In this paper we identify threats to power substation controllers and SCADA systems, and discuss mitigating mechanisms to reduce vulnerability to malicious electronic intrusions. The U.S. National Institute of Standards and Technology lists nine threats to computer-related commerce in North America. Six of those threats are particularly pertinent to SCADA systems, and at least four are relevant to power substation controllers. Increasing reliance on automated control systems with remote access (via phone or internet) and the growing global economy have expanded the number of potential attackers with access to substation controllers and SCADA systems, and therefore magnified the risk electric utilities have from sabotage and espionage. It is estimated that industrial and foreign espionage in North America has increased over 260% in the last decade, and it has been acknowledged by the U.S. government that other countries have nationally sponsored information warfare efforts targeted against North American commerce. The utilities industry needs to be aware of these threats to their systems and take steps to reduce risk and mitigate vulnerabilities. Protective relay developers and auxiliary service providers should use mechanisms that minimize the likelihood that persons with hostile intent can degrade or destroy commercial power systems. Product, project, and corporate-wide security policies are tools to identify vulnerabilities, assess risk, and implement mitigating mechanisms. Many of the risks involving networked controllers and SCADA systems are similar to those affecting traditional networked-based computer systems. Hence, implementations of security policies for substation controllers and SCADA systems can draw from lessons learned in commercial net...

It is now apparent that our nation's infrastructures and essential utilities have been optimized for reliability in benign operating environments. As such, they are susceptible to cascading failures induced by relatively minor events such weather phenomena, accidental damage to system components, and/or cyber attack. In contrast, survivable complex control structures should and could be designed to lose sizable portions of the system and still maintain essential control functions. This paper discusses the need for defining independent, survivable software control systems for automated regulation of critical infrastructures like electric power, telecommunications, and emergency communications systems. To exemplify the issue we describe an actual power blackout, and use that description to identify and analyze common mode faults leading to the cascading failure. We suspect that sources of common mode faults in real-time control systems are widespread and many, so we define modeling primitives that allow us to use Generalized Stochastic Petri Nets (GSPN) for representing interdependency failures in very simple control systems. As such, this work provides the initial step toward creating a framework for modeling and analyzing reliability and survivability characteristics of critical infrastructures with both hardware and software controls.

Abstract — Modern society depends on the operations of civil infrastructure systems, such as transportation, energy, telecommunications and water. Clearly, disruption of any of these systems would present a significant detriment to daily living. However, these systems have become so interconnected, one relying on another, that disruption of one may lead to disruptions in all. The focus of this research is on developing techniques which can be used to respond to events that have the capability to impact interdependent infrastructure systems. As discussed in the paper, infrastructure interdependencies occur when, due to either geographical proximity or shared operations, an impact on one infrastructure system affects one or more other infrastructure systems. The approach is to model the salient elements of these systems and provide decision makers with a means to manipulate the set of models, i.e. a decision support system. 1

Abstract: The declining reliability of the US electric power system is raising major concerns amongst both politicians and power engineers in the USA. One of the reasons put forward by the North Electric Reliability Council (NERC) is the detrimental role played by the protection systems during large disturbances, which tend to help the perturbations to propagate through over-tripping of fault free system components due to hidden failures. It turns out that the present practice in power transmission planning and online security analysis is to neglect the impact of the protection systems. In addition, the aim is to mitigate the vulnerability of the system to the loss of a single piece of equipment only by carrying out an N-1 security analysis. Consequently, the risk of cascading failures leading to blackouts and brownouts is neither assessed nor managed. This paper describes methodologies together with algorithms that assess the conditional risk of catastrophic failures in electric power networks due to hidden failures in protection systems. A catastrophic failure, defined as one that results in the outage of a sizable amount of load, may be caused by dynamic instabilities in the system or exhaustion of the reserves in transmission due to a sequence of line tripping leading to voltage collapse. Only the latter case is being considered. The aim of these algorithms is to identify the weak links in the systems, which are defined as those branches of the network whose tripping due to a fault lead to the highest probabilities of a catastrophic failure. The proposed methods are demonstrated on a 7-bus and a 61-bus system.

The notion that our nation’s critical infrastructures are highly interconnected and mutually dependent in complex ways, both physically and through a host of information and communications technologies (so-called “cyberbased systems”), is more than an abstract, theoretical concept. As shown by the 1998 failure of the Galaxy 4 telecommunications satellite, the prolonged power crisis in California, and many other recent infrastructure disruptions, what happens to one infrastructure can directly and indirectly affect other infrastructures, impact large geographic regions, and send ripples throughout the national and global economy. In the case of the Galaxy 4 failure, the loss of a single telecommunications satellite led to an outage of nearly 90 % of

I was asked to write the chapter on “Societal Pains ” caused by outages and major power quality disruptions and their impact on our society. Indeed our national security and digital economy place increased demand for reliable and disturbance-free electricity. The massive power outages in the

Amin, 2000]. Software tools for the support of multi-agent systems also provide an important element of control for the purposes of experimentation [Hanks et al., 1993], as well as solutions to problems in the real world that are beyond the capabilities of current AI technology, allowing research one area to proceed despite the immaturity of research in related areas [Anderson, 1995]. The demands of supporting mobile intelligent agent development and experimentation place enormous expectations on a software tool for these purposes: everything from supporting sophisticated individual action and group interactions, to providing detailed control over trials in an environment, to accurate perception within computational bounds, to the efficient management of the objects collectively representing the agents' environment [Anderson, 1995]. Surrounding these specific issues however, is the more pervasive problem of wide applicability or breadth: in order to perform ongoing research, where ag

Computing nodes in a flexible network arrangement must support a range of programming facilities. Modern controllers allow already programs stored in different degrees of permanency. Other measures are more focused on structural changes. The overall potential is to-day not supported by a single device. It is the purpose of this paper to outline the architectural requirements for a generic LOFAR node in an approach towards a self-healing network. This covers both aspects of reconfiguration and self-test. From a basic framework of programmable flexibility and test measures, a scheme is advocated that provides a transparent software extensions to the popular boundary scan test for hardware.

This paper presents a functionality based model for survivable Intelligent Transportation System (ITS) control infrastructures. Specifically, a method is shown that allows us to determine the vulnerability of an ITS communication infrastructure to malicious acts and to derive optimal mitigations. The research is applied to a real ITS currently being implemented in a small town. Results show that significant reductions in vulnerability can be achieved utilizing the principle of redundancy with minimal effort. The method presented is especially suitable to reducing vulnerabilities of existing ITSs as it can be effectively applied after an ITS has been built. Mitigation techniques can be derived based on maximal benefit under consideration cost-benefit ratio.

Abstract—In this paper we illustrate total structure of swarm systems and their impacts on net-centric computing environments. The paper presents a comprehensive look on swarm applications and its potential to solve complex problems in related areas. The effects of emergent externalities of swarm behavior through its basic elements such as groups/clusters, individuals/agents and inner/outer communications are also studied to explain the role of swarming in improving the performance of net-centric systems. Self-organization, robustness, flexibility and handling unpredicted situations are introduced as results of such collective and cooperating strategies. The paper also takes a look at the role of existing technologies and related challenges towards implementing real swarm systems. Index Terms—Swarm intelligence, self-organization, robustness, flexibility, multi-agent systems.