Lights Out by Ted Koppel: Review & What to Do Now

In October 2024, investigators discovered that Chinese state hackers had been sitting inside a Massachusetts utility’s operational technology network for ten months. The group, known as Volt Typhoon, was not stealing data. They were pre-positioning for sabotage. Ted Koppel described almost exactly this scenario in “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath”, published in 2015.

Koppel, a 42-year veteran of ABC News and longtime anchor of Nightline, spent eighteen months interviewing roughly 60 people across the intelligence community, military, Congress, and utility industry. His conclusion was blunt: a cyberattack on the U.S. power grid is not hypothetical but likely, and neither the government nor the public is prepared. A decade later, every major incident has moved in the direction Koppel predicted.

The U.S. operates three separate power grids: the Eastern Interconnection, the Western Interconnection, and ERCOT (Texas). A well-designed attack on just one could leave tens of millions without power for weeks, months, or years. For those without a generator, that means no running water, no sewage, no refrigeration, no functioning banks. Food and medical supplies begin dwindling immediately.

What ‘Lights Out’ Actually Argues

Koppel could not get a straight answer from any senior government official about what the actual plan was for a prolonged grid outage. Not from DHS. Not from FEMA. Not from the White House.

The book is structured in three parts.

Part 1 — The Threat. NSA officials, military commanders, and intelligence leaders confirm the grid is vulnerable. Nation-states — specifically Russia, China, and Iran — have the demonstrated capability to strike. As Koppel noted in his PBS interview, a laptop is the only necessary weapon. The question is not whether an attack is possible but whether it will happen before adequate defenses are built.

Part 2 — The Response. FEMA’s planning assumptions are calibrated for bounded, regional natural disasters, not multi-state, multi-month grid failure. No federal plan exists for this scenario. The government is well prepared for hurricanes and earthquakes. It has nothing for this.

Part 3 — The Survivors. Koppel dedicates three chapters to the Church of Jesus Christ of Latter-day Saints as the only large American institution with a functioning long-term preparedness infrastructure. The LDS system operates in tiers: individual households maintain three-month supplies, local wards coordinate at the neighborhood level, and regional stakes manage distribution and logistics. The Church runs its own storehouses, Home Storage Centers providing subsidized bulk food, dairies, orchards, and a proprietary trucking fleet.

The book’s uncomfortable conclusion: if the grid goes down for months, you are on your own for the critical first weeks or longer. Former Secretary of Defense Leon Panetta framed the threat as a potential “cyber-Pearl Harbor.” Koppel’s reporting suggests the country is no more ready for it than Pearl Harbor’s defenders were in 1941.

The Threat Landscape From 2015 to 2026

If you read Lights Out in 2015 and thought the scenario was unlikely, the intervening decade has eliminated that comfort.

Ukraine, 2015 and 2016. Russian GRU-linked hackers launched the first confirmed cyberattack on a power grid. Using spear-phishing with BlackEnergy malware, they seized control of SCADA systems at a Ukrainian utility and remotely switched off substations, cutting power to 225,000 customers. A year later, a second Russian attack deployed Industroyer — malware sophisticated enough to communicate directly with industrial control protocols and autonomously open circuit breakers without human operators.

SolarWinds, 2020. The SolarWinds supply-chain compromise embedded malicious code in a software update sent to over 30,000 organizations. NERC confirmed that a quarter of the electric utilities it regulates were exposed. Attackers maintained months of persistent access. Utilities that never faced direct targeting were compromised through shared third-party software, proving Koppel’s “weakest link” argument in real time.

Colonial Pipeline, 2021. The DarkSide ransomware group shut down 5,500 miles of fuel pipeline for five days. By day four, 71% of Charlotte gas stations had run dry. By day five, 87% of Washington D.C. stations were out of fuel. Panic buying amplified the disruption beyond the actual shortage.

Volt Typhoon, 2024. CISA issued advisory AA24-038A confirming that Chinese state-sponsored hackers had achieved persistent access across multiple sectors of U.S. critical infrastructure, including the power grid, water systems, oil pipelines, and naval ports. FBI Director Christopher Wray called the Chinese government’s threat “broad and unrelenting.” In January 2024, the FBI disrupted part of the operation by removing Volt Typhoon malware from hundreds of compromised routers used as attack infrastructure.

Iberian Peninsula, April 2025. A voltage surge triggered cascading generator disconnections across Spain and Portugal, cutting power to tens of millions for roughly ten hours. At least eight people died. Spain’s investigation ruled out a cyberattack. The cause was purely technical — which made it more alarming: grid fragility alone, without any adversary, proved sufficient for catastrophic failure.

Check Point Research documented 1,162 cyberattacks on utilities in 2024, a 70% year-over-year increase. NERC estimates that the grid adds approximately 60 new points of susceptibility every day as it expands and integrates new technologies.

How the Grid Actually Fails

The U.S. grid depends on roughly 2,000 large power transformers. Most are around 40 years old. Each is custom-built for its specific location. They weigh up to 400 tons. Replacement lead times run 128 to 144 weeks for standard units and 2 to 4 years for customized large transformers. There is no strategic reserve.

Over half of the nation’s approximately 40 million distribution transformers have already exceeded their expected service life. Wood Mackenzie projects a 30% supply shortfall for power transformers persisting into the 2030s. Domestic manufacturing capacity is minimal. A targeted attack destroying even a handful of strategically selected large power transformers could push recovery timelines from weeks into years.

Cascading failures move faster than human response. When one section of the grid fails, electrical load redistributes to neighboring sections. If those sections are already near capacity, they trip as well. During the 2006 European blackout, 33 high-voltage transmission lines tripped within 80 seconds. Thirty of those lines failed in the first 19 seconds. Fifty million people lost power in just over five minutes.

Standard IT security does not protect operational technology. SCADA systems controlling grid operations were designed decades ago for reliability, not security. Many run legacy protocols with no authentication. As Dragos concluded in their retrospective on the Ukraine attacks: the speed of a grid attack exceeds the speed of human response.

What Koppel Got Right (and What He Missed)

What He Got Right

The threat is real and growing. Every data point since 2015 confirms this. Nation-state capability has advanced. The attack surface has expanded.

The government has no adequate plan. Despite improvements — including CISA’s establishment in 2018 and tightened NERC CIP standards — there is still no federal playbook for multi-state, multi-month grid failure.

Public awareness is dangerously low. Most Americans still assume power outages are measured in hours or days. The transformer replacement bottleneck, the cascading failure mechanics, the absence of a federal response plan: these remain invisible to the general public.

Community resilience outperforms individual stockpiling. The LDS model insight has proven durable. Post-disaster research consistently shows that mutual aid networks outperform isolated households in every extended crisis.

What He Missed

Ransomware as the more likely near-term vector. Koppel focused on nation-state sabotage. The more frequent and immediate threat since 2015 has been criminal ransomware, as Colonial Pipeline demonstrated.

Physical attacks. Substation shootings — such as Metcalf in 2013 and Moore County in 2022 — represent a low-tech, hard-to-defend attack vector that Koppel largely skipped.

Renewable energy’s dual role. Distributed solar and battery storage create both new vulnerabilities (more networked endpoints) and new resilience (microgrids that can island during failures). Koppel’s 2015 analysis predates this shift.

What to Actually Do About It

Koppel’s book describes the problem. PrepperIQ covers the solutions. A few priorities specific to grid-down scenarios:

Power

A generator buys days, not months. Pair it with a minimum 30-day fuel supply and a rotation system. For longer timelines, solar with battery storage can sustain essential loads indefinitely. See our grid-down power comparison for the full breakdown.

Water

Municipal water requires powered pumps. When the grid fails, water stops. Maintain a minimum two-week stored supply (1 gallon per person per day), know how to source and purify additional water, and have a gravity filter that needs no power. Full guide: emergency water storage.

Food

The math is stark: a two-week supply means two weeks of options when supply chains stop. A 90-day supply means time for the situation to stabilize before you are in crisis. Start with calorie-dense shelf-stable foods, build toward long-term rotation. Full guide: food storage for emergencies.

Medical

Talk to your doctor about a 90-day prescription medication supply. Build a comprehensive first aid kit emphasizing wound care, pain management, and anti-diarrheal medication. At least one household member should have current CPR and first aid training.

Communications

FRS/GMRS walkie-talkies enable neighborhood coordination without cell service. A hand-crank NOAA weather radio is the single most important comms item when cell towers exhaust their backup batteries. Establish a pre-agreed check-in plan with family members who live elsewhere.

Community Resilience: The Lesson Most People Miss

The biggest misconception in preparedness is that it is an individual project. Every major disaster study reaches the opposite conclusion.

Koppel’s most important finding in Lights Out was not about transformers or hackers. It was that the LDS Church has built the only large-scale, functioning preparedness network in America — and its principles require no religious affiliation to replicate.

The tiered model works like this: at the household level, families maintain three months of essentials. At the neighborhood level, members coordinate through mutual aid agreements and shared skills inventories. At the community level, organized distribution networks handle what no single household can.

No single household can sustain itself through a months-long crisis. No family can simultaneously maintain medical expertise, mechanical repair capability, security, food production, water purification, and long-range communications. Specialization and cooperation are how humans have survived every extended crisis in recorded history.

Practical first steps. Meet your immediate neighbors if you have not already. This is your single most important preparedness action. Identify three to five households willing to coordinate. Create a shared inventory of skills and resources: who has medical training, mechanical ability, a generator, extra water storage? Establish a communication plan that does not rely on cell service.

The person with a basement full of supplies but no community network is less resilient than the person with two weeks of food and ten trusted neighbors.

Is ‘Lights Out’ Still Worth Reading in 2026?

Yes, with one caveat.

The case for reading it. The core analysis has aged remarkably well. Koppel’s reporting on government unpreparedness, infrastructure fragility, and the LDS community model remains relevant and largely unmatched in mainstream publishing. The book is well-written, accessible to non-technical readers, and avoids the breathless tone common in preparedness media. It reached the New York Times bestseller list, bringing the topic to audiences who would typically dismiss preparedness sources.

The caveat. The threat landscape has evolved significantly since 2015. Readers should supplement the book with current reporting on Volt Typhoon, ransomware trends, and NERC vulnerability assessments. Koppel provides the framework. Current events fill in the data.

Best for: Anyone new to grid-down preparedness, people who think they are prepared but have not considered multi-month scenarios, and local government officials or community leaders who need a credible, non-alarmist source to justify preparedness investment.

Frequently Asked Questions

Is 'Lights Out' by Ted Koppel still relevant?

Yes. The core thesis has been validated by the Ukraine grid attacks, Colonial Pipeline, SolarWinds, and Volt Typhoon. The infrastructure vulnerabilities Koppel identified have worsened since publication. Every major trend — from aging transformers to expanding attack surfaces — has moved in the direction he predicted.

Is Ted Koppel fear-mongering?

No. Koppel is a mainstream journalist with a 42-year career at ABC News, not a conspiracy theorist or gear salesman. His conclusions are drawn from on-record interviews with NSA, military, and intelligence officials. His tone is measured throughout.

Has a cyberattack actually taken down a power grid?

Yes. Russian hackers attacked Ukraine's grid in December 2015, cutting power to 225,000 customers using BlackEnergy malware and remote SCADA control. A second Russian attack in 2016 deployed Industroyer, malware capable of autonomously manipulating grid protocols. These were the first confirmed cyber-caused blackouts in history.

What is the government's plan for a major grid attack?

No comprehensive federal plan exists for a multi-state, multi-month grid outage. FEMA's framework assumes bounded, regional disasters with defined endpoints. CISA coordinates cyber defense but cannot guarantee prevention. Koppel's finding of government unpreparedness remains largely accurate as of 2026.

Why would grid recovery take months or years?

Large power transformers are custom-built, weigh up to 400 tons, and require 2 to 4 years to manufacture and deliver. No strategic reserve exists. A 30% supply shortfall is already projected through the 2030s. Destroying enough of these transformers creates a bottleneck that no amount of emergency response can accelerate.

What is Volt Typhoon and why does it matter?

Volt Typhoon is a Chinese state-sponsored hacking group that CISA and the FBI confirmed had achieved persistent access inside U.S. critical infrastructure, including utilities, water systems, and pipelines. Their goal is pre-positioning for disruptive action during a potential military conflict between the U.S. and China. They maintained access to a Massachusetts utility's operational technology network for ten months before discovery in 2024.