Critical Infrastructure Security, Network Security

‘Unknown unknowns’ and the electric grid

“There are known knowns; there are things we know that we know. There are known unknowns; that is to say, there are things that we now know we don't know. But there are also unknown unknowns; there are things we do not know we don't know.” 

— U.S. Secretary of Defense Donald Rumsfeld, Feb. 12, 2002

Unknown unknowns… What a strange, yet descriptive phrase. Unknown unknowns were one of the drivers that led to the report, “High-Impact, Low-Frequency Event Risk to the North American Bulk Power System,” following a North American Electric Reliability Corp. (NERC) and U.S. Department of Energy November 2009 Workshop.

High-impact, low-frequency (HILF) events are those kind of abnormal and extraordinary occurrences that have the potential to cause long-term, cataclysmic damage to the bulk electric system. They include things like coordinated cyberattacks, physical assaults or a mix of the two. They might take the form of extreme solar weather resulting in geomagnetic disturbances. They could see the high-altitude detonation of nuclear weapons or even become pandemic outbreaks.

Often called “the largest machine in the world,” the North American power grid is a vast accumulation of more than 5,000 generation facilities, 160,000 miles of high voltage transmission lines and 1,000,000 miles of distribution lines, delivering electricity to more than 334 million people.

With a real-time capacity of more than 4,119 billion kilowatt hours, consumers spend more than $365 billion per year for electricity.

Over the next 30 years, electricity demand in North America is anticipated to grow by approximately 40 percent, which will require an additional 258 gigawatts of total capacity. Not bad given that the electric telegraph was only invented in 1832 (thank you, Mr. Morse) and the installation of three-phase high voltage alternating current didn't happen until almost 60 years later.

Considering the importance of electricity to our 21st century society, it is the reliable generation and delivery of electric power that is unarguably the most influential factors to a sustainable population in North America. In fact, electricity is as important to modern civilization as water was to ancient Rome with one important exception – it is practically impossible to calculate our dependency on electricity as compared to the relationship of water in ancient civilizations.

It doesn't take a great imagination to realize that the loss of electricity over a wide enough geographical area measured in months (rather than hours or minutes) could result in unprecedented human suffering, economic devastation and profound gaps in national security. 

A grand tome like the High-Impact, Low-Frequency Event Risk to the North American Bulk Power System report is oftentimes delivered and begins to gather dust almost immediately.

That is not happening in this case because NERC's Electricity Sub-Sector Coordinating Council (ESCC) immediately went to work to develop a “Critical Infrastructure Strategic Roadmap” framework that specifically addresses the kind of severe impact risks identified in the HILF report. In a collaborative public/private partnership between NERC and the electric utility industry, a Coordinated Action Plan was drafted that identifies:

  1. four severe-impact scenarios;
  2. strategic initiatives to address those scenarios and;
  3. an action plan with key deliverables and milestones for achievement.

Typically, humans find cybersecurity risks harder to grasp and fully appreciate compared to physical threats. This is why the Coordinated Action Plan is so important. 

Due to increasing system complexity and reliance on internet (and wireless) connections to digital resources, there is the concomitant emergence of common IT vulnerabilities within the electric grid.

People seem to understand these risks when associated with more conventional IT systems, but making the abstraction to the industrial control systems that manage the electric grid seems to be a bigger leap of imagination. Because cyberattack vectors within the industrial control system environment are increasing through network intrusions, malicious code, the insider threat and a complex supply chain, both the uncertainty of the risk and the subsequent consequences are profound for the security of the grid.

The Critical Infrastructure Strategic Roadmap-Coordinated Action Plan will address a coordinated cyberattack that disrupts or impairs the integrity of multiple industrial control systems within the bulk electric system. 

In an environment where urgency is oftentimes a distraction and FUD (fear, uncertainty and doubt) prevails, this plan provides some much-needed focus for the electric industry.

Mark Weatherford

Mark Weatherford is the Chief Information Security Officer at AlertEnterprise, the Chief Strategy Officer (and a Board member) at the National Cybersecurity Center, and the Founding Partner at Aspen Chartered Consulting, where he provides cybersecurity consulting and advisory services to public and private sector organizations around the world.

Mark has held a variety of executive-level cybersecurity roles including Global Information Security Strategist at Booking Holdings, Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, Chief Security Officer at the North American Electric Reliability Corporation, and Chief Information Security Officer for the state of Colorado. In 2008 he was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and in 2011 he was appointed by the Obama Administration as the Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security.

Mark is a former naval officer where he served as a cryptologist and was Director of Navy Computer Network Defense Operations, Director of the Navy Computer Incident Response Team (NAVCIRT), and established the Navy’s first operational red team.

He is an investor and on the Advisory Board of several cybersecurity technology companies where he has a very successful track record in helping startups through the M&A process to acquisition.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.