Ted Koppel Writes Entire Book About How Hackers Will Take Down Our Electric Grid... And Never Spoke To Any Experts
from the fudmongering dept
Famous TV news talking head Ted Koppel recently came out with a new book called Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath. The premise, as you may have guessed, is that we're facing a huge risk that "cyberattackers" are going to take down the electric grid, and will be able to take it down for many weeks or months, and the US government isn't remotely prepared for it. Here's how Amazon describes the book:Investigative reporting that reads like fiction - or maybe I just wish it was fiction. In Lights Out, Ted Koppel flashes his journalism chops to introduce us to a frightening scenario, where hackers have tapped into and destroyed the United States power grids, leaving Americans crippled. Koppel outlines the many ways our government and response teams are far from prepared for an un-natural disaster that won't just last days or weeks - but months - and also shows us how a growing number of individuals have taken it upon themselves to prepare. Whether you pick up this book to escape into a good story, or for a potentially potent look into the future, you will not be disappointed.The book also has quotes ("blurbs" as they're called) from lots of famous people -- nearly all of whom are also famous TV news talking heads or DC insiders who have a long history of hyping up "cyber" threats. But what's not on the list? Anyone with any actual knowledge or experience in actual computer security, especially as it pertains to electric grids.
Want to know how useful the book actually is? All you really need to read is the following question and answer from an interview Koppel did with CSO Online:
Did you interview penetration testers who have experience in the electric generation/transmission sector for this book?Also in that interview, Koppel admits that he hasn't heard anything from actual information security professionals (though he admits he may have missed it since he's been on the book tour). But, still, if you're writing an entire book with a premise based entirely on information security practices, you'd think that this would be the kind of thing you'd do before you write the book, rather than after it's been published. Instead, it appears that Koppel just spoke to DC insiders who have a rather long history of totally overhyping "cyberthreats" -- often for their own profits. In another interview, Koppel insists that he didn't want to be spreading rumors -- but doesn't explain why he didn't actually speak to any technical experts.
No, I did not.
“Going in, what I really wanted to do was make sure I wasn’t just spreading nasty rumors,” said Koppel in a phone interview.... “After talking to all these people, I satisfied my own curiosity that this not just a likelihood but almost inevitable.”"All these people"... who apparently did not include any computer security experts. Koppel claims that this isn't a priority because Homeland Security doesn't want to "worry" the American public:
“The public would have to understand it’s a plan that will work but if you don’t have a plan, that can be more worrisome. I just hope it becomes part of the national conversation during the presidential campaign.”What?!? Homeland Security doesn't want to worry the American public? Which Homeland Security is he talking about? The one that manhandles the American public every time they go to an airport? The same one that is constantly fearmongering about "cyber attacks" and "cyber Pearl Harbor"? Is Koppel living in some sort of alternative universe?
Is there a chance that hackers could take down electric grids and it would cause serious problems? Sure. Anything's possible, but somehow we've gotten along without a single incident ever of hackers taking down any part of the electrical grid to date. And most actual information security professionals don't seem to think it is a "likely" scenario as Koppel claims. The whole thing seems to fit into the usual category of cyberFUD from political insiders who are salivating over the ability to make tons and tons of money by peddling fear.
Is it important to protect infrastructure like the electric grids? Yes. Should we be aware of actual threats? Absolutely. But overhyping the actual threat doesn't help anyone and just spreads fear... and that fear is quickly lapped up by people who will use it to profit for themselves.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cyberattacks, cybersecurity, electric grid, fearmongering, information security, ted koppel
Reader Comments
Subscribe: RSS
View by: Time | Thread
As Seen on TV
[ link to this | view in chronology ]
Strange description
[ link to this | view in chronology ]
Pshah...
If you want a thought provoking look at what we could face given an national power grid failure (although extremely dated at this point) - you might find the first episode of James Burke's "Connections" (from 1978) called "Tigger Effect" rather interesting. It details what actually did happen in 1965 New York during a massive power failure. It also has some thought provoking scenarios on survival.
https://en.wikipedia.org/wiki/Connections_(TV_series)
But I do love the modern mental masturbation of "omg! what if the power went out!"... because I live where it does, every year, for days at a time. It amazes me just how reliant on modern technology we have become as a society. Without something as simple as power, we act as if we'd all perish instantly. I tell you what - if you want to survive such a catastrophe, one of the LAST things you should be doing is taking away guns.
[ link to this | view in chronology ]
Re: Pshah...
The entire series is well worth watching even today.
[ link to this | view in chronology ]
Re: Re: Pshah...
[ link to this | view in chronology ]
Re: Re: Re: Pshah...
Sad that show only aired thirteen episodes and was cancelled after one season. At least they aired all thirteen of them before killing the show, unlike another awesome show that only had 13 episodes before it was killed, two years later.
Fox, where good shows are killed off in their infancy or left on way too long after they stopped being watchable, ahem, Simpsons, X-Files. (Though Simpsons does still have some watchability.)
[ link to this | view in chronology ]
Re: Pshah...
[ link to this | view in chronology ]
Re: Re: Pshah...
I still wish they would play Connections (the first season,) as mandatory material for budding IP Maximalists...and anyone who trots out the line "Why build on someone elses' stuff, build your own new concept/idea" should have Connections beamed into their head 24/7/365 until they understand that there are no new concepts/ideas, and everything in the world is built on stuff that came before it.
[ link to this | view in chronology ]
Re: Re: Re: Pshah...
I recently watched the The PBS series The Mystery of Matter: Search for the Elements. I shudder to think of how much our civilization would be set back if each new element, each new method of discovering new elements and their properties, and Mendeleev's Periodic Table itself were encumbered by patents.
[ link to this | view in chronology ]
Re: Re: Pshah...
Sadly, trying to get my kids to watch it usually results in lots of groans and an exodus from the living room (which has its own perks).
[ link to this | view in chronology ]
Re: Re: Re: Pshah...
[ link to this | view in chronology ]
Well he did see "Die hard" and stayed in a Motel 6...
[ link to this | view in chronology ]
It's sad how much our media is just propaganda these days...
[ link to this | view in chronology ]
Never mind someone breaking into a SCADA system to shut things off. (But do remind me why any of these things, again, are connected to public networks.) And the actual consequence here is... what, exactly? Possibly some larger areas could be affected at the same time? That doesn't really make things worse, it just kind of sucks for more people.
And what, pray tell, is the government supposed to do about it after the fact? Keep a billion generators in warehouses and truck them out afterward and hook them up to various neighborhoods?
[ link to this | view in chronology ]
Re:
SCADA lets power companies increase efficiency e.g. by bringing plants online and offline as needed without needing 24-hour staffing at each plant. (A while ago I toured a small hydroelectric plant with beautiful circa-1890 instruments—but they no longer worked, having been replaced with a SCADA system years ago. It used to be that a person on duty would manually adjust the phase to match the grid's, using the friction of a rope on the rotor, before bringing the plant online. Now, some computer algorithm can do it from across the country with no human involvement.)
Power grids generally cover a huge area—the continental USA and Canada share just 4 major ones (East, West, Quebec, Texas). You'll have hundreds of plants operated by various entities, with thousands of field technicians who'll need some sort of SCADA access. Do you make sure that none of their laptops have ever connected to the internet? They all have wifi now and they could have picked up some virus/worm that will jump into the private net. Or if they'll never connect to the internet, how will they get security updates? How will they get email from managers who need to communicate with the public as well as the employees?
Realistically these networks are going to be connected. Presumably with firewalls, but a firewall is basically a PC with two NICs and isn't going to be 100% secure. It'll be cracked and people will wonder why the SCADA system was connected to the internet anyway.
[ link to this | view in chronology ]
What was his incentive for this?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
What?
Anyway, I 100% GUARANTEE if we got 'hacked' (which is a difficult proposition in the first place - NERC & FERC are DILIGENT in their assessments) we would simply disconnect the 'smart grid' and go back to the 'old way' of keeping the lights on.
It's not rocket science.
[ link to this | view in chronology ]
Just like in 2003
That was cause by a software bug. Fortunately, hackers are a lot more benign than a software bug, so I'm sure you'll have plenty of time to disconnect.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Old News!
[ link to this | view in chronology ]
Solar panels could destroy U.S. utilities,
Wanna bet Koppel was secretly paid by the electrical utilities/nuclear power industry?
Because the electrical utilities are quickly heading for extinction, they are wrapping themselves in the cyberthreat security blanket in order to thwart distributed solar energy generation and to gain subsidies from the federal Homeland Security teat. Any such "cyberwashing" money would be far better spent to *accelerate* the inevitable rush to distributed generation to the point that the "critical infrastructure" grid simply isn't "critical" anymore.
http://grist.org/climate-energy/solar-panels-could-destroy-u-s-utilities-according-to-u-s-ut ilities/
http://www.eei.org/ourissues/finance/Documents/disruptivechallenges.pdf
[ link to this | view in chronology ]
Fact Checking Anyone?
[ link to this | view in chronology ]
Doing what celebrity journalists do best
What many are concerned about is old-fashioned sabotage against remote substations. The hardware in substation is more difficult to replace or fix than a SCADA or computer system. With the "proper" selection of substations, the utilities may have more difficulty bringing the affected parts back online. It is not like they keep a lot of spare parts around beyond what they expect to be taken out by natural disasters.
[ link to this | view in chronology ]
Electromagnetic pulse
[ link to this | view in chronology ]
Re: Electromagnetic pulse
[ link to this | view in chronology ]
Re: Re: Electromagnetic pulse
[ link to this | view in chronology ]
Re: Re: Re: Electromagnetic pulse
As good a film as it is, this was not a documentary: https://en.wikipedia.org/wiki/WarGames
[ link to this | view in chronology ]
Re: Re: Re: Re: Electromagnetic pulse
( I suppose to avoid being anachronistic, I should've asked whether you can whistle the V.34(bis) song. Mitnik was arrested in '95. But, otoh, when I posted the first dialup sound link, it had occurred to me that some youngsters might be utterly unfamiliar with the sounds. And, I was in hurry, so I just grabbed the first Google link. Anyhow, if you can whistle any of those songs into a payphone… Well, where would you find a payphone these days? )
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Electromagnetic pulse
Regardless of how it's done, if there's a live modem connection on their end that's not only accepting random external connections, but has the ability to trigger nuclear alerts as a result... well, that's far scarier than anything Mitnick could have done. Especially since there was a famous movie made over 10 years beforehand showing what could happen if that exact flaw was exploited.
"Anyhow, if you can whistle any of those songs into a payphone… Well, where would you find a payphone these days?"
To be fair, the quoted text did specify a prison payphone, and as you say it was in the 90s so there would have been plenty when that was said.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Electromagnetic pulse
Wikipedia again:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Electromagnetic pulse
Whistling even a '60s-era 300 baud modem tone is many orders of magnitude more complex (and still possible for nonsuperhumans -- I used to be able to convince those modems that a connection was being made by doing so).
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Electromagnetic pulse
Slightly different to a 56K connection, don't you think?
"long distance phone calls by whistling the proper tones"
Slightly different to a modem handshake process, don't you think?
I'm not sure why you're arguing here. Even if it were possible to do this, the problem is with the US government having its nuclear arsenal connected to the public phone system and accepting launch codes from that location. Not that someone with superhuman whistling abilities might have been able to issue them such a signal.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So you see, it does help someone.
[ link to this | view in chronology ]
Planning for Grid Failure
And an expected major solar event, such as "The Perfect Solar Super Storm of 1859" could take out electric power world-wide. This would be worse than a Nuclear EMP upon the US.
Ted mentions the recent destruction of a large transformer power sub-station in San Jose, Calif. At least two gunners shot for 15 minutes with AK-47 automatic rifles.
Now, there are 37mm bazooka launchers that could take down a super-sized transformer power station with one shot. 9 of these in strategic locations throughout the US could take down the whole US grid.
Civilization will survive, with some preppers incuded, but the world over-population problem would go away. NOAH'S Ark folks can plan and survive.
[ link to this | view in chronology ]
Re: Planning for Grid Failure
secondly, 'Erik' was taken already ? ? ?
thirdly, the ark may just be the last refuge when waterworld becomes reality...
fourthly, the zombie hordes will conquer all...
[ link to this | view in chronology ]
Re: Planning for Grid Failure
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Want uu yo bo sacred as they are
Give help and no flail?
Wish my youth did not problems with evidence robbers from below cell cell.
I am real, need wgoleseal and is Geat # 4 we will talk!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Saw him this week on The Daily Show
[ link to this | view in chronology ]
Grid
Imagine 8 of the largest metropolitan areas blacked out for at least 6 months and the LNG grid for the north east crippled for a year or more.
[ link to this | view in chronology ]
How the Internet Stole Our Rights
Hooda thunk it? :)
---
[ link to this | view in chronology ]
publish every other week a report on weaknesses in infrastructure ...
there is plenty of youtube videos with funny accent here
https://www.youtube.com/user/CCCdeVideos/videos
so if (let's say german) hackers wanted to have a huge blackout in the EU, they could have done that already.
[ link to this | view in chronology ]
Did you actually read the book?
If you are going to trash a book in this manner, at least read it first rather than relying on second hand accounts.
[ link to this | view in chronology ]
Re: Did you actually read the book?
[ link to this | view in chronology ]
XKCD.
I've never understood why anybody thought Koppel was worth watching, much less insightful. I watched Sunday morning talking head shows for years, finally coming to understand it's just politicians' way of marketing themselves, and there's really no "there" there. Glad I got over that addiction. Amazon should be ashamed. What a stupid sounding book.
[ link to this | view in chronology ]
Re: XKCD.
Who knows. Maybe some day, he'll found a religion based on his sci-fi books, and then turn it into a millionaire con-game like Scientology.
Hell. Maybe that's his plan!
---
[ link to this | view in chronology ]
Then again, I'd probably go see it even if it is poorly researched and far-fetched. It'd have to be better than the remake and sequel diarrhea that Sony, WB, and the Maus Haus have been squatting out for the past 5 years or so.
[ link to this | view in chronology ]
Re:
If you're tired of those, you can help out by actually paying to see the many excellent original movies that get released every year but struggle with distribution because theatres assume everyone just wants to see the new Transformers instead. Sure, you might have to travel slightly further or read up on movies that aren't advertised on billboards, but it's worth the effort.
Or, you can support movies you think will be crap right out of the gate, ensuring they will make more of them. Your choice.
[ link to this | view in chronology ]
TK's cyber-book
because they were smart enough to ignore him.
[ link to this | view in chronology ]
Ted Koppel is a pen name
[ link to this | view in chronology ]
Which leads to ....
Are you my enemy?
[ link to this | view in chronology ]
Re:
My information offered to you may save you.
There's (at least) two things going on:
- the sky may be falling.
- there's wolves at the door wanting to eat you.
Koppel's ignorantly and arrogantly focusing his Chicken Little energies when he should be thinking Three Little Pigs. A little bit of research, and less credulousness, would have saved him from this.
[ link to this | view in chronology ]
Re:
Koppel. What problem do you think Techdirt is causing here?
You say don't worry, Koppel says worry.
The main point isn't "don't worry", it's "don't make up alarmist bullshit and try to sell it as fact". You're kind of illustrating the problem - people tend to swallow the bullshit, and then we might spend time and money on things that are not necessary, when they could be better used elsewhere.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Lack of Citations from Ted Koppel in Lights Out
Ted Koppel sites his interviews with cyber security experts here:
https://www.youtube.com/watch?v=TN8AscHzeFQ
[ link to this | view in chronology ]
Did you actually read the book?
Just inside the cover, Richard Clarke, former national coordinator for Security, Infrastructure Protection, and Counter-terrorism during the Clinton and George W. Bush years praises it in no uncertain terms.
[ link to this | view in chronology ]