Putting president Trump’s executive order on electromagnetic pulses (EMP) in context

Last week, President Trump signed an Executive Order on Coordinating National Resilience to Electromagnetic Pulses (EMPs). EMPs are electromagnetic pulses — generated from a nuclear device detonated miles above the surface, or from a celestial event like a solar flare.

The President should be applauded for bringing attention to the potential vulnerability of our Nation’s infrastructure and for calling for a coordinated, comprehensive analysis and approach to protecting our Nation. As I have written in the past, however, we should remain cautious and vigilant against overreaction and overregulation that does not make us safer nor more secure.  There is no golden widget, or solution that will magically wrap our nation’s infrastructure in a protective coating making it impervious to an EMP attack.{mosads}

The Executive Order tasks the Assistant to the President for National Security Affairs (APNSA), through National Security Council staff and in consultation with the Director of the Office of Science and Technology Policy (OSTP), to coordinate the development and implementation of executive branch actions to assess, prioritize, and manage the risks of EMPs. Annually, the APNSA will submit a report to the President identifying gaps in capability, and recommending how to address those gaps. While that’s commendable, any actions or report from the White House should begin with reviewing the efforts already taken, underway, and ongoing across government and industry to keep our nation safe.

Currently, the federal government and electrical industry work together across the sector and through the Electricity Subsector Coordinating Council (ESCC); the North American Electric Reliability Corporation (NERC); the Electric Power Research Institute (EPRI); federal agencies, including the Department of Defense (DOD), Department of Energy (DOE), Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), FBI, and Federal Energy Regulatory Commission (FERC); and state and local law enforcement agencies. In other words, a lot is already happening and the perception that nothing is being done about the risk of an EMP is misguided.

In fact, today, the federal government works to secure the energy grid through information sharing, which includes the Cybersecurity Risk Information Sharing Program (CRISP). As such:

• CRISP enables near real-time sharing of cyber threat data among government and industry stakeholders, while supporting machine-to-machine threat mitigation.
• Cyber threat information shared through CRISP is helping to inform important security decisions not just among participating companies, but throughout the electric sector, as information obtained by the technology is then shared anonymously.
• CRISP is a public-private partnership co-funded by DOE and industry. CRISP seeks to facilitate timely bi-directional sharing of actionable unclassified and classified threat information, using advanced collection, analysis, and dissemination tools to identify threat patterns and trends across the electric power industry.

Additionally, the federal government and the electric sector plan and regularly exercise for a variety of emergency situations that could impact their ability to provide electricity. In the last two years alone, there have been many incident response exercises, including several national-level exercises:

• National Level Exercise (FEMA, May 2018) tested the ability of all levels of government, private industry, and nongovernmental organizations to protect against, respond to, and recover from a major mid-Atlantic hurricane.
• GridEx IV (NERC, November 2017) gathered more than 450 organizations and 6,500 participants from industry, government agencies, and partners in Canada and Mexico.
• Cyber Guard (DOD/NSA, June 2017) was a weeklong exercise that tested the response capabilities of energy, IT, transportation, and government experts to a major cyberattack.
• FEMA Region III (FEMA, May 2017) conducted a power outage exercise that focused on how Federal, state, and local emergency managers would work with the electricity industry to respond to a physical/cyber-attack on the mid-Atlantic region’s energy grid.

The Executive Order calls for the Federal Government to provide incentives to private-sector partners to encourage innovation that strengthens critical infrastructure against EMPs. It also calls for pilot programs, deliberate and close coordination with private sector, and with an awareness of cost is well stated, and, hopefully, will be so executed.

Finally, while the threat of EMPs are real, and the dangers associated with them make for good headlines, this action by the President should not confuse anyone; EMPs are by no means one of the top-tier national security challenges, nor the most pressing concern for the safety of our electrical grid. A careful and reasoned plan put forward, like what we saw last week from the White House, makes sense. We must also be vigilant to ensure the EMP threat is not overblown and thereby dedicate limited resources to a highly unlikely threat.

Gregory T. Kiley is a former senior professional staff member of the Senate Armed Services Committee and U.S. Air Force Officer.