By William H. Murray

This week sparked the latest round of buzz around the security of the power grid. We’ve been here before and we will be again. Civilization began with the well and the aqueduct, i.e., infrastructure. That is why we call it civilization. Get over it.

To the extent that we benefit from and rely upon any complex infrastructure, we are vulnerable to interference with and contamination of that infrastructure. Get over it.

Most of the vulnerability in the electric power grid is fundamental, not implementation induced. One can compensate for fundamental vulnerabilities but only within limits of complexity, scale, scope, and load. That is why, at least once a generation, the electric grid fails at those limits, let alone easily anticipated and compensated for misuse and abuse. Even when we compensate for the anticipated misuse and abuse, there will still be failures. Get over it.

The abuse and misuse that we can anticipate today, post 9/11, is much greater than when the majority of the gird was deployed. Compensating for the difference efficiently is our job and why we get paid the big bucks. Get over it. Get on with it.

The value of a network goes up exponentially with the number of nodes; therefore the propensity for two networks to connect goes up with the number of nodes. The value of international connection to the Internet is irresistible. Get over it.

The Internet is a wonderful tool for open source intelligence gathering and target identification. It works in both directions. Get over it.

It is not sufficient to damage the grid so that one can simply connect to the controls; one must also understand the use of the controls. Connections are standard and easily understood; controls are only just becoming so.

Most of the controls in the electric grid are connected to both public networks, Internet and PSTN. While this increases its vulnerability to some classes of attacks (e.g., abuse of the controls), it improves its resiliency in the face of others (e.g., DoS). Note that in time of crisis, we revert to local controls.

We are just beginning to speak of the “resiliency” of infrastructure in place of “security” of infrastructure. We are also just beginning to appreciate the use of disconnecting, both close to the source of attack and close to the target, as a mechanism for resilience.

Until recently, even terrorists did not poison the well. Today, only terrorists and imperialists use weapons of mass destruction. “Mutually Assured Destruction” may not work with suicidal terrorists, but it does restrain other imperialists.

Tags: critical infrastructure, power grid, reliability, resiliency, security, terrorism

This entry was posted on Wednesday, April 8th, 2009 at 6:01 pm and is filed under Analysis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.