Headlines are buzzing with fragmentary reports of an attack on power substations in Moore County, North Carolina. It could have happened anywhere, but the reports out of NC say that one or more people broke down a fence and shot up a power substation. Well, two power substations. This has resulted in power outages for 40,000 customers of Duke Power. The exact methods of the attack are not very surprising. It feels like every year a squirrel takes out a power substation, so using guns and trucks is not a major advance. That it is human-done seems to be the surprise this time.
We should not be surprised. In fact, we should have been prepared.
On 12 September 2001, we were back at work and wondering what could happen next. What could the international terrorists do after the attacks on the Pentagon in Washington DC and the Twin Towers of New York? My regular lunch crowd was sure that 9/11 was but the first of a series of attacks and we debated what would come next. Perhaps someone would drive a truck of explosives half-way across a major hydro dam and blow up the dam, depriving Las Vegas and LA of power and drowning anyone downstream? Perhaps someone would ship checked bags in airlines - good thing that airlines were grounded. Perhaps someone would dump a truck full of chemicals into a reservoir and poison a city? Trains, planes, trucks, cars, chemicals, nukes, gas clouds - we came up with quite a list. After a bit of debate, because that is what engineers approach problems, we realized that the luncheon spot had gone silent and everyone was watching us, so we quickly changed to the latest baseball scores. In the following days, it became clear that this was a one-shot attempt and that the terrorist group did not have a sustained plan of terror. Airplanes were again allowed to fly and security at the airports was beefed up.
The aspect we did not examine was the international terrorist. We took that as a given. We never considered that domestic terrorists would play this deadly game. The Russians, Chinese, and North Koreans, to name a few, have continued to attack the United States through cyber means but no one has really tried to attack using conventional means. We must be honest with ourselves: in the last 20 years, if a foreign agency had been determined to execute a physical attack, they would have launched it by now and there is a good chance that at least one attempt would have succeeded in doing some damage. I certainly do not wish for this, but no defense is perfect for 20 years.
After watching the development of self-described "militias" in the US, it is painfully clear that one or more of them are going to do something stupid. This particular attack in NC could be the result of excessive beer by some dimwits, but the synchronization of mutiple sites simultaneously indicates some forethought and training was pursued.
So I think there are two lessons here that must lead to action plans. First, we need to watch the militias and bring them to heel. I would argue the January 6 attack on the US Capitol is included here, but we know that these self-described militias (Proud Boys, Oath Keepers, and the rest) are actively seeking opportunities to do something stupid. We must find them and stop them.
Second, we need to strengthen the digital protections of our infrastructure. This threat is greater than a power substation. This threat covers power, water, gas, and communications. The SCADA systems must be upgraded to block false access, other computer systems must be self-policing, the physical assets must be hardened to prevent access, and surveillence of the physical assets must be improved.
Some might cry out that these steps are an imposition by an overreaching government intent on control, but these are protective acts and not offensive actions. We must protect ourselves against enemies, foreign and domestic.
No comments:
Post a Comment