2017

Level 4 - Public

Applying SE to Securing the Energy Future

2017

Level 4 - Public

Our Energy Future is at Risk

• Our Critical Infrastructure is at high risk from High-Impact threats• EMP• Space Weather• Cyber (Industrial Controls)

• Wanted: systemic approaches for critical infrastructure protection and recovery• complex systems & modeling approaches• resilience and agility• decision & prioritization tools

2

2017

Level 4 - Public

Critical Infrastructures

1) Chemical and other industrial bases

2) Communications

3) Electrical & Energy production & distribution

4) Emergency Services

5) Financial Services

6) Food and Agriculture

7) Government Services & Facilities

8) Healthcare and Public Health

9) Information Technology

10) Nuclear Reactors, Materials, and Waste

11) Transportation

12) Water storage, treatment and distribution

13) Waste handling and disposal (water, refuse, hazardous)

14) Society at largepage 3

2017

Level 4 - Public

EMP in Brief

page 4

• High-Altitude Nuclear Blast causes significant EM pulse• E1, E2, E3

• Demonstrated by US and Russian atmospheric nuclear blast tests

• Even small weapons have a wide effect

• Included in war strategies• US, NATO, China, Russia, Iran, Israel, India, Pakistan,

North Korea

2017

Level 4 - Public

Space Weather in Brief• Caused by interaction of high-energy particles from

coronal mass ejection with the Earth’s magnetic field• Geomagnetically Induced Currents

• Results in waveforms similar to EMP E3

• Small to moderate storms are common & impactful• equipment failures

• communications and air traffic disruptions

• Large Storms could have wide-spread impact• Carrington Event

• 2012 Near-miss

page 5

2017

Level 4 - Public

Cyber Attack in Brief

• Industrial Control Systems at Risk• Possible to destroy equipment and cause death

• Multiple attack paths• Internal and external vulnerabilities

• Loss of visibility of your true system status

• Loss of control

• Active warfare• Ukraine, Turkey, Iran examples

• Recent US warning regarding the targeting of US-based utilities and industrial facilities

page 6

295 critical infrastructure incidents were reported by U.S. companies in 2015 - Security

Intelligence: ICS-CERT Reports 2015 Infrastructure Attacks

70% of the world’s power, water, and critical infrastructure providers reported a breach in the past year, which led to a loss of confidential information or a disruption in operations. -

Security Week: Unisys & Ponemon Institute 2014 Survey

2017

Level 4 - Public

Simple Infrastructure Model (Example)

7

Electric Grid

Commun-ications

Transport Industries

Banking/ Finance

MedicalWaste Water

Potable Water

Energy Resource Industries

General Population

Agriculture & Food

All Sectors

2017

Level 4 - Public

Challenges• Understanding threats

• Understanding critical infrastructure domains

• Understanding cross-domain interactions

• Gaining cooperation within and across domains

• Sensitivity of information

• Verifiability of concepts and solutions

• Rapid evolution of threats and domains

• Scale of the problem

• Capturing Information in SE products, architecture, requirements, life cycle, etc. to support decision makers

Challenge: Bring systems perspectives and solutions to this hyper-complex problem

2017

Level 4 - Public

Contributing to the Solution• International Council On Systems Engineering (INCOSE) created the Critical

Infrastructure Protection and Recovery (CIPR) working group

• Provide a forum to address CIPR issues• manmade and natural threats

• disruptions for periods of a month or more.

• systems engineering principles, practices, applications and solutions

• Exchange knowledge, systems engineering information and solutions regarding CIPR

• Develop systems engineering products (e.g. architectures, models, requirements, IV&V, etc.

2017

Level 4 - Public

CIPR Goal Areas

Community Resilience

System Protection

System Recovery

Cross-DomainResilience • Systems

• System of Systems• Complex Systems

• Secure• Agile• Resilient

2017

Level 4 - Public

Systems Thinking & Practices• Systems engineers approach problems in a somewhat unique

manner• Big Picture & integration of the whole• Lifecycle view considering all aspects of the problem (operations, evolving

threats, failure modes, logistics, etc)

• Ability to transition from operating concepts, requirements, science and technology to real world solutions• Requirements elicitation• Functional and performance requirements• Architectural alternatives development and selection• Verification and Validation methods

2017

Level 4 - Public

CIPR Products• CIPR Edition of INCOSE INSIGHT (Dec 2016)

• 16 articles on a wide range of topics

• Contributions to InfraGard Publications and Events

• EnergyTech Conferences (2015-2017)

• Lean Startup of Infrastructure Projects

• Microgrid Modeling Project

• Community Resilience Models

2017

Level 4 - Public 13

Microgrid Modeling Project

Model extracts generated by Sandy Friedenthal

Interconnections

System Context

Functional Behaviors

2017

Level 4 - Public

Community System

14

IMPORT

EXPORT

Distribution & Production

Consumption• Energy (electric, fuel, gas)• Water• Food• People (skilled, general)• Supplies (medical,

chemical, etc.)• Finances

• Energy (electric, fuel, gas)• Water• Food• People (skilled, general)• Supplies (medical,

chemical, etc.)• Finances

• Production Capacities• Storage• Consumption Rates

What factors are critical to community resilience?

2017

Level 4 - Public

Agile Principles for Recovery

• Independent Encapsulated Modules• Internal cohesion, loosely coupled

• Facilitated Interfacing• Standards, protocols

• Peer to Peer interactions

• Distributed Control and Information• Decisions at the point of maximum

knowledge

• Deferred Commitment• Resource commitments just in time

• Self-Organization• Self-determined, self-regulating

page 15Your Future at Risk – Are you Prepared? (deLamare, Walker, Juhasz, July 2016)

2017

Level 4 - Public

Call to Interested Parties

• Bring Systems Thinking and Practices to the Problem Space

• Modeling of threats, infrastructure and alternatives

• Development of Recovery Concepts and Planning Aids

• Application of Resilience and Agility

• Application of Security Approaches

• Application of System of Systems Approaches

• Application of Complex System Approaches

2017

Level 4 - Public

External Outreach• InfraGard EMP SIG

• NASA

• IEEE

• US Dept of Homeland Security

• US Dept of Energy

• Ohio Dept of Homeland Security

• US FBI

• Foundation for Resilient Societies

• Energy Infrastructure Security Council

• International Society for Automation

• White House Office of Science and Technology Policy

• Science and Technology Policy Institute

• Project Management Institute

• Center For Understanding Change

• Ohio Cuyahoga County Emergency Management

• City of Cleveland Dept of Energy and Policy

• Various Universities

2017

Level 4 - Public

CIPR Contacts

• Mike de Lamare• madelama@bechtel.com

• Mark Walker• lmw107@bct-llc.com

• John Juhasz• Telepath.juhasz@yahoo.com