SlideShare une entreprise Scribd logo

Integrated Infrastructure: Quantifying the Economic Risk of a Cyber Attack on Critical National Infrastructure

Lockheed-Martin
Lockheed-Martin

The document discusses the increasing interconnectedness of critical infrastructure and the risks posed by cyber attacks. It presents a hypothetical cyber attack scenario on the UK power grid carried out over several phases: (1) research and installation of rogue hardware in substations, (2) dormancy period, (3) activation of attacks causing rolling blackouts, (4) response efforts as attacks continue and a rogue device is discovered, (5) aftermath as vulnerabilities are addressed and the economy is impacted. Economic modeling shows potential losses ranging from £49 billion to £442 billion depending on the scenario variant and whether physical damage occurs. The conclusion emphasizes the need for cross-sector cooperation to increase infrastructure resilience.

Technologie
1  sur  24
Integrated Infrastructure: Cyber Resiliency in Society
The Knowledge Economy Agriculture 37% Industry 24% Service 39% Agriculture 4% Industry 63% Service 33% Agriculture 2% Industry 22% Service 76% Service-Dominated EconomyService-Dominated EconomyAgriculture with Industry & Service Economies categorised by dependency on critical infrastructureOLD NEW
Triangle of Pain Provision of service Government and Regulators Private sector critical infrastructure companies Society: Corporate and Private Consumers Optimizing the Risk Equation: Who Bears the Risk?
50 55 60 65 70 2012 2013 2014 2015 2016 2017 2018 2019 2020 Catastronomics: GDP@Risk GDP@Risk: Trillion US$ Global GDP Crisis GDP Trajectory GDP@Risk Recovery Impact Cumulative first five year loss of global GDP, relative to expected, resulting from a catastrophe or crisis
Methodology Disruption to UK Society: Through risk and vulnerability modelling, using a system-of-systems model Company & Supply Chain impact: Through supply-side input-output modelling Impact on the UK Economy: Through macroeconomic modelling
The Cyber Scenario Eireann Leverett
Ukraine Cyber Attack  Date of power outage: 23 December 2015  Electricity outage affected region with over 200,000 people for several hours  Malware (BlackEnergy) in 3 distribution substations  Still investigating if switching came from hackers  The Ukrainian energy ministry probing a “suspected” cyber attack on the power grid  Ukraine CERT confirms there was spear phishing at affected companies prior to outage Kuchler Hannah and Neil Buckley. “Hackers shut down Ukraine power grid.” Financial Times. 5 January 2016. http://www.ft.com/cms/s/0/0cfffe1e-b3cd-11e5-8358-9a82b43f6b2f.html#axzz3wTmkfdX9 [Accessed: 6 Jan 2016]
Standard Disclaimer This scenario is not a prediction It is not trying to highlight any specific vulnerability in the UK Power Grid This is a stress test scenario for risk management purposes
The Scenario  Attack on electricity distribution in South East England  Key focus on 132kV distribution substations  Insider + State Sponsored Cyber Team  Rogue hardware attack platform installed inside substation  Rolling blackouts 0% 10% 20% 30% 40% 50% 60% 1 2 3 4 5 6 7 8 9 10 11 12 Number of Weeks Without Power %ofRegionWithoutPower X1 S2 S1
{ Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected
{ Phase 1 } Research and Development BBC. “National Grid warns of lower winter power capacity”. 28 October 2014. Target Location and Timing  With inside support, the nation is able to target critical substations  Heathrow (X1 only), Gatwick, Stansted and City Airports  London Financial District  Ports of London and Dover  Felixstowe Container Port  The attack begins during a cold period during winter when electricity demand is at its highest  During the 2015/16 winter season it is predicted that on the highest demand day (i.e., the coldest day) there will only be a 5.1% capacity margin, meaning that there is little room for error
{ Phase 1 } Research and Development Rogue Hardware Attack Platforms: PLC PWN It is difficult to identify rogue hardware Hilt, S. (2014, February 3). PLCpwn. Retrieved July 22, 2015, from Digital Bond: http://www.digitalbond.com/blog/2014/02/03/s4x14-videostephen-hilt-on-plcpwn/ Malicious Hardware
{ Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected { Phase 2 } Deployment and Dormancy  Rogue Hardware Communication via 3/4G  Attacks require physical presence to fix  Attackers spend time mapping substation networks  Supported by a set of ‘cover attacks’
{ Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected { Phase 2 } Deployment and Dormancy  Rogue Hardware Communication via 3/4G  Attacks require physical presence to fix  Attackers spend time mapping substation networks  Supported by a set of ‘cover attacks’ { Phase 3 } Activation  10 substations attacked every 12 hours Days 1-2:  Control signals spoofed  DNO unaware until customers report  Once cyber attack suspected, control centre investigation starts  Defence response occurs on 2nd or 3rd outage Days 1-2:  Engineer electrocuted  Rogue hardware still unidentified  Investigation moves to substations
{ Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected { Phase 2 } Deployment and Dormancy  Rogue Hardware Communication via 3/4G  Attacks require physical presence to fix  Attackers spend time mapping substation networks  Supported by a set of ‘cover attacks’ { Phase 3 } Activation  10 substations attacked every 12 hours Days 1-2:  Control signals spoofed  DNO unaware until customers report  Once cyber attack suspected, control centre investigation starts  Defence response occurs on 2nd or 3rd outage Days 1-2:  Engineer electrocuted  Rogue hardware still unidentified  Investigation moves to substations { Phase 4 } The Response Days 7- 14:  Continued rolling blackouts  Cabinet Office & CPNI confirm cyber attack  Intelligence & security services involved  Cover attacks confuse response  Rogue PLC discovered after 1 week Days 14 – 21  Rogue device removal in progress  Outages continue  Physical damage to transformers
{ Phase 4 } The Response Physical Damage to Transformers  In the X1 scenario variant, physical damage occurs via to the cyber attack to the transformers  Transformers are naturally prone to overheating and thus have built-in cooling systems and di-electric mediums to prevent arcing  Additionally, each transformer that fails increases the load on the power grid causing instability and, potentially, a cascading power failure Literature on transformer damage includes  Fire and Explosions in Substations (Allan, Fellow, IEEE, 2002),  Using Hybrid Attack Graphs to Model Cyber Physical Attacks in the Smart Grid (Hawrylak et al, IEEE, 2012),  A Coordinated Multi-Switch Attack for Cascading Failures in Smart Grid (Liu et al, IEEE, 2014),  The Potential For Malicious Control In A Competitive Power Systems Environment (DeMarco et al, IEEE, 1996),  Modelling Cyber-Physical Vulnerability of the Smart Grid With Incomplete Information (Srivastava et al, 2013)
{ Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected { Phase 2 } Deployment and Dormancy  Rogue Hardware Communication via 3/4G  Attacks require physical presence to fix  Attackers spend time mapping substation networks  Supported by a set of ‘cover attacks’ { Phase 3 } Activation  10 substations attacked every 12 hours Days 1-2:  Control signals spoofed  DNO unaware until customers report  Once cyber attack suspected, control centre investigation starts  Defence response occurs on 2nd or 3rd outage Days 1-2:  Engineer electrocuted  Rogue hardware still unidentified  Investigation moves to substations { Phase 4 } The Response Days 7- 14:  Continued rolling blackouts  Cabinet Office & CPNI confirm cyber attack  Intelligence & security services involved  Cover attacks confuse response  Rogue PLC discovered after 1 week Days 14 – 21  Rogue device removal in progress  Outages continue  Physical damage to transformers  Vulnerabilities addressed and repairs complete within 1 year  Perpetrators never positively identified  Series of independent commissions investigate  Public confidence weakened  UK critical infrastructure impacted overtaken by nearby competitors  Cyber security budgets increase  Potential increase in energy costs with increased physical & cyber security spend { Phase 5 } The Aftermath
Economic Impact Dr. Edward Oughton
Growing Interdependency: How to Quantify? Water & Wastewater Waste Transport Energy Energy supply Energy supply potential Energy demand management Digital Communications / ICT Systems
Summary of Scenario Variants Scenario Variant Description of Outage Number of substations compromised with rogue hardware Length of cyber attack campaign (weeks) Effective total length of power outage (weeks) Time to identify first rogue device in one substation (weeks) Period for reverse engineering and planning the clean-up (weeks) Clean-up and power recovery period (weeks) DNO region(s) Physical Damage S1 Optimistic/Rapid Response 65 3 1.5 1 1 1 1 region No S2 Conservative/Average Response 95 6 3 1 2 3 1 region No X1 Extreme/Average response + physical transformer damage + 2 rogue devices + 2 regions 125 12 6 2 4 6 >1 region Yes
Modelled Results Scenario Variants Lost power (TWh) Production (1 year direct) Sector Losses £ billion Supply Chain (1 year indirect) Sector Losses £ billion GDP@Risk (5 Yr) impact on overall UK economy £ billion S1 10.3 7.2 4.4 49 S2 19.8 18.0 10.9 129 X1 39.6 53.6 31.8 442 1,500 1,600 1,700 1,800 1,900 2,000 2,100 2016 2017 2018 2019 2020 2021 GDP(constantprices£2012,Bn) Baseline S1 S2 X1 Domestic UK GDP@Risk under each scenario variant £ billion
Highlights 9 m  Electricity customers disrupted  Similar levels of disruption experienced across other critical infrastructure sectors £7 BN  Direct industrial production losses £4 BN  Indirect supply chain losses  Worst affected critical infrastructure sector: Financial services  Worst affected economic sector: Wholesale and Retail Trade £49 BN  5-year GDP@Risk
Conclusions  Cooperation and transparency needed across sectors:  This isn’t a power generation/distribution problem  No-one talking about how it all fits together - don’t think in silos  OT and IT to share experience and knowledge – OT to improve resilience, ensure separation/protection of respective infrastructures  People still don't believe these scenarios can happen, evidence shows otherwise  As a largely service & knowledge based economy the impacts for the UK immediate in key sectors  Government has a key role in coordination and prioritisation
Integrated Infrastructure: Cyber Resiliency in Society For more, visit lockheedmartin.com/blackout

Recommandé

Timing Challenges in the Smart Grid
Timing Challenges in the Smart GridTiming Challenges in the Smart Grid
Timing Challenges in the Smart GridUNH InterOperability Lab
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos, Inc.
 
IRJET - Implementation of VPN, AWS Cloud Enabled Real Time Water Pollution Sy...
IRJET - Implementation of VPN, AWS Cloud Enabled Real Time Water Pollution Sy...IRJET - Implementation of VPN, AWS Cloud Enabled Real Time Water Pollution Sy...
IRJET - Implementation of VPN, AWS Cloud Enabled Real Time Water Pollution Sy...IRJET Journal
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceCoreTrace Corporation
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:CoreTrace Corporation
 
A Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityA Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityIRJET Journal
 
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Siyabonga Masuku
 

Recommandé

Timing Challenges in the Smart Grid
Timing Challenges in the Smart GridTiming Challenges in the Smart Grid
Timing Challenges in the Smart GridUNH InterOperability Lab
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos, Inc.
 
IRJET - Implementation of VPN, AWS Cloud Enabled Real Time Water Pollution Sy...
IRJET - Implementation of VPN, AWS Cloud Enabled Real Time Water Pollution Sy...IRJET - Implementation of VPN, AWS Cloud Enabled Real Time Water Pollution Sy...
IRJET - Implementation of VPN, AWS Cloud Enabled Real Time Water Pollution Sy...IRJET Journal
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceCoreTrace Corporation
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:CoreTrace Corporation
 
A Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityA Study of Intrusion Detection and Prevention System for Network Security
A Study of Intrusion Detection and Prevention System for Network SecurityIRJET Journal
 
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...Siyabonga Masuku
 
Supplier Mentoring Program Checklist
Supplier Mentoring Program ChecklistSupplier Mentoring Program Checklist
Supplier Mentoring Program ChecklistLockheed-Martin
 
Building the Bridge Between Airports and Air Traffic Management
Building the Bridge Between Airports and Air Traffic ManagementBuilding the Bridge Between Airports and Air Traffic Management
Building the Bridge Between Airports and Air Traffic ManagementLockheed-Martin
 
Evolving Security in Process Control
Evolving Security in Process ControlEvolving Security in Process Control
Evolving Security in Process ControlLockheed-Martin
 
lockheed martin
lockheed martinlockheed martin
lockheed martinjayaram v
 
Lockheed Martin - Enhancing Capacity Through Technology Driven Collaboration
Lockheed Martin - Enhancing Capacity Through Technology Driven CollaborationLockheed Martin - Enhancing Capacity Through Technology Driven Collaboration
Lockheed Martin - Enhancing Capacity Through Technology Driven CollaborationLockheed-Martin
 
One year on: Results of Time Based Separation at LHR
One year on: Results of Time Based Separation at LHROne year on: Results of Time Based Separation at LHR
One year on: Results of Time Based Separation at LHRLockheed-Martin
 
Lockheed Martin Presentation
Lockheed Martin PresentationLockheed Martin Presentation
Lockheed Martin PresentationNC Military Business Center
 
Government ICT 2015: Information and Records Management in SharePoint - Randy...
Government ICT 2015: Information and Records Management in SharePoint - Randy...Government ICT 2015: Information and Records Management in SharePoint - Randy...
Government ICT 2015: Information and Records Management in SharePoint - Randy...Lockheed-Martin
 
Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Lockheed-Martin
 
Lockheed Martin diamond presentation
Lockheed Martin diamond presentation Lockheed Martin diamond presentation
Lockheed Martin diamond presentation Michael Pinneo
 
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSTHE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSiQHub
 
Thrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewThrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewJoe Slowik
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
Power Grid Cybersecurity
Power Grid CybersecurityPower Grid Cybersecurity
Power Grid CybersecurityOPAL-RT TECHNOLOGIES
 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...RepentSinner
 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...AnonDownload
 
Towards an effective power outage planning ann approach
Towards an effective power outage planning ann approachTowards an effective power outage planning ann approach
Towards an effective power outage planning ann approachAlexander Decker
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...IRJET Journal
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 

Contenu connexe

En vedette

Supplier Mentoring Program Checklist
Supplier Mentoring Program ChecklistSupplier Mentoring Program Checklist
Supplier Mentoring Program ChecklistLockheed-Martin
 
Building the Bridge Between Airports and Air Traffic Management
Building the Bridge Between Airports and Air Traffic ManagementBuilding the Bridge Between Airports and Air Traffic Management
Building the Bridge Between Airports and Air Traffic ManagementLockheed-Martin
 
Evolving Security in Process Control
Evolving Security in Process ControlEvolving Security in Process Control
Evolving Security in Process ControlLockheed-Martin
 
lockheed martin
lockheed martinlockheed martin
lockheed martinjayaram v
 
Lockheed Martin - Enhancing Capacity Through Technology Driven Collaboration
Lockheed Martin - Enhancing Capacity Through Technology Driven CollaborationLockheed Martin - Enhancing Capacity Through Technology Driven Collaboration
Lockheed Martin - Enhancing Capacity Through Technology Driven CollaborationLockheed-Martin
 
One year on: Results of Time Based Separation at LHR
One year on: Results of Time Based Separation at LHROne year on: Results of Time Based Separation at LHR
One year on: Results of Time Based Separation at LHRLockheed-Martin
 
Government ICT 2015: Information and Records Management in SharePoint - Randy...
Government ICT 2015: Information and Records Management in SharePoint - Randy...Government ICT 2015: Information and Records Management in SharePoint - Randy...
Government ICT 2015: Information and Records Management in SharePoint - Randy...Lockheed-Martin
 
Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Lockheed-Martin
 
Lockheed Martin diamond presentation
Lockheed Martin diamond presentation Lockheed Martin diamond presentation
Lockheed Martin diamond presentation Michael Pinneo
 

En vedette (10)

Supplier Mentoring Program Checklist
Supplier Mentoring Program ChecklistSupplier Mentoring Program Checklist
Supplier Mentoring Program Checklist
 
Building the Bridge Between Airports and Air Traffic Management
Building the Bridge Between Airports and Air Traffic ManagementBuilding the Bridge Between Airports and Air Traffic Management
Building the Bridge Between Airports and Air Traffic Management
 
Evolving Security in Process Control
Evolving Security in Process ControlEvolving Security in Process Control
Evolving Security in Process Control
 
lockheed martin
lockheed martinlockheed martin
lockheed martin
 
Lockheed Martin - Enhancing Capacity Through Technology Driven Collaboration
Lockheed Martin - Enhancing Capacity Through Technology Driven CollaborationLockheed Martin - Enhancing Capacity Through Technology Driven Collaboration
Lockheed Martin - Enhancing Capacity Through Technology Driven Collaboration
 
One year on: Results of Time Based Separation at LHR
One year on: Results of Time Based Separation at LHROne year on: Results of Time Based Separation at LHR
One year on: Results of Time Based Separation at LHR
 
Lockheed Martin Presentation
Lockheed Martin PresentationLockheed Martin Presentation
Lockheed Martin Presentation
 
Government ICT 2015: Information and Records Management in SharePoint - Randy...
Government ICT 2015: Information and Records Management in SharePoint - Randy...Government ICT 2015: Information and Records Management in SharePoint - Randy...
Government ICT 2015: Information and Records Management in SharePoint - Randy...
 
Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015Evolving Security in Process Control - Cyber Security for Critical Assets 2015
Evolving Security in Process Control - Cyber Security for Critical Assets 2015
 
Lockheed Martin diamond presentation
Lockheed Martin diamond presentation Lockheed Martin diamond presentation
Lockheed Martin diamond presentation
 

Similaire à Integrated Infrastructure: Quantifying the Economic Risk of a Cyber Attack on Critical National Infrastructure

IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET Journal
 
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSTHE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSiQHub
 
Thrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewThrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewJoe Slowik
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Power System Operation
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...RepentSinner
 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...AnonDownload
 
Towards an effective power outage planning ann approach
Towards an effective power outage planning ann approachTowards an effective power outage planning ann approach
Towards an effective power outage planning ann approachAlexander Decker
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...IRJET Journal
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
AutoGrid DER Webinar Slides
AutoGrid DER Webinar SlidesAutoGrid DER Webinar Slides
AutoGrid DER Webinar SlidesJeffrey Norman
 
Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids Jishnu Pradeep
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Induction Motor Protection Using PLC
Induction Motor Protection Using PLCInduction Motor Protection Using PLC
Induction Motor Protection Using PLCvivatechijri
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
 

Similaire à Integrated Infrastructure: Quantifying the Economic Risk of a Cyber Attack on Critical National Infrastructure (20)

IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
IRJET- Edge Deployed Cyber Security Hardware Architecture for Energy Delivery...
 
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSTHE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
 
Thrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewThrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In Review
 
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
Cybersecurity Considerations for Power Substation SCADA Systems Using IEC 618...
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
 
Power Grid Cybersecurity
Power Grid CybersecurityPower Grid Cybersecurity
Power Grid Cybersecurity
 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...
 
(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...(U fouo) dhs infrastructure protection note- most significant tactics against...
(U fouo) dhs infrastructure protection note- most significant tactics against...
 
Towards an effective power outage planning ann approach
Towards an effective power outage planning ann approachTowards an effective power outage planning ann approach
Towards an effective power outage planning ann approach
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Security
 
Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...Fault Prediction and Interdependencies Identification in Smart Grids Using De...
Fault Prediction and Interdependencies Identification in Smart Grids Using De...
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Infrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesInfrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter Consequences
 
Ht r35 b
Ht r35 bHt r35 b
Ht r35 b
 
AutoGrid DER Webinar Slides
AutoGrid DER Webinar SlidesAutoGrid DER Webinar Slides
AutoGrid DER Webinar Slides
 
Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
Induction Motor Protection Using PLC
Induction Motor Protection Using PLCInduction Motor Protection Using PLC
Induction Motor Protection Using PLC
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
 

Plus de Lockheed-Martin

Forecasting and Managing Passenger Growth
Forecasting and Managing Passenger GrowthForecasting and Managing Passenger Growth
Forecasting and Managing Passenger GrowthLockheed-Martin
 
Data dictionary, domain modelling and making things easy
Data dictionary, domain modelling and making things easyData dictionary, domain modelling and making things easy
Data dictionary, domain modelling and making things easyLockheed-Martin
 
Separation before transformation at London Stansted
Separation before transformation at London StanstedSeparation before transformation at London Stansted
Separation before transformation at London StanstedLockheed-Martin
 
Principles of FAA NextGen and the Impact on Global Airport Operations
Principles of FAA NextGen and the Impact on Global Airport OperationsPrinciples of FAA NextGen and the Impact on Global Airport Operations
Principles of FAA NextGen and the Impact on Global Airport OperationsLockheed-Martin
 
Making SIAM Work (for you)
Making SIAM Work (for you)Making SIAM Work (for you)
Making SIAM Work (for you)Lockheed-Martin
 
Getting More from Less: Reducing & Consolidating Software Solutions withing P...
Getting More from Less: Reducing & Consolidating Software Solutions withing P...Getting More from Less: Reducing & Consolidating Software Solutions withing P...
Getting More from Less: Reducing & Consolidating Software Solutions withing P...Lockheed-Martin
 

Plus de Lockheed-Martin (6)

Forecasting and Managing Passenger Growth
Forecasting and Managing Passenger GrowthForecasting and Managing Passenger Growth
Forecasting and Managing Passenger Growth
 
Data dictionary, domain modelling and making things easy
Data dictionary, domain modelling and making things easyData dictionary, domain modelling and making things easy
Data dictionary, domain modelling and making things easy
 
Separation before transformation at London Stansted
Separation before transformation at London StanstedSeparation before transformation at London Stansted
Separation before transformation at London Stansted
 
Principles of FAA NextGen and the Impact on Global Airport Operations
Principles of FAA NextGen and the Impact on Global Airport OperationsPrinciples of FAA NextGen and the Impact on Global Airport Operations
Principles of FAA NextGen and the Impact on Global Airport Operations
 
Making SIAM Work (for you)
Making SIAM Work (for you)Making SIAM Work (for you)
Making SIAM Work (for you)
 
Getting More from Less: Reducing & Consolidating Software Solutions withing P...
Getting More from Less: Reducing & Consolidating Software Solutions withing P...Getting More from Less: Reducing & Consolidating Software Solutions withing P...
Getting More from Less: Reducing & Consolidating Software Solutions withing P...
 

Dernier

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Dernier (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Integrated Infrastructure: Quantifying the Economic Risk of a Cyber Attack on Critical National Infrastructure

  • 2. The Knowledge Economy Agriculture 37% Industry 24% Service 39% Agriculture 4% Industry 63% Service 33% Agriculture 2% Industry 22% Service 76% Service-Dominated EconomyService-Dominated EconomyAgriculture with Industry & Service Economies categorised by dependency on critical infrastructureOLD NEW
  • 3. Triangle of Pain Provision of service Government and Regulators Private sector critical infrastructure companies Society: Corporate and Private Consumers Optimizing the Risk Equation: Who Bears the Risk?
  • 4. 50 55 60 65 70 2012 2013 2014 2015 2016 2017 2018 2019 2020 Catastronomics: GDP@Risk GDP@Risk: Trillion US$ Global GDP Crisis GDP Trajectory GDP@Risk Recovery Impact Cumulative first five year loss of global GDP, relative to expected, resulting from a catastrophe or crisis
  • 5. Methodology Disruption to UK Society: Through risk and vulnerability modelling, using a system-of-systems model Company & Supply Chain impact: Through supply-side input-output modelling Impact on the UK Economy: Through macroeconomic modelling
  • 7. Ukraine Cyber Attack  Date of power outage: 23 December 2015  Electricity outage affected region with over 200,000 people for several hours  Malware (BlackEnergy) in 3 distribution substations  Still investigating if switching came from hackers  The Ukrainian energy ministry probing a “suspected” cyber attack on the power grid  Ukraine CERT confirms there was spear phishing at affected companies prior to outage Kuchler Hannah and Neil Buckley. “Hackers shut down Ukraine power grid.” Financial Times. 5 January 2016. http://www.ft.com/cms/s/0/0cfffe1e-b3cd-11e5-8358-9a82b43f6b2f.html#axzz3wTmkfdX9 [Accessed: 6 Jan 2016]
  • 8. Standard Disclaimer This scenario is not a prediction It is not trying to highlight any specific vulnerability in the UK Power Grid This is a stress test scenario for risk management purposes
  • 9. The Scenario  Attack on electricity distribution in South East England  Key focus on 132kV distribution substations  Insider + State Sponsored Cyber Team  Rogue hardware attack platform installed inside substation  Rolling blackouts 0% 10% 20% 30% 40% 50% 60% 1 2 3 4 5 6 7 8 9 10 11 12 Number of Weeks Without Power %ofRegionWithoutPower X1 S2 S1
  • 10. { Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected
  • 11. { Phase 1 } Research and Development BBC. “National Grid warns of lower winter power capacity”. 28 October 2014. Target Location and Timing  With inside support, the nation is able to target critical substations  Heathrow (X1 only), Gatwick, Stansted and City Airports  London Financial District  Ports of London and Dover  Felixstowe Container Port  The attack begins during a cold period during winter when electricity demand is at its highest  During the 2015/16 winter season it is predicted that on the highest demand day (i.e., the coldest day) there will only be a 5.1% capacity margin, meaning that there is little room for error
  • 12. { Phase 1 } Research and Development Rogue Hardware Attack Platforms: PLC PWN It is difficult to identify rogue hardware Hilt, S. (2014, February 3). PLCpwn. Retrieved July 22, 2015, from Digital Bond: http://www.digitalbond.com/blog/2014/02/03/s4x14-videostephen-hilt-on-plcpwn/ Malicious Hardware
  • 13. { Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected { Phase 2 } Deployment and Dormancy  Rogue Hardware Communication via 3/4G  Attacks require physical presence to fix  Attackers spend time mapping substation networks  Supported by a set of ‘cover attacks’
  • 14. { Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected { Phase 2 } Deployment and Dormancy  Rogue Hardware Communication via 3/4G  Attacks require physical presence to fix  Attackers spend time mapping substation networks  Supported by a set of ‘cover attacks’ { Phase 3 } Activation  10 substations attacked every 12 hours Days 1-2:  Control signals spoofed  DNO unaware until customers report  Once cyber attack suspected, control centre investigation starts  Defence response occurs on 2nd or 3rd outage Days 1-2:  Engineer electrocuted  Rogue hardware still unidentified  Investigation moves to substations
  • 15. { Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected { Phase 2 } Deployment and Dormancy  Rogue Hardware Communication via 3/4G  Attacks require physical presence to fix  Attackers spend time mapping substation networks  Supported by a set of ‘cover attacks’ { Phase 3 } Activation  10 substations attacked every 12 hours Days 1-2:  Control signals spoofed  DNO unaware until customers report  Once cyber attack suspected, control centre investigation starts  Defence response occurs on 2nd or 3rd outage Days 1-2:  Engineer electrocuted  Rogue hardware still unidentified  Investigation moves to substations { Phase 4 } The Response Days 7- 14:  Continued rolling blackouts  Cabinet Office & CPNI confirm cyber attack  Intelligence & security services involved  Cover attacks confuse response  Rogue PLC discovered after 1 week Days 14 – 21  Rogue device removal in progress  Outages continue  Physical damage to transformers
  • 16. { Phase 4 } The Response Physical Damage to Transformers  In the X1 scenario variant, physical damage occurs via to the cyber attack to the transformers  Transformers are naturally prone to overheating and thus have built-in cooling systems and di-electric mediums to prevent arcing  Additionally, each transformer that fails increases the load on the power grid causing instability and, potentially, a cascading power failure Literature on transformer damage includes  Fire and Explosions in Substations (Allan, Fellow, IEEE, 2002),  Using Hybrid Attack Graphs to Model Cyber Physical Attacks in the Smart Grid (Hawrylak et al, IEEE, 2012),  A Coordinated Multi-Switch Attack for Cascading Failures in Smart Grid (Liu et al, IEEE, 2014),  The Potential For Malicious Control In A Competitive Power Systems Environment (DeMarco et al, IEEE, 1996),  Modelling Cyber-Physical Vulnerability of the Smart Grid With Incomplete Information (Srivastava et al, 2013)
  • 17. { Phase 1 } Research and Development  Nation State + Insider  Sub-contract Employee  Installs rogue PLC Hardware  1-5 substations installed per week over 6 months  Minimum 65 substations affected { Phase 2 } Deployment and Dormancy  Rogue Hardware Communication via 3/4G  Attacks require physical presence to fix  Attackers spend time mapping substation networks  Supported by a set of ‘cover attacks’ { Phase 3 } Activation  10 substations attacked every 12 hours Days 1-2:  Control signals spoofed  DNO unaware until customers report  Once cyber attack suspected, control centre investigation starts  Defence response occurs on 2nd or 3rd outage Days 1-2:  Engineer electrocuted  Rogue hardware still unidentified  Investigation moves to substations { Phase 4 } The Response Days 7- 14:  Continued rolling blackouts  Cabinet Office & CPNI confirm cyber attack  Intelligence & security services involved  Cover attacks confuse response  Rogue PLC discovered after 1 week Days 14 – 21  Rogue device removal in progress  Outages continue  Physical damage to transformers  Vulnerabilities addressed and repairs complete within 1 year  Perpetrators never positively identified  Series of independent commissions investigate  Public confidence weakened  UK critical infrastructure impacted overtaken by nearby competitors  Cyber security budgets increase  Potential increase in energy costs with increased physical & cyber security spend { Phase 5 } The Aftermath
  • 19. Growing Interdependency: How to Quantify? Water & Wastewater Waste Transport Energy Energy supply Energy supply potential Energy demand management Digital Communications / ICT Systems
  • 20. Summary of Scenario Variants Scenario Variant Description of Outage Number of substations compromised with rogue hardware Length of cyber attack campaign (weeks) Effective total length of power outage (weeks) Time to identify first rogue device in one substation (weeks) Period for reverse engineering and planning the clean-up (weeks) Clean-up and power recovery period (weeks) DNO region(s) Physical Damage S1 Optimistic/Rapid Response 65 3 1.5 1 1 1 1 region No S2 Conservative/Average Response 95 6 3 1 2 3 1 region No X1 Extreme/Average response + physical transformer damage + 2 rogue devices + 2 regions 125 12 6 2 4 6 >1 region Yes
  • 21. Modelled Results Scenario Variants Lost power (TWh) Production (1 year direct) Sector Losses £ billion Supply Chain (1 year indirect) Sector Losses £ billion GDP@Risk (5 Yr) impact on overall UK economy £ billion S1 10.3 7.2 4.4 49 S2 19.8 18.0 10.9 129 X1 39.6 53.6 31.8 442 1,500 1,600 1,700 1,800 1,900 2,000 2,100 2016 2017 2018 2019 2020 2021 GDP(constantprices£2012,Bn) Baseline S1 S2 X1 Domestic UK GDP@Risk under each scenario variant £ billion
  • 22. Highlights 9 m  Electricity customers disrupted  Similar levels of disruption experienced across other critical infrastructure sectors £7 BN  Direct industrial production losses £4 BN  Indirect supply chain losses  Worst affected critical infrastructure sector: Financial services  Worst affected economic sector: Wholesale and Retail Trade £49 BN  5-year GDP@Risk
  • 23. Conclusions  Cooperation and transparency needed across sectors:  This isn’t a power generation/distribution problem  No-one talking about how it all fits together - don’t think in silos  OT and IT to share experience and knowledge – OT to improve resilience, ensure separation/protection of respective infrastructures  People still don't believe these scenarios can happen, evidence shows otherwise  As a largely service & knowledge based economy the impacts for the UK immediate in key sectors  Government has a key role in coordination and prioritisation
  • 24. Integrated Infrastructure: Cyber Resiliency in Society For more, visit lockheedmartin.com/blackout

Notes de l'éditeur

  1. Highlight how this is picked up in the paper – my but own research focuses purely on the spatial impacts of ICT on