Synchronicity is the experience of two or more events which are causally unrelated occurring together in a supposedly meaningful manner. In order to count as synchronicity, the events should be unlikely to occur together by chance.Today I had a very unique experience of this, and it revolved around security and our national electrical power infrastructure (the Grid). In as much as I am more a believer in Chaos theory than synchronicity, I have come to the conclusion that this is likely because there are many lesser known events, trends, and developments, that are bringing this issue to my attention, and they deserve some cycles.
I was about to hop on a webinar, when my friend and colleague Andy Bochman (author of popular blogs on energy policy in the DoD and on alternative energy for the Discovery channel ) sent me a recent article looking for my thoughts on its impacts. The article was about a January 2008 speech given by CIA Analyst Tom Donahue at the SANS 2008 Scada Summit in New Orleans. Mr. Donahue revealed that the CIA was aware of cyber attacks which had taken out power in multiple non-US cities. His revelation and the furor which followed it faded from view pretty quickly, from what I could find online, so I gave it a quick browse, set my bookmark for later, and started up the webinar, entitled "Top 10 Security Breaches" by Davi Ottenheimer at ArcSight. Within 30 minutes, Davi was reporting that his number 2 attack in the top ten was this same quote from Mr. Donahue, and its implicaitons.
This was enough for me, time to power up.
For those of you who aren't aware of it, there is a vast array of technology that supports our electrical power system, from generation through distribution and metering. It is a phenomenal example of "just-in-time" delivery, as electricity must be consumed at basically the same moment that it is generated. The scale of these systems is massive, with currently over 300,000 miles of wires, and more than 1,000,000 Megawatts of generating capacity. It is like an orchestra, with that capacity being delivered through over 9,200 entities, all working in concert to minimize any shortages (brown-outs) or outages (black-outs) to the tune of 99.97% availability.
We rely so totally on our electrical distribution system, that any disruption plays havoc with our core industries. According to the Department of Energy, these costs are monumental. A single hour of outage in that hit the Chicago Board of Trade resulted in $20,000,000,000,000 (yup trillion) in delayed trades, and the blackout we experienced here in the Northeast in 2003 resulted in a $6,000,000,000 (billion) economic loss.
The security of these systems was once much more easily managed and understood by those practiced in that market. SCADA (Supervisory Control and Data Acquisition) systems offered management and insight to simplify the tasks of regulating power generation, and automated responses to various critical and near critical conditions. Typically run on isolated networks, and operated more like manufacturing systems than network-based control platforms, the SCADA systems were suddenly brought much closer to the world by pervasive internetworking. New devices, from internet-enabled switches to PDA-based system control software increased flexibility and responsiveness, but have created and broadened the threat surface to include many parties external to the actual power generation facility.
It is this capacity to connect and control that makes non-SCADA, more traditional security, a concern in the space. It was what popped out to me from Mr. Donahue's comments, that:
"We do not know who executed these attacks or why, but all involved intrusions through the Internet."
This encroaching vulnerability was identified very early in the critical infrastructure/cybersecurity lifespan. As early as 2002, and maturing into guidance issued in 2006, and 2008, the North American Electric Reliability Corporation ( NERC) was issuing guidance, including an assessment of cyber assets.
All of this is important, and a definite work in process. There are extremely capable SCADA professionals, and many of them are contributing to efforts to better secure those systems. Good examples of this work exist at the DOE's Sandia Labs, which sponsored a forum on the topic of cyber attacks on control systems this past June. This information is going to help to standardize and raise awareness of preventative techniques and coming threats. But this is mainly about creating or solidifying protection against the existing, almost 100-year old, power system.
What I am learning more about, and what I look forward to discussing, is the next (r)evolutionary move in our electrical energy infrastructure, the Smart Grid. Incorporating the power and pervasiveness of the existing grid, with the user interactivity of the Internet, and the configurability of a cloud-computing service, the list of opportunities and challenges is too good to ignore.
Integrating existing networking models and architectures with something as fundamentally required as power will be one of the most basic tests that security can be put through. Can technology be used to maximize the benefit and effectiveness of a core infrastructure service, to protect our industries and our homes, while improving our performance, efficiency, and energy conservation? This is a test worth passing.
There could be no better investment in America than to invest in America becoming energy independent! We need to utilize everything in out power to reduce our dependence on foreign oil including using our own natural resources. Create cheap clean energy, new badly needed green jobs and reduce our dependence on foreign oil.The high cost of fuel this past year seriously damaged our economy and society. The cost of fuel effects every facet of consumer goods from production to shipping costs. After a brief reprieve gas is inching back up.OPEC will continue to cut production until they achieve their desired 80-100. per barrel.If all gasoline cars, trucks, and SUV's instead had plug-in electric drive trains the amount of electricity needed to replace gasoline is about equal to the estimated wind energy potential of the state of North Dakota.We have so much available to us such as wind and solar. Let's spend some of those bail out billions and get busy harnessing this energy. Create cheap clean energy, badly needed new jobs and reduce our dependence on foreign oil. What a win-win situation that would be for our nation at large! There is a really good new book out by Jeff Wilson called The Manhattan Project of 2009 Energy Independence Now. http://www.themanhattanprojectof2009.com
ReplyDelete