Securing the Nation’s Critical Infrastructures: How national laboratories lead the wayPosted to Idaho National Laboratory
image credit: Image: Canva
- Sep 9, 2020 4:17 pm GMTSep 9, 2020 2:34 pm GMT
- 2224 views
In 1961, an unassuming mathematician and meteorological professor from the Massachusetts Institute of Technology made a stunning scientific discovery. Through a series of experiments involving repeated computational calculations of weather-related data, Dr. Edward Lorenz found that making subtle changes to his data’s inputs led to dramatic changes in its outputs. Lorenz’s work became famously known as the butterfly effect and remains a founding principal of chaos theory. Like ripples in a pond, chaos theory suggests that when small changes are made to a system, they can become amplified over time, leading to a different outcome than originally thought.
The underlying conditions that support chaos theory can be applied to many engineering disciplines, including the operation of our nation’s critical infrastructure. It’s no longer a secret to say our country faces vulnerabilities in part because of our interconnected and interdependent infrastructure. In fact, the 2018 National Defense Strategy sees an increasingly complex global security environment in which the homeland is no longer a sanctuary, and that increasing digital connectivity of all aspects of life, business, government and military creates new vulnerabilities.
Recent Events Highlight Dynamic Threat Landscape
Events of recent years have illustrated the threats to critical infrastructure, particularly the U.S. electric grid, from both extreme weather and determined adversaries. The impacts of Hurricane Michael on Tyndall Air Force Base, concerns over foreign control of critical supply chains, cyber incursions against critical infrastructure and unprecedented and ongoing damage from fires in the West have brought the continued vulnerability of the bulk U.S. electric power system into sharp focus. The threat landscape, as well as the lessons from the longest blackouts in U.S. history following Hurricanes Maria, Irma and Superstorm Sandy, widened the scope of what civilians, first responders and the military must plan for. Even today in Texas and Louisiana, grid operators are reporting that August’s Hurricane Laura caused severe and extensive damage to high-voltage transmission lines and other key infrastructure. Some residents won’t see power return for at least a month.
When a small disturbance to one system cascades across many others, it leaves us increasingly brittle and vulnerable to further disruption impacting the economy, public safety and human life. To address this challenge, government agencies and public utilities are increasingly turning to the country’s national laboratories to identify research opportunities and operational solutions. At Idaho National Laboratory, engineers have spent 20 years developing methods to improve infrastructure resiliency and better secure industrial control systems across critical lifeline sectors using a range of techniques, from modeling and simulation and virtualization to small-and grid-scale test beds.
One important case study in resiliency is the Native American community of Blue Lake Rancheria, California. With wildfires increasingly common and electricity less reliable, Blue Lake Rancheria worked with the Schatz Energy Center, the California Energy Commission, Pacific Gas & Electric, numerous private sector vendors and contractors and INL researchers to achieve a markedly higher level of resilience. In so doing, it restructured its role in the energy ecosystem, created a self-supporting microgrid with its own electricity generation, storage and distribution capabilities. The value of this subtle change was quickly recognized when wildfire-induced public safety power shutoffs affected Humboldt County, home to the Blue Lake Rancheria.
Executive Order Addresses Security of the U.S. Electric Power System
In the grid cyber realm, the president signed Executive Order 13920 declaring a national emergency around the security of the bulk U.S. electric power system. In short, it states that the unrestricted foreign supply of bulk-power system electric equipment constitutes a threat to U.S national security, and bans the acquisition, importation, transfer or installation of bulk equipment where a foreign country or individual has a vested interest. As the Department of Energy prepares to execute its direction, national laboratories are likely to play a key role in providing supporting research, testing and training.
While this executive order was only recently signed, securing vital technology operating the electric power grid has been a priority within the national security community for several years. Energy experts know that inside the generators, transformers, voltage regulators and control systems that operate U.S. critical infrastructures are hundreds of vulnerable components, chips, circuit boards and computer code. Moreover, since many U.S. utilities rely on equipment purchased from foreign-owned companies, officials are increasingly wary that foreign adversaries could poison the supply chain. And like chaos theory suggests, these adversaries could make subtle changes to the hardware or software components inside any of this equipment, resulting in a coordinated, debilitating attack.
National Laboratories Work to Strengthen Resiliency
Fortunately, several national laboratories have been addressing this issue for some time through initiatives such as the Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, the Cybersecurity for the Operational Technology Environment (CYOTE) program and the Consequence-driven Cyber-informed Engineering (CCE) methodology. Though varied in their approach, each of these initiatives is designed to strengthen and improve energy-sector resilience by working closely with owners, operators and vendors to test equipment, limit the most damaging consequences, create better information sharing relationships and analyze sensor data for emerging threats.
From extreme weather events to increasingly adept cyber adversaries, threats to the electric grid are a persistent and evolving challenge that puts both civilian communities and military installations at risk. An approach that focuses on one threat to the exclusion of others will continue to leave the nation vulnerable. While the policy, technical, regulatory and financial challenges necessary to address these issues are large, complex and further exacerbated by the pandemic and its resulting economic impacts, they are not impossible to overcome. Good work is being done at all levels, but more is needed to ensure the resilience of this system we all depend on. The Department of Energy’s national laboratories are leading the way to better security and resiliency, and through collaboration, are trying to bring order to an often chaotic world.
Andy Bochman is a senior grid strategist at Idaho National Laboratory, supports the laboratory’s Resilience Optimization Center (INL ROC), and will be on an Energy Central-hosted panel on Sept. 23, 2020, to discuss the recent Executive Order 13920.
John Conger is the former Acting Assistant Secretary of Defense for Energy, Installations & Environment, and a strategy consultant at Idaho National Laboratory.