The National Critical Infrastructure is growing and changing, so will this webpage!
The National Critical Infrastructure is growing and changing, so will this webpage!
"The United States was founded on the principles of self-reliance and courageous individualism. Initially, the nation was mostly an agrarian society with the majority of the population living in rural areas. With industrialization, patterns of life changed. Now most people have become city dwellers or live in urbanized areas; and nearly everyone, regardless where they live, has become dependent on electric power and electronic devices. The critical infrastructures of water, wastewater, agriculture, fuel, transportation, information technology, and healthcare have become interdependent. Electric power and communications have become the foundations for each of the other critical infrastructures. The increasing dependency on these critical infrastructures has made the nation more vulnerable."[1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 9; (c) 2021 National Disaster Resilience Council of InfraGard
An Absentee rate as high as 45% could cause unexpected shutdown of critical infrastructure including disruption of critical manufacturing essential for public health. [1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 12; (c) 2021 National Disaster Resilience Council of InfraGard
A major earthquake could cause cascading grid failures. [1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 12; (c) 2021 National Disaster Resilience Council of InfraGard
Russia and China can launch a cyberattack to blackout most of the nation's electric grid and "pivot" to take down other critical infrastructure connected to electric substations. Many other nations may also be able to launch similar cyberattacks. [1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 12; (c) 2021 National Disaster Resilience Council of InfraGard
Extra-high-voltage (EHV) transformers could be damaged by rifle fire as was shown in the Metcalf transmission substation attack in California.[1] Weaponized drones dropping munitions have also emerged as a significant threat to substations and generation facilities. [2]
[1] Paul Stockton, "Resilience for Grid Security Emergencies," John
Extra-high-voltage (EHV) transformers could be damaged by rifle fire as was shown in the Metcalf transmission substation attack in California.[1] Weaponized drones dropping munitions have also emerged as a significant threat to substations and generation facilities. [2]
[1] Paul Stockton, "Resilience for Grid Security Emergencies," Johns Hopkins Applied Physics Laboratory, September 2018, p. 5.
[2] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 12; (c) 2021 National Disaster Resilience Council of InfraGard
The control, communications, and safety systems for generation, transmission , and distribution systems can be damaged by High-Power Microwave (HPM) weapons that cause a shutdown of critical points on the grid. A coordinated attack could cause cascading grid failures. [1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience,
The control, communications, and safety systems for generation, transmission , and distribution systems can be damaged by High-Power Microwave (HPM) weapons that cause a shutdown of critical points on the grid. A coordinated attack could cause cascading grid failures. [1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 12; (c) 2021 National Disaster Resilience Council of InfraGard
A massive solar storm can generate electromagnetic-induced currents over a wide area. There is a 10% - 12% probability per decade of such a superstorm occurring. [1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 12; (c) 2021 National Disaster Resilience Council of InfraGard
An HEMP attack might be conducted with a single or multiple nuclear weapons detonated at high altitude. Russia, China, Iran, and North Korea have all published plans for a nuclear EMP attack. No atmospheric re-entry system or sophisticated guidance and control system is required to create an EMP. A nuclear weapon could be delivered by
An HEMP attack might be conducted with a single or multiple nuclear weapons detonated at high altitude. Russia, China, Iran, and North Korea have all published plans for a nuclear EMP attack. No atmospheric re-entry system or sophisticated guidance and control system is required to create an EMP. A nuclear weapon could be delivered by a satellite, long- or short-range missiles, (or) hypersonic vehicles. [1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 12; (c) 2021 National Disaster Resilience Council of InfraGard
Adversaries do not limit themselves to one attack at a time. They may launch a combination of attacks to distract defenders before causing significant damage. Unlike Cold War scenarios in which EMP was used only as a precursor to follow-on ground attacks, today EMP may be exploited as the primary attack mechanism to disable critical pow
Adversaries do not limit themselves to one attack at a time. They may launch a combination of attacks to distract defenders before causing significant damage. Unlike Cold War scenarios in which EMP was used only as a precursor to follow-on ground attacks, today EMP may be exploited as the primary attack mechanism to disable critical power and communication infrastructures. [1]
[1] POWERING THROUGH: Building Critical Infrastructure Resilience, pages 12; (c) 2021 National Disaster Resilience Council of InfraGard
There are other dangers to our Nation today that could create varying amounts of EMP with a corresponding effect on our Nation's grid. Key among these is a Nuclear strike.
In a global pandemic, studies have shown that the United States could lose much of its workforce to illness, with employees staying home due to fear of contracting the disease or to care for others. This could cause cascading shortages and critical infrastructure systems would be affected along with businesses across the country. It is estimated that in a severe pandemic, between 15 to 45% of staff would be absent from work. [1] We should anticipate that, with global air transport and close proximity seating, global tourism, and global migration patterns, a pandemic can spread far more rapidly than the capacity to develop and adapt vaccines. [2]
[1]“Is your Enterprise Ready for the Coming Pandemic?,” Security, https://www.securitymagazine.com/articles/89032-is-your-enterprise-ready-for-the-coming-pandemic
[2]Global Preparedness Monitoring Board, A World at Risk: Annual report on global preparedness for health emergencies, Sep. 2019, pp. 16-20, “Preparing for the worst: a rapidly spreading, lethal respiratory pathogen pandemic.”
POWERING THROUGH: Building Critical Infrastructure Resilience, pages 13-14; (c) 2021 National Disaster Resilience Council of InfraGard
A massive earth quake could take out the Western Interconnection grid. If the nation did lose the Western Interconnection, then the rest of the continental United States would need to provide aid. However, if there were a deliberate attack on the Eastern Interconnection and Texas grids during such a natural disaster, the ability to respond would be greatly diminished. Restoration would depend primarily upon resources in the blackout regions.
Another major concern is the potential for a major earthquake in the New Madrid Seismic Zone (NMSZ) in the Midwest. Affected states could include Arkansas, Tennessee, Missouri, Kentucky, and Indiana. Exercises to prepare for this contingency and to identify protective and recovery priorities have been underway for many years. There is a risk that significant portions of the Eastern Interconnection and interstate gas pipelines would be crippled, but it is also likely that mutual assistance would be feasible from more remote regions of the continental United States. [1]
[1]See the National Academies, “National Earthquake Resilience: Research, Implementation and Outreach (2011); Ch. 2, “What Is National Earthquake Resilience?” On emergency recovery contingencies, see Risk and Infrastructure Science Center, “National Electricity Emergency Response Capabilities,” Argonne National Laboratory, August 2016. https://www.energy.gov/sites/prod/files/2017/01/f34/National%20Electricity%20Emergency%20Response%20Capabilities.pdf
POWERING THROUGH: Building Critical Infrastructure Resilience, pages 14-15; (c) 2021 National Disaster Resilience Council of InfraGard
Nearly every week, there is a new headline about a business, government agency, or industrial facility falling victim to a cyberattack. Reports of massive data breaches of personal information, millions of dollars stolen from financial institutions, and businesses having their operations disrupted due to their systems being flooded by denial-of-service attacks, have become all too common in the new digital age. These attacks need to be prevented from becoming a way of life. Although the type and intensity of attacks can vary, no organization or individual is immune. Organizations of every size and type are faced with a variety of threats that range from organized cyber criminals, to hackers, terrorists, and nation states. Protecting ourselves, our families, companies, and country from these threats is the concern of the cybersecurity discipline. Cybersecurity is the practice of protecting systems, networks, and programs from cyberattacks[1] with the goal of ensuring the confidentiality, integrity, and availability of information and the systems that store, process, and transmit that information.
Ukraine is an example of a country that had to shut down its grid twice in one year as a result of a cyberattack. The threat of such an incident no longer is hypothetical. Operators of the grid need tools to detect and correct malicious threats in networks before they cause serious damage.
—Cyber Assault on Electric Grid by Constance Douris
There are a number of natural and man-made threats to computer systems. The capability and motives of cyberthreat communities vary widely. From elite, state-sponsored hacking organizations trying to steal military secrets to unskilled, petty criminals looking for an easy way to make a buck, the frequency and intensity of attacks organizations face vary greatly. The number of cyberattacks targeting U.S. government agencies[2] and other organizations has been rising steadily for more than a decade. The AV-TEST Institute registers over 250,000 new malicious programs every day.[3] The dark web is a largely hidden portion of the internet where buyers and sellers of malware and other hacking tools can do business. Organized crime operations with sophisticated business models make sophisticated tools and powerful botnets available to anyone with a cryptocurrency account. The ability to coordinate computers and devices to send millions of spam messages or launch denial-of-service attacks[4] that can take a company offline has never been easier.
The impacts from a cyberattack vary based on a variety of factors including the target/victim of the attack, the motive and capability of the threat actor, and the type and intensity of the attack.
The Stuxnet attack reportedly carried out against the Natanz nuclear facility in Iran provided an example of how a cyber weapon could be used to damage a nuclear facility. It is reported that approximately 1,000 centrifuges were damaged or destroyed after the purpose-built Stuxnet malware was introduced by a third-party contractor via Universal Serial Bus (USB) drive. Another nuclear facility in Germany was infected with two types of malware that were primarily used for information stealing and providing remote control, which did not occur due to the fact that the infected systems were not connected to the internet. Had there been destructive malware, such as ransomware, then it is quite possible that the infected systems would have become inoperable, which may have led to a worse outcome.[5]
In 2012, the Shamoon malware attack targeted several Energy sector organizations, including Saudi Aramco, the world’s largest oil company, which is located in Saudi Arabia, and RasGas of Qatar. The malware reportedly damaged or destroyed over 30,000 computers. In 2017, another attack against Saudi Armco, called TRITON, targeted the Triconex Safety Instrument System, which is used in a wide variety of potentially dangerous industrial applications by thousands of organizations around the world. It reported that, although the malware may have inadvertently caused the shutdown of an industrial process, it was discovered before it could cause significant damage.[6]
As the number of computer applications grows, so does the chance of them containing a flaw that could be exploited. Discovered software flaws (i.e., vulnerabilities) continue to rise year after year.[7] Beyond the growth of complexity in individual devices, it is not uncommon for an organization to rely on hundreds or even thousands of suppliers, some of whom may have connections into their network. Any one of these vendors could be a path for a cyberattack. Another challenge is the global shortage of cybersecurity talent. According to 2017 estimates, there will be a need for 1.5-1.8 million new positions by 2022[8],[9],[10]; and 2018 estimates assert that there will be a shortage of roughly 3.0 million new position worldwide, mainly in the Asia-Pacific region, but with a shortage of about 0.5 million needed cybersecurity personnel in North America.[11]
The U.S. National Security Strategy emphasizes cyberthreats to U.S. critical infrastructure and notes that cyber weapons “enable adversaries to attempt strategic attacks against the United States without resorting to nuclear weapons – in ways that could cripple our economy and our ability to deploy our military forces.”[12]Further, this December 2017 strategy included the need to protect against electromagnetic attack.[13]
As vendors and organizations raced to tap into the promises of internet technology, it appears that many did so without a full appreciation of the potential risks they faced. Many of the early internet/network-enabled technologies, such as industrial control systems and medical devices, lacked the necessary security measures to safeguard them against the constant barrage of cyberthreats. It has never been easier to copy and send information via a variety of physical (e.g., USB drives) and electronic means (e.g., e-mail and cloud storage services). This makes it very difficult for security practitioners to keep tabs on sensitive data and ensure it is properly safeguarded. Managing cyber risk requires priorities to be set and decisions to be made at a variety of levels in an organization, from the board down to the security analyst. This means risks must be analyzed and communicated to a variety of stakeholders so that they can make informed decisions.
The National Renewable Energy Laboratory (NREL) report, “Interconnections Seam Study” by Aaron Bloom on July 26, 2018, proposed several ways to incorporate wind and solar into the electric grid based on an analysis of where they could be of the highest production in the continental U.S.[14] Yet, both wind and solar systems have electronics and can be vulnerable to both cyber and EMP hazards.
Joe Weiss wrote on July 22, 2018,
“Renewable resources are good for the environment and reduce consumer costs, but they are not a
panacea to reducing electric grid cyber threats despite the prevailing view by many that renewable
resources can reduce the cyber threat to electric utilities. Solar panels sensors and invertors while
rows of panels had Programmable Logic Controllers (PLCs) to adjust the angle of the solar panels. The
net result is for the same megawatt output a solar facility can have significantly more Input/Output
(I/O) than a comparable fossil fuel power plant (an analogy would be monitoring each lump of coal
going into the boiler). The I/O is electronically monitored. Therefore, the generation side of the solar
facility can be significantly more cyber vulnerable than a comparable fossil plant. The switchyard
(substation) is the same for any power plant as the switchyard does not distinguish what has
generated the voltage. The transformers in the switchyard for any type of power plant can include
sensors for monitoring load tap changer positions, bushing monitors, gas analyzers, and winding
temperatures. None of these sensors are cyber secure nor are the current transformers (CTs) and
potential transformers (PTs) providing input to the transformer protection systems (process sensors
are outside scope for the NERC Critical Infrastructure Protection (CIP) standards.[15]Since the input
to the SCADA [Ed. supervisory control and data acquisition] system has no security, how can the
SCADA system be secure? This isn’t just a solar farm issue. Wind turbines often have no cyber security
and have been hacked. Controlling renewable resources is very complicated and requires advanced
control techniques that are very sensitive to the sensor input. Consequently, renewable resources are
good for the environment and reduce consumer costs, but they are not a panacea to reduce electric
grid cyber threats.”[16]
Other control systems aside from solar and wind generation share vulnerabilities when using programmable logic controllers, so renewables are not uniquely vulnerable. However, site visits by cyber and control system experts do indicate that renewable energy facilities, often designed to capture investment tax credits rather than to attain resiliency, are quite often operated without any cyber protection of communication and control systems.
The National Counterintelligence and Security Center (NCISC) report states that “next-generation technologies such as Artificial Intelligence (AI) and the Internet-of-Things (IoT) will introduce new vulnerabilities to U.S. networks for which the cybersecurity community remains largely unprepared.”[17]
On Tuesday, August 21, 2018, a Senate subcommittee met to consider cyber and other threats to the grid. Thomas A. Fanning, chairman of Southern Company, said efforts are being made to create backup electric systems that would be able to supply some power to aid in a recovery after an attack.[18]
As the National Infrastructure Advisory Council (NIAC) reported in August 2017, “the scale, scope, and frequency of cyberattacks on digital and physical infrastructure systems is growing rapidly. Threats are escalating as more sophisticated and organized attackers are designing targeted attacks to damage or disrupt vital services and critical physical systems.”[19]
[1]“What is Cybersecurity?” CISCO, https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
[2] Suman Bhattacharyya, ”Cyberattacks Against the U.S. Government Up 1,300% Since 2006,” The Fiscal Times, June 22, 2016, http://www.thefiscaltimes.com/2016/06/22/Cyberattacks-Against-U.S.-Government-1300-2006
[3]Malware, © 2019 AV-TEST – The Independent IT-Security Institute, https://www.av-test.org/en/statistics/malware/ & https://www.av-test.org/en/about-the-institute/
[4]Ryan Francis, “Hire a DDoS service to take down your enemies,” CSO, March 15, 2017, https://www.csoonline.com/article/3180246/data-protection/hire-a-ddos-service-to-take-down-your-enemies.html
[5] https://en.wikipedia.org/wiki/Stuxnet
[6]Elias Groll, “Cyberattack targets Safety System at Saudi Aramco,” FP, December 21, 2017, http://foreignpolicy.com/2017/12/21/cyber-attack-targets-safety-system-at-saudi-aramco/& http://foreignpolicy.com/2017/12/21/cyber-attack-targets-safety-system-at-saudi-aramco/
[7] Ericka Chickowski, “Vulnerabilities Broke Records Yet Again in 2017,” News, February 20, 2018, https://www.darkreading.com/vulnerabilities---threats/vulnerability-management/vulnerabilities-broke-records-yet-again-in-2017/d/d-id/1331087?
[8]Jeff Kauflin Forbes Staff, “The Fast-Growing Job With A Huge Skills Gap: Cyber Security,” Forbes, Mar 16, 2017, https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast-growing-job-with-a-huge-skills-gap-cyber-security/#854e4855163a
[9]Paul Sewers, “Global cybersecurity workforce to be short 1.8 million by 2022,” Venture Beat, June 7, 2017, https://venturebeat.com/2017/06/07/global-cybersecurity-workforce-to-be-short-by-1-8-million-personnel-by-2022-up-20-on-2015/
[10]Marc van Zadelhoff, “Cybersecurity Has a Serious Talent Shortage. Here’s How to Fix It,” Harvard Business Review, May 04, 2017, https://hbr.org/2017/05/cybersecurity-has-a-serious-talent-shortage-heres-how-to-fix-it
[11](ICS)2 [superscript] Cybersecurity Work Force Study 2018, at www.isc2.org/research
[12]“National Security Strategy of the United States of America,” December 2017, https://www.whitehouse.gov/wp-content/uploads/2017/12/NSS-Final-12-18-2017-0905.pdf, p. 27.
[13]Ibid, p. 12.
[14]Aaron Bloom, “Interconnection Seam Study,” NREL, July 26, 2018, https://www.nrel.gov/analysis/seams.html
[15]Critical Infrastructure Protection Standards, North American Electric Reliability Corporation (NERC), https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
[16]Critical Infrastructure Protection Standards, North American Electric Reliability Corporation (NERC), https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
[17]National Counterintelligence and Security Center “Foreign Economic Espionage in Cyberspace,” 2018, p. 4.
[18] https://www.judiciary.senate.gov/meetings/cyber-threats-to-our-nations-critical-infrastructure Subcommittee on Crime and Terrorism, August 21, 2018, Presiding Senator Graham, “Cyber Threats to Our Nation’s Critical Infrastructure Subcommittee Hearing.”
[19]NIAC, Securing Cyber assets: Addressing Urgent Cyber Threats to Critical Infrastructure, August 2017, p. 7. https://www.dhs.gov/sites/default/files/publications/niac-securing-cyber-assets-final-report-508.pdf
POWERING THROUGH: Building Critical Infrastructure Resilience, pages 15 - 19; (c) 2021 National Disaster Resilience Council of InfraGard
Almost all infrastructure in the United States mainland was built during times of peace and safety. The last invasion by a foreign power was in 1846, when Mexican forces invaded Brownsville, Texas. Even during World Wars I and II, the U.S. mainland was relatively safe from adversarial bombardment. Of course, Hawaii and other Pacific territories were not as fortunate. This time of peace and safety influenced critical infrastructure design. A chain-link fence around a substation was considered to be sufficient deterrence.
That perspective began to change with the Metcalf substation attack. Attackers entered communication vaults and cut fiber optic cables to disable cameras, alarms, cellphones, and landline phones. They used .30-caliber rifles to shoot holes in 17 transformers which drained out the oil, leading to equipment failure. The attack took no more than 19 minutes, and caused $15.4 million in damage.[1] “Security experts said it was a wake-up call for energy providers to think not only of cybersecurity threats to the grid, but also of old-fashion physical security of power stations.”[2] Since the Metcalf attack, utilities have been surrounding substations with visually obscuring walls and other security sensors. Unfortunately, these perimeter defenses do not address weaponized drones, which can overfly high-value facilities.
Commercially available drones were used by Islamic State of Iraq and Syria (ISIS) terrorists to drop munitions on coalition forces in the Syrian conflict. They were subsequently used in an attack on the embattled Venezuelan President Nicolas Maduro.[3] An entire industry has been developed to counter weaponized drones using various technologies. For the power industry, drones with explosives represent a significant threat to transformers and other hard-to-replace assets. The increasing drone threat may significantly change the future design of substations.
[1]NEMA Currents, BULLETPROOFING THE GRID, September 20, 2016, Petter Fiskerud.
[2]Homeland Security Newsletter, 2013 attack on Metcalf, California power grid substation committed by “an insider”: DHS, Published 19 October 2015.
[3]Defense One, Against the Drones, Ben Watson.
POWERING THROUGH: Building Critical Infrastructure Resilience, pages 19 - 20; (c) 2021 National Disaster Resilience Council of InfraGard
Radio frequency weapons (high-power microwave) have distinct tactical advantages that make them a credible threat to critical infrastructure. They use common materials such as copper and ceramics and do not use any radioactive elements or controlled chemicals that can be traced. Radio frequency weapons look a lot like radar systems. They can be assembled in delivery vans and box trucks with fiberglass side panels and can use the vehicle’s motors and capacitor banks for power. An induced current from radio frequency weapons can disable or destroy control circuits, communications, computers, lighting, and safety circuits from outside the facility perimeter (more than 1,000 yards) soundlessly. In the resulting confusion, attackers can escape and move to the next target. With dozens of pulses a second, traditional metal oxide varistor (MOV) protection is ineffective. To counter radio frequency weapon threats, electromagnetic shielding can be utilized with current switching devices (faster than 1 nanosecond) to shunt pulses to low impedance grounding grids. Fortunately, this protection is available and cost-effective for substations.
POWERING THROUGH: Building Critical Infrastructure Resilience, pages 20; (c) 2021 National Disaster Resilience Council of InfraGard
Space weather refers to the variable conditions on the sun and in space that can influence performance and reliability of space- and ground-based technological systems, endangering life and health.[1] Coronal Mass Ejections from the sun, when directed at the Earth, can create disturbances in the Earth’s magnetic field. These solar storms can produce charged geomagnetic fields which can in turn create geomagnetic-induced currents (GICs). These can flow into power lines and transformers, damaging them. GICs can also damage satellites, aircraft, and communications. In 2015, William Murtagh and Caitlin Durkovich co-chaired a team that produced the National Space Weather Strategy and the National Space Weather Action Plan, updated in March 2019.[2] The Space Weather Operations, Research, and Mitigation (SWORM) Task Force is working on plan implementation. Figure 2 depicts some of the critical infrastructures that could be damaged by a solar storm.
Figure 2: Picture from NOAA on NASA.gov Showing that Satellites, Aviation, Power, Communications Systems, and Agriculture Can Be Damaged by Solar Weather. "POWERING THROUGH: Building Critical Infrastructure Resilience, pages 21; (c) 2021 National Disaster Resilience Council of InfraGard"
The article “Satellite Navigation – Amazing Technology but Insidious Risk: Why Everyone Needs to Understand Space Weather” by Mike Hapgood, is an American Geophysical Union (AGU) Publication of April 2017. Mr. Hapgood states that the Global Navigation Satellite System (GNSS), which is best known as the Global Positioning System (GPS), is one of the technologies supporting our modern world, but it is at risk from space weather. There are delays as satellite information passes through the ionosphere that can be made worse by space weather events. Billions have been spent on correcting this issue as it is relied upon by aircraft and ships. It is of concern that a major space weather event or Geo-Magnetic Disturbance (GMD) could deny access to the GNSS. There should be a backup system for the GNSS, Mr. Hapgood asserts.
The article “Satellite Navigation & Space Weather: Understanding the Vulnerability & Building Resilience Report of a Policy Workshop” by the American Meteorological Society Policy Program (March 2011) states that the GNSS is used to control railway, traffic management, agriculture, emergency response, commercial aviation, and maritime navigation. Banking, mobile phones, and control of the power grid all depend on timing by GPS, which is one portion of the GNSS. Space weather is the largest contributor to GPS error. The American Meteorological Society Policy Program Workshop participants also recommended a backup system.
Dr. Adam Schultz of Oregon State University has been the principal scientist for the National Science Foundation Earth Scope Magnetotelluric Program to measure the electric and magnetic fields at the Earth’s surface.[4] His 3-D modeling work can help determine what areas and specific infrastructure sites within the continental United States will be most vulnerable to geomagnetic-induced currents and E3 pulses. It would be beneficial to continue to expand the United States Geological Survey Geomagnetism Program to complete magnetotelluric surveying of the entire continental U.S. (CONUS) in order to improve and validate 3-D Earth conductivity modeling, understanding the layers of the earth and space, and to improve estimations of (long-line) E3 pulse magnitude and waveforms and their spatial variations at critical infrastructure facilities. To prioritize hardware protections and feasibility of operational procedures that may be feasible with proactive warnings, 3-D models of geoelectric field variations and conductivity are essential for geomagnetic fields and both terrestrial and submarine cable hazard estimations, hazard variability, and protection priority determinations.
At the Space Weather Enterprise Forum in June 2019, Dr. Jeffrey J. Love of the U.S. Geological Survey (USGS) presented the results of a USGS team effort to assess which regions of the United States bulk electric transmission network are at greater or lesser risk of severe geomagnetic induced currents that are linked both to solar weather, and variations in the geoelectric conductivity of the Earth’s mantle. The following color-coded map of the United States (Figure 3) shows relative risks (mean voltage surges) projected over a hypothesized 100-year period for the continental U.S., with the exception of a significant southerly portion of the country presently lacking magnetotelluric survey data.
Figure 3: 100-Year Voltages on the U.S. Power Grid; "POWERING THROUGH: Building Critical Infrastructure Resilience, pages 23; (c) 2021 National Disaster Resilience Council of InfraGard"
It is recommended that a “National Framework for Space Weather Preparedness” should embrace both man-made and naturally occurring electromagnetic hazards within a common National Security and Space WeatherStrategy. Electromagnetic pulse (EMP) hazards and natural-occurring geomagnetic disturbances (GMDs) are so closely linked, both by their phenomenology and by their effects, that they should be researched, modeled, warned against, and mitigated together.
However, it is important to note that ultrafast pulses (so-called E1 pulses) are not a component of natural occurring geomagnetic storms. Also, the relatively slower HEMP E2 pulse is comparable to natural occurring lightning, for which most electric substations are already protected using metal oxide varistors (MOVs).
High geoelectric hazards from solar storms frequently induce more intense geomagnetic currents at more northerly geomagnetic latitudes, but 3-D variations in ground conductivity can also result in high equipment vulnerability at more southern geomagnetic latitudes. Conversely, for the northern hemisphere, geomagnetic currents from HEMP events are anticipated to have more intense geoelectric fields coupling with power grids at more southerly geomagnetic latitudes.[6] However, critical grid equipment at more northerly locations that experience high geomagnetically induced currents in solar storms may also be at elevated vulnerability to HEMP E-3 pulses.
When the EMP Commission Chairman’s report was drafted in fall 2017, it cited a space weather event as an example of a single point of failure for a disruptive grid outage.
“The San Francisco blackout in April 2017 was caused by the failure of a single high-voltage breaker at a substation.”[7] Because space weather research is challenging, it took more than a year for scientists to identify a relatively weak solar storm, Coronal Hole 802, on the sun. The Coronal Hole (CH) was producing, in parallel with a weak geomagnetic rate of change (about -50 nanoteslas/minute), a powerful proton stream (measured in Mega electron Volts [MeVs]) coupled to the Earth. Coronal Hole 802 came into the Earth’s view on April 19, 2017 and caused a persisting CH proton stream that impacted Earth on April 21st and in subsequent days. This relatively weak solar storm had, as it is now known, extraordinarily energetic electron coupling with the Van Allen belt.[8] So while the solar storm appeared insignificant on April 21, 2017, on that same date, a transformer fire in San Francisco’s financial district took out power to 88,000 people; two New York City subway lines lost power; and parts of Los Angeles, including the LAX airport, experienced brief grid disruptions.[9] None of these grid losses were attributed to the concurrent solar storm underway in April 2017.
The local-origin explanations for the April 2017 grid outages during an unusual solar storm with a wide trans-equatorial footprint is a reminder that unseen common-cause vulnerabilities, without proactive mitigation, can risk widespread grid losses in a severe solar storm.
[1]Bill Murtagh, presentation at the EMP SIG Dupont Summit, December 1, 2017.
[2]Executive Office of the President, National Space Weather Strategy and Action Plan, March 2019. https://www.whitehouse.gov/wp-content/uploads/2019/03/National-Space-Weather-Strategy-and-Action-Plan-2019.pdf
[3] https://www.nasa.gov/images/content/525001main_FAQ13-orig_full.jpg
[4]Dr. Adam Schultz, “Electric fields at ground level due to GMDs: Accounting for real-world 3-D ground conductivity effects,” Earth Scope, https://www.ferc.gov/CalendarFiles/20160301082238-Schultz,%20Oregon%20State%20University%20-%20Modified.pdf
“Developing 3-D maps of ground conductivity for power-grid risk assessment,” Earth Scope National Office, https://phys.org/news/2017-12-d-ground-power-grid.html
[5]Lucas, G., Love, J.J., Kelbert, A., Bedrosian, P.A., and Rigler, E.J. “A 100-Year Geoelectric Hazard Analysis for the United States High-Voltage Power Grid,” Space Weather, January 15, 2020, v 20, article e2019SW002329.
[6]Edward B. Savage and William A. Radasky, et al., Recommended E3 HEMP Heave Electric Field Waveform for the Critical Infrastructures, EMP Commission, Volume II, July 2017, available at: http://www.firstempcommission.org/uploads/1/1/9/5/119571849/recommended_e3_waveform_for_critical_infrastructures_-_final_april2018.pdf
[7] Ibid., p. 37. San Francisco’s Larkin Street power failure occurred on the morning of April 21, 2017.
[8]Two research publications addressing April 21, 2017 events, aka CH 802 are: H. Zhao, D. N. Baker, X Li, A. N. Jaynes, and S. G. Kanekal, “The acceleration of ultrarelatavistic electrons during a small to moderate storm of 21 April 2017,” Geophysical Research Letters (2018) 45:5818-5825; and Ch. Katsavrias, I. Sandberg, W. Li, O. Podladchikova, I. A. Daglis, C. Papadimitriou, C. Tsironis, and S. Aminalragia-Giamini, “Highly Relativistic Electronic Flux Enhancement During the Weak Geomagnetic Storm of April-May 2017,” IGR Space Physics(2019) 124: 4402-4413.
[9]Cory Scarola, “Everything we know About the Power Outages in SF, NYC, and L.A.,” www.inverse.com/article/30635, April 21, 2017; Bethania Palma, “Power Outages in Los Angeles, San Francisco and New York Caused by Cyberattacks?” www.snopes.com, April 22, 2017. A post-mortem on the Larkin Street Substation fire of April 21, 2017 reports the unexplained closure, not by human intervention, of a second breaker at the Larkin substation, resulting in an excess current of 1800 amps, 50% above rated current, preceding a flashover-induced transformer fire on April 21st. An after-action report to PG&E appears unaware of the concurrent, highly energetic solar storm. See Exponent, “Outage Investigation – Larkin Substation Outage on April 21, 2017,” Menlo Park, CA, September 15, 2017.
POWERING THROUGH: Building Critical Infrastructure Resilience, pages 20 - 24; (c) 2021 National Disaster Resilience Council of InfraGard
If we are prepared for an electromagnetic pulse (EMP), we will also be prepared for solar storms. Protection of transformers against quasi-DC EMP currents suffice for protection against similar GMD-induced currents. However, the converse is not true. If we prepare for solar storms only, we are not prepared for EMP. This is because both solar storms and EMPs have long-duration, quasi-DC E3 pulses, but only EMP has short-duration, broad-band E1 and E2 pulses.
The E1 pulse is a fast (nanoseconds) pulse that can damage semiconductor electronic chips, digital protective relays, and control system electronics and arc into electronic equipment.[1] The E1 pulse can also damage heavy-duty electrical equipment such as transformers and motors through high-voltage arc-flash breakdown mechanisms. The E3 pulse lasts tens to hundreds of seconds in an EMP with far greater total energy than is experienced in solar storm E3s, which can last for hours or even many days, and can reoccur. The E3 are of special concern to equipment connected to long power lines, long communication lines, and pipelines.[2]
Extensive field testing will be required to determine whether the intensity of HEMP E1 electric currents and the combination of damaged relays and breakers from E1 combined with E3 damage to connected equipment will result in greater or lesser losses of transformer and electric generators due to HEMP attacks (E1 plus E3) compared to E3 damage that may result from naturally occurring solar storms.
Former CIA Director R. James Woolsey pointed to the devastation following the September 2017 hurricane in Puerto Rico, stating that “what we’re talking about is a much, much more devastating thing for American society that what happened to Puerto Rico...that was small compared to what an EMP takedown of the grid would be.”[3]
“Strategic Primer: Electromagnetic Threats 2018 Winter Volume 4 – Current Capabilities and Emerging Threats” reported that the Government Accountability Office (GAO) said that, “given the interdependency among infrastructure sectors, an EMP or major GMD event that disrupts the electric grid could also result in potential cascading impact on fuel distribution, transportation systems, food and water supplies, and communications and equipment for emergency services as well as other communication systems that utilize the civilian electrical infrastructure.” This is because an EMP can damage electronic devices and networks. The paper continues that secondary effects can cause disruption of all critical infrastructures. Russia and China have the capability to do this, and North Korea has declared they would use a “super-powerful EMP attack.” Even ISIS, were it to be reconstituted, could use a coordinated attack using EMP weapons.[4]
Early warning and predictions for both HEMP and GMD events are important: use of tactical warnings to disconnect or shift critical infrastructures (CIs) to standby modes of operation are key research-to-operations (R2O) goals. Neutral ground blockers can be designed to automate response to a GMD early warning, if available. Early warning for HEMP attacks will be short or non-existent and should not be counted on. Early warning from cyber, delivery systems, or E1 pulses may also aid pre-EMP E3 pulse disconnections and rapid termination of loads.
An effective mitigation strategy to protect and recover all critical infrastructures must recognize that HEMP includes a damaging high-frequency component, the ultra-fast E1 component that is not present in the GMD pulse. If designed only for potential GMD, effective protection against the E3 component is unlikely, partly because E1 and E2 pulses can exacerbate vulnerabilities to E3 pulses that follow promptly. Investing only in GMD protection and not E1 protection would be a tragically poor investment decision. Moreover, if the E1 component is not included in design requirements, a lack of protection against HEMP will often result even if the E3 component is included in design requirements.
Shared challenges can strengthen both information-sharing and international collaboration. A high-priority goal should be to protect global submarine communication networks from both space weather (GMD E3) and man-made (EMP E1 and E3) pulse damage. About 98% of global intercontinental communications and data packets are transmitted by submarine fiber optic cable networks. These are vulnerable to both EMP E1 burnout at landing sites and E3 vulnerabilities of underwater amplified repeaters. A global initiative to protect global submarine cable communication systems and global supply chains should strengthen international cooperation.[5]
The Defense Technical Information Center in “Collateral Damage to Satellites from an EMP Attack” by Edward Conrad et al. in August 2010 stated that Low Earth Orbit (LEO) satellites could be damaged by a HEMP.[6] LEO communication satellites could suffer both prompt system damage (for satellites in line of sight) and delayed radiation damage as a result of a high-altitude nuclear burst that produces an EMP. The entire communications pathway of most space satellites is connected to the terrestrial grid and is vulnerable to ultra-fast E1 damage, and is therefore vulnerable to system damage or destruction, including the GPS ground system. Radio communications may survive,[7]especially if redundant and backup systems for positioning, navigation, and timing are developed for both the public and private sectors.[8]
For more on the threats and systems engineering, see Appendix A, which includes the International Council on System Engineering (INCOSE) Critical Infrastructure Preparedness and Recovery (CIPR) “Primer” on the grid: “Systems Thinking in the Critical Infrastructure Domain.”
The reports of the Congressional Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack (known as the EMP Commission) have been published.[9] The EMP Commission Executive Report has six recommendations[10] for the nation concerning an EMP and also recognizes the great need for cybersecurity.
1. That the President establish an executive agent to manage U.S. national infrastructure protection
and defense against the existential EMP threat.
2. Implementation of cybersecurity for the electric grid and other critical infrastructures, including
EMP protection.
3. A joint Presidential-Congressional Commission to accelerate protection of critical
national infrastructures.
4. New standards to protect critical infrastructures from E3 EMP heave fields, with a more realistic
standard of 85 V/km.[11]
5. Expedited threat-level, full system testing of large power transformers.
6. Initiation of a new intelligence assessment, coordinated by the Director of National Intelligence, to
assess EMP hazards and to supersede the Joint Atomic Energy Intelligence Committee (JAEIC)
Report of 2014.
The EMP Commission report asserts that protecting the national electric grid and other critical infrastructures from cyber and EMP attacks can be accomplished at reasonable costs and minimal disruption.[12]
The report by the EMP Commission Chairman, Dr. William R. Graham, lists major blackouts starting with single cause failures, but resulting in prolonged cascading grid outages. He cites multiple examples of specific system faults that result in multiple and widespread cascading outages. He challenges analysts to consider the likely impacts of many thousands of concurrent faults and losses of both control systems and visibility of them during the E1 phase of EMP attack – if EMP protection measures are not widely adopted. He cites the 1965 Great Northeast Blackout that affected 30 million people and was caused by a single relay not set correctly. He cites the Northeast blackout of August 2003, which started by untrimmed tree branches making contract with a transmission line in Ohio, and then failures in protection and monitoring, which resulted in a grid outage affecting more than 50 million people in eight states and two Canadian provinces.
The Chairman of the EMP Commission over most of a 17-year period concluded in his Chairman’s Report:
"[A] nuclear EMP attack would inflict massive widespread damage to the grid causing a large number
of failure points. With few exceptions, the U.S. national electric grid is unhardened and untested
against nuclear EMP attack. In the event of a nuclear EMP attack on the United States, a widespread
protracted blackout is inevitable.[13]"
If critical infrastructure systems are newly designed, retrofitted, or operationally prepared for EMP hazards, they would be adequately protected against GMD hazards in most circumstances. A critical goal of a combined space weather and national security strategy for homeland and global security should be to identify and prioritize common-mode vulnerabilities and common-mode protections for EMP and GMD hazards. A high priority, therefore, should also be to identify and assess unique hazards of man-made EMP, especially HEMP, and unique hazards of GMD and other space weather hazards to terrestrial, trans-oceanic, aerial, and space activities.
Cost recovery for resiliency from both space weather and man-made EMP is important. The federal government could provide tax credits, federal procurement markets, resilient capacity cost recoveries for federal power markets and regional electric transmission organized markets, firm delivery market contract premiums for energy commodities or other essential services, and “best practice” demonstration programs.
[1]Powering Through from Fragile Infrastructures to Community Resilience, p. 14.
[2]Ibid.
[3]Amb. James Woolsey, Air Education and Training Command and Air University Summit, August 20-23, 2018.
[4]Strategic Primer: Electromagnetic Threats 2018 Winter Volume 4 – Current Capabilities and Emerging Threats, p. 3.
[5]Thomas S Popik, George H. Baker, William R. Harris, Jordan Kearns, “Will North Korea Atmospheric Nuclear testing damage Submarine Fiber optic Telecommunications?,” SubTelForum, Issue 99, March 2018, pp. 40-52.
[6]Edward E. Conrad, General A. Gurtman, Glenn Kweder, Myron J. Mandell, Willard W. White, “Collateral Damage to Satellites from an EMP Attack,” Defense Threat Reduction Agency, August 2010, http://www.dtic.mil/dtic/tr/fulltext/u2/a531197.pdf
[7]Strategic Primer: Electromagnetic Threats 2018 Winter Volume 4 – Current Capabilities and Emerging Threats, p. 19.
[8]On February 12, 2020 President Trump issued Executive Order 13,905, “Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services.” This Executive Order is available at 85 Federal Register 9359 (February 18, 2020).
[9]Assessing the Threat from Electromagnetic Pulse (EMP) Executive Report, July 2017, www.firstempcommission.org
[10]The Executive Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack, July 2017.
[11]Recommended E3 HEMP Heave Electric Field Waveform for the Critical Infrastructures, EMP Commission, Volume II, July 2017, recommending a late-phase E3 protection standard of 85 volts/km. See pp. ix, x, and 1, at http://www.firstempcommission.org/uploads/1/1/9/5/119571849/recommended_e3_waveform_for_critical_infrastructures_-_final_april2018.pdf
[12]The Executive Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack, July 2017, at pp. 12-16.
[13]EMP Commission Chairman’s Report, released August 2018, at pp. 37-38.
POWERING THROUGH: Building Critical Infrastructure Resilience, pages 25 - 28; (c) 2021 National Disaster Resilience Council of InfraGard
Adversaries may use of multiple types of attacks to achieve their objectives.
In July 2018, the Department of Defense (DOD) cleared for public release a July 2017 Staff Report to the Congressional EMP Commission, Peter Vincent Pry’s “Nuclear EMP Attack Scenarios and Combined-Arms Cyber Warfare.”[1] This Staff Report reviewed the military doctrine of Russia, China, North Korea, and Iran on potential combined arms attacks, including variations on asymmetrical warfare. All four nations addressed the benefits of employing cyberattacks upon the critical infrastructure of adversaries, requiring selective delay in takedown of adversary electric grids as grid power and network connections were essential to attack other critical infrastructures before takedown of grid networks with their essential connection to other critical infrastructures. From some perspectives, an EMP attack is the ultimate cyber denial-of-service attack.
David Winks, in his more recent article “Resilience to Combined Attacks,” states that “adversaries do not limit their attacks to addressing each critical infrastructure in isolation, they use all means at their disposal to achieve their destabilization objectives. Adversaries seek to attack points within our infrastructure that have the highest adverse consequences with the highest likelihood of success.”[2] He continues to discuss that adversaries could use compromised chips to remotely disable systems on critical military bases and then launch a cyberattack on commercial power, water, and telecommunication systems. Once these are disabled, a HEMP might be launched.[3]
If a major solar storm was the cause of electric power outages in parts of the county, then it might prompt an adversary to launch a major cyberattack that is focused on extending infrastructure outages to other parts of the nation not affected by the solar storm. This could lead to a nationwide grid outage. It would be difficult for regions to help each other because of this widespread attack.
The electric power grid and communications are so closely interdependent that an attack on one could cripple the other. Restoration of the grid would rely on communications. Communications systems need electric power to operate.
If a severe pandemic occurs, as with the COVID-19 pandemic now impacting all of the critical infrastructures, with the U.S. experiencing cascading effects of staff attrition and deficiencies in supply chains, adversaries could exploit that vulnerability to coordinate attacks on multiple critical infrastructure simultaneously. The same scenario could apply to a major earthquake.
The recent bipartisan “Final Report of the Cyberspace Solarium Commission” proposes to codify in federal law the concept of “systemically important critical infrastructures” or SICIs. Recognizing that some elements of critical infrastructures are more important than other to protection of public health, public safety, and national security, the Solarium Commission supports special government commitments, including improved situational awareness, for entities that manage critical infrastructure assets, the disruption of which could have cascading, destabilizing effects. While private-sector entities are responsible for the defense and security of their networks, “the U.S. government must bring to bear its unique authorities and resources” to support these key critical infrastructures, whether through deterrence or through application of cyber or other military capabilities of the United States.[4]
Adversaries are unlikely to launch attacks they believe will fail or which will be more costly to achieve than the benefits obtained. If the nation can improve the infrastructure to remove vulnerabilities and become resilient, adversaries are less likely to attack. Both preparedness and deterrence are goals of Powering Through: Building Critical Infrastructure Resilience.
[1]Peter Pry, “Nuclear EMP Attack Scenarios and Combined Arms Cyber Warfare,” EMP Commission, July 2017, http://www.firstempcommission.org/uploads/1/1/9/5/119571849/nuclear_emp_attack_scenarios_and_combined-arms_cyber_warfare_by_peter_pry_july_2017.pdf
[2]David Winks, Resilience to combined attacks, Cyber Security: A Peer-Reviewed Journal, August 2019.
[3]Ibid, pp. 3-4.
[4]Cyberspace Solarium Commission, Cyberspace Solarium Commission - Final Report. March 2020, pp. 5, 6, 24, 96-98.
POWERING THROUGH: Building Critical Infrastructure Resilience, pages 28 - 29; (c) 2021 National Disaster Resilience Council of InfraGard
Information Source: All information on this page is taken from POWERING THROUGH: Building Critical Infrastructure Resilience, pages 9 - 29; (c) 2021 National Disaster Resilience Council of InfraGard
Copyright © 2024 - Foundation for Infrastructure Resilience - All Rights Reserved.