Play Video

America the Vulnerable: The Attacks That Could Shut Down Society

Keeping America safe in an age of cyberattacks

April 2023

Script

Click to reveal bonus content (fun facts and additional insights) within script.

 

We’ve all thought about it, even if we don’t like to talk about it: How our technology leaves us vulnerable. How fragile modern life feels.

What happens if the internet goes down? If the grid shuts off? If we can’t even get clean water?

You’ve probably considered the scenarios that could get us there.

Nuclear war?

Natural disaster?

Maybe.

But also … it could just be this guy.

[OPENING SEQUENCE]

In the 21st century, normal, everyday life … requires a lot of things to go right. Power plants have to get electricity into your home. Treatment facilities have to keep your water safe. The technology in your local hospitals has to work.

Now, most of the time those systems are so reliable that we barely give them any thought. But if even one of them goes down … life can get pretty complicated pretty quickly. And, let’s be honest … pretty dangerous.

That’s why the federal government refers to these kinds of physical or cyber assets as “critical infrastructure.” i Because without them modern life becomes almost impossible. Which is also why some of America’s adversaries have them in the crosshairs.

In just one two-year window, China managed to hack into at least 13 American pipelinesii — breaches that, had they gone undetected, could have left the country shivering.

In 2018, Russian hackers were able to get into the control systems of American electrical supplies, giving them the potential to cause blackouts.iii

Iran attempted a cyberattack on the Boston Children’s Hospital. iv

North Korea even hacked healthcare systems and left some American patients unable to get their chemotherapy.v

(Although those same hackers also stole over $1 billion in crypto, vi so, don’t worry, they got their comeuppance.)

Now there’s an obvious question here: America is a wealthy and powerful country. So, why are we so vulnerable on this front?

Well, for one thing there’s a lot of critical infrastructure to defend. And the responsibility for it is spread across both the public and private sectors.

The U.S. has over 6,400 power plants,vii for instance, and around 54,000 drinking water systemsviii — which is great insofar as it makes it a lot harder to take the whole country down, but problematic because of how many targets there are to defend.

It's also the case that not all of those institutions have the expertise necessary to guard against attacks — and that no one can even agree on which ones should count as “critical infrastructure.”

When the Department of Homeland Security first attempted to put together a comprehensive list, it mushroomed from 160 key assets to over 77,000 in just three years.ix That list ranged from things that probably make sense, like nuclear power plants, to … petting zoos.

So, yes, it’s complicated. But we’re going to have to sort it out quickly, because these vulnerabilities are starting to have real-world consequences.

In 2021, drivers on the East Coast faced widespread gasoline shortages. The reason: because hackers had shut down the Colonial Pipeline, which provides nearly half of the fuel to the eastern U.S.x And they were able to get in … by stealing a single password.xi

That was only a few months after law enforcement reported that a water treatment facility in Florida was hacked and programmed to release toxic amounts of lye into the water supply.xii And while it’s recently been disputed whether it was a genuine hacking or a problem within the facility,xiii that doesn’t change the underlying fact: We’re running some big risks here.

A 2021 government study found that one in 10 of America’s water and wastewater treatment facilities had critical cybersecurity vulnerabilitiesxiv — and that approximately 80 percent of those were because their software hadn’t been updated.

Then there’s the threat to the country’s power supplies.

The wakeup call there came in 2013, when snipers attacked a power substation in San Jose, California, destroying six circuit breakers and 17 transformers. xv The attack caused over $15 million of damage and shut down the facility for about a month … but it could have devastated the entire region.

In just the last few months of 2022, there were similar attacks in North Carolina,xvi Oregon,xvii and Washington. Shortly before, the Associated Press obtained a Homeland Security report indicating that domestic extremists were intentionally targeting the grid in an attempt to destabilize the country.xviii

Now, there is good news on this front: Which is that America’s energy supplies are so decentralized that it’s hard to generate nationwide chaos. The country has over 55,000 substations.xix There’s bad news, however, too: Which is that government analysis found that taking out just nine of them could cause the whole country to lose power.xx

And we are not telling you where they are.

It’s also probably worth noting that these vulnerabilities to our critical infrastructure don’t just create opportunities for enemy nations, international terrorists, and domestic extremists. They also create opportunities for … well, for morons.

One of those grid attacks in Washington state: It was committed by a couple of burglars who wanted to steal money from a cash register … and got the idea from watching tv.xxi

In 2019, someone shut down a water treatment facility in Kansas and disabled its filters. The perpetrator: an employee who managed the facility remotely via his cell phone — and committed maybe the worst drunk dial of all time.xxii

So, yes, we’re running serious risks. And while we don’t need to go full doomsday prepper, all of us ought to think through how we’d take care of ourselves and our families in the case of an emergency — whether that’s having a generator or some extra food & water or some spare cash; the same kinds of precautions you’d take for a hurricane or an earthquake.

We need to take the initiative to prepare for dangerous scenarios. We need to pressure our political leaders to secure our critical infrastructure.

And, for the love of God, guys, we need to change the password to the Colonial Pipeline every now and then.

Sources

  1. Critical Infrastructure Protection: CISA Should Improve Priority Setting, Stakeholder Involvement, and Threat Information Sharing — U.S. Government Accountability Office
  2. Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013 — U.S. Cybersecurity & Infrastructure Security Agency
  3. "Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say" (Rebecca Smith) — Wall Street Journal
  4. "FBI Director Blames Iran for ‘Despicable’ Attempted Cyberattack on Boston Children’s Hospital" (Sean Lyngaas) — CNN
  5. "North Korean Government Hackers Hit Health Services With Ransomware, U.S. Agencies Warn" (Sean Lyngaas) — CNN
  6. North Korea Has Hacked $1.2 Billion in Crypto and Other Assets for Its Economy — NPR
  7. "Extremists See U.S. Power Grid as Target, Gov’t Report Warns" (Ben Fox) — Associated Press
  8. "Lye-Poisoning Attack in Florida Shows Cybersecurity Gaps in Water Systems" (Kevin Collier) — NBC News
  9. "Critical Infrastructure: Emerging Trends and Policy Considerations for Congress" (Brian E. Humphreys) — Congressional Research Service, p. 10
  10. "Colonial Pipeline Outage in the United States Underscores Risks to Energy Supplies" (Kristine Petrosyan) — International Energy Agency
  11. "One Password Allowed Hackers To Disrupt Colonial Pipeline, CEO Tells Senators" (Stephanie Kelly, Jessica Resnick-ault) — Reuters
  12. "‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town" (Frances Robles, Nicole Perlroth) — New York Times
  13. "Florida City Water Cyber Incident Allegedly Caused by Employee Error" (Chris Teale) — GCN
  14. "50,000 Security Disasters Waiting to Happen: The Problem of America’s Water Supplies" (Kevin Collier) — U.S. Cybersecurity and Infrastructure Agency, via NBC News
  15. "Experts: Sniper Attack on PG&E Site Points to Power Grid’s Vulnerability to Terrorism" (Steve Johnson) — Mercury News
  16. "Explainer: U.S. Power Grid Has Long Faced Terror Threat" (Michael Kunzelman, Jonathan Drew, Rebecca Santana) — ABC News
  17. "String of Electrical Grid Attacks in Pacific Northwest Is Unsolved" (Conrad Wilson, John Ryan) — Oregon Public Broadcasting
  18. "Extremists See U.S. Power Grid as Target, Gov’t Report Warns" (Ben Fox) — Associated Press
  19. "U.S. Risks National Blackout From Small-Scale Attack" (Rebecca Smith) — Wall Street Journal
  20. Ibid.
  21. "Two Charged in Pierce County Christmas Day Substation Attacks" (Hal Bernton, Mike Carter) — Seattle Times
  22. Kansas Man Pleads Guilty to Water Facility Tampering — U.S. Department of Justice

Shownotes

Sound | "My Lord” Yarin Primak, “Breaking Sweat” Balloon Planet, “Game Over” 2050, “Strong” Omri Dehan // Premium Beat: "Kenya” Wolves // Artlist Sound Effects Library

Footage | U.S. Government Accountability Office // Congressional Research Service // Cybersecurity and Infrastructure Security Agency // Department of Homeland Security // Library of Congress: Louis Dalrymple // 60 Minutes // ABC News // Associated Press // CNN // Fox News // National Public Radio // NBC News // The Mercury News // The New York Times // The Wall Street Journal // Time Magazine // Oregon Public Broadcasting // Patch // Government Computer News // The Kremlin // The Internet Archive: U.S. Army // Getty: Peter Muhly / Contributor, Robin Beckham, DenGuy, Alexi J. Rosenfeld / Stringer, Justin Sullivan / Staff, Schroptschop, Gorodenkoff, CommandoXphoto, AerialPerspective Works, Richard Newstead, Towfiqu Ahamed, Martin Stoyanov, Maddrat, CLIPPN The Professional Clip Network, Bartram, Simonkr, Rainer Berg, Kevinjeon00, Life On White, Stocktrek Images, Studio343, PassionStudio, David McNew / Stringer, Sturti, AnnaStills, M-imagephotography, Jamroen Jaiman / EyeEm, Skodonnell, Moussa81, Tara Moore, Tanya Constantine, LightFieldStudios, Sean Rayford / Stringer, Michael Swensen / Stringer, John Moore / Staff, Michael M. Santiago / Staff // Adobe Stock: Tony Baggett, Brostock, Zhu Difeng, Javvani, Andrei310, Deep Pixel, Techstockstudio, Steheap, Olegphotor, WavebreakMediaMicro, Vat2522, 3drenderings, Todja, Vaalaa, Stefan Wolny, Gary, Burhan, DG-Studio, Oliviart, Zairi no Design, DN6, Serikbaib, Oxinoxi, Alhim, Quality Stock Arts, Siwakorn1933, Markobe, Alswart, Pixel-Shot, Daseaford, AGPhotography, Sknakorn, Serkucher, Retan, Roman Milert, Karamysh, Mshch, Martina, Andreykr, ToddKuhns, Rawpixel.com // Flickr: Hiroshi Nishino, Mike Mozart // Storyblocks: GoviFx, Skylightpictures, FootageFoundHere, HighWay_videography, Klss, SriFx, Dapoopta, Storyblocks Library, JaimeByrd, Syda Productions, Defstock, ODesigns, Monkeybusiness, Frame Stock Footage, Skywardkick, Eternal, 8K, Eduard_M, SpaceStockFootage, HDVMaster, HalfPoint, Mediablix, The Stock Studio, SVZUL, A Luna Blue, VladyslavStarozhylov, Fishmotion, Zuxela, Meh.21, Kukhunthod, Mariom, Vadim_Key, Dan Jesperson, Cristian, CloudVisual, Bussker, Rivetstudio, Nopow, Rickray, Pohodzhayproduction, Vinkfan_art, Stockmedia, Filmstudio, Aerialworksusa.com, Patramansky, Sorapop Udomsri, Ilya2k // Unsplash: Lina White, Aditya Joshi, Meriç Tuna, Lukás Lehotský, Milosz Klinowski, Remmington Wanner, Dusan Veverkolog, Jonathan Cooper, Robert Wiedemann // Pexels: Omar Zahid, Tima Miroshnichenko// Pixabay: Tobbo // Vecteezy: Ery Prihananto, Dreamerice, Eureka Design, Rightmeow2, Lavarmsg, Iconbunny, Muhammad Usman, Lincung Studio, Orangereebok, Bsd_Studio, Solarus, Iyi Kon, Chandra.ardanz314876, Serhii Borodin, Iron Sv, Ylivdesign32835, Watchtaxinyc, Jatuphol Intaphong, Ivanka Nikitovic, Zhuravleva Anastasia, Rewat Wannasuk, Mahmudul Hassan // FreePik // Adam Kliczek // DR04 // Jeff Buck // MBlairMartin // Novoklimov // Realizzato con Inkscape/Photoshop: Lory Tek // Richard Webb // SKopp // W.carter // Zscout370 // CITED SOURCES AND NEWS OUTLETS ARE NOT AFFILIATED WITH AND HAVE NOT ENDORSED OR SPONSORED ANY PORTION OF THIS PRODUCTION. 

Sources

  1. U.S. Government Accountability Office
    Critical Infrastructure Protection: CISA Should Improve Priority Setting, Stakeholder Involvement, and Threat Information Sharing
  2. U.S. Cybersecurity & Infrastructure Security Agency
    Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
  3. Wall Street Journal
    "Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say" (Rebecca Smith)
  4. CNN
    "FBI Director Blames Iran for ‘Despicable’ Attempted Cyberattack on Boston Children’s Hospital" (Sean Lyngaas)
  5. CNN
    "North Korean Government Hackers Hit Health Services With Ransomware, U.S. Agencies Warn" (Sean Lyngaas)
  6. NPR
    North Korea Has Hacked $1.2 Billion in Crypto and Other Assets for Its Economy
  7. Associated Press
    "Extremists See U.S. Power Grid as Target, Gov’t Report Warns" (Ben Fox)
  8. NBC News
    "Lye-Poisoning Attack in Florida Shows Cybersecurity Gaps in Water Systems" (Kevin Collier)
  9. Congressional Research Service
    "Critical Infrastructure: Emerging Trends and Policy Considerations for Congress" (Brian E. Humphreys), p. 10
  10. International Energy Agency
    "Colonial Pipeline Outage in the United States Underscores Risks to Energy Supplies" (Kristine Petrosyan)
  11. Reuters
    "One Password Allowed Hackers To Disrupt Colonial Pipeline, CEO Tells Senators" (Stephanie Kelly, Jessica Resnick-ault)
  12. New York Times
    "‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town" (Frances Robles, Nicole Perlroth)
  13. GCN
    "Florida City Water Cyber Incident Allegedly Caused by Employee Error" (Chris Teale)
  14. U.S. Cybersecurity and Infrastructure Agency, via NBC News
    "50,000 Security Disasters Waiting to Happen: The Problem of America’s Water Supplies" (Kevin Collier)
  15. Mercury News
    "Experts: Sniper Attack on PG&E Site Points to Power Grid’s Vulnerability to Terrorism" (Steve Johnson)
  16. ABC News
    "Explainer: U.S. Power Grid Has Long Faced Terror Threat" (Michael Kunzelman, Jonathan Drew, Rebecca Santana)
  17. Oregon Public Broadcasting
    "String of Electrical Grid Attacks in Pacific Northwest Is Unsolved" (Conrad Wilson, John Ryan)
  18. Associated Press
    "Extremists See U.S. Power Grid as Target, Gov’t Report Warns" (Ben Fox)
  19. Wall Street Journal
    "U.S. Risks National Blackout From Small-Scale Attack" (Rebecca Smith)
  20. Seattle Times
    "Two Charged in Pierce County Christmas Day Substation Attacks" (Hal Bernton, Mike Carter)
  21. U.S. Department of Justice
    Kansas Man Pleads Guilty to Water Facility Tampering

Delve Deeper

Learn more with a sampling of expert analysis and opinion from a wide variety of perspectives.

Article(s):

Bonus Content

To download or print the bonus content, click here.

More Videos

May 2023

The Biggest Misconceptions about American Health Care

Some say American health care represents heartless capitalism. Others say it’s bureaucratic socialism. The reality? Neither answer is right — because our system isn’t nearly that coherent.
Watch Now...

May 2023

Where Did America’s K-12 Students Go?

America’s public schools lost over 1.2 million students during the pandemic. What happened to them?
Watch Now...