applying se to securing the energy futureinfrastructure protection and recovery (cipr) working group...
TRANSCRIPT
2017
Level 4 - Public
Applying SE to Securing the Energy Future
2017
Level 4 - Public
Our Energy Future is at Risk
• Our Critical Infrastructure is at high risk from High-Impact threats• EMP• Space Weather• Cyber (Industrial Controls)
• Wanted: systemic approaches for critical infrastructure protection and recovery• complex systems & modeling approaches• resilience and agility• decision & prioritization tools
2
2017
Level 4 - Public
Critical Infrastructures
1) Chemical and other industrial bases
2) Communications
3) Electrical & Energy production & distribution
4) Emergency Services
5) Financial Services
6) Food and Agriculture
7) Government Services & Facilities
8) Healthcare and Public Health
9) Information Technology
10) Nuclear Reactors, Materials, and Waste
11) Transportation
12) Water storage, treatment and distribution
13) Waste handling and disposal (water, refuse, hazardous)
14) Society at largepage 3
2017
Level 4 - Public
EMP in Brief
page 4
• High-Altitude Nuclear Blast causes significant EM pulse• E1, E2, E3
• Demonstrated by US and Russian atmospheric nuclear blast tests
• Even small weapons have a wide effect
• Included in war strategies• US, NATO, China, Russia, Iran, Israel, India, Pakistan,
North Korea
2017
Level 4 - Public
Space Weather in Brief• Caused by interaction of high-energy particles from
coronal mass ejection with the Earth’s magnetic field• Geomagnetically Induced Currents
• Results in waveforms similar to EMP E3
• Small to moderate storms are common & impactful• equipment failures
• communications and air traffic disruptions
• Large Storms could have wide-spread impact• Carrington Event
• 2012 Near-miss
page 5
2017
Level 4 - Public
Cyber Attack in Brief
• Industrial Control Systems at Risk• Possible to destroy equipment and cause death
• Multiple attack paths• Internal and external vulnerabilities
• Loss of visibility of your true system status
• Loss of control
• Active warfare• Ukraine, Turkey, Iran examples
• Recent US warning regarding the targeting of US-based utilities and industrial facilities
page 6
295 critical infrastructure incidents were reported by U.S. companies in 2015 - Security
Intelligence: ICS-CERT Reports 2015 Infrastructure Attacks
70% of the world’s power, water, and critical infrastructure providers reported a breach in the past year, which led to a loss of confidential information or a disruption in operations. -
Security Week: Unisys & Ponemon Institute 2014 Survey
2017
Level 4 - Public
Simple Infrastructure Model (Example)
7
Electric Grid
Commun-ications
Transport Industries
Banking/ Finance
MedicalWaste Water
Potable Water
Energy Resource Industries
General Population
Agriculture & Food
All Sectors
2017
Level 4 - Public
Challenges• Understanding threats
• Understanding critical infrastructure domains
• Understanding cross-domain interactions
• Gaining cooperation within and across domains
• Sensitivity of information
• Verifiability of concepts and solutions
• Rapid evolution of threats and domains
• Scale of the problem
• Capturing Information in SE products, architecture, requirements, life cycle, etc. to support decision makers
Challenge: Bring systems perspectives and solutions to this hyper-complex problem
2017
Level 4 - Public
Contributing to the Solution• International Council On Systems Engineering (INCOSE) created the Critical
Infrastructure Protection and Recovery (CIPR) working group
• Provide a forum to address CIPR issues• manmade and natural threats
• disruptions for periods of a month or more.
• systems engineering principles, practices, applications and solutions
• Exchange knowledge, systems engineering information and solutions regarding CIPR
• Develop systems engineering products (e.g. architectures, models, requirements, IV&V, etc.
2017
Level 4 - Public
CIPR Goal Areas
Community Resilience
System Protection
System Recovery
Cross-DomainResilience • Systems
• System of Systems• Complex Systems
• Secure• Agile• Resilient
2017
Level 4 - Public
Systems Thinking & Practices• Systems engineers approach problems in a somewhat unique
manner• Big Picture & integration of the whole• Lifecycle view considering all aspects of the problem (operations, evolving
threats, failure modes, logistics, etc)
• Ability to transition from operating concepts, requirements, science and technology to real world solutions• Requirements elicitation• Functional and performance requirements• Architectural alternatives development and selection• Verification and Validation methods
2017
Level 4 - Public
CIPR Products• CIPR Edition of INCOSE INSIGHT (Dec 2016)
• 16 articles on a wide range of topics
• Contributions to InfraGard Publications and Events
• EnergyTech Conferences (2015-2017)
• Lean Startup of Infrastructure Projects
• Microgrid Modeling Project
• Community Resilience Models
2017
Level 4 - Public 13
Microgrid Modeling Project
Model extracts generated by Sandy Friedenthal
Interconnections
System Context
Functional Behaviors
2017
Level 4 - Public
Community System
14
IMPORT
EXPORT
Distribution & Production
Consumption• Energy (electric, fuel, gas)• Water• Food• People (skilled, general)• Supplies (medical,
chemical, etc.)• Finances
• Energy (electric, fuel, gas)• Water• Food• People (skilled, general)• Supplies (medical,
chemical, etc.)• Finances
• Production Capacities• Storage• Consumption Rates
What factors are critical to community resilience?
2017
Level 4 - Public
Agile Principles for Recovery
• Independent Encapsulated Modules• Internal cohesion, loosely coupled
• Facilitated Interfacing• Standards, protocols
• Peer to Peer interactions
• Distributed Control and Information• Decisions at the point of maximum
knowledge
• Deferred Commitment• Resource commitments just in time
• Self-Organization• Self-determined, self-regulating
page 15Your Future at Risk – Are you Prepared? (deLamare, Walker, Juhasz, July 2016)
2017
Level 4 - Public
Call to Interested Parties
• Bring Systems Thinking and Practices to the Problem Space
• Modeling of threats, infrastructure and alternatives
• Development of Recovery Concepts and Planning Aids
• Application of Resilience and Agility
• Application of Security Approaches
• Application of System of Systems Approaches
• Application of Complex System Approaches
2017
Level 4 - Public
External Outreach• InfraGard EMP SIG
• NASA
• IEEE
• US Dept of Homeland Security
• US Dept of Energy
• Ohio Dept of Homeland Security
• US FBI
• Foundation for Resilient Societies
• Energy Infrastructure Security Council
• International Society for Automation
• White House Office of Science and Technology Policy
• Science and Technology Policy Institute
• Project Management Institute
• Center For Understanding Change
• Ohio Cuyahoga County Emergency Management
• City of Cleveland Dept of Energy and Policy
• Various Universities
2017
Level 4 - Public
CIPR Contacts
• Mike de Lamare• [email protected]
• Mark Walker• [email protected]
• John Juhasz• [email protected]