- If the power is down for months, nine out of 10 people in the affected areas would die due to starvation, disease and societal breakdown.
- It would be essentially impossible to respond to such an attack, since attribution is so difficult. Hence, this is not like the nuclear “balance of terror,” where the origination of an attack would be obvious. That makes an attack more likely, especially from hostile nation states like Iran and North Korea, which care little about world stability.
Koppel takes pains to point out that this scenario is not coming from his fevered imagination – it comes from officials at the highest government levels – defense, homeland security, U.S. Cyber Command, the CIA and FBI.
He notes that 10 former senior top officials sent a secret letter to a congressional committee in 2010 saying that a cyberattack on the grid could leave tens of millions of people without power for up to two years.
Still, that exposes a hole in his reporting. Yes, it is important to talk with the heads of agencies and the CEOs of companies, but on a topic like this, he also needed to hear from CSOs, CISOs, CTOs, penetration testers, white-hat hackers and others who work the front lines of cybersecurity. Voices like that are missing.
And that, according to Gary McGraw, CTO of Cigital, means that Koppel, “has jumped on the cyber FUD bandwagon (led by) cyber warmongers. We must do all we can to build security into all modern systems,” he said, “but the sky is not falling.”
Bruce Schneier, author, encryption guru and CTO of Resilient Systems, said flatly that Koppel is, “stoking hysteria. I haven't read the book, but my guess is that he's interpreting the parts of the scenario he doesn't understand in the worst possible light.”
Jon Heimerl, senior security strategist for Solutionary, is a bit more tempered. He agrees that damage from an attack would be significant. “People would be affected, and lives would be lost. There would be rioting and civil unrest,” he said. “But would it be ‘The End of The World as We Know It?’ Simply put, no.”
Koppel insists that the risk is real – he notes that former Homeland Security secretary Janet Napolitano put it at greater than 80 percent, and that NSA director, Admiral Mike Rogers, said just recently that a major cyberattack on U.S. infrastructure is “inevitable.”
The inevitable result of a loss of power that goes on for more than a couple of weeks, he writes, will be thousands of deaths – from starvation, disease and societal breakdown – because government has no plan to respond it.
Sign up for CIO Asia eNewsletters.