Cyberattacks against Water and Power Plants: a design to obviate this infrastructure weakness
By: Robert L Campbell,
Founding Chairman and CEO of CAP Holding Co. and the principal architect of CHC’s NexGenDesal™
Prompted by an excellent article in “Circle of Blue WaterNews” titled “Water Sector Prepares for Cyberattacks,” I will take the opportunity to describe how CHC has implemented a very robust protection against such attacks.
I bring deep knowledge and sensitivity to this issue, as I was an author of our Nation’s first “Information Warfare Study and Plan”. This still-classified document was produced under the direction of Congress by the Naval Studies Board of the National Academy of Science. I was involved in presenting the plan to President Clinton and Vice President Gore.
Among a wide range of issues addressed by the Study and Plan was the vulnerability of infrastructure systems to both intentional, malicious manipulation of digital control information and massive electromagnetic attacks. The first area of this study looked at methods of protecting digital information sent on various networks, especially the internet. The second area of vulnerability looked at systems that could be disrupted or destroyed by high power electromagnetic pulse (EMP).
Considering a seawater desalination plant (and its associated renewable energy sources), the digital vulnerability is most likely to be from a cyberattack on the plant’s Supervisory Control and Data Acquisition (SCADA) system. Such attacks could be through internet connections, USB thumb drive ports, or even the primary power source. The easy targets within the SCADA system are the human interface equipment (e.g. local computer, local operations panels, motor control devices (VFD’s), valve actuators, and sensors.
The least addressed vulnerability of contemporary seawater desalination plants is that of EMP. Such pulses can be remotely generated by low altitude bursts from specially designed nuclear weapons or very high power pulsed electromagnetic jammers. (Both high power jammers and EMP warfare are a past area of expertise of mine).
In either case, internet digital attacks or EMP, we now see operating examples of these tools for cyberwarfare being tested and deployed. This is an area of great concern to the US Department of Defense and Homeland Security. US infrastructure in general is highly susceptible to these two techniques.
To protect its desalination and power plants, CHC has taken a path that is simple in concept yet technically advanced in implementation. CHC believes no amount of encryption, password protection, or firewalls can protect against the most sophisticated and powerful new electronic warfare weapons. Therefore, CHC’s systems engineering had to incorporate some simple principles: stay disconnected from all internet paths and commercial communication systems (e.g. cell phones, local land lines, and line of sight microwave systems). Next, stay disconnected from local commercial power grids and employ fuel cells as a primary power source (properly installed, fuel cells offer a filter against EMP). Then, electromagnetically harden the vulnerable equipment at the factory, while assembling and testing. Lastly, eliminate local human access to data transmission equipment in the plants (e.g. USB ports, Ethernet connections, and input/output devices).
NexGenDesal™ Systems have no operators on site. Operators and maintenance people are a weak link in cybersecurity. To accomplish unattended remote operations and predictive maintenance, CHC employs a propriety set of hardware and software called Global Secure SCADA (GSS).
GSS is able to burst transmit compressed data to a CHC analysis and control center in the U.S. from any location in the world, except for the extreme Nothern and Southern latitudes where seawater desalination plants are unnecessary (ice can be simply melted to produce potable water). Details of the GSS remain proprietary to CHC and employ highly advanced, well proven satellite communications systems and very advanced Predictive Diagnostics software.
To avoid damage from EMP or lightning, NexGenDesal™ Systems operate off the power grid and use a variety of protection devices on the primary power lines. Instead of grid power, these systems employ one or more of several renewable energy systems, ranging from solar, wind, or sea kinetic, to gas from municipal solid waste. Energy storage will be accomplished with high pressure hydrogen storage. When needed, this hydrogen is then decompressed and converted to electric power, hot air and hot water by a fuel cell. CHC has a unique technology to produce very pure, high pressure hydrogen (2000 to 5000 pounds per square inch) from seawater and can store this gas in commercial high pressure storage vessels. When appropriate, the hydrogen for the fuel cell will be derived from Syngas produce by Municipal Solid Waste destruction, also employing a unique CHC technology and renewable energy.
All in all, the article in “Circle of Blue” concerning cybersecurity of water plants is an excellent “heads up” warning. Unfortunately, from the perspective of CHC and its clients, both the water/power industry and the U.S. government agencies that should be protecting the US infrastructure are far behind our adversary’s’ ever increasing cyberwarfare capabilities.
Until systems like NexGenDesal™ become widely employed, the water and power infrastructure in any country is susceptible to damage, disruption, or even destruction from ever advancing electronic warfare systems.
From the active cyberwarfare perspective, the U.S. knows how to attack other water, power, communications and transportation systems and has the means to do so today. While we are just now “developing a common language to talk about cybersecurity,” many other countries are testing and deploying systems to test our infrastructure vulnerability.
Look to CHC to deploy cyber secure and EMP resistant seawater desalination systems and associated renewable power plants.