A New Security Paradigm for Critical Energy Infrastructure

The post below by my colleague Michael Mylrea and myself may be of interest to a number of you as many of the same solutions to climate change also aid in solving some of our problems with energy security which elevates the issue in importance especially to those who call themselves “conservative.”  In reality, they are actually one issue. There is, however, a warning on the new Smart Grid technology, which, while promising, if not done just right could add more vulnerabilities, not reduce them.  These issues  should be part of the Building Energy 10 conference as NESEA has traditionally included cutting-edge concepts even if they may be somewhat controversial.

Best,

Joel Gordes

A new security paradigm is needed to protect critical US energy infrastructure from cyberwarfare

By  Joel N. Gordes and Michael Mylrea

With the 8th anniversary week of 9/11 behind us, the US remains vulnerable to a devastating cyber attack directed at its critical infrastructure.  Despite warning signs of this threat, policy makers continue to prepare for the last war, ignoring the major lesson of both 9/11 and Pearl Harbor–not to “be prepared,” but to understand the changing nature of warfare.  US policy makers need to adopt a new security paradigm to defend critical asset, especially energy infrastructure, from a devastating cyber strike.

Several years ago the California Independent System Operator reported: “For at least 17 days at the height of the energy crisis, hackers mounted an attack on a computer system that is integral to the movement of electricity throughout California.” A more recent public report by a CIA analyst says this is a global problem and criminals have launched cyberattacks against foreign power utilities with the goal of extorting money.

One call to action came with the release of a CNN video showing how a software attack quickly destroyed a generator. A similar attack on key electric facilities could take out power to major geographic areas and if incapacitated for three months, the economic price tag would be about $700 billion, according to Scott Borg, Chief Economist at US Cyber Consequences Unit, a private non-profit think tank. That is “equivalent to 40 to 50 large hurricanes striking all at once,” Borg told CNN. “It’s greater economic damage than any modern economy ever suffered.” While the the North American Electric Reliability Corporation (NERC) approved new standards to improve cyber security the grid remains vulnerable as regulations require further refinement, focus and effective enforcement.

In preparing for the future, it might be useful to look back at other grim prophecies that, had they been heeded could have prevented catastrophes. One example was Brigadier General Billy Mitchell who warned in April 1926 that there would be “a surprise aerial attack on Pearl Harbor;” or just as Richard Clarke, former top US counterterrorism official and “Cyber Czar” warned White House officials of the threat of al Qaeda prior to 9-11.

The Obama administration’s prioritization of energy security is a start as energy and telecom are the two primary critical infrastructures upon which all others are dependent. All modern infrastructures including banking, hospitals, water,  and defense depend on these interrelated infrastructures for their operation and “the power grid is the foundation of it all,” noted cyberwar expert Winn Schwartau.

Enter the “Smart Grid.”

One bright spot is the government’s allocation $4.1 billion of stimulus funds to invest in the new “Smart Grid.” “Smart” implies a move away from totally centralized generation and control to two-way communications between the utility and end users. It also enhances use of  energy efficiency and decentralized renewable energy such as wind and photovoltaics along with other distributed generation sources. This will help realize Obama’s goals of diversifying fuel supplies and curbing carbon emissions. However, unless security is part of the design criteria, the smart grid will not live up to its name; done poorly increased communications will be accompanied by increase cyber vulnerabilities. First and foremost, a new paradigm must include security into the design and operational criteria as something more than merely an afterthought.

More specifically, adaptive islanding or physically dispersing small, modular generators allows for some continued operation if the overall transmission system has been disrupted either physically or by cyberattack. Locating the distributed sources closer to the place of use minimize the vulnerability of transmission lines. By diversifying the mix of fuels and technologies used by the distributed units there is safety from disruption of any one fuel source. Due to the increasing reliance on gas, incapacitating a pipeline compressor at a critical location could disrupt the flow of gas to large areas.

Another one of the challenges is the private sector owns and operates the majority of the country’s critical energy infrastructure.  A leading advocate of building a private-public-partnership, Richard Clarke, commented: “The owners and operators of electric power grids, banks and railroads; they’re the ones who have to defend our infrastructure. The government doesn’t own it, the government doesn’t operate it, [and] the government can’t defend it. …..the military can’t save us.”

Too Little to Late

Until these improvements are made the current electrical grid will continue to operate  with inefficiencies; physical and cyber vulnerabilities that could potentially cripple our economy. Current economic inefficiencies cost billions of dollars in losses each year and present a major challenge as increases in the world’s energy demand will require supply to triple by 2050. Combined with the new cyber threats we must quickly employ public-private partnerships that engage entrepreneurs to incorporate comprehensive security into any future “smart grid” design in a ways that also minimize loses in operational efficiency. Moreover, building a stronger and smarter electrical energy infrastructure will transform the country, mitigate risk, create jobs, and slow destruction of the environment. Indeed, a challenge worth undertaking, allowing us to look forward to future opportunities, instead of catastrophes of the past.

Joel Gordes is President of Environmental Energy Solutions and is involved in energy security matters. Michael Mylrea is a Security Consultant that has worked on energy and cyber security issues for private sector and government.