by Rob Enderle

How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid

News Analysis
Sep 06, 20135 mins
Backup and RecoveryCybercrimeDisaster Recovery

It isn't yet time to stock up on canned beans and bottled water, but a potential conflict with Syria--which hasn't been shy about attacking vulnerable U.S. infrastructure--should have your organization reviewing its disaster-preparedness plans.

Earlier this week, on Wall Street Journal This Morning, I shared my increasing concern that we aren’t taking seriously the Syrian cyberattack and the possibility of a Syrian military warning shot against U.S. infrastructure.

The U.S. power grid is vulnerable, held together by little more than a prayer and bailing wire. Even if Syria doesn’t strike, a broad failure is inevitable. It’s therefore prudent to begin testing your short- and long-term power outage contingency plans.

Remember, a broad outage doesn’t just mean failover, as it could extend to failover sites. This means your current mitigation and disaster recovery planning may be inadequate for what might end up being a near-nationwide outage.

Report: Cyberattacks Second Most Common Cause of Severe EU Wired Internet Outages in 2012

Even if you don’t buy into the Syrian cyber counterattack risk, the likelihood of a massive outage is still great enough to test your firm’s ability to survive if much of the power and telecom grid suddenly fails and remains down for weeks or even months. Disaster preparedness assessments are a prudent exercise, after all, and the Japanese tsunami of 2011 showed that the U.S. isn’t the only wealthy nation with fragile infrastructure issues.

Power Grid Failure Would Be Catastrophic

Data Disaster

Massive failures typically result from a massive weather event. You don’t just lose power; if the power outage goes on for a day or more, you eventually lose telecommunications, water and even gas supplies (which often fuel emergency generators). A cascading failure would cause many transformers to catastrophically fail, which is a nice way of saying “explode.” Recovery time could easily move from days to months; existing transformer reserves would be inadequate, and the in-country manufacture of new transformers would paradoxically need to wait until those factories could be brought back online.

Most generating facilities — especially hydroelectric — would come back relatively quickly. If distribution is catastrophically destroyed, though, getting that power to your primary or backup sights would be problematic. You could find your in-country facilities down for the count.

Related: 10 Disaster Preparedness Questions For Cloud Service Providers

How-to: Plan for Disaster Recovery and Business Continuity

Corporate buildings would hardly be the only facilities affected; employees would suddenly face a world where food, water and gas supplies were unavailable for extended periods. Many would have no choice but to relocate, as extended families, to areas that were secure and had sufficient supplies.

While a downed power grid would largely leave homes intact — unlike New Orleans after Hurricane Katrina — contacting employees and their families and coordinating their movement would fail. Yes, most of today’s homes use cable modems for phone service, but those must be plugged in and would be unreliable. And yes, wireless phones and cell towers would work in a power outage, offering organizations a way to deliver rally points and other critical information, but cell towers’ backup power supplies only last several hours — as do the typical cell phone batteries.

Contingency plans would need to be in place before an event so everyone is more likely to emerge from it safely.

Assess Disaster Preparedness Now — And Don’t Count on Help

This isn’t a short-term problem. America’s electrical infrastructure is in bad shape. Large-scale weather events such as Hurricane Sandy hit cellular networks and the power grid both far and wide. Groups as varied as hostile nations and anarchists are increasingly gaining the skills necessary to do significant damage.

The federal government is not willing to fund needed infrastructure upgrades. Before the U.S. starts shooting missiles at countries with strong cyberattack teams, it should harden U.S. infrastructure, but betting the government will do the smart thing has been a losing proposition of late.

All of this suggests, then, that putting major data centers near large hydroelectric sites to assure power (as Google has done) or focusing on alternative energy sources (as is the case with Apple’s planned new headquarters) to assure the sites can remain operational during extended outages. You’ll have to think through network transport, though; if these sites can’t connect, you’re still in trouble. Having failover capability in another country, such as Canada, would be advised.

Related: 5 States That Offer Big Data Center Appeal

More: Using Renewable Energy in the Data Center

Thinking strategically, the only approach that may work in countries with vulnerable infrastructure or unstable government may be an arcology. This eventual evolution of self-sustained architecture and ecology blends corporate and personal living structures, assuring that both people and equipment are safe and recognizing that an inability to protect either could result in company failure. Arcology continues to advance worldwide, but clearly they are needed most where there’s a broad risk to infrastructure and/or employee safety.

In the meantime, review your disaster preparedness plans to assure they adequately address large regional or national power outages. This often makes the difference between surviving a catastrophe and becoming a statistic. If people have a plan that they know works, they’re less likely to panic and do dangerous, stupid things. Don’t put this off.

Rob Enderle is president and principal analyst of the Enderle Group. Previously, he was the Senior Research Fellow for Forrester Research and the Giga Information Group. Prior to that he worked for IBM and held positions in Internal Audit, Competitive Analysis, Marketing, Finance and Security. Currently, Enderle writes on emerging technology, security and Linux for a variety of publications and appears on national news TV shows that include CNBC, FOX, Bloomberg and NPR.

Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn.