Resiliency of Critical Infrastructure
Presidential Policy Directive (PPD) -21, Critical Infrastructure Security and Resilience directs all federal departments and agencies to identify, prioritize and provide a plan to protect their physical and cyber critical infrastructure. The U.S. Department of Labor created the DOL Critical Infrastructure Security & Resilience Program (CISR). The CISR Program involves working in conjunction with the Chief Information Officer and Security Center to identify and protect Department of Labor critical infrastructure assets (i.e., cyber and physical) with the intent to identify potential vulnerabilities and determine appropriate mitigation strategies. The Critical Entities Resilience (CER) Directive creates a framework to support Member States in ensuring that critical entities can prevent, resist, and recover from disruptive incidents, including those caused by natural hazards, terrorism, insider threats, sabotage, or public health emergencies.
The DHS has outlined just how a critical infrastructure, network, or asset could be made resilient to a HEMP E1. It suggests EMP hardening measures should be integrated into the Federal Emergency Management Agency (FEMA) Primary Entry Point stations. The challenge lies in just how these mitigations can be incorporated into private-sector systems and assets. Those who own critical infrastructures as well as operators require more information, knowledge, and guidance from the government. Failing this, relevant and pragmatic actions to mitigate risks will fall short. This then hinges on the DHS’s ability to help identify, target, and test the most vulnerable systems based on research. It can then guide infrastructure owners and operators on effective mitigation methods and explore new ways to protect and/or minimize EMP threats within a specific system.
Vulnerability of Critical Infrastructure
EMP events can disrupt or permanently damage electrical components and systems within critical infrastructure sectors–Industrial Control Systems (ICS), large power transformers, network routers, traffic controllers, and radio receivers/transmitters. EMPs can also affect large-scale infrastructure–electric power grids, communication networks, satellite networks, and interstate pipelines. While EMP hardening standards exist for military applications, they are sometimes very costly and impractical for private-sector critical infrastructure applications. Thus, alarmingly, private sector efforts have fallen short of what’s needed to adequately address this threat, one that can affect the entire nation.
In response, the US government has recently issued Executive Order 13865. It aims to coordinate a National Resilience to Electromagnetic Pulses in conjunction with the 2020 National Defense Authorization Act. In so doing, it directs specific efforts to better understand this threat, its risks, and its impacts on critical infrastructure. Currently, the Cybersecurity and Infrastructure Security Agency (CISA) acts as the Sector Risk Management Agency for the Communications sector. This agency is expanding its knowledge and understanding of how EMP events impact the Communications sector. From the DHS perspective, these analyses examine risks tied to high altitude EMP/ HEMP E1 effects on communications and information technology electronics. Other risks, like HEMP E3s, threaten mostly the electrical grid and fall under Department of Energy (DOE) guidelines. Evaluating the “drill-down” impact of an EMP is both challenging and expensive, an activity better relegated to the Defense Threat Reduction Agency or the DOE National Labs.
EMP Impacts on Our Society
Whether intentional or unintentional, a major EMP event would create chaos and be highly disruptive for the US and its citizenry. Electrical power control and delivery would be severely impaired, if not disabled for some time. A successful EMP attack on the U.S. would most probably lead to a nationwide blackout of the electric power grid. Current US power grids are comprised of connected semiconductors, actuators, and transformer link generators to transmission lines. The US grid includes approximately 2,000 Large Power Transformers (LPTs), which are used to stepup and step-down electricity to a usable voltage for customers. LPTs cost millions of dollars and require a long lead time for repair or replacement.
A power grid interruption would precipitate a rapid shutdown of critical infrastructure that currently relies heavily on the grid, including, but not limited to, communications, transportation, food and water supply, and sanitation. To make matters worse, such a shutdown would likely last a year. Without critical infrastructure, a large fraction of the US population would perish from starvation, disease, or the effects of general societal collapse. This alarming scenario was confirmed by a recent conference known as GridEx, a biennial conference of federal agencies and utility executives. Here, officials responsible for hundreds of local utilities engaged in game-like scenarios— including both physical and cyber-attacks—in determining how the US would respond to power grid failures across North America. The conference included rehearsing for EMP nuclear blast delivered by a North Korean missile or satellite detonated miles above the Earth.
SCADA System Degradation
Even a small-scale EMP event within the US would result in catastrophic consequences. To begin with, all 16 U.S. critical infrastructure sectors from healthcare to the defense industrial base have come to rely on the electrical grid and Supervisory Control And Data Acquisition (SCADA) system technology. There’s little doubt that the US would suffer a severe degradation to its critical infrastructure and most likely experience heavy causalities. Communications, computer technology, and modern systems would be seriously affected. Citizens, government agencies, and businesses have all come to rely on technology to integrate the world through systems of technological networks. While the impact of an EMP event varies based on several factors such as location, intensity, and time of day, the worst-case scenario would result in the loss of basic levels of communication, emergency services, transportation, and medical treatment that citizens use every day. Emotionally disruptive would be the temporary loss of mobile devices, and electronics that control our homes and vehicles.
The “Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack” notes that “Contemporary U.S. society is not structured, nor does it have the means, to provide for the needs of nearly 300 million Americans without electricity. Continued electrical supply is necessary for sustaining water supplies, production and distribution of food, fuel, communications, and everything else that is part of our economy.” Based on the report’s analysis, almost every part of American life is dependent on the electric grid to remain operational. The report details how reliant American society has become on the electrical grid and notes that if the power grid were to go offline for two weeks, the cascading effects could result in a substantial loss of life.
Disastrous Effects on Nuclear Reactors
All nuclear reactors in the area affected by an EMP event could be impacted. In a worst-case scenario, this could lead to as many as 60 meltdowns similar to Japan’s Fukushima Daichi Nuclear Disaster. Lacking off-site electricity, these reactors would have to rely on on-site systems to prevent a meltdown, which could also be degraded after an EMP attack. Absent both off-site and on-site power, the chance of radioactive contamination rises dramatically.
Internet Breaches and Looting
While not completely disabling the internet, after an EMP event ISPs would be unable to ensure the confidentiality, integrity, and availability of data. Government organizations at every level would be unable to provide the most basic and essential services. Telecommunications service would be interrupted and data breaches would increase. Crime would also increase as alarm systems and video surveillance would be rendered inoperative. Banks, commercial retail, and gas stations—heavily dependent on computers— would be unable to execute transactions. This would immobilize society as people would soon run out of cash to buy what they need. Widespread looting would ensue, especially for food and water.
We must conclude that an EMP threat is real and probable, yet elusive as to when one would occur. An ongoing, focused, and cooperative effort on the part of our government, industry, and academic leaders is essential. Spearheading this effort is the continued advancement of EMP filter technology, which remains critical if we are to survive and recover from such a paralyzing and devasting event.