Lights Out

1. The U.S. electric grid is profoundly vulnerable to catastrophic cyberattacks.

To be dependent is to be vulnerable.

Digital dependency. The United States has become cheerfully dependent on digital systems for nearly all critical infrastructure, from air traffic control to healthcare, making the electric power grid a prime target for widespread destruction. This reliance on interconnected, often aging, computerized systems, particularly Supervisory Control and Data Acquisition (SCADA) systems, creates numerous "attack surfaces" that sophisticated hackers can exploit. Experts like Richard Clarke and George Cotter warn that the grid's design for efficiency, not security, has inadvertently sown the seeds of its own downfall.

Expert consensus. A bipartisan group of former national security, intelligence, and energy officials concluded in 2010 that the grid is "extremely vulnerable to disruption by a cyber- or other attack," with adversaries already possessing the capability. They warned that a large-scale attack would be "catastrophic for our national security and economy," potentially causing widespread outages for months to years. This stark assessment underscores a critical disconnect between expert warnings and public perception.

Stuxnet's lesson. The 2008 U.S.-Israeli Stuxnet attack on Iran's nuclear centrifuges demonstrated the devastating potential of cyber weapons to inflict physical damage while deceiving operators. The SCADA systems controlling those centrifuges are similar to those used in the U.S. power grid, highlighting how a sophisticated worm could manipulate controls, cause overloads, and lead to cascading failures across the network, all while appearing normal to operators.

2. A widespread, prolonged blackout would trigger societal collapse and mass casualties.

There is simply no reasonable way to respond to those few lines in the commission report estimating that only one in ten of us would survive a year into a nationwide blackout, the rest perishing from starvation, disease, or societal breakdown.

Immediate chaos. A prolonged blackout would plunge major cities into darkness, leading to the rapid failure of essential services. Within days, water taps would run dry, toilets would cease to flush, and human waste disposal would become a critical issue. Supermarket and pharmacy shelves would empty in hours, leading to desperate searches for food and a breakdown of order.

Cascading failures. The loss of electricity would cripple interconnected systems:

• Communication: Cellphones, radios, and the internet would fail as batteries die and infrastructure collapses.
• Healthcare: Home care patients reliant on medical machines would die, and hospitals would struggle with limited emergency power.
• Fuel: Gas stations without backup generators would be unable to operate, and those with generators would quickly run out of fuel.
• Information: Society's reliance on instant communication would be shattered, leading to panic and a sense of abandonment.

Unprecedented crisis. Existing emergency plans are designed for short-term outages or natural disasters, not for a months-long, multi-state grid collapse. The assumption that help always arrives from beyond the edge of darkness would be replaced by a terrible sense that people are increasingly on their own, leading to a contagion of panic and chaos.

3. Beyond cyber, the grid faces critical threats from EMPs and physical sabotage.

This wasn’t an incident where Billy-Bob and Joe decided, after a few brewskis, to come in and shoot up a substation. This was an event that was well thought out, well planned and they targeted certain components.

Physical vulnerability. The 2013 Metcalf Transmission Substation attack in California demonstrated the grid's susceptibility to physical assault. Saboteurs, using AK-47s, knocked out seventeen giant transformers after cutting fiber-optic cables, suggesting a highly coordinated and knowledgeable operation. While a blackout was averted, experts like Jon Wellinghoff (former FERC chairman) believe it could have been a rehearsal for a more devastating act.

EMP threat. An Electromagnetic Pulse (EMP) attack, typically from a high-altitude nuclear detonation, could wipe out electronic equipment over an extremely wide area without physical destruction or radioactive fallout. The consequences are so disastrous that NORAD and NORTHCOM are relocating critical computer systems deep underground into Cheyenne Mountain to shield them.

• Rogue nations: North Korea and Iran are identified as capable of launching EMP attacks using simple ballistic missiles from freighters.
• Congressional warnings: A 2008 commission estimated that only one in ten Americans would survive a year into a nationwide EMP-induced blackout.
• Cost-effective protection: Protecting the national electric grid against an EMP attack was estimated at $2 billion, but legislative efforts have stalled.

Conflicting assessments. Despite the Pentagon's actions and expert warnings, former Homeland Security Secretary Janet Napolitano dismissed the EMP threat as not being in the "top ten threats to our infrastructure." This highlights a dangerous lack of consensus among national leaders regarding critical vulnerabilities.

4. Outdated regulations and industry self-interest compromise grid security.

The industry continues to have the last word on which of the regulations put forward for the governance of its conduct it is prepared to accept.

Regulatory capture. The electric power industry, largely privately owned, effectively legislates its own cybersecurity standards through the North American Electric Reliability Corporation (NERC). While regulations are now mandatory, they must be approved by two-thirds of NERC's members, leading to standards that prioritize profit over rigorous security. Penalties for non-compliance are negligible, amounting to less than 0.001% of gross revenues.

Fragmented responsibility. Deregulation has broken the industry into many competing companies, each responsible for different phases of power generation, transmission, and distribution. This creates a system where:

• Weakest links: Smaller companies with lean profit margins are disinclined to spend on cybersecurity, creating vulnerable entry points.
• Cascading effect: A breach in a small company can initiate a domino-like cascade, compromising larger systems and threatening the entire network.
• Limited federal jurisdiction: Federal regulations apply only to high-voltage transmission, leaving local distribution (the "final leg" to consumers) under 50 different state authorities, many of which focus almost exclusively on financial rates, not security.

Information sharing barriers. Industry's insistence on free enterprise clashes with government's responsibility for security. Corporations are protected by law from mandates to share breach information, citing liability and competitive concerns. This "unavoidable tension" prevents the real-time information sharing crucial for effective cyber defense.

5. Large Power Transformers (LPTs) are irreplaceable weak links in the grid.

Should several of these units fail at the same time, it will be challenging to replace.

Aging, custom-built assets. Large Power Transformers (LPTs) are critical components for transmitting electricity over vast distances. The U.S. has tens of thousands of these units, averaging 38-40 years old. They are custom-built, expensive ($3-10 million each), and not interchangeable, meaning a specific spare is unlikely to be available.

Logistical nightmare. Replacing LPTs is a monumental task:

• Manufacturing: Only a handful of plants in the U.S. can build LPTs; over 75% must be procured overseas.
• Lead time: Production, shipping, and delivery commonly take 1-2 years, never less than six months.
• Transportation: LPTs weigh 400,000-600,000 pounds, requiring specialized Schnabel rail cars (only ~30 in North America) or modular road devices (70 feet long, 190 wheels), needing special permits and bridge inspections. Some original rail lines no longer exist.

FEMA's blind spot. Despite the Department of Energy's warnings, former Homeland Security Secretary Jeh Johnson was unaware of any specific plan for replacing LPTs, mistakenly believing FEMA had the capability to "bring in backup transformers." FEMA Administrator Craig Fugate, however, bluntly stated, "No," to being prepared for such a scenario, highlighting a critical lack of understanding at the highest levels.

6. Federal emergency agencies are woefully unprepared for a grid-down scenario.

There is no plan that would be adequate in that circumstance.

Lack of specific planning. Despite warnings from multiple former DHS secretaries and military leaders about the likelihood of a catastrophic cyberattack on the grid, no federal agency has developed an adequate plan for a prolonged, widespread blackout. Current plans are largely adaptations of natural disaster responses, which fail to account for the unique scale and duration of a grid collapse.

Conflicting leadership. Within DHS, there are stark disagreements:

• Secretary Johnson: Acknowledged the potential for "devastating" impact but was unfamiliar with specific contingency plans, suggesting individuals should rely on battery-powered radios.
• Administrator Fugate (FEMA): Believes "large regions of the United States could go dark" and that mass evacuation of cities like New York is impossible, stating, "We're not a country that can go without power for a long period of time without loss of life."
• Deputy Administrator Nimmich (FEMA): Dismissed the premise of a weeks-long outage, confidently asserting that plans for earthquakes (e.g., evacuating millions from Los Angeles to Nevada hotels) could "very easily" be converted.

Historical parallels. Former DHS Secretary Tom Ridge's attempt to engage the public in preparedness after 9/11 (recommending plastic sheeting and duct tape) resulted in public humiliation, discouraging subsequent leaders from similar efforts. This reactive culture means planning only occurs after a disaster, not in anticipation.

7. Rogue states and independent actors pose unpredictable, high-risk cyber threats.

Simple answer, yes. And that worries me as much as a nation-state using an aggressive move for whatever reason.

Lowered bar for aggression. While major nation-states like Russia and China possess advanced cyber capabilities, they are often constrained by interlocking interests and the prospect of retaliation. However, rogue states and independent actors (criminal organizations, terrorist groups, hacktivists) have fewer restraints and a higher propensity for destructive goals. Former White House cybersecurity advisor Howard Schmidt confirmed that independent actors could knock out a power grid.

North Korea's unique threat. North Korea, a nation-state with terrorist instincts, demonstrated its cyber capabilities in the 2014 Sony Pictures Entertainment attack. This incident highlighted:

• Vulnerability: Even well-defended corporations like Sony can be crippled by skilled hackers.
• Deniability: North Korea denied involvement, making retaliation difficult.
• Asymmetric warfare: North Korea has little to lose in a cyber war, with minimal internet infrastructure (estimated 1,024 IP addresses for the entire country), making it largely immune to cyber retaliation.

Terrorist capabilities. Groups like ISIS, with significant financial resources (over $2 billion in assets) and a motive for inflicting terror, could acquire cyber expertise on the black market. General Lloyd Austin III, CENTCOM commander, warns that educated, unemployed youth are prime candidates for recruitment as cyber warriors.

8. Individual and community preparedness is vital, but insufficient for a national crisis.

I cannot imagine turning away hungry people when we have food at our house to share.

The "Prepper" movement. A growing number of Americans, known as "preppers," are preparing for various disasters, assuming government and private relief will be inadequate. They invest in:

• Supplies: Long-term food, water, generators, and self-defense weapons.
• Skills: Canning, hunting, first aid, and sanitation.
• Shelter: From fortified homes to underground missile silos converted into luxury survival condos.

Mormon model of self-reliance. The Church of Jesus Christ of Latter-day Saints (LDS) provides an unparalleled model of community-wide disaster preparedness, rooted in historical persecution and religious doctrine. Families are encouraged to store 3-12 months of food, water, and supplies, supported by:

• Vast infrastructure: 52 farms, 12 canneries, 111 bishop's storehouses, 4 central warehouses, and a proprietary trucking company (Deseret Transportation).
• Community network: Wards and stakes organize local emergency plans, with satellite phones and ham radio networks for communication, and bishops identifying vulnerable members and skilled volunteers.

Limits of charity. While Mormons like Chris and Elizabeth Taggert express a willingness to share their stored food with hungry strangers, even the LDS church acknowledges its limits, stating it "cannot take care of the whole country" in a national-scale disaster. The question of defending resources from desperate outsiders remains a "constructive ambiguity" for the church, relying on individual members' discretion and law enforcement.

9. The tension between security and privacy hinders effective national cyber defense.

I don’t think they have the same personnel rules. They certainly don’t have the same cachet. I mean, people want to work for the NSA. They very much want to work for my old organization [the CIA]. I’m not sure the same could be said for the DHS yet.

NSA's "radioactive" status. The National Security Agency (NSA) possesses the world's most advanced cyber intelligence and defense capabilities. However, revelations by Edward Snowden about bulk data collection have made the NSA "a bit radioactive" in domestic cybersecurity, leading to public mistrust and legal challenges that limit its ability to monitor critical infrastructure.

DHS's limitations. The Department of Homeland Security (DHS), tasked with protecting U.S. infrastructure, faces significant challenges:

• Competence gap: DHS ranks poorly in federal employee surveys for leadership, empowerment, and training, making it less attractive to top cybersecurity talent compared to the NSA.
• Capacity: DHS lacks the capacity to defend national infrastructure against sophisticated cyberattacks or to retaliate effectively.
• Information sharing: Efforts to facilitate real-time information sharing between government and industry are hampered by privacy concerns and industry's reluctance to share data, fearing reputational damage or legal consequences.

Policy paralysis. Cybersecurity legislation has languished in Congress due to a coalition of privacy advocates and pro-business interests. This gridlock prevents the establishment of a unified, effective defense strategy, leaving critical infrastructure vulnerable while debates over privacy and government overreach continue.

10. A national strategy and public awareness are urgently needed, but remain absent.

This is all pre-disaster stuff that has to be done.

Reactive culture. The U.S. remains a reactive society, disinclined to anticipate disaster or prepare proactively. Despite presidential warnings and expert consensus on the grid's vulnerability, there is no national sense of alarm or a comprehensive civil defense campaign. The public struggles to differentiate between an ordinary power outage and an act of cyber war.

Defining the threat. A major cyberattack on the grid would be an act of war, as devastating as an air raid or missile strike, but without the immediate certainty of an attacker's identity. This ambiguity undermines deterrence and complicates retaliation. The military, particularly NORTHCOM, would be essential for imposing order, distributing supplies, and managing refugees, but faces:

• Manpower shortages: A diminished military force may be inadequate for a widespread domestic crisis.
• Legal constraints: Historical sensitivities limit the use of federal troops for domestic law enforcement.

The virtue of a plan. Historical examples, from WWII Britain's air raid preparations to Cold War civil defense, demonstrate that even imperfect plans provide a sense of direction, instill confidence, and mitigate chaos. The current lack of a national strategy for a grid-down scenario means:

• Critical supplies: No adequate emergency food supply exists for tens of millions, requiring years to procure.
• Refugee management: No national plan for managing millions of domestic refugees, with states quietly planning to turn away evacuees.
• Communication: The most connected population in history risks being unable to disseminate basic survival information when power is out.