the less likely it is that your safety and security would be seen to in a major disaster. Anyone who's ever worked for the US government in any capacity knows that there are supposed to be disaster plans in place, and that those plans are supposed to be tested regularly, but that neither the plans nor the tests are regularly updated because doing so would divert resources from current operations. Also, there's a pervasive fear that if "a problem" is brought to the attention of "the wrong people," aka people who would demand that it be fixed or else, it could cost a huge amount of money and/or get existing managers in trouble. Whenever jobs are on the line, silence reigns.

For a great illustration of this, look at Hurricane Katrina and Ivor Van Heerden. If you've never heard of him, he was the scientist at LSU who foretold for years what would happen if a major hurricane like Katrina hit New Orleans, and built models to prove his theories. When the hurricane finally came, he told everyone to evacuate New Orleans. Because no one listened to him, thousands of people died. Then he built models that showed that the city would not have flooded if the Army Corps of Engineers had build the levee bases deeper into the ground, hoping to get the levees made stronger for next time. Because the ACOE gives LSU a lot of grant money, LSU told Van Heerden to stop talking to the press and stop using phrases like "civil engineering disaster" which seemed to blame the ACOE for the Katrina deaths. When Van Heerden refused to be silent, LSU fired him. I think this is the government mindset about major disasters: keep silent and hope for the best, because preparing for the worst is expensive, and constituents don't reward that sort of thing with votes or contributions.
jennypenny wrote:2. Why do you think the government doesn’t share more information about preparing for disasters beyond the recommendation of three days of supplies?
I don't think they have a plan beyond critical functions. These are the same people who periodically get in trouble because agencies have been spying on other agencies. They're not in the habit of sharing critical information (information being power). This leads to the situation where we can do almost anything with laser-guided precision within a single agency, but we can't distribute disaster supplies in situations like Katrina because several agencies would have to coordinate to pull that off, and none of them have either a mechanism or a desire to share like that.
jennypenny wrote:3. Does your local government have a plan in place? Do you know what it is?
It would surprise me if the local government did not have designated "disaster centers," and it would also surprise me if the local VFW chapters were not on some sort of call list for disasters. There are storm siren tests here on the first Wednesday of every month at noon. But no, I don't know of any specific plans.
jennypenny wrote:4. What would you do? Would you leave? How long would you stay? Where would you go?
We would not leave. We are in an affluent area surrounded by bigwigs. I expect we'd reap the benefits of that once the dust began to clear. If the dust clearing took more than 3 weeks, we'd be in trouble, though. :?
jennypenny wrote:5. What do you think the government should do or plan for?
I think it's foolish not to guide every able-bodied citizen to have supplies on hand for two weeks of outages, at the very least. That would free up resources for the disabled and the poor. More than once in my lifetime, I've been in or near an area that has experienced a power outage of more than a week. I can't imagine not having at least that amount of supplies in the house. (Actually, thinking this through, I think we need more bottled water at present.) But since the government is frequently unable to find their own butt with both hands, I think trying to get all these factions to sit down together and build a coherent disaster plan would be like... I was going to say herding cats, but herding pit vipers is probably more apt.

I now feel inspired to talk to my local and church officials about disaster preparedness.

User avatar
jennypenny
Posts: 6851
Joined: Sun Jul 03, 2011 2:20 pm

Re: Book Club: Lights Out

Post by jennypenny »

I can address some of the technical questions, but I have to find public confirmation of the information first. DHS released all of the documentation from the Aurora Generator Test last year after an FOIA request, but all of the Tier IV information was redacted. (Tiers I-III dealt with upgrading the hardware and software to prevent an "event" and Tier IV addressed what would happen in the aftermath of an event should the safeguards fail.)

FYI -- The Aurora Test demonstrated a vulnerability that would attack all moving parts that spin, which includes motors and generators as well as transformers. Any or all can be attacked. They have been testing new hardware on some transformers and have found a fix that seems to work. When it doesn't however--like with the equipment in Aurora--it results in a catastrophic failure (no fixing it).

At last year's ICS cyber security conference, evidence was presented that showed that the vulnerability could be triggered *unintentionally* and still cause the same damage. I think it's called a "non-malicious event" or something like that, but essentially a glitch could cause the same thing as an attack. That means that not only do they have to work harder at preventing a cyberattack on the grid, they have to address the vulnerability regardless of how secure the system is to prevent a catastrophic event. The industry is pushing back hard on the second (and more expensive) point.

I'm not sure where Peak Prosperity got that $200 million figure. The number I've seen that they might have misquoted is $200 billion, which still isn't that much considering how important the electric grid is. IIRC, that estimate only includes hardware fixes and not software fixes related to cyber security.



I noticed that my answers to the questions are missing. I thought they were part of the file I posted, so I'm not sure what happened to them. I'll try and find them.

User avatar
jennypenny
Posts: 6851
Joined: Sun Jul 03, 2011 2:20 pm

Re: Book Club: Lights Out

Post by jennypenny »

To my point about the vulnerability affecting more than just LPTs, here are some graphics showing what else is at risk ...

Image

Image

Image


User avatar
GandK
Posts: 2059
Joined: Mon Sep 19, 2011 1:00 pm

Re: Book Club: Lights Out

Post by GandK »


Ydobon
Posts: 412
Joined: Fri Aug 29, 2014 9:15 am
Location: Scotland

Re: Book Club: Lights Out

Post by Ydobon »

European super grid has never made any progress beyond the conceptual stage (as far as I can see). There seems to have been a flurry of media interest around the topic mid-late 2014, but it has died down a bit since then.

I really should figure out how to disconnect our solar panels from the grid in the event of an emergency. Our 3.15kW setup can just about run our appliances and lighting on a clear day, but we don't have enough to share! ;)

Here in the UK, I'm currently hearing radio adverts for home controllers that can switch off your heating/lights/sockets remotely. I'd dread to think what happened if someone discovers a way to hack these mass market devices en masse - turn off your power, heating and ability to access the internet to fix the problem (no power for routers) with the click of a button?

enigmaT120
Posts: 1240
Joined: Thu Feb 12, 2015 2:14 pm
Location: Falls City, OR

Re: Book Club: Lights Out

Post by enigmaT120 »

Ydobon wrote: I really should figure out how to disconnect our solar panels from the grid in the event of an emergency. Our 3.15kW setup can just about run our appliances and lighting on a clear day, but we don't have enough to share! ;)
You would still have to invest in a battery storage of some sort, so would need a different inverter to change the voltage to that of your battery pack. I've read about people speculating on using the battery pack in an electric car as a back-up power supply for their home. I really like that idea as you're not just maintaining a battery pack with no other use.

I only have a 2.4 kW grid-tied array with no backup. Mostly when the power goes out I just cope. Collect water from my cistern's over-flow, haul water in buckets from the creek to flush toilets, cook on the wood stove.

User avatar
jennypenny
Posts: 6851
Joined: Sun Jul 03, 2011 2:20 pm

Re: Book Club: Lights Out

Post by jennypenny »


User avatar
jennypenny
Posts: 6851
Joined: Sun Jul 03, 2011 2:20 pm

Re: Book Club: Lights Out

Post by jennypenny »

DARPA tasks BAE with workaround to secure the power grid in event of massive attack

At least some of the enhanced DoD budget will go towards a useful and overdue project.

Post Reply