Docstoc

51864

Document Sample
51864 Powered By Docstoc
					CRITICAL INFRASTRUCTURE

Protecting Critical Infrastructure from Terrorism: A RiskBased Multi-Hazard Approach to Vulnerability Assessment

Reducing the Risks and Consequences of Terrorism CREATE Conference November 18, 2004
Professor Rae Zimmerman New York University/Wagner Graduate School of Public Service

Research Objectives
Electric Power Case




Develop Critical Infrastructure as a Focus for and Demonstration of the Assessment of Risk, Consequences, Emergency Response and Economic Impact Provide Inputs from Electric Power Case to Risk and Economic Modeling, including:
 



electric power system configuration common mode failures indicators for interdependencies with other infrastructure

Why Infrastructure?
  

 



Attention of Federal Policy: 1996-2004 Public Concern; Contributes about 10% to Gross Domestic Product (Henry and Dumagan 2004) Highly Interdependent Centralized Production Systems and Networked Distribution Systems Large Consequences of an Attack: Extensive Number of Users Exposed Proven Targets of Terrorism Interconnections that Magnify Impacts

Attention of Federal Policy: CHRONOLOGY
OF SELECTED FEDERAL INITIATIVES INCORPORATING INFRASTRUCTURE

1996 1997 1997 1998 2001 2002 2003 2003 2004

Executive Order 13010 President’s Commission on Critical Infrastructure Protection U.S. Department of Commerce Critical Infrastructure Assurance Office Presidential Decision Directive (PDD) 63 USA Patriot Act Section 1016 National Strategy for Homeland Protection Homeland Security Presidential Directive (HSPD)7 and 8 National Strategy for the Physical Protection of Critical Infrastructures National Incident Management System (NIMS)

Proven Targets of Terrorism or Sabotage: TRANSIT and WATER
TRANSIT  1900s: Hundreds of Subway Attacks Outside U.S.(Mineta Institute)  1995: Tokyo Sarin Gas on 3 Separate Lines  1995: Subway Car Bombings - St. Michel-Notre Dame Station  1995: Derailment of Amtrak’s Sunset Limited (AZ) (vandalism)  2001: Destruction of Lower Manhattan Subway Lines (WTC)  2004: Madrid Subway Bombings WATER  2003: break-ins at water systems in 5 states and Canada  Poisoning threats in Turkey, Germany and Malta
Source: R. Zimmerman, “Water” in Digital Infrastructures, edited by R. Zimmerman and T. Horan (Routledge 2004).

Proven Targets of Terrorism or Sabotage: ELECTRIC POWER






Domestic attacks on power plants: “70 percent of energy and power companies experienced at least one severe cyber attack.” ( U.S. GAO 2004: 12) Transmission Towers: Vandalism occurred in October 2004, when two bolts were removed from a transmission tower in Milwaukee, WI disrupting power and rail service when the tower fell on to the lines (USA Today 2004). Crude oil and gas pipelines: Between June 2003-September 2004, in Iraq, over one hundred attacks on oil and gas pipelines were reported.

System Interconnectedness (Macro and Micro Effects)
ENERGY
TRANSPORTATION WATER

TELECOMMUNICATIONS

Macro Interdependencies: 2003 Total Energy Consumption by Sector
Source: Drawn from U.S. Department of Energy, Energy Information Administration, Monthly Energy Review, October 2004

27%

22% Residential Commercial Industrial 18% Transportation

33%

Micro Interdependencies: Energy use at the East Bay Municipal Utilities District
OAKLAND, CA Energy Inputs
Onsite Power Generator 2.6 MW Western Area Power Authority 4.16 MW Pacific Gas and Electric

EBMUD
Oxygenation Activated Plant Sludge Mixing Headworks Lighting, Losses, Misc.

Surplus Power

Activated Solids Other Handling Sludge Pumping Motor Loads

27%

22%

18%

12% Energy Outputs

10%

7%

4%

Diagrammed from Hake, Bray and Kallal (2004)

Types of Potential Disruption and Vulnerability Associated with Interdependencies
GENERAL EFFECTS  Single System Effects  Multiple System Effects (e.g., J. Peerenboom, R. Fisher, R. Whitfield): Common-Cause; Cascading; Escalating GENERIC ELECTRIC POWER CASE: Disruption by Terrorism  Multiple modes of attack possible  Numerous cascading effects  Many second and third level consequences  Enormous economic impacts of sustained regional electricity disruption

ILLUSTRATIVE EXAMPLE: U.S.
and Canadian Blackout of August 14, 2003
  





One set of initiating events: cyber failures Series of cascading failures of electrical systems Interdependencies: transportation, water, sanitation, communications failures Economic and social impacts: health and recreation; job disruption; disruption and redistribution of economic sectors Numerous analogies to consequences of a terrorist attack

Source: Graphed from North American Electric Reliability Council (NERC) data
Number of Customers Affected
60,000
50,000

Selected Major Blackouts in the U.S.

Customers ('000)

50,000 40,000
30,000

30,000 20,000 10,000 0
9,000 2,000 7,500 152

Maximum Duration
40 35 30
26 19 13 9 3 36

Hours

1965

1977

1996a

1996b

1998

2003

25 20 15 10 5 0 1965 1977 1996a 1996b 1998 2003

Research Approach: Electric Power
1.Identify Event Case Databases (“all-hazards” approach): U.S. DOE, U.S. DHS, websites, etc. 2.Case Diagnosis of Failures: Identify and code– characteristics of failures – Interdependencies with other infrastructure – vulnerable components and consequences

3.Develop and Apply Indicators of Infrastructure Interdependency 4.Identify Risk Reduction Options

(U.S. DOE Database) Source: New York University Critical Infrastructure Project, CREATE

Number of Incidents

60 50

No. of incidents

40 30 20 10 0

90

91

92

93

94

95

96

97

98

99

00

01 20

19

19

19

19

19

19

19

19

19

19

20

20

02

Indicator Application and Preliminary Analysis of Interdependencies and Failures
Type of Infrastructure Ratio of # Times Infrastructure Causes Failures vs. is Affected by Failure Water mains 3.4 Roads 1.4 Gas lines 0.5 Electric Lines 0.9 Fiber Optic/Telephone 0.5 Sewers/ sewage treatment 1.3
Source: R. Zimmerman, “Decision-making and the Vulnerability of Critical Infrastructure,” Proceedings of IEEE International Conference on Systems, Man and Cybernetics, 2004. Based on an illustrative data set of approximately 100 cases.

Risk and Consequence Reduction Options for Electricity: Post 9/11 (WTC) Examples


Redundancy/Service Alternatives
– Spare transformer vaults at the South Street Seaport provided energy to damaged areas



Use of Slack Resources
– Ability to access portable generators provided temporary power



Decentralization and Decoupling
– Alternative, portable energy sources used

Decentralize/De-Couple Energy: Renewable Energy - Trends Compared With Other Resources, 1973-2001 (Quadrillion Btu)

Source: Department of Energy, Energy Information Administration; Monthly Energy Review September 2002; http://www.eia.doe.gov/emeu/mer/pdf/pages/sec10_2.pdf; (Accessed 30 October 2002).

Conclusions








Electric power is a key driver of other infrastructure and impacts other infrastructure in extreme events Grid configurations, common component failures and their consequences guide risk estimates of terrorist attacks Risk reduction alternatives exist that can alter vulnerability of energy service configurations to attack Outputs of case-based diagnostic methods and indicators provide inputs to risk and economic models

ACKNOWLEDGMENT AND DISCLAIMER
This work is supported by the U.S. Department of Homeland Security (DHS) through the University of Southern California for CREATE and several grants from the National Science Foundation (NSF). Any opinions, findings, and conclusions or recommendations expressed in this document are those of the author(s) and do not necessarily reflect the views of the U.S. DHS or the NSF. The staff at NYU-Wagner are also acknowledged for their valuable assistance with the data, namely Carlos Restrepo, Nicole Dooskin, Ray Hartwell, Justin Miller, and Wendy Remington.


				
DOCUMENT INFO