- Every six months, DARPA stages mock cyber attacks a highly restricted island off the coast of New York.
- Specialists war game a major cyber attack of the power grid on Plum Island, which people need US government clearance to set foot on.
- The exercise involves figuring out how to jumpstart a large electricity system if it gets suddenly taken offline by enemy hackers.
- A DARPA official sent Business Insider photos of the site during one of the drills.
- Visit Business Insider’s homepage for more stories.
Only a few have gone through the extensive background checks needed to access Plum Island – where a secretive branch of the US government runs exercises to prepare for all-out cyber war.
The speck of land in the Long Island Sound, owned by the Department of Homeland Security is largely deserted. The main attractions are a defunct lighthouse and a center that studies infectious animal diseases.
It is also the perfect setting for the US government to stage mock cyber attacks on the power grid.
Every six months, the Defense Advanced Research Projects Agency (DARPA) – part of the Pentagon – ferries over experts who work to jumpstart a dead grid, while warding off a series of cyber threats.
- Google maps/Business Insider
The exercise prepares them for a worst case scenario: if hackers succeed in taking the US electric system offline.
In Ukraine people have already seen the consequences of such an attack. Hackers plunged thousands of people into darkness when they compromised parts of the electric grid in 2015 and 2016.
The country’s security services blamed Russia, which had occupied Crimea shortly before, and would ultimately annex it from Ukraine.
The US has not yet seen an attack on its grid. But the FBI and DHS warned that Russian government hackers have in the past managed to access other critical infrastructure like the energy, nuclear, and manufacturing sectors.
- (Defense Advanced Research Projects Agency)
Walter Weiss, the program manager overseeing the DARPA exercises, told Business Insider that his team is one of many studying how to defend the grid.
Weiss also sent Business Insider images of the site where DARPA carries out its operations.
“What we do that’s different is that we start from the assumption that an attack would be successful,” Weiss said.
“What scares us is that once you lose power it’s tough to bring it back online… Doing that during a cyber attack is even harder because you can’t trust the devices you need to restore power for that grid.”
Without electricity, the experts cannot count on light, phone service, or access to the computer networks they need to restart the grid. Their only source of power are old-fashioned generators which need to be refueled constantly.
That means the the specialists cannot focus solely on fighting off cyber attacks, Weiss said, because so much of their focus is taken up with other things.
Without being able to communicate, the tiniest misstep can set the team back dramatically.
Practicing on Plum Island in particular is useful, Weiss said, because it mimics the isolation that could come with a full-scale cyber attack on the mainland.
“That’s something we like about the island: You have what you brought with you,” he said.
With the exercise, DARPA hopes to reduce how interdependent the different teams are, because it is so hard to coordinate. The less time they need to waste trying to stay in contact, the quicker they can get power back to a population waiting in darkness.
Especially in a developed country like the US, every aspect that citizens consider a basic necessity would be affected – from light, to communication, to running water, to transportation.
“I’m trying to think through whose life would still be normal in the US or in England without power,” Weiss said. “I’m having a really hard time.”