Guest Opinions

We are at war in cyberspace and doing too little about it

The recent public safety power shutoff by Pacific Gas and Electric (PG&E) has drawn critics far beyond the more than 700,000 homes or businesses that lost electricity in northern California. California’s top utility regulator said that the “scope, scale, complexity and overall impact to people’s lives, businesses and the economy cannot be overstated.”

The largest planned power outage in the state’s history was intended to avoid wildfires, but instead drew fire from customers right on up to Governor Newsom himself, who declared that PG&E’s action was “the direct result of decades of PG&E prioritizing profit over public safety” and that PG&E implemented this extraordinary measure with astounding neglect and lack of preparation.”

It may not reach to the level of “astounding neglect and lack of preparation,” but there are very serious concerns from cyber experts that Congress has not taken enough action to prevent future power outages. The warnings are not about forced shutdowns by public utilities, but by Russian cyberwarfare intent on taking down power grids in American cities and creating chaos across the United States.

These are the warnings in a new book by Richard Clarke and Robert Knake, “The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats.”

Clarke has a distinguished career in government, serving under presidents Reagan, Bush and Obama. Knake, whom I interviewed at Readers Corner for this book from his post at the Council on Foreign Relations, served as director for cybersecurity policy at the National Security Council during the Obama administration and both have written an earlier book on the subject, “Cyber War.”

Clarke and Knake contend that it’s not as though Russia hasn’t figured out how to go to war in cyberspace, as we learned in the 2016 election. It has a history of cyberattacks, first on countries it can afford practicing on without fear of retribution and then taking that success to countries Putin considers deserving of his cyber wrath. That is precisely what Russian hackers have done over recent years. Whether it’s shutting down internet service providers, defacing government web sites or shutting down a media outlet to mention just a few, with Putin’s blessing and direction, Russia has shut down whole segments of cyberspace to disrupt governments and their elections.

More on cyberwarfare aimed at our elections and what we can do about it in a future column, but let’s return to the very real threat to the nation’s power grid. Clarke and Knake point to 2015 when Russian hackers took control of a power grid control room and turned large parts of Ukraine dark. They repeated the feat a year later. Just as they did with election interference, now that they have experimented with shutting down power grids closer to home, Clark and Knake predict the United States is next. They quote Dan Coats when he was director of national intelligence as describing possible Russian attacks on the U.S. electrical grid as being so severe that, figuratively, “the warning lights are blinking red.”

What they call for to protect against future attacks on our power grid requires a degree of bipartisanship that is essential to guarantee that America’s power grids, corporations and its governments all remain safe from cyberattacks from abroad.

The authors call for a Plan B, a “secure, segmented, diverse-source microgrid program justified by both climate change and national security. According to Clarke and Knake, it would be a new, second national power grid with significant private sector investment. It would not be interconnected, but it would have thousands of energy sources, making it very difficult to take out with a single cyberattack or even a series of cyberattacks.

The cost will be considered prohibitive by some, but the authors suggest looking upon the project as a weapons system to protect us from returning to the dark corners of 19th century America where electricity was not yet a mainstay of our economy and our society.

Clarke and Knake have sent the flares into the air for Congress to take seriously warnings from a variety of expert directions that our power grid is vulnerable. The time is now to deal with the defense mechanisms that must be in place to prevent another Russian cyberattack on our 2020 election. But we must also look beyond election interference to what could at some point in the near future be a sinister plot to send parts of America into darkness for periods long enough to disrupt daily life as we know it in America.

The good news is that Clarke and Knake marshal considerable expertise from the cyber world to suggest that the defense against cyberattacks has the advantage today. For those playing offense and attempting to disrupt cyber systems with superweapons capable of taking down power grids, for example, it has become more difficult for those superweapons to discover vulnerabilities in our systems. And even harder to exploit them.

While defenders of cyber systems have the advantage, it’s hard work, it’s expensive work and it relies on a highly educated and innovative cyber workforce. Meanwhile, it will take a Congress and the President willing to acknowledge the challenges we face from Russia, China and other adversaries who wish us harm and to budget for the expensive road ahead to protect America from foreign adversaries in cyberspace.

Bob Kustra served as president of Boise State University from 2003 to 2018. He is host of Readers Corner on Boise State Public Radio and is a member of the Statesman editorial board.
Related stories from Idaho Statesman