Home > One Page Summary > Security Implications (Preliminary)

Authored by Matthew Acho

Abstract

 

The current electrical grid on which we rely so much is alarmingly unprepared for modern security threats. The grid’s importance to our nation’s economy and way of life cannot be overstated, yet it is also the weakest component of our infrastructure. This report will summarize and illustrate solutions to three major security challenges confronting our grid: electromagnetic pulse (EMP), structural integrity, and cybersecurity. EMP encompasses many different types of threats, including natural and man-made occurrences such as: High-altitude Nuclear burst (HEMP), Non-Nuclear EMP (NNEMP), Intentional Electromagnetic Interference (IEMI) as well as threats from solar flares and to the physical structure of the grid itself. Indeed, structural attacks are becoming more common, with the most recent being the Metcalf incident outside of San Jose, CA. The culprits in question have not been caught and the sophisticated nature of the attack creates new cause for concern. The North American Supergrid (NAS) will be able to meet these challenges and more. The needed updates laid out by this Initiative will eliminate many of the vulnerabilities that plague the current, outdated grid.

 

Structure of the Report

 

This report will be divided into three sections concerning the respective security challenges (i.e. threats from EMP, structural integrity, and cyber security). These sections will be further divided into the following subcategories: summary (introduction to the threat), historical precedence of the threat, and an explanation of how the NAS will eliminate these vulnerabilities, making the United States safer and its energy generation more efficient. Introduction to the threat sections will also include an analysis of the “what, where, when, and how” of the security challenge in question and historical examples will be used to illustrate that all of these threats have real world precedence.

 

Electromagnetic Pulse (Burst and Weapons)

 

Introduction to the Threat

 

Electromagnetic pulse attacks may seem like a scenario out of science fiction, but these types of attacks are becoming increasingly likely. A nuclear weapon detonated above our atmosphere could take our entire grid offline, causing irreparable damage from blackouts and massive economic costs not just in the United States but abroad as well.[i] An attack of this level would be catastrophic.

An electromagnetic pulse (EMP) would come in the form of three waves, respectively known as E1, E2, and E3 waves. E1 waves create a wavelength that can interact with the atmosphere, producing effects that are felt within a microsecond. Soon after the E1 signal coverts into an E2 wave and later, an E3 wave. These waves create what is called a “High-Altitude Electromagnetic Pulse” (HEMP) if they are created by a nuclear weapon detonated at an altitude of 30km or greater.[ii] E1 waves typically will shut down smaller electrical devices, but not larger transformers. However, E3 waves have the potential to destroy transformers causing damage that may be unable to be repaired for years.[iii] The three waves, taken together, could shut down the electrical grid for months, potentially causing unprecedented economic disruptions and loss of life.

Non-nuclear EMP and Intentional Electromagnetic Interference (IEMI) are also causes for concern. Individuals, terrorists, or criminal groups wishing to interrupt or destroy communication systems can execute IEMI attacks. However, its effects are generally limited to a smaller area since IEMI emitters do not have a strong enough signal to couple to power lines over long distances.[iv] For this reason, the threat is not as strong as those posed by EMP waves. Non-nuclear electromagnetic pulses (NNEMP) can also be developed and used as potential weapons to take down segments of the electrical grid. They can be used by both the military and criminal and terrorist groups for their own purposes. During a congressional hearing with the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies on May 8 2014, it was said that a malicious individual armed with what is called an “EMP suitcase” could disable the grid of a major city if they knew the location of a main plant or transformer farm that routes electricity to the area.[v] The EMP suitcase is a type of NNEMP and can be an effective one if the individual who uses it has the required knowledge to do the most damage.

NNEMP and IEMI are not the only types of “homemade” style devices. Threat actors (especially non-state actors such as ISIS) seeking to execute this sort of attack can create their own miniature version of a mass EMP burst, known as a High-Powered Microwave (HPM) device.[vi] The device’s components are inexpensive and it is easy to build. According to the Congressional Report Service’s final deliverable in 2008, a short range, small scale HPM device could be created for less than $2000.[vii] The material to create the device is also easily found in every day hardware stores.[viii] Although the device has a much smaller range than a HEMP, if one were to be used in Times Square in New York City, the results could be deadly and the psychological effects would be profound. Such an attack is very possible as demonstrated by the recent explosion from a handmade bomb in New York City on 18 September 2016.[ix]

Threats from a High-Altitude Electromagnetic Pulse are likely to come from North Korea and Iran. A Washington Times article has already reported on North Korea’s rumored development of electromagnetic pulse weapons according to a quote from a Chinese military commentator stating that the North Koreans possess these weapons.[x] North Korean motives are clear as they appear prepared to attack the United States with an EMP style weapon or nuclear missile. This is also confirmed by former director of Central Intelligence, R. James Woolsey, in a report from the National Review where he pleads with Congress to seriously consider the threat from EMP.[xi] Whether this attack occurs likely depends on the delicate political situation within and outside North Korea (DPRK). China, though acting as a moderating force, may be unable to stop North Korea from initiating an attack. Economic realities on the ground and the continued malnourishment of the population may keep the DPRK focused on domestic issues, but this is uncertain considering the leadership’s bellicose maneuvers in the last few months. Whatever their motives, the United States must act now to protect the country from the North Korean threat. A new and more resilient grid could bolster our defenses against a nationwide blackout caused by a HEMP attack.

Regarding Iran, R. James Woolsey states that the country most likely has nuclear weapons.[xii] While this may be true and Iran may be poised to conduct an EMP attack, it is unlikely that Iran will commit to such an overt action. Iran’s behavior up to this point has been very covert, even in terms of their nuclear weapons development. Iran prefers to use stealthier means to commit acts of aggression against other countries. Indeed, Iran has been accused of using non-state actors for these acts without ever taking responsibility. For example, in the U.S. Department of State’s 2012 report it was stated that Iran had supported Hezbollah in carrying out attacks throughout the Middle East.[xiii] Moreover, according to the same report, the Iranian Islamic Revolutionary Guard-Qods Force (IRGC-QF) has taken part in terrorist activities across Southeast Asia, Europe, and Africa.[xiv] A notable example of this was the targeting of Israeli diplomats in Thailand, an operation that seemed to point to the involvement of the IRGC-QF, but was never directly admitted to by the Iranian government.[xv]

 

Historical Precedence for EMP and Solar Effects

 

EMP effects have already been demonstrated in two ways: nuclear weapons testing on Johnston Island in the Pacific Ocean and solar flares that created Carrington-style effects in Canada (the latter are also placed in the same category as NNEMP). Both incidents caused major power outages well outside their immediate geographic areas.  A weapon of similar size to the one used on Johnston Island could cause even worse damage if detonated above populated areas like New York City or Washington DC.

The first instance has particular relevance due to the fact that it occurred on U.S. soil. The Starfish Prime nuclear test occurred on the unincorporated U.S. territory of Johnston Island. The test, conducted on 9 July 1962, was part of a series of high-altitude nuclear bomb tests used to gather information about EMP effects by the United States.[xvi] The nuclear war head used at the time was equivalent to 1.4 megatons of TNT exploding. Following a blast of this magnitude, electrons quickly move away from the area of the blast, becoming accelerated and creating a magnetic electric field.[xvii] This creates the conditions to bring about an electromagnetic pulse. The effects of the blast were immediate and lead to effects from the EMP being felt hundreds of kilometers away in Hawaii, where it blew out “…hundreds of streetlights, and caused telephone outages…other effects included electrical surges on airplanes and radio blackouts.”[xviii] The blast was so large, in fact, that it had the potential to knock out satellites in the atmosphere.[xix]

The second notable example concerns Carrington style effects that have occurred in the last 30 years. HEMP incidents originating from solar effects in the atmosphere are known as geomagnetic disturbances or GMD’s. One such incident occurred in 1989 in Quebec, where a GMD caused the regional grid to shut down within 2 minutes, causing power outages to 6 million customers for 9 hours.[xx] Another incident in 2012 involved a massive solar storm that missed the Earth by 9 days. The storm would have created electronic disruption effects similar to the Carrington Effect in the late 1800’s and massive blackouts on a scale never seen before would have occurred.[xxi]

There have been few, if any, IEMI incidents on U.S. soil, but other examples of non-nuclear EMP exist. For example, in 1993 automobiles parked outside a U.S. contractor facility had their engines fried by classified field tests of non-nuclear EMP devices.[xxii] But we cannot discount the threat from IEMI. As terrorists become more resourceful and homegrown terrorism continues to increase, the threat from a small scale HPM or IEMI has become a major cause for concern.

Thus, threats aimed at our grid can come from completely random and unpredictable effects such as solar flares and from planned out attacks such as nuclear detonations. The threats to the grid may seem insurmountable at this point, but upgrades to the grid could be a vital defense against these attacks.

 

Solutions

 

The NAS will feature underground electrical lines and reduce the incidence of blackouts due to EMP or Carrington style effects. This will be accomplished via the usage of a metal screen placed around the underground wires. The screen will act as a Faraday cage and will be used to prevent major blackouts from EMP or solar flares. The metal screen will serve as an absorber of any EMP or Carrington style effect, and act as a barrier to the wire itself. This would prevent the frying of the cable. This Faraday style caging will be used throughout the grid system to curtail major blackouts. Moreover, if an electrical pulse is strong enough to actually find itself into the Grid, any problems that could arise would be resolved via the usage of alternate routing paths that direct the charge away from critical components.[xxiii] To further illustrate, if a High Altitude Electromagnetic Pulse (HEMP) were to be initiated by detonation of a nuclear weapon above the atmosphere of the United States, the Grid would be protected from the most harmful manifestation of the attack, which would come in the form of an E3 wave. This wave poses the most problems for our current grid as it could cause a chain reaction that would take much of the current grid infrastructure offline. Underground burial of cables allows the signal from the wave to be attenuated and weakened before it can do major damage to the Grid. Moreover, a particularly strong wave will be further repelled due to the shielding around the cables themselves.[xxiv]

The Grid will also make use of High-Voltage Direct Current (HVDC), a highly effective cable transmission system. Placement of the new underground lines will be on existing rights-of-way, reducing cost and environmental impact.[xxv] Economic costs are also reduced in the long-run since HVDC cables and lines are much more insulated and thus less likely to lose as much electricity en-route to customers.[xxvi] Furthermore, underground lines are to be placed on both coast lines of the United States, a particularly apt placement due to the current security and monitoring systems already in place on either seaboard.

With these improvements, the NAS will lead to a much more secure and efficient electrical transmission system.

 

Structural Integrity and Threats to the Grid Itself

 

Introduction to the Threat

 

Recent attacks on transmission stations and other parts of the electrical infrastructure make it imperative that our grid be updated to withstand attacks from direct destruction. At present, the grid and its structures are outmoded and so prone to damage that even squirrels can take down an entire electrical line by nibbling the wires. Due to the fact that the wires are above ground, they are easily susceptible to damage from extreme weather conditions, threat actors, and animals. This creates a higher risk of power disruption.

Power and utility companies spend a great deal of their time on guard for any and all cyber intrusions to the electrical grid. This is a worthy pursuit, but it also diverts their attention away from attacks on the physical structure of the grid itself.[xxvii] This is deeply concerning. Attacks on the grid’s infrastructure can be executed by highly intelligent and organized threat actors, or a lone wolf amateur. It is for this reason that utility companies should pay attention to this threat. Cyber security threat actors tend to be highly skilled hackers, while those who attack the structure of the grid itself may be less technically skilled and could therefore conduct the attacks with ease.

Moreover, security at electrical substations tends to be very limited and unsophisticated. A coordinated attack on multiple substations amid these conditions could cause a large scale blackout. An article from the Wall Street Journal surrounding the coordinated assault on Metcalf substation discusses the incredibly limited nature that many electrical substations tend to possess. Indeed, most stations have little beyond cameras (which may not be consistently monitored) and barriers as basic as a chain link fence.[xxviii] Such limited monitoring makes the need to upgrade the grid even more imperative.

 

Historical Precedence for Structural Attacks on the Grid

 

Attacks have occurred on the grid in the past and upgrades must be made to our electrical infrastructure so as to avoid a mass blackout. The most notable one of which is the Metcalf substation attack on April 16, 2013.[xxix] The incident was executed by a small group of individuals armed with long range rifles and an impressive degree of advanced preparation. The attack, aimed at a station that routes power to Silicon Valley presents a very concerning circumstance in which a mass blackout on one of the nation’s economic powerhouses could have done massive economic damage to the nation.

The Metcalf substation is located in San Jose, California just off of the South Valley Freeway.[xxx] While the location of the substation may not seem important, it illustrates the all too common occurrence of substations being placed in relatively unpopulated and sparse rural areas, making them even more vulnerable to attack by cover of night. The operation began at 1am when the attackers cut telephone cables to prevent raising an alarm.[xxxi] The attackers appeared to have done a great deal of preparation before conducting the attack. A small pile of rocks left near certain areas of the substation seemed to serve as indicators of where fellow attackers should take their shots in order to effectively cause a shut down.[xxxii] The attackers then started to fire on these locations, causing the transformers’ oil-filled cooling systems to leak and the transformers to overheat and fail.[xxxiii] The individuals responsible for the attack have never been caught.

The Metcalf incident was referred to by Jon Wellingoff as “the most significant incident of domestic terrorism involving the grid that has ever occurred” in the U.S.”[xxxiv] There is evidence from the Department of Energy that an attack on the components targeted in the incident can cause prolonged blackouts that range from as long as months to years due to the difficulty to replace and build more transformers. Foreign terrorists, also seem to be taking more of an interest in attacking electrical grids. According to the Wall Street Journal, “overseas, terrorist organizations were linked to 2,500 attacks on transmission lines or towers and at least 500 on substations from 1996 to 2006”.[xxxv] Alarmingly, terrorists are very much aware of these vulnerabilities and considering the low-level of skill required to carry out an attack similar to the Metcalf incident, there is reason for concern. Additionally, there have been 274 incidents of intentional damage done to the grid by individuals making the possibility even less unlikely.[xxxvi]

Threats to the structural integrity of the grid are very real and require little beyond preliminary surveillance and planning. A threat actor need not be incredibly sophisticated or affiliated with any specific nation or non-state group. They can be disgruntled employees, eco-terrorists, or even simply bored hunters.[xxxvii] The extent of the threat and the simplicity in which to execute it make upgrades to the grid imperative and well overdue.

 

Solutions

 

The NAS features mostly underground infrastructure. The burial of these vital components will make it less vulnerable to attacks by threat actors. Moreover, the Grid will feature sophisticated smart technology and possess safeguards to ensure that if one portion of the Grid goes offline that it will not result in a cascading effect leading to a large-scale blackout. Furthermore, the NAS Initiative’s focus on diversifying energy supplies by using renewable energy more efficiently will increase the strategic sources of energy that we have in case a large-scale blackout does occur.

The NAS Initiative seeks to increase monitoring of major electrical systems that control the new and improved Grid. The Initiative also advocates for stronger employee vetting to ensure that the Grid cannot become a target of attack by an insider working under the influence of an external actor. Moreover, the NAS possesses stronger, more insulated converters that are less susceptible to corona loss.

 

Cyber Security and the NAS

 

Introduction to the Threat

 

Cybersecurity of the grid is of utmost importance. The current grid possesses measures against hacking, but the system is still quite vulnerable to attacks. These types of attacks may vary, and in the grid’s current manifestation, are executable through a variety of different means. Indeed, while these attacks may be done by non-state actors, they are often suspected to be state-sanctioned by countries such as North Korea. Iran is also guilty of these types of attacks, but as is the case with their supposed sponsorship of terrorism, the Iranians will rarely, if ever, admit to the execution of any sort of cyber sabotage. Both states have either committed outright cyber sabotage against the United States or at the very least, have taken preemptive measures to allow themselves to do so if relations begin going south.

Electrical companies are now inundated with new and evolving cyber threats every day. Indeed, according to U.S. News and World Report there has been a major spike in cyberattacks on energy and electrical utility companies in the last year.[xxxviii] In fact, of the 150 companies surveyed, 75 said that there had been at least one “successful attack”, meaning that hackers were able to breach one or more firewalls. Moreover, about half of the individuals surveyed said that they believed that attacks had increased in the last year. U.S. News and World Report also stated that their data shows that energy industries are seeing a disproportionately large increase in the amount of cyberattacks relative to other industries.[xxxix]

Cyber warfare is quickly becoming the modern battlefield where wars are fought with information rather than weaponry. Many of the attacks being carried out are simply designed to collect information on the targeted country in an effort to gain a strategic advantage in global trade and technology, but it can sometimes be collected for more devious reasons (e.g. information on weapons development and collecting data on security vulnerabilities).[xl] The grid, with its incredibly large security vulnerabilities and potential for mass damage to the U.S. economy should a blackout occur is thus a major cause for concern.

 

Historical Precedence of Cybersecurity Threats to the Grid

 

There have been a number of cyber-attacks on the grid in recent years. The three major threat actors of note are North Korea, Iran, and Russia. All three countries have either committed acts of sabotage against the United States or, at the very least, have shown that they have the capacity to carry out these attacks. Non-state actors like ISIS and other terrorist groups, while not as immediate of a threat as conventional state actors have still shown that they have the intent to carry out attacks on the grid through cyber sabotage.

North Korea illustrated its ability to execute cyberattacks during the Sony Pictures hack of 2014. Although the North Koreans did not fully admit to being behind the hacking there is evidence suggesting that the DPRK’s Unit 121 was the force that led the attack. According to the Washington Times, Unit 121 is the cyber warfare component of the Korean People’s Army.[xli] Mr. Kim Heung-Gwang, who was a professor at North Korea’s Hamhung University of Computer Technology, told the Washington Times, “North Korean hackers are targeting nuclear power plants, transportation networks, electrical utilities and all major government organizations abroad…”.[xlii] Mr. Heung-Gwang’s remarks show that the North Koreans are actively interested in sabotaging electrical utilities and by extension, the grid. Also of note, is the remark by Mr. Heung-Gwang that North Korea’s closest allies are fellow rogue states Iran and Syria, who they regard as confidants due to their mutual opposition to the United States.[xliii]

Iranian and U.S. relations have rested on very fragile foundations for some time. Both states have actively used cyber sabotage against one another and diplomatic relations are still strained following the Iranian nuclear deal. An intrusion of particular importance occurred in 2013, when Iranian hackers gained access to back office systems of the Bowman Avenue Dam, 30 miles North of New York City.[xliv] Although, the intrusion was not substantial, it illustrated the ability of external actors to gain access to critical infrastructure, an issue of growing concern to policy makers. Earlier in 2013, the hackers in question also executed multiple denial of service attacks against U.S. major banks such as J.P. Morgan and Wells Fargo.[xlv] Cyberattacks such as this can cause major economic interruptions and loss of money. According to an article by CNN, both of these intrusions were committed by an Iranian national who “…was a manager or employee of ITSecTeam or Mersad, private security computer companies based in the Islamic Republic of Iran that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.”[xlvi] This shows that not only are these attacks essentially state sanctioned, but that they can do real damage to the U.S. economy and its people.

Russia, also remains a consideration of vital importance. The Russian annexation of Crimea and its rather aggressive dealings with Ukraine, have been a focal point of U.S. and Russian foreign policy. Particularly noteworthy is Russia’s supposed involvement in the hacking of the Ukrainian electrical grid, an act that shut down portions of Ukrainian electrical infrastructure. The attack left hundreds of thousands without power.[xlvii] The United States may believe that its grid is more advanced than Ukraine’s, but this may be wishful thinking and does nothing to improve on the problem. Indeed, nothing illustrates this more than the hacking of the grid in Vermont, an attack that was believed to be linked to the Russians because the base code used in the attack was similar to other Russian malware types. However, recent evidence has shown that it may not have been a Russian hack at all.[xlviii] In spite of this, the intelligence community remains concerned based on the Russian’s ability to conduct these types of attacks.[xlix]

A final consideration of note is the interest of non-state actors in attacking the grid. According to CNN, ISIS has attempted to attack the grid, but due to their low level of capability in doing so, they have been unsuccessful.[l] It should be noted however, that even if the skills to do the hacking are not actually in the repertoire of ISIS operatives, they can purchase hacking software on the black market and train their agents to do so.[li] ISIS may very well be on the decline, but the black market will still exist after their demise, and with that the technology to obtain the ability to hack. However, at present, conventional state actors are likely the most probable culprits for attacks on the U.S. electrical grid.

To conclude, Iran, North Korea, and Russia all have the will and the capability to execute cyberwarfare on the United States. Moreover, all have either actually attempted an attack on U.S. critical infrastructure or have stated their intent to do so. Non-state actors, while less likely to be the primary perpetrators of such attacks, still lurk in the background. Indeed, the black market gives anyone the ability to obtain the tools to initiate a hack on major portions of infrastructure, all it requires is an individual or organization that is willing to learn. The U.S. electrical grid is not well-equipped to deal with cyber threats and in the new age of cyber warfare, this presents a serious concern for national security.

 

Solutions

 

While cyber threats to the electrical gird are varied and complex, the Initiative will ensure that the Grid will be able to account for as many threats as possible, starting with protections against insider threats. Individuals tasked with the Grid’s monitoring and management will go through an extensive vetting process to ensure that they are not readily vulnerable to coercion or threats from external threat actors. Secondly, security measures will be put in place to ensure that hackers cannot gain access to vital information and components. Finally, the intelligence community should remain on guard to respond and deal with any threats to the Grid.

In terms of current policies in place for protecting the grid, the Federal government is currently in the process of passing Senate Bill S. 2012. In the bill, a voluntary committee is suggested which would participate in testing and research of hacking techniques that could possibly be used on the grid.[lii] It would also focus on the testing of products that could be used to upgrade the grid’s security and protect it against vulnerabilities. The committee would be specifically focused on bulk transmission lines, so as to ensure an effective response is ready against cyber threats to the grid. Moreover, the bill mentions similar upgrades that are already being proposed as part of the NAS proposal such as the usage of alternative energy sources and cycles.[liii]

Attacks on the grid can range from any number of sources and in the grid’s current manifestation, are executable through a variety of different means. An example discussed in “Applied Cyber Security and the Smart Grid” by Eric D. Knapp and Raj Samani stems from what is known as “manipulation” a form of cyberattack where new code is inserted into one portion of the grid infrastructure.[liv] An attack of this form could occur in the component that controls fuel supply. Increasing fuel supply so as to overheat a burner would lead to substantial disruptions in energy generation. Moreover, such an attack can also disguise itself as part of the process, while manipulating vital portions of the system at the same time.[lv] Another example of this attack is known as a DDOS attack, or denial of service attack. A malicious hacker could access the smart grid and by sending messages to many components at once, could potentially create a situation where the server is over loaded with requests and is unable to respond.[lvi] This is perhaps one of the simplest hacks available to a malicious actor and it could do substantial damage on the new grid. The NAS would be equipped with security mechanisms against these types of attacks.. The various sections of the existing grid will still be monitored by their regional counterparts. It is suggested, however, that a group within the Federal Energy Regulatory Commission (FERC) or the Department of Energy (DOE), oversees  the monitoring of the entire Grid. A “voluntary group”, as suggested in Senate Bill S.2012, may not be regulated enough to ensure effective development of technologies due to the fact that members are volunteers who are not compensated for their work. It is believed that a federal response team should be put in place to ensure that research on the grid is properly funded and maintained. Not only does this solve the problem of job displacement for those already monitoring the grid, it creates a system that is being constantly monitored both regionally and federally. Currently, the grid is far too disconnected to effectively manage its many components. The NAS would allow for a coordinated cyber security partnership that would be resilient against DDOS and manipulation attacks.

The NAS should be equipped with security that protects the gateway to the electrical system from malware. The gateway is the parameter through which messages are given to and received by the control room of the utility company. If this flaw is exploited the threat actor would “have the ability to directly manipulate all communications to and from the substation.”[lvii]  This would allow the actor to have direct control over Transmission SCADA and Energy Management Systems (EMS) systems that the substation is connected to, a substantial vulnerability that must be removed. To illustrate their importance, T-SCADA systems regulate energy transmission for utilization in substations and lines while EMS’s are in charge of preventing load overload and other electrical line problems. Both are important facets of the continued stability of our electrical grid. To protect against this, the grid will be monitored 24/7 and will be staffed by alternating individuals so as to reduce the chance of any employee being susceptible to coercion or threats.

The intelligence community should also play a vital role in the development of the NAS’s security mechanisms. It should take part in a campaign of misinformation and deception to prevent potential threat actors from obtaining a grasp on the vulnerabilities inherent in the Grid. The new Grid will have every conceivable measure in place to prevent it from being easily hackable. Regardless of preparations we cannot possibly account for every single vulnerability. This means that it is necessary for the intelligence community to be thoroughly involved in monitoring the Grid. The community should remain diligent in keeping information concerning grid vulnerabilities confidential.

[i] Parfomak, Paul W, “Physical Security of the U.S. Power Grid: High-Voltage Transformer Substations,” Congressional Research Service R-43604, 7-5700 (2014): 1-30, p. 2. https://www.fas.org/sgp/crs/homesec/R43604.pdf.

[ii] Levine, Rachel and Dwight Macomber, “NAS Technical Report,” (p. 4). Climate Institute, September 2016, accessed on 17 November 2016.

[iii] Savage, Edward, James Gilbert, William Radasky. “The Early-Time (E1) High-Altitude Electromagnetic Pulse (HEMP) and Its Impact on the U.S. Power Grid” Metatech Corporation Meta-R-320, (2010): p. 8-2. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.734.5078&rep=rep1&type=pdf

[iv] Ibid. p. 8-1.

[v] Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection,

And Security Technologies of the Committee on Homeland Security House of Representatives. “ELECTROMAGNETIC PULSE (EMP): THREAT TO CRITICAL INFRASTRUCTURE” Committee of Homeland Security. 8 May 2014. p. 17. https://www.gpo.gov/fdsys/pkg/CHRG-113hhrg89763/pdf/CHRG-113hhrg89763.pdf

[vi] In the same congressional hearing it is stated that a small team of terrorists could very easily create their own NNEMP or HPM device within a year and at little expense. See p. 17 for more info.

[vii] Wilson, Clay, “High Altitude Electromagnetic Pulse (HEMP) and High Power Microwave (HPM) Devices: Threat Assessments,” Congressional Research Service RL32544, (2008): 1-25, p.21. https://www.fas.org/sgp/crs/natsec/RL32544.pdf.

[viii] Ibid.

[ix] Simon, Mallory and Tim Hume. “New York explosion that injured 29 was ‘intentional act,’ mayor says.” CNN.com. Last modified 18 September 2016. http://www.cnn.com/2016/09/17/us/new-york-explosion/.

[x] Pry, Peter. “PRY: North Korea EMP attack could destroy U.S. — now.” The Washington Times. Last modified 19 December 2012. http://www.washingtontimes.com/news/2012/dec/19/north-korea-emp-attack-could-destroy-us-now/.

[xi] Woolsey, R. James et al. “Underestimating Nuclear Missile Threats from North Korea and Iran.” The National Review. Last modified 12 February 2016. http://www.nationalreview.com/article/431206/iran-north-korea-nuclear

[xii] Ibid.

[xiii] Office of the Spokesperson. “Country Reports on Terrorism 2012” The U.S. Department of State. Last modified 30 May 2013. http://www.state.gov/r/pa/prs/ps/2013/05/210103.htm.

[xiv] Ibid.

[xv] “Perspectives | Bombs Targeting Israeli Diplomats and the Iran Connection.” PBS. org Last modified 17 February 2012. http://www.pbs.org/wgbh/pages/frontline/tehranbureau/2012/02/perspectives-bombs-targeting-israeli-diplomats-and-the-iran-connection.html.

[xvi] Plait, Phil. “The 50th anniversary of Starfish Prime: the nuke that shook the world.” Discover Magazine. Last modified 9 July 2012. http://blogs.discovermagazine.com/badastronomy/2012/07/09/the-50th-anniversary-of-starfish-prime-the-nuke-that-shook-the-world/#.WCI05NwsHR0

[xvii] Ibid.

[xviii] Plait, Phil. “The 50th anniversary of Starfish Prime: the nuke that shook the world.” Discover Magazine. Last modified 9 July 2012. http://blogs.discovermagazine.com/badastronomy/2012/07/09/the-50th-anniversary-of-starfish-prime-the-nuke-that-shook-the-world/#.WCI05NwsHR0

[xix] Ibid.

[xx] “CRITICAL INFRASTRUCTURE PROTECTION Federal Agencies Have Taken Actions
to Address Electromagnetic Risks, but Opportunities Exist to Further Assess Risks and Strengthen Collaboration.” United States Government Accountability Office, GAO-16-243 (2016), 1-68, p. 8. http://www.gao.gov/assets/680/676030.pdf

[xxi] “Near Miss: The Solar Superstorm of July 2012.” NASA,gov. Last modified 23 July 2014. https://science.nasa.gov/science-news/science-at-nasa/2014/23jul_superstorm/.

[xxii] Merkle, Scott. “Non-Nuclear EMP: Automating the Military May Prove a Real Threat” Military Intelligence Professional Bulletin. n.d. https://fas.org/irp/agency/army/mipb/1997-1/merkle.htm

[xxiii] Levine, Rachel and Dwight Macomber, “NAS Initiative Technical Report,” (p. 4). Climate Institute, September 2016, accessed on 17 November 2016.

[xxiv] Ibid. p. 4.

[xxv] Levine, Rachel and Dwight Macomber, “NAS Initiative Technical Report,” (p. 13). Climate Institute, September 2016, accessed on 17 November 2016.

[xxvi] Teichler, Steven and Illia Levitnine. “HVDC Transmission: A Path to the Future?” The Electricity Journal 23, issue 4 (2010) : 27-41, doi: /10.1016/j.tej.2010.04.002.

[xxvii] Smith, Rebecca. “Assault on California Power Station Raises Alarm on Potential for Terrorism” The Wall Street Journal. Last modified on 5 February 2014. http://www.wsj.com/articles/SB10001424052702304851104579359141941621778.

[xxviii] Ibid.

[xxix] Smith, Rebecca. “Assault on California Power Station Raises Alarm on Potential for Terrorism” The Wall Street Journal. Last modified on 5 February 2014. http://www.wsj.com/articles/SB10001424052702304851104579359141941621778.

[xxx] Smith, Rebecca. “Assault on California Power Station Raises Alarm on Potential for Terrorism” The Wall Street Journal. Last modified on 5 February 2014. http://www.wsj.com/articles/SB10001424052702304851104579359141941621778.

[xxxi] Ibid.

[xxxii] Smith, Rebecca. “Assault on California Power Station Raises Alarm on Potential for Terrorism” The Wall Street Journal. Last modified on 5 February 2014. http://www.wsj.com/articles/SB10001424052702304851104579359141941621778.

[xxxiii] Ibid.

[xxxiv] Smith, Rebecca. “Assault on California Power Station Raises Alarm on Potential for Terrorism” The Wall Street Journal. Last modified on 5 February 2014. http://www.wsj.com/articles/SB10001424052702304851104579359141941621778.

[xxxv] Ibid.

[xxxvi] Smith, Rebecca. “Assault on California Power Station Raises Alarm on Potential for Terrorism” The Wall Street Journal. Last modified on 5 February 2014. http://www.wsj.com/articles/SB10001424052702304851104579359141941621778.

[xxxvii] Ibid.

[xxxviii] Neuhauser, Alan. “Cyberattacks Surge on Energy Companies, Electric Grid” U.S. News and World Report. Last modified on 8 April 2016. http://www.usnews.com/news/blogs/data-mine/2016/04/08/cyberattacks-surge-on-energy-companies-electric-grid.

[xxxix] Ibid.

[xl] Neuhauser, Alan. “Cyberattacks Surge on Energy Companies, Electric Grid” U.S. News and World Report. Last modified on 8 April 2016. http://www.usnews.com/news/blogs/data-mine/2016/04/08/cyberattacks-surge-on-energy-companies-electric-grid.

[xli] Gertz, Bill. “Defector: North Korean hackers threaten West” The Washington Times. Last modified on 4 March 2015. http://www.washingtontimes.com/news/2015/mar/4/inside-the-ring-north-korea-cybersecurity-hackers-/

[xlii] Ibid.

[xliii] Gertz, Bill. “Defector: North Korean hackers threaten West” The Washington Times. Last modified on 4 March 2015. http://www.washingtontimes.com/news/2015/mar/4/inside-the-ring-north-korea-cybersecurity-hackers-/

[xliv] Perez, Evan and Shimon Prokupecz. “U.S. charges Iranians for cyberattacks on banks, dam” CNN.com. Last modified on 24 March 2016. http://www.cnn.com/2016/03/23/politics/iran-hackers-cyber-new-york-dam/

[xlv] Ibid.

[xlvi] Perez, Evan and Shimon Prokupecz. “U.S. charges Iranians for cyberattacks on banks, dam” CNN.com. Last modified on 24 March 2016. http://www.cnn.com/2016/03/23/politics/iran-hackers-cyber-new-york-dam/

[xlvii] Perez, Evan. “First on CNN: U.S. investigators find proof of cyberattack on Ukraine power grid” CNN.com. Last modified on 3 February 2016. http://www.cnn.com/2016/02/03/politics/cyberattack-ukraine-power-grid/

[xlviii] Nakashima, Ellen and Juliet Eilperin. “Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation” Washington Post. 2 January 2016. https://www.washingtonpost.com/world/national-security/russian-government-hackers-do-not-appear-to-have-targeted-vermont-utility-say-people-close-to-investigation/2017/01/02/70c25956-d12c-11e6-945a-76f69a399dd5_story.html?utm_term=.944d6d597562.

[xlix] Ibid.

[l] Pagliery, Jose. “ISIS is attacking the U.S. energy grid (and failing)” CNN.com. Last modified on 16 October 2015. http://money.cnn.com/2015/10/15/technology/isis-energy-grid/.

[li] Ibid.

[lii] U.S. Congress. House of Representatives. Senate Energy and Natural Resources. “North American Energy Security and Infrastructure Act of 2016 (S.2012). 114th Congress 2015-2016, S. Report 114-138. https://www.congress.gov/114/bills/s2012/BILLS-114s2012eah.pdf.

[liii] Ibid. p. 755.

[liv] Knapp, Eric D.;Samani, Raj, Applied Cyber Security and the Smart Grid (Syngress, 2013), <http://www.myilibrary.com?ID=472131> ( 22 November 2016). p. 30.

[lv] Ibid.

[lvi] Knapp, Eric D.;Samani, Raj, Applied Cyber Security and the Smart Grid (Syngress, 2013), <http://www.myilibrary.com?ID=472131> ( 22 November 2016). p. 80.

[lvii] Knapp, Eric D.;Samani, Raj, Applied Cyber Security and the Smart Grid (Syngress, 2013), <http://www.myilibrary.com?ID=472131> ( 22 November 2016). p. 36.