The dangers of ignoring the dark side of the information age

by Dr Carlo Kopp Last year the House of Representatives in the US Congress unanimously passed H.R. 5026, also known as the GRID Act. The bill subsequently stalled in the...

by Dr Carlo Kopp

Last year the House of Representatives in the US Congress unanimously passed H.R. 5026, also known as the GRID Act. The bill subsequently stalled in the Senate and its future remains unclear, after the Senate replaced it with a bill on “clean energy”. This is of major concern, because the legislation aims to protect an Achilles’ heel that is becoming more serious by the day.

H.R. 5026 is the first major piece of legislation to acknowledge and propose measures to deal with the vulnerability of electrical power distribution, digital information distribution and processing infrastructure, to events which might produce electromagnetic field strengths with damaging, large-scale effects.

It is intended “To amend the Federal Power Act to protect the bulk-power system and electric infrastructure critical to the defense of the United States from cybersecurity and other threats and vulnerabilities”.

The cause of this vulnerability is the pervasive use of high-density electronic chips, built from silicon, gallium arsenide or other materials, in consumer and industrial goods. Mobile phones, tablets, computers, computer network routers, embedded equipment (in consumer, government or industrial equipment) and transportation systems all share a common basic technology.

If exposed to very high electrical or electromagnetic field strengths, such chips can suffer temporary upsets, permanent damage, delayed damage, or immediate failure. Any event, natural or manmade, which can produce such conditions, could cause a large-scale “cascading failure” across the urban infrastructure of any developed nation.

Electrical power grids and copper network cables are the path via which high-power electrical transients can cause catastrophic damage across multiple systems, concurrently. The ever-increasing reliance on distributed computing and networked applications adds a further dimension to the problem; remote servers downed through such events could cripple networked software applications across much larger geographical footprints.

Why the US GRID legislation has been both divisive and controversial is the range of possible causes of large scale electrical damage effects.

While damage effects produced by nature are highly probable in the short term, and over time certain, critics of the legislation have focussed almost exclusively on the least probable manmade causes of catastrophic damage. This has proven a politically effective tactic, as it presents infrastructure hardening as an “uncertain” need, thus permitting legislation with a perceived “certain” need to be substituted instead.

Modern risk management standards and practice are to consider both the probability of uncertain events, and the damaging consequences, and accord a high priority to events of low probability which yield catastrophic consequences. What makes for good legislative debating tactics makes for very dangerous, if not irresponsible, risk management or mitigation practice.

Nature cares not for clever political debating tactics. There have been numerous well-documented instances in recent years of large-scale electrical grid damage in the northern hemisphere arising as a result of solar storms. Perturbation of the earth's magnetic field will cause induction effects in electrical power lines, in turn causing outages or damage to electrical and electronic equipment across large geographical areas.

Similar, but much more severe effects can be produced by initiating a high-yield nuclear warhead in the upper atmosphere. This is known as the HEMP (high-altitude electromagnetic pulse) effect. Cold War era nuclear warfighting strategists often planned for the use of HEMP warheads as an “opening round” tactic, to cripple an opponent's battle management systems before deluging them with hundreds of nuclear warheads.

Finally, the wide use of digital equipment in military systems has stimulated the global development of non-nuclear electromagnetic weapons, and numerous designs are now approaching sufficient maturity for operational use. The largest of these can produce disruption or damage effects across many square kilometres. As they are not nuclear, and qualify as “non-lethal” under most treaties, there are no traditional disincentives to their use. Once such weapons become “standard” munitions in operational warstocks, it is only a matter of time before terrorists gain access via theft, or direct state sponsorship. Any nation with the skills base to develop and build nuclear weapons can design non-nuclear electromagnetic bombs.

Prima facie this makes a compelling case for legislation to make protective measures mandatory for all vulnerable infrastructure.

There has been enormous institutional and often political resistance to this idea. Researchers and public advocates of “infrastructure hardening” have had to confront disbelief, denial, indifference, and often active resistance.

The sorry events of last year in which the US Senate did not endorse the House vote on  H.R. 5026 show that there is little if any public, political or mass media understanding of the risks being taken with public safety in shifting increasing numbers of critical services into an infrastructure which is increasingly vulnerable to broad disruption. Cynics in the research community of which I am a part often privately observe that a tsunami or Pearl Harbour-scale event might be the only way in which the importance of this matter can become widely accepted.

Academic and government research in this area was well funded during the Cold War, reflecting Soviet threats to use nuclear HEMP weapons against NATO nations. This is no longer the case, and this research area is frequently regarded to be “non-mainstream” if not an eccentric indulgence by a very small research community.

The sad truth is that denying the importance of this vulnerability will not make it go away. At the same time, the risk of an eventual major catastrophe will incrementally grow as the infrastructure becomes ever more dependent on high density chips, networks and distributed software.

Dr Carlo Kopp is a lecturer in the Clayton School of Information Technology at Monash University. He has authored six major research papers on electromagnetic weapons effects and hardening, published between 1993 and 2007. He was scientific advisor for NCIS LA Episode 3.11 “High Power” to be screened on Channel Ten on Monday 13 February 2012.