tv The Communicators CSPAN April 25, 2016 8:00am-8:32am EDT
>> guest: there are little bits of overlap into canada from the eastern grid and down into mexico, i guess, from the texas grid, but by and large, you're talking about three grids. >> host: how are they assembled? >> guest: well, they are assembled, there are 3200 parts to it in the sense that there are 3200 electric companies in this country. and whereas in the old days we used to have vertically-integrated companies that produced power or communicated it across large, vast spaces of the country and downloaded it to the customers, these days some of which produce power, some of which convey power, others of which delay power x from a commercial point of view, that works out very
well. power can be purchased in the country from wherever it is not needed, for example. winter time, florida doesn't need as much electricity. the big problem is the power, the use and the consumption and the production of power. has to remain in perfect balance. the only thing that is capable of maintaining a perfect balance between the production and consumption of power is the internet, and the internet was never designed to be protected or defended. so the internet is vulnerable to a hacking attack.
and, hence, the theme of this book, "lights out," which is there are people out there who are already inside our grid. the chinese are, the russians are. the iranians probably are. if they're not yet, they soon will be. the north koreans, maybe not quite, but they probably can get in at some point. it's a very, very complex thing. it takes years of mapping before a power or an entity can get in. but the potential damage to the united states of america, to our economy, to our survival is almost existential. an attack on the power grid, very simply put, would be an act of war. >> host: where are the susceptible points in the grid for these attacks? >> guest: we're going to keep getting wonkier as this gets along, but there is something
called a scada system, and it stands for supervisory control and data acquisition. it's a fancy way of saying we've got to balance this power come anything and power going out. i analogize it to a huge balloon that has 3200 valves. and if half of them are letting air in and half of them are taking air out, as long as you have perfect balance, the balloon stays perfectly inflated. too much air in p balloon bursts. too much air out, balloon collapses. so, too, with our electric power system. if you can get into that scada system -- and they can and they have -- it's problematic. >> host: how are they getting in? is it malware? is it everything mps? >> guest: no, no, an emp, first of all, let's be clear.
an emp is an electromagnetic pulse. an electromagnetic pulse would be generated by someone exploding a nuclear device, for example, at high altitude above the united states and the pulse that comes down would knock out all of our electric power systems. i'm not really talking about that. i touch on that very briefly in the book but only briefly. one of the reasons that there is so much concern about the north koreans, a, having nuclear weapons and, b, having the intercontinental ballistic missiles that could deliver one of those nuclear weapons is because that's the kind of attack that they could launch. likely, unlikely. i talked to janet napolitano who was the former secretary of homeland security, and she said not in her top ten list.
when i asked her about the likelihood of a cyber attack on the grid, she put it at about 80%. that it would happen. >> host: and that's more of a malware thing, correct? >> guest: that's more of a malware thing. that's somebody getting in there and playing -- can i mean, there are all kinds of things that you can fiddle with inside our power grid. the scada system would be, perhaps, the most damaging. >> host: ted koppel, in your book, "lights out," you visited with all four of the department of homeland security secretaries. what did you hear from them, from tom ridge, michael chertoff, janet napolitano, jeh johnson? >> guest: well, actually, michael chertoff and our current secretary, jeh johnson, both had sort of the same, the same suggestion to the public at large because i was asking let's say for the sake of argument that this can happen.
and the president has warned that it could in two of his state of the union addresses. leon panetta, the former secretary of defense, warned that there could be a cyber pearl harbor. janet napolitano warned that this could happen. i mean, these are not third and fourth ranking bureaucrats. these are the very top people in our government warning that it could happen. so what's the plan, i askedded. i asked. michael chertoff and jeh johnson essentially had the same plan which was get yourself battery-powered radio to which i then replied, okay. and precisely what is it that you're going to be telling me on my battery-powered radio that you can't share with me now? neither one of them had a particularly good answer. tom ridge had a more nuanced approach. he made the observation with
which i agree totally that we in the united states are a reactive society. we're not very good at preemptive action. look at everything that we did in the wake of 9/11, and you can see that once we are roused to action, there is almost no limit to what we do. i mean, quite literally thousands of young men and women are dead, hundreds of thousands of iraqis and afghans are dead. we have spent somewhere between $2.5-$3.5 trillion. i like to cite the example of a business that began in the year that christ was born, and that business proceeds to lose a million dollars a day every day, seven days a week, 365 days a year. it would be another thousand years from today before that
business had lost $1 trillion. we have expelledded way in excess of $-- expended way in excess of $2 trillion in 15 years. that's a lot of money. >> host: tom ridge, after 9/11, we were talking about batteries and duct tape. how naive was that, or was it naive? >> guest: um, you know something? i was among those who made fun of those actions at the time. i've become a little more accepting and understanding of what he was trying to do at the time. sometimes simply motivating people to any kind of action at all is a step in the right direction. even if it turns out later on that the action that you motivated was totally unsuited. an example, i was born and grew
up in england. prior to world war ii the british government prepared the british people for gas attacks. hundreds of thousands, if not millions of gas masks were produced and passed out. nurses were trained in dealing with the aftermath of poison gas. for reasons that no one has ever totally understood, hitler never attacked great britain with gas. there was a massive bombardment of great britain, but the gas attacks didn't happen. even so, the mobilization of british society in 1939 and 1940 was enormously helpful when those bombing attacks began. it was an attack totally dissimilar from what had been expected, but the fact that society had been mobilized, that people were ready for action
even if the action they were anticipating was not what happened was helpful. the point i'm making is tom ridge may have been totally off the mark with what he recommended in the wake of 9/11. but the fact is these days most americans aren't prepared for any kind of disaster. some are. as you know from the book, i spent a lot of time with the mormons, and the mormons are prepared for almost any kind of disaster as individual families and as a church culture. and it's worth studying their example to see what can be done. >> host: what can we learn, exactly, from the mormons? what would you recommend? >> guest: i mean, what i would recommend, look, the first thing is going to be we're going to run out of food very, very quickly. if we have no electricity, a
city like new york city, the state of new york has or at least had when i was researching the book 23 million meals ready to eat. that sounds like an enormous amount of food. with 8 million people in new york city alone, that food would be gone in three or four days, all right? what are you going to do on day five? i would, first of all, recommend that the government invest a significant sum of money, maybe $50 or $100 billion in freeze-dried food. the government doesn't stock huge quantities of mres because they have a shelf life of only five years. freeze-dried food has a shelf life of 25-30 years. if we invested in a huge quantity of freeze-dried food, it would be available for any
disaster; an earthquake, a hurricane, a blizzard. no matter what. or a cyber attack on the power grid. and i would recommend also that we have a plan for evacuation. right now any talk of evacuating a city like new york or philadelphia or chicago is totally ludicrous. where would you go with these people? where would you take them? we have only to look at western europe today and the somewhat hapless fashion in which it's dealing with two million refugees from syria, from libya. there is no plan for the mass evacuation of people in this country. and while we assume that states that still had power would happily welcome hundreds of thousands of their fellow americans, i don't happen to believe that's true.
i know of at least one state where the governor has a plan in the event that large numbers of people from neighboring cities come swarming into his rural state. he has a plan to have the police and the state police and the sheriff's office and the national guard waiting with a bottle of water and a sandwich of for each car and a map showing them where the nearest gas station is and telling them, i'm sorry, we do not have the infrastructure to support you folks here. unless you have a local resident who is willing to take you in, you got to keep moving. i fear that would happen on a grand scale because, remember, the people most likely to flee, most likely to sort of run for the light are going to be people who have nothing. they will be the poorest among us. and let's be frank, this is
still in many respects a society in which race plays an important part. so if you had tens of thousands or hundreds of thousands of african-americans, hispanics, people of color heading to the rural states that are almost uniquely white, it would -- it could be problematic. i'm saying could be. i think we need to make a plan. if we make a plan, i don't think it will be a problem. but the time to make a plan is before this happens, not after. >> host: who's responsible for protection of the grid? >> guest: well, the power companies have been insisting that they are. in the last couple of years, i believe more and more power companies are coming to the conclusion that they can't do it on their own. but when you ask who is going to
help defend them, it's going to have to be organizationses like the national security -- organizations like the national security agency. look only at the current kerfuffle between apple with its iphones and the fbi. the notion that you are going to give over control of the defense of your industry requires that you give up an awful lot of information that a lot of these companies do not want to give up. there was a bill passed last fall in the senate after years of wrangling that now has private industry willing to pass on information to the government but only after they have sanitized it. which takes some time. and the agency to which they're going to give it is the department of homeland security. which has no ability to defend them in any fashion.
department of homeland security will further sanitize this information and then, presumably, pass it on to the nsa. we're dealing with a form of attack which happens in milliseconds, and yet the manner of responding is one that will take days, if not weeks. it's not a very good plan. >> host: cybersecurity's become kind of a big business, hasn't it? tom ridge is in it, keith al -- alexander is in it. >> guest: yep, yep. go ahead. say the nasty thing that's roiling around in your brain. >> host: that's all i got. >> guest: you're going to leave it to me. >> host: yes, sir. >> guest: it's clearly one of the questions we have to consider. to what degree is all this conversation about cybersecurity and the dangers of cyber attack, to what degree is that a
function of people who have been in the business of dealing with cyber warfare? getting rich now that they have left government by coming up with defensive mechanisms that your silence implies may not even be needed. all i can say is i had to look at the issue or very carefully. i've talked to a lot of experts who have absolutely no financial interest in protecting against a cyber attack. and i am convinced that the danger is real. are there people who are going to get rich? absolutely. just as there have always been people many this country who have gotten rich from the defense industry. the difference between getting rich by, you know, creating munitions or helicopters or bombers or warships and people
who create it by trying to find solutions for cyber warfare and hacking. keith alexander, to whom you referred a moment ago, likes to say -- and he's the former head of the nsa -- he likes to say there are only two kinds of companies in the united states today; those that have been hacked and those that don't yet know it. in other words, everybody. and he's probably right. maybe a slight exaggeration, but probably right. >> host: ted koppel, you mentioned at the beginning of this discussion that both russia and china are already in our grids. >> guest: yes. >> host: how do we know that? how did they get in? >> guest: well, the only reason i know it is because people who, high ranking people who were in the nsa have told me so. and i think they're in a position to know. and the flip side of that, of
course, is we are in the chinese grid, and we are in in the russn grid, and anything we can do to to -- anything they can do to us we can do to them in spades. however, the difference between a nuclear attack and a cyber attack is in the case of a nuclear attack when those missiles are headed toward the united states, the question of attribution doesn't even arise. we know exactly where they came from. we know it the moment they leave their silos. in the case of a cyber attack, we may not know for months. so it becomes virtually impossible for the president of the united states to order a counterattack at least in the early days and weeks. and once you're a few months down the road, you know, what's the situation on the ground here at home? the great fear that i have is
those that are most capable of launching a cyber attack against our, against our infrastructure are probably least likely to do it. china, russia. as you go down the scale of capability, though, you get to the iranians, you get to the north koreans, you get to the syrians, you get to isis. once you get down to isis, their capability today may be marginal. but a year from now, two years from now? they have a lot of money. they can buy a lot of expertise. and the equipment you need to do this is not that hard to get. i'm told you can get it on the open market. if isis ever has the capability to launch a cyber attack against this country and inflict great pain and suffering, they will do it.
there's no doubt in my mind about it. and even with some of the others like the koreans, like the iranians, they're more likely to do that than they are to launch a nuclear attack against the united states. in the case of a nuclear attack, we would know exactly who did it, and the response would be devastating. in the case of a cyber attack, only remember the north korean attack on sony pictures. everybody in the country knew it was the north koreans who had done it. made sense. took the fbi months before they could establish it with any degree of certainty. >> host: in the acknowledgments, which you take issue with that word to begin with -- >> guest: i do. >> host: -- but in the acknowledgments you write: i read a great deal and can't
recall precisely planted the idea of a cyber attack on the grid, but it seemed plausible. >> guest: well, as i mentioned to you earlier in this conversation, the president had twice mentioned it in the state of the union speech. secretary of homeland security, the secretary of defense had mentioned it. and i do remember sort of being vaguely interested. but, i mean, my primary interest was, well, if they're right and if it's true, what would the consequences be? and if the consequences are as devastating as i think they're going to be, what's the plan? and my suspicious reporter's nose told me there was no plan. and i am even more convinced of that today. >> host: have you done anything in your personal life to prepare for such an attack? >> guest: yes. i mean, we have freeze-dried
food. i made sure that all of my children and grandchildren have freeze-dried food that would last them for a while. and beyond that i've acquired a few things that operate on solar power that would sort of take, my wife, for example, has copd. there are times when she needs oxygen. and i need something to run that little piece of equipment, so i have a small solar-powered generator that would do the job. those are -- i haven't done much. she was talking about getting a gun, and i'm a little reluctant to do that -- >> host: to shoot the deer and the wild turkeys on your property? >> guest: no, to shoot the people coming for the solar equipment and freeze-dried food. i think at this stage in my life, i'm not going to do that. >> host: ted koppel, you paint a doomsday type picture. is that fair? >> guest: no more fair than it
was, let's say, in the 1950 to paint a similar doomsday type picture. what i'm saying is that when a new weapon system exists and countries have not evolved in terms of developing a means of creating a balance of terror as we did with our mutual assured destruction program between us and the soviets, when we don't think about it, when we don't talk about it, when we don't plan for it, we are simply sort of sitting back and saying, well, if it happens, it happens. and maybe it won't happen. too many people whom i respect have told me that the chances of it happening are considerable. i'm trying to get a conversation started. i'm trying to get a dialogue started. i only wish i could somehow inject this subject into what has been a pretty illly
political cam -- silly political campaign season so far. but that's going to be up to the candidates. they all have to decide. at some point or another one of those candidates, he or she, will have to deal with this issue as president obama is having to deal with it now. it's not something we're going to be able to ignore. we live in an age of the internet. the internet was never designed to be defended. we have to keep thinking about that. so the fact that it has now evolved into potentially a weapon of mass destruction means that we are living in a time and space in which we have made very few preparations to deal with this wonderful instrument that gives us so, so many benefits. we tend to think about the dangers only years later. i often wonder what would have
happened if someone had been able to show our forefathers and mothers, you know, if you keep going with this new invention you've got, this automobile you call it? the day will come when you have 50,000 fatalities a year on your highways just in the united states of america. are you willing to give up 50,000 lives a year for this convenience? maybe in the year 1900 our parents and grandparents and great grandparents would have said, hmm, maybe not. but once they had enjoyed the benefits of the automobile for a generation or two, come to the american public now and say give up your cars, and they'll say, what, are you out of your mind? we come too late to the conclusion that things that are of great value to us can also be a great danger. >> host: who is george r.
cutter. >> guest: george cotter is the former chief scientist for the nsa. he was chief of staff of the nsa. he is now a man i believe in his early 80s, still has all his marbles, very, very sharp and is outraged by the failure of the power industry and congress to do very much to prepare for the danger of a cyber attack. george cotter, i am pleased to say, was enormously helpful to me in understanding some of the issues and the dangers. and i think a lifetime of working in u.s. intelligence with particular emphasis for the last years that he was at the nsa on cybersecurity, i think he's well placed to be someone we need to pay attention to. >> host: ted koppel, a lot of
people know you from your iran hostage reports. a lot of people got to know you that way. nightline came about that way. the u.s. used stuxnet on iran. >> guest: yep. >> host: did that set a bad precedent, in your view? >> guest: no more than the bombing of nagasaki and hiroshima set a bad precedent. it clearly -- [laughter] from the japanese viewpoint, those were the most horrific weapons ever used in the history of mankind. there are many people, president truman among them, who believed that it brought the war to a speedy conclusion and saved a great many american lives. you are absolutely correct. we and the israelis were the first to use cyber warfare in a significant fashion against another country, against iran, against their nuclear program. you have to understand when you let the genie out of the bottle,
what you have done is made cyber warfare an acceptable form of dealing with your adversaries. @not going to be -- it's not going to be very impressive for the u.s. government to take the position that you can't do that to us. we did it to someone else first. now, it was effective in delaying the iranian nuclear program for a year and a half, two years. but it did open that particular pandora's box. >> host: here's the book, "lights out: a cyber attack, a nation unprepared, surviving the aftermath." the author, ted koppel. >> today republican presidential candidate governor john kasich
of ohio holds a town hall meeting in rockville, maryland. that state is among those holding presidential primaries on tuesday. you can see the town hall live at 2 p.m. eastern on c-span. ♪ ♪ >> madam secretary, we proudly give 72 of our delegates to the next president of the united states -- [cheers and applause] ♪ ♪ [cheers and applause]