Month: January 2015

The Vulnerability of Our Electric Utility System to Cyber Attacks

I have touched on this issue in an earlier blog post (‘Vulnerabilities of U.S. Infrastructure: We Need To Pay More Attention’) and turn to it again because its importance and associated risks have been highlighted by the recent hacking of SONY’s corporate web site. The U.S. and other countries are highly vulnerable to digital hacking – a point emphasized again by the recent hacking of U.S. Department of Defense web sites – and unless we take steps to adequately protect our web-connected systems from these interventions I fear we will pay a terrible price. Too many of our public systems are now remotely controlled by wireless networks, and someone bent on doing damage and who knows how to hack can make us hostage if our systems are penetrated. My concern is less with SONY than with our centralized electric utility systems that power our homes, businesses, hospitals, water supply systems, and many other aspects of modern life.

image

Is it difficult to provide this cyber protection? The simple answer is yes, for several reasons: the growing numbers of wireless networks and cyber hackers, the cost of counteracting malicious hacking, the availability of trained professionals to address the hacking issue, and what I have long considered a major problem: the inability to focus enough attention on cyber security issues.

Let me discuss each of the barriers in order. Wireless networking is growing because it offers many advantages – reduced wiring requirements and related costs, remote operation and reduced manpower requirements, ability to monitor more variables continuously and control systems to a finer degree. Disadvantages arise when inadequate attention is paid to preventing hacker penetration into the network, thus allowing disruption of normal operations or allowing hackers to take control of the network. Also, the number of capable hackers is increasing rapidly. Many schemes have been proposed for restricting unauthorized access to a network, usually using passwords, but often these passwords are not adequate to stop an experienced hacker and most people are resistant to remembering long, complicated passwords. Many companies are also not yet convinced of the need to spend the money on sophisticated protection systems, and some may see the consequences of a hacking as less costly than the required investment. At some level we can all relate to this mindset.

Costs are inherent in any attempt to prevent hacking, ranging from software and hardware costs to labor costs. There is some indication that SONY, an electronics company, spent too little on protection costs by underestimating the potential threat to its cyber systems. It is a mistake it won’t make again, and should serve as a wake up call to other corporate and government bodies.

The trained manpower issue is a critical one. As a vice president of Oracle Corporation noted in Congressional testimony: the vast majority of people available today to address cyber security issues are the ones who designed and implemented the current vulnerable information technology system. Should they be the ones to try and fix it, or do we need newly-trained cyber experts who are not so closely linked to today’s operating modes? Clearly there are people who have the requisite high level skills – think NSA – but are they available broadly on a global basis? Looks like a good field to get into as soon as possible.

Finally, let me address the issue of focusing attention on cyber security issues. I come to this discussion with some personal experience. Several years ago I served on a Department of Defense (DoD) committee reviewing energy proposals for military buildings and bases. Other members of the committee were from the various military services and the DoD Secretary’s office. DoD has always taken an interest in energy issues as a large part of their costs are energy-related – e.g., DoD maintains more than 500 buildings globally and the U.S. Air Force is the largest single user of aviation fuel in the world. Many of the proposals we reviewed were for wireless networks on military bases that needed to go independent of the grid at times of grid failure or other times of emergency. Many of the proposals were technically sound, proposing wireless networks on bases that could switch to power sources on the base that were independent of the grid when needed (solar, wind, geothermal, minihydro, diesel) and making sure priority loads were covered first. These networks also allowed continuous monitoring of energy systems and improved energy efficiency on the bases at all times. When I first raised the issue of network vulnerability to hacking I received a cordial hearing but no follow through. In year two, making a pest of myself again, there seemed to be more of an interest in potential hacking problems, perhaps stimulated by the reports of U.S. drones in Afghanistan transmitting unencrypted video signals to troops on the ground that were available both to the U.S. troops and the enemy troops the drones were tracking. I finally gained some traction in year three when the committee seemed more interested in requiring hacking protection in the proposals. Today the issue is hopefully more appreciated and getting much more attention.

image

Let me now tie all these concerns to our electric unity system. Today, and for most of the past century, it has been a highly centralized grid system where large central power plants distributed electricity radially via high voltage transmission lines and lower voltage local distribution lines. It was a ‘dumb’ system with little overall control and when one part of the grid went down lots of people lost their electricity supply until the grid problem could be fixed. Today we are developing a ‘smart’ grid with lots of electronic controls that allow isolation of problem areas to minimize the number of people affected, that facilitates transfer of power from one grid region to another, and that allows utilities access to consumer homes and businesses for better balancing of supply and demand. These ‘smart grid’ features offer many advantages to suppliers and consumers, ranging from improved energy security to reduced costs. The downside is that electronic networks controlling these various features of the smart grid can be penetrated by sophisticated hackers, and my impression is that until fairly recently utility executives were not paying sufficient attention to cyber security issues. I hope this is no longer the case, but we all know of utilities that have underinvested in protecting their systems – e.g., Pepco in the Washington, DC/Maryland area who underinvested for years in trimming back trees that could fall on and disrupt power lines during storms.

The sooner we can begin to address these issues in a serious manner the more secure our energy systems will be. At this point we are highly vulnerable to physical sabotage attacks on our exposed power transmission line infrastructure and hacking attacks on our utility control networks. This is true in the U.S. and elsewhere. Let the SONY situation serve as the needed wake-up call.

The Climate Change Thing – Revisited

I return to this topic because it is a growing global problem that must be addressed, and because I am disturbed by the continuing resistance by some members of the U.S. Congress to acknowledging the reality of global warming and resultant climate change. I am also scared because some of those members are in leadership positions in the 115th Congress that is just getting underway.

image

What I consider to be uninformed and unscientific global warming denial or minimalization reminds me of several incidents in my own lifetime – the reluctance of some national leaders in the UK and the U.S. in the 1930s to realize the full implications of Hitler’s aggressive and inhumane practices; suppression of public discussion of the dangers of civilian use of nuclear power in the name of developing nuclear weapons to oppose Soviet aggression in Europe; failure in the 1960s to understand the nationalistic focus of Vietnam’s struggle for independence from France in the name of resisting Communist advances in Asia; resistance to environmental protection in the name of economic development; and more recently our invasion of Iraq in the name of disabling non-existent weapons of mass destruction. I know that some, perhaps many, people will disagree with some or all of these characterizations, but the lesson for me is that leadership that is not open to a range of views can lead us into quagmires of human suffering.

Global warming and climate change is one of those issues. James Inhofe, the new Chairman of the Senate Environment and Public Works Committee, is a human-induced global warming denier, apparently based on his religious beliefs. He may be sincere in these beliefs – how could global warming be occurring if G_d didn’t want it to happen – but just as sincerely I believe him to be wrong. I am a trained scientist who believes that science is an avenue to understanding and truth as best we can know it, and the science increasingly says that carbon emissions are increasing the greenhouse effect in the earth’s atmosphere. This changes the energy balance between the earth and the sun, resulting in slowly but steadily increasing temperatures on earth. What is especially scary is the heating of the oceans, both surface and at depth, which provide the energy for hurricanes, typhoons, and other weather events. By changing the climate this warming also changes precipitation patterns that are our major sources of water, and produces adverse effects on environment and public health. By not addressing these issues now our leaders are committing future generations to having to deal with these issues, and at much greater cost. It has also always bothered me that those most vulnerable to the adverse impacts of global warming are those least responsible for and least able to deal with it – poor people in many countries and on island nations.

So what difference does it make if Sen. Inhofe, and others like him, are climate change deniers? Unfortunately, he and others (here I bring to mind House Speaker Boehner and Senate Majority Leader McConnell) are in a position to stop or at least slow down federal action to control greenhouse gas emissions, delaying for at least two years U.S. action, in concert with others, to counteract climate change. His and their behavior also sends a signal to young people to discount science and overwhelming scientific consensus, on an issue that will undoubtedly impact their lives. It is also a negative reflection on the quality of U.S. governance.

image

I would also note that these leaders will not be around to reap the whirlwind of their decisions. Climate change is a long-term issue, although some impacts are already becoming visible, and those making decisions for short-term politichal gain will not be around to face the voters when the bill comes due. Pressure from an educated public is the best avenue I see to changing this situation and putting us on a more responsible public policy path. Here’s hoping that not too much damage is done in the 115th Congress, and that climate change issues will be an important topic of discussion in the 2016 elections.