State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
When disaster strikes, land-based radios become critical infrastructure.
of these chaotic environments are public safety personnel who are attempting to restore services to governments, businesses, and consumers while also dealing with the impact: loss of services, large-scale power failures, downed lines, limited public communications, and blocked access from debris, flooding, and emergency services activities.
A reliable LMR system, if properly designed, features a back-up battery and generator systems to maintain power and communication capabilities. It also features dedicated and available communication paths for utility personnel, so that communications during restoration are available to facilitate a return to full service as quickly as possible. During this time the primary use of LMR systems is to locate the source of failures, activate appropriate safety protocols and coordinate with other first responders and technicians.
Critical Radio Infrastructure
Traditionally cyber security is focused on providing confidentiality, integrity, and availability across multiple domains including operational, computer, network, and physical security. When categorizing a system, stakeholders must decide the weight of each focus in relation to their mission and goals. An agency primarily concerned with recovering from natural disasters will concentrate policy and funding toward maintaining availability, at the sacrifice of confidentiality and integrity. This is a safe assumption if your agency has little or no risk of being the target of malicious intent—an assumption that’s no longer valid in today’s critical environment.
With the recent occurrence of government funded malicious software designed to attack specific industrial control systems— e.g., Stuxnet 1—and targeted attacks against critical infrastructure, such as the recent destruction of water pumps in Illinois, 2 public utilities must put more effort and funding into protecting the confidentiality and integrity of LMR systems to ensure the security of their primary communications.
Availability is the primary reason public utilities invest in private LMR systems—to allow communications among personnel so they can quickly resolve and address issues. Availability is often addressed by multiple means within an LMR system and is more often impacted by the budget limitations of the agency, since it often involves providing redundancy. Common redundancy solutions to consider include:
• Battery back-up at critical locations to provide 30 minutes or more of power;
• Generator back-up to provide electrical power for longer outages;
• Redundant backhaul communications— e.g., multiple fiber paths, microwave redundancy, and possibly even hot standby radios, etc.;
• Redundant equipment in case of hardware failure—such as a hot standby architecture to provide immediate recovery, or stocking and installation of spare equipment;
• Redundant antennas—to protect against physical damage to an antenna system; and
• Coverage overlap—to protect against a transmitter site failing due to loss of a generator or damage to the radio antennas or tower.
Think Like a Terrorist
Confidentiality and integrity become critical as unauthorized disclosure or alteration of information could negatively impact operations. Security is meant to address malicious or accidental behaviors from impacting the system. Understanding the necessity of these controls becomes an exercise in devious thinking, or thinking like a terrorist.
Breach of even the most innocuous information can be extremely useful to attackers, because it allows them to learn where to