Showing posts with label Critical Infrastructure. Show all posts
Showing posts with label Critical Infrastructure. Show all posts

Thursday, February 9, 2012

What we can learn from Italy recently managing a crisis on Critical Infrastructures



Many European countries have been crossed from a snow storm during the last days. I read that about 450 people are dead and that East has been the most wounded area (particularly Poland, Hungary, Romania, Bosnia-Herzegovina) 


Also large part of Italy was covered from heavy snow and got very low temperature. Storm and frozen hit even a usually mild temperature town such as (the beautiful) Rome. 

I'm not writing to take either the side of those who say that this is a further demonstration that the weather is becoming more and more unstable (because of pollution, nuclear tests, etc etc), or the side of those who say that this is just winter time. I'm interested about some lessons learned (in my opinion) that can help to building or improving a governance model for "Critical Infrastructures Crisis Management". 

In fact the storming event in Italy made a deep impact on transports, electricity and gas supply chain that are with no doubt critical infrastructure since their survivability is essential for business and social life.

For a few days railway transportation has been under chaos in many Regions and car traffic has been very difficult for long time in some areas. Few villages are not reachable even today. Thousands of people have been without electricity for hours and hours, also including a large hospital in a main town in the North and few others deficiencies in the infrastructure of other medical buildings. 

The gas supply chain was also stressed from this natural event. You must know that Italy import about 90% of his consuming energy from abroad. As you can imagine, last days we've asked our suppliers to provide us more resources because of the low temperature. Unfortunately our requests could not be satisfied since our suppliers (mainly from Russian) were experiencing bad weather conditions and we've seen our stocked resources going dangerously down and for this reason it was decided to reduce energy to 400 enteprises (that indeed had months ago agreed to subscribe a more convenient contract that includes the reduction of energy in case of emergency)
I think I made clear that during the last days Italy managed a crisis over some national Critical Infrastructure (and besides it is expected another snow storm coming on Friday night!)

Was it well managed ?

I think it was managed at the best from the people that were engaged with all the different situation I told before, but that indeed we would have done much better with a single point of coordination.
Not less important of course would have been to attribute a leading role to coordinate all the prevention activities in the area of Critical Infrastructure, since it came out that resources in place (over different fields) were not available (e.g. it was not possible to delivery snow chains for public bus in Rome and for this reason they couldn’t travel for 1 day)

At least for the first aspect, that is crisis management, we were in a better position in the past than now. Just as an example, about 2 years ago Italy experienced a terrible earthquake in a region called Abruzzo and we were able to nominate one person in charge with crisis management after only a few hours the catastrophe happened (even if it was night time). That man was the Chief of a governmental body called Protezione Civile (trad. Civil Protection).

Unfortunately recently something changed in the national legislation that doesn't allow it to happen anymore so easily. In fact now every region need to activate a formalized process to get the support of the central body....and that may takes days/weeks not hours. Eight days was the time needed to complete this process for the Concordia crisis (do you remember the cruise ship that sank in front of L'Isola del Giglio a couple of weeks ago?). Even more important now the cost (other than coordination) of this kind of activities has been delocalized into the region while before the central body of Protezione Civile kept the budget, so they don’t take easily a decision to declare a national emergency situation (they didn’t  actually for the consequences of this natural event even in the more devastated regions)

That is not really a good thing since in the future we're probably going more often to manage crisis that have interactions over different critical infrastructure. That depends from the obvious fact that our social and business life is going to depend more and more from global networks that are interdependent one with the other. Besides factors that may cause a deep impact over a critical infrastructure are increasing significantly with the evolution of the threat landscape related with the cyberspace. Cyber attacks (because of sabotage, war, etc) might determine a severe outage of any critical infrastructure since Information Technology and IP network have deepened into energy and power distribution, transport, and of course telecommunication

I hope this considerations are agreed from the people that are defining the national approach for the protection of the critical infrastructure.

Saturday, September 17, 2011

Smart Grid (ITA + ENG)



Nelle reti elettriche siamo alla soglia di una importante rivoluzione, la più significativa in questo contesto da almeno un secolo. L’introduzione negli anni recenti dei contatori elettronici nelle nostre abitazioni (non tutti sanno forse che l’Enel è l’utility che ne ha introdotto il maggior numero nel mondo...circa 30 milioni!) è stato solo il preludio iniziale ad un cambiamento epocale che vedremo arrivare nei prossimi anni, quello determinato dal crescente impiego di reti di comunicazioni e sistemi IT e dalla maggiore diffusione di sistemi di controllo e dispositivi intelligenti. 

Si tratta in definitiva dell’evoluzione verso le cosiddette Smart Grid



I gestori elettrici seguiranno delle strategie di introduzione delle Smart Grid differenti a seconda delle loro esigenze di business o operative. Alcuni stanno pensando di dare priorità alla realizzazione delle Smart Grid per rendere più affidabile l’immissione nella rete elettrica dell’energia prodotta tramite fonte alternative (eolico, fotovoltaico, etc.) da grandi produttori business. Per altri gestori la priorità può essere quella di introdurre delle funzionalità che consentono di gestire al meglio la richiesta da parte della clientela di picchi di energia per poter rendere meno onerosa la gestione di tali situazioni “critiche”. 

In ogni caso è universalmente riconosciuto che le Smart Grid in un modo o nell’altro hanno il potenziale di trasformare la generazione, la distribuzione e per finire anche il consumo di energia da parte della clientela finale perché si arriverà a fornire loro la possibilità di controllare e gestire i propri consumi in accordo alle proprie esigenze e profili tariffari. 

Come detto una delle componenti principali della Smart Grid è rappresentata dalla rete di comunicazione che risulterà in realtà composta da diverse reti. Tali reti possono includere WiMax, WLAN, UMTS/LTE, fibra ottica, microwave, land mobile radio, reti wireline dedicate o commutate etc. Questo dipende anche dal fatto che aree differenti di una Smart Grid possono richiedere soluzioni wireless differenti per via delle caratteristiche del territorio e delle condizioni ambientali. 

Attualmente le innovazioni più significative nel Grid sono tipicamente realizzate nel cosidetto ambito AMI (Advanced Metering Infrastructure) consistente dei cosiddetti smart meters (es. i contatori elettronici) interconnessi tra loro per mezzo di concentratori o collettori. In questo ambito le soluzioni di networking adottate possono essere reti meshed o point-to-point, con copertura locale o a lunga distanza. Le opzioni per il backhauling possono essere molteplici, ad es. fibra, il broadband wireless oppure il broadband sulle linee elettriche (broadband over powerline). Le soluzioni wireless possono essere con o senza licenza, e ciò dipende dai bisogni specifici dell’utility (ad es. l’utilizzo di WiFi senza licenza può servire per espandere la portata delle reti a banda larga per l'erogazione di servizi mesh) anche se le soluzioni con licenza garantisco di norma livelli di affidabilità più alti. 

In ogni caso tutte le opzioni considerate presentano vantaggi e svantaggi, ma quello che è generalmente vero per tutte le soluzioni è che risulta necessario introdurre anche una soluzione di sicurezza scalabile, multilayer ed end-to-end che comprenda cioè anche i sistemi di controllo SCADA e l’infrastruttura AMI. 

Infatti come al solito con le opportunità arrivano anche delle complessità aggiuntive da gestire e mi riferisco alla necessità di mantenere la confidenzialità, integrità e riservatezza dei dati e di garantire il rispetto dei requisiti previsti dalla normativa vigente. Per non dimenticare poi che secondo l’Electric Power Research Institute (EPRI) la Cybersecurity è il problema più rilevante per questo nuovo ambito. 

Cyber security is a critical issue due to the increasing potential of cyber attacks and incidents against this critical sector as it becomes more and more interconnected. Cyber security must address not only deliberate attacks, such as from disgruntled employees, industrial espionage, and terrorists, but inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. Vulnerabilities might allow an attacker to penetrate a network, gain access to control software, and alter load conditions to destabilize the grid in unpredictable ways.” 



English version



In electrical networks we are at the threshold of a major revolution, the most significant in this context from at least a century. The introduction of electronic meters in recent years at our homes (not all may know that an Italian energy provider, Enel, is the utility that it has introduced the largest number in the world ... 30 million!) Was only the prelude to what you're going to see in the next years, as determined by the increasing use of communications networks and IT systems and greater diffusion of control systems and intelligent devices.

It is definitely the evolution towards the so-called Smart Grid.


Energy providers will adopt different strategies for the introduction of the Smart Grid according to their different business and operational needs. Some will give priority to the implementation of the Smart Grid to manage in a reliable and effective way the energy coming into the power grid by third party provider's renewable sources (wind, solar, etc..). For others, the priority may be introducing features that allow to control customers demand of peak energy to make more efficient managing these critical situations.

In any case, it is universally acknowledged that the smart grid in one way or another, have the potential to transform the generation, distribution and finally the consumption of energy by the end customers, because it will provide them with the ability to control and manage their consumption according to their needs and fares.

As mentioned, one of the main components of the Smart Grid is represented by the communication network that will be composed of several networks. Such networks may include WiMax, WLAN, UMTS/LTE, optical fibers, microwave, land mobile radio, dedicated or switched wireline networks, etc.. This also depends on the fact that different areas of a Smart Grid may require different wireless solutions due to the characteristics of the area and environmental conditions.

Currently, the most significant innovations in the Grid have been introduced in the so-called field AMI (Advanced Metering Infrastructure), consisting of the so-called smart meters (e.g. electronic meters) interconnected with concentrators or collectors. In this area networking solutions that can be adopted are meshed networks or point-to-point, covering local or long distance. The options for backhauling can be multiple, eg. fiber, wireless broadband, or broadband over the powerline. Wireless solutions can be licensed or not, and that depends on the specific needs of the utility (e.g. the use of unlicensed WiFi can be useful to expand broadband networks to provision mesh services), even if usually licensed solutions assure the highest levels of reliability.

In any case, all options have advantages and disadvantages, but what is generally true for all, it is that is necessary to introduce a scalable security solution, multi-layer, end-to-end that also includes SCADA control systems and AMI.

In fact, as usual with the opportunities also come additional challenges to be faced, and I refer to the need to maintain confidentiality, integrity and availability of data and ensure compliance with law requirements. Not to forget that according to the Electric Power Research Institute (EPRI), the Cybersecurity is the biggest problem for this new field.

Cyber security is a critical issue due to the increasing potential of cyber attacks and incidents against this critical sector as it becomes more and more interconnected. Cyber security must address not only deliberate attacks, such as from disgruntled employees, industrial espionage, and terrorists, but inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. Vulnerabilities might allow an attacker to penetrate a network, gain access to control software, and alter load conditions to destabilize the grid in unpredictable ways.