How to tell if you're experiencing a cyber attack, an EMP, or a solar flare

The speculation was fast and furious when AT&T’s cellular network went down recently. Florida Governor Ron DeSantis (R) indicated that it could be an EMP. Florida Senator Marco Rubio (R) hinted at a Chinese cyber attack. Others insisted it was due to a solar flare. AT&T’s official explanation was a software update gone wrong.

How can you distinguish between an EMP, a solar storm, a cyber attack, or human error? I’ve been investigating these topics for the past few years, most recently in my Substack, Unprepared. I am also a General-class ham radio operator, requiring knowledge of radio waves and solar activity. Let’s explore each of these scenarios in real life at a level that makes sense, no matter your technical level.

In short:

• If one service or a handful of related services go down, it’s probably due to human activity: error or a cyber attack.
• If you see a massive disruption of electrical services, it’s likely an EMP or a solar event.

What are the signs of an EMP?

EMP is short for electromagnetic pulse. Technically speaking, small EMPs happen every day, causing minor annoyances like radio signal interference or even electrical problems in cars. For clarity, we will focus on the big EMPs you see in apocalyptic fiction like William R. Forstchen’s "One Second After."

Massive EMPs are one of the most overhyped prepper scenarios. I say that for two reasons:

• They are incredibly rare events.
• They are practically impossible to prepare for.

In the simplest possible terms, in an EMP, hundreds of thousands of volts of electricity are sent through the air like radio waves. Like radio waves, the EMP will be attracted to anything acting as an antenna. Think of long wires, like power lines. That surge of electricity would then flow down the power lines, wreaking havoc on whatever it passes through — wires, transformers, or your home’s electrical system. Contrary to popular belief, small electronics not connected to an outlet are unlikely to be affected.

There’s lots of talk about EMP weapons both in the news and in fiction. For example, China supposedly has first-strike EMP capabilities. But in reality, only two types of events are known to cause the sort of EMP people fear:

• An intense solar storm. The most famous example is the 1859 Carrington Event, which fried telegraph systems and even shocked some operators. Interestingly, many telegraph operators communicated using only the storm’s electrical current as power.
• An extremely powerful nuclear weapon. Starfish Prime, a U.S. high-altitude atomic detonation test, caused the most notable man-made EMP. A 1.4-megaton W49 thermonuclear warhead was detonated 900 miles from Hawaii at about 250 miles in the air. The resulting EMP blew up about 300 street lights in Hawaii, set off burglar alarms, and damaged a telephone company microwave link that shut down telephone calls between Hawaiian islands.

EMPs are poorly understood because there’s just no way to test the effects of one on a mass scale responsibly. And those effects would be about as unpredictable as a tornado or any other force of nature.

But know this much: An EMP would be very messy. It wouldn’t just be a service or two down; it would mean massive blackouts, electrical failures, and other oddities. Your car and other small electronics would most likely be fine, as most of the power would flow into radio towers and power lines — anything that acts like a giant antenna.

Realistically, another Carrington Event will happen sooner or later, and it would cause tremendous damage — in the billions or trillions of dollars, according to insurer Lloyd’s of London. And we, as a society, are not well prepared for it.

What are the signs of milder solar storms?

The Carrington Event was particularly notable, but what about other solar events?

Solar activity has a huge effect on radio communications. The sun goes through 11-year cycles, shifting between a solar minimum and a solar maximum, changing how the Earth’s ionosphere propagates radio waves. Generally, radio waves propagate better during solar maximums like the one we’re shifting into now, but that also increases disruptive events like sunspots and solar flares.

A solar flare is essentially the sun farting, and it sends a great deal of energy to Earth, which can disrupt communication systems like satellites. We’ve had several of these lately, but they’re probably not responsible for the AT&T outage. Solar flares are smaller and faster than a coronal mass ejection, like the Carrington Event mentioned above.

Here’s the thing about solar flares and other solar weather: They happen constantly, and you’re blissfully unaware of it. You can sign up for the federal government’s Space Weather Prediction emails and be notified of every little solar storm. There are a lot of them, and after a few weeks of receiving these emails, you realize that even “major” storms aren’t that big a deal for most people. In 2023, we experienced one of our strongest solar storms in the past decade, and you probably didn’t notice.

The most noteworthy space weather incident in recent memory is when SpaceX lost 40 satellites while unwittingly launching them into a solar storm. Solar storms can also affect things on earth: In 1989 a storm caused a blackout in Québec.

The system most sensitive to solar weather is GPS, since the satellites are in space and the signal to Earth is somewhat weak anyway. Even mild solar events can disrupt GPS.

In short:

• Solar storms happen all the time and you usually don’t notice them.
• They can disrupt a variety of electronic systems, sometimes in subtle ways.
• Like EMPs, their effects are largely unpredictable (and really, they’re just small EMPs).

What are the signs of a cyber attack (or human error)?

I group cyber attack and human error together because there isn’t much difference for the end user. Either way, a service fails to operate due to man's folly. An EMP would be a big, messy event. Cyber attacks tend to be more targeted.

Once upon a time, cyber attacks were perpetrated by lone hackers who were just playing around. An infamous example is the 1988 Morris Worm, which took down much of the nascent internet. Nowadays, the stakes are much higher: Computer security is much more sophisticated, there are major consequences for being caught, and big money is at stake. As such, most cyber attacks are perpetrated by criminal networks or, less frequently, nation-states. Both are pretty common.

The most popular form of cyber attack these days is what’s known as ransomware. Usually, some poor sap clicks a phishing link and gets malware installed on his computer, which then starts encrypting his data. The user is then told that if he pays a ransom in cryptocurrency, he’ll be given the key to decrypt his files. These are elaborate operations, and there is big money in the ransomware business, with typical ransoms being more than $200,00 and many in the millions.

Unfortunately, these ransomware attacks have become a daily occurrence. At the end of 2023, Ardent Health Services was hit by an attack that disrupted 30 hospitals across six states. To make matters worse, hostile nation-states like China, Iran, North Korea, and Russia often work with criminal networks to perpetuate cyber attacks. An example of a nation-state cyber attack is the recent infiltration of UnitedHealth Group, which shut down pharmacies nationwide, though we haven’t been told which nation is suspected of the attack. The 2015 Office of Personnel Management breach is thought to have been perpetrated by China.

In any case, a cyber attack is highly targeted in most cases. One service may go down, but the lights stay on and planes don’t start falling out of the sky. However, what can confuse things is that other services are often strained when one goes down. For example, when AT&T was shut down due to the 2020 Christmas bombing in Nashville, the Verizon network was also disrupted here in middle Tennessee because it was picking up much of the slack.

One last note: Be cautious with data from Downdetector, a site that tracks online service outages. It’s a useful tool, but it often makes things look far worse than they actually are.