DANGEROUS THREAT: INFRASTRUCTURE INTERDEPENDENCIES
By Manuel Cereijo
Our nation's critical infrastructures are highly interconnected and mutually dependent in complex ways, both physically and through a host of information and communications technologies, so called "cyber-based systems).
As shown by the 1998 failure of the Galaxy 4 telecommunications satellite, the prolonged power crisis in California, and many other recent infrastructure disruptions, what happens to one infrastructure can directly affect other infrastructures, impact large geographic regions, and send ripples throughout the national and global economy.
In the case of the Galaxy 4 failure, the loss of a single telecommunications satellite led to an outage of nearly 90% of all pagers nationwide. From an interdependency perspective, it also disrupted a variety of banking and financial services, such as credit card purchases and automated teller machine transactions, and threatened key segments of the vital human services network by disrupting communications with doctors and emergency workers.
In California electric power disruptions in early 2001 affected oil and natural gas production, refinery operations, pipeline transport of gasoline and jet fuel within California and to its neighboring states, and the movement of water from northern to central and southern regions of the state for crop irrigation.
These disruptions also idled key industries, led to billions of dollars of lost productivity, and stressed the entire Western power grid, causing far-reaching security and reliability concerns. Identifying, understanding, and analyzing such interdependencies are a significant challenge, and a very important aspect against home terrorism.
In the general case, infrastructures are connected as a "system of systems". The term interdependencies is conceptually simple. Interdependencies vary widely, and each has its own characteristics and effects on infrastructure agents.
There are four principal classes of interdependencies: physical, cyber, geographic, and logical.
Although each has distinct characteristics, these classes of interdependencies are not mutually exclusive. We will examine two of them in detail. Cuba realized early in 1990 the importance of the vulnerability of the United States infrastructure interdependencies and has been working on several ways of attacking and disrupting these infrastructures.
Two infrastructures are physically interdependent if the state of each is dependent on the material output(s) of the other. For example, a rail network and a coil-fired electrical generation plant are physically interdependent, given that each supplies commodities that the other requires to function properly.
The railroad provides coal for fuel and delivers large repair and replacement parts to the electrical generator, while the electricity generated by the plant powers the signals, switches, and control centers of the railroad. Consequently, the risk of failure or deviation from normal operating conditions in one infrastructure can be a function of risk in a second infrastructure if the two are interdependent.
Cyber interdependencies are relatively new and a result of the pervasive computerization and automation of infrastructures over the last decades. This interdependency is the one where Cuba has developed in the last 10 years the appropriate methods to cause damage to the United States.
Cyber interdependencies connect infrastructures to one another via electronic, informational links. The output of the information infrastructure are inputs to the other infrastructure, and the "commodity" passed between the infrastructures is information. Due to the extensive dependency of the nation's infrastructures in computer networks, this interdependency is the most vulnerable to terrorist attacks. The science of cyber infrastructure interdependencies is still relative immature and vulnerable.
A deeper appreciation of its importance to national security has developed only in the last 10 years. Infrastructures are connected at multiple points such that a bi-directional relationship exists between the states of any given pair.
SECURITY AND PROPRIETARY DATA ISSUES
A highly detailed, comprehensive database of national infrastructures would be a valuable target for hackers, terrorists, and foreign intelligence services-particularly if it were coupled to advanced modeling and simulation. Some of the latest spies for Cuba had as a mission the development of such database.
There is still the not completely solved case of the Moonlight Maze, an operation traced back to Moscow, by private engineers, and possible, not yet proven, with the assistance of Cuban engineers and computer scientists, in which unclassified DOD technology-related computer systems were compromised and sensitive data copied. This is the danger of creating of collecting data into one unclassified comprehensive database.
The information and ability to understand the dynamics of U.S. infrastructures is considered very valuable by the Cuban government, which consioders the U.S. as an ideological enemy. Not to mention the ties of the Cuban government with other terrorist nations, mainly Iraq and Iran.
NETWORK SECURITY ESSENTIALS
Attacks on the security of a computer system or network are best characterized by viewing the function of the computer system as providing information. In general, there is a flow of information from a source, such as a file or a region of main memory, to a destination, such as another file or user. We have the following general categories of attack:
Interruption: An asset of the system is destroyed or becomes unavailable or unsable. This is an attack on availability. Examples include destruction of a piece of hardware, such as a hard disk ( through HERF or LERF technology). The cutting of a communication line, or the disabling of the file management system. (Through the Bejucal base )
Interception: An unauthorized party gains access to an asset. This is an attack on confidentiality. Examples include wiretapping to capture data on a network, and the unauthorized copying of files or programs. Modification: An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. Examples include changing values in a data file, modifying the content of messages being transmitted in a network. This can be done from the Bejucal base.
Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. Examples include the insertion of spurious messages in a network or the addition of records to a file.
Replay: it involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
Masquerade: it takes place when one entity pretends to be a different entity.
CUBA AND THE THREAT
On 1991 Cuba formed a group, under the Military Intelligence Directorate of the Armed Forces. The group was charged to develop whatever means were available to conduct Information Warfare. Since that date, Cuba has advanced to a very sophisticated degree of cyber development, with main bases : the Bejucal Base;, in operation since January 1998; the Paseo complex, in Paseo Street, between 11th and 15th streets; the Jaruco complex; the Wajay complex; the Guines electronic farm; the Santiago de Cuba electronic farm.
WAJAY: 23° 00' 17" 82° 25' 26"
Bejucal : 22° 56' 00" 82° 23' 30"
S. Rosenbush, "Satellites's death puts millions out of touch, USA Today, May, 1998
A. de Rouffignac, "Refineries could be subject to rolling blackouts", Oil Gas Journal, Jan. 2001
S. Fletcher, "Electric power interruptions curtail California oil and gas production", Oil Gas J. February, 2001
M. Amin, " Toward self-healing infrastructure systems", IEEE Computer Applic. Power, Jan. 2001
Y. Haimes, "Risk Modelling, Assessment, and Management" Wiley, 1998
Y. Haimes and P. Jiang, "Leontief-based model of risk in complex interconnected infrastructures", J. Infrastructure Syst. March 2001
Personal conversation of the author with recently arrived or visiting
Cuban engineers and scientists.