This document summarizes a presentation about transmission security and failures in large systems. It discusses how the 9/11 Commission identified four kinds of failures that contributed to the 9/11 attacks. It also notes that while security has always been a priority for the electricity sector, it is an even greater priority now. The document warns that the likelihood of hidden failures increases as the number of components in a large system increases.
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
The document discusses cyber threats and opportunities in the electric utility industry arising from increased automation. It notes that while the electric grid has not experienced a significant cyber-related outage, adversaries with the ability to cause outages currently lack motivation. It highlights challenges around securing critical infrastructure systems and controlling access as the industry moves towards cloud-based services, mobile access, and integration of distributed energy resources and smart grid technologies.
As urban populations grow, cities face challenges in providing infrastructure and public safety for their citizens. Analytics can help cities become smarter by making them instrumented, interconnected and intelligent. This allows cities to gain insights from vast amounts of data to improve outcomes in areas like public safety, transportation, utilities and more. For public safety agencies specifically, analytics enables improved collaboration, predictive capabilities and a more holistic approach to keeping citizens safe.
This document discusses cyber security threats including cyber warfare, cyber crime, cyber terrorism, and cyber espionage. It outlines India's steps to secure cyberspace such as establishing the National Cyber Security Policy and National Critical Information Infrastructure Protection Centre. The document also analyzes how the "Clausewitzian Trinity" of the people, military, and government of a nation are increasingly dependent on information systems, making these elements susceptible to strategic cyber attacks that could paralyze a victim nation. It asserts that cyberspace has become the "fifth domain of war" alongside land, air, sea and space, compelling countries to develop cyber attack and defense capabilities.
[Challenge:Future] Rallying Youth Against Cyber CrimeChallenge:Future
This document proposes a youth-led awareness campaign to prevent cyber crimes. The campaign would work through three approaches: 1) Conducting forums and workshops to educate the public, especially youth, about cyber security risks; 2) Promoting cyber safety drills and proper firewall/antivirus usage; 3) Lobbying for tougher cyber crime laws through youth movements. By empowering youth to spread knowledge about this growing threat, the campaign aims to drastically reduce cyber attacks and their financial costs worldwide.
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
[Challenge:Future] Rallying Youth Against Cyber CrimeChallenge:Future
This document discusses rallying youth against cyber crime through awareness and prevention. It proposes a three-pronged strategy focusing on prevention, preparedness, and awareness creation. This would involve conducting forums to educate youth, promoting cyber safety drills, and lobbying for legal changes. The strategy argues that youth are well-positioned to catalyze change given their role as major users of technology. By making youth aware of the serious financial and social impacts of cyber crimes, this approach could drastically reduce such incidents worldwide.
This document provides information about the Journal of Information Warfare, including the journal staff, editorial board, scope, subscription information, and contents of the upcoming Volume 14, Issue 2. It discusses that the journal aims to provide a forum for academics and practitioners in information warfare/operations to discuss topics ranging from destruction of information systems to psychological aspects of information use. The upcoming issue will feature 9 articles covering key areas related to information assurance and cybersecurity such as cyber operations and defense, training cyber forces, understanding co-evolution of cyber defenses and attacks, and defending cyberspace with software-defined networks.
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
The document discusses cyber threats and opportunities in the electric utility industry arising from increased automation. It notes that while the electric grid has not experienced a significant cyber-related outage, adversaries with the ability to cause outages currently lack motivation. It highlights challenges around securing critical infrastructure systems and controlling access as the industry moves towards cloud-based services, mobile access, and integration of distributed energy resources and smart grid technologies.
As urban populations grow, cities face challenges in providing infrastructure and public safety for their citizens. Analytics can help cities become smarter by making them instrumented, interconnected and intelligent. This allows cities to gain insights from vast amounts of data to improve outcomes in areas like public safety, transportation, utilities and more. For public safety agencies specifically, analytics enables improved collaboration, predictive capabilities and a more holistic approach to keeping citizens safe.
This document discusses cyber security threats including cyber warfare, cyber crime, cyber terrorism, and cyber espionage. It outlines India's steps to secure cyberspace such as establishing the National Cyber Security Policy and National Critical Information Infrastructure Protection Centre. The document also analyzes how the "Clausewitzian Trinity" of the people, military, and government of a nation are increasingly dependent on information systems, making these elements susceptible to strategic cyber attacks that could paralyze a victim nation. It asserts that cyberspace has become the "fifth domain of war" alongside land, air, sea and space, compelling countries to develop cyber attack and defense capabilities.
[Challenge:Future] Rallying Youth Against Cyber CrimeChallenge:Future
This document proposes a youth-led awareness campaign to prevent cyber crimes. The campaign would work through three approaches: 1) Conducting forums and workshops to educate the public, especially youth, about cyber security risks; 2) Promoting cyber safety drills and proper firewall/antivirus usage; 3) Lobbying for tougher cyber crime laws through youth movements. By empowering youth to spread knowledge about this growing threat, the campaign aims to drastically reduce cyber attacks and their financial costs worldwide.
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
[Challenge:Future] Rallying Youth Against Cyber CrimeChallenge:Future
This document discusses rallying youth against cyber crime through awareness and prevention. It proposes a three-pronged strategy focusing on prevention, preparedness, and awareness creation. This would involve conducting forums to educate youth, promoting cyber safety drills, and lobbying for legal changes. The strategy argues that youth are well-positioned to catalyze change given their role as major users of technology. By making youth aware of the serious financial and social impacts of cyber crimes, this approach could drastically reduce such incidents worldwide.
This document provides information about the Journal of Information Warfare, including the journal staff, editorial board, scope, subscription information, and contents of the upcoming Volume 14, Issue 2. It discusses that the journal aims to provide a forum for academics and practitioners in information warfare/operations to discuss topics ranging from destruction of information systems to psychological aspects of information use. The upcoming issue will feature 9 articles covering key areas related to information assurance and cybersecurity such as cyber operations and defense, training cyber forces, understanding co-evolution of cyber defenses and attacks, and defending cyberspace with software-defined networks.
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
The document summarizes challenges facing different stakeholders in securing the smart grid:
- Utilities face rapid deployment, funding shortfalls, technical challenges explaining security, and sophisticated attacks exploiting systems.
- Regulators have inconsistent standards and gaps between policies, creating confusion.
- Equipment manufacturers consider security important but frameworks are not always implemented, leaving systems vulnerable.
Coordinated efforts are needed between utilities, regulators, and manufacturers to address gaps and build a secure smart grid.
2012 Reenergize the Americas 6A: Mike CoopReenergize
This document discusses energy security and microgrids for utilities, communities, and the military. It notes that the Department of Defense is a major consumer of energy, using around 117 billion barrels of oil annually. Various legislation and mandates aim to increase the DoD's use of renewable energy to 25% by 2025. Microgrids and a smarter electric grid can help the DoD meet these renewable energy targets while also improving energy security at military installations. The document cautions that increased connectivity in complex energy systems may introduce new security risks that require approaches like critical infrastructure protection.
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsSVCAVET
WHERE Globalization started:
National Defense University, The Industrial College of the Armed Forces, Washington, DC, 20319
ABSTRACT: The commercial semiconductor industry is characterized by fierce competition, large fluctuations in demand, increasing performance, and falling prices. Defense electronics has become a miniscule part of the semiconductor industry (less than 1%), but is essential to national security. However, U.S. commercial and defense semiconductor production is losing ground. The industry faces a number of challenges, including: rising capital costs, rapidly evolving technology, future workforce shortages, increasing offshore design and production, infringement of intellectual property rights, and ineffective export controls that hinder U.S. global competitiveness.
++ Globalization and the rise of the Asia-Pacific region
CONCLUSIONS:
The semiconductor industry and the defense electronics industry are inextricably linked. Every new weapons system in production will rely on semiconductors as its core component. A healthy, robust, and leading edge semiconductor industry is essential for defense needs and indeed for all elements of national security. Several broad conclusions can be drawn from our study.
• There is growing concern regarding the offshore flight of intellectual capital and semiconductor production facilities. Some argue that the ability of the U.S. to maintain access to cutting-edge technology will be adversely affected. The decline of technical talent among U.S. students contributes to these concerns.
Raoul Chiesa Hacking A Impianti IndustrialiGoWireless
This document discusses security issues related to industrial automation and critical infrastructure. It begins with an introduction of the speaker and their background working in these environments. Several examples of past security incidents are described, such as the Whatcom Falls Park pipeline rupture caused by a SCADA system failure. Technical attacks against these systems are similar to traditional IT attacks like password guessing or exploits. However, the consequences of failures or attacks can be far more severe given the life-critical systems involved. In conclusion, the history and perspectives of industrial automation security differ significantly from traditional IT/ICT security, and standards exist but must be followed carefully given the risks.
The document discusses and compares the existing U.S. power grid and the future "smart grid". The existing grid is highly decentralized with no central control, but relies on aging infrastructure. While it is resilient to outages and attacks, increasing demand will require upgrades. The smart grid will use more advanced monitoring through computer networks, allowing utilities and consumers to reduce usage. While this poses security challenges, experts believe the benefits outweigh the risks, and political support is growing for standards to secure critical infrastructure.
Presentation to OECD project group on Global Risk. Expanded version presented to British Computer Society, Deutsche Bank and University of Southern Denmark.
Cyber(in)security: systemic risks and responsesblogzilla
Presented at National Security 2008 in Brussels. Updated for British Computer Society, Deutsche Bank, Oxford University, and University of Southern Denmark.
Honeypots and honeynets are used to study cyber attacks. A honeypot is a computer system set up to attract cyber attacks so threats can be observed and analyzed. A honeynet contains multiple honeypots and allows attacks on an entire network to be monitored. Deploying honeypots provides benefits like risk mitigation, intrusion detection, and research opportunities to study attacker techniques. However, honeypots also have downsides like limited visibility and potential additional security risks if compromised.
The document provides an overview of smart grids and discusses some of the key challenges in implementing smart grid technologies. It begins with definitions of traditional grids and smart grids. Some key differences noted are that smart grids incorporate two-way communication, distributed generation, sensors throughout the system, and self-monitoring and self-healing capabilities. The document then discusses challenges such as lack of awareness of smart grid standards, integrating various communication technologies, and ensuring security in an increasingly networked system. Overall the document provides background on smart grids and highlights both technological aspects and challenges in transitioning energy infrastructure.
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
The document discusses global cyber threats, including threats from hackers, hacktivists, organized crime groups, foreign governments like China, and cyber terrorists. It notes that thousands of systems are compromised daily, national critical assets and global economic stability are at risk, and the internet's root servers face daily attacks. The threats have grown due to increasing dependencies on technology and connectivity.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
This document is a report on managing cybersecurity threats to the smart grid. It was prepared by four Master of Public Administration students for Iberdrola USA as part of their capstone project. The report provides an overview of smart grid technology, cybersecurity threats to electric utilities, and efforts by utilities and government to prevent and mitigate those threats. It is based on a literature review and interviews with smart grid cybersecurity experts. Appendices include proposed training materials on cybersecurity for electric utility lineworkers.
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
Bulletin
of the
Atomic
Scientists
IT IS 5 MINUTES TO MIDNIGHT
®
Feature
Eyes wide shut: The growing
threat of cyber attacks on
industrial control systems
Joel F. Brenner
Abstract
When industrial control systems are connected to the Internet, they can be vulnerable to cyber attacks. At risk
are energy sources and electric grids, water and sewer systems, manufacturing, banks, transportation and
communication networks, and other systems that may be targeted by hackers, terrorists, or enemy states
seeking to wreak economic havoc. Despite a series of well-publicized cyber attacks in recent years, few
companies have taken the steps necessary to isolate industrial control systems and sensitive information,
and to limit the damage an attack can inflict. Security is not just a matter of dealing with technical issues, which
are fairly straightforward and tactical. The strategic issue is governance: coordinating the efforts of various
departments to ensure that information technology works together with physical security, legal counsel,
human resources, and operations management.
Keywords
cyber attack, cyber security, denial of service, industrial control systems, Maroochy Shire, RasGas, Saudi
Aramco, Stuxnet
T
hirteen years ago, a disgruntled
sewer system operator in Maroochy
Shire, Australia, filled his car with a
laptop and radio equipment apparently
stolen from his employer and drove
around giving radio commands to the
pumps and valves that controlled the
local sewers. Pumping stations went hay-
wire. Raw sewage poured into local
waterways. Creek water turned black,
fish died, and the stench was appalling
(Brenner, 2011). This was an early warning
of the danger inherent in connecting
industrial control systems to the Internet,
but Maroochy Shire was far away, and
very few people were paying attention.
Nasty things that start on the other
side of the world have a way of ending
up on oneÕs own doorstep, however, and
the vulnerability to electronic mayhem of
control systems that run railway switches,
air traffic control systems, manufacturing,
financial systems, and electric grids is
now an endemic condition. In Brazil, a
cyber attack in 2007 plunged more than
three million people into total darkness
and knocked the worldÕs largest iron
ore producer offline, costing that one
Bulletin of the Atomic Scientists
69(5) 15–20
! The Author(s) 2013
Reprints and permissions:
sagepub.co.uk/journalsPermissions.nav
DOI: 10.1177/0096340213501372
http://thebulletin.sagepub.com
company alone about $7 million (CBS
News, 2009).1
The worldÕs superpower is not invin-
cible either. Today the North American
electric grid is being attacked fer-
ociously and oftenÑsometimes by intru-
ders so skillful that government help is
needed to fend them off. Municipal water
and sewer systems are also vulnerable.
Even the US military recently warned
that it canÕt guarantee its own operations
under a sophisticated cyber attack, and
that US allies are in the same posit ...
The document discusses studying electrical engineering and how it benefits humanity. It describes how electrical engineering has enabled modern technologies like computers, robotics, medical devices, and the internet. It also discusses how electrical engineers brought electricity to homes worldwide, dramatically improving people's lives by enabling appliances, lighting, and more. Overall, the document argues that electrical engineering has positively impacted humanity by developing technologies that have simplified and improved lives.
The document discusses the concept of a smart grid and its key components. It notes that power disturbances currently cost $25-188 billion per year and the 2003 Northeast blackout alone resulted in $6 billion in losses. A smart grid would have advanced sensing and measurement technologies like smart meters, phasor measurement units, and distributed weather sensors to improve reliability. It would also feature integrated communications, advanced energy storage, and control methods that allow for more decentralized energy generation and fault isolation. The smart grid aims to create a more intelligent, interactive electricity infrastructure.
This document discusses different approaches to regulating cybersecurity in critical infrastructure providers like electricity transmission companies. It compares "rules-based" regulations, where the policymaker dictates specific security requirements, to "risk-based" regulations, where companies assess their own risks and determine security measures. The document presents an economic model analyzing the tradeoffs of these approaches. It finds that the optimal approach depends on incentives - rules may be better in some contexts, while risk-based approaches work better in others. A balanced, nuanced policy is needed that considers different industry conditions.
This document discusses cybersecurity as an economic issue in internet governance. It begins by introducing cybersecurity as a major concern for governments, users, and businesses due to increasing cyber threats, attacks, and financial losses. It then outlines types of cybersecurity issues like data interception, hacking, and identifies individuals, companies, governments, and the military as targets. Specific cybersecurity stats for Canada are provided that show high internet and computer usage as well as impacts of cyber attacks on businesses. The challenges of securing networks and data to support innovation and the digital economy are discussed. Metrics on the scale and global costs of consumer cybercrime are reviewed from a Norton cybersecurity report. The document concludes with resources for continuing cybersecurity learning.
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
The document summarizes challenges facing different stakeholders in securing the smart grid:
- Utilities face rapid deployment, funding shortfalls, technical challenges explaining security, and sophisticated attacks exploiting systems.
- Regulators have inconsistent standards and gaps between policies, creating confusion.
- Equipment manufacturers consider security important but frameworks are not always implemented, leaving systems vulnerable.
Coordinated efforts are needed between utilities, regulators, and manufacturers to address gaps and build a secure smart grid.
2012 Reenergize the Americas 6A: Mike CoopReenergize
This document discusses energy security and microgrids for utilities, communities, and the military. It notes that the Department of Defense is a major consumer of energy, using around 117 billion barrels of oil annually. Various legislation and mandates aim to increase the DoD's use of renewable energy to 25% by 2025. Microgrids and a smarter electric grid can help the DoD meet these renewable energy targets while also improving energy security at military installations. The document cautions that increased connectivity in complex energy systems may introduce new security risks that require approaches like critical infrastructure protection.
ELECTRONICS INDUSTRY STUDY REPORT - Semiconductors and Defense ElectronicsSVCAVET
WHERE Globalization started:
National Defense University, The Industrial College of the Armed Forces, Washington, DC, 20319
ABSTRACT: The commercial semiconductor industry is characterized by fierce competition, large fluctuations in demand, increasing performance, and falling prices. Defense electronics has become a miniscule part of the semiconductor industry (less than 1%), but is essential to national security. However, U.S. commercial and defense semiconductor production is losing ground. The industry faces a number of challenges, including: rising capital costs, rapidly evolving technology, future workforce shortages, increasing offshore design and production, infringement of intellectual property rights, and ineffective export controls that hinder U.S. global competitiveness.
++ Globalization and the rise of the Asia-Pacific region
CONCLUSIONS:
The semiconductor industry and the defense electronics industry are inextricably linked. Every new weapons system in production will rely on semiconductors as its core component. A healthy, robust, and leading edge semiconductor industry is essential for defense needs and indeed for all elements of national security. Several broad conclusions can be drawn from our study.
• There is growing concern regarding the offshore flight of intellectual capital and semiconductor production facilities. Some argue that the ability of the U.S. to maintain access to cutting-edge technology will be adversely affected. The decline of technical talent among U.S. students contributes to these concerns.
Raoul Chiesa Hacking A Impianti IndustrialiGoWireless
This document discusses security issues related to industrial automation and critical infrastructure. It begins with an introduction of the speaker and their background working in these environments. Several examples of past security incidents are described, such as the Whatcom Falls Park pipeline rupture caused by a SCADA system failure. Technical attacks against these systems are similar to traditional IT attacks like password guessing or exploits. However, the consequences of failures or attacks can be far more severe given the life-critical systems involved. In conclusion, the history and perspectives of industrial automation security differ significantly from traditional IT/ICT security, and standards exist but must be followed carefully given the risks.
The document discusses and compares the existing U.S. power grid and the future "smart grid". The existing grid is highly decentralized with no central control, but relies on aging infrastructure. While it is resilient to outages and attacks, increasing demand will require upgrades. The smart grid will use more advanced monitoring through computer networks, allowing utilities and consumers to reduce usage. While this poses security challenges, experts believe the benefits outweigh the risks, and political support is growing for standards to secure critical infrastructure.
Presentation to OECD project group on Global Risk. Expanded version presented to British Computer Society, Deutsche Bank and University of Southern Denmark.
Cyber(in)security: systemic risks and responsesblogzilla
Presented at National Security 2008 in Brussels. Updated for British Computer Society, Deutsche Bank, Oxford University, and University of Southern Denmark.
Honeypots and honeynets are used to study cyber attacks. A honeypot is a computer system set up to attract cyber attacks so threats can be observed and analyzed. A honeynet contains multiple honeypots and allows attacks on an entire network to be monitored. Deploying honeypots provides benefits like risk mitigation, intrusion detection, and research opportunities to study attacker techniques. However, honeypots also have downsides like limited visibility and potential additional security risks if compromised.
The document provides an overview of smart grids and discusses some of the key challenges in implementing smart grid technologies. It begins with definitions of traditional grids and smart grids. Some key differences noted are that smart grids incorporate two-way communication, distributed generation, sensors throughout the system, and self-monitoring and self-healing capabilities. The document then discusses challenges such as lack of awareness of smart grid standards, integrating various communication technologies, and ensuring security in an increasingly networked system. Overall the document provides background on smart grids and highlights both technological aspects and challenges in transitioning energy infrastructure.
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
The document discusses global cyber threats, including threats from hackers, hacktivists, organized crime groups, foreign governments like China, and cyber terrorists. It notes that thousands of systems are compromised daily, national critical assets and global economic stability are at risk, and the internet's root servers face daily attacks. The threats have grown due to increasing dependencies on technology and connectivity.
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
Lesson on "Security in large, Strategic and Complex Systems" at the "Master di II Livello" in "Homeland Security" -
Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
This document is a report on managing cybersecurity threats to the smart grid. It was prepared by four Master of Public Administration students for Iberdrola USA as part of their capstone project. The report provides an overview of smart grid technology, cybersecurity threats to electric utilities, and efforts by utilities and government to prevent and mitigate those threats. It is based on a literature review and interviews with smart grid cybersecurity experts. Appendices include proposed training materials on cybersecurity for electric utility lineworkers.
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
Bulletin
of the
Atomic
Scientists
IT IS 5 MINUTES TO MIDNIGHT
®
Feature
Eyes wide shut: The growing
threat of cyber attacks on
industrial control systems
Joel F. Brenner
Abstract
When industrial control systems are connected to the Internet, they can be vulnerable to cyber attacks. At risk
are energy sources and electric grids, water and sewer systems, manufacturing, banks, transportation and
communication networks, and other systems that may be targeted by hackers, terrorists, or enemy states
seeking to wreak economic havoc. Despite a series of well-publicized cyber attacks in recent years, few
companies have taken the steps necessary to isolate industrial control systems and sensitive information,
and to limit the damage an attack can inflict. Security is not just a matter of dealing with technical issues, which
are fairly straightforward and tactical. The strategic issue is governance: coordinating the efforts of various
departments to ensure that information technology works together with physical security, legal counsel,
human resources, and operations management.
Keywords
cyber attack, cyber security, denial of service, industrial control systems, Maroochy Shire, RasGas, Saudi
Aramco, Stuxnet
T
hirteen years ago, a disgruntled
sewer system operator in Maroochy
Shire, Australia, filled his car with a
laptop and radio equipment apparently
stolen from his employer and drove
around giving radio commands to the
pumps and valves that controlled the
local sewers. Pumping stations went hay-
wire. Raw sewage poured into local
waterways. Creek water turned black,
fish died, and the stench was appalling
(Brenner, 2011). This was an early warning
of the danger inherent in connecting
industrial control systems to the Internet,
but Maroochy Shire was far away, and
very few people were paying attention.
Nasty things that start on the other
side of the world have a way of ending
up on oneÕs own doorstep, however, and
the vulnerability to electronic mayhem of
control systems that run railway switches,
air traffic control systems, manufacturing,
financial systems, and electric grids is
now an endemic condition. In Brazil, a
cyber attack in 2007 plunged more than
three million people into total darkness
and knocked the worldÕs largest iron
ore producer offline, costing that one
Bulletin of the Atomic Scientists
69(5) 15–20
! The Author(s) 2013
Reprints and permissions:
sagepub.co.uk/journalsPermissions.nav
DOI: 10.1177/0096340213501372
http://thebulletin.sagepub.com
company alone about $7 million (CBS
News, 2009).1
The worldÕs superpower is not invin-
cible either. Today the North American
electric grid is being attacked fer-
ociously and oftenÑsometimes by intru-
ders so skillful that government help is
needed to fend them off. Municipal water
and sewer systems are also vulnerable.
Even the US military recently warned
that it canÕt guarantee its own operations
under a sophisticated cyber attack, and
that US allies are in the same posit ...
The document discusses studying electrical engineering and how it benefits humanity. It describes how electrical engineering has enabled modern technologies like computers, robotics, medical devices, and the internet. It also discusses how electrical engineers brought electricity to homes worldwide, dramatically improving people's lives by enabling appliances, lighting, and more. Overall, the document argues that electrical engineering has positively impacted humanity by developing technologies that have simplified and improved lives.
The document discusses the concept of a smart grid and its key components. It notes that power disturbances currently cost $25-188 billion per year and the 2003 Northeast blackout alone resulted in $6 billion in losses. A smart grid would have advanced sensing and measurement technologies like smart meters, phasor measurement units, and distributed weather sensors to improve reliability. It would also feature integrated communications, advanced energy storage, and control methods that allow for more decentralized energy generation and fault isolation. The smart grid aims to create a more intelligent, interactive electricity infrastructure.
This document discusses different approaches to regulating cybersecurity in critical infrastructure providers like electricity transmission companies. It compares "rules-based" regulations, where the policymaker dictates specific security requirements, to "risk-based" regulations, where companies assess their own risks and determine security measures. The document presents an economic model analyzing the tradeoffs of these approaches. It finds that the optimal approach depends on incentives - rules may be better in some contexts, while risk-based approaches work better in others. A balanced, nuanced policy is needed that considers different industry conditions.
This document discusses cybersecurity as an economic issue in internet governance. It begins by introducing cybersecurity as a major concern for governments, users, and businesses due to increasing cyber threats, attacks, and financial losses. It then outlines types of cybersecurity issues like data interception, hacking, and identifies individuals, companies, governments, and the military as targets. Specific cybersecurity stats for Canada are provided that show high internet and computer usage as well as impacts of cyber attacks on businesses. The challenges of securing networks and data to support innovation and the digital economy are discussed. Metrics on the scale and global costs of consumer cybercrime are reviewed from a Norton cybersecurity report. The document concludes with resources for continuing cybersecurity learning.
1. Transmission Security:
“The Likelihood of Hidden Failures”
IRP Presentation
September 20, 2011, PM
Joel N. Gordes, President
Environmental Energy Solutions
gordesj@comcast.net
“Dedicated to Executing Ideas, Not Killing Them!”
2. It’s Ten Years After 9/11
What Have We Learned?
“We believe the 9/11
attacks revealed four kinds
of failures; in imagination,
policy, capabilities, and
management.” p.-339
The 9/11 Commission Report
Final Report of the National Commission on Terrorist
Attacks Upon the United States
Thomas H. Kean, Chair
Lee H. Hamilton, Vice-Chair
July 22, 2004
2
3. It May Take More than Duct Tape & Plastic
Paul West of Winchester, CT
3
4. What I Would Like to Convey
Electricity is Essential to All Other Infrastructure
The Grid is a Complex System Subject to Stress
The Grid Is Vulnerable to Natural Hazards
The Grid Is Vulnerable to Physical & Cyber Attacks
What Is and Is Not “Distributed Generation” (DG)
“Decentralization” Vs. DG: How It May Be Helpful
What is The Smart Grid and It’s Challenges
5. We Began With “MicroGrids”
“…microgrids are power systems in which generation
elements are co-located with loads, regardless of the
aggregated generation capacity or the grid interconnection."
Z. Ye, R. Walling, N. Miller, P. Du, K. Nelson.
Facility Microgrids. NREL. May 2005.
5
6. BUT Early “Microgrids” Had Some Major Drawbacks
And Gave Way to Centralized Monopolies
Hint: It Wasn’t JUST the Wires
Prof. Richard F. Hirsh, Technology and Transformation in the American Electric
Utility Industry (Cambridge University Press, 1989)
7. The Regulated Monopoly Resulted In
Larger, more efficient generators
More remote locations for generators
Need for transmission
Lower cost for consumers=“Freedom”
Industrial growth of goods and services
Greater profits for utilities
Obvious and hidden vulnerabilities due to
transmission that sets the grid architecture
8. On Security
“Security has always been a priority for the
electricity sector in North America;
however, it is a greater priority now than
ever before.”
U.S.-Canada Power System Outage Task Force
August 14th Blackout: Causes and Recommendations
Chapter 9, Physical and Cyber Security Aspects of the Blackout
p. 133
It is Implied There Is Some Disagreement on This Point
See EPRI on Slides 50 and 59
9. So, What Are the Energy Security Threats?
As Opposed to RAM, Sufficiency, etc.?
Fuel supply interruption/cost escalation
Physical security of generation, transmission, distribution , SCADA
Foreign dependency via disruption of globalized supply chains for
critical grid components (e.g. GSUs) and minerals used in component
manufacturing processes
Cyberthreats including distributed denial of service, hacking,
electromagnetic pulse, embedded codes in foreign sourced components
and weaknesses in SCADA/IPC
A combined or "blended" combination of the aforementioned threats
Other threats and considerations including “unintended consequences”
9
13. Grid Congestion Has Been a National Problem
“Americans' demand for electricity is
growing at almost two percent per year.
But our power grid is expanding at only
half that rate.”
The Current Recession Has Provided Some Respite
From the High Growth Rates But Growth In Many
Electronic Technologies Will Further Stress the Grid
Charlotte Legates, Energy.com, March 2, 1999
14. Congestion Can be Costly in a Digital Society
Industry Average Downtime $
Cellular Communications $41,000 per hour
Airline Reservations $90,000 per hour
Credit Card Operations $2,580,000 per hour
Brokerage Operations $6,480,000 per hour
Average Small Business $7,500 per day
15. National Academies Report
on Countering Terrorism
"A direct way to address vulnerable transmission
bottlenecks and make the grid more robust is to build
additional transmission capacity, but there are
indications that redundancy has a dark side...
The likelihood of hidden failures in any large-
scale system increases as the number of
components increases.”
Making the Nation Safer: The Role of Science and Technology in
Countering Terrorism. National Academy Press. p.302. June 2002.
16. The Grid is Vulnerable
Early (2-20-83) Actual Vulnerability Signs
“Insurance Capitol of the World”--(Crow-1, Hartford-0)
17. The Grid is Still Vulnerable
25 Years Later, Son of Crow Strikes!
“Insurance Capitol of the World”--(Crow-2, Hartford-0)
18. Be it Congestion, Natural Disaster or Terror
the Results Can Be Similar
$1.2 Billion Losses US and Canada-1998
21. Cyberattacks: Not by Nature Alone
Electric Grid Vulnerability is Modern Society’s Soft Underbelly
Modern societies are composed of
four critical, highly interrelated,
and symbiotic infrastructures upon
which their national and personal
survival depends: The power grid
is the foundation of it all.
Winn Schwartau, Information Warfare, Electronic Civil
Defense, Thunders Mouth Press, New York, 1996. p. 43.
22. National Academies Report
Making the Nation Safer: The Role of Science and Technology in
Countering Terrorism. National Academy Press. June 2002.
23. Sheikh Omar Bakri Muhammad
bin Laden Associate
"In a matter of time you will see attacks on the stock market…I
would not be surprised if tomorrow I hear of a big
economic collapse because of somebody attacking the
main technical systems in big companies….
ComputerWorld.com
Nov 18, 2002.
25. It Would Be Hubris to Think
the Electric Grid Could Not Be Compromised
Lockheed Martin CIA
Google ADP
Citigroup MSNBC
Sony IMF
Pentagon ExxonMobile
25
26. The Centralized Power Industry is a Prime Target
"In a single-superpower world, there's a single best
target…You're the best face of that best target…Your
corporations [power companies] are the best target
set.”-Lt. Col. Wm. Flynt, US Army
Matthew L. Wald. Electric Power System Is Called Vulnerable, and Vigilance Is
Sought. New York Times. Feb 28. 2002.
27. Bill Flynt, Ph.D. at ICATHS on 9/25/03
His Red Team was able to
take a police officer with
basic computer skills and
trained him to shut down a
regional-sized area within 9
minutes and 40 seconds.
28. Bill Flynt, Ph.D. on 9/25/03 at ICATHS
• [It is] “trivial to achieve significant consequences”
• Looked at inflicting a multi-state, 168 hour event
• Potentially 1 year to 18 months until fully repaired
• “effects cascade and cross infrastructural
boundaries”
29.
30. Aurora Project Destroyed a Generator Via Hacking a
Test “Grid” at Idaho National Labs in 2007
Courtesy of CNN http://www.youtube.com/watch?v=rTkXgqK1l9A
31. The Threat Could Reside Anywhere
BUT Attribution Questions Limit Retaliation
32. Forms of CyberWar #2
Electromagnetic Pulse (EMP)
Uses a Nuclear Device or Low Tech FCG
Low Probability/High Risk BUT…
Essentially You Are Back to the Stone Age
39. Characteristics of a Decentralized System
1) Redundant & Modular
Operate in Isolated Modes
Located Close to End Users- 2) Many Small Units
Supply/Distribution
User Controllability
Storage Buffers Failure 3) Diverse &
Dispersed
Based upon Lovins, Amory B. and Lovins, L. Hunter, Brittle Power, Energy
Strategy for National Security, 1982. P. 218
40. Distributed Resources
Distributed resources include conservation and load
management with modular electric generation and/or
storage located near the point of use either on the
demand or supply side. DR includes fuel-diverse fossil
and renewable energy generation and can either be grid-
connected or operate independently. Distributed
resources typically range from under a kilowatt up to 50
MW. In conjunction with traditional grid power, DR is
capable of high reliability (99.9999%) and high power
quality required by a digital society
Composite definition of US DOE(2), EPRI(2), CEC(1), AGA(1)
41.
42. First Things First! Building a C&LM Powerplant
PA 07-242 Secs. 51-52 Await Implementation
CT Energy Efficiency Brd
43. Then Go To High Value, “Killer Apps”
“The power failure created traffic jams on Connecticut
highways. On the Merritt Parkway cars ran out of gas
because power had shut service stations.”
-Hartford Courant 8/15/03
45. High Value Applications are Everywhere
You Just Have to Think About the Circumstances
“Businesses shut down early, held hostage by
electronic cash registers.” Hartford Courant 8/15/03
46. Even Small Amounts of Electricity Available In
a Timely Manner Can Be Life Savers
47. …and Nine Years Later
Johnson Memorial Medical Center’s Power, Coming
from two CL&P Power Feeds, Failed As Did Back-up
50. EPRI’s Framework for the Future
A portfolio of innovative technologies…. can
comprehensively resolve the vulnerability of
today's power supply …These "smart
technologies" will also open the door to fully
integrating distributed resources and central
station power into a single network, in a
manner than can reduce system
vulnerability rather than add to it-as is
typically the case today…
Electricity Sector Framework For The Future, Volume I,
Achieving A 21st Century Transformation.
Electric Power Research Institute. August 6, 2003. p. 31.
51. Enter the Smart Grid With Claims
Improved reliability, security and efficiency through
digital control
Optimization of grid operation & Self Healing
Easier interconnection of distributed resources and
smart appliances
Control of demand response down to the consumer
appliance level
ISO-NE. Overview of the Smart Grid Policies, Initiatives, and Needs.
February 17, 2009. pp. 2-3. Also L. Kiesling A Smart Grid is a Transactive
Grid, Part 2 of 5 parts, March 3, 2009.. 51
52. Smart Grid (con’t.)
Provision for storage technology including plug-in
hybrid vehicles
Real time information on electric pricing for
transactive procurement
Requires standards/security for communications and
interoperability
Requires overcoming barriers to adoption of Smart
Grid technologies
ISO-NE. Overview of the Smart Grid Policies, Initiatives, and Needs.
February 17, 2009. pp. 2-3. Also L. Kiesling A Smart Grid is a Transactive
Grid, Part 2 of 5 parts, March 3, 2009.. 52
54. A Shoe Company Can Do It!
Enter the Bionic “Smart” Shoe
"Each second, a sensor in the heel can take up to 20,000
readings... directing a tiny electric motor to change the shoe."
Michael Marriott, New York Times. "The Bionic Running
Shoe," May 6, 2004.
55. ISO-NE. Overview of the Smart Grid Policies, Initiatives,
and Needs. February 17, 2009.
56. ISO-NE. Overview of the Smart Grid Policies, Initiatives,
and Needs. February 17, 2009.
57. ISO-NE. Overview of the Smart Grid Policies, Initiatives,
and Needs. February 17, 2009.
58. EPRI Studies Pinpoints the Problem
Lack of technical innovation strongly reflects the state
of uncertainty in the electricity sector. Technology
decisions are largely driven by the management of
existing assets... Capital expenditures as a percent of
revenue are at an all-time low... There is little
incentive for introducing new technology…
Who Sets Utility Rates of Return/Incentives Anyhow?
Electricity Sector Framework For The Future, Volume I,
Achieving A 21st Century Transformation.
Electric Power Research Institute. August 6, 2003. p. 31
59. Solutions?--Show Me Them the Money!
“Improved security from distributed generation
should be credited when planning the future of
the grid….Recovery of the invested funds
through rate mechanisms or in some part
through homeland security funding must be
examined."
Security As A Positive Externality?
Making the Nation Safer The Role of Science and Technology in
Countering Terrorism, National Academy Press, p.192.
60. The Electric Power Research Institute
(EPRI) Concurs
Protecting the nation’s power infrastructure
has a strong public-good dimension, and a
robust federal “homeland security” incentive
will be needed from the outset. Investments
made for such essential infrastructure security
must be immediately and fully recoverable.
Electricity Sector Framework for The Future, Volume I, Achieving A 21st Century
Transformation. Electric Power Research Institute. August 6, 2003. p. 7.
61. Short & Long-Term Recommendations
Maximize Energy Efficiency per PA 07-242 Secs. 51-52
Plan Energy Resiliency into High Value Applications
Provide Rate of Return for Utility Resiliency Actions
Use Decoupling, Other Mechanisms
Incentives for DG, CHP to Utility & Private Sector
Implement a Plan Incrementally But With Annual Targets
Minimize Transmission Projects and Investments
Apply for DHS and Other Federal Funding
Make Insurers Partners to Reduce Their Losses and
Contribute Their Expertise –and Funding
62. Dilbert by Scott Adams
Questions?
Joel N. Gordes
Environmental Energy Solutions
(860) 561-0566
gordesj@comcast.net
TerraChoice Environmental
Marketing.
63. There Were Some Early Warnings
But, of Course, These Were Ignored
64. Even Pearl Harbor Was No “Surprise”Except for
Those Caught in Cultural Lags
(“We Always Prepare for the Last War”)
General Billy Mitchell
U.S. Assistant Chief of Air Services
October 24, 1924
“…I am convinced that the growing airpower of
Japan will be the decisive element in the mastery of
the Pacific…Air operations for the destruction of
Pearl Harbor will be undertaken…The attack to be
made on Ford Island at 7:30 a.m… The Philippines
would be attacked in a similar manner…The initial
successes would probably be with the Japanese.”
April 1926
He proved to be a visionary when in 1926…fifteen years before WWII, he said:
“A surprise aerial attack on Pearl Harbor will take place while Japanese
negotiators talk peace with the U.S. officials, moreover the attack will come on
a Sunday Morning.”
64
65. Other threats and considerations including “unintended consequences”
Whas’ that mean?
"The outage appears to be related to a procedure an APS employee was
carrying out in the North Gila substation," ... "Operating and protection
protocols typically would have isolated the resulting outage to the Yuma area.
The reason that did not occur in this case will be the focal point of the
investigation into the event, which already is underway."
66. Other threats and considerations including “unintended
consequences” – Whas’ that mean?
"This was not a deliberate act. The employee was just switching out a piece
of equipment that was problematic,“…It's possible that extreme heat in the
region also may have caused some problems with the transmission lines…