WASHINGTON – Recent regional power outages that left some in the dark for days are a chilling glimpse of a nationwide threat that could lead to the complete shutdown of the country’s defenses, a former CIA director says.
Most in the Washington area were without power for at least a few hours following a derecho of historic proportions, and some fell off the grid for almost a week. R. James Woolsey Jr., CIA director under Bill Clinton and board member of the International Spy Museum, says a very real cybersecurity threat could sweep electrical grids throughout the country leaving the military and intelligence communities in a similar quagmire.
A complete absence of organization to combat these threats could take down the entire system for significantly longer than a few days, he says.
“The right hacker could take the (electrical) grid, or portions of it, down for much longer than that,” Woolsey tells WTOP. “What we don’t have is a decision-making structure or anybody in charge of the grid.”
Almost every military installation in the country relies on public power to a certain extent, he says, relegating them to the same conditions as the public during a widespread outage.
“After a very short period of time, the soldiers, sailors, Marines and airmen are just as hungry and thirsty as the rest of us,” he says.
The Department of Homeland Security has identified 18 Critical Infrastructure Sectors — such as banking, water, communications, dams and national monuments — that are essential to “security, public health and safety, economic vitality, and way of life,” according to its website.
All but one of those relies directly on electricity, says Woolsey, and recovering from a cybersecurity attack would require more than the time it takes Pepco crews to remove trees from a power line.
The vulnerability lies in a complete lack of dialogue and planning, he says. Utility companies, rooted in local communities, don’t want to talk about the bureaucracy of increased security oversight, which would trickle down to the consumer through consequences such as higher rates.
The very nature of cybersecurity makes it very difficult to even identify the attacker, he says. It could look like a strike from China, but it is actually just an independent group of hackers in Rio, Brazil, or vice versa.
While he admits the U.S. has some of the best minds for offensive and defensive cybersecurity, Woolsey says “we’re not even well started” to organize them against this kind of attack.
WTOP’s Paul D. Shinkman contributed to this report. Follow Paul and WTOP on Twitter.