Cyber Defense Advisors

Friday Squid Blogging: The History and Morality of US Squid Consumption

@ Bruce, ALL,

Re : Black out comming to get you all?

This “OMG we’re Doomed” story about US Power infrastructure has just been rekindled for the XXXth time this decade,

https://thelibertydaily.com/grid-down-alert-north-america-risk-blackouts-during/

In part because we are aproaching Solar Maximum, in part because of political unrest and economic uncertainty.

And yes what it says is true the US Fed Gov reports with inputs from the likes of the CIA say that the power grid is “physically” in such a flaky state that should a suitable electromagnetic event happen the 66-90% of the US and North American population will have a high probability of being dead within a year…

Recentish news-worthy events in Texas and California have shown how quickly things can go bad. Less well known was NY State that should have got wiped of the planet, but by chance had started an upgrade program that “saved the bacon”.

However the articak should not make people panic, nor the luck of the New York incident complacent. What they should do is dig a little deeper and gain an understanding as to why the North Anerican power grid is so vulnerable.

Unfortunately two major reasons that will pop uo are,

1, It was designed to be a failure.2, In more recent times lack of maintainance has made it worse.

The first is something kind of unique to the US in Western First World countries. Basically the infrastructure is done on the very cheap and a half century life time at best is what it’s designed for. With traditionaly design for fast maintainance making “the rot” due to the element’s much faster. The theory was that although it cost a lot more over the half century life, the initial costs would be low. Not quite “lop the branches off of a tree strap on a transformer and daisy chain some wire”, but many on seeing it will understand the sentiment.

The second problem is “pull the profit and run” thinking as part of the “don’t leave money on the table” neo-con mantra. As noted maintaining such a network is very expensive as it’s not designed to be resiliant or fault tolerant thus maintainance heavy with lots of emoloyees. BUT… if you stop the maintenance then the employment and materials costs disapear. But also failure issues do not immediately appear. So for a few years shareholder value looks great and the bonus as a C-suit accordingly high.

Then the rot bites, disasters strike, law suits spring up like mushrooms overnight, so the C-suits pull the “too critical to be alowed to fail” cord and protection from bankruptcy etc.

And you the consumer who has by various tricks of legislation and regulation discover you are paying more money for mains power per kW hour than the equivalent from batteries and gas guzzling generators…

But if it’s only for a few hours or a week then most will survive, so why the oft quoted 66 to 90% death rate? Well that’s for the mains power being gone for 6-24 months.

Why so long? Lets talk about transformers, they are all over the US grid and mostly unprotected against electromagnetic events, that are many many times worse with barely in spec overhead wires than with buried cables. Natural events due to solar weather such as CME’s and Charington events, cause the equivalent of massive DC currents to flow, and transformer windings over heat and melt or burn out rapidly. The problem, the US does not wind it’s own grid transformers, they come in from abroad, and whilst they are not quite “hand made” they are generally on a 12-24month order to delivery time, and they are very difficult to transport and install.

Now look around your home, what won’t work without power?

Well virtually everything. Heating, AC, cooking, freezer, computers, and communications. But after maybe a week water will stop flowing and sewage will back up with disease and death following to nearly every door… The higher the housing/population density in any given area the worse it will be.

But what about food? well it will become not just scarce but very expensive… Not that you will be able to buy it because “No power = No Job = No money = No food, health care, or roof over your head” (and social safety nets for the good of all are an anathema to way to many in the US).

We saw during the previous administration that you can forget about federal assistance and I think those in Texas and California know that state level assistance would be at best high velocity lead poisoning for the desperate.

But note I’ve only mentioned “natural electromagnetic events” that happen every 10-150 years depending on how you want to characterize them. I’ve not talked of EMP from nuclear or HERF devices, or cyber-security adverse events all of which tend to be more local than continental / worldwide, but certainly directed at critical nexi where possible.

For obvious reasons some people are getting twitchy about the “N-word” but in all honesty I still think the risk of that is about the same as normal which is low. In part because I conversly think the risk of cyber-security events are way way higher and rising. With the question of if they will become more of a defence rather than offence issue. Because ultimately cyber attacks only work for two reasons,

1, The attackers can reach them.2, The attackers can take them over.

If people took a little thought into what they do, then their contingency planning would take “communications failure” into account and have a mittigation. Thus pulling the plug from the Internet should be possible. Which leaves the issue of a “dead hand payload” of an APT agent already in place waiting for a lack of “heart-beat”.

I won’t go into details but there are ways you can mitigate even “dead hand” APT if you plan sensibly in advance.

Things that have happened in the Ukraine with regards Cyber-Security should not have happened. In part it’s cost minimization, but also lets be honest as @JonKnowsNothing has pointed out today “crap-sodtware”. The lesson is none of our infrastructure systems should be in any way remotely connected to public networks, especially with the really crap awfull software in “embeded” and “appliance” devices for networking. The likes of Cisco should be ashamed of selling that sort of crapware junk.

The advantage of cyber-security adverse events from a defenders point of view is both the lack of, and difficulty of, “Physical Agency” that is going to cause major longterm damage. I won’t go into ICS, SCADA, and RTU systems but they are not the “bread and butter” of cyber attacks. Also with a little thought and planning secondary monitoring systems can be put in place.

For instance Stuxnet a decade ago did damage because there were no secondary monitoring systems in place, so the repeated run-up / run-down by the centrifuge controlers necessary to cause the damage went unnoticed…

Anyone these days with any sense and high value systems to run, would you have hoped, taken that on board and put the required secondary systems in place.

However recent events by certain states presumably under “shareholder originated preasure” suggests very strongly that certain infrastructure managment realy are lacking in the sense department… However the court cases are double edged, they now will find it extreamly difficult to claim they were “not negligent” if things do go pear-shaped.

Over all that means that the 66-90% US fatality rate is now likely to be actually somewhat lower than it was a decade or more ago when first indicated.

But one word of advice, don’t go out and by a generator. Firstly because very very few know how to “wire them in” safely, not just for the home occupants but their neighbours and for the power company employees as well.

Also some generators run on “petrochem fuels” one result of which is significant carbon monoxide and other very life shortening emmissions, they are also not just a fire risk, but because they are noisy and left mostly unatended a theft risk with the attendent risk of violence.

However there are known ways to connect “Solar Generators” into the equivalent of UPSs very safely and these will keep small fridges running for meds and the like, and for “knowledge workers” a reasonable chance to keep your job going especially if you use satellite rather than mobile or land line communications, but… it also needs your employer to be suitably set up, which is probably unlikely.

But natural electromagnetic events like CME’s and Carrington Events are quite survivable, as humans have happily lived through them before any number of times. But the world was barely electrically sophisticated 164 years ago, back in 1859 when the telegraph was still magically impresive, though it only ran on batteries and the only power coming into homes was biological on two or for legs or coal gas for lighting, and in factories steam driven shafts. It was a decade or so later that electric arc lamps were to appear with a harshness few found appealing. So the impact was more awe than life altering,

https://earthsky.org/human-world/carrington-event-1859-solar-storm-effects-today/

Not so today, we are slave to the movment of charge in so many ways that few realise even when they go camping, what it’s loss actually would mean.

But I actually doubt it would be even close to existential for mankind as much of the world still does not depend on electricity.

As for the West, again many parts are not as dependent on electricity as we are in high population density places like London, New York, Paris or Brussels…