Modern infrastructure installations, such as power stations, water treatment plants, oil and gas pipeline distribution systems, hereinafter generically referred to as infrastructure facilities, are complex facilities that produce, control, and/or distribute large quantities of resources essential for proper functioning of modern society. Each infrastructure facility embodies a complicated environment typically comprising a web of human operators and an integrated system of automated equipment, monitoring systems, and a network of computers that cooperate to control the equipment responsive to data provided by the monitoring systems and the human operators. The computers, monitoring systems, equipment and operators communicate via a communication network that may comprise both wire and wireless communication devices. The computers and instruction sets they execute and information systems they access, the monitoring systems, and the communication network are conventionally referred to as a supervisory control and data acquisition (SCADA) system. SCADA is accessed by the human operators via human machine interface (HMI) equipment, such as consoles, keyboards, and voice recognition control equipment.
A single given infrastructure facility may provide services and resources to a population in a facility service area that may have a relatively limited geographical extent, such as that of a small town or portion of a town, or to a population in a relatively extended geographical region, such as that of a large city, group of cities, or a state. Generally, infrastructure facilities are integrated to cooperate and provide services and resources to populations in very large geographical regions that extend beyond the service area of a single one of the cooperating infrastructure facilities.
For example, whereas a single power station may provide power to a neighborhood wide or citywide population, a plurality of power stations may be integrated to form a power grid that provides power to a population in a region of a country comprising a state, or more than one state in the country. And a plurality of power stations may be integrated to provide a power grid of interdependent power stations that provides power to a country or to a geographical region that extends beyond the borders of single country. For example, a power grid referred to as the Quebec Interconnection provides power to the Canadian province of Quebec and the U.S. Northeast. The Western Interconnection and the Eastern Interconnection power grids provide power respectively to the US western states and the US southeastern states. The Indian Power system is divided into five large regional grids. One large power grid provides power for most of continental Europe.
The various power stations and power grids concentrate, use, and control physical and economic assets of enormous value, and disruptions and/or damage to their functioning or the assets can cause substantial economic damage to national and global economies, cause physical damage, and even lead to loss of life. For example, a loss of power referred to as the 2003 blackout left about fifty five million people in northeastern Canada and the US without power for about four hours. The “short” four hour blackout is estimated to have cost about six billion dollars.
The blackout was caused by a software bug in an alarm system at the FirstEnergy Corporation of Ohio. The bug prevented an alarm being raised to alert operators to re-distribute transmission line power after overloaded transmission lines in a rural area sagged and hit trees causing a flashover that took the sagging lines out of service. The out of service lines led to a cascade failure in which other transmission lines successively overloaded, quickly dropped out of service, and generated the blackout.
Whereas the 2003 blackout was unintentional, power facilities, such as power stations and power grids, are exposed to intentional damage from cyber attacks of various degrees of sophistication and severity. Cyber attacks attempt to inflict damage on power facilities by exploiting vulnerabilities of the SCADA systems that control the facilities to various types of attacks that may damage their operation. Cyber attacks may be directed to compromising computer instruction sets, execution of the instruction sets, data processed by execution of the instruction sets, and/or how the computers communicate between themselves, with equipment they control, and/or the outside world. Examples of cyber attacks include: denial of service; submission of false request from or false information to operating personnel; input of spurious data to data bases and/or equipment; unauthorized operation of facility equipment; disruption of communications; and instruction set corruption by malware such the stuxnet computer worm.
To protect the facilities, operators implement various security procedures and install various technologies designed to prevent and/or mitigate consequences of a cyber attack. However, the complexity of the facilities and the technological and financial resources often readily available to individuals, organizations, and nation states for crafting a cyber attack allow myriad possible scenarios for cyber attacks of different forms and perniciousness. As a result, configuring appropriate protection for a power facility is a difficult task that typically requires addressing a large profile of security issues and generally requires repeated review. Whereas the security procedures and technologies deployed appear to be relatively effective in addressing a constant, background tattoo of relatively low level, small scale cyber attacks to which the facilities are regularly exposed, it is difficult, if not impossible, for example to predict their efficacy against high impact low frequency (HILF), “black swan”, cyber events.