What would happen if an army of hackers put America's power grid in its sights and pulled the trigger? How fast would the country descend into darkness? Would there be anarchy in the streets? Would people die? According to a war game carried out across the country this week, the answer is not necessarily good news.
A group of organisations led by the North American Electric Reliability Corporation just concluded a two-day drill known as GridExII. (The first GridEx took place two years ago and was much smaller.) All-in-all, 210 utility companies, working with government agencies like the Department of Homeland Security, participated in the exercise, simulating a massive cyberattack on the nation's basic infrastructure. While none of the attacks affected actual equipment, first responders acted as if a coordinated attack had fried the nation's wires, shorted out transformers, and turned computers into secret weapons. The 48-hour-long drill actually represented just over a week of real world time since every one hour of simulation equalled four hours of reality. If it were real, tens of millions of Americans would have been left in the darkness, and there would've been, the participants estimated, 150 injuries and seven deaths caused by attackers on the scene.
The point of the whole exercise was to test our preparedness for a massive cyberattack. This is exactly the kind of catastrophe that President Obama has warned about on multiple occasions, an attack that targets computers and shuts down vital pieces of infrastructure. As one industry insider put it, "It's a fire drill, not a fire." But not everybody saw it that way. The New York Times reports:
In a period of anxiety about cyberattacks and the vulnerability of the nation's infrastructure, news that GridEx II would be held engendered yet more nervousness, some of it bizarre. One website tried to connect a joint training exercise in Hawaii between American and Chinese military personnel with the electricity drill. Another described it as a prelude to the government's declaring martial law.
Regardless of how many conspiracy theories it inspires, it's an awfully good idea to go the extra mile to prepare for a cyberattack. Since something like this has never actually happened — although hackers are constantly trying — it's very difficult to know what kind of response would be appropriate. Now that hundreds of agencies and companies have been given a taste, we should be on a few steps closer to finding out. [NYT]