Group 2 Scenario, Fall 2017
Period -1 (6 hours before event)
Hackers are constantly targeting the U.S. power grid, especially after the Great North-Eastern blackout of 2003, which leads to the Energy Policy Act of 2005, but despite repeated studies and proposed legislation, Little has been done to harden the US power grid against attack. “Admiral Michael Rogers, director of the National Security Agency, testified before the U.S. Congress that China and a few other countries likely had the capability to shut down the U.S. power grid” (Council on Foreign Relations, 2017). Without warning, hackers of unknown origin could trigger a power surge cyber-bomb within the firewall targeting the power grid in the Southeast US: Alabama, Georgia, Florida, Kentucky, Mississippi, North Carolina, South Carolina, Tennessee, Maryland, Virginia, and West Virginia, affecting the nation’s largest power grid, leaving more than 40 million people without power, and causing a huge number of casualties. This kind of cyber-attack could severely harm the United States economy, society, and political system.
The Department of Energy (DOE) had developed a shared assistance program that would kick in during major power disruptions. The Electricity Subsector Coordinating Council (ESCC) has established a playbook (crisis management framework) to coordinate efforts to facilitate preparing for and responding to national-level disasters or threats to critical infrastructure. “ESCC is taking action on issues in three main areas: facilitating coordination with the government and other critical infrastructure sectors; improving information sharing capabilities, tools, and technologies; and enhancing resilience, response, and recovery efforts” (electricity subsector, 2017). The National Cybersecurity and Communications Integration Center (NCCIC) monitors cyber activity around the clock. The North American Electric Reliability Corporation (NERC) has trained representatives to intervene as quickly as possible when required to identify any malicious software. Many training sessions are conducted throughout the year to focus and test capabilities of federal, state, and local emergency mangers to deal with cyber-attacks, such as FEMA Region III (FEMA, May 2017), and Cyber Guard (DOD/NSA, June 2016).
GIS location analytics are effectively used during the planning and preparedness stage to locate areas such as hospitals, trauma facilities, assisted living facilities, chemical manufacturers and similar facilities that rely on refrigeration to stabilize dangerous substances, and other facilities similarly vulnerable to power outages, to document their readiness--what generator backups they have, their fuel requirements, etc. GIS databases also locate evacuation routes and help equip them with backup power to traffic lights. Replacement equipment (e.g. transformers) are set aside at strategic locations identified through GIS location analytics in preparation for the kind of large scale grid damage, such as would be experienced in a cyber-attack to accelerate power recovery for critical facilities.
(Cyber-attack preparation, 2017)
Period 1 (first 6 hours after event)
Monday, 23rd July 2019 at 9:20 pm. Lights flicker in the Carolinas, Georgia, and Florida and throughout the southeast states. Transformers everywhere explode into flames, and Supervisory Control and Data Acquisition (SCADA) and other control devices are destroyed, causing a blackout across the entire South-Eastern US. People everywhere, in homes, stores, restaurants, high rise buildings, streets, and hospitals are plunged into darkness. Computers and broadband Internet service are unavailable. Gas stations can’t pump fuel. Cellular services are quickly overloaded with emergency distress calls and families and friends checking on one another’s’ safety. Without warning, unidentified hackers have penetrated the Southeast US power grid, triggering a ‘logic bomb’ previously planted to cause a power surge that knocks out electricity for more than 50 million people.
A series of procedures is set in motion, as described by the ESCC playbook (crisis management framework), that helps the energy companies, federal, state, and local organizations to establish communications, so that utility Incident Command Systems and government agencies can effectively start coordinating the response and recovery effort. The NCCIC studies and identifies the attack, while NERC representatives start communications with the utility industry to identify the hacker’s software as quickly as possible. These cyber defense efforts by the NCCIC and NERC are guided by geospatial applications that help visualize the geography of global communications and IT networks to isolate the spread of malicious software and remove it from the system, before it spreads to other segments of the national power grid.