[About Sandia]
[Unique Solutions]
[Working With Us]
[Contacting Us]
[News Center]
[Search]
[Home]
[navigation panel]
[Surety for the 21st Century]
Surety Solutions for the 21st Century
[Sandia National Laboratories]
Surety home page
Presentations home page
Surety Science and Engineering Workshop
Presentations

Critical Infrastructures

Jennifer Nelson

I'm Jennifer Nelson, department manager of the Critical Infrastructure Surety Department at Sandia National Labs.

(Slide 1)
50 years of surety experience at Sandia provides the foundation for protection of our Nation's critical infrastructures. These critical infrastructures, as defined by the Presidential Commission on Critical Infrastructure Protection, are:

  • information and communication,
  • transportation,
  • banking and finance,
  • emergency services,
  • government services,
  • electric power,
  • oil and gas,
  • water systems.

(Slide 2)
These infrastructures face many threats. We are all probably most familiar with the physical threat, which includes aging and degradation of our bridges and highways, but it also includes hurricanes, ice storms, heat waves, and physical attacks such as the bombing of a facility.

There is growing concern of a newer threat on the horizon - the cyber threat. This can range from inadvertent errors, hacker attacks, and insider threats to organized crime and information warfare. But, the threat that I feel is most insidious is complexity. The increasing interdependencies of the infrastructure can cause an outage in one infrastructure to cascade or ripple through other infrastructures causing failures there. The physical and cyber threats will be discussed by others, so the rest of my talk is going to focus on complexity and interdependencies of the infrastructures.

(Slide 3)
I have some examples of the interdependencies of the infrastructures. The Western power outage started when a transmission cable sagged onto a tree limb causing a power failure. This outage cascaded across 13 states, parts of Mexico and Canada, affecting 7.5 million customers. The telecommunications industry in that area relied on backup generators. Luckily, the power was restored before the generators ran out of fuel. We were within a few hours of that power outage causing a major telecommunications outage. The financial losses suffered by California industry were estimated in the range of $1 to 3 billion for this outage alone.

In my next example, an accidental disruption of electric power caused an outage in the transportation infrastructure. The Kansas City air traffic control system outage lasted for 2 hours and 40 minutes, affecting hundreds of flights and tens of thousands of passengers.

The Auckland power outage lasted for 36 days. Here, a heat-wave induced power cable failure started a massive cascading failure through the other infrastructures. It disrupted medical and emergency services, caused traffic snarls, took out telecommunications, and eventually caused businesses to abandon the Central Business district of Auckland, which produced heavy economic losses in the region.

The Galaxy 4 satellite malfunction caused a communication loss by nearly 90 percent of the 45 million pagers in the U.S. This communication outage caused a disruption of service to medical and law enforcement personnel as well as financial services to banks, retail stores, and gas stations.

These examples show the need for surety in the critical infrastructure area. This is defined as reliability in normal environments, and safety in abnormal environments. An example that shows the need for security and use control in malevolent environments was the San Francisco power outage. Here a disgruntled employee flipped 39 switches in the PG&E Mission Street substation. The resulting power outage affected the transportation infrastructure and thousands of morning commuters due to failed traffic signals and the closing of two BART stations.

(Slide 4)
The current level of surety of individual infrastructures is typically at levels two or three, but the level of surety of interdependencies of the infrastructures is much lower at level one, defined as the reliance on things working as they should and mitigating problems. Sandia is developing an approach that will provide us with the understanding to allow us to move up the surety chain, with the goal of bringing the surety level of the interdependencies of the infrastructure higher.

Since there is a lack of specific threat definition in the infrastructure area, the ability to efficiently identify critical nodes and design protective measures is limited and has historically restrained industry in its willingness to invest in infrastructure protection.

Sandia’s approach to increasing the surety level of the interdependencies of the infrastructure starts with a consensus-based methodology called the Vital Issues Process. This process helps define which consequences are of greatest concern. Then we use a consequence-based analysis to decompose the consequences into the events that can cause them. We use our large-scale modeling and simulation capabilities to determine the economic impacts of the interdependencies of the infrastructure. This then defines and prioritizes the nodes associated with the consequence and provides a business case for investment by private industry and government in protection techniques. It also defines and guides our Indications and Warnings and Information Surety technology solutions.

At Sandia, we’re placing an emphasis on this approach. We are investing internal funding and believe that these projects will give us the science-based understanding to take proactive action. We have fact sheets on several of these critical infrastructure projects as well as our recently published U. S. Infrastructure Assurance Roadmap in the entryway to the auditorium. Thank you very much.


Back to top of page

Questions and Comments || Acknowledgment and Disclaimer