In May 2, 2006, the NERC board of trustees adopted the Critical Infrastructure Protection Cyber Security Standard. This article provides some answers to questions in the form of security program...
When disaster strikes, land-based radios become critical infrastructure.
For decades, utilities and other agencies have grown accustomed to using land mobile radio (LMR) systems and traditional analog technologies. Unfortunately, as with everything else in our society during the Information Age, and our growing dependence on information technology, the LMR systems that the utility industry—and therefore society—depend on have become just as vulnerable as our home computer systems.
The role LMR plays in maintaining public utilities and aiding recovery from disaster—natural or man-made—is vital. However, these same systems can also be the deliberate target of malicious entities that seek to worsen disaster and delay regrouping and rebuilding efforts for as long as possible. As a result, protecting LMR systems has become as important as securing other types of critical utility infrastructure.
Traditionally, LMR has been a technology based on analog voice systems that involved standard conventional repeaters and some form of analog telephony backbone. Today, in an attempt to maximize available funding, provide interoperability with other agencies, and use existing assets, utilities are purchasing LMR systems based on existing information technology and capable of running on existing IP-based infrastructure. This reduces the costs of installing, maintaining and improving current systems since commercial off the shelf (COTS) components are now applicable. Also it utilizes personnel already trained and experienced in existing systems, and allows for multiple technologies to co-exist within the same infrastructure.
This versatility and commonality comes at the cost of being susceptible to the same issues as any corporate network or home computer— i.e., malware, viruses, Trojans, worms, etc. These vulnerabilities are then open to exploitation by criminals, “hacktivists,” terrorists, and unfriendly governments.
Wireless LMR networks can be considered critical systems, because they provide mobile voice and data communications for field personnel who are maintaining the vast and geographically dispersed assets that make up the utility’s infrastructure. At most utilities, the most common communications are: between dispatch and field crews discussing the status of work being performed—including initiation, status, completion, and materials consumed; between distribution control personnel and field crews to ensure field crew safety; and among field crew personnel to share information necessary to safely perform coordinated work in dangerous situations.
With the technologies available for narrowband communications involved in LMR, utilities typically build private systems to provide a large service territory with reliable coverage. Besides providing voice service alone, today’s LMR systems are also used to support data communications, like work orders for field personnel, as back-up communication for critical SCADA systems, and increasingly as primary communication for automation of certain elements on the utility grid.
During and after a disaster, field personnel called upon to restore public service require a constant stream of information and assistance from dispatchers, customer relations, distribution control, and more. During this time, cell phone services are typically unavailable or saturated. First responders and associated personnel will therefore depend almost entirely on LMR systems.
A disaster takes a large toll on public infrastructure. At the center