war on the rocks

War Planning Must Include Domestic Plans, Too

April 2, 2018

President Donald Trump’s recent personnel shifts have been described as the making of a war cabinet just as high-stakes negotiations (and negotiations about whether negotiations are worth it) are in the works involving both Iran and North Korea. It is no surprise, then, that in Washington today one can hear the beat of war drums growing louder. And yet even many of those who accept there may be good cause for risking war in either or both cases are rightfully concerned about these adversaries’ willingness to use non-conventional means such as cyber attacks or an electromagnetic pulse (EMP) weapon to take down so-called “soft targets” such as America’s power grid. But the drums are beating nonetheless, and that means improved preparedness at home is increasingly necessary. After all, if the government is taking steps that make the likelihood of war greater in the near term, shouldn’t it also raise the level of effort put into ensuring all reasonable steps are taken to protect the American people at home?

If, as whispers in Washington indicate, the U.S. military is ramping up war plans, government leaders should also re-examine the current (but now outdated) threat assessments that help prioritize the actions of domestic security and emergency management agencies. In other words, as the threat picture changes and war seems likelier, America’s preparedness for domestic retaliation and its second-order effects also should be ramped up aggressively.

And yet the bureaucracy doesn’t really work that way. Instead, in America’s complex, cumbersome multi-agency process there is a linear, deliberate path for formally assessing different levels of risk. The intelligence community provides periodic reviews of threats that, in turn, drive formal risk assessments by organizations such as the Departments of Homeland Security and Energy. These risk assessments help those departments set their priorities and then are shared with private sector owners and operators of critical infrastructure, who in turn allocate their resources partially based on the original risk assessments.

But the whole process takes way too long for how fast the world is moving. An intelligence assessment can take a year or more to complete, and then it will be used for several years as the basis for planning by both the public and private sector partners that work together to ensure the safety of the American public. This timeline is unusable in an era when wars of the type that America has not fought in decades loom on the horizon. American risk assessments about the probability of cyber attacks or EMP threats from Iran and North Korea are outdated. But those outdated assessments still drive the pace of planning by the federal bureaucracy and its private sector partners. And that in turn creates unacceptable levels of risk.

Process over Prudence

The sprawling U.S. national security community often feels just as chaotic to those on the inside as it does to outsiders. But the overall process for assessing threats and then allocating resources to them in a generally risk-based manner is more structured than one might think. For example, the National Security Strategy is meant to inform subordinate documents such as the National Defense Strategy and the National Military Strategy, just as the Quadrennial Homeland Security Review is meant to ensure alignment amongst the efforts of the Department of Homeland Security. While none of these documents or their derivative plans and strategies are ever fully implemented or resourced exactly as written, they do provide rough guidance to the massive multi-agency efforts that cover down on various facets of intelligence, national security and homeland security issues. They also set in motion bureaucratic processes whereby threat assessments define risk estimates that are used in setting priorities for where to focus near, mid- and long-term efforts.

For example, a recent conversation with a senior Department of Homeland Security official highlighted that the department determines how much to address certain critical infrastructure threats based on risk assessments performed by the other parts of the government. That is generally both good and proper — it allows for unity of effort and keeps a certain amount of consistency at the core of risk-based resource allocation.

The problem, however, is that today’s world changes at a pace that often renders such long-term planning obsolete. The past year alone has seen seismic changes in terms of the threat picture — with battlefield victories against the Islamic State reducing one set of risks even as conflict with nation-states like Iran and North Korea became much more likely. Now that the facts on the ground have changed, so too must planning for preparedness in the homeland.

What Needs Protecting?

Iran and North Korea are not eager to face the United States on what American military leaders view as the traditional battlefield, meaning the likelihood of a first strike or retaliatory attacks against soft targets should be a major concern. This reality is stark in dealing with Iran, given its history of using proxies to carry out paramilitary strikes, including Hizballah, which has a longstanding support (though not operational) presence in the United States. The same is true of North Korea. The Kim family regime’s unorthodox military maneuvers include using miniature submarines to sink a South Korean naval vessel in 2010 and a brazen attack using VX nerve agent in an international airport to kill the North Korean leader’s half-brother just last year. If war should come with either of these regimes, it seems more than just plausible that the United States will face some sort of large-scale strike against its civilian population.

To take one example from many, a likely focus of such attacks on the U.S. mainland involves the domestic power grid, the proper functioning of which underpins and enables the country’s communications, security, and transportation systems. But don’t take my word for it. Multiple outlets across the political spectrum, including War on the Rocks, have reported about the increasing cyber threats to the United States power grid, with both Iran and North Korea (not to mention Russia) having already penetrated American electrical power networks. Similarly, former head of the CIA James Woolsey and others have warned of the electromagnetic pulse threat from North Korea for decades, just as Iran reportedly endorsed the idea of using an EMP against the United States in 2015.

Sadly, having continuously assumed that a successful, wide-scale attack of this nature is relatively unlikely in the near-term, federal government and industry players have consistently focused their energies elsewhere. Even as the twin threats grew over the past few years and both the government and industry have begun a commendable process of research and development, their current approach assumes we have enough time to enact optimal solutions. What’s needed instead is a hard-nosed effort focused on very near-term practical protections for the grid.

Finding Workable Solutions

What can be done at this late date? The Department of Defense and other critical national security elements should immediately conduct planning for how to operate with a compromised power grid, including buying and testing generators, storing extra fuel, stockpiling critical spare parts, and experimenting with protective devices and equipment that may lessen the impact of certain power fluctuations that could result from EMP or cyber events.

At the same time, the Department of Homeland Security (and especially the Federal Emergency Management Agency) should run state and local exercises planning for massive disaster response under low or no-power situations. The government and industry also should re-assess the choice to pursue multi-year research and analysis of potential grid security improvements vice focusing on a more wartime footing that accepts greater risks while conducting field trials of emergent technologies including advanced surge arrestors, insulating counter-EMP spray concrete, significantly increasing the available replacement parts through the Spare Transformer Equipment Program, and the like.

These actions would require an initial outlay from Congress to support necessary test and evaluation and installation costs as well as state and local governments to ease permitting and siting considerations. But given the massive potential downside of failing to secure the grid nothing less than these basic steps seems reasonable. After all, if reports are correct that the American military is spending significant resources on planning to carry out a potential war overseas, shouldn’t the civilian parts of the government also be planning to defend us here at home?

Finally, the U.S. government should tell the American people to be sure they are self-sufficient by having at least a few weeks’ worth of food, water and other necessities on-hand in case things take a turn for the worse. For too long people have assumed that local, state or federal government will be there quickly if a massive disruptive event takes place. And while response capabilities have improved dramatically, the fact is that most response relies on mutual aid and sharing resources from outside the impact zone. When the whole nation may be affected the ability to move and respond in a timely fashion is severely hampered, and individual readiness is paramount.

Conclusion

Given the nature of the Iranian and North Korean regimes — and as conflicts with either of them appear ever more plausible — it is high time we re-assess adversary intent in light of the current threat stream. In other words, the conventional assessment of EMP and large-scale cyber threats as remote enough that the government can afford to “realize that this is a really hard problem, and finally decide that we need to meet again on this in two or three months” (as confirmed by Michael Hayden, the former director of both the CIA and NSA and a retired four-star Air Force general) is no longer sufficient. What’s needed instead is an update to the threat picture aligned with the resolve to identify and implement remedies and protections in a meaningful way that protects the homeland.

 

J. Michael Barrett is head of the Center for Homeland Security and Resilience and a former Director of Homeland Security Strategy in the George W. Bush administration, Naval Reserve officer and Fulbright Scholar. His views are his own.

Image: Dreamstime via USGS.gov