Shield Critical Infrastructure from Electromagnetic Pulses, DHS Says
The National Public Warning System offers a model for defending other vital systems and services.
The Department of Homeland Security’s Science and Technology Directorate on Tuesday released a report outlining a series of best practices that local, state and federal agencies—and private-sector partners—should implement to protect critical infrastructure services from electromagnetic pulses.
DHS’s Electromagnetic Pulse Shielding Mitigations report—which includes input from the Federal Emergency Management Agency and the Cybersecurity and Infrastructure Security Agency and feedback from industry and government representatives—builds on the best practices used to protect the National Public Warning System, the network of radio stations that allows the U.S. president to communicate with the American public during a national emergency.
FEMA’s Integrated Public Alert and Warning System Program includes 77 private-sector broadcast stations that use “multiple, connected EMP-protected shelters” and are “equipped with backup communications equipment and a power generator” to ensure that information can be broadcast through the NPWS without any EMP-related interruptions or interference. According to DHS, FEMA has also conducted high-altitude EMP testing on NPWS equipment to verify that mitigation efforts are protecting these stations.
“Electromagnetic pulses, whether caused by an intentional EMP attack or a naturally occurring geomagnetic disturbance from severe space weather, could disrupt critical infrastructure such as the electrical grid, communications equipment, water and wastewater systems, and transportation modes,” Kathryn Coulter Mitchell, DHS' senior official performing the duties of the undersecretary for science and technology, said in a statement. “This could impact millions of people over large parts of the country. It is critical to protect against the potential damage an EMP event could cause.”
In a press release, DHS said that the best practices and principles outlined in the report “can be implemented by critical infrastructure owners and operators who seek to secure their assets against EMP in a similar manner to the NPWS equipment.”
When deciding how best to protect critical infrastructure and related assets from EMPs, the report says that agencies and private-sector operators should “consider the system’s architecture and design, location, geography, materials, [points of entry] that allow external EM energy penetrations and ancillary equipment.” And beyond assessing and remedying potential vulnerabilities in their systems, the report says that efforts to guard critical infrastructure from an EMP should also consider the impact that an outage would have on needed services.
“If temporary outages are not acceptable, then the most stringent protection approach should be followed,” the report says. “If system outages or time urgency are not critical, then [critical infrastructure] owners and operators can take less onerous protection approaches that are accompanied by operator interference, such as powering down and restarting the system or repairing the equipment using readily available spare parts.”
In March 2019, then-President Donald Trump issued an executive order to bolster the federal government’s resilience to EMPs. It promoted cross-government information sharing and called for agencies and critical infrastructure operators to “engage in risk-informed planning” and “prioritize research and development” needed to respond to and recover from EMPs. CISA has also worked to build long-term resiliency in the public and private sectors by helping critical-infrastructure owners and operators, participating in EMP-related testing, and identifying effective EMP mitigation technologies.
“CISA remains committed to working with our partners to implement requirements outlined in the Executive Order on Coordinating National Resilience to Electromagnetic Pulses, which strengthens our nation’s preparedness from EMP,” Mona Harrington, the acting assistant director of CISA’s National Risk Management Center, said in a statement.