This article was originally published at Cyber Magazine: https://public.milcyber.org/activities/magazine/articles/2020/20200120-renda
The United States has totally underestimated the ability of an amateur or terrorist to launch an EMP attack on the infrastructure or the electric grid. The Tesla coil or Marx generator can easily supply the EMP to disable the infrastructure or a part of the electric grid. What is equally frightening is that the fly-by-wire jets are very susceptible to this attack. Passengers already bring EMP power sources that are found in the flash components of a camera.
In order to talk about injecting EMP pulses into the electric grid/infrastructure, we first have to talk about the starfish test. It was starfish prime a 1.4 Mt nuclear bomb, set off on July 8, 1962, in high-altitude explosion 250 miles above the surface of the earth and it yielded 1.45 Mt. The EMP was more substantial than expected and it even pinned the instrumentation needles off the scale. In Hawaii about 890 miles away from the detonation point it knocked out 300 streetlights, the telephone company microwave link and calls from Hawaii to the Hawaii islands and set off numerous personal alarms. This high-altitude test was one of several called operation fishbowl; hydrogen bombs detonated high above the surface of the earth that created a large EMP pulse caused by the Compton Effect. This effect is created by electrons produced by gamma rays colliding with air. This explosion yielded a far greater pulse than was theorized. The U.S. completed six high-altitude nuclear tests in 1962, but tests produced many expected results and raised many questions. That it can disable the electric systems on the ground; in 1962 most electrical systems were electromechanical. Today most systems are run by microprocessors, and these devices are far more sensitive to EMPs.
Are there any natural phenomena that can produce an EMP?
When most people think of the naturally occurring event that creates an EMP, they typically think of lightning. The other phenomena that create EMPs are solar storms. Space weather is created by a prominent sizeable solar flare or a coronal mass ejection. This is a slow-moving multibillion ton cloud of plasma that contains electrons and protons. In 1989 Québec a blackout was blamed on a massive solar storm. In July 2012 we had a large solar storm, and it was twice the size as the event that caused the 1989 Québec blackout. The most significant solar storm was the Carrington event of 1859. At that time we did not have a radio or other modern conveniences like cell phones, but we did have telegraph stations that used wires on telephone poles and acted as a large antenna. If a storm of this magnitude happened today, we would probably be set back to the Stone Age.
What about man-made EMP and other countries?
In 1962 the Soviets executed several nuclear detonations of 300 kiloton hydrogen bombs, these were done at the height of 300, 150 and 60 km above the Earth in Asia. Each of these pulses caused underground cables to burnout, blown fuses, and power supply breakdowns. Today numerous countries have this EMP-bomb capability. In particular, North Korea, Iraq, Iran, Russia and China have produced multiple documents about creating a very high yield EMP nuclear bomb.
Is the U.S. government doing anything about remediation?
In the article "Electromagnetic Pulse EMP protection and Resilience Guidelines for Critical Infrastructure and Equipment" deals with hardening our military and civilian infrastructure so that they can survive an EMP attack. In this article, they mentioned EMP protection levels for infrastructure.
The levels are listed below.
- Level I is the lowest cost and outages are permitted.
- Level II hours of outages are permitted
- Level III only minutes of outages are permitted
- Level IV only seconds of outages are permitted.
- EMP disruption
An EMP attack can disrupt the electric grid, banking finance, hospitals, and transportation infrastructure. Manufacturing capability is very vulnerable since most manufacturing processes are run by supervising control data acquisition software. The civilian infrastructures would be a perfect target for a large-scale EMP attack. Some infrastructure has a single point of failure. One other thing about the attack it would knockout cell phone service. Most people are almost addicted to cell phones, and the result would be greater anxiety and stress on the population. Without cell phones, they would not know what's happening. An EMP can also be created by men, and man-made nonnuclear sources are on the market. Some of the devices out there on the market to create an EMP can disrupt a car. These devices are costly and generally out of the reach financially of the amateur or terrorist. There is a way for an amateur or terrorist to generate an EMP at some lethal doses. The Tesla coil and the Marx generator can generate EMPs and I have experimented with both of them.
The Marx generator was created by Irvine Marx in 1924. The generator charges capacitors in parallel and discharges them in series by using a spark gap. The link below is a YouTube video of my pulsing a cable box.
It is a summation of pulses that disrupts this cable box that is it's different than a hydrogen bomb explosion that produces one tremendous pulse. Also, these pulses readily travel through the wire, and by connecting to the ground wire of an electrical system, you are injecting into everything. The Marx generator does not scale up well; that is, you would have to use very expensive military-grade components. You could not buy them at RadioShack. One device that scales up well for little money is the Tesla coil. Again, using the summation of pulses with a Tesla coil, you can disrupt microprocessors. Tesla coils can be particularly lethal because, for about $2000, you can build a coil harmful to microprocessors, within the means of any amateur or terrorist. The person running them would have to the ability to solder electrical components. I will continue running experiments with these devices. I tested the ground continuity in Queens County, New York City. The ground connects the whole electrical system, and there is no remediation if you create impulses into the ground system. When you open a circuit breaker with 3 phase power it does not disconnect the ground.
The Tesla coil
In 1891 Tesla invented a Tesla coil it's basically a resonance transformer that created high voltage high-frequency power. There are numerous references on how to build a Tesla coil on the Internet. For my experiments, I used six different Tesla coils. The Tesla coils I used have different physical sizes the largest Tesla coil runs at a better than 150 kHz the smallest Tesla coil runs around 900 kHz. I used a so-called software Tesla coil exciter. This device tunes to the frequency of the coil. In general, I find the high frequencies are more destructive to microprocessor circuits, than the low frequencies. There are numerous kits on the market for Tesla coils. In order to make it particularly lethal to microprocessors, or the electric grid, the operator would have to know Fourier analysis, differential equations, and possibly the Laplace transforms. This is an experimental device, and nobody is going to interfere, you, can test in obscurity. One other fact- about Tesla- when he was in Colorado Springs, he had a very large Tesla coil that ran at low-frequency high voltage. This coil induced several kilowatts of- energy into the coils of the power station, burned out the winding of the generator.
I have identified three microprocessor, rich environments. They are hospitals, fly-by-wire jets, and nuclear power plants.
Hospitals today are run by many microprocessors. A patient may have anywhere from four to eight microprocessors that deal with their condition. Hospitals also make use of Wi-Fi to transmit information. Over the past ten years, there has been significant automation of hospital systems and the integration of different devices. If someone wants to inject pulses into the hospital system to the ground or the other hot leads, they will turn some devices off; some devices will try to reboot and some devices will just be burned out, and again talking about a series pulse, not just one big pulse. I presented this scenario to a doctor, and his opinion was in the first 24 hours anywhere from 5 to 10% of patients in ICU will perish. The automation in hospitals has benefited nurses; they can look over numerous patients at the same time. Hospitals do not have a scenario for this type of event; there is no backup or recovery scenario. Hospitals would not know what is happening to them and not be able to identify what's going on. This outage will happen even if they had power conditioners on their electrical lines. The analog landlines probably would still work. The telephone system running voice over IP would fail. There's no disaster recovery for this scenario.
With the automation of every aspect of our lives, jets have increasingly been computerized. The two major aircraft companies, Boeing and Airbus have increasingly automated their flying machines. Boeing has recently had a problem with the max 737. I have over 45 years of experience in software quality assurance and data security. One pattern I've learned over those 45 years is that it’s increasingly difficult to detect problems with software and hardware that cross multiple platforms. Another article that I might write, I call "HACKER SINGULARITY." I believe in the next 5 to 10 years we will be approaching the point where the information security budget will be larger than the budget for all other IT subsystems. What is the difference between Boeings versus Airbus's idea of automation?
Airbus is a much more fly-by- wire plane than Boeing. In the airbus system the jet flies in the protected flight envelope and basically, the software tells pilots what to do. That's the opposite of what the Boeing system does. The software augments the pilot; the pilot is always in control. Airbus planes are more susceptible to an EMP attack generated within the airplane. There are already EMP generators onboard jets; any camera that has a flash attachment, and most do, can generate an EMP.
In some cases, cell phones also have flash capability, so there are multiple possible EMP generators on board. Most of my work has been done with not one big pulse but several pulses. Airplanes have redundancy or triple redundancy of all avionics, but all are controlled by microprocessors. One other factor not in consideration is that today's flight recorders are microprocessors driven; they are not driven by Mylar tape of yesterday. Today they can record many more parameters. They will fail like all the avionics systems.
Below I've developed four possible scenarios that with a single pulse that can take out a jet.
The single pulse may cause significant structural failure to the airframe, that is, the pulse that the airplane will receive in an erratic manner so that it exceeds the structural capabilities of its fuselage or tail. Pulse generator floating is not grounded.
The single pulse is generated at takeoff.
The single pulses is generated at landing with the pulse generator floating.
The single pulse causes the fuel tank to explode. In this case, the pulse generator is not floating; it's connected to the neutral and hot lead in the airplane system. On July 17, 1996, Trans World Airlines flight 800 exploded over Long Island Sound. After numerous investigations including considering that a missile could have shot the jet down and possible terrorist activities, the NTSB ultimate came to the conclusion that center fuel tank exploded because of an arc in the wiring in the center fuel tank. This is proof of concept that if you inject a pulse into the wiring of an airplane, you can create an explosion. Most/cameras flashes can produce enough power to cause an arc. Injecting the pulse into the wiring of the jet you have both conductions in the wires and radiation of the wires and there is a good chance the pulse will couple with some of the wirings and cause a major catastrophe.
The nuclear reactor.
I've never been to the control room of a nuclear reactor, although I imagine it has a myriad of sensors gauges. Some of the sensors will measure neutron flux, gamma rays, water temperature, and pressure in the vessels turbine speed, etc. etc. All the sensors are no doubt controlled by some microprocessor systems or minicomputer systems that are probably networked together.
I have come up with three possible scenarios.
Number one an EMP pulse is injected into the ground during normal operating procedures while the reactor is producing power and transmitting it to the electric grid. The only problem I see is if the pulse causes some erratic movement of the control rods or it could cause a SCRAM of the reactor, that is a rapid shut down of the neutron flux.
Number two- EMP get injected into the ground during reactor shutdown.
The number three-EMP is injected into the ground during a reactor startup.
The two most critical times for the reactor is when it's shutting down and starting up.
The risks of an EMP attack on the infrastructure and or grid is very real, and it is very doable
This will be an ongoing series. The next part will deal with civilian targets that are rich in microprocessors and have a single point of failure.
This article is to inform you about EMPs, not to scare you. However if you are on an Air-bus or a Boeing jet and the person sitting next to you starts to disassemble a camera with a flash, I would strongly recommend that you bring it to the attention of the stewardess.
About the Author:
Paul is an inventor and a futurist. He has spoken twice at Defcon and twice at HOPE (Hope Hackers On Planet Earth). In 1995 Paul was first person to come up with a defense against war dialers. A war dialer is a device that scans telephone numbers looking for modems this is done to possibly break into a computer system. He’s been active in information security for the past 45 year.