Protect and survive
As the American military prepared to use EMP it also developed shielding against it. Ever since the 1960s military communications systems, control centers and missile bases have all had their systems hardened against attack. Even Air Force One has a measure of EMP shielding.
But the civilian sector has very little in the way of protection. Faraday cages, which protect electrical devices from EMP, are popular with some folks but aren't really practical; most of our infrastructure is totally unprotected. Part of this is down to cost, but also because no one wants to take responsibility for the issue.
"There is no single point of responsibility to develop and implement a national protection plan. Nobody is in charge," Dr Baker testified [PDF] to Congress in 2015.
"When I asked the North American Electric Reliability Corporation about EMP protection, they informed me, 'We don't do EMP, that's a Department of Defense problem.' The Department of Defense tells me, 'EMP protection of the civilian infrastructure is a DHS responsibility.' DHS explained to me that the responsibility for the electric power grid protection is within DOE, since they are the designated Sector Specific Agency for the energy infrastructure."
However, there are private companies that will design EMP shielding, for a price. Jack Pressman, managing director of Cyber Innovation Labs, works with EMP Grid Services, an organization that builds computing networks designed to withstand EMP and solar storms.
"You can't just build a Faraday cage around the data center and call it safe," he told The Register. "You can enclose one, but you'd still have to move power, cooling and telecoms in and out of the box and these can all be points of failure. You have to build in filters that ground and disperse electromagnetic energy."
Putting these kinds of protection into an existing data center is almost prohibitively expensive, but applying them to a new-build unit only increases the cost by around eight per cent, he explained. To cut costs some firms will simply harden a small portion of their data centers holding critical data.
The group has recently built an EMP-hardened data center for backup and storage group Iron Mountain, building it partially underground for additional protections. The client, a Fortune 500 financial company, is a typical type of customer.
"Most big data center infrastructure firms like Google and Amazon aren't that interested," Pressman said. "They think, 'If we lose one or two facilities then so be it, we have 40 globally.'"
Much ado about nothing?
So at the end of the day, how worried should we be about a North Korean EMP attack? Not too much, according to Herb Lin, research scholar for cyber policy and security at the Center for International Security and Cooperation at Stanford.
He told The Register that the kind of 10 or 20-kiloton device that the North Koreans are supposed to have might cause damage, but it wouldn't be the massive population killer that some have suggested.
He points out that the Starfish Prime tests in 1962 used a 1.4 megaton device and caused limited damage. The much smaller device attributed to the North Koreans, even supposing that it and the missile delivery system work, would cause less damage.
It is possible to design a nuclear bomb that is specifically built to maximize the EMP output, even if this means reducing its explosive power. But such devices are highly sophisticated and likely beyond the reach of the impoverished state. Even if they have been given the plans to build such a device, there are considerable materials engineering challenges.
However, as befits a strategic thinker, Lin raised a fascinating point that could show how, even if North Korea does launch an attack, the US might be facing something of a quandary.
"Suppose they launch it and it does no damage," he posited. "What do we do then? No one is asking that." ®