"This is How They Tell Me the World Ends" by Nicole Perlroth
Recommended Reading for Emergency Managers, Cybersecurity Professionals, and Those Securing America’s Critical Infrastructure
How will a widespread and long-lasting grid failure impact America's communities?
One way to answer this question is to look at relatively recent weather events that impacted the power supply. The 2021 Texas Energy outage caused by Winter Storm Uri, the 2021 Pacific Heat Dome, and the 2022 Winter Storm in Buffalo, NY, all led to the loss of life.
Another, and slightly harder, way to consider this question is to think about what happens when the incident isn’t the result of severe weather or unintentional human error but the result of criminals or terrorists targeting vulnerable components of our energy system.
This is harder because (as far as I know) we haven't had any loss of load on the grid as a result of a cyberattack to date, and (outside of one fatality attributed to the attack on the substation in Moore, NC) we haven't seen any loss of life directly resulting from any of the physical attacks on America's energy infrastructure.
It doesn't mean it isn't possible and isn't a growing risk that our communities should prepare for, though.
As a few examples of the growing urgency of this threat:
Last week, CISA, the NSA, and the FBI released a joint advisory about the Chinese Volt Typhoon campaign targeting utilities and critical infrastructure providers with the goal of disrupting their operations (as opposed to just espionage). Link with a few takeaways for emergency managers on the campaign.
A few weeks ago, CISA released an incident response guide for the water and wastewater sector following the Iranian cyberattack on the Pennsylvania Water Authority. Here is a link to the guide and some components of our risk.
The National Cybersecurity Strategy released in March 2023, included the quote that, "Our factories, power grids, and water treatment facilities, among other essential infrastructure.... are rapidly bringing online digital operational technology... and making cyberattacks inherently more destructive and impactful to our daily lives." Here are a few additional takeaways.
I recognize there is a fine line between creating awareness about a growing threat and sounding like Chicken Little, so I will hold back from sharing any more links to warnings about the growing risk to our infrastructure. Though I will share a book recommendation for anyone looking to better understand the cybersecurity risks our country, companies, and government organizations face.
Book Recommendation: This is How They Tell Me the World Ends by Nicole Perlroth is easily one of the most influential and eye-opening books I have read in quite a while.
The book begins with the story of the crippling cyberattack on Ukraine in 2017. It continues with story after story about how the market for cyber weapons evolved from a small group of government-backed contractors to an underground economy where zero-day exploits are being sold to the highest bidder.
And with so many of the stories and accounts, the book shows (in a non-technical way) how those decisions impact the lives of Americans today. It is absolutely worth the read.
From start to finish, the book had me hooked, and this includes a brief personal statement that Nicole Perlroth makes in the epilogue:
They say the first step in solving a problem is recognizing there is one. This book is my own 'left of boom' effort. It is the story of our vast digital vulnerabilities, of how and why it exists, of the governments that have exploited and enabled it and the rising stakes for us all...But it is our ignorance of these issues that has become our greatest vulnerability of all.
If that resonates with you, here are a few resources:
Buy the book This is How They Tell Me the World Ends by Nicole Perlroth on Amazon.
If you have read the book or are working to address this threat, consider joining the conversation on LinkedIn.
For any readers who also enjoy a good narrative-driven podcast, I recommend a podcast episode titled "Click Here to Kill Everyone" on the Power Corrupts podcast that includes an appearance by book author Nicole Perlroth.
Whenever you’re ready, there are 3 ways I can help you:
1. The Tactical Analysis Online Course: Join over 4,000 students who have learned how to read behavior, establish baselines, and recognize threats using the approach written about in Left of Bang: How the Marine Corps’ Combat Hunter Program Can Save Your Life.
2. Subscribe to the Left of Bang Academy: Access the tools and resources needed by professional emergency managers and homeland security professionals to prepare their organizations for future disasters, disruptions, and crises.
3. Share the Left of Bang newsletter with friends and colleagues to help your organization and the industry prepare for an uncertain future.