The following activity is designed to prompt expression of your knowledge of and ability to apply engineering professional skills. Its purpose is to determine how well your engineering program has taught you these skills. By participating, you are giving your consent to have your posts used for academic research purposes. When your posts are evaluated by the program assessment committee, your names will be removed. In order to post, click on the Sign In button in the upper right hand corner of the blog page, then sign in using your gmail account and password.
Time line: You will have 2 weeks to complete the on-line discussion as a team. Use this blog to capture your thoughts, perspectives, ideas, and revisions as you work together on this problem. This activity is discussion-based, meaning you will participate through a collaborative exchange and critique of each other’s ideas and work. The goal is to challenge and support one another as a team to tap your collective resources and experiences to dig more deeply into the issue(s) raised in the scenario. Since the idea is that everyone in the discussion will refine his/her ideas through the discussion that develops, you should try to respond well before the activity ends so that the discussion has time to mature. It is important to make your initial posts and subsequent responses in a timely manner. You are expected to make multiple posts during each stage of this on-going discussion. The timeline below suggests how to pace your discussion. This is just a suggestion. Feel free to pace the discussion as you see fit.
Tuesday Week 1 Initial Posts: All participants post initial responses to these instructions (see below) and the scenario.
Thursday Week 1 Response Posts: Participants respond by tying together information and perspectives on important points and possible approaches. Participants identify gaps in information and seek to fill those gaps.
Tuesday Week 2 Refine Posts: Participants work toward agreement on what is most important, determine what they still need to find out, & evaluate one or more approaches from the previous week’s discussion.
Thursday Week 2 Polish Final Posts: Participants come to an agreement on what is most important, and propose one or more approaches to address the issue/s.
Discussion Instructions
Imagine that you are a team of engineers working together for a company or organization to address the issue raised in the scenario. Discuss what your team would need to take into consideration to begin to address the issue. You do not need to suggest specific technical solutions but identify the most important factors suggest one or more viable approaches.
Suggestions for discussion topics
• Identify the primary and secondary problems raised in the scenario.
• Who are the major stakeholders and what are their perspectives?
• What outside resources (people, literature/references, and technologies) could be engaged in developing viable approaches?
• Identify related contemporary issues.
• Brainstorm a number of feasible approaches to address the issue.
• Consider the following contexts: economic, environmental, cultural/societal, and global. What impacts would the approaches you brainstormed have on these contexts?
• Come to agreement on one or more viable approaches and state the rationale.
Power Grid Vulnerabilities
In 2010, the US power industry received $3.4 billion as part of the recent economic stimulus package to help modernize the country's electric power system and increase energy efficiency.
The nation’s security experts are concerned about the increased vulnerability of the operational systems used to manage and monitor the smart grid infrastructure. Supervisory Control and Data Acquisition (SCADA) systems are one of the primary energy management systems used to control the power grid. SCADA systems are susceptible to cyber attacks because many are built around dated technologies with weaker protocols. To increase access to management and operational data, these systems and their underlying networks have been progressively more interconnected.
Contemporary hackers may circumvent technical controls by targeting a specific user within the utility instead of hacking directly into the grid. For example, a person with intention to launch cyber attacks could be employed by a business that sells products or services to a company, allowing regular e-mail interactions with the internal procurement office. The hacker could circumvent the company’s firewall by sending emails with a Trojan horse or advanced malware, thus creating a virtual tunnel to the procurement office’s computers. This would give the hacker undetected direct access to the company's network which could be used to launch further attacks.
Since 2000, successful cyber attacks to the SCADA systems of a number of US power generation, petroleum production, water treatment facilities, and nuclear plants have increased by tenfold. In April 2010, a Texas electric utility was attacked from Internet address ranges outside the US. In late 2010 and early 2011, Iranian nuclear power plants and German-headquartered industrial giant Siemens witnessed the powers of Stuxnet, the sophisticated malware designed to penetrate industrial control systems. Experts warn that Stuxnet or next-generation worms could incapacitate machines critical to US infrastructure, such as electric power grids, gas pipelines, power plants, and dams. The worm circumvents digital data systems and thwarts human operators by indicating that all systems are normal, when they are actually being destroyed.
Official US governmental standards for power grid cyber security are not robust enough to ensure against such threats. According to a January 2011 Department of Energy audit, the current standards are not “adequate to ensure that systems-related risks to the nation’s power grid were mitigated or addressed in a timely manner.”
Sources
Audit Report: Federal Energy Regulatory Commission’s Monitoring of Power Grid Cyber Security. (January 26, 2011). U.S. Department of Energy, Office of Inspector General, Office of Audits and Inspections.
Computer Expert Says US Behind the Stuxnet Worm. (March 3, 2011). Agence France-Presse.
Cyberwar: In Digital Combat, U.S. Finds No Easy Deterrent. (January 25, 2010). New York Times.
Hacking the Smart Grid. (April 5, 2010) Technology Review.
New Breed of Hacker Targeting the Smart Grid. (June 1, 2010). Coal Power Magazine.
As is made clear in the given scenario, the primary problem is that the modernization of the monitoring and control systems of the power grid have made the system vulnerable to modern malefactors.
ReplyDeleteWhile the SCADA system has improved the grid in many ways, it opens up doorways for people with malicious intent to control the system. This could lead to the destruction of the power system.
As it stands, the current system of cyber security is not strong enough to adequately defend the power system.
Should these attacks occur and successfully disable the power grid of the United States, the effects would be worldwide. Nearly all businesses would be shutdown, along with all modern communication media. This would be catastrophic.
For a possible solution, experts should be gathered by power companies who can give the appropriate guidance on how to dramatically improve the security of the SCADA system. Perhaps the SCADA system should be completely isolated from the other computer networks within the companies so as to prevent the malicious hackers from gaining access at a level where damage can be done.
The primary problem is that the new improvements to the power grid is making it more vulnerable to cyber threats and hackers.
ReplyDeleteThe stakeholders are specific companies, individuals within those companies, the US government, and the general public.
Some resources would be to research current email virus/Trojan protection and the systems' cyber security.
Related contemporary issues are the possibility of terrorist attacks such as 9/11. In this case such a cyber attack could be used during a terrorist act because of how the grid is powering important government infrastructure.
Feasible approaches to solve the issue woul dbe to research ways to increase security for the SCADA system and all the companies involved. Once a solution is found all the companies should be mandated to follow certain security protocols to ensure that the SCADA system is secure.
Finding a solution could be expensive but if a cyber disaster should occur it would be much worse than investing in security.
From an economic standpoint, the effects of an attack on the power grid would be devastating. The economy is absolutely dependent on the power system and it would be crippled without it. The costs involved in beefing up the security of the SCADA system would be incredibly small in comparison to the potential damage.
ReplyDeleteThese effects would extend rather quickly to the global context in that the global economy is largely dependent of the economy of the United States.
A major cyber-attack somehow is becoming increasingly possible. A successful cyber-attack on the grid could have a devastating impact on national security, economy and the way of life we are living. Grid vulnerabilities can have real and the long-term consequences of a successful wide-spread attack that is unimaginable.
ReplyDeleteAs new technologies kept emerging, these new technologies can involve helping us to protect the grid’s safety. These technologies should address protecting the grid from cyber and other attacks, like trying to detect the problem before/ when failures occur and trying to respond and recover accordingly. One of the innovations can be investing more money to protect the grid system.