Previous IFPA-Fletcher Conferences
36th Annual IFPA-Fletcher Conference on
National Security and Policy
Nuclear and Non-Nuclear Forces in 21st-Century Deterrence:
Implementing the New Triad
December 14-15, 2005
Grand Hyatt Washington Hotel
Washington, D.C.
Session 1 - Asymmetric Threats to the U.S. and its Allies, including Cyber Warfare and EMP
Address by Dr. William R. Graham, Chairman of the Commission to Assess the
Threat to the United States from EMP Attack and
former Chairman and CEO, National Security Research, Inc.
Thank you, Professor Pfaltzgraff. Just by way of full disclosure, I should say national security research was merged into CACI in October, and so my principle affiliation today is Friends of the Zoo. [laughter] In Washington, we have enough zoos that you can make your own choice as to which ones you're most friendly with.
In decades past, much of our concern has been on the threat of large scale nuclear attack. Of course, today we consider that a lesser threat, although some capability for this still exists, certainly. But Mr. Henry showed a factorization of classes of threats that I thought was very interesting. He showed basically classical, unconventional, disruptive, and catastrophic. You might think for a minute, are there threats which are simultaneously unconventional, disruptive and catastrophic? I can identify at least three such categories of threats. One is the biological threats, pathogens for which there is no inoculation and no cure, and which are highly contagious and just to make it as bad as possible, which can be contagious before they’re symptomatic so you don't know who has it and who doesn’t when you can catch it.
That type of threat could shut down any country in which it occurs. People would stop interacting with each other, they would stop getting near each other and everything would come to a halt. Possible we might have been able to survive that 200 years ago when people tended to be largely based on farms and when they kept much of their own food and sustenance in the farms. But of course today, we’re down to less than 2 percent of the population on farms, and even that 2 percent is highly dependent on a mechanized and energy and power rich society to carry out its own activities. So it’s very unlikely the country could survive in any recognizable form with that type of threat loose, at least for very long.
Another type of threat of such widespread character that would be both unconventional, disruptive and potentially catastrophic, would be a cyber threat. We are becoming more and more dependent upon our information systems and networks. And of course, these have interfaces and connections that go throughout the world, and therefore are open to disruption, not only locally and domestically, but from other parts of the world as well. Possibly today, and certainly in the future as we become more and more dependent upon the cyber networks, a massive disruption of those networks has the potential to bring down the functions they control, which could be and will be most of the functions that maintain our society in recognizable form.
A third type of threat is an unanticipated effect of nuclear explosion. Unanticipated at least at the time it was first observed. This is a nuclear explosion about the atmosphere which creates a rather strange electromagnetic effect, which has become known as a high altitude nuclear EMP or just an EMP threat for short. I’ll come back to that and show you some of the concerns of that, but before I do let me just mention other threats. Large hurricanes, these are nature’s threats but still serious, of course. Very large hurricanes and, say, magnitude nine earthquakes and associated tsunamis. For the purpose of this discussion, those are considered lesser included threats; that is to say, they’re really not of the scale of the three things I described previously, although obviously they're very, very serious problems. And we can also imagine some threats on the geologic time scale that are of the form of the first three, but I'm not going to mention those. We have to be really unlucky to run across those.
One way to think of these threats is in terms of the area that needs help compared to the edge through which you can bring help from unaffected areas. In the case of the biological threat, the area is likely to be continental and possibly global, and there's not much edge compared to the size of the area affected. Cyber is the same way, EMP’s a little better; but nonetheless, it can affect huge areas of the country or regions and leave only modest areas through which to bring help to try to recover.
When the Soviet Union broke out of the nuclear test moratorium in 1958, they conducted a number of high altitude nuclear tests. And during discussions starting in 1994 when Russian scientists and military people would come to international conferences, they began describing some of the effects they observed in the land mass under these high altitude nuclear tests. They had several different kinds of problems with power, communication, electrical, and electronic systems. We weren’t surprised when we heard that because when we conducted high altitude nuclear tests in the early ‘60s, through the fish bowl series of tests in the Pacific, even though the tests were barely within line of sight of occupied land masses, we also saw a number of strange electromagnetic effects that we didn't understand, and it wasn’t until a year or so later that the effect was explained by Conrad Longmeier, then at Los Alamos.
This high altitude effect, EMP effect, during the Cold War was an insider’s concern; insiders and strategic deterrence, in particular. Because it could disable strategic communications, command, control and strategic systems themselves, aircraft, missiles and so on. And do it long enough that a more massive, physical nuclear attack would have time to get on top of our forces and take them out, and therefore could destroy much of our deterrent capability and therefore undermine deterrence. That's not the concern today, the concern today is that one or two nuclear weapons and one or two missiles in the hands of people who were willing to attack us under any circumstances could cause very substantial disruption, damage, and possibly catastrophic effects to our society.
This shows an example of what you can do. Basically, you need a missile, a SCUD is fine, SCUDs are a glut on the market. They show up in the U.S. occasionally in collectors inventories; in fact, one of them with its transporter, erector launcher and payload but without the high explosive showed up at Point Walnili (?) and was intercepted by the Bureau of Alcohol, Tobacco and Firearms, presumably counting as a firearm. [laughter] Others have been found in collections in the country. Many countries know how to make them, they're basically a generation beyond the V2, they're very simple.
Nuclear weapons, of course, still exist in a few countries in the world today. I think it’s reasonable to say we don’t know how hard it would be to steal one, we think it’s hard to steal it from us, maybe not so hard to steal it from others. And if you can get the nuclear material, the skill to make nuclear weapons is quite widespread, mobile and probably for sale in the world. And as Secretary Rumsfeld often says, vulnerability may be an invitation to attack.
Well, why might a terrorist, even if he can get a nuclear weapon, prefer to use an EMP type of attack rather than just to see if he can get into a major city’s port or from his point of view even further into the city and detonate it? Well, there are a number of reasons that a terrorist might choose that route. For one thing, he doesn’t have to go through as many security barriers to attack the U.S. as he would if he were trying to bring a nuclear weapon into the country and the response of the U.S. might be different. This would largely be a blindside type of attack on the U.S. as opposed to just a low altitude nuclear detonation. So we took as a commission to look at this, the case of a nuclear weapon going off in one of our cities as sort of the baseline case and said, well what could happen that might be worse than that?
We were worried not only what we thought about it, but what our adversaries might think about it, and in particular we didn't want to encourage or energize our adversaries, potential adversaries, into considering this kind of attack. So we went to some length to go through the literature and see what had been said about this by various countries, and it turns out there is an extensive literature of this, and this is only a very small sample. But many countries understand the potential of EMP and the effects that it can produce. So we concluded somewhat sadly that the effects of this are already well understood in the world, and that we weren’t going to be telling adversaries anything they didn't already know.
In fact, one of the things we did was we engaged two senior Soviet generals to come over and meet with us for a day and talk to us about EMP type of threats. For one thing, our commission had been chartered by the Congress in statutory form, and one of the principle proponents for the patrons of it was Congressman Weldon, who maintains a close relationship with counterparts in the Duma, and is interested in what the Russians think and do about things. So he thought we’d better take an interest in that, too. But more generally, there is a form of intelligence called asking. If you just ask them, often they’ll tell you what's going on. [laughter] This is not always practiced, but it can be very effective. And so we tried to use some asking here, spent a day talking to two generals who taught at the general staff college, and also who’d written extensively on weapons of special characteristics. And it was very enlightening, and they told us among other things that North Korea had hired a number of Russian and other nuclear scientists and engineers and had them working under western conditions, and they emphasized with western pay scales, on nuclear weapon design.
So we think this is an example of how the technologies for these things can and probably have proliferated around the world. They also pointed out that Russia seems to have a somewhat different model of the EMP effects of weapons and they get about twice the peak fields that we get when we calculate the effects of weapons designed to produce EMP fields and produce them particularly well. And we’ve known that they’ve gotten this different answer for now about seven years, eight years, and we still don’t know why. But here's another example of where I think asking will go a long way to compare their results with ours.
Well, as those of you in Washington know, there are really four branches of government; there's the executive, judicial, legislative and then there's the commission. And we were a commission brand of government on this subject. These commissions come about when Congress becomes frustrated with other parts of the government responding on certain issues, and sometimes just when other parts want to create their own independent look at a matter. And we were asked in this case to address the nature of the EMP threat, look at both state and non-state actors, look at the vulnerability of military and especially civilian systems. And one of the first things we discovered is there are very few purely civilian systems, and particularly in the infrastructure. By that I mean our military depends upon our national infrastructure to at least as great an extent as our civilian population depends on that infrastructure. And by that infrastructure I mean the things you normally think of when you think of it at all, which are power, energy transfer, transportation, financial transfer, communications, government, emergency response, medical care and so on. All in the U.S. relatively high reliability infrastructures, and they are designed, we discovered, to operate with everything working right and since they're high reliability, they’re designed to work if one of the elements fail, one node fails. We call it the N – 1 configuration. But they’re not designed to operate when many of the nodes or capabilities fail simultaneously. I’ll show you the effect of that in a minute.
This gives you just some sense of some of the infrastructures that we looked at. And as an electrical engineer, I can’t help but put this in, even though this is more of a policy conference. This is an insidious little robot that sits in almost all of our infrastructures called a SCADA, stands for supervisory control and data acquisition system. What it is is an element that controls much of the infrastructure, it does things like protect it, will shut things down if they get out of standard operating range. And it makes sure that loads continue to be balanced, pressures are maintained, all the operating parameters that you would normally need to operate or maintain, and it does it automatically. They're not very big, they’re made out of basically PC parts, they're ubiquitous in society today, and all those wires you see coming out of the bottom one, to an EMP analyst, are actually antennas, to couple EMP down into the guts of the thing and cause it to burn out. And we tested a number of these, and in fact, that's exactly what happens. The EMP acts as a trigger. The power supplies of the electronics then provides enough energy to go through and burn out the electronics.
Here, to my mind, is the major challenge for at least the first half of the 21st century. How does our infrastructure, what I'm going to call our national infrastructure, although the charter called it the civilian infrastructure. How does that respond to more than the N – 1 type of disruption? And in particular, EMP can cause simultaneous upset and damage across all of these infrastructures, across a very wide area, something these infrastructures never experience under normal operating circumstances.
One of the reasons these infrastructures work so well and are so efficient is that they depend upon each other for their function. So for example, the electric power doesn’t try to have its entirely own communication systems, it uses the telecommunications infrastructure. And telecommunications doesn’t try to have its own electric power system, it uses the commercial electric power system. And you can go on into energy transport and generation, and of course banking and finance, almost all funds are transferred electronically today, and that depends both on communications and on power. So as you go through this, what you find is that there's a very tightly coupled set of infrastructures.
I was talking to some colleagues at one of the national laboratories earlier this year about the northeast power blackout of August 14th, 2003. As you may recall, a long distance power transmission line was being heavily used. As the wires heated, they sagged and there was a tree underneath one of them. And finally, it sagged enough that it shorted to the tree, took out the transmission line—(cell phone ringing)—It’s communications at work here. And then from that point on, because the situation of awareness was not good and the network operators, many of their monitoring computers and SCADAs were down, in fact, what happened was something over 2000 megawatts was being generated in the Mississippi River Valley, started looking for a load somewhere and started trying to find transmission lines to get to that load and as one transmission line would go down, the load would roll onto the next transmission line, overload it and take it down. And over a period of an hour or two, we lost the whole northeast nuclear power grid. We didn't lose Washington, D.C. The power companies have been thoughtful enough to put very sensitive circuit breakers somewhere around the Mason-Dixon line so I don’t think it’s as much of a political statement of that sort as it is an attempt to keep Washington, D.C. going because they’ve seen what happens when the seat of government goes down and the kinds of legislation that often result from that. [laughter]
So we kept going here, but everything north of the Virginia border started failing, and in fact was down for most of the day. And there were some difficulties in bringing things back because of the interrelationship. It’s much of a credit to the people who do operation, design that system that essentially nothing was damaged this time, unlike the blackout of 30 years before that when some of the generating systems were damaged. They were at least protected by the increased load that was falling on them. It still took time to get them back up and we lost some telecommunications, we lost water supplies in some cities because of lack of power and so on and so forth.
My friends at the national labs have gotten about six steps deep into the power blackout of 2003. They haven’t been able to follow it any further yet, although they're still working on it. And they figure there's probably another six steps or so until you get to the final shutdown in the process. And that's one infrastructure. Here, the problem is all the infrastructures tied together. It is, I’ll say this by way of encouragement, it’s a finite problem. There are only so many pieces out there, but it’s a big finite problem. And I think it’s going to take some very clever and thoughtful analysis and modeling and simulation and testing and so on to figure out how this responds to insults greater than the N – 1 problem; but I think it’s very important that we do that in order to better design the system to be protected against such insults.
Of course, the problem is that once those go down, we also don’t have any plan to bring them back up. And as a commission, we did some fairly simple modeling, and it’s not hard to find situations where the infrastructure goes down to some extent, but then after the initial failures and disruptions, it keeps getting worse for quite a while before it comes back. After you lose power, telecommunications, some of it will work on batteries for a while, but when the batteries go down, you hope you have a backup generator. People who build big office buildings and cities generally don't like big generators and big diesel fuel supplies in the middle of their cities, so there's not a lot of backup there and so on. So things could keep getting worse. And we found situations where it looked to us like it could take weeks, possibly months, to begin to recover the infrastructure. And meanwhile, we’d have over 250 million people who depend on that infrastructure, not only for their livelihood but for their lives.
We didn't think there was a magic bullet for dealing with this type of problem. Certainly not in EMP, but basically the idea was to do what you can in each domain of activity. And so we proposed a number of steps obviously to do all we can to prevent such an attack. But very important is to prepare for it. The worst time in the world to try to put together a plan for disaster recovery is after the disaster has occurred. If you don't believe me, just go back and look at the Katrina response. That was, again, a small scale model of this. But it did have the aspect that all the infrastructures went down more or less simultaneously, or within a short period of time. Power, telecommunications, transportation, government services, and so on and so forth. All down, and now you want to start recovery, except you don’t have anything to recover with. You try to work your way in through the edge and try to bring those systems back up. But having a plan beforehand, knowing what your priorities are, what you're going to bring up first, what depends on what, is very important. And I believe that will be important in each of these areas of major problems.
There are some things in the infrastructure that are more difficult to replace than others. Major transformers, for example, that do long distance power transfer, are all manufactured offshore now, and are designed to be very unique to the power grids they serve and take about a year to supply if they're produced in very small numbers. We replace about 1 percent a year. Protect those things that you can’t replace easily. And then finally, have a plan of recovery and exercise it and test it.
Well, I think we can do something about this for less than enormous amounts of money. Here are some examples, steps that we propose and I’ll give you the executive summary of this to refer to this in more detail. But you can see the steps. Logical, I think reasonable, and since they're so dependent on analysis and planning, I don’t think they have to be enormous financial burdens, but they will be substantial intellectual burdens on the country.
So further steps that we think would be beneficial to deal with this problem. Homeland security didn't exist when we started the commission, it did later. We suggest they have substantial responsibilities in this and we described them in our executive summary. Conclusions, we can do a lot to manage the problem, but we’ve got to think about it. It is of a class that should be very worrisome to us. There's where you can find the executive summary in the report on the internet, as long as it’s running. Thank you.
[Applause]
Questions and Answers
Audience: Sir, Lieutenant Commander Joe Listopad from DTRA, this is for Dr. Graham. Given the vast number of vulnerable components to EMP, does it make more sense to embark on a program to protect all of those components, or to prevent the marriage between a ballistic missile and a nuclear weapon?
Audience: Dr. Graham, it’s been about two years since your commission had this report. Could you characterize a response, what kinds of actions are being taken or being done in response to the report? I’m John Caves, National Defense University.
Audience: Thank you, Sandy Specter, again with the Monterrey Institute. On the EMP issue, doesn’t the actual size of the weapon have to be quite substantial, which puts it beyond the capabilities of terrorists groups and some rogue states? Plus, you’d actually have to have a missile, which I don’t think we really associate typically with terrorist organizations.
Audience: Dr. Graham, Jim Miller with DePauw University. In your presentation you mentioned the protection is a federal responsibility. With 85 percent of the infrastructure owned by private entities, how would you propose that that would be funded? Thank you.
Dr. Graham: Okay. I’m going to redo the order slightly. Is EMP effect very dependent on the size of the weapons? The part I was talking about, which is the very intense, very short pulse, what we call E1 in the trade, no, that's not dependent on the yield. It’s actually the saturation effect and very insensitive to the yield. It is sensitive to a couple of other parameters of the nuclear weapon. But you can make a very effective E1 generator in weapons in the 10KT and less range. And in fact, if you want to know more about that, Dr. John Foster, probably our best nuclear designer of any age, and a member of the EMP commission and someone who worked on design issues with the commission is in the audience and you're welcome to ask him more about that.
Dr. Pfaltzgraff: And on tomorrow’s panel.
Dr. Graham: Ah, and I'm sure he’ll tell you what he can, which may not be a lot because it’s a nuclear design issue. There is another part called E3 which is yield and altitude dependent. I didn't say much about that, there's a little more in the report. But the E1 is a big deal and that doesn’t take big or heavy weapons.
Two, better to protect against nuclear weapons and missiles or protect all components; certainly a good idea to protect against nuclear weapons and missiles. I would never propose protecting all components, there's just too much out there to do that with. We need a more, I think, thoughtful and reasoned approach to the problem.
Characterize the DOD response to the EMP report, it’s been a very, very aggressive response. Secretary Rumsfeld and acting Deputy Secretary England have put out directives and instructions and the DOD is working on it very actively at this moment. It’s in line with both the statutory guidance and their own belief that this is a serious problem that should be addressed. So the building is spinning up on it, there's no doubt about that.
And finally, who pays the bill, 85 percent of the infrastructure is in civilian hands. National security is a federal government problem. Reliable infrastructure is an infrastructure provider problem. We think there's considerable benefit to both of those by protecting better to EMP and we think they can work together and each do part of the problem that is most directly related to their responsibilities. Thank you.