Revolutions in warfare, though they may be predicted by theorists, are often unnoticed by governments and their military establishments — until it is too late.
On November 11, 1940, during the Battle of Taranto, torpedo planes from the British aircraft carrier Illustrious sank the Italian battleship Conte di Cavour. It was the first time in history that an aircraft carrier sank a battleship.
Today the U.S. Navy, once skeptical of aircraft carriers until it lost much of the Pacific fleet, relies on the carrier as the chief instrument of U.S. power projection.
Did another revolution in warfare arrive, little noticed, on December 23, when an alleged cyber attack on the power grid plunged western Ukraine into a blackout? Some 700,000 homes in Ukraine’s Ivano-Frankivsk region were without power, apparently because of Russian hackers armed with Russian malware called BlackEnergy.
The jury is still out, but there is an emerging consensus among cyber security experts that the Ukrainian blackout was caused by a cyber attack from a group calling itself Sandworm and that the culprit is Russia. Some are declaring that the blackout is an ominous milestone — the first known case of a successful attack on an electric-power grid by hackers.
Is the blackout of Ivano-Frankivsk the Battle of Taranto in a new age of cyber warfare?
The dubious distinction of being the victim of the first cyber blackout may actually belong to Turkey. On March 31, 2015, almost the entire nation of Turkey was blacked out, reportedly by a cyber attack from Iran. Most experts were prepared to declare this the first cyber blackout.
However, months after the blackout, Turkey claimed it was caused not by a cyber attack but by equipment malfunction. Since Turkey is in a crisis over shooting down a Russian jet, a crisis that involves the movement of 6,000 Russian troops to the Turkish border, it may be either that there is real uncertainty or that Ankara deems it imprudent to acknowledge such a profound and tempting vulnerability of its national electric grid to cyber attack.
The Ukrainian blackout, like previous cyber attacks on the U.S. and its allies, is fast disappearing from newspapers and the minds of policymakers. Some are noting that the blackouts in Ukraine and Turkey lasted only hours and did not have catastrophic consequences for society, as predicted by cyber-warfare theorists, and that therefore these episodes are really “good news” stories.
Now the blackout of Ivano-Frankivsk is vastly overshadowed by North Korea’s recent nuclear test and dictator Kim Jong Un’s claim that he has a hydrogen bomb. So the focus of attention has shifted, at least temporarily, away from cyber threats. But the North Korean nuclear threat is another dimension of the threat from cyber warfare.
Potential adversaries of the U.S. regard nuclear EMP attack as the ultimate cyber weapon.
Potential adversaries of the U.S. regard nuclear EMP attack as the ultimate cyber weapon. North Korea’s fourth low-yield nuclear test and its claim that it has a hydrogen bomb are further corroboration of the Congressional EMP Commission’s warning that the North is developing a super-EMP weapon — essentially a low-yield hydrogen bomb.
So the cyber blackout of Ivano-Frankivsk is no “good news” story about the limitations of cyber warfare but a “very bad news” story about Russian experimentation with a revolutionary new way of warfare that could culminate in a nuclear EMP attack. China, North Korea, Iran, and terrorists are also experimenting with the cyber-warfare revolution, while the United States is befuddled.
What is to be done?
The U.S. must develop robust offensive cyber-warfare capabilities and use them to retaliate and to deter adversaries from conflict escalation.
The U.S. must develop new doctrine and capabilities to use military force to deter and retaliate against rogue states or non-state actors who are not as vulnerable to cyber warfare as the United States.
The U.S. must harden its electric grid and other critical infrastructures against nuclear EMP attack — which will also mitigate the worst-case threats from cyber, sabotage, and severe weather, including solar weather — beginning with passage of the Critical Infrastructure Protection Act (H.R. 1073), now awaiting action in the Senate.
Finally, the Department of Defense must do everything in its power to support and cooperate with the newly reestablished Congressional EMP Commission — before it is too late.
— Ambassador R. James Woolsey, former director of central intelligence, is chancellor of the Institute of World Politics and chairman of the Leadership Council of the Foundation for Defense of Democracies. Peter Vincent Pry is executive director of the EMP Task Force on National and Homeland Security. He served in the Congressional EMP Commission, the House Armed Services Committee, and the CIA and is the author of Blackout Wars, available through CreateSpace.com and Amazon.com.