First, however, comes the personalization:

While most of that northwest-of-Boston community – like much of the region – remained in the dark, the Sargent Memorial Library had been welcoming the biggest crowds of Strapko’s decade-long tenure. That’s mainly because restoring power to key town facilities like the fire and police departments had also turned it back on at the nearby library.

When they returned to the library to retrieve her car, it was about 10 o’clock. Strapko was astonished to see that there were still half a dozen cars, sport utility vehicles and Priuses alike, idling in the parking lot, the drivers’ faces lit by the bluish glow of their laptop and smartphone screens. She later learned that all week long, people had been lingering in the parking lot into the early hours of the morning, unwilling to disconnect from the library’s 24-hour Wi-Fi lifeline. A dozen years into the new century, this is how hopelessly reliant we’ve all become on power.

Swidey builds the case that major disruptions in electricity delivery have been few and far between in the recent American experience:

Yet here in this country, we’ve come to expect that whenever we flip the switch or plug in to the outlet, the juice will be there. The power grid has been so reliable over the years that most of us can count on one hand the number of times in our lives when we’ve been without electricity for any significant stretch.

However, the last large non-storm related blackout in 2003 can be seen as a harbinger of future fragility.

If our society is more reliant on power than at any time in history – without it, we’ve got no commerce, no communications, no clean water – and if power becomes less reliable in the future, the big question is: Will we be able to hack it?

He divides particular threats to the grid into three buckets:

Bucket No. 1 involves what the insurance-policy fine print calls “Acts of God.’’ Here we’re talking about all those “storms of the century’’ that seem to be arriving with unsettling frequency.

And as the Halloween storm showed, even people in neighborhoods with underground power lines won’t necessarily escape outages, because those lines are fed somewhere along the route by aboveground equipment. What’s more, Mother Nature can hit us with a lot more than just high winds and heavy snow. Consider the solar storm.

Let’s call Bucket No. 2 “Acts of Terrorists.’’ Among these, there’s the old-fashioned physical attack on the bulk power system, either at its source of generation or somewhere along its transmission route. There’s the newfangled cyber attack on the computers controlling our interconnected grid. And then there’s the otherworldly-sounding attack by an electromagnetic pulse, or EMP, weapon.

Yeah, he went there: EMP.  Luckily, he expends some ink on painting some of the stalwarts of that threat genre as a little extreme and mentions the arguments that paint this as an unlikely event. As a solar storm impacting the Earth is a “when, not if” event, taking the steps to harden the grid that many EMP enthusiasts suggest would seem prudent to me. Trying to build a fanciful missile defense system that would stop any attack conceivable…not so much. Getting back to man-made threats:

But the chairman of the task force, Granger Morgan, says that what continues to worry him the most is the havoc that bad guys could cause with relatively little technological savvy. “If I’m a terrorist, I can shut down the power system in a lot simpler ways than using a valuable nuclear device,’’ says Morgan, an engineering professor at Carnegie Mellon University and a noted authority on the grid.

Natural and intentional man-made threats to the electrical grid are fairly well known in homeland security circles, but the article brings up several structural facets of the system that at least I hadn’t considered before:

Finally, Bucket No. 3 is the “Ailing Grid’’ itself. In many places, the infrastructure is as old and stooped as a pensioner. As it is upgraded and its capacity is expanded, our rapacious need for more electrical power races to max it out once again.

As our electrical thirst grows, the choices we make today about how to quench it will have lasting consequences.  Not simply some combination of environmental and national security concerns, decisions about fuel type and infrastructure capacity will have unforeseen impacts.

A decade ago, 22 percent of New England’s electrical power came from oil-fired plants and 15 percent came from natural gas-fired ones. Today, about half of our electrical power comes from natural gas, while a fraction of 1 percent comes from oil. And our reliance on natural gas promises to grow even more significantly in coming years.

Second, the natural gas pipelines feeding this region were built to serve our heating – not our electrical – needs. Most of the year, there’s sufficient room in the pipeline to supply both. The danger zone, however, comes when the temperature plummets. During stretches of brutal cold, the pipeline capacity can be quickly used up by the natural gas needed to heat our homes and businesses. And unlike oil and coal, natural gas supplies cannot be easily stored in large quantities.

Yet, some important limitations tend to get lost when people rhapsodize about renewables. Although wind and solar power represent a wonderfully clean source of electricity, in energy parlance, they are not particularly “dispatchable.’’ If the weather doesn’t cooperate, you can’t meet increased demand by simply turning up the power spigot and having renewable energy flow out the tap.

As the price of natural gas continues to either hold steady or decrease due to increasing supplies, new oil and to a lesser extent coal (which releases more pollutants into the air than natural gas) burning plants are not likely to get built.  Older plants will  be decommissioned, renewables may not be dependable, and the nuclear renaissance may run aground on the shore of economics (and a bit of safety post-Fukushima–but impacted to a greater degree by the comparative costs of building a new natural gas vs. nuclear plant). Infrastructure concerns will vary with conditions across the regions of this nation, but so will the long term impacts of deciding what sort of system to build.

With current political pressure to cut government spending, the issue of whether it will get built is just as important as what to build. If that isn’t daunting enough, the provision of electricity is a complicated public-private partnership. The issues raised by Phil’s recent posts on supply chain issues apply to the grid as well.

The answer?

Some will choose to get off the grid, or at least decrease their reliance:

The entire article is well worth reading:

http://www.boston.com/lifestyle/articles/2012/02/05/what_if_the_lights_go_out/?page=full

Postscript:For good resilience measure, the article includes the standard list of items one should have on hand for blackouts and other types of emergencies.  Strike while the iron is hot, or at least when the reader is concerned.

Post-postscript: For those interested in getting into the weeds of electricity policy, the “Harvard Electricity Policy Group” has been examining these issues since 1993 and allows public access to their extensive research library.

Three quick impressions:

1. Constructive example of “stovepipes” being brought together around a supposedly stovepipe-busting strategy.

2. The tension between security and resilience is real, persistent, and difficult to effectively engage.   Security is tough enough.  Resilience requires even more creativity.

3. It is striking to have a hearing on this topic without hearing directly from the private sector as well.

This is an early step in rolling-out the new strategy.  Much more to come.

The intelligence chief’s comments regarding the Iranian threat were considerably more circumspect, “We assess Iran is keeping open the option to develop nuclear weapons, in part by developing various nuclear capabilities that better position it to produce such weapons, should it choose to do so.  We do not know, however, if Iran will eventually decide to build nuclear weapons.”

Yet Senators, the media, and perhaps General Clapper himself gave much more attention to the possible Iranian threat than the probable threat of natural catastrophe and pandemic.  The front page headline in the Washington Post was “U.S. spy agencies see new Iran risk.”

The same day the DNI was testifying on Capitol Hill, Mike Dunaway was making a presentation to a FEMA-hosted audience in Harrisburg, Pennsylvania.   In late 2008 and early 2009 a reasonable sample of  respondents answered a series of questions regarding their perceptions of relative threats to continuity of private sector operations, profitability or survival.

A couple of the survey findings stood out for me: Among 19 threats identified, the lowest perceived threat was “geologic disaster (earthquake, mudslide, volcanic action)”.  The survey was conducted prior to the earthquake-and-tsunami in Japan and none of the respondents were in California.   Perceptions will vary by time and place.

Also low on the list of threats was “interruption in supply or delivery chain.”   Several firms reeling from the loss of Japanese and Thai suppliers might answer differently.  But I don’t doubt the survey findings reflect general attitudes.  (Dr. Dunaway’s dissertation is chock-full of interesting findings.)

As addressed in two posts last Thursday and Friday, the President has signed-out a National Strategy for Global Supply Chain Security.  I appreciate Alan Wolfe and Bill Cumming commenting here on the posts.  Most friends, colleagues, and perhaps an adversary or two, decided to communicate more privately.  Below are a sample of the comments received.

“Just words on paper, very unlikely to really influence supply chain policy.”

“Despite a bow to resilience, this is a security strategy.”

“Lots of cargo and logistics talk, not much recognition of how the supply chain is really something new and different.”

“Though better than the earlier draft, it still seems to be mostly focused on security and less on resilience. However, I know from direct experience it is not easy to write about resiliency, and perhaps being secure is one of the first parts of being resilient.”

“Stalking horse for new (costly) regulations.”

“While it is a national strategy, it feels quite federal/global to me. I’m not sure if many state and/or local folks could conceive how they could contribute to helping realize the goals outlined. It is my belief that a resilient supply chain, like many things, starts and ends in localities around the world.

“C-suites will ignore and deploy their minions to be sure “efficiency” always trumps “resilience,” no matter how inefficient it may be to have a catastrophic collapse of supply chains.”

“The private sector is paramount. It seems to me that much, though certainly not all, of the role of government will be to encourage, support, oversee and in some instances force the private sector to do things. Left to themselves, I think other forces will drive the private sector to not do some of what has to be done to reduce risk and enhance resiliency.”

“To give this the status of a presidential strategy is sort of amazing. It’s made me stop to think. But I feel a bit like a Catholic must feel when it’s announced the Pope has convened a major meeting on an aspect of doctrine I had really never thought of before.”

“What am I supposed to do? I don’t know enough about supply chains to even start a conversation with private sector peers. Besides which private sector peers? These are not the security and EM guys I usually work with.”

“(The strategy is) better than I would have bet. But while behind closed-doors the operators agree it is a real issue, how do you convince CEOs, CFOs, and Boards of Directors? Japan didn’t persuade. Thailand didn’t persuade. White House stationary is easy to ignore. The only things these masters-of-the-universe understand is a swift kick in you know where… and by then it will be too late.”

Perceptions will vary by time and place.  But there is a strong tendency to give more attention to external threats than internal vulnerabilities.  There is more concern regarding possible evil intent elsewhere than accident, neglect, and denial close at hand. We see the splinter in the eye of the other much more quickly than we recognize the log in our own eye.

Monday the independent panel appointed to investigate the Fukushima nuclear accident released a 507 page interim report.  Most of the document focuses on specific operational decisions and tactical choices.

Several specific failures are highlighted: insufficient planning, poor regulation and oversight, inadequate training and exercising, a breakdown in communications within the government and between the government and the operator of the nuclear power plant.

The previous paragraph could be quickly edited to apply to nearly every serious industrial accident: Bhopal, TMI, Deepwater Horizon, various large-scale blackouts and others.   The same failures are referenced in most after-actions for events large and small.

Also typical has been most of the media coverage focusing on personal failures by political, regulatory and corporate leaders.

But toward the end of the report — and the 22 page English-language executive summary — are several atypical bits of analysis worth much more attention than given so far.

It is not easy to admit an absolute safety never exists and to learn to live with risks.  But it is necessary to make effort toward realizing a society where risk information is shared and people are allowed to make reasonable choices.

A quarter century ago I made some extra Yen editing Japanese-to-English translations.  This time I will mostly leave the first draft as it is. There is a kind of clarity in the slightly awkward but more literal rendering.

Even for an accident of low probabilities so long as extremely large scale damages are anticipated once it occurs… due consideration should be given to the risks involved and precautionary measures should be taken.

It was a major shortcoming for the safety of both nuclear power plants and surrounding communities that a nuclear accident had not been assumed to occur as a complex disaster.  Disaster prevention programs should be formulated by assuming complex disasters, which will be the major point in reviewing nuclear power plant safety for the future.

It cannot be denied that the viewpoint of looking at a whole picture of an accident was not adequately reflected in nuclear disaster prevention programs in the past.

The nuclear disaster prevention program had serious shortfalls. It cannot be excused that nuclear accidents could not be managed because of an extraordinary situation that… exceeded the assumption.

The Investigation Committee is convinced of the need of paradigm shift in the basic principles of disaster prevention programs for such a huge system, which may result in serious damage once it has an accident.

Whatever to plan, design and execute, nothing can be done without setting assumptions. At the same time, however, it must be recognized that things beyond assumptions may take place. The accidents this time present us crucial lessons on how we should be prepared for such incidents beyond assumptions.

Low probability, high consequence events deserve our sustained attention.

Reasonable assumptions will be exceeded.

The chairman of the investigation panel, Yotaro Hatamura, has been especially critical of the tendency to blame the crisis on soteigai. This is often translated as “unforseeable events,” but is probably closer to “unimaginable events.”  (Echoes of a “failure of imagination” in the 911 Commission report.)

Hatamura is an engineer.  His best known work is probably Learning from Design Failures in which he examines more than 100 cases to “uncover the root cause, reveal the scenario that led to the unwanted event, describe what happened so readers can clearly repeat the steps in their mind, and propose ways to avoid those mistakes in the future.”   It is a very detailed, case-by-case, engineering oriented approach to disciplined thinking.  He is a solution-oriented guy.

But Hatamura  has also become an advocate for clearly distinguishing between complexity and non-complexity and what can — and, even more important, cannot — be done to manage complexity.  With a little effort we can foresee complex events.  We have a much more difficult time imagining how our strategy for the complex must differ from our strategy for the merely complicated or novel or known.

The Japanese for complexity (see above) includes kanji a classically minded literalist might read as “a surprising recurrence of miscellaneous elephants.”  If you can imagine how you would manage that, you are on your way to being able to manage the cascade of a complex event.

The final report is expected in June.

Hackers ‘hit’ US water treatment systems

Homeland Security investigates possible terrorism in Springfield

Water system may be cyber attack victim

Has stuxnet come to our critical infrastructure shores?  Is it duqu?  Could it be something even worse?

“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois.  At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” DHS spokesman Peter Boogaard explains.

“I dislike, immensely, how the DHS tend to downplay how absolutely FUCKED the state of national infrastructure is” responds someone named “prOf” in a pastebin post that includes, according to pr0f, images of another water system that was hacked.

“I’m not going to expose the details of the box,” prOf promises. “No damage was done to any of the machinery; I don’t really like mindless vandalism. It’s stupid and silly. On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn’t even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic.”

————————–

Nick Catrantzos, who has written for Homeland Security Watch in the past, is an adjunct professor of Homeland Security and Emergency Management.  More relevant to today’s post, Nick is the former security director for a regional water utility.  Here are his thoughts on the most recent cyber event.

Spotting the Incidental Cyber Saboteur

You need not be evil to be wrong, and the true Achilles’ Heel of recent news about cyber attacks to water infrastructure in the Chicago area (details at http://www.cnn.com/2011/11/18/us/cyber-attack-investigation/index.html?iref=allsearch) is not foreign hackers of SCADA, the supervisory control and data acquisition system that makes it possible to turn a valve by remote control. Hackers have been a known external threat since the personal computer became widespread. Thus, makers of computer- and network-dependent tools like SCADA systems have to offer some protections against hackers just to make their systems marketable.

Why is no one therefore consulting other than self-avowed cyber security experts who are now issuing dire warnings about offshore SCADA hackers who may or may not be Russians? (The may-not possibility arises when these experts point out that clever hackers have the ability to misrepresent the origin of their attacks.). The same hand-wringing experts – or their fellow travelers – belong to the camp that opens the door to this vulnerability in the first place. They are not evil, just wrong.

Remote Access as Double-Edged Sword

Consider: Even the technologically challenged security professional sees the vulnerability to enabling remote access to critical systems, like water infrastructure. How do purveyors of such systems see remote access when marketing to fellow cyber aficionados? It is a selling feature, of course. Why, with remote access, the technician fielding a panic troubleshooting call at midnight can diagnose and solve the problem in pajamas instead of in the field. And the field, when it comes to water infrastructure, often turns out to be at distant sites over bad roads, poor lighting, and unattractive traveling conditions. Solving the problem from home is a win-win for all concerned, since it saves down time, isn’t it? Not if this debate includes security professionals charged with looking at the bigger picture of enterprise-wide vulnerabilities.

What makes it possible for these infrastructure attacks to abuse SCADA? Remote web access adopted in the name of expediency. What is the Achilles’ Heel? Naïve or myopic cyber professionals whose over attention to expediency permits convenient remote access for their technical support colleagues with insufficient attention to the exposure that this condition creates.

Discovering What Some Won’t Admit

How to zero in on the problem? The way not to do it is to rely exclusively on pronouncements of SCADA vendors and their like-minded counterparts in the organization who bought into web-based remote access in the first place. There is a good chance at least some of these people overlooked sharing details of remote access vulnerabilities in discussing the system before upper management and traditional security practitioners.

No, the short path to excellence in uncovering self-introduced remote access exposures is to check logs of trouble calls against field records of physical access to work sites. The more serious cyber professionals know to avoid web-based SCADA access from any home and, instead limit access to SCADA terminals that reside behind the secured perimeter of the institution’s work facilities. Maybe a SCADA technician fielding a trouble call won’t have to drive three hours to diagnose the problem at a remote field site, but he may still have to drive 20 minutes to get to a locked and alarmed office that houses a protected SCADA terminal. At least this is the ideal and advertised state of affairs. But even 20 minutes may, in time, seem too much of an imposition, so the SCADA tech quietly arranges to beta test remote access from — you guessed it — the convenience of his or her own residence. Unofficially, without a lot of fanfare. So much so, that even the boss may not realize this is happening, hence the futility of relying on the cyber function to verify its own status regarding this vulnerability. There is another way to check.

Uncovering the Rest of the Story

If expediency has come to trump security, an examination of audit trails will soon show that technician troubleshooting calls at midnight aren’t matching up to midnight access to facilities housing SCADA terminals. Maybe operators in the field are too immersed in the problem to ask or even care how a SCADA tech is responding to a trouble call. They just want help. Maybe the tech is shrewd enough to avoid volunteering details, reasoning that speed of problem resolution is more important than revealing that this is being done from home via means subject to compromise and exposure to hackers.

However, audit trails won’t lie. Whether it is via manual logs, automated access records, video surveillance archives, or a guard’s register used for having all employees sign in after normal business hours, the discrepancy will surface under scrutiny. The on-call tech who was supposed to go to an employer site to troubleshoot the problem on a protected SCADA terminal will have shown no record of having entered any employer business site at midnight. So how did he or she handle the problem? Remotely. From home. In pajamas. Expediently. And, in the process, exposing the system to exploitable vulnerability.

Caution on Experts Offering Homilies about Cyber Attack

The so-called expert who was quick to criticize government officials on this latest cyber attack claimed he was doing so out of concern that the Department of Homeland Security was deficient in sharing information with other water agencies that could be targeted. If he were truly as conversant with water security as he claimed, he would know that it is not DHS but EPA that exercises the role of lead federal agency for protection of the water infrastructure. He would also know that EPA supports Water ISAC, the Information Sharing and Analysis Center for the water sector, and that the Association of Metropolitan Water Agencies manages that function, which takes the lead in sharing this kind of threat information within the water community, while DHS and local fusion centers do their share of distributing such information as well.

Showing no sign of recognizing these particulars, how could this self-styled expert really know what information on this SCADA threat is or is not circulating within the affected community of interest? A skeptic might conclude that such considerations take a back seat, however, when dire warnings can generate free publicity.

IT vs. Ops

Some over zealous IT departments in utilities that use SCADA see SCADA as a means of supplying bandwidth on which to commingle business applications as well, thereby increasing likely needs for remote access by more employees and raising susceptibility to compromise at the same time.

If employees in Operations at water utilities don’t over concern themselves with security deficiencies in SCADA, it tends to be because they have their hands full avoiding one or two catastrophes a year when SCADA techs unthinkingly shut down the system for maintenance or cause some other disruption without telling Ops in advance. The techs forget that flow changes can result in catastrophic treatment or distribution problems that affect water quality. This often occurs after business hours or on weekends, when the techs operate on the assumption that it is the best time to tinker without users noticing or balking — true enough for the average business network, but not for 24/7 attention to water treatment and distribution.

One sign that too many debacles have been surfacing serially is when Ops wrests the SCADA function away from IT. This does wonders for reducing those kinds of snafu.

More than a few people in the public safety and homeland security sectors are hoping yesterday afternoon’s shallow M5.8 earthquake shook some sense into politicians, bureaucrats and Congressional staffers. The temblor, the largest recorded in the national capitol region in more than a century, caused a large-scale disruption of cellular telephone service when it struck shortly before 2:00 PM EDT. Cellular operators attributed the failure to overloads rather than physical damage to system components. Landline services, including the copper-wire-based public switched telephone network, remained operational and under-utilized.

The growing dependence of Americans on cellular telephone services, especially the extent to which reliance on these devices has displaced older technologies, has raised concerns among regulators and the regulated alike. Phone companies are now having trouble keeping up with the increasing capabilities of the devices we crave. Despite our seemingly elastic appetites for each new generation of wireless technology, our willingness to pay for the infrastructure to support these nifty services has remained relatively constrained. Meanwhile, pressure on companies to improve profitability in an atmosphere of constrained revenues and stiff competition have limited infrastructure spending to such an extent that one wonders whether the price and performance curves will ever be reconciled, even if the economic recovery takes hold.

This harsh reality has fueled pressure from the public safety industry on regulators and legislators to designate and release a large chunk of radio-frequency spectrum known as D-Block for development of a national broadband public safety network. It didn’t take long for advocates of this move to capitalize on the quake to underscore their concerns about the status quo and renew calls for immediate action on the D-Block petition.

You might wonder why overloaded cellular networks are much of a concern to public safety agencies. After all, don’t they have their own radio frequencies already anyway? We’ve invested lots of federal, state, local and tribal government money in the decade since 9/11 improving interoperable communications capabilities. Hasn’t this paid off somehow?

Well, Virginia, thanks for asking. Yes, public safety does have a lot of spectrum and some pretty fancy equipment. This equipment and the slices of spectrum already allocated do a pretty good job of relaying voice communications and a small amount of data. But because of the limitations of these proprietary technologies and the institutional inertia of the agencies who own and operate it, police, fire-rescue and EMS services rely pretty heavily on the same cellular services the rest of us do for high-speed, broadband data applications and services. And like the rest of us, they often use cellular telephones when they only need to relay a message to a single person. That means when we lose cellular service they do too.

But wait a minute, don’t public safety officials have priority access to cellular telephone services? Clever girl, Virginia. Yes, they do. But that doesn’t help much when the number of priority calls alone are sufficient to swamp the system. Imagine, if you will, how many people in Washington, D.C. and along the eastern seaboard consider their need to communicate with someone right this second more important than anyone else’s. Besides not every public safety agency has configured its equipment and paid the fees necessary to obtain this sort of priority access.

Cellular network operators say most services returned to normal within about 20 minutes of the earthquake. One suspects that the decision to release many (so-called) non-essential government workers early was predicated at least in part on a desire to alleviate further strain on the region’s already overburdened systems and services. At the same time, one has to wonder what this cost both in terms of lost productivity and public image.

By most accounts, the earthquake, despite its surprising intensity and duration, caused relatively little physical damage. But the fiscal damage of the decisions yet to come remains to be seen.

A  firefighter, a  cop, and an emergency manager walk into a bar.  This is not a joke.  I was with the three of them.

One had red wine, another had a beer, the third ordered scotch.   I was drinking Dry Sack on the rocks with a twist.

Can you guess which one had which drink?  Can you guess which offered what to the conversation:

“The problem is everyone is in denial about the worst risks.”

“New Orleans after Katrina was simple compared to Sendai after the tsunami.  How about Memphis after New Madrid or LA after the big one?” You can know the real pros by whether or not they pronounce it Maaadrid, as in really crazy.

“How about DC, Pittsburgh, and Birmingham after New Madrid?  How about pipelines, rail bridges, interstates, and the Eastern Interconnect after New Madrid?”  Hows about every little town downstream from a dam?

“How about the whole economy for the next ten years after Long Beach is taken out? I don’t care if it’s tsunami, pandemic, or an IND.”

“How about the whole economy if some cyber-anarchists decide to really screw with credit cards and ATMs?”

“As long as they vaporize my mortgage too.”

The bar talk was not as grim as this suggests.  Extended conversations with this crew are like a public reading of Dante’s Inferno (no Paradiso) with a running commentary by the comedian Lewis Black.  You roar with laughter over a comment that ought not be documented here.   A slightly sick sense of humor is essential to survival in these professions.

“We’re the real problem,” one guy said wrapping his arms around the shoulders of those on either side.  ”We’re too good.  Why worry when the A team’s got your back?”

“Just call 911 and the cavalry always comes.”

“Even under fire… hell, with radioactive brimstone falling from the sky.”

“Thing is, we’re really good at the everyday stuff and lots of the tough stuff.”

“Did you hear about the 911 call because the citizen thought her remote had been stolen.  Cops found it in a drawer.  They responded!”

“That’s the problem, we are so #$!@ responsive we’ve trained the citizens to depend on us.  When the big #$!@ happens they just wait around.”

“Not everyone.”

“Practically EVERYONE!”

“There’s two big pile-ups:  real increasing dependence. Who grows their own food anymore?  Who even eats at home? And where does our food come from? Not anywhere close.  Second pile-up: The #$!@ complicated system works really, really well until it doesn’t work at all.  So there’s no obvious reason to pay much attention, until it’s too late.”

“So… what we’re really good at is hiding the problems?”

“Sure.  There’s a fire.  You put it out.  You get ‘em temporary housing or they go to the in-laws.  I keep gawkers away.  Everything’s fine. No worries. But in Joplin or Tuscaloosa? Even those huge twisters were tiny compared to what we’ll get when the wrong fault shifts under 5 million or a wildfire overwhelms San Diego.  Hows about a CAT 5 and flood surge pounding Miami-Dade?”

“When they call 911 no one will answer, they won’t even get a #$!@ dial-tone!”

“It doesn’t take such a big hit.  Maybe catastrophe comes on little cat feet?  You read Ted Lewis’ new book?  The complex systems we depend on are so intricate  just one little complication and the consequences cascade.”

“Sort of like the 2003 blackout caused by tree branches in Ohio?”

“But the cause wasn’t tree branches, it’s the way WE build and manage systems. Tree branches are a preexisting condition.  Our choices create the vulnerabilities.”

“You know when I was a little kid,” (the guy to his right mimicked the Staten Island accent) we had a farm right down the road.  It’s a landfill now.  The big farms in Jersey, they’re all McMansions.  Mom and pop get their broccoli and peas from California just like all of us.”

“You know what though? The beers alot better than back then.  Hey waitress, another round here.”

A friend (thanks, George) recently sent a video to me (below) that describes another creative infrastructure idea:

“cover all concrete and asphalt surfaces that are exposed to the sun with solar road panels. This will lead to the end of our dependency on fossil fuels of any kind.

“We’re aware that this won’t happen overnight. We’ll need to start off small: driveways, bike paths, patios, sidewalks, parking lots, playgrounds, etc. This is where we’ll learn our lessons and perfect our system. Once the lessons have been learned and the bugs have all been resolved, we’ll plan to move out onto public roads.”

(You can read more details about the Solar Roadways project at this link: http://solarroadways.com/vision.shtml

I showed the video illustrating the solar roads project to some engineering friends.  Here’s part of the resulting conversation:

Dr. R — That’s totally cool. I’d need to be convinced that you could manufacture this stuff as cheaply as asphalt and more importantly, that the total cost of ownership is lower. But how cool would it be to have this running up to your house? You’d get rid of all the lines that are there now and run it all thru this.

Dr. T — This is orders of magnitude better than [the idea posted in February]!  But the bureaucracy and red tape cutting to do this is horrendous.

Dr. T — Question: If you charge power and telecom companies to use it, you could not only pay for it but make a return on investment.  But does it work? Driving a million semis over circuits every week is much different than a lab test.

Dr. R — Yea, durability is the key. I won’t be convinced until someone funds a real test case that we can carefully observe for a few years with heavy traffic. Lots of trucks!  Of course, you’ll have the occasional 15 year old hacker who finds a way to spell swear words in the LEDs but that would be cool too.

Dr. T — You can read your email while driving on it! Generally power engineers don’t believe in this idea because they understand the physics of long haul transmission and it isn’t friendly. But I think they [power engineers] have not considered an alternate architecture that incorporates storage. Flywheels, compressed air and batteries are not integrated into their models.

The glass highway project plus storage could change all that, but the grid would have to operate as a store-and-forward network rather than as a big electronic circuit. That is, we need about a decade of research that is orthogonal to current linear incremental thinking about the grid.

Here’s the 4:38 solar roadways video:

“…infrastructure defense is assumed to fall primarily into the hands of the private sector, which operates 85% of critical infrastructure.”

I ranted a year ago about the 85% number in a post that appeared on this blog.

The Number simply won’t die. It lives beyond truth or lie. Its reality is independent of time and space.

So I wrote back to Nick summarizing what I believe is the problem with The Number.

Nick — who loves the English language as a gardener treasures orchids — once presented me with a knit picker.  So he is aware of my tendency to occasionally pole vault over mouse turds.

Nick also has spent time in the same Circus and has been known to pick a nit or two, so he responded back with some evidence about the 85% number.  I pushed back.  He returned fire.  As did I.

Then he wrote something that shined a light on a bias I did not see I had.

A year ago, I wrote:

…the 85% figure has been used to justify a laissez fair critical infrastructure strategy. Private sector “ownership and control” has been interpreted to mean government frequently has to ask politely before it tries to do anything to improve safety and security.

If the 85% figure is wrong — or at least unsupported by any empirical basis — maybe the policies derived from that belief are also wrong.

Basically, I thought the 85% number was used to justify the government not pushing the private sector hard enough when it comes to protecting critical infrastructure.

Nick — who is a security manager and former security consultant for public and private organizations — described how this “who owns what” issue looks from the private sector.

My dilemma, perhaps a distant cousin to your own, has been in encountering an obdurate, logic-proof insistence by cops, fire fighters, emergency managers, fusion center staff, and DHS minions to define my employer and all critical infrastructure stewards as private sector entities.

It does not matter how much we demonstrate that we are a public agency and a regional extension of government.  As far as these people are concerned, we are private, hence unworthy of sensitive information (even if we were the ones to originate it) and inherently suspect of being profit driven (no matter how many wasteful, feel-good programs we underwrite for some avowed public good).  Even being part of the same retirement system and driving vehicles with tax-exempt license plates — two surefire convincers everywhere else — have no impact in shaking the conviction that we are infrastructure stewards, hence private sector mercenaries.

My unproven suspicion is that much of what is at the bottom of this categorization is a sort of tribal urge to satisfy two unstated objectives:

1.  Limit the in-group to an established comfort zone and organizationally and traditionally familiar faces.

2.  Assure that the existing in-group gains and keeps primacy at the trough of grants and other funding destined for public sector actors who are new both to homeland security and critical infrastructure protection.

If there are points to this fugue that resonate with me as an infrastructure steward, they are these:

A.  Critical infrastructure is definitely in both public and private hands.  Given the types of infrastructure that exist, it is reasonable and credible to accept that they are mainly privately owned and operated.

B.  Whether that percentage figure of 85% is anything more than an approximation or an archly crafted statistic meant to advance an ulterior agenda is mildly interesting to an infrastructure steward. At the end of the day, the hand on the wrench or on the SCADA system comes from the same gene pool, skill set,  and population.

C.  Even a critical infrastructure operation that is entirely managed by a public agency is going to have some private sector involvement and exposure.  Construction comes to mind.  We are always building or modifying facilities and upgrading systems.   Contrary to popular belief, even the wealthiest of public agencies cannot hire everyone they meet.   Contractors and subcontractors are as ubiquitous as they are indispensable.

D.  The original point of emphasizing private ownership and operation, to the extent I absorbed one, seemed to be as a means of emphasizing that protecting critical infrastructure is a shared responsibility and one that would be imperiled by ignoring private sector stakeholders. That point still makes sense to me.

The basic concept is to build new underground electric power transmission lines, natural gas pipelines, and telecommunication, cable TV, and Internet communication lines on rights-of-way already established by America’s 40,000 mile Interstate Highway System. The Interstate Highway System reaches nearly every part of the nation, and states own the rights-of-way along these roads. It makes sense to leverage this asset.

The idea — called the National System of Resilient Infrastructure (or NSRI) — was developed by Ted G. Lewis, at the Naval Postgraduate School.  Here are the details of this $1,000,000,000,000 idea:

—————————————-

Proposed

Electric power, energy for transportation, and telecommunications capacity are three major economic drivers for the future economy of the USA.  But these sectors are in trouble, for a variety of reasons, including NIMBY (not in my back yard), lack of investment, and lack of vision.

To overcome these barriers, stimulate the economy, and develop a resilient infrastructure for the 21^st century, the author proposes a “moon shot” scale effort to build a national system of resilient natural gas, electricity, and telecommunications infrastructure along the 40,000 miles of Interstate Highway.

This 20-year, $1 trillion project would be implemented by a public-private partnership structured much like a GSE (government-sponsored enterprise), and mainly funded by the private sector. Besides creating millions of jobs, enhancing our ability to transition to clean cars, trucks, and buses, the national system would be immediately self-sustained by usage fees, and therefore profitable. It would not cost the government any money, and would have an immense impact on the economy.

Infrastructure Equals Prosperity

The Dwight D. Eisenhower National System of Interstate and Defense Highways, commonly called the Interstate Highway System (or simply the Interstate) is the largest highway system and largest public works project in the world. More importantly, it propelled the United States into a new era of prosperity. Today, virtually all goods and services are distributed via the Interstate, which is still expanding.

In the 1990s the 25-year old Internet was commercialized, stimulating economic growth so much that it produced a bubble in 2000. Yet, the federal government’s $200 million investment has already returned 100-fold on investment, after less than 20 years of growth. The future of the global economy increasingly depends on the Internet.

It is clear that relatively modest investments in infrastructure reap exponentially large returns due to economic growth, job creation, and innovation. Since ancient Rome, no nation on earth has achieved or maintained greatness, security, and prosperity, without plentiful energy, robust communications, and transportation capacity.

The economy of the 21^st century will run on electrical power and Internet packets. Without these, the USA will slip into fourth or fifth place among nations.

The Challenge

The United States faces an “infrastructure challenge” and an equally big opportunity, today. The challenge is to rejuvenate our failing basic infrastructures: water, power, telecommunications, and energy.

Progress in green energy generation is stalled because of inadequate transmission capacity. Telecommunications capacity must be greatly increased to accommodate global 3D virtual reality, multi-party conferencing, and high-performance research and development in medical, environmental, and technical industries. Think of the possibilities of telemedicine piped directly into your home, or corporate meetings conducted with 100,000 participants from around the globe.

Advances in material science, bioengineering, medicine, green energy, revolutionary telecommunications, and green transportation will present great opportunity over the next 20 years to those nations prepared to capitalize on them.

These are the economic drivers of the future, but they require advanced infrastructure.

We know how to turn sunlight into electrons, but lack the distribution channel to transport electrons produced in New Mexico to markets in New York. We know how to telecommute via our computers, but lack the bandwidth for two-way, 3D telecommunication between grandmother and granddaughter across the continent. We know how to automate transportation systems to reduce auto accidents and congestion, but our highways are “dumb.”  In the next 20 years, cars will run on electricity and natural gas, but we lack the infrastructure to refuel them while achieving energy independence.

Venture capital is pent up, waiting for government to stimulate a “green economy,” but we do not currently have the market distribution infrastructure to make it possible.

We need a National System of Resilient Infrastructure (NSRI) to take advantage of opportunities that will create jobs and keep America economically strong.

The Solution

The National System of Resilient Infrastructure plan (NSRI) is designed to address two roadblocks in the way of the next stage of economic growth: NIMBY, and the enormous cost of rebuilding the power and telecommunications infrastructure of the 21^st century.

NIMBY (Not-In-My-Backyard) is currently blocking many projects because people do not want power lines in their backyards. In addition, infrastructure is enormously expensive and unattractive as an investment because it does not give companies a competitive advantage. For example, the current 1 trillion dollar electrical power grid is fragile due to a lack of transmission capacity. It is also based on 1940′s technology. But who can afford to invest 1 trillion dollars to rebuild it?

NSRI proposes to avoid NIMBY by placing critical infrastructure underground. NIMBY can be avoided by building underground electric power transmission lines, natural gas pipelines, and telecommunication/CATV/Internet communication lines on rights-of-way already established by the Interstate Highway System. States already own these rights-of-way, and the Interstate Highway System reaches nearly every part of the nation. It therefore makes sense to leverage this asset even more so.

Energy, Power, and Communications infrastructure also requires storage nodes (for surge resilience), “service stations” (for distribution), and several network operation centers. The NSRI will be resilient because of its storage, security, and distributed architecture [decentralized assets].

Robust and redundant, able to transmit commodities such as Internet packets, electrons from solar farms, natural gas for future cars, trucks, and buses, and bountiful electrical power for future cyber businesses, the NSRI will be a quantum step forward for the nation and the economy.

NSRI is America’s 21^st century “moon shot.”

How to Pay for It

The NSRI network would be constructed much like the Interstate Highway network, over a 20-30-year period at an estimated cost of $50 billion per year.

The author estimates it would cost $25 million/mile to build the necessary tunnels, pipes, wires, etc. The Interstate is 40,000 miles long, hence a total estimated cost of $1 trillion over 20 years.

This may seem high, but it represents 3.6% of the combined revenues of the natural gas, electrical power, telecommunications, gasoline, and broadcast industries, see Table I.

The Interstate Highway System is “pay-as-you-go”, with 90% of the funding coming from the Federal government, and the remaining 10% from the States. In its first year of construction, 1958, total costs were $37.6 billion. By 1991, the cost was $128 billion. But these billions contributed nothing to the national debt because they were paid for by a 40 cent per gallon tax on gasoline. Title II of the Highway Revenue Act of 1956 created the Highway Trust Fund to collect and dispense funding for the Interstate System.

Similarly, the NSRI would be financed through a Trust Fund established by Congress to create and operate NSRI. The NSRI financing plan needs to be worked out in detail, but two attractive options are: Option I: GSE (Government Sponsored Enterprise), and Option II: excise taxation, similar to the model used by the Highway Revenue Act of 1956.

Ultimately, the NSRI must be self-sustaining, through revenues generated by its use. A toll fee would be charged for use of the pipelines, communication lines, storage facilities, and service stations. These fees can be based on current regulated fees charged by telephone, utility, and pipeline companies – a familiar fee structure for these industries.

Option I: GSE: Ginny Mae, Sallie Mae, Fannie Mae and Freddie Mac are GSEs, i. e., government-backed enterprises listed on stock exchanges, and therefore, investor supported. The idea here is to raise the major portion of funding from investment banks, retirement funds, and personal investors through an IPO [initial public offering]. Like a GSE, the NSRI Trust Fund would be backed by the Federal government, and at some point reach a self-sustainable level through usage fees. This model, however, would probably require temporary taxation to raise the full $50 billion needed to initiate NSRI.

Option II: Excise Taxes: The Interstate Highway System was funded by a $0.40/gallon tax on gasoline (part Federal and part State). This tax can be rolled back as expenses are replaced with usage fees. Consider this: a 3.6% excise tax on revenues shown in Table I would raise $50 billion per year. Alternatively, an additional $0.40/gallon excise tax would raise $56 billion per year.

Both options are no-cost options for the Federal Government. Both options follow the Interstate Highway model whereby States own the infrastructure. Unlike the Interstate Highway model, however, the NSRI can easily achieve sustainability through an industry-accepted fee structure.

—————————————-

Dr. Lewis can be reached at tlewis[at]nps.edu