. . . Mary ran a third article yesterday; this one focused on grid security. This is a hot topic for Smart Grid, and we plan to expand our coverage on it at the next summit. The article begins with some comments about John Bryan’s keynote. This was a good place to start, given that he’s heading up a new industry group in this space, the Secure Smart Grid Association. I was happy to see Mary note his mention of GhostNet, a huge cyber security story from 2009 that was uncovered by a team of researchers here in Toronto. I’m not a security expert, but found the story fascinating enough to blog about when it broke.

Pearl Harbor was a preemptive strike against the US Pacific Fleet. It significantly degraded the US Naval capability for several years. If the aircraft carriers were in Pearl Harbor as the Japanese expected, it could have been a complete knockout blow. So the question becomes, what can make a computer attack strategic?

Also see Robert Lemos’ report from the 2009 Cyber Warfare conference in Estonia

Over the last 15 years, it now appears that the electrical grid is not only extremely vulnerable, they are in the process of exponentially increasing its vulnerability. At this point, the vulnerabilities in the power grid are well documented. I highlight how there are many points where control networks overlap business networks. The GAO published a report a month later highlighting this problem at the Tennessee Valley Authority [pdf link]. The Wall Street Journal highlighted how Russian and Chinese intelligence agencies have already planted malware in the power grid. Then there was the Idaho National Lab Aurora video, where they demonstrated that a generator SCADA system can be remotely hacked to blow up the generator. Then there was the recent 60 Minutes piece.

I have to admit that even with all of the above, I wasn’t convinced that there could be a true strategic attack. You can probably blow up a few generators, but the fact is that the power grid itself is resilient enough to withstand the effects. Another issue is that while Russia and China could potentially coordinate a much more devastating attack, they do not have the motivation to cause such damage. While terrorists and some other parties might want to try, it is unlikely that they have the coordination and resources to accomplish a truly strategic attack.

However, the smart grid changes all of that. The researchers from IOActive demonstrated that smart grid boxes can be hacked and that they can spread worms. Not only that, the boxes themselves will be connected to every home and be available to anyone. Anyone therefore has access to the smart grid. With tens of millions of the boxes planned to be distributed throughout the United States, potential attackers can easily get their hands on the systems to tear apart and find new vulnerabilities and attacks. More important, when there is a vulnerability found, how will it be mitigated?

There is a perfect storm brewing where the skills and resources required to launch a significant attack is being drastically lower. Depending upon the effects of a possible worm on the smart grid boxes, and the vulnerability of the generators, there can be a combined attack that does have strategic impact.

Again, I am not legitimizing the doomsday criers who have been doing this for decades. However, I have come to realize that there is gross negligence in how the power grid has been maintained, and how it is evolving. While I will not cry wolf and say it is imminent, I sadly realize that an Electronic Pearl Harbor is now very possible.

© CXO Media Inc.

Canada is the largest foreign supplier to the US of all forms of power – oil and gas, electricity and uranium – exporting more than CDN $125B annually across its southern border. In terms of pipeline products alone, Canada exported 2 million bbls/day of crude oil to the US in 2008, worth US $64 billion and another 500,000 bbls/day of refined products. Canada was by far the largest supplier of petroleum to the US, with those net imports representing about 11 percent of total US consumption.

By 2020, Canadian crude production is expected to rise by an additional 2 million bbls/day, most of which will be available for exports, as Canadian demand is not expected to grow significantly. This could bring US net imports from Canada to over 4 million bbls/day of crude oil, along with 500,000 bbls/day of refined products. Because of the integrated nature of the Canada-US economies, some of the crude oil or oil from bitumen is refined in the US and then re-exported to Canada for use by consumers.

Canada exported 9.9 Bcf/day of natural gas to the US during 2008, worth US $30 billion, and imported 1.6 Bcf/day, worth US $5 billion. As with petroleum, Canada was also the largest foreign supplier of natural gas to the US, with net imports representing some 13 percent of US consumption. By 2020, assuming the completion of the Alaska natural gas pipeline, total net flows of natural gas from Canada should be 10 Bcf/day – very similar to the 2008 number. Canada will remain, by far, the largest foreign supplier of natural gas to the US.

The Canada-US, or continental, electricity grid operates in a similarly integrated fashion to satisfy peak demands on either side of the border. The blackout that hit central Canada and much of the US Midwest corridor in 2003 highlighted the extent to which Canada and the US are integrated in terms of power generation, and should therefore be jointly committed to measures that will enhance the security of energy transmission facilities. It also, incidentally, pointed to the need to upgrade that grid – a challenge that still remains.

The extent of cross-border integration between the US and Canadian economies is not unique to the energy sector. It is the dominant characteristic of the North American economy, including in automobile manufacturing, as was more than evident when the US and Canadian governments acted together to rescue and restructure that industry. The agriculture, integrated rail and aviation sectors are other examples. There is in fact a high degree of mutual economic dependence that grows with each economic cycle.

This dependence is particularly relevant in the energy sector. The essential point is that the US needs the reliable supply of Canadian energy exports to secure its own future economic growth. Canada’s oil reserves – 97 percent of which are in the oil sands – are second only to those of Saudi Arabia. Measures that disrupt this supply for any reason would, by their very nature, jeopardize those growth prospects.

Concerns about so-called ‘dirty oil’ should be kept in perspective, beginning with some basic facts. The notion that oil from the oil sands is two or three times ‘dirtier’ than regular crude is nonsense. The ‘dirty oil’ fallacy focusses only on oil sands production. A ‘well to wheels’ comparison with conventional oil is more accurate and shows only minor differences in CO2 emissions. In other words, there are various levels of crude oil, with varying levels of emissions, but oil extracted from the oil sands ultimately produces no more GHG emissions than some of the heavy crude from California.

As a matter of fact, according to data from the US Environment Protection Agency, emissions from thermal power plants in 27 US states individually exceeded the total emissions from the Canadian oil sands. (The total from these states was actually 70 times larger.) Besides, emissions from US cattle herds were three times those from oil sands.

Are there alternative sources of supply for the US energy demand? Mexico is on the southern border, but its energy supplies are declining. State ownership hobbles both efficiency and investment, and seriously constrains the ability of Mexico to retain its position as a major supplier. Other sources for US energy supply are the Middle East and Venezuela. Canada stands tall in that ranking.

State-owned national oil corporations directly control 75 percent of the world’s oil reserves, and that number is likely to continue to increase. Countries like the US (and Japan and Korea, among others), which are dependent on others for secure supplies of oil, will undoubtedly be putting greater emphasis on securing increasingly scarce supplies. This means that Canada’s role will likely become even more important than it is today.

As the US State Department acknowledged in its recent approval of the Alberta Clipper Pipeline:

“The addition of crude oil pipeline capacity between Canada and the United States will advance a number of strategic interests of the United States; [increase] the diversity of supply at a time of considerable political tension in other major oil producing countries and regions; [shorten] the transportation pathway for crude oil supplies; and [increase] supplies from a non-Organization of Petroleum Exporting Countries producer. Canada is a stable and reliable ally and trading partner of the United States, with which we have Free Trade agreements that augment the security of this energy supply.”

Pipelines provide safe, low-cost transportation of a critical component of growth for the Canadian and American economies. They have an outstanding record of environmental and operational performance. And, if next-generation biofuels – such as algae-based or other biofuels made from non-food crops – become a part of the climate change solution, pipelines may well be the conduits for them also.

There is certainly increased attention being paid to security along the Canada-US border these days. Some of this increased attention is undoubtedly warranted, and some of it is plainly protectionism or bureaucratic rent-seeking dressed up in the name of security. But, even if cross- border pipeline flows of oil and gas tend to be free of much of the ‘border thickening’ measures that are steadily undermining the free flow of other goods and services, there are nonetheless significant challenges that must be met to maintain supply.

One is achieving both economic efficiency and infrastructure security in an environment where the two federal governments, the Canadian provinces, American states and frequently municipalities each have a piece of the jurisdiction. In Canada, provincial government ownership of oil and gas and water resources needed for power generation further complicates matters. Federal infrastructure policies engage provincial jurisdiction and interests as well. In Canada, it is never certain whether overlapping federal-provincial jurisdictions on any subject will yield coherence or conflict or just procrastination.

The regional dimension of energy policy is critically important. The vast majority of current and future oil and gas production comes from the Canadian West. There are important offshore resources coming on-stream in Newfoundland, and prospects from the Arctic as well. In attempting to devise a national – some might say, rational – Canadian approach to energy policy, including on issues relating to pipeline security, the federal government – especially a minority federal government – must tread carefully and sensitively.

A second challenge is the tension between reality and public perception. Many in the pipeline industry regard security risks as low, believing instead that pipeline disruptions are mainly caused by accidents (rather than by deliberate acts). It is also true that built-in redundancy means that damage to a pipeline does not result in major or enduring interruptions to supply, and that most damaged pipelines can be up and running within a few days.

The problem for industry and government is that public perception can easily give way to lurid imagination. Recent acts of pipeline sabotage in northeast British Columbia, and recent actions in the oil sands by environmental activists – even if sporadic and probably manageable – feed a view that the pipelines may be at risk, thereby requiring costly and burdensome regulation. Finding a rational balance is a constant work in progress.

The answer is not more regulation of the industry. In both countries, and in almost every economic sector, there are already many examples of inefficient and overlapping regulation. Often, government seems more concerned with process or optics than with the result. The fact that more than CDN $3 billion has been spent on regulatory compliance for the Mackenzie pipeline, and that not a single inch of pipe has yet been laid, underscores this point.

A third – and perhaps the most important – challenge is whether governments on both sides of the border are properly and coherently organized to deal with threats to pipeline security, or more generally with threats to the strategic infrastructure shared by Canada and the US. In both countries, 9/11 triggered a far-reaching reorganization of government departments and agencies charged with security, not the least of which was the creation of the Department of Homeland Security in the US and, in Canada, the Department of Public Safety (now Public Safety Canada). Both governments understood that protection of critical energy infrastructure would be a key component of the new security environment.

The Smart Border Declaration signed by the Canadian and American governments in late 2001 aimed to find a workable balance between security and the free flows of trade and people. Included in its 32-point Action Plan was an undertaking to “conduct bi-national assessments on trans-border infrastructure and identify additional protection measures…” that might be necessary. One assumes, therefore, that, today, Canada and the US are more interconnected in monitoring and protecting cross-border infrastructure. It is encouraging to know that strategic infrastructure is one of the eight priorities of the Canadian Security Intelligence Service. The state of bilateral readiness should reflect a shared priority.

Risk management is critical. It is also somewhat subjective by its very nature. Security and terrorism are but one part of an overall risk management system. Threats, probabilities and consequences must be understood and evaluated. Poorly conceived and poorly implemented risk management is not only costly, but actually increases risk.

There are increasing threats these days from cyberspace. The shared Canada-US power grid is probably a primary target – moreso than pipelines – but computer systems generally are now more vulnerable. Former US Congressman Lee Hamilton – co-chair of the National Security Preparedness Group in the US – has been quoted saying that “someday, somewhere, sometime we’re going to have a massive cyber attack.” This is a sobering comment from an astute individual. The best answer is a more robust defence for computer systems, as well as enhanced information sharing between countries and among targeted industries. Canada and the US should be in the vanguard of states planning appropriate defences against cyber attacks from within and without.

In a 2006 study for the Canadian Centre of Intelligence and Security Studies at Carleton University, John Hay observed that, despite the reorganization, “[m]ore than four years after … 9/11, it is still not altogether clear who in the (Canadian) federal government does what” in terms of responsibility for the protection of infrastructure. The International Pipeline Security Forum, now in its fifth year, provides a valuable opportunity to discuss critical infrastructure issues and best practices. That certainly helps. But, to a layman, it seems that the allocation of roles and responsibilities for energy infrastructure protection remains fairly opaque.

The annual Pipeline Security Forum provides a meeting place – a kind of binational town hall – to discuss a vast and complex bilateral relationship that touches – certainly for Canada – almost every aspect of public policy. These types of arrangements – informal, practical and unburdened by a formal structure – are the rule rather than the exception. They are flexible and capable of rapid response to changing situations. Most of them fly below the political radar screen in both countries; that is, they exist for the simple reason that officials in Canadian and American government departments and agencies need to work intimately together to fulfill their responsibilities. Regular dialogue of this kind is necessary, but is it sufficient?

Informal arrangements also have weaknesses. Often, they are based on personal relationships between responsible officials. Whom one calls depends on whom one knows. But when officials move on, there is not always adequate institutional memory to guide successors. In the absence of structure, therefore, there is a distinct risk that individual issues will be hermetically sealed in self-standing silos. The larger picture can get lost – a classic example of trees obscuring the forest.

In many areas, government agencies and departments have a firm grasp of the actions needed in the face of a serious problem. However, what is sometimes lacking – other than on defence – is a plan of action to restore the situation to normal once the problem has passed. The vital importance of assuring cross-border pipeline security, and energy security more broadly, against emerging threats suggests that there may be a need to bring more bilateral structure and organization to the task.

There is, of course, a formal dialogue between Canada and the US on ‘clean energy’ – a dialogue initiated during President Obama’s visit to Ottawa in February of this year. Energy security, as well as climate change, should be a major driver for this dialogue. There again, what is needed is not only a coherent or parallel action plan, but also a healthy balance between what is needed to preserve the environment while, at the same time, ensuring a solid platform for economic recovery.

The Clean Energy Dialogue sends a message that, when it comes to concerns about energy security, Canada should be regarded as a vital part of the solution to the twin US objectives of reducing dependence on less reliable sources of oil, and increasing the supply of clean power.

This is also why, in contemplating measures to reduce greenhouse gas emissions, it makes sense for Canada and the US to adopt a common approach – one that respects the mutual benefits of an integrated energy market. In September of this year, Prime Minister Harper and President Obama together confirmed the importance of such a collaborative approach. They also reaffirmed their commitment toward a comprehensive and effective global agreement that would put the world on a clean energy pathway.

Climate change is essentially all about oil-based transportation and heating fuel and coal-fired electricity. Most of the total emissions (80 to 90 percent) from oil of any kind comes ultimately from the tailpipe of the automobile or the truck – not the extraction process. That is why tighter tailpipe standards are the single most effective means of reducing emissions. Canada moved on this in April of this year. The US followed shortly thereafter – a common approach to a common challenge. This is the spirit that should guide a similarly common approach to Cap and Trade – one that respects both the roles of Congress and Parliament, and that takes due account of the jurisdictions of provinces and states, but is otherwise anchored in a mutual need for reliable, secure access to energy supplies that are vital to economic recovery.

Canadian Environment Minister Jim Prentice has stressed that economic reality is the primary consideration in Canada’s strategy for climate change and the environment. Canadian and US businesses compete globally. It follows that both sides must be concerned about competitiveness and the impact of climate change measures on competitiveness. It makes no sense to proceed unilaterally without harmonizing principles, policy, regulations and standards between the two countries.

The supply and use of energy, and its distribution through an efficient and secure pipeline infrastructure, are critical to tackling the complexities of climate change. This will not be easy. Legislation has passed the House in Washington, but not the Senate. Key industry players are divided on the House Bill, and on proposals under consideration in the Senate. In the meantime, the Environmental Protection Agency has jumped into the debate – saying that, if Congress does not act on greenhouse gas emissions, it will. But the outcome will not be known for some months to come.

There must be leadership commitment from both the Canadian and US governments, and there must be a serious negotiation leading to shared targets and timetables with standards and mandates rooted in science – not myths. The result of the negotiation must also ensure a healthy balance between protecting the environment and respecting the joint Canada-US need for economic growth. Neither country can afford to tackle these issues with a spaghetti bowl of different approaches championed by different jurisdictions. Above all, there must be coherence, common sense and concrete action.

Canada and the US made progress bilaterally in the past on environmental and other issues in similar circumstances. They brought into force an accord on acid rain at a time when some in the US denied that there was an acid rain problem to deal with in the first place. The success in dealing with that mutual problem inspires a degree of confidence that the two countries can come to a similarly sensible agreement on climate change.

Prudence and common sense also suggest that there is a need to heighten vigilance and strengthen institutional, regulatory and infrastructure links that secure so much of what Canada and the US do together. No one should wait for an attack or breakdown to oblige the two countries to act smartly in their mutual interest. History offers lessons on what works and what does not. Complacency, or taking one another for granted, is not the answer.

History has also shown time after time that the US economy has an exceptional degree of resilience – an ability to recover and rebound. This ‘can-do’ spirit is alive and well. In Canada, as the far smaller partner, there is an inclination to worry. Whenever the US passes through tough economic times, there are murmurs in Canada that it has hitched its wagon to a falling star. The unprecedented economic boom from the mid-1990s to the middle of last year quieted the doomsters for a while, but they are now back. Although economic recovery this time will be painful and slower, with many challenges still ahead, there is good reason to believe that the innovation, ingenuity, dynamism and resilience of the world’s largest economy will prevail. Energy, along with exciting new technologies and the pipelines and power grids shared by the two countries, will be major catalysts for future growth – provided they remain reliable and secure.

Derek H. Burney is Senior Strategic Advisor of Ogilvy Renault LLP and Senior Research Fellow of the Canadian Defence and Foreign Affairs Institute (CDFAI). This article is adapted from recent remarks made by Burney to the International Pipeline Security Forum in Ottawa, Canada.

As it stands, where international consultation on an imminent cyber emergency is addressed at all in the draft bills, the language is qualified.

For example, the proposed Bulk Power Protection Act in the House of Representatives recommends consultation with Canada and Mexico “to the extent feasible, taking into account the nature of the threat and urgency of need for action . . . subject to adequate protections against inappropriate disclosure of security-sensitive information.”

Said Bradley: “There has to be very clear and explicit language that makes it critical that there is consultation and co-operation with whoever (in the U. S.) is going to be making orders that will impact the grid.”

he complexity of balancing the system, especially if somebody alters something in one portion of the system without co-ordinating with another portion, can mean the power goes out “even if what they’re proposing is the right thing to do,” he said. “The right thing to do still has to be done in a co-ordinated fashion.”

Public Safety Minister Peter Van Loan dismissed the association’s concern in an interview Friday. “Frankly, if somebody launches an attack and you haven’t made yourself technically resilient, it really doesn’t matter whether or not the (the U.S.) is consulting with Canadians or not,” he said.

“The system is either going to survive or go down in a hurry. What matters more is what is done in advance to prevent that from ever happening,” he said.

Successive federal governments in Canada have promised a national cybersecurity strategy since 2004. Van Loan said “fairly advanced work” is underway but would not say when the strategy might be unveiled, only that it will be an “evolving” plan that adapts to the changing threat environment.

He also suggested the onus is on the private owner-operators who control most of Canada’s network to do more. “It’s often difficult to persuade the decision-makers to make the investments necessary . . . (but) there is a potential real cost in not investing in appropriate security measures.”

In the event of an imminent cyber threat, no single U.S. government entity currently has sufficient authority to issue emergency orders to the private- sector bulk power industry. Two of the congressional bills, one in the House of Representatives and the other in the Senate, propose assigning much of that power to the Federal Electricity Regulatory Commission (FERC), as well as giving it authority to order the power industry to upgrade operational security standards.

The Canadian power-utilities association and the broader North American Electric Reliability Corporation (NERC) support FERC becoming the lead authority during an emergency. But they oppose granting FERC the power to impose new and presumably tougher security standards. That job, they say, is best left to the industry.

What’s more, “there (are) some fundamental questions here about jurisdictional sovereignty,” said Bradley. “In effect we would be taking orders from FERC, FERC would be determining operating standards in Canada. That doesn’t work from a sovereignty standpoint.”

Martin Rudner, one of Canada’s leading critical-infrastructure experts, believes a bilateral agreement is needed.

“I don’t think the United States would act malevolently,” said the distinguished research professor emeritus at Carleton University and founding director of the Canadian Centre of Intelligence and Security Studies. “But in an emergency, emergency rules apply. Let’s have a bilateral agreement, so that if this happens we may have to ration electricity but we’ll ration it rationally.”

Bradley and other association officials are to brief congressional staff on their concerns in Washington in December.

“We are not passing judgment on any piece of legislation,” he said. “The American legislature will pass whatever legislation they want to pass, we can only provide our perspectives.”

U.S. efforts to harden its cyber defences took on new urgency in May when President Barack Obama declared the country’s digital infrastructure – the computer systems controlling the nation’s critical infrastructure, from oil, gas and power to banking, transport, water and sewage systems – a strategic national asset.

That followed reports in April that cyberspies penetrated the U.S. electrical grid and embedded software programs that could be used to disrupt the system. The intruders, which government sources suspect to be Russians or Chinese, didn’t appear to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

Van Loan said there are no known similar “embedded” threats to the Canadian portion of the international power network, whose high-voltage transmission lines span 340,000 kilometres and serve 334 million people.

American concerns were heightened again Nov. 8, when the former U.S. director of national intelligence, retired admiral Mike McConnell, told 60 Minutes he believes the power grid is the most vulnerable target of a sophisticated cyber attack.

“If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer (and) I would probably attack electrical power on the U.S. east coast, maybe the west coast, and attempt to cause a cascading effect,” he said.

“All of those things are in the art of the possible from a sophisticated attacker . . . the United States is not prepared for such an attack.”

Derek Burney, a former Canadian ambassador to Washington, also believes the Canada-U.S. power grid is probably a primary cyber target, more so than oil and gas pipelines. Writing last week in the online edition of Global Brief, Canada’s new international-affairs journal, he urged a more robust defence for computer systems, “as well as enhanced information sharing between countries and among targeted industries. Canada and the U.S. should be in the vanguard of states planning appropriate defences against cyber attacks from within and without.”

Ottawa Citizen
© Copyright (c) Canwest News Service

The trail in both cases led to computers in China, said several sources inside and outside government with knowledge of the incidents. In the McCain case, Chinese officials later approached staff members about information that had appeared only in restricted e-mails, according to a person close to the campaign.

American presidential campaigns are not the only targets. China is significantly boosting its capabilities in cyberspace as a way to gather intelligence and, in the event of war, hit the U.S. government in a weak spot, U.S. officials and experts say. Outgunned and outspent in terms of traditional military hardware, China apparently hopes that by concentrating on holes in the U.S. security architecture — its communications and spy satellites and its vast computer networks — it will collect intelligence that could help it counter the imbalance.

President Obama, who is scheduled to visit China next week, has vowed to improve ties with the Asian giant, especially its military. But according to current and former U.S. officials, China’s aggressive hacking has sowed doubts about its intentions.

“This is the way they plan to thwart U.S. supremacy in any potential conflict we get into with them,” said Robert K. Knake, a Council on Foreign Relations fellow. “They believe they can deter us through cyber warfare.”

Chinese officials deny that and dismiss American concern as a Cold War relic.

“Allegations that China is behind, or ‘likely behind,’ cyberattacks or cyber espionage against the United States are more frequent and more sensational,” said Wang Baodong, the spokesman at the Chinese Embassy in Washington. “Such accusations are unwarranted, irresponsible and misleading and are intentionally fabricated to fan up China threat sensations.”

With 360 million people online in China, Wang added, “China is more than ever integrated with and reliant on the Internet. As the U.S. serves as the hub of the international information highway, attacking the U.S. in cyberspace equals attacking one’s own cyberspace assets. . . . What’s the logic?”

Nonetheless, U.S. officials and experts of all political persuasions in the Pentagon, on Capitol Hill, in private industry and in think tanks are convinced that China is behind many of the most egregious attacks. A senior Air Force official estimated that, as of two years ago, China has stolen at least 10 to 20 terabytes of data from U.S. government networks — the larger figure equal, by some estimates, to one-fifth of the Library of Congress’s digital holdings.

Nuclear weapons labs, defense contractors, the State Department and other sensitive federal government agencies have fallen prey. What experts do not know is exactly what has been stolen or how badly U.S. systems have been exposed. “Given the intrusions into defense industry networks, multibillion-dollar weapons systems . . . may have already been compromised,” said James Mulvenon, a China expert with Defense Group Inc.

Experts point to the late 1990s as the start of this undeclared war. Since then, cyber intrusions have run the gamut, including stealing files on political dissidents from the offices of Rep. Frank R. Wolf (R-Va.) in 2006, disrupting the e-mail network of the defense secretary’s office in 2007 and staging a spyware attack on electronic devices used by then-Commerce Secretary Carlos M. Gutierrez and his delegation on a December 2007 trip to Beijing.

Wolf said that the offices of 17 House members have been targeted. “Not a week doesn’t go by when there’s not a Chinese attack on our government,” he said.

One day last spring, Capitol Hill security officials removed two computers from a congressional office that deals with foreign affairs. “There’s a bug in your computer,” one agent told an astonished staffer. “From China.”

Director of National Intelligence Dennis C. Blair said in February that Russia and China were able to “to target and disrupt elements of the U.S. information infrastructure” and that China was “very aggressive” in cyberspace.

Another problem is China’s ability to leave behind malicious sleeper code that can one day be activated to alter or destroy information. In April, then-National Counterintelligence Executive Joel F. Brenner reported that the Chinese had penetrated “certain of our electricity grids” with malicious code and that “our networks are being mapped”

One challenge in countering the threat, experts say, is that the Chinese often contract out such work to experts in industry and academia and possibly even to freelance hackers, allowing officials to argue that while an attack might have originated from an Internet service provider in China, no one could prove it came from the government.

The Chinese People’s Liberation Army has publicly embraced such outsourcing. In 2002, the PLA created information warfare units, comprising operators and analysts from the commercial sector and academia, according to a new report by defense contractor Northrop Grumman for the U.S.-China Economic and Security Review Commission, a congressionally chartered body.

A year later, China’s Academy of Military Sciences published an account of a trial project in the Guangzhou Military Region to establish information-warfare militia units using local telecommunications companies as a source of talent, funding and technology. Subsequently, the academy directed the PLA to make creation of such units a priority.

“Information warfare is not just a theology,” said Ming Zhou, a China specialist with VeriSign iDefense, a security intelligence firm. “They can integrate it into nation-state interests.”

Some U.S. cyber policy experts such as James A. Lewis, a senior fellow with the Center for Strategic and International Studies, acknowledge that the problem cannot be solved without international engagement. At the same time, Lewis said, “I’m not going to get upset about China spying on us, because we spy on them.”

“The only thing I’m going to get upset about,” he said, “is if we don’t do better than them.”

By blurring the borders between cyber crime, cyber terrorism, and private or state-sponsored cyber war as a new form of “asymmetric warfare” in the 21st century, the threat of a “digital Pearl Harbor” has become real. Even hostile governments can hide behind “unholy alliances” with crime syndicates, terrorists or nationalist movements and individuals without risking detection and identification. Massive denial-of-service attacks by viruses, worms and other forms of malware on servers of government ministries, newspapers, banks, and other corporations as well as on private web sites and on a country’s cell phones have already occurred. Examples of such attacks have been recorded in Estonia in May 2007, Lithuania in June-July 2008, Georgia in August 2008 and in South Korea last July in an attack of 12,000 computers in that country and 8,000 in other countries.

With regard to critical energy infrastructure, the EU has recognized two major challenges that it needs to confront:

• The spread of information and communication technologies (ICT) highlights numerous new security implications for our dependencies on them in all areas of our daily life. Market liberalization and privatization of state-owned infrastructure operators, as well as new regulations, have made private industry and government agencies increasingly dependent on external providers of goods and services, including commercial off-the-shelf (COTS)-products. At the same time, almost every single service depends directly or indirectly on the secure supply of electricity. The physical, virtual or logic networks have grown in size and complexity. As the result of those growing interdependencies between various critical infrastructures (see Figure 1), those dependencies and impacts of supply shortages and disruptions are often not apparent until a crisis occurs and connection breaks down. Even smaller outages, failures and disruptions can have dramatic consequences in ever more complex systems (“the vulnerability paradox”), something which has not been anticipated.

Figure 1. Source: Federal Ministry of the Interior (BMI), Protecting Critical Infrastructures – Risk and Crisis Management, Berlin, January 2008

• Previously energy supply systems were decentralized with a power plant for each region and a local distribution network which connected the producer with the consumers. If the power plant failed, the whole region was without energy. When regional networks were interconnected by transmission networks, security of supply was enhanced by the possibility to exchange energy between these networks. It also saved financial resources, particularly on the side of producers. Today these regional networks have been expanded across national boundaries, connecting individual EU member states with the perspective of creating a common, liberalized energy market in the entire EU. Whereas this is true for both electricity and gas supplies, the European pipeline-based gas supply system, perceived as the “Achilles heel” of the European energy supply security, covers a much wider geographical area by long distance gas pipelines. They start in external producer states (such as Russia or in difficult environments such as in the North Sea, in the Maghreb and in the future also in the Arctic region, in the Caspian Basin, in the Persian Gulf/Middle East and in Central Africa) and transport natural gas across state borders via other transit states to the final consumer countries and their distribution grids, often distances of more than 1,000 km.

By increasing and diversifying its gas supplies from outside Europe, European gas supply security will be enhanced, but at the same time numerous vulnerabilities will increase by expanding network interconnections. This increased vulnerability is true not just in terms of gas networks (pipeline and LNG-based – see Figure 2), but also in regards to the interconnectedness of ICT to the networks of other critical infrastructure systems.

Figure 2. Source: Octavio-Project

The Natural Gas Supply Chain, the Functionalities of Gas Control Centers and its Vulnerabilities
The European gas supply system is overwhelmingly based on pipelines and supported by compressor stations and storage sites. The operational processes of the natural gas supply chain as well as its security and control are highly dependent on the ICT infrastructure. In contrast to the EU’s oil supply security (based on flexible shipping imports), a much more inflexible pipeline gas supply system creates many more dependencies, risks and vulnerabilities – particularly obvious during crisis situations as Europe experienced with the Russian-Ukrainian gas conflicts in 2006 and 2009 when gas flow was cut.

Natural gas systems involve a series of processes and components at different physical facilities. Once the gas has been explored and exploited at a gas field, in mixtures with other hydrocarbons, a pipeline gathering system directs the flow of gas to a processing plant where is it purified. From these plants it can be transported directly to the mainline transmission grid and through its often long-distance “trunk lines” (with a pressure typically up to 100-120 bars), and finally distributed by smaller pipelines to final customers (see Figures 3 and 4). Unlike the electricity system, natural gas can be stored for an indefinite period of time using storage facilities in order to meet balanced demand requirements during different seasons and to insure against unforeseen supply disruptions such as accidents, natural disasters or disruptions which are politically motivated. The main components of the complex transmission grid include pipelines, compressor stations, storage sites, metering stations and city gate stations.

Energy control centers control the operation of power plants as well as of networks. The operation of huge border crossing gas networks require a network management and a control center hierarchy to ensure security of gas supplies:
• Main Control Centers (i.e. system and network control centers) responsible for generation coordination, load dispatching, as well as monitoring and controlling the storage sites and transmission network to provide reliable communication, to keep the integrity and security of the complete network, and to guarantee the supply of the services;
• Regional Control Centers responsible for monitoring and controlling the distribution network within a specific area;
• District Control Centers responsible for monitoring and controlling the distribution network within a specific district.

Figure 3. Source: Octavio-Project

Figure 4. Source: Octavio-Project

The efficiency of control centers by applying methods of data handling and processing is closely linked with the development and application of ICT. Their task is:
• Measurement and information gathering: By sensors including satellite-based surveillance and control of pipeline systems, power plants, pump stations, storage sites and networks;
• Acquisition: Transmission of necessary information from the network to the Control Center, and transmission of commands from Command Centers to “operational” components like substations;
• Processing, display and archiving of information: Generating control information from network data.

In contrast to the former auxiliary function for the control of operations of plants and networks, the control function is transferred to a centralized complex instrument with the central function in energy supply. Without this central function, any operation within the energy and gas supply chains ranging from production to distribution and supply would be impossible. The efficiency and reliability of those Control Centers, in particular the System or Central Command and Network Control Centers, is essential and is the biggest vulnerability in case of physical or electronic attacks. This could have extensive follow-up consequences on other critical infrastructures and lead to heavy losses at the stock exchange.

Acquisition and processing tasks are elements of a SCADA (Supervisory Control and Data Acquisition) System. With SCADA, control centers are able to identify and repair interferences, to take necessary measures of repairs centrally, and to acquire data relevant for planning and further actions. Originally, each power plant had its own control center linked with others as part of a hierarchy of networks. The development of ICT enhances the capability to combine different tasks of the command structure for the hierarchy of networks into a central command center for different media such as electricity, gas, water or district heating. The latter have extended their capabilities by using Geographical Information Systems (GIS) to provide geo-referencing information of facilities, networks, vehicles and geographical or political details. Modern SCADA systems use standard interfaces and standard components (of computers operating under UNIX or Windows). SCADA systems have improved system interconnections and efficiencies, but they have also significantly increased system vulnerabilities to outside electronic attacks.

Figure 5: Octavio-Project

European infrastructure security by and large follows the guidelines applied to US facilities. However, the extent of newly implemented technologies, modernization, the limitations imposed by national postures, the divergent risks inherent in divergent suppliers, systems and transit zones, the uneven exposure to potential violence (be it by terrorists or in war-like situations), the competitiveness governing European energy markets, and the limitations on flexibility of adoptions to changing challenges inherent in gas pipeline systems all pose additional challenges to energy industries as well as to national, EU and international governmental authorities – be they producers, transit providers or suppliers.

Given the growing extension and complexity of energy systems (i.e. of gas supply systems), the requirements for the effectiveness and the security of control centers get more demanding, and trade-offs between effective and secure solutions become more challenging. The requirements for effective and secure control centers are made even more critical by the increasing number of interconnectors between gas systems, the cost of ever larger numbers of sites and growing size of systems, the vast areas they cover, and the inherent risks resulting from how administrative units and control centers are often connected, typically needing control engineers, ICS operators and IT security professionals to cooperate closely.

A broad and systematic analysis of control center vulnerabilities is thus an important step. But the conditions for moving from highly decentralized to increasingly centralized energy systems differ from the US and the EU with regard to regional and state energy demands and decision-systems.

Security Conditions in Perspective for Asset Criticality in Gas Supply Systems: The Octavio Project
The criticality of assets, in particular of control centers, for the functioning of gas supply systems depends on both the degree to which technical security requirements are met and on the conditions under which they are expected to function. Technical security requirements are indispensable, but their criticality depends also on a variety of additional conditions such as (1) assumed general security conditions of gas pipeline systems; (2) the size, length and expected growth of pipeline systems; (3) design parameters; (4) the given security status; (5) geographical conditions; (6) conditions of social-political stability; (7) economic conditions;(8) strategic conditions; and (9) costs and investment choices.

Depending on the type of attack, all elements of a pipeline system can be targeted. Attacks on control centers (in addition to compressor stations) are, however, among the most attractive targets for sabotage, terrorists, multiple attacks, etc. The Octavio Project has therefore concentrated especially on attack options against and protection of control centers. Yet the functioning of SCADA systems is itself a condition that deserves special analysis.

In general, the size, length and expected growth of European and global natural gas networks will impact on both the need for control assets and the security requirements of control centers and other critical components:
• Except for LNG transport, there does not exist a global gas supply system. But enabled through IT developments and driven by increasing demand and supply, as well as increasing competitiveness within the gas market, gas supply systems are growing steadily in terms of identified resources, length of transport lines, transit zones, diversity of geophysical conditions, and distribution of critical assets – with ever wider regional differences.
• Increasingly demanding security requirements for gas pipelines systems are necessitated by the growing size of gas supply systems, the length of pipes, the diversity of regional conditions, the increasing exposure to both accidental and intentional hazards, the vast amount of critical information from far away locations, the vulnerability of systems for controlling the flow of gas, the security of the system requirements, the need to integrate warning signals from a given system with higher-level crisis information, and the fact that awareness is the single most important aspect of preparedness.
• The increasing size, length and complexity of pipeline systems are of the most critical factors in this vulnerability assessment. However, there is no direct link between the overall size (i.e. kilometers) of gas pipeline systems in the world and an increase in security requirements. Between 2002 and 2005 the totals in kilometers globally increased by more than 30%. Rather than just concentrate on the overall global trend, it is particularly important to recognize the regional trends in major gas markets like the EU, the US, the Persian Gulf, as well as in South Asia.

Asset security in pipeline systems is an important requirement, in many cases much more so than protection of the pipes themselves. It is a prerequisite for effective mitigation against accidents and incidents caused by criminals. Regarding localized hostile attacks, other means become very important, like the speed of response and the means to cope with aggressors. While protection against strategic terrorism requires a broader spectrum of protective means and measures, effective control centers and other critical assets remain an indispensable means of crisis management. In major contingency-scenarios the continued functioning of gas pipeline supplies will depend on a wide variety of circumstances. Agreed definitions regarding the criticality of pipeline assets still need to be refined. Those definitions need to reflect security requirements for assets in pipeline systems in relation to conditions that apply to a given situation. The Octavio Project has laid some useful foundations on which to base more comprehensive sets of security requirements for control centers, gas pipelines and their critical pipeline assets.

Summary and Perspectives
In addition to the new threats coming from terrorist attacks, private or state-sponsored hackers and (transnational) criminal organizations, the vulnerability of the different sector infrastructures has also increased because they are now much more linked with each other – due to the rapid spread of information technologies. ICT infrastructures in the energy, transport, banking and financing sectors have become the nervous system of our modern information society. Disruptions of ICT can cascade to other locations, branches or sectors, with impacts that extend far beyond the original area of damage, as well as across the state-border of an EU-member state, given that critical information infrastructure (CII) is global as well as tightly interconnected and interdependent with other infrastructures. Their security and resilience cannot be ensured and enhanced by purely national and uncoordinated strategies. Furthermore, market forces do not provide sufficient incentives to private operators for investing to protect CII systems at the level that governments would normally demand. In this light, the fundamental and still underestimated problem is that the low level of protection in some member states can increase vulnerabilities in others. Also, the insufficient systematic interstate cooperation in Europe substantially reduces the effectiveness of preventative and timely countermeasures.

The pipeline-based EU gas supply chain and networks need to recognize the dependencies and interconnectedness of critical European infrastructures between the EU as the consumer and non-member states such as Russia, Ukraine, and others as the producer and transit states.

Whereas there is limited availability of financial and human resources for operators to protect their infrastructure systems, it is essential for both the energy industry and for governments to use all available resources efficiently and effectively by assessing risks and setting priorities to achieve adequate risk management. While it is impossible to protect a utility 100% from a physical or a cyber attack on its facilities and infrastructure, these threats need be minimized as much as possible without compromising their productivity and day-to-day operations. A professional security and risk assessment requires a systemic perspective to address physical and cyber security, supervisory control and data acquisition (SCADA) and distributed control systems (DCS), communications security, grid security, distribution security, generation security, and biological/chemical issues. Integrated security concepts such as the TAAS Industrial Corporate Security Awareness Program (ICSAP) are a positive step forward in this regard. With well protected infrastructure programs and well trained-and equipped security forces (e.g. in Saudi Arabia), the oil and gas industry and their governments can foil or mitigate terror attacks on critical oil, gas and other energy infrastructure.

In order to overcome the historical legacies of insufficient physical infrastructure and traditional policies, the EU agreed in March 2009 to create numerous new interconnectors for both trans-border electricity and gas delivery. This new infrastructure, of which control centers for gas and electricity are an important part, will improve individual nations’ energy supplies and promote a common crisis management system.
Any future risk assessment needs to include the wider political-strategic policies and intentions of the EU and its member states for analyzing the concrete risks, along with future vulnerabilities of existing and to-be-built critical energy infrastructure. In this context, the March 2007, November 2008 and March 2009 decisions of the EU’s energy policies and newly built energy infrastructure are of utmost importance. Any analysis of a comprehensive risk assessment of these gas and electricity control centers would be of benefit by including these dimensions and new policies in a strategic perspective for the EU’s future energy infrastructure security. If the EU’s agreed energy policies and projects are implemented, they will greatly enhance common energy security inside the EU and bolster a common crisis management system, a common energy market, and a common foreign energy policy.

In this regard, the future safety and security of gas control centers and any discussions of critical gas infrastructure need to take into account:
• The new transnational dimensions of interconnecting gas supplies and national gas markets within the EU’s internal market.
• The implications of terrorist and cyber attacks on these new or modernized control centers with their high strategic value, which, if disrupted, could have wide-ranging, cascading effects on transnational gas supplies.
• The overall dependence of European gas control centers on external gas infrastructures outside the EU (i.e. Russian or other foreign gas pipelines, gas control centers, etc.) – particularly in light of the EU’s further growing dependence on gas and other energy imports from outside Europe – including much more unstable regions.

Thus, safety and security issues of gas control centers and other gas and energy infrastructure should become an integral part of the EU’s energy foreign policy with other producer and transit states.

Frank Umbach and Uwe Nerlich are Senior Associates for International Energy Security, Centre for European Security Strategies (CESS), Munich-Berlin.

The protection of cyberspace, the information medium, has become a vital national interest because of its importance both to the economy and to military power. An attacker may tamper with networks to steal information for the money or to disrupt operations. Future wars are likely to be carried out, in part or perhaps entirely, in cyberspace. It might therefore seem obvious that maneuvering in cyberspace is like maneuvering in other media, but nothing would be more misleading. Cyberspace has its own laws; for instance, it is easy to hide identities and difficult to predict or even understand battle damage, and attacks deplete themselves quickly. Cyberwar is nothing so much as the manipulation of ambiguity. The author explores these in detail and uses the results to address such issues as the pros and cons of counterattack, the value of deterrence and vigilance, and other actions the United States and the U.S. Air Force can take to protect itself in the face of deliberate cyberattack.

“Taking down the grid for months comes as close to a nuclear attack with many weapons on the United States as anything could,” says R. James Woolsey, former director of the CIA. “You’d have mass starvation and death from thirst and all the rest.”

So why is the U.S. at risk? Because so much of our infrastructure — including the electrical grid, water and sewage treatment, as well as our transportation system — is computerized.

This week, reports surfaced online about a phishing scheme by hackers that resulted in the posting of thousands of user names and passwords for Web-based e-mail accounts, including Windows Live Hotmail, Gmail and Yahoo Mail accounts. The disclosure underscored how individuals — not just governments — can be affected by hacking. Google and Microsoft said the incident did not involve a security breach of their systems.

Cybersecurity A National Priority

Though he has called for a cybersecurity initiative, President Obama has yet to name a national cybersecurity coordinator. In a May speech, he said: “From now on, our digital infrastructure — the networks and computers we depend on every day — will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority.”

James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, says the U.S. is “really far behind.” The first major hacking incident by a foreign power against the Department of Defense and other networks aimed at stealing high-tech secrets occurred in 1984, he says. “So, it’s been 25 years and we’re still waking up.”

Lewis says the No. 1 problem revolves around espionage. The U.S. stands out as the biggest target and as a result, it’s the victim of more cyber attacks than any other nation, he says.

There have been hundreds of “clandestine incursions” into computer systems where hackers, criminals or spies have disabled Web sites — including those of government agencies — and succeeded in stealing defense and intelligence data, according to the guide to the exhibit.

Money Watch

The museum’s historian, Thomas Boghardt, says one of the most recent attacks, with the codename “Independence” occurred July 4. Suspected North Korean attacks targeted numerous Web sites, including those of the Department of Defense, National Security Agency and the Nasdaq Stock Market.

“The cyber threat is the soft underbelly of the United States today in terms of strategic vulnerability,” says former Director of National Intelligence Mike McConnell.

McConnell says he’s concerned about terrorist groups with the capability to attack the U.S. money supply: “Because if someone is capable of destroying data — not stealing data, not hacking to deface the Web site, but successful in contaminating the accounting system, the reconciliation system — it could have impact of global proportions.”

Lights Out

At the spy museum exhibit, the ceiling is designed to look like an electrical grid. Every few minutes the entire room goes dark. Then some words pop up on a flat-screen TV: “No Power. No Communication. No Transportation.” The list goes on.

It’s easy to see that there are serious consequences of not having adequate protections in place. But the government faces a balancing act between safeguarding privacy and implementing cybersecurity protections.

“We have not found a way to square cyber security and civil liberties yet,” says Lewis of the CSIS. “So, there are technologies that could make us safer, but we can’t use them.”

Philip Reitinger, a deputy undersecretary at the Department of Homeland Security, says cybersecurity is a “shared responsibility” among governments, the private sector, the intelligence community and end-users. He says the government must move beyond its “whack-a-mole” approach — putting out one fire and then another and another — in favor of a strategy that “protects privacy by design.”

BY GREG GRANT | AUGUST 25, 2009

Earlier this year, a sullen, 28-year-old contractor in California was charged in federal court with sabotaging the computerized controls on oil-rig sitting off the coast, allegedly out of spite for not being hired full time. Prosecutors say the contractor hacked into a shore-to-rig communications network that, among other functions, detected oil leaks. He caused thousands of dollars worth of damage, they charge, though, fortunately, no leaks.

A research team from the SINTEF Group, an independent Norwegian think tank, recently warned oil companies worldwide that offshore oil rigs are making themselves particularly vulnerable to hacking as they shift to unmanned robot platforms where vital operations — everything from data transmission to drilling to sophisticated navigation systems that maintain the platform’s position over the wellhead — are controlled via wireless links to onshore facilities.

The usual threat of a takeover of the massive oil platforms is in the form of seaborne raiders; Britain’s Royal Marines commandos still regularly train for hostage rescue on rigs that dot the North Sea. But now, according to SINTEF scientist Martin Gilje Jaatun, with the advent of robot-controlled platforms, a cyberattacker with a PC anywhere in the world can attempt to seize control of a rig, or a cluster of rigs, by hacking into the “integrated operations” that link onshore computer networks to offshore ones. “The worst-case scenario, of course, is that a hacker will break in and take over control of the whole platform,” Jaatun said. That hasn’t happened yet, but computer viruses have caused personnel injuries and production losses on North Sea platforms, he noted.

Today, most new oil-field discovery, such as off the coasts of Brazil and Nigeria, occurs in deep ocean waters. Work on the massive metal platforms towering hundreds of feet above the ocean is notoriously dangerous for the “roughnecks,” and specialized labor costs, not to mention feeding, providing care, and keeping fleets of helicopters and boats on standby to evacuate rig crews in the event of fire or hurricanes, is hugely expensive for oil companies; hence, the move to robot-operated platforms.

Although the newest oil rigs, which cost upward of $1 billion apiece, might be loaded with cutting-edge robotics technology, the software that controls a rig’s basic functions is anything but. Most rely on the decades-old supervisory control and data acquisition (SCADA) software, written in an era when the “open source” tag was more important than security, said Jeff Vail, a former counterterrorism and intelligence analyst with the U.S. Interior Department. “It’s underappreciated how vulnerable some of these systems are,” he said. “It is possible, if you really understood them, to cause catastrophic damage by causing safety systems to fail.”

The list of potential cyberattackers includes ecowarriors aiming to jack up an oil firms’ production costs, extortionists drawn to oil firms’ deep pockets, and foreign governments engaging in a strategic contest for ever more scarce global oil reserves, Vail said. Insurgents, such as Nigeria’s Movement for the Emancipation of the Niger Delta, which is waging a war against oil firms operating in that country’s waters, could hire mercenary cyberwarriors to mount full-scale assaults on rigs in the delta. Despite obvious network vulnerabilities, oil firms have not made security a priority, said SINTEF’s Jaatun, “leaving many of us feeling like ‘chicken little’ chirping on that the sky is about to fall.”