Infrastructure vulnerability – what do you need to know?
May 2017 | EXPERT BRIEFING | SECTOR ANALYSIS
While disruption is now a business model, it is also a sobering concern for infrastructure security. With a politically unstable world climate, and volatility at home and abroad, essential services in the US can realistically be considered at risk from attack.
The background processes that support any country are its infrastructure. In a presidential policy directive dated 12 February 2013, the administration of then-president Barack Obama defined 16 “critical infrastructure sectors” considered essential to the security, stability and well-being of the country. The 16 sectors were: chemical; commercial facilities; communications; critical manufacturing; dams; defence industrial base; emergency services; energy; financial services; food and agriculture; government facilities; healthcare and public health; information technology; nuclear reactors, materials and waste; transportation systems; and water and waste water systems.
Every four years, the American Society of Civil Engineers (ASCE) assigns letter grades to infrastructure components within its sphere of influence. While the 2017 report card is due soon, the overall grade assigned to US dams, drinking water, transportation and energy facilities in 2013 was a D+. To improve the condition of these important assets, the ASCE estimates a required investment of $3.6 trillion by 2020.
From the energy supply side, the national energy ‘grid’ is not a grid at all. The energy landscape in the US is composed of three intersecting power regions known as the Eastern, Western and Texas interconnection. Across the country, a patchwork of large and small utilities transfer and transmit energy among consumers and neighbouring power utilities.
The Department of Energy released the second instalment of its Quadrennial Energy Review (QER) in January of this year. The review process was authorised by the White House in 2014 to assess the national energy asset. This section of the report delivers 76 recommendations on modernisation, including the collection of intelligence about imminent threats, the adoption of integrated electrical security planning and increasing grant monies to enable smaller utilities to respond to cyber and other threats.
In a paper published in the journal IEEE Explore, researchers at Michigan Tech describe a process to monitor the relative health and weaknesses of facilities that produce and transmit power.
The research evaluates ‘nightmare’ scenarios, where hackers exploit a vulnerability to execute an attack. Lead author Chee-Wooi Ten describes the standing threat to global energy security in a press release, noting, “Now with events like in Ukraine last year and malware like Stuxnet, where hackers can plan for a cyber attack that can cause larger power outages, people are starting to grasp the severity of the problem”.
Facing the risks of crumbling infrastructure
In February 2017, more than 180,000 Californians were ordered to evacuate downstream of the stricken Oroville Dam, after concerns that a spillway would collapse. The spillway, an earthen structure, was in use only after it was discovered there was major structural damage to the concrete chute intended to maintain and reduce the level of water in the reservoir. According to a local media outlet, of 1250 dams in California, 678 have been designated “high hazard” by regulators.
As the structures designed to manage water flow begin to fail, an agency tasked with managing the flow of travellers through national airports is now rudderless. Transportation Security Agency (TSA) administrator Peter Neffenger, widely credited with turning around the troubled TSA, stepped down in January with no replacement yet named to continue the critical improvements which begun under his tenure.
The Protection of another essential sector, financial services, is up for bid by the Department of Homeland Security (DHS). Realising the need to cultivate the nimble capability and deep talent of commercial enterprise in a governmental setting, the DHS issued a call for contractors to provide “technologies and tools to confront advanced adversaries when they attack US cyber systems and networks”. The bid, opened in November 2016, is set to close in November 2017. Topical areas of interest of the DHS include “intrusion deception, moving target defence and isolation and containment”.
Also in early February 2017, the Senate Environment and Public Works committee met for the first time in this congressional session. Offering remarks on the funding of infrastructure improvements through private investments, as proposed by the current administration, chairman John Barrasso, remarked, “Funding solutions that involve public-private partnerships, as have been discussed by administration officials, may be innovative solutions for crumbling inner cities, but do not work for rural areas”.
While critical sectors of US infrastructure have been identified, there appear to be wide gaps in asset maintenance, risk assessment and any cogent continuity plan that would account for infrastructure aging, or worse – a criminal or terrorist attack.
In February 2016, in testimony before the US House of Representatives Committee on Homeland Security, Frank Cilluffo, director of the Centre for Cyber and Homeland Security stated, “While we cannot know in advance every threat that may lurk around every virtual corner, we can certainly take the steps necessary to maximise our ability to detect, prevent, protect and respond. In some instances, it may be that our ability to bounce back – our resilience – proves to be a valuable deterrent to our adversaries”.
At present, it is not clear that the strength – or resilience – of American infrastructure would prove a deterrent to domestic or nation-state actors interested in disrupting the US in any sector.
Cheryl Tyler is the chief executive officer of CLT 3 Consulting. She can be contacted on +1 (240) 481 7756 or by email: firstname.lastname@example.org.
© Financier Worldwide
CLT 3 Consulting