Critical Infrastructure Interdependencies

H. Scott Matthews

March 30, 2004

Recap of Last LectureThreats/Vulnerabilities/RisksRisk Assessment and ManagementChanging place of infrastructure in

national policy / defense strategyNational priorities related to protecting

infrastructure/etc from terrorist attacks (security, not reliability, etc).

Effects of AttacksDirect - loss of service

Attack on a critical node, system, function E.g. bridge

Indirect Attack leads to behavioral/psychological

Exploitation Using one to destroy another May involve interdependencies

Nth-order Effects

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

Interdependencies A new emphasis on critical infrastructures

PDD-63 in 1998 after Oklahoma City Generally worried about hackers

Use of digital assets to disrupt physical assets suggests interdependency

There are many non-hacking interdependencies Everyday/natural events can exploit them too

Galaxy 4 satellite failure (lost pagers) - single satellite responsible for 90% of users

California blackouts (2001) - cut off other energy Almost everything we do depends on “infrastructure”

All infrastructure depends highly on others

Definition of Infrastructure Sectors - PCCIP ReportTelecommunications, electric power

systems, natural gas and oil, banking and finance, transportation, water supply systems, government services, and emergency services.

This is a narrow definition (food also?)

Key Questions How to balance needs for better service/

quality with the systems created to do so? What tools can be used to predict? How can everyday operation be balanced

with security/other vulnerability concerns? What are performance measures? Who are stakeholders? How to deal with risk and uncertainty? What are the frameworks for analysis?

Complex Adaptive Systems (CAS) Collective, systemic behavior is emergent

i.e., follows patterns that result from, but not predictable from, nonlinear interactions with a large number of subsystems

Capabilities change over time Components influenced by past experiences

System is greater than the sum of its parts Defined at high levels

May be possible to model/ manage/ understand via agent-based systems Software systems where simple decision rules are

followed and tracked via information given to them

Other IssuesCentralized control (e.g. through info.

Systems) lead to weakest link issues Blackout of 2003 (again)

Resource sharing (e.g. water)

Six Dimensions of Infras. Interdependencies (Rinaldi) They include the technical, economic,

business, social/political, legal/regulatory, public policy, health & safety, and security concerns that affect infrastructure operations. (Infrastructure) environment Coupling / Response behavior Failure types Infrastructure characteristics State of Operation Types of Interdependencies

Types of Interdependencies Physical - output is dependent on other

E.g. coal by rail to power plants Cyber - depends on info. transfer

Banking/ATM systems use wired networks Geographical - location/environmental factors

Co-located or nearby sites (power plant near steel factory)

Logical - states interdependent (“other”) Linked through financial markets (buy/sell)

Dependent System

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

Unidirectional: Supported and supporting infrastructures

InterdependencyBi-directional “The connections among agents in

different infrastructures in a general system of systems.”

Interdependencies dramatically increase the overall complexity of the “system of systems

Interdependency Diagrams

Production, Cooling, Emissions Reduction

Water for

Power for Compressors,

Storage, Control

Systems

Fuel for

Generators

Power for Pump and Lift Stations,Control Systems

Power for

Switches

Water for

Cooling,

Emissions

Reduction Heat

Power for Pumping Stations, Storage, Control Systems

Fuel for Generators, Lubricants

SCADA, Communications

SCADA, Communications

SCADA,

CommunicationsSC

AD

A, C

om

mu

nic

atio

ns

Fuels, Lubricants

Fuels, Lubricants

SC

AD

A,

Co

mm

un

icat

ion

s

Water for Cooling

Fuel Transport,Shipping

FuelTransport, Shipping

Shi

ppin

g

Shipping

Power forSignaling,Switches

Fuel for Generators

Wat

er f

or

Pro

du

ctio

n,

Co

oli

ng

, E

mis

sio

ns

Red

uct

ion

Water

Transpor-tationOil

Telecom

NaturalGasElectric

Power

Use Insights for CI Sectors

Sector Tot CI Purch Tot Int Purch Pct CIRail Trans. $4,751 $27,655 17%Truck Trans. $58,100 $112,000 51%Water Trans. $9,347 $23,834 39%Air Trans. $21,298 $67,641 31%Pipelines $3,208 $19,441 17%Communications $47,730 $144,306 33%Electricity $12,345 $61,931 20%Gas Prod/Dist $25,001 $88,722 28%

Outputs in $millions

Top Sectors Dependent on CISector Sum CI Use Trucking and warehousing $40,548Communications (non broad) $29,976Retail Trade $22,908Wholesale trade $21,363Petroleum Refining $20,203Gas prod & Dist $18,870Food and Kindred Products $17,172Real Estate Mgmt $17,025Air Transp $16,045Health Services $16,010Finance $14,758Restaurants $13,605New construction $12,089Electric Utils $11,648Industrial and other chemicals $10,841

Top Sectors With Highest % CI

Sector Percent CITrucking and warehousing 49%Communications (non broad) 34%Fed Govt Enterprises 31%Water transp 31%Air transp 31%Stone & Clay Products 27%Gas prod & Dist 27%Water & Sanitary svcs 26%Nonmetallic minerals mining 25%Hotels and lodging places 21%Pipelines 20%Electric utils 19%Rail transp 19%Agric. Fertilizers 19%Glass and glass products 18%

Average acrossAll sectors is11%