Maintaining Mission Critical Systems in a 24/7 Environment. Peter M. Curtis
enough to address these vulnerabilities. Steps need to be taken to improve information security and mitigate the threat of cyber‐attacks.
The government is a major target for cyber‐attacks. From 2005 to 2007 alone, the Homeland Security Department, responsible for protecting civilian computer systems, suffered 850 cyber‐attacks, and they are increasingly becoming more frequent, targeted, and sophisticated. Furthermore, from 2005 to 2019, over 10,400 data breaches have occurred in the US. A distinction should be made between the actions of discontented teenagers and those of foreign or domestic operatives with the backing of a large organization or nation, who pose a far greater threat. Whereas the former group may launch an isolated attack, it is the latter group and their resources who are more likely to damage large computer networks and remotely interrupt power production or delivery.
Military networks need to be safeguarded as well. Research shows that cyber threats are forming and are searching for ways to disrupt operations remotely. “Denial of Service” attacks are a major threat accomplished by bombarding a computer system with automated message traffic, causing bandwidth overload, where the effects could approach the magnitude of a weapon of mass destruction.
Analyses of the vulnerabilities of other critical infrastructure sectors have reached similar conclusions: The loss of electric power quickly brings down communications and financial networks, cripples the movement of oil, gas, water, and traffic, and paralyzes emergency response services. Conversely, a disruption in the transportation of coal, oil, and gas can also bring down central power plants along with the power grid.
The stark reality is that a sustained interruption of any energy delivery system cripples our country. The national electric grid is inherently vulnerable since a small number of large central power plants are linked to millions of customers by hundreds of thousands of miles of exposed transmission and distribution lines. Nearly all high‐voltage electric lines run above ground throughout the country with only a handful of high‐voltage lines serving major metropolitan areas. The national electric grid is a vast, sprawling, multi‐tiered structure that reaches everywhere, and is used by everyone. The North American electric grid, along with the Internet, is the largest networks on the planet. When one key transmission line fails, the load is spread to other lines, which may become overloaded and also fail, causing a domino effect and cascading outages.
Most accidental grid interruptions last less than two seconds, and many “power quality” issues involve problems that persist for only a few cycles or milliseconds. In most areas of the country, electric outages less than a couple of hours occur only a few times per year, with longer outages even less common.
Unless deliberate, there is a low risk that several high‐voltage lines feeding a metropolitan area from several different points could fail simultaneously, and when one high voltage transmission line does fail, resources are dispatched quickly to isolate the problem and make appropriate repairs and any necessary improvements. Deliberate assaults, by contrast, are much more likely to disable multiple nodes on the network simultaneously. A 2002 National Academy of Sciences report drove this reality home, observing: “A coordinated attack on a selected set of key points in the [electrical] system could result in a long‐term, multi‐state blackout. While power might be restored in parts of the region within a matter of days or weeks, acute shortages could mandate rolling blackouts for as long as several years.” Operations that can afford to simply shut down and wait out short blackouts may not be able to take that approach in response to the mounting threats of longer outages. Future plans for implementing a “smart grid” will reduce the effects of a deliberate attack on the system.
Over 90% of the top tier of the grid is typically fueled by coal, uranium, water, or gas, and the remainder by oil and non‐hydro renewable such as solar photovoltaic, geothermal, biomass, and wind. The relative amount of each fuel used for electricity generation is shown in Figure 2.2. The 1% “other” category is composed of fuels such as propane, batteries, tire‐derived fuels, and hydrogen. Technologies such as batteries and pumped storage can be used to store power produced off peak and release it at peak demand. Each lower tier is typically “fueled” initially by the electric power delivered from the tier above. Power plants in the top tier deliver electrical power via miles of high‐voltage, long‐haul transmission lines, which feed power into substations. The substations dispatch power, in turn, through miles of local distribution lines. At the same time, a few large power plants can provide all the power required by a large city. Many communities are served by just a handful of smaller power plants or fractional shares of a few larger power plants.
Figure 2.2 Number of Breaches and records exposed from 2005 to 2019
(Source: statista.com) Source: Based on Annual number of data breaches and exposed records in the United States from 2005 to 2019, Cybercrime: number of breaches and records exposed 2005–2019. Published by J. Clement, Mar 10, 2020. 2020, Statista, Inc.
Figure 2.3 Fuel Sources for Electricity Generation in the U.S. in 2018
(Source:eia.doe.gov) Source: U.S. Energy Information Administration, Fuel Sources for Electricity Generation, 2018.
Since 2000, production from coal‐fired plants has increased slightly, but electrical production by natural gas has increased by over 50%, and wind power has increased almost tenfold. Nuclear power also saw a slight increase through higher efficiencies at existing plants – no new nuclear power plants have come online in the U.S. since 1996.
Many different power plants operate in tandem to maintain power flows over regions spanning thousands of miles. Since “deregulation” the entire U.S. bulk electric power system is monitored and controlled (dispatched) by regional entities known as Independent System Operators In principle, whole segments of the bulk electric power grid can be protected if transformers fail or lines go down so that failures can be isolated before they cascade to disrupt power supplies over much larger regions. The effectiveness of such failure isolation depends on the level of money spent improving electric grid infrastructure, which has been in decline for years as a consequence of electric industry deregulation. Where investments are made, monitoring is improved to adequately transfer power supply to loads through the distribution system, thereby bringing segments of the system back quicker after an outage. Identical strategies of isolation and redundancy are used on private premises to make the supplies of power to critical loads absolutely assured, insulating those loads from problems that may affect the grid.
Switches control the flow of power throughout the grid, from the power plant down to the ultimate load. “Interties” between high‐voltage transmission lines in the top tiers allow even the very largest plants to supplement and backup each other. When power stops flowing through the bottom tiers of the public grid, ‘on premise’ generators are designed to start up automatically.
In defining priorities and designing new transmission and distribution, the collaboration between utilities and critical power customers is becoming increasingly important. Most notably, because power is essential for maintaining critical services for first responders; 911 call centers, air traffic control, wireline and wireless carriers, emergency response crews, hospitals, and data centers, among others. Critical facilities often have their own on‐site back‐up generators, and some, such as hospitals, are required to by code, so that utility power loss at any given time can be remedied rather promptly. However, owners and/or users of these critical facilities must provide adequate maintenance for the local generators and periodically exercise them under load to assure they operate properly and reliably when called upon. In addition, the facility must either tolerate or mitigate the initial