% fortune -ae paul murphy

Paranoia, tin foil hats, and the EMP threat

The bad news about EMP (electro-magnetic pulse) threats is that they're real - and that a terrorist with one nuclear weapon and no high reliability delivery vehicle doesn't need anything better than a North Korean scud missile and an old freighter to fire it off two hundred thousand feet over a major financial center like New York, London, or Tokyo.

The good news is that western governments have been quietly working to undermine this threat for upwards of thirty years. It's true that most personal micro-processors, including those running most car engines, televisions, cameras, and laundry machines are unprotected - but it is reasonable to believe that many major civilian and certainly all significant national defense data assets are fully protected.

So what can you do? At the professional level you can, and should, ensure that key records are stored optically, that your data center has at least basic protections in place, and that any communications gear you're responsible for uses either optical or buried, fully shielded, cabling where-ever it even vaguely makes sense to do so.

And if you're in a likely target zone and have wondered whether you're paranoid enough: it might not hurt to store equipment you're taking out of service in an EMP secure area for a full hardware generation before disposing of it - thus ensuring that you always have something to go back to.

And at the personal level? well, I recommend tin foil hats.

To understand why that's not actually a joke you have to know that an EMP isn't something magical: it's a high intensity, short duration, radio signal generated from electron recombinations that occur after a disrupting event. Thus what fries your microprocessors, wipes your data tapes, and destroys your power generator is the electrical current generated when the signal encounters any conductive metal object.

An EMP event can be very small: a few grains of the right explosive can create one - but it takes a nuclear event to produce a shock powerful enough to generate a pulse reaching over 40KV/M within one nanosecond of onset - far too fast, and far too powerful, for normal fusing or circuit interuption to work.

What does work is grounding the induced signal - and in the simplest form that means putting key components inside Faraday cages (tightly woven protective nets of solidly grounded copper or other highly conductive materials) and cutting all external electrical connections.

Many permanent civilian and most military buildings have these built in -and real paranoids often go beyond that to build protective environments inside protected environments and then put spare gear, fully configured but with no power or network cables connected, inside these.

Your home, however, will have little more than local grounding for lightening protection and you're just not that likely to have a CONEX crate (or other protected shipping container) handy to shove your PC into when the warning arrives that some madman somewhere either thinks your country weak enough to attack or wants to commit national suicide by nuclear response. So what can you do?

Have I mentioned tin foil hats? The EMP pulse strength follows the usual inverse square law, so unless you're directly under the flash, the signal is likely to be weakened by the time it gets to you - and it may be weak enough that very modest protections can suffice for you.

Specifically, what you want to do is unplug critical gear, flip your breakers to off, break up exposed cable runlengths where you can (i.e. unplug cables that are plugged together), and wrap sensitive gear like your PC (and the box containing backups) in aluminum foil - and if you can ground that foil, then so much the better.

Will that suffice? it depends on local signal strength. Duck and cover never made any sense except at the very edges of the blast zone and this suffers from the same drawback, has the same absurdist feel to it, and yet may have the same rationale. And that, I think, tells us where the bottom line is: it won't hurt you to think about this; at the professional level you pretty much have to anyway, and at the personal level knowing where the aluminum foil is and thinking a bit about what to disconnect and wrap if you get a couple of minutes of warning time really isn't such a big deal.

And of course, there's a huge plus to this plan: when other people tell you that the right approach to worrying about stuff like an EMP attack is to stick your head in the sand and hope it never happens, you've got the perfect response: you can tell them that the better answer is to prepare a tin foil hat for their PC - and, you know, think about it; I mean, is that great or what?


Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.