SlideShare a Scribd company logo

Cyber Attack Opens Dam Flood Gates Causing Economic Loss

•
•
~
~Eric Principe

A report outlines a hypothetical scenario where a cyberattack on an industrial control system leads to flooding from a dam. The scenario describes how a contractor's credentials are stolen via malware, allowing an attacker to access the dam's control system. The attacker maps the network and identifies devices, then causes flooding by slightly raising water release gates without authorization. The flooding could result in significant property damage and economic losses. The report aims to raise awareness of potential "silent cyber" risks from attacks on critical infrastructure systems.

Spiritual
1 of 17
Download to read offline
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates October 2018 This report was a collaboration with the Cyence Risk Analytics product team at Guidewire
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 2 Table of Contents Introduction 3 Dams in the United States 3 Physical Dam Structures 3 Control Systems in Dams 5 Motivations for an ICS Attack 7 Dam Attack Scenarios 7 Resulting Damage 9 Economic Loss Analysis 10 Insurance Implications 12 Protection Gap Implications 12 Reinsurance Implications 12 Other Considerations 13 Mitigation Strategies 13 Conclusion 13 References 14 Contact Information 16
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 3 Introduction Over the past few years, cyber risk has moved from imagined scenarios to a threat that is increasingly real and prevalent. Cyber insurance products are growing quickly, but at roughly USD 4 billion in premiums they comprise less than 0.3 percent of the global property-casualty market. The greater concern for the insurance industry is the potential “silent cyber” risk residing in traditional property and casualty policies—the risk that a cyber event could trigger payouts under existing policy wordings that may not have been priced, or accounted for, by the issuing insurer or reinsurer. This report presents a scenario that triggers “silent cyber” loss. Silent cyber risk is a byproduct of how businesses have embraced network connectivity and become increasingly reliant on technology. The use of programmable logic controllers (“PLCs”), Supervisory Control and Data Acquisition (“SCADA”) devices, and generally the Industrial Internet of Things (IIoT) is growing rapidly, spanning industries such as transportation, utilities, and logistics, with spending expected to reach USD 500 billion globally by 2020 (Accenture). As the number of connected technologies in control systems increases, so does the cyberattack exposure of those systems. We aim to help insurers understand silent cyber risk by describing and assessing a hypothetical situation in which a cyberattack compromises the control systems of a hydroelectric dam, resulting in flooding to the surrounding area. Dams in the United States There are 90,580 dams in the United States (NID, 2016), serving purposes including irrigation, hydroelectric power, flood control, and recreation. The federal government owns and operates only four percent of these dams, but this accounts for 80 percent of the “largest and highest-consequence” dams in the United States (DHS, 2015). In addition, 2,600 (~three percent) of the non-federally-owned hydropower dams have a capacity of at least 10,000 megawatts, making them regulated by the Federal Energy Regulatory Commission (FERC). The remaining 93 percent are owned by state and local governments, public utilities, and private companies, and regulated primarily through state dam safety programs. Over 15,000 dams in the United States are categorized as high-hazard potential because their failure would likely cause loss of life. This number continues to climb as land development and population increases. According to the American Society of Civil Engineers, there are over 2,000 high-hazard potential dams that are deficient due to lack of investment. The consequences of a dam failure could vary greatly depending on the dam’s purpose, size, location, design, building material, and other factors. Physical Dam Structures Although each dam structure is unique, most share the same basic components. In general, a dam is situated on a waterway such that it restricts the flow of water, resulting in an upstream pool called the reservoir. Water from the reservoir may be released through gates or outlets to rejoin the river downstream. In a hydropower dam, the outflow from the reservoir moves through a penstock to reach a turbine. The kinetic energy of the falling water moves the turbine, and this mechanical energy is converted into power by an on-site generator (U.S. Department of Interior, 2016).
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 4 Exhibit 1: Basic structure of a hydroelectric dam Source: Guidewire The dam normally conforms to a strict, standard regulation plan which includes water releases during low- inflow (normal, non-flood) or high-inflow (e.g. rainfall event or snowmelt) conditions. Under a high-inflow condition, the water level of the reservoir is reduced to accommodate the inflow by releasing water through various outflow valves and over the spillway. In the February 2017 Oroville Dam crisis, heavy rains and flooding in the area forced operators to use the main spillway, and then the emergency spillway after the main spillway failed. More than 180,000 occupants of the Feather River Basin were evacuated due to erosion of the emergency spillway, and the incident ultimately caused more than USD 870 million in damage. This loss resulted from the normal course of operations, combined with unexpected weather and the aging infrastructure of the dam, rather than malicious activity (Oroville 2018). Water releases from the reservoir are a vital part of dam function, but they can also be dangerous, especially for those dams that also serve as recreational areas for the local population. In 2011, a nine- year old girl drowned after tubing in the Chattahoochee River during a release from Buford Dam. “The Chattahoochee can change quickly from a serene slow-moving stream to a swift and treacherous river when water is released at Buford Dam. During water release, the river can rise up to 11 feet within a matter of minutes,” cautions the U.S. Army Corps of Engineers. Operators of large dams control powerful infrastructure assets and must make careful decisions about release timing and outflow rate, sometimes in an urgent manner.
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 5 Control Systems in Dams Many dams use automated control systems, SCADA devices, and PLCs to obtain both real-time data and agile reaction to factors such as changes in water level or flow rates. Although some dams still rely solely on manual operations or electromechanical controls, many use a combination of sensors, automated controllers, and computers utilizing logic controllers to monitor and adjust water levels and flow. During our research for this scenario, Guidewire’s Cyence Risk Analytics team and Aon interviewed multiple dam operators, owners, regulators, and experts involved with dam operations, many of whom spoke with us off the record. According to one major dam operator, “Each dam has a specific preference for equipment and vendors used in their installations, and those are supported both internally and externally.” In other words, the equipment and vendors found in dam systems are very heterogeneous, with a high degree of customization, making specificity in security standards more difficult to implement across the dam industry. These dam control systems are supported by external vendors as well as internal parties, adding to the number of users with access to sensitive systems. A typical SCADA system in a large dam might include water level, pressure, and temperature sensors connected to a series of programmable logic controllers (PLCs) or remote terminal units (RTUs) that convert sensor signals into digital data and perform basic scripted logic functions – for example, if the sensor detects a water level is too high, the PLC could signal for an increase in water released from the reservoir. These PLCs and RTUs also communicate with computers, allowing an operator to interface with the system through a software client, usually provided by the vendor as part of a packaged SCADA solution. The computer and the field components are connected in a variety of ways including a local area network (LAN) of telephone, Ethernet, or fiber-optic cables. This network also hosts a SCADA server and usually a database server for log storage. If longer connections are required between components, a wide area network (WAN) may be required, using telephone lines, power cables, or cellular networks. The modern system allows operators to see visualizations of valve, motor, or electric activities, as well as water level and pressure. A distinguished researcher and expert in the field said that the motivation for dam owners to install control systems is related to both performance and profit. “Owners want to get the best return on their investment, which means adding automation and remote monitoring capabilities.” The cybersecurity of critical infrastructure assets, such as dams, has become a focal point in recent years because of several prominent examples of malware designed for industrial control systems (U.S. ICS) and the physical damage that could occur if these systems were compromised. A notable real-world example occurred in the deep winter of 2015, when Ukraine experienced widespread power outages lasting about 6 hours due to a cyberattack that compromised an industrial control system in its power grid. In addition, sophisticated cyberattacks continue against critical infrastructure in other countries, as seen in the GreyEnergy campaign observed in the middle of 2018 (Cherepanov, 2018). In 2016, for the first time, the Industrial Control Systems Cyber Emergency Response Team (U.S. ICS- CERT) included dams in its assessments along with other types of infrastructure such as chemical plants, manufacturing facilities, and wastewater treatment. ICS-CERT performed 98 assessments in FY2016 and recorded 94 instances of weak boundary protection of the control system, which could facilitate unauthorized access. ICS-CERT discovered 42 unnecessary services, devices and ports on subjects’ control systems, as well as 36 instances of weak identification and authentication management. According to ICS-CERT, U.S. national infrastructure, including the dam sector, continues to be a target- rich environment for cyberattacks. In 2016, the Justice Department unsealed an indictment of an Iranian national, Hamid Firoozi, who is believed to have breached the control system of the Bowman Avenue
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 6 Dam in Rye Brook, New York between August 28th and September 18th, 2013. The SCADA system, installed only a few years earlier, was connected to the Internet through a cellular modem. Aon Cyber Solutions says that improper network segmentation for SCADA networks, such as improper firewalling between corporate and SCADA networks or direct connection to the Internet, continues to be the most common problem in the field when testing SCADA system security. The level of access Firoozi allegedly obtained would allow him to obtain water level and temperature information and to remotely operate the dam’s gate—except that during that period, the electronic gate was taken offline for maintenance. Rye Brook is a relatively low-population area in Westchester County, but a 2007 flood caused more than USD 80 million of damage to the nearby City of Rye. If a hacker had been able to open the floodgate during a storm, he could have caused comparable damage to local homes and businesses. As one dam-operating company says, “Cyber threats are one of the highest concerns due to safety of the general public. Historically, manually-operated components are increasingly becoming more complex and supplemented with remote capabilities.” Exhibit 2: Possible network configuration for a dam with ICS components Note: Once inside the network firewall, access to other devices is possible. Source: Guidewire Furthermore, even larger and more significant dams may be at risk for unauthorized access. A 2018 report from the Office of the Inspector General (U.S. OIG) highlighted poor security practices at two unnamed critical infrastructure dams operated by the U.S. Bureau of Reclamation (USBR). The evaluation by OIG found that there were 30 total user accounts with system administrator rights and only 25 active users. Ten of these critical access accounts had not had password changes for more than a year. There were also 18 group accounts with passwords shared among 11 different persons. Seven of the group accounts had not been used for over a year. These were found to be in violation of the principle of least privilege and NIST 800-53 Rev. 4. Among other potential vulnerabilities, these weak password
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 7 policies and access control policies would potentially allow malicious actors to breach and operate the control systems. Motivations for an ICS Attack Many cyberattacks, especially the most advanced attacks, are not conducted in isolation but rather are part of a larger agenda by the attacking group. We assess these factors to be called motivational factors. Cyberattacks are unique in the sense they carry a level of deniability and lack of absolute attribution, especially in the case of advanced and methodical hackers. These groups can quickly grow in numbers to amplify the damage. Cyber motivations can range dramatically, but we propose that they could stem from some of the following ideologies. Political and economic relations between nation states could influence cyber threats against one other. These factors range from preemptive strikes for intelligence gathering, to deep persistence for activated disruption. Even if companies are not directly targeted, they may still be collateral damage in disputes between nation states, as seen with the NotPetya attack. We believe these attacks will continue to advance in the future. Individuals or focused groups with negative sentiment towards a company or service provide another motivational factor. These groups include hacktivists, insiders, and terrorists, all motivated to create havoc, cause disruption, garner attention, or make a statement. And lastly, economic espionage and financial gain is another motivational driver, with the goal of monetizing a cyberattack through physical or non-physical threats, theft of important secrets or data, diversion of funds, or data or system hijacking. Should an advanced cyberattacker want to target systems for financial gain, extortion (such as ransomware) has been a proven method in recent years. Dam Attack Scenarios In the following scenarios, we draw on a mix of processes and procedures currently in place at dams across the United States, without naming any specific company or provider. A local, privately-owned dam based in the United States provides hydroelectric power for many communities, businesses, and residents, as well as a safe recreation area down the river. The dam is remotely operated and monitored, and only has workers on premises every few weeks to test systems, update hardware and ensure structural integrity. To conduct these checks, the dam owner contracts several engineering consulting firms for services that range from construction and physical damage repair to integration and upgrades of IT systems. Contractor X employs 50 personnel that provide professional services to a variety of industrial sectors, including manufacturing, energy, and utilities. They provide installation and technical support for products from many major PLC and SCADA vendors that are in use at the dam and have worked on the dam’s hydroelectric control systems for years. Contractor X is targeted by an attacker, who sends carefully crafted phishing emails to engineers at Contractor X which contain a malicious payload under the guise of a corporate document with macros. One of the engineers unknowingly downloads the malware, which runs code that scans, searches, and captures information and data from the engineer’s computer and the Contractor X network using a combination of built-in and open-source penetration testing tools. This allows the attacker to install a keylogger that captures each keystroke the engineer types. At this point, the attacker merely waits for the engineer to log in remotely to the dam’s control systems and captures the engineer’s login credentials.
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 8 Exhibit 3: Timeline of the attack scenario Source: Guidewire Because of the need to operate the dam remotely, each technician who works on the dam has an individual VPN account to access the human-machine interface (HMI) system at the dam site. They are granted local administrator rights to perform system updates, maintenance, and operations. The HMI includes a client application for the SCADA system, with monitoring and control panels of various components of the system. Once the contractor enters his VPN credentials for the HMI system from his laptop and authenticates with his username and password, the attacker uses the information he has obtained to access the system himself. Once on the dam network, the attacker sets up a rogue Transmission Control Protocol (TCP) proxy and Address Resolution Protocol (ARP) spoofing to determine common protocols used on the network. ICS devices are known to communicate to each other using a variety of proprietary and open protocols. The attacker notices a protocol of interest, the Simple Network Management Protocol (SNMP) and crafts broadcast requests to look for connected devices on the same network. By using default strings in the SNMP protocol, the attacker discovers the system name and IP address of several devices from well- known vendors. Typically, firewalls block unwanted and unusual traffic at the perimeter of the network to prevent abuse, but because the request is made from inside the network, devices are configured to respond appropriately. Other devices on the network are probed, logged, and sent to a remote server for inspection via encrypted communications, which go undetected by the intrusion detection systems on the dam network. Based on the attacker’s enumeration of the connected devices, the malicious actor can locate the specific product, version, and purpose of many types of equipment. In this dam system, these devices include autonomous gates and outlets that control the release of water from the reservoir, as well as water level, pressure, and flow sensors. For multiple days, the attacker’s presence on the system is both persistent and undetected due to the stolen credentials. The attacker familiarizes himself with the commands used to perform legitimate dam operations, including the controlled release of water by slightly raising the gates and outlets. After his preparation is complete, the attacker executes a command to raise all gates and outlets to maximum height, causing an uncontrolled and unscheduled outflow of water during the late evening. Due to the flow and pressure of the water coming down the penstock, the turbine fails, damaging the structure and reducing the resistance faced by the rapidly moving water. Flooding ensues downriver, causing massive
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 9 destruction to the downstream recreation area and to homes and businesses in the wider river valley. Over the course of the next 24 hours, emergency crews arrive to repair and start containment of the water outflow. Resulting Damage We analyzed the potential impacts of these scenarios to commercial and residential property at three U.S. hydroelectric dams. These dams were selected to illustrate low, medium, and high insurance exposures, respectively. A summary of the dam characteristics appears below in exhibit 4. Exhibit 4: Overview of selected dams Characteristics Dam 1 Dam 2 Dam 3 Construction type Earth and rock fill embankment dam Earth and rock fill embankment dam Concrete gravity dam Dam height 170m 240m 100m Dam width 910m 2,100m 430m Reservoir capacity 180,000,000 m3 4,400,000,000 m3 1,205,000,000 m3 Floodplain area 140 km2 3,470 km2 1,340 km2 Floodplain population 115,000 170,000 695,000 Exposed Value - Residential $10,000mn $24,400mn $110,500mn Exposed Value - Commercial $24,500mn $12,900mn $90,300mn Exposed Value - Total $34,500mn $37,300mn $200,800mn Source: Aon Dam 1 is an earth and rock embankment dam with only a few outlets for water release. This dam is located in a rural area with a low population density, but it is part of a larger water system that services some larger cities in the region. The floodplain of the dam has an area with a population of 115,000 and total exposed value of USD 34.5 billion. Dam 2 is an earth and rock embankment dam with several outlets and gates for controlled water release. Dam 2 is located upstream of an area with a population of about 170,000 and total exposed value of USD 37.3 billion. Dam 3 is a large, concrete gravity dam with several outlets and gates for controlled water release. Dam 3 is located very close to a large metropolitan area, with a floodplain population of about 695,000 and USD 200.8 billion in total exposed value. If one of these scenarios were to occur, it would likely result in property, liability, and affirmative cyber insurance losses for the dam operator. For purposes of this study though, we are focusing on the much larger potential impacts resulting from downstream flood damages.
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 10 Economic Loss Analysis With a team of flood modeling experts, we estimated both residential and commercial loss for each of the three dams1. To provide a range of outcomes, we modeled each dam scenario under a conservative (“high”) set of assumptions as well as a less conservative (“low”) set of assumptions. The results are shown in exhibit 5. Exhibit 5: Economic losses (USD millions) Dam 1 Dam 2 Dam 3 Residential loss Low 2,088 3,001 18,218 High 3,467 5,677 37,006 Commercial loss Low 3,885 1,857 7,940 High 5,668 2,956 18,977 Total loss Low 5,973 4,858 26,158 High 9,134 8,633 55,983 Source: Aon The estimated losses represent a wide range of values. With up to USD 56 billion of economic loss estimated for Dam 3, these numbers indicate the damage that such a cyber risk could cause in the physical world. Note that Dam 3 is much smaller in size and reservoir capacity than Dam 2, but its presence near a population center greatly increases its loss potential. While Dam 3 shows the highest severity, this does not necessarily imply that it would have the lowest frequency. A threat actor looking to cause disruption to the U.S. would likely seek out more extreme impacts. As a result, the peril of cyber risk may serve to “inflate” the tail and increase the likelihood of extreme events relative to what safety experts and flood modelers would expect to see from natural disasters and accidental failures. With economic loss estimates completed, we then estimated the insured loss impact for each of the three dams, which is shown in exhibit 6 on the next page2. 1 Flood damage estimates were first calculated for each of the three dams on an economic loss basis. For residential exposures, we used a residential industry proxy portfolio leveraging industry data by zip code, disaggregated to individual locations. For commercial exposures, we used the Aon proprietary commercial industry portfolio database. Low and high loss estimates were created by varying the first floor height assumptions and the depth of water throughout the flood area. 2 Insurance take-up rates, limits, and retentions were then applied to calculate insured losses based on economic losses. Assumptions were provided by a team of experts in Aon’s flood practice group. Take-up rate assumptions varied by flood zone, and commercial insurance assumptions varied between small commercial and large commercial entities. We assumed small commercial insureds obtain coverage from the NFIP program, as did all residential insureds. We assumed large commercial insureds obtain varying levels of coverage depending on their total exposed value.
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 11 Exhibit 6: Insured losses Dam 1 Dam 2 Dam 3 USD mn %TIV USD mn %TIV USD mn %TIV Residential loss Low 95 .95% 154 .63% 3,025 2.74% High 121 1.21% 274 1.12% 4,340 3.93% Commercial loss Low 1,392 5.67% 585 4.54% 1,681 1.86% High 1,890 7.70% 788 6.12% 5,387 5.96% Total insured loss Low 1,486 4.31% 739 1.98% 4,706 2.34% High 2,011 5.83% 1,063 2.85% 9,727 4.84% Source: Aon Residential and commercial properties have very different insurance outcomes. Residential losses will flow almost entirely into the National Flood Insurance Program (NFIP), with a negligible amount of risk covered by private flood policies. Some of the properties affected by these selected dams fall into FEMA Special Flood Hazard Areas, where flood insurance is mandatory for homeowners with a mortgage. But most of the properties fall outside these SFHAs, where take-up rates are extremely low. As a result, these scenarios illustrate a significant protection gap, or underinsurance problem, among U.S. homes that could be affected by the hacking of a significant dam. At the same time, our model results suggest that a cyberattack could cause losses to the National Flood Insurance Program ranging from USD 95 million to at least USD 4.3 billion. For commercial properties, results will differ between small businesses and large complex entities. Small businesses typically buy package policies which do not include flood protection. Like residential properties, small businesses can obtain NFIP coverage, but most do not. Large businesses generally do obtain flood protection through their commercial property policies, with insurers requiring sublimits in Special Flood Hazard Areas. In our scenarios, we estimated commercial flood insurance losses ranging from USD 585 million to USD 5.4 billion across the three dams. Combining residential and commercial losses, we estimate a total insured loss impact ranging from USD 739 million to USD 9.7 billion, depending on the dam and the intensity of the flooding.
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 12 Insurance Implications In what ways would the insured losses from this scenario be considered “silent cyber” losses? We define “silent cyber” exposure as the potential for cyber risk to trigger losses on policies where coverage is unintentional, unpriced, or both. “Unintentional” coverage means not explicitly excluded or affirmed (with any applicable sublimit). Flood policies have unintentional cyber risk because the proximate and covered cause on the policy would be the flood—not the cyberattack that causes the flood. Similarly, flood policies will not be priced for a rise in flood frequency or severity as a result of cyberattacks. As a result, we conclude that both residential and commercial flood policies will generally have silent cyber risk. Protection Gap Implications As recent natural disasters have shown, a dam hacking scenario of this kind would highlight the significant underinsurance problem for flood-related perils, as seen in exhibit 7. We estimate an uninsured loss of USD 4.1 billion to USD 46.3 billion depending on the scenario—meaning that only 12 to 25 percent of economic losses would be covered by insurance. Exhibit 7: Protection gap losses Dam 1 Dam 2 Dam 3 USD mn % USD mn % USD mn % Residential uninsured Low 1,993 95.5% 2,847 94.9% 15,193 83.4% High 3,346 96.5% 5,402 95.2% 32,666 88.3% Commercial uninsured Low 2,493 64.2% 1,272 68.5% 6,259 78.8% High 3,778 66.7% 2,168 73.3% 13,589 71.6% Total uninsured Low 4,487 75.1% 4,119 84.8% 21,452 82.0% High 7,123 78.0% 7,570 87.7% 46,256 82.6% Source: Aon Reinsurance Implications Generally, private insurers would get protection from their reinsurers in these scenarios. Property reinsurance treaties provide for direct physical loss arising from cyber events. Often this protection is for named perils, and insurers should ensure that flood is on the list of perils. However, cyber-enabled flood damage could have implications for reinsurers of the NFIP. In the scenario for Dam 3, reinsurers would be exposed to flood losses.
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 13 Other Considerations The preceding flood assessment and loss calculations are based on three existing dams of varying size and significance and were selected to demonstrate a range of levels of damage that would occur from a silent cyber incident. We acknowledge that this analysis is not exhaustive, and we excluded several potential complicating factors—loss of life, negative health effects, agricultural impacts, damage to the hydroelectric power plant, the breach of multiple dams in the same water system or that use the same IT contractors—from the cost model for the sake of simplicity. Mitigation Strategies This whitepaper has assumed that a sophisticated attacker is able to carry out the scenario described above. We understand that dam operators may employ a variety of security controls designed to prevent this type of unauthorized access from occurring, including: multi-factor authentication, whitelisting, enforcing least privilege, network segmentation, third-party risk management, and others. It is because of these controls—as well as the geopolitical repercussions—that we view this scenario as a plausible but extreme event. The scenario as described is only one way that a motivated actor might carry out the attack described. Conclusion These scenarios illustrate how technology and connectivity, while generally seen as beneficial, could have unforeseen and undesirable consequences for businesses and homeowners, and by extension, their insurers. Businesses must consider the security risks that new technologies could introduce into their environment, including potential impacts on their clients and communities. Insurers must also consider how changing technologies can cause “established” perils such as flood to morph into new risks, with resulting changes to frequency and severity. By using scenarios such as these, insurers have the ability to stress test their portfolios against new and emerging perils created by cyber risk. With that knowledge, insurers can take steps to mitigate risk, through reinsurance as well as working with businesses to increase their resilience. Lastly, we hope this whitepaper draws additional attention to the importance of closing the protection gap by which flood risk causes harm to society in the U.S. and across the globe.
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 14 References Accenture. 2015. Driving Unconventional Growth through the Industrial Internet of Things. Available at: https://www.accenture.com/us-en/_acnmedia/Accenture/next-gen/reassembling-industry/pdf/Accenture- Driving-Unconventional-Growth-through-IIoT.pdf American Society of Civil Engineers. 2017. Infrastructure Report Card: Dams. Available at: https://www.infrastructurereportcard.org/wp-content/uploads/2017/01/Dams-Final.pdf Business Blackout: The insurance implications of a cyber attack on the U.S. power grid - Lloyd's of London https://www.lloyds.com/~/media/files/news-and-insight/risk-insight/2015/business-blackout/business- blackout20150708.pdf Cherepanov, Anton. 2018. GreyEnergy: A successor to BlackEnergy. Available at: https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf Coppolino, Luigi, Salvatore D’Antonio, Valerio Formicola, and Luigi Romano. 2011. Integration of a system for Critical Infrastructure Protection with the OSSIM SIEM platform: a dam case study. Available at: https://link.springer.com/chapter/10.1007/978-3-642-24270-0_15 Donat, Markus G., Andrew L. Lowry, Lisa V. Alexander, Paul A. O’Gorman and Nicola Maher. 2016. More extreme precipitation in the world’s dry and wet regions. Available at: https://www.nature.com/articles/nclimate2941 5 Promising Water Power Technologies, 2017. Department of Energy Efficiency & Renewable Energy. Available at: https://www.energy.gov/eere/articles/5-promising-water-power-technologies Guide to Industrial Control Systems (ICS) Security, 2014. NIST Special Publication 800-82. Available at: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-82r2.pdf Industrial Control Systems Cyber Emergency Response Team. 2017. ICS-CERT Annual Assessment Report FY2016. Available at: https://ics-cert.us- cert.gov/sites/default/files/Annual_Reports/FY2016_Industrial_Control_Systems_Assessment_Summary_ Report_S508C.pdf Kutner, Max. 2016. Alleged Dam Hacking Raises Fears of Cyber Threats to Infrastructure. Available at: http://www.newsweek.com/cyber-attack-rye-dam-iran-441940 Oroville Dam Spillway Incident Independent Forensic Team. 2018. Final Report. Available at: http://www.ussdams.org/our-news/oroville-dam-spillway-incident-independent-forensic-team-final-report/
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 15 The National Dam Federal Emergency Management Agency Biennial Report to the United States Congress, Fiscal Years 2014–2015 FEMA P-1067, 2016 Available at: https://www.fema.gov/media-library-data/1470749866373- 5de9234b8a02a3577c2646ffdf6eb087/FEMAP1067.pdf National Inventory of Dams, Corps Map. 2016. Available at: http://nid.usace.army.mil/cm_apex/f?p=838:5:0::NO U.S. Army Corps of Engineers. 2018. Water Safety, Lake Sidney Lanier. Available at: http://www.sam.usace.army.mil/Missions/Civil-Works/Recreation/Lake-Sidney-Lanier/WaterSafety/ U.S. Department of Homeland Security. 2016. Dams Sector Cybersecurity Capability Maturity Model (C2M2). Available at: https://www.dhs.gov/sites/default/files/publications/dams-c2m2-508.pdf U.S. Department of Homeland Security. 2015. Dams Sector Cybersecurity Framework Implementation Guide. Available at: https://www.dhs.gov/sites/default/files/publications/dams-cybersecurity-framework-implementation-guide- 2015-508.pdf U.S. Department of Homeland Security. 2015. Dams Sector-Specific Plan: An Annex to the NIPP 2013. Available at: https://www.dhs.gov/sites/default/files/publications/nipp-ssp-dams-2015-508.pdf U.S. Department of Homeland Security. 2015. Roadmap to Secure Control Systems in the Dams Sector. Available at: https://www.hsdl.org/?abstract&did=726297 U.S. Department of the Interior. 2016. Hydroelectric power: How it works. Available at: https://water.usgs.gov/edu/hyhowworks.html U.S. Department of the Interior. 2018. U.S. Bureau of Reclamation Selected Hydropower Dams at Increased Risk from Insider Threats. Available at: https://www.doioig.gov/sites/doioig.gov/files/FinalEvaluation_ICSDams_Public.pdf U.S. National Institute of Standards and Technology. 2014. Framework for Improving Critical Infrastructure Cybersecurity. Available at: https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 16 Authors Cyence / Guidewire Matthew Honea Dr. Yoshifumi Yamamoto Special thanks to: Aon Cyber Solutions Aquarion Maggie Engler Dr. Na Xu Our off-the-record interviewees Aon Jonathan Laux Craig Guiliano Dr. Megan Hart Contact Information Guidewire - Cyence Risk Analytics Paul Mang General Manager of Analytics and Data Services pmang@guidewire.com George Ng Chief Technology Officer gng@guidewire.com Matt Honea Director of Cyber mhonea@guidewire.com Julie Eichenseer Director of Global Client Solutions jeichenseer@guidewire.com Aon Greg Heerde Head of Analytics & Inpoint, Americas +1 312 381 5364 greg.heerde@aon.com Catherine Mulligan Global Head of Cyber +1 212 441 1018 catherine.mulligan@aon.com Jon Laux, FCAS Head of Cyber Analytics +1 312 381 5370 jonathan.laux@aon.com
Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 17 About Aon Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance. The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. Copyright 2017 Aon plc

Recommended

Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMarianne Molchan
 
IRJET- IoT based Flood Detection and Alert System
IRJET- IoT based Flood Detection and Alert SystemIRJET- IoT based Flood Detection and Alert System
IRJET- IoT based Flood Detection and Alert SystemIRJET Journal
 
Infrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesInfrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesRhode Island Emergency Management Agency
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
IRJET- Flood Alerting System through Water Level Meter
IRJET- Flood Alerting System through Water Level MeterIRJET- Flood Alerting System through Water Level Meter
IRJET- Flood Alerting System through Water Level MeterIRJET Journal
 
Solar & Grid Stability: A Primer for Local Governments
Solar & Grid Stability: A Primer for Local GovernmentsSolar & Grid Stability: A Primer for Local Governments
Solar & Grid Stability: A Primer for Local GovernmentsThe Solar Foundation
 
IMPLEMENTATION OF EARLY FLOOD DETECTION AND AVOIDANCE SYSTEM USING LORA
IMPLEMENTATION OF EARLY FLOOD DETECTION AND AVOIDANCE SYSTEM USING LORAIMPLEMENTATION OF EARLY FLOOD DETECTION AND AVOIDANCE SYSTEM USING LORA
IMPLEMENTATION OF EARLY FLOOD DETECTION AND AVOIDANCE SYSTEM USING LORAIRJET Journal
 
Smart Dam Monitering & Controling
Smart Dam Monitering & ControlingSmart Dam Monitering & Controling
Smart Dam Monitering & ControlingKrishnenduDatta4
 

Recommended

Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMarianne Molchan
 
IRJET- IoT based Flood Detection and Alert System
IRJET- IoT based Flood Detection and Alert SystemIRJET- IoT based Flood Detection and Alert System
IRJET- IoT based Flood Detection and Alert SystemIRJET Journal
 
Infrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesInfrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesRhode Island Emergency Management Agency
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADARichard Umbrino
 
IRJET- Flood Alerting System through Water Level Meter
IRJET- Flood Alerting System through Water Level MeterIRJET- Flood Alerting System through Water Level Meter
IRJET- Flood Alerting System through Water Level MeterIRJET Journal
 
Solar & Grid Stability: A Primer for Local Governments
Solar & Grid Stability: A Primer for Local GovernmentsSolar & Grid Stability: A Primer for Local Governments
Solar & Grid Stability: A Primer for Local GovernmentsThe Solar Foundation
 
IMPLEMENTATION OF EARLY FLOOD DETECTION AND AVOIDANCE SYSTEM USING LORA
IMPLEMENTATION OF EARLY FLOOD DETECTION AND AVOIDANCE SYSTEM USING LORAIMPLEMENTATION OF EARLY FLOOD DETECTION AND AVOIDANCE SYSTEM USING LORA
IMPLEMENTATION OF EARLY FLOOD DETECTION AND AVOIDANCE SYSTEM USING LORAIRJET Journal
 
Smart Dam Monitering & Controling
Smart Dam Monitering & ControlingSmart Dam Monitering & Controling
Smart Dam Monitering & ControlingKrishnenduDatta4
 
SCADA Security
SCADA SecuritySCADA Security
SCADA Securityamiable_indian
 
IRJET- A Survey Paper on Dam Management
IRJET- A Survey Paper on Dam ManagementIRJET- A Survey Paper on Dam Management
IRJET- A Survey Paper on Dam ManagementIRJET Journal
 
Smart Water Meter System for Detecting Sudden Water Leakage
Smart Water Meter System for Detecting Sudden Water LeakageSmart Water Meter System for Detecting Sudden Water Leakage
Smart Water Meter System for Detecting Sudden Water LeakageAneekBanerjee4
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
Design of Early Flood Warning System
Design of Early Flood Warning SystemDesign of Early Flood Warning System
Design of Early Flood Warning Systemtheijes
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
What are the risks that may affect the availability of a data center
What are the risks that may affect the availability of a data centerWhat are the risks that may affect the availability of a data center
What are the risks that may affect the availability of a data centerLivin Jose
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...Emma Bela
 
US Power Grid Vs. Smart Grid
US Power Grid Vs. Smart GridUS Power Grid Vs. Smart Grid
US Power Grid Vs. Smart GridJosh Wentz
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Null Feb 13
Null Feb 13Null Feb 13
Null Feb 13Sundar N
 
Power blackout a case for critical condition management
Power blackout a case for critical condition managementPower blackout a case for critical condition management
Power blackout a case for critical condition managementARC Advisory Group
 
Digital Disruption in the Water Utility Value Chain
Digital Disruption in the Water Utility Value ChainDigital Disruption in the Water Utility Value Chain
Digital Disruption in the Water Utility Value ChainCognizant
 
IRJET - Advanced Flood Level Monitoring and Alerting System
IRJET - Advanced Flood Level Monitoring and Alerting SystemIRJET - Advanced Flood Level Monitoring and Alerting System
IRJET - Advanced Flood Level Monitoring and Alerting SystemIRJET Journal
 
Transforming Our Cities: High Performance Green Infrastructure and Distribute...
Transforming Our Cities: High Performance Green Infrastructure and Distribute...Transforming Our Cities: High Performance Green Infrastructure and Distribute...
Transforming Our Cities: High Performance Green Infrastructure and Distribute...Marcus Quigley
 
The rise of the robot and the lie of resilience
The rise of the robot and the lie of resilienceThe rise of the robot and the lie of resilience
The rise of the robot and the lie of resilienceGirija Shettar
 
Data-Driven Selling and The Value of Data In The Water Industry
Data-Driven Selling and The Value of Data In The Water IndustryData-Driven Selling and The Value of Data In The Water Industry
Data-Driven Selling and The Value of Data In The Water IndustrySunit Mohindroo
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
 
A review on Implementation Of Integrated System to Avoid Flood Like Situation
A review on Implementation Of Integrated System to Avoid Flood Like SituationA review on Implementation Of Integrated System to Avoid Flood Like Situation
A review on Implementation Of Integrated System to Avoid Flood Like SituationIRJET Journal
 
Net flix embracingfailure re-invent2014-141113085858-conversion-gate02
Net flix embracingfailure re-invent2014-141113085858-conversion-gate02Net flix embracingfailure re-invent2014-141113085858-conversion-gate02
Net flix embracingfailure re-invent2014-141113085858-conversion-gate02~Eric Principe
 
Leading private-equity-firms-that-invest-in-healthcare-part-vi
Leading private-equity-firms-that-invest-in-healthcare-part-viLeading private-equity-firms-that-invest-in-healthcare-part-vi
Leading private-equity-firms-that-invest-in-healthcare-part-vi~Eric Principe
 

More Related Content

Similar to Cyber Attack Opens Dam Flood Gates Causing Economic Loss

IRJET- A Survey Paper on Dam Management
IRJET- A Survey Paper on Dam ManagementIRJET- A Survey Paper on Dam Management
IRJET- A Survey Paper on Dam ManagementIRJET Journal
 
Smart Water Meter System for Detecting Sudden Water Leakage
Smart Water Meter System for Detecting Sudden Water LeakageSmart Water Meter System for Detecting Sudden Water Leakage
Smart Water Meter System for Detecting Sudden Water LeakageAneekBanerjee4
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
Design of Early Flood Warning System
Design of Early Flood Warning SystemDesign of Early Flood Warning System
Design of Early Flood Warning Systemtheijes
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
What are the risks that may affect the availability of a data center
What are the risks that may affect the availability of a data centerWhat are the risks that may affect the availability of a data center
What are the risks that may affect the availability of a data centerLivin Jose
 
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...Emma Bela
 
US Power Grid Vs. Smart Grid
US Power Grid Vs. Smart GridUS Power Grid Vs. Smart Grid
US Power Grid Vs. Smart GridJosh Wentz
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Null Feb 13
Null Feb 13Null Feb 13
Null Feb 13Sundar N
 
Power blackout a case for critical condition management
Power blackout a case for critical condition managementPower blackout a case for critical condition management
Power blackout a case for critical condition managementARC Advisory Group
 
Digital Disruption in the Water Utility Value Chain
Digital Disruption in the Water Utility Value ChainDigital Disruption in the Water Utility Value Chain
Digital Disruption in the Water Utility Value ChainCognizant
 
IRJET - Advanced Flood Level Monitoring and Alerting System
IRJET - Advanced Flood Level Monitoring and Alerting SystemIRJET - Advanced Flood Level Monitoring and Alerting System
IRJET - Advanced Flood Level Monitoring and Alerting SystemIRJET Journal
 
Transforming Our Cities: High Performance Green Infrastructure and Distribute...
Transforming Our Cities: High Performance Green Infrastructure and Distribute...Transforming Our Cities: High Performance Green Infrastructure and Distribute...
Transforming Our Cities: High Performance Green Infrastructure and Distribute...Marcus Quigley
 
The rise of the robot and the lie of resilience
The rise of the robot and the lie of resilienceThe rise of the robot and the lie of resilience
The rise of the robot and the lie of resilienceGirija Shettar
 
Data-Driven Selling and The Value of Data In The Water Industry
Data-Driven Selling and The Value of Data In The Water IndustryData-Driven Selling and The Value of Data In The Water Industry
Data-Driven Selling and The Value of Data In The Water IndustrySunit Mohindroo
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
 
A review on Implementation Of Integrated System to Avoid Flood Like Situation
A review on Implementation Of Integrated System to Avoid Flood Like SituationA review on Implementation Of Integrated System to Avoid Flood Like Situation
A review on Implementation Of Integrated System to Avoid Flood Like SituationIRJET Journal
 

Similar to Cyber Attack Opens Dam Flood Gates Causing Economic Loss (20)

SCADA Security
SCADA SecuritySCADA Security
SCADA Security
 
IRJET- A Survey Paper on Dam Management
IRJET- A Survey Paper on Dam ManagementIRJET- A Survey Paper on Dam Management
IRJET- A Survey Paper on Dam Management
 
Smart Water Meter System for Detecting Sudden Water Leakage
Smart Water Meter System for Detecting Sudden Water LeakageSmart Water Meter System for Detecting Sudden Water Leakage
Smart Water Meter System for Detecting Sudden Water Leakage
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
 
Design of Early Flood Warning System
Design of Early Flood Warning SystemDesign of Early Flood Warning System
Design of Early Flood Warning System
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
 
What are the risks that may affect the availability of a data center
What are the risks that may affect the availability of a data centerWhat are the risks that may affect the availability of a data center
What are the risks that may affect the availability of a data center
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...
Future Trends in Hydraulic Barrier Technology_ Towards Smarter and Greener Fl...
 
US Power Grid Vs. Smart Grid
US Power Grid Vs. Smart GridUS Power Grid Vs. Smart Grid
US Power Grid Vs. Smart Grid
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Null Feb 13
Null Feb 13Null Feb 13
Null Feb 13
 
Power blackout a case for critical condition management
Power blackout a case for critical condition managementPower blackout a case for critical condition management
Power blackout a case for critical condition management
 
Digital Disruption in the Water Utility Value Chain
Digital Disruption in the Water Utility Value ChainDigital Disruption in the Water Utility Value Chain
Digital Disruption in the Water Utility Value Chain
 
IRJET - Advanced Flood Level Monitoring and Alerting System
IRJET - Advanced Flood Level Monitoring and Alerting SystemIRJET - Advanced Flood Level Monitoring and Alerting System
IRJET - Advanced Flood Level Monitoring and Alerting System
 
Transforming Our Cities: High Performance Green Infrastructure and Distribute...
Transforming Our Cities: High Performance Green Infrastructure and Distribute...Transforming Our Cities: High Performance Green Infrastructure and Distribute...
Transforming Our Cities: High Performance Green Infrastructure and Distribute...
 
The rise of the robot and the lie of resilience
The rise of the robot and the lie of resilienceThe rise of the robot and the lie of resilience
The rise of the robot and the lie of resilience
 
Data-Driven Selling and The Value of Data In The Water Industry
Data-Driven Selling and The Value of Data In The Water IndustryData-Driven Selling and The Value of Data In The Water Industry
Data-Driven Selling and The Value of Data In The Water Industry
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
 
A review on Implementation Of Integrated System to Avoid Flood Like Situation
A review on Implementation Of Integrated System to Avoid Flood Like SituationA review on Implementation Of Integrated System to Avoid Flood Like Situation
A review on Implementation Of Integrated System to Avoid Flood Like Situation
 

More from ~Eric Principe

Net flix embracingfailure re-invent2014-141113085858-conversion-gate02
Net flix embracingfailure re-invent2014-141113085858-conversion-gate02Net flix embracingfailure re-invent2014-141113085858-conversion-gate02
Net flix embracingfailure re-invent2014-141113085858-conversion-gate02~Eric Principe
 
Leading private-equity-firms-that-invest-in-healthcare-part-vi
Leading private-equity-firms-that-invest-in-healthcare-part-viLeading private-equity-firms-that-invest-in-healthcare-part-vi
Leading private-equity-firms-that-invest-in-healthcare-part-vi~Eric Principe
 
Seattle public companies
Seattle public companiesSeattle public companies
Seattle public companies~Eric Principe
 
2019 Fiscal Year Close
2019 Fiscal Year Close 2019 Fiscal Year Close
2019 Fiscal Year Close ~Eric Principe
 
E book 17 hr tech stack partners
E book 17 hr tech stack partnersE book 17 hr tech stack partners
E book 17 hr tech stack partners~Eric Principe
 
Dxc duck creek_partnership_fact_sheet_2020
Dxc duck creek_partnership_fact_sheet_2020Dxc duck creek_partnership_fact_sheet_2020
Dxc duck creek_partnership_fact_sheet_2020~Eric Principe
 
2015.03.17 media release_-_behavior_services_2
2015.03.17 media release_-_behavior_services_22015.03.17 media release_-_behavior_services_2
2015.03.17 media release_-_behavior_services_2~Eric Principe
 
2019 compass-hyannis-port-attendee-bios
2019 compass-hyannis-port-attendee-bios2019 compass-hyannis-port-attendee-bios
2019 compass-hyannis-port-attendee-bios~Eric Principe
 
Property and-casualty-insurance-2020
Property and-casualty-insurance-2020Property and-casualty-insurance-2020
Property and-casualty-insurance-2020~Eric Principe
 
Mc kesson 401k-spd(1)
Mc kesson 401k-spd(1)Mc kesson 401k-spd(1)
Mc kesson 401k-spd(1)~Eric Principe
 
Fleming martin whitepaper-bringing-the-executive-search-function-in-house
Fleming martin whitepaper-bringing-the-executive-search-function-in-houseFleming martin whitepaper-bringing-the-executive-search-function-in-house
Fleming martin whitepaper-bringing-the-executive-search-function-in-house~Eric Principe
 
Sts capability-statement 28-feb2019_3-002
Sts capability-statement 28-feb2019_3-002Sts capability-statement 28-feb2019_3-002
Sts capability-statement 28-feb2019_3-002~Eric Principe
 
Fy19 nrr-annual-report-public-web-1-2
Fy19 nrr-annual-report-public-web-1-2Fy19 nrr-annual-report-public-web-1-2
Fy19 nrr-annual-report-public-web-1-2~Eric Principe
 
E5d821044923e372166da53b788e757a
E5d821044923e372166da53b788e757aE5d821044923e372166da53b788e757a
E5d821044923e372166da53b788e757a~Eric Principe
 
Almeda health 2019 05-23-bot-g-budget-combined
Almeda health 2019 05-23-bot-g-budget-combinedAlmeda health 2019 05-23-bot-g-budget-combined
Almeda health 2019 05-23-bot-g-budget-combined~Eric Principe
 
Adult family home business tool kit
Adult family home business tool kitAdult family home business tool kit
Adult family home business tool kit~Eric Principe
 
Ccrn q2 2019 investor presentation final
Ccrn q2 2019 investor presentation finalCcrn q2 2019 investor presentation final
Ccrn q2 2019 investor presentation final~Eric Principe
 
Cb insights amazon-in-healthcare-briefing
Cb insights amazon-in-healthcare-briefingCb insights amazon-in-healthcare-briefing
Cb insights amazon-in-healthcare-briefing~Eric Principe
 
Catalyzing coordinationtechnologyswholepersoncare
Catalyzing coordinationtechnologyswholepersoncareCatalyzing coordinationtechnologyswholepersoncare
Catalyzing coordinationtechnologyswholepersoncare~Eric Principe
 

More from ~Eric Principe (20)

Net flix embracingfailure re-invent2014-141113085858-conversion-gate02
Net flix embracingfailure re-invent2014-141113085858-conversion-gate02Net flix embracingfailure re-invent2014-141113085858-conversion-gate02
Net flix embracingfailure re-invent2014-141113085858-conversion-gate02
 
Leading private-equity-firms-that-invest-in-healthcare-part-vi
Leading private-equity-firms-that-invest-in-healthcare-part-viLeading private-equity-firms-that-invest-in-healthcare-part-vi
Leading private-equity-firms-that-invest-in-healthcare-part-vi
 
Seattle public companies
Seattle public companiesSeattle public companies
Seattle public companies
 
2019 Fiscal Year Close
2019 Fiscal Year Close 2019 Fiscal Year Close
2019 Fiscal Year Close
 
E book 17 hr tech stack partners
E book 17 hr tech stack partnersE book 17 hr tech stack partners
E book 17 hr tech stack partners
 
Dxc duck creek_partnership_fact_sheet_2020
Dxc duck creek_partnership_fact_sheet_2020Dxc duck creek_partnership_fact_sheet_2020
Dxc duck creek_partnership_fact_sheet_2020
 
2015.03.17 media release_-_behavior_services_2
2015.03.17 media release_-_behavior_services_22015.03.17 media release_-_behavior_services_2
2015.03.17 media release_-_behavior_services_2
 
2019 compass-hyannis-port-attendee-bios
2019 compass-hyannis-port-attendee-bios2019 compass-hyannis-port-attendee-bios
2019 compass-hyannis-port-attendee-bios
 
Property and-casualty-insurance-2020
Property and-casualty-insurance-2020Property and-casualty-insurance-2020
Property and-casualty-insurance-2020
 
Mc kesson 401k-spd(1)
Mc kesson 401k-spd(1)Mc kesson 401k-spd(1)
Mc kesson 401k-spd(1)
 
Fleming martin whitepaper-bringing-the-executive-search-function-in-house
Fleming martin whitepaper-bringing-the-executive-search-function-in-houseFleming martin whitepaper-bringing-the-executive-search-function-in-house
Fleming martin whitepaper-bringing-the-executive-search-function-in-house
 
Mark18v02
Mark18v02Mark18v02
Mark18v02
 
Sts capability-statement 28-feb2019_3-002
Sts capability-statement 28-feb2019_3-002Sts capability-statement 28-feb2019_3-002
Sts capability-statement 28-feb2019_3-002
 
Fy19 nrr-annual-report-public-web-1-2
Fy19 nrr-annual-report-public-web-1-2Fy19 nrr-annual-report-public-web-1-2
Fy19 nrr-annual-report-public-web-1-2
 
E5d821044923e372166da53b788e757a
E5d821044923e372166da53b788e757aE5d821044923e372166da53b788e757a
E5d821044923e372166da53b788e757a
 
Almeda health 2019 05-23-bot-g-budget-combined
Almeda health 2019 05-23-bot-g-budget-combinedAlmeda health 2019 05-23-bot-g-budget-combined
Almeda health 2019 05-23-bot-g-budget-combined
 
Adult family home business tool kit
Adult family home business tool kitAdult family home business tool kit
Adult family home business tool kit
 
Ccrn q2 2019 investor presentation final
Ccrn q2 2019 investor presentation finalCcrn q2 2019 investor presentation final
Ccrn q2 2019 investor presentation final
 
Cb insights amazon-in-healthcare-briefing
Cb insights amazon-in-healthcare-briefingCb insights amazon-in-healthcare-briefing
Cb insights amazon-in-healthcare-briefing
 
Catalyzing coordinationtechnologyswholepersoncare
Catalyzing coordinationtechnologyswholepersoncareCatalyzing coordinationtechnologyswholepersoncare
Catalyzing coordinationtechnologyswholepersoncare
 

Recently uploaded

Unity is Strength 2024 Peace Haggadah + Song List.pdf
Unity is Strength 2024 Peace Haggadah + Song List.pdfUnity is Strength 2024 Peace Haggadah + Song List.pdf
Unity is Strength 2024 Peace Haggadah + Song List.pdfRebeccaSealfon
 
Sawwaf Calendar, 2024
Sawwaf Calendar, 2024Sawwaf Calendar, 2024
Sawwaf Calendar, 2024Bassem Matta
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Chirag Delhi | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Chirag Delhi | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Chirag Delhi | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Chirag Delhi | Delhisoniya singh
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiAmil Baba Mangal Maseeh
 
Do You Think it is a Small Matter- David’s Men.pptx
Do You Think it is a Small Matter- David’s Men.pptxDo You Think it is a Small Matter- David’s Men.pptx
Do You Think it is a Small Matter- David’s Men.pptxRick Peterson
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiAmil Baba Mangal Maseeh
 
black magic specialist amil baba pakistan no 1 Black magic contact number rea...
black magic specialist amil baba pakistan no 1 Black magic contact number rea...black magic specialist amil baba pakistan no 1 Black magic contact number rea...
black magic specialist amil baba pakistan no 1 Black magic contact number rea...Amil Baba Mangal Maseeh
 
Culture Clash_Bioethical Concerns_Slideshare Version.pptx
Culture Clash_Bioethical Concerns_Slideshare Version.pptxCulture Clash_Bioethical Concerns_Slideshare Version.pptx
Culture Clash_Bioethical Concerns_Slideshare Version.pptxStephen Palm
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiAmil Baba Naveed Bangali
 
St. Louise de Marillac: Animator of the Confraternities of Charity
St. Louise de Marillac: Animator of the Confraternities of CharitySt. Louise de Marillac: Animator of the Confraternities of Charity
St. Louise de Marillac: Animator of the Confraternities of CharityFamvin: the Worldwide Vincentian Family
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiAmil Baba Mangal Maseeh
 
🔝9953056974🔝!!-YOUNG BOOK model Call Girls In Pushp vihar Delhi Escort service
🔝9953056974🔝!!-YOUNG BOOK model Call Girls In Pushp vihar Delhi Escort service🔝9953056974🔝!!-YOUNG BOOK model Call Girls In Pushp vihar Delhi Escort service
🔝9953056974🔝!!-YOUNG BOOK model Call Girls In Pushp vihar Delhi Escort service9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Study of the Psalms Chapter 1 verse 1 - wanderean
Study of the Psalms Chapter 1 verse 1 - wandereanStudy of the Psalms Chapter 1 verse 1 - wanderean
Study of the Psalms Chapter 1 verse 1 - wandereanmaricelcanoynuay
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiAmil Baba Naveed Bangali
 
Codex Singularity: Search for the Prisca Sapientia
Codex Singularity: Search for the Prisca SapientiaCodex Singularity: Search for the Prisca Sapientia
Codex Singularity: Search for the Prisca Sapientiajfrenchau
 
Surah Yasin Read and Listen Online From Faizeislam
Surah Yasin Read and Listen Online From FaizeislamSurah Yasin Read and Listen Online From Faizeislam
Surah Yasin Read and Listen Online From Faizeislamaijazuddin14
 
The Chronological Life of Christ part 097 (Reality Check Luke 13 1-9).pptx
The Chronological Life of Christ part 097 (Reality Check Luke 13 1-9).pptxThe Chronological Life of Christ part 097 (Reality Check Luke 13 1-9).pptx
The Chronological Life of Christ part 097 (Reality Check Luke 13 1-9).pptxNetwork Bible Fellowship
 
Call Girls In East Of Kailash 9654467111 Short 1500 Night 6000
Call Girls In East Of Kailash 9654467111 Short 1500 Night 6000Call Girls In East Of Kailash 9654467111 Short 1500 Night 6000
Call Girls In East Of Kailash 9654467111 Short 1500 Night 6000Sapana Sha
 

Recently uploaded (20)

Unity is Strength 2024 Peace Haggadah + Song List.pdf
Unity is Strength 2024 Peace Haggadah + Song List.pdfUnity is Strength 2024 Peace Haggadah + Song List.pdf
Unity is Strength 2024 Peace Haggadah + Song List.pdf
 
Sawwaf Calendar, 2024
Sawwaf Calendar, 2024Sawwaf Calendar, 2024
Sawwaf Calendar, 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Chirag Delhi | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Chirag Delhi | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Chirag Delhi | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Chirag Delhi | Delhi
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
 
Do You Think it is a Small Matter- David’s Men.pptx
Do You Think it is a Small Matter- David’s Men.pptxDo You Think it is a Small Matter- David’s Men.pptx
Do You Think it is a Small Matter- David’s Men.pptx
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
 
black magic specialist amil baba pakistan no 1 Black magic contact number rea...
black magic specialist amil baba pakistan no 1 Black magic contact number rea...black magic specialist amil baba pakistan no 1 Black magic contact number rea...
black magic specialist amil baba pakistan no 1 Black magic contact number rea...
 
Culture Clash_Bioethical Concerns_Slideshare Version.pptx
Culture Clash_Bioethical Concerns_Slideshare Version.pptxCulture Clash_Bioethical Concerns_Slideshare Version.pptx
Culture Clash_Bioethical Concerns_Slideshare Version.pptx
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
 
St. Louise de Marillac: Animator of the Confraternities of Charity
St. Louise de Marillac: Animator of the Confraternities of CharitySt. Louise de Marillac: Animator of the Confraternities of Charity
St. Louise de Marillac: Animator of the Confraternities of Charity
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
 
🔝9953056974🔝!!-YOUNG BOOK model Call Girls In Pushp vihar Delhi Escort service
🔝9953056974🔝!!-YOUNG BOOK model Call Girls In Pushp vihar Delhi Escort service🔝9953056974🔝!!-YOUNG BOOK model Call Girls In Pushp vihar Delhi Escort service
🔝9953056974🔝!!-YOUNG BOOK model Call Girls In Pushp vihar Delhi Escort service
 
Study of the Psalms Chapter 1 verse 1 - wanderean
Study of the Psalms Chapter 1 verse 1 - wandereanStudy of the Psalms Chapter 1 verse 1 - wanderean
Study of the Psalms Chapter 1 verse 1 - wanderean
 
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in KarachiNo.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
No.1 Amil baba in Pakistan amil baba in Lahore amil baba in Karachi
 
Codex Singularity: Search for the Prisca Sapientia
Codex Singularity: Search for the Prisca SapientiaCodex Singularity: Search for the Prisca Sapientia
Codex Singularity: Search for the Prisca Sapientia
 
young Whatsapp Call Girls in Adarsh Nagar🔝 9953056974 🔝 escort service
young Whatsapp Call Girls in Adarsh Nagar🔝 9953056974 🔝 escort serviceyoung Whatsapp Call Girls in Adarsh Nagar🔝 9953056974 🔝 escort service
young Whatsapp Call Girls in Adarsh Nagar🔝 9953056974 🔝 escort service
 
Surah Yasin Read and Listen Online From Faizeislam
Surah Yasin Read and Listen Online From FaizeislamSurah Yasin Read and Listen Online From Faizeislam
Surah Yasin Read and Listen Online From Faizeislam
 
🔝9953056974 🔝young Delhi Escort service Vinay Nagar
🔝9953056974 🔝young Delhi Escort service Vinay Nagar🔝9953056974 🔝young Delhi Escort service Vinay Nagar
🔝9953056974 🔝young Delhi Escort service Vinay Nagar
 
The Chronological Life of Christ part 097 (Reality Check Luke 13 1-9).pptx
The Chronological Life of Christ part 097 (Reality Check Luke 13 1-9).pptxThe Chronological Life of Christ part 097 (Reality Check Luke 13 1-9).pptx
The Chronological Life of Christ part 097 (Reality Check Luke 13 1-9).pptx
 
Call Girls In East Of Kailash 9654467111 Short 1500 Night 6000
Call Girls In East Of Kailash 9654467111 Short 1500 Night 6000Call Girls In East Of Kailash 9654467111 Short 1500 Night 6000
Call Girls In East Of Kailash 9654467111 Short 1500 Night 6000
 

Cyber Attack Opens Dam Flood Gates Causing Economic Loss

  • 1. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates October 2018 This report was a collaboration with the Cyence Risk Analytics product team at Guidewire
  • 2. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 2 Table of Contents Introduction 3 Dams in the United States 3 Physical Dam Structures 3 Control Systems in Dams 5 Motivations for an ICS Attack 7 Dam Attack Scenarios 7 Resulting Damage 9 Economic Loss Analysis 10 Insurance Implications 12 Protection Gap Implications 12 Reinsurance Implications 12 Other Considerations 13 Mitigation Strategies 13 Conclusion 13 References 14 Contact Information 16
  • 3. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 3 Introduction Over the past few years, cyber risk has moved from imagined scenarios to a threat that is increasingly real and prevalent. Cyber insurance products are growing quickly, but at roughly USD 4 billion in premiums they comprise less than 0.3 percent of the global property-casualty market. The greater concern for the insurance industry is the potential “silent cyber” risk residing in traditional property and casualty policies—the risk that a cyber event could trigger payouts under existing policy wordings that may not have been priced, or accounted for, by the issuing insurer or reinsurer. This report presents a scenario that triggers “silent cyber” loss. Silent cyber risk is a byproduct of how businesses have embraced network connectivity and become increasingly reliant on technology. The use of programmable logic controllers (“PLCs”), Supervisory Control and Data Acquisition (“SCADA”) devices, and generally the Industrial Internet of Things (IIoT) is growing rapidly, spanning industries such as transportation, utilities, and logistics, with spending expected to reach USD 500 billion globally by 2020 (Accenture). As the number of connected technologies in control systems increases, so does the cyberattack exposure of those systems. We aim to help insurers understand silent cyber risk by describing and assessing a hypothetical situation in which a cyberattack compromises the control systems of a hydroelectric dam, resulting in flooding to the surrounding area. Dams in the United States There are 90,580 dams in the United States (NID, 2016), serving purposes including irrigation, hydroelectric power, flood control, and recreation. The federal government owns and operates only four percent of these dams, but this accounts for 80 percent of the “largest and highest-consequence” dams in the United States (DHS, 2015). In addition, 2,600 (~three percent) of the non-federally-owned hydropower dams have a capacity of at least 10,000 megawatts, making them regulated by the Federal Energy Regulatory Commission (FERC). The remaining 93 percent are owned by state and local governments, public utilities, and private companies, and regulated primarily through state dam safety programs. Over 15,000 dams in the United States are categorized as high-hazard potential because their failure would likely cause loss of life. This number continues to climb as land development and population increases. According to the American Society of Civil Engineers, there are over 2,000 high-hazard potential dams that are deficient due to lack of investment. The consequences of a dam failure could vary greatly depending on the dam’s purpose, size, location, design, building material, and other factors. Physical Dam Structures Although each dam structure is unique, most share the same basic components. In general, a dam is situated on a waterway such that it restricts the flow of water, resulting in an upstream pool called the reservoir. Water from the reservoir may be released through gates or outlets to rejoin the river downstream. In a hydropower dam, the outflow from the reservoir moves through a penstock to reach a turbine. The kinetic energy of the falling water moves the turbine, and this mechanical energy is converted into power by an on-site generator (U.S. Department of Interior, 2016).
  • 4. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 4 Exhibit 1: Basic structure of a hydroelectric dam Source: Guidewire The dam normally conforms to a strict, standard regulation plan which includes water releases during low- inflow (normal, non-flood) or high-inflow (e.g. rainfall event or snowmelt) conditions. Under a high-inflow condition, the water level of the reservoir is reduced to accommodate the inflow by releasing water through various outflow valves and over the spillway. In the February 2017 Oroville Dam crisis, heavy rains and flooding in the area forced operators to use the main spillway, and then the emergency spillway after the main spillway failed. More than 180,000 occupants of the Feather River Basin were evacuated due to erosion of the emergency spillway, and the incident ultimately caused more than USD 870 million in damage. This loss resulted from the normal course of operations, combined with unexpected weather and the aging infrastructure of the dam, rather than malicious activity (Oroville 2018). Water releases from the reservoir are a vital part of dam function, but they can also be dangerous, especially for those dams that also serve as recreational areas for the local population. In 2011, a nine- year old girl drowned after tubing in the Chattahoochee River during a release from Buford Dam. “The Chattahoochee can change quickly from a serene slow-moving stream to a swift and treacherous river when water is released at Buford Dam. During water release, the river can rise up to 11 feet within a matter of minutes,” cautions the U.S. Army Corps of Engineers. Operators of large dams control powerful infrastructure assets and must make careful decisions about release timing and outflow rate, sometimes in an urgent manner.
  • 5. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 5 Control Systems in Dams Many dams use automated control systems, SCADA devices, and PLCs to obtain both real-time data and agile reaction to factors such as changes in water level or flow rates. Although some dams still rely solely on manual operations or electromechanical controls, many use a combination of sensors, automated controllers, and computers utilizing logic controllers to monitor and adjust water levels and flow. During our research for this scenario, Guidewire’s Cyence Risk Analytics team and Aon interviewed multiple dam operators, owners, regulators, and experts involved with dam operations, many of whom spoke with us off the record. According to one major dam operator, “Each dam has a specific preference for equipment and vendors used in their installations, and those are supported both internally and externally.” In other words, the equipment and vendors found in dam systems are very heterogeneous, with a high degree of customization, making specificity in security standards more difficult to implement across the dam industry. These dam control systems are supported by external vendors as well as internal parties, adding to the number of users with access to sensitive systems. A typical SCADA system in a large dam might include water level, pressure, and temperature sensors connected to a series of programmable logic controllers (PLCs) or remote terminal units (RTUs) that convert sensor signals into digital data and perform basic scripted logic functions – for example, if the sensor detects a water level is too high, the PLC could signal for an increase in water released from the reservoir. These PLCs and RTUs also communicate with computers, allowing an operator to interface with the system through a software client, usually provided by the vendor as part of a packaged SCADA solution. The computer and the field components are connected in a variety of ways including a local area network (LAN) of telephone, Ethernet, or fiber-optic cables. This network also hosts a SCADA server and usually a database server for log storage. If longer connections are required between components, a wide area network (WAN) may be required, using telephone lines, power cables, or cellular networks. The modern system allows operators to see visualizations of valve, motor, or electric activities, as well as water level and pressure. A distinguished researcher and expert in the field said that the motivation for dam owners to install control systems is related to both performance and profit. “Owners want to get the best return on their investment, which means adding automation and remote monitoring capabilities.” The cybersecurity of critical infrastructure assets, such as dams, has become a focal point in recent years because of several prominent examples of malware designed for industrial control systems (U.S. ICS) and the physical damage that could occur if these systems were compromised. A notable real-world example occurred in the deep winter of 2015, when Ukraine experienced widespread power outages lasting about 6 hours due to a cyberattack that compromised an industrial control system in its power grid. In addition, sophisticated cyberattacks continue against critical infrastructure in other countries, as seen in the GreyEnergy campaign observed in the middle of 2018 (Cherepanov, 2018). In 2016, for the first time, the Industrial Control Systems Cyber Emergency Response Team (U.S. ICS- CERT) included dams in its assessments along with other types of infrastructure such as chemical plants, manufacturing facilities, and wastewater treatment. ICS-CERT performed 98 assessments in FY2016 and recorded 94 instances of weak boundary protection of the control system, which could facilitate unauthorized access. ICS-CERT discovered 42 unnecessary services, devices and ports on subjects’ control systems, as well as 36 instances of weak identification and authentication management. According to ICS-CERT, U.S. national infrastructure, including the dam sector, continues to be a target- rich environment for cyberattacks. In 2016, the Justice Department unsealed an indictment of an Iranian national, Hamid Firoozi, who is believed to have breached the control system of the Bowman Avenue
  • 6. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 6 Dam in Rye Brook, New York between August 28th and September 18th, 2013. The SCADA system, installed only a few years earlier, was connected to the Internet through a cellular modem. Aon Cyber Solutions says that improper network segmentation for SCADA networks, such as improper firewalling between corporate and SCADA networks or direct connection to the Internet, continues to be the most common problem in the field when testing SCADA system security. The level of access Firoozi allegedly obtained would allow him to obtain water level and temperature information and to remotely operate the dam’s gate—except that during that period, the electronic gate was taken offline for maintenance. Rye Brook is a relatively low-population area in Westchester County, but a 2007 flood caused more than USD 80 million of damage to the nearby City of Rye. If a hacker had been able to open the floodgate during a storm, he could have caused comparable damage to local homes and businesses. As one dam-operating company says, “Cyber threats are one of the highest concerns due to safety of the general public. Historically, manually-operated components are increasingly becoming more complex and supplemented with remote capabilities.” Exhibit 2: Possible network configuration for a dam with ICS components Note: Once inside the network firewall, access to other devices is possible. Source: Guidewire Furthermore, even larger and more significant dams may be at risk for unauthorized access. A 2018 report from the Office of the Inspector General (U.S. OIG) highlighted poor security practices at two unnamed critical infrastructure dams operated by the U.S. Bureau of Reclamation (USBR). The evaluation by OIG found that there were 30 total user accounts with system administrator rights and only 25 active users. Ten of these critical access accounts had not had password changes for more than a year. There were also 18 group accounts with passwords shared among 11 different persons. Seven of the group accounts had not been used for over a year. These were found to be in violation of the principle of least privilege and NIST 800-53 Rev. 4. Among other potential vulnerabilities, these weak password
  • 7. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 7 policies and access control policies would potentially allow malicious actors to breach and operate the control systems. Motivations for an ICS Attack Many cyberattacks, especially the most advanced attacks, are not conducted in isolation but rather are part of a larger agenda by the attacking group. We assess these factors to be called motivational factors. Cyberattacks are unique in the sense they carry a level of deniability and lack of absolute attribution, especially in the case of advanced and methodical hackers. These groups can quickly grow in numbers to amplify the damage. Cyber motivations can range dramatically, but we propose that they could stem from some of the following ideologies. Political and economic relations between nation states could influence cyber threats against one other. These factors range from preemptive strikes for intelligence gathering, to deep persistence for activated disruption. Even if companies are not directly targeted, they may still be collateral damage in disputes between nation states, as seen with the NotPetya attack. We believe these attacks will continue to advance in the future. Individuals or focused groups with negative sentiment towards a company or service provide another motivational factor. These groups include hacktivists, insiders, and terrorists, all motivated to create havoc, cause disruption, garner attention, or make a statement. And lastly, economic espionage and financial gain is another motivational driver, with the goal of monetizing a cyberattack through physical or non-physical threats, theft of important secrets or data, diversion of funds, or data or system hijacking. Should an advanced cyberattacker want to target systems for financial gain, extortion (such as ransomware) has been a proven method in recent years. Dam Attack Scenarios In the following scenarios, we draw on a mix of processes and procedures currently in place at dams across the United States, without naming any specific company or provider. A local, privately-owned dam based in the United States provides hydroelectric power for many communities, businesses, and residents, as well as a safe recreation area down the river. The dam is remotely operated and monitored, and only has workers on premises every few weeks to test systems, update hardware and ensure structural integrity. To conduct these checks, the dam owner contracts several engineering consulting firms for services that range from construction and physical damage repair to integration and upgrades of IT systems. Contractor X employs 50 personnel that provide professional services to a variety of industrial sectors, including manufacturing, energy, and utilities. They provide installation and technical support for products from many major PLC and SCADA vendors that are in use at the dam and have worked on the dam’s hydroelectric control systems for years. Contractor X is targeted by an attacker, who sends carefully crafted phishing emails to engineers at Contractor X which contain a malicious payload under the guise of a corporate document with macros. One of the engineers unknowingly downloads the malware, which runs code that scans, searches, and captures information and data from the engineer’s computer and the Contractor X network using a combination of built-in and open-source penetration testing tools. This allows the attacker to install a keylogger that captures each keystroke the engineer types. At this point, the attacker merely waits for the engineer to log in remotely to the dam’s control systems and captures the engineer’s login credentials.
  • 8. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 8 Exhibit 3: Timeline of the attack scenario Source: Guidewire Because of the need to operate the dam remotely, each technician who works on the dam has an individual VPN account to access the human-machine interface (HMI) system at the dam site. They are granted local administrator rights to perform system updates, maintenance, and operations. The HMI includes a client application for the SCADA system, with monitoring and control panels of various components of the system. Once the contractor enters his VPN credentials for the HMI system from his laptop and authenticates with his username and password, the attacker uses the information he has obtained to access the system himself. Once on the dam network, the attacker sets up a rogue Transmission Control Protocol (TCP) proxy and Address Resolution Protocol (ARP) spoofing to determine common protocols used on the network. ICS devices are known to communicate to each other using a variety of proprietary and open protocols. The attacker notices a protocol of interest, the Simple Network Management Protocol (SNMP) and crafts broadcast requests to look for connected devices on the same network. By using default strings in the SNMP protocol, the attacker discovers the system name and IP address of several devices from well- known vendors. Typically, firewalls block unwanted and unusual traffic at the perimeter of the network to prevent abuse, but because the request is made from inside the network, devices are configured to respond appropriately. Other devices on the network are probed, logged, and sent to a remote server for inspection via encrypted communications, which go undetected by the intrusion detection systems on the dam network. Based on the attacker’s enumeration of the connected devices, the malicious actor can locate the specific product, version, and purpose of many types of equipment. In this dam system, these devices include autonomous gates and outlets that control the release of water from the reservoir, as well as water level, pressure, and flow sensors. For multiple days, the attacker’s presence on the system is both persistent and undetected due to the stolen credentials. The attacker familiarizes himself with the commands used to perform legitimate dam operations, including the controlled release of water by slightly raising the gates and outlets. After his preparation is complete, the attacker executes a command to raise all gates and outlets to maximum height, causing an uncontrolled and unscheduled outflow of water during the late evening. Due to the flow and pressure of the water coming down the penstock, the turbine fails, damaging the structure and reducing the resistance faced by the rapidly moving water. Flooding ensues downriver, causing massive
  • 9. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 9 destruction to the downstream recreation area and to homes and businesses in the wider river valley. Over the course of the next 24 hours, emergency crews arrive to repair and start containment of the water outflow. Resulting Damage We analyzed the potential impacts of these scenarios to commercial and residential property at three U.S. hydroelectric dams. These dams were selected to illustrate low, medium, and high insurance exposures, respectively. A summary of the dam characteristics appears below in exhibit 4. Exhibit 4: Overview of selected dams Characteristics Dam 1 Dam 2 Dam 3 Construction type Earth and rock fill embankment dam Earth and rock fill embankment dam Concrete gravity dam Dam height 170m 240m 100m Dam width 910m 2,100m 430m Reservoir capacity 180,000,000 m3 4,400,000,000 m3 1,205,000,000 m3 Floodplain area 140 km2 3,470 km2 1,340 km2 Floodplain population 115,000 170,000 695,000 Exposed Value - Residential $10,000mn $24,400mn $110,500mn Exposed Value - Commercial $24,500mn $12,900mn $90,300mn Exposed Value - Total $34,500mn $37,300mn $200,800mn Source: Aon Dam 1 is an earth and rock embankment dam with only a few outlets for water release. This dam is located in a rural area with a low population density, but it is part of a larger water system that services some larger cities in the region. The floodplain of the dam has an area with a population of 115,000 and total exposed value of USD 34.5 billion. Dam 2 is an earth and rock embankment dam with several outlets and gates for controlled water release. Dam 2 is located upstream of an area with a population of about 170,000 and total exposed value of USD 37.3 billion. Dam 3 is a large, concrete gravity dam with several outlets and gates for controlled water release. Dam 3 is located very close to a large metropolitan area, with a floodplain population of about 695,000 and USD 200.8 billion in total exposed value. If one of these scenarios were to occur, it would likely result in property, liability, and affirmative cyber insurance losses for the dam operator. For purposes of this study though, we are focusing on the much larger potential impacts resulting from downstream flood damages.
  • 10. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 10 Economic Loss Analysis With a team of flood modeling experts, we estimated both residential and commercial loss for each of the three dams1. To provide a range of outcomes, we modeled each dam scenario under a conservative (“high”) set of assumptions as well as a less conservative (“low”) set of assumptions. The results are shown in exhibit 5. Exhibit 5: Economic losses (USD millions) Dam 1 Dam 2 Dam 3 Residential loss Low 2,088 3,001 18,218 High 3,467 5,677 37,006 Commercial loss Low 3,885 1,857 7,940 High 5,668 2,956 18,977 Total loss Low 5,973 4,858 26,158 High 9,134 8,633 55,983 Source: Aon The estimated losses represent a wide range of values. With up to USD 56 billion of economic loss estimated for Dam 3, these numbers indicate the damage that such a cyber risk could cause in the physical world. Note that Dam 3 is much smaller in size and reservoir capacity than Dam 2, but its presence near a population center greatly increases its loss potential. While Dam 3 shows the highest severity, this does not necessarily imply that it would have the lowest frequency. A threat actor looking to cause disruption to the U.S. would likely seek out more extreme impacts. As a result, the peril of cyber risk may serve to “inflate” the tail and increase the likelihood of extreme events relative to what safety experts and flood modelers would expect to see from natural disasters and accidental failures. With economic loss estimates completed, we then estimated the insured loss impact for each of the three dams, which is shown in exhibit 6 on the next page2. 1 Flood damage estimates were first calculated for each of the three dams on an economic loss basis. For residential exposures, we used a residential industry proxy portfolio leveraging industry data by zip code, disaggregated to individual locations. For commercial exposures, we used the Aon proprietary commercial industry portfolio database. Low and high loss estimates were created by varying the first floor height assumptions and the depth of water throughout the flood area. 2 Insurance take-up rates, limits, and retentions were then applied to calculate insured losses based on economic losses. Assumptions were provided by a team of experts in Aon’s flood practice group. Take-up rate assumptions varied by flood zone, and commercial insurance assumptions varied between small commercial and large commercial entities. We assumed small commercial insureds obtain coverage from the NFIP program, as did all residential insureds. We assumed large commercial insureds obtain varying levels of coverage depending on their total exposed value.
  • 11. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 11 Exhibit 6: Insured losses Dam 1 Dam 2 Dam 3 USD mn %TIV USD mn %TIV USD mn %TIV Residential loss Low 95 .95% 154 .63% 3,025 2.74% High 121 1.21% 274 1.12% 4,340 3.93% Commercial loss Low 1,392 5.67% 585 4.54% 1,681 1.86% High 1,890 7.70% 788 6.12% 5,387 5.96% Total insured loss Low 1,486 4.31% 739 1.98% 4,706 2.34% High 2,011 5.83% 1,063 2.85% 9,727 4.84% Source: Aon Residential and commercial properties have very different insurance outcomes. Residential losses will flow almost entirely into the National Flood Insurance Program (NFIP), with a negligible amount of risk covered by private flood policies. Some of the properties affected by these selected dams fall into FEMA Special Flood Hazard Areas, where flood insurance is mandatory for homeowners with a mortgage. But most of the properties fall outside these SFHAs, where take-up rates are extremely low. As a result, these scenarios illustrate a significant protection gap, or underinsurance problem, among U.S. homes that could be affected by the hacking of a significant dam. At the same time, our model results suggest that a cyberattack could cause losses to the National Flood Insurance Program ranging from USD 95 million to at least USD 4.3 billion. For commercial properties, results will differ between small businesses and large complex entities. Small businesses typically buy package policies which do not include flood protection. Like residential properties, small businesses can obtain NFIP coverage, but most do not. Large businesses generally do obtain flood protection through their commercial property policies, with insurers requiring sublimits in Special Flood Hazard Areas. In our scenarios, we estimated commercial flood insurance losses ranging from USD 585 million to USD 5.4 billion across the three dams. Combining residential and commercial losses, we estimate a total insured loss impact ranging from USD 739 million to USD 9.7 billion, depending on the dam and the intensity of the flooding.
  • 12. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 12 Insurance Implications In what ways would the insured losses from this scenario be considered “silent cyber” losses? We define “silent cyber” exposure as the potential for cyber risk to trigger losses on policies where coverage is unintentional, unpriced, or both. “Unintentional” coverage means not explicitly excluded or affirmed (with any applicable sublimit). Flood policies have unintentional cyber risk because the proximate and covered cause on the policy would be the flood—not the cyberattack that causes the flood. Similarly, flood policies will not be priced for a rise in flood frequency or severity as a result of cyberattacks. As a result, we conclude that both residential and commercial flood policies will generally have silent cyber risk. Protection Gap Implications As recent natural disasters have shown, a dam hacking scenario of this kind would highlight the significant underinsurance problem for flood-related perils, as seen in exhibit 7. We estimate an uninsured loss of USD 4.1 billion to USD 46.3 billion depending on the scenario—meaning that only 12 to 25 percent of economic losses would be covered by insurance. Exhibit 7: Protection gap losses Dam 1 Dam 2 Dam 3 USD mn % USD mn % USD mn % Residential uninsured Low 1,993 95.5% 2,847 94.9% 15,193 83.4% High 3,346 96.5% 5,402 95.2% 32,666 88.3% Commercial uninsured Low 2,493 64.2% 1,272 68.5% 6,259 78.8% High 3,778 66.7% 2,168 73.3% 13,589 71.6% Total uninsured Low 4,487 75.1% 4,119 84.8% 21,452 82.0% High 7,123 78.0% 7,570 87.7% 46,256 82.6% Source: Aon Reinsurance Implications Generally, private insurers would get protection from their reinsurers in these scenarios. Property reinsurance treaties provide for direct physical loss arising from cyber events. Often this protection is for named perils, and insurers should ensure that flood is on the list of perils. However, cyber-enabled flood damage could have implications for reinsurers of the NFIP. In the scenario for Dam 3, reinsurers would be exposed to flood losses.
  • 13. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 13 Other Considerations The preceding flood assessment and loss calculations are based on three existing dams of varying size and significance and were selected to demonstrate a range of levels of damage that would occur from a silent cyber incident. We acknowledge that this analysis is not exhaustive, and we excluded several potential complicating factors—loss of life, negative health effects, agricultural impacts, damage to the hydroelectric power plant, the breach of multiple dams in the same water system or that use the same IT contractors—from the cost model for the sake of simplicity. Mitigation Strategies This whitepaper has assumed that a sophisticated attacker is able to carry out the scenario described above. We understand that dam operators may employ a variety of security controls designed to prevent this type of unauthorized access from occurring, including: multi-factor authentication, whitelisting, enforcing least privilege, network segmentation, third-party risk management, and others. It is because of these controls—as well as the geopolitical repercussions—that we view this scenario as a plausible but extreme event. The scenario as described is only one way that a motivated actor might carry out the attack described. Conclusion These scenarios illustrate how technology and connectivity, while generally seen as beneficial, could have unforeseen and undesirable consequences for businesses and homeowners, and by extension, their insurers. Businesses must consider the security risks that new technologies could introduce into their environment, including potential impacts on their clients and communities. Insurers must also consider how changing technologies can cause “established” perils such as flood to morph into new risks, with resulting changes to frequency and severity. By using scenarios such as these, insurers have the ability to stress test their portfolios against new and emerging perils created by cyber risk. With that knowledge, insurers can take steps to mitigate risk, through reinsurance as well as working with businesses to increase their resilience. Lastly, we hope this whitepaper draws additional attention to the importance of closing the protection gap by which flood risk causes harm to society in the U.S. and across the globe.
  • 14. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 14 References Accenture. 2015. Driving Unconventional Growth through the Industrial Internet of Things. Available at: https://www.accenture.com/us-en/_acnmedia/Accenture/next-gen/reassembling-industry/pdf/Accenture- Driving-Unconventional-Growth-through-IIoT.pdf American Society of Civil Engineers. 2017. Infrastructure Report Card: Dams. Available at: https://www.infrastructurereportcard.org/wp-content/uploads/2017/01/Dams-Final.pdf Business Blackout: The insurance implications of a cyber attack on the U.S. power grid - Lloyd's of London https://www.lloyds.com/~/media/files/news-and-insight/risk-insight/2015/business-blackout/business- blackout20150708.pdf Cherepanov, Anton. 2018. GreyEnergy: A successor to BlackEnergy. Available at: https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf Coppolino, Luigi, Salvatore D’Antonio, Valerio Formicola, and Luigi Romano. 2011. Integration of a system for Critical Infrastructure Protection with the OSSIM SIEM platform: a dam case study. Available at: https://link.springer.com/chapter/10.1007/978-3-642-24270-0_15 Donat, Markus G., Andrew L. Lowry, Lisa V. Alexander, Paul A. O’Gorman and Nicola Maher. 2016. More extreme precipitation in the world’s dry and wet regions. Available at: https://www.nature.com/articles/nclimate2941 5 Promising Water Power Technologies, 2017. Department of Energy Efficiency & Renewable Energy. Available at: https://www.energy.gov/eere/articles/5-promising-water-power-technologies Guide to Industrial Control Systems (ICS) Security, 2014. NIST Special Publication 800-82. Available at: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-82r2.pdf Industrial Control Systems Cyber Emergency Response Team. 2017. ICS-CERT Annual Assessment Report FY2016. Available at: https://ics-cert.us- cert.gov/sites/default/files/Annual_Reports/FY2016_Industrial_Control_Systems_Assessment_Summary_ Report_S508C.pdf Kutner, Max. 2016. Alleged Dam Hacking Raises Fears of Cyber Threats to Infrastructure. Available at: http://www.newsweek.com/cyber-attack-rye-dam-iran-441940 Oroville Dam Spillway Incident Independent Forensic Team. 2018. Final Report. Available at: http://www.ussdams.org/our-news/oroville-dam-spillway-incident-independent-forensic-team-final-report/
  • 15. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 15 The National Dam Federal Emergency Management Agency Biennial Report to the United States Congress, Fiscal Years 2014–2015 FEMA P-1067, 2016 Available at: https://www.fema.gov/media-library-data/1470749866373- 5de9234b8a02a3577c2646ffdf6eb087/FEMAP1067.pdf National Inventory of Dams, Corps Map. 2016. Available at: http://nid.usace.army.mil/cm_apex/f?p=838:5:0::NO U.S. Army Corps of Engineers. 2018. Water Safety, Lake Sidney Lanier. Available at: http://www.sam.usace.army.mil/Missions/Civil-Works/Recreation/Lake-Sidney-Lanier/WaterSafety/ U.S. Department of Homeland Security. 2016. Dams Sector Cybersecurity Capability Maturity Model (C2M2). Available at: https://www.dhs.gov/sites/default/files/publications/dams-c2m2-508.pdf U.S. Department of Homeland Security. 2015. Dams Sector Cybersecurity Framework Implementation Guide. Available at: https://www.dhs.gov/sites/default/files/publications/dams-cybersecurity-framework-implementation-guide- 2015-508.pdf U.S. Department of Homeland Security. 2015. Dams Sector-Specific Plan: An Annex to the NIPP 2013. Available at: https://www.dhs.gov/sites/default/files/publications/nipp-ssp-dams-2015-508.pdf U.S. Department of Homeland Security. 2015. Roadmap to Secure Control Systems in the Dams Sector. Available at: https://www.hsdl.org/?abstract&did=726297 U.S. Department of the Interior. 2016. Hydroelectric power: How it works. Available at: https://water.usgs.gov/edu/hyhowworks.html U.S. Department of the Interior. 2018. U.S. Bureau of Reclamation Selected Hydropower Dams at Increased Risk from Insider Threats. Available at: https://www.doioig.gov/sites/doioig.gov/files/FinalEvaluation_ICSDams_Public.pdf U.S. National Institute of Standards and Technology. 2014. Framework for Improving Critical Infrastructure Cybersecurity. Available at: https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
  • 16. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 16 Authors Cyence / Guidewire Matthew Honea Dr. Yoshifumi Yamamoto Special thanks to: Aon Cyber Solutions Aquarion Maggie Engler Dr. Na Xu Our off-the-record interviewees Aon Jonathan Laux Craig Guiliano Dr. Megan Hart Contact Information Guidewire - Cyence Risk Analytics Paul Mang General Manager of Analytics and Data Services pmang@guidewire.com George Ng Chief Technology Officer gng@guidewire.com Matt Honea Director of Cyber mhonea@guidewire.com Julie Eichenseer Director of Global Client Solutions jeichenseer@guidewire.com Aon Greg Heerde Head of Analytics & Inpoint, Americas +1 312 381 5364 greg.heerde@aon.com Catherine Mulligan Global Head of Cyber +1 212 441 1018 catherine.mulligan@aon.com Jon Laux, FCAS Head of Cyber Analytics +1 312 381 5370 jonathan.laux@aon.com
  • 17. Proprietary and Confidential Silent Cyber Scenario: Opening the Flood Gates 17 About Aon Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance. The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. Copyright 2017 Aon plc