By: Senators James E. Risch and Angus S. King
Date: September 13, 2016
In the 2015 novel Ghost Fleet, the U.S. is challenged in a future war by a technologically savvy enemy. The enemy exploits the cyber vulnerabilities in a U.S. military that has grown overly reliant on highly networked and computer-dependent weapons platforms. Left nearly defenseless, the U.S. comes to realize it must rely on long-retired, technologically simpler, and ultimately more dependable weapon systems to fight back.
Although P.W. Singer and August Cole’s story is fiction, the potential threats described are cause for real concern. And the military is not the only sector that might make an attractive target. In fact, our most critical energy systems in the U.S. are connected through complex digital technologies as well.
Increasingly automated and complex control systems are essential to the infrastructure that provides everything from the basic necessities of modern life, including communication, navigation, and manufacturing, to critical functions of national security. Protecting these systems is one of our most pressing security challenges. In short, while the rapid, worldwide adoption of digital automation technologies has created many benefits, it has also introduced significant cyber vulnerabilities to critical infrastructure that must be addressed.
To that end, we recently introduced bipartisan legislation along with Senators Susan Collins and Martin Heinrich to safeguard the U.S. from these potentially catastrophic threats. The Securing Energy Infrastructure Act would launch a coordinated effort to help protect U.S. infrastructure from the vulnerabilities inherent in a connected and highly interdependent world. In doing so, it seeks to identify better ways to protect the country’s critical control systems – those systems that support some of the most important energy sector processes.
As members of both the Intelligence and Energy committees, a principal goal of the pilot program established by our bill is to identify ways to reduce some of the digital complexity in our critical infrastructure, thereby limiting opportunities for cyber-attacks and improving our ability to defend those systems. For example, by replacing certain portions of digital and technologically advanced operating systems that are vulnerable to exploitation with far simpler analog devices or manual processes and procedures, we can hinder sophisticated cyber-enemies. This will require that our nation shift from simple applications of complex technologies to applying new thinking on simple, but more secure and robust solutions.
One of the benefits of less dependence on automation and digital technology in critical infrastructure was revealed in a December 2015 cyber-attack against Ukraine’s power grid. The sophisticated cyber-attack left more than 225,000 people without power for several hours. Subsequent investigations suggest Ukraine was saved from a much greater impact by operating its grid in manual modes when digital systems could not be trusted.
We are proud that the solutions to many of these security challenges are being developed at our National Laboratories, including the Idaho National Laboratory (INL). Our National Labs are unique assets and their expertise will help drive the innovations this legislation aims to achieve. By encouraging this research, we are working to ensure the U.S. never faces a day when our reliance on highly networked technology leaves us vulnerable to attack.
While Ghost Fleet may be a thrilling novel, its lesson rings true; the U.S. must be prepared to defend ourselves -- and our most critical infrastructure -- from attacks by our increasingly sophisticated, technologically advanced, adversaries.