Can Florida Survive?
Download
Report
Transcript Can Florida Survive?
Critical Infrastructure,
Critical Vulnerabilities
Dr. Barry S. Hess
November – December 1996
Perspective
Team had no a priori knowledge of the
critical infrastructure and its vulnerabilities
Initial search plan focused on attaining
background information on the various
aspects of the critical infrastructure
“Target” choice driven by information
Quantity and fidelity of information were
sufficient for a vulnerability analysis
Information Vulnerabilities
The physical “Fortress America” does not
protect U.S. in the information age
Several national-level “IW” wargames have
examined this issue, and each has run to
the same probing question:
“Can we defend ourselves against an IW
attack?”
Executive Order 13010 of 15 July 96
“Critical Infrastructure Protection” and its
President’s Commission on Critical
Infrastructure Protection are steps in the
right direction
Critical Infrastructure
Gas and oil storage
and transport
Electrical power systems
Continuity of Government
Telecommunications
Transportation
Emergency services
Banking and Finance
Water supply
Critical Infrastructure
Electrical power systems
Information about power generation and
distribution easily found
Nuclear Power intriguing
Previous government statements (FBI
Intelligence Division Congressional testimony
March 19, 1993) seemed to dismiss potential of
attack, yet on-line information showed
vulnerabilities
Web sites from the Nuclear Regulatory
Commission (NRC) and Florida Power and
Light (FPL) expanded knowledge base
Context
Defense Science Board Task Force on Information Warfare-Defense:
Threat of “IW” attack “significant”
Nation’s “vulnerabilities are numerous,
[and] the countermeasures are extremely
limited...”
“. . . current practices and assumptions
are ingredients in a recipe for a national
security disaster . . .”
DSB Threat Assessment*
Validated
Existence*
Existence likely
but not validated
Incompetent
Hacker
Disgruntled
Employee
Crook
Organized Crime
Political Dissident
Terrorist Group
Foreign Espionage
Tactical Countermeasures
* = Validated by DIA
= Widespread
= Limited
Information Age Terrorism
Terrorism thrives on fear
Double-edged sword
The possibilities…….
Source: www.businessmonitor.co.uk/docs/proc/HD02/TERROR.html
Methodology
Use the Internet for intelligence
collection on high impact “targets”
Totally unclassified
Internet-based “collection”
Identify “cyber” vulnerabilities
Identify physical vulnerabilities
Assess impact of two taken together
Perspective
7 February 1993
“FBI considers nuclear power plants
unlikely targets for terrorist attack
because they are relatively wellprotected and hard to attack
without great risk to the attackers.”
26 February 1993
Senate Testimony
19 March 1993
FBI Intelligence Division spokesman
20 March 1995
19 April 1995
Target Selection
Criteria:
Accessibility
Plausible deniability
Maximum fear potential
Combination of cyber and
physical attack possible
Ease of reconnaissance
Target
St. Lucie Nuclear Power Plant
Source: www.nrc.gov/AEOD/pib/reactors/335/335toc.html
Target Selection
Florida Power and Light (FPL)
Serves about 50% of Florida
(7 million people)
Nuclear power provides 25%
of FPL’s energy
One megawatt meets the
electric needs of 300 homes
and businesses
One Nuclear Plant outside of
Fort Pierce, the St. Lucie
plant, has recently had some
problems
Nuclear plant attack: high physical
and psychological impact
Source: www.fpl.com/fplpages/aboutus.htm (and others)
St. Lucie Nuclear Power Plant
Source: www.co.st-lucie.fl.us/bigmap.html
Source: www.nrc.gov/AEOD/pib/reactors/335/335toc.html
Recent Incidents
St. Lucie Nuclear Power Plant
26 Sep 1995: Two pressurized valves improperly installed
2 Nov 1995: NRC cited seven violations
24 Jan 1996: 61 positions eliminated
31 Mar 1996: 350-gallon spill of “slightly radioactive” water
14 Aug 1996: Back-up control room safety switches glued shut $10,000 reward offered to find/convict saboteur
10 Jan 1997: As a result of November 1996 NRC special design
review NRC fines Florida Power & Light $100K … security,
emergency preparedness, instrumentation modification
27 Mar 1997: NRC Region II met with FPL to discuss recent plant
performance
16 May 1997: NRC Region II met with FPL to discuss worker
complaints filed with NRC, 41 in 1996 double the 1995 number
2 Sep 1997: Unauthorized entry into the protected area occurred
Source: www.pbpost.com/pbbiz/top50/(assorted)
www.fpl.com/fplpages/news.htm
Operating Parameters
(St. Lucie Nuclear Power Plant)
Reactor #1
Reactor #2
NRC docket number
50-335
50-389
Electric capacity (MW)
830
830
Initial criticality
22 April 1976
2 June 1983
Commercial operations
21 December 1976
8 August 1983
Reactor type
Pressurized Water Reactor (2-loop)
Reactor manufacturer
Combustion Engineering*
Number of fuel assemblies
217
217
Number of fuel rods / assembly
176
236
* = CE is now a subsidiary of ABB Atom AB,
Source: www.nrc.gov/AEOD/pib/reactors/335/a/335atxt.html
www.nrc.gov/AEOD/pib/reactors/389/a/389atxt.html
Sweden
www.abb.se/atomweb/atomweb2.htm
St. Lucie Nuclear Power Plant
Site Plan
Source: www.nrc.gov/AEOD/pib/reactors/335/335toc.html
Source:
www.nrc.gov/AEOD/pib/reactors/335/b/335b010.html
St. Lucie Nuclear Power Plant
Blueprints
Source: www.nrc.gov/AEOD/pib/reactors/335/335toc.html
Source: www.nrc.gov/AEOD/pib/reactors/335/d/335d021.html
www.nrc.gov/AEOD/pib/reactors/335/d/335d028.html
St. Lucie Nuclear Power Plant
Blueprints
Source: www.nrc.gov/AEOD/pib/reactors/335/335toc.html
Source: www.nrc.gov/AEOD/pib/reactors/335/d/335d021.html
www.nrc.gov/AEOD/pib/reactors/335/d/335d028.html
St. Lucie Detail Mapping
Graphic Representation
of Power Line Route
source: www.landinfo.com
Fuel Storage
New fuel stored dry in vertical racks in Fuel
Handling Building
Spent fuel stored on-site in borated water
pools (also located in Fuel Handling
Building)
Reactor #1 has 300.1 MTU irradiated fuel stored
on-site
Reactor #2 has 175.9 MTU irradiated fuel stored
on-site
Fuel moved between Fuel Handling Building
and Reactor Building via fuel transfer tubes
Source: www.nrc.gov/AEOD/pib/reactors/335/c/335c002.html
www.nrc.gov/AEOD/pib/reactors/389/c/389c002.html
www.prop1.org/prop1/radiated/fl0rept.htm
Key FPL Personnel
Art Stall—Florida Power & Light Vice
President, St. Lucie Plant
John Scarola—Plant Manager, St. Lucie
Plant
2400 S Ocean Drive
Fort Pierce, FL 34949-8019
(561) 465-8052
Ed Gambon—Technical Support Supervisor,
FPL
1501 S Ocean Blvd.
Pompano Beach, FL 33062-7432
(954) 941-2015
Source: www.pbpost.com/pbbiz/top50/(assorted)
www.fpl.com/fplpages/news.htm
www.switchboard.com
Key Plant Personnel
John Scarola
2400 S. Ocean Drive
Fort Pierce, Fl 34949
(561) 465-8052
St. Lucie Nuclear
Power Plant
Source: www.pbpost.com/pbbiz/top50/(assorted)
www.fpl.com/fplpages/news.htm
www.switchboard.com
www.streetatlasusa.com
Evacuation Routes
Source: www.nrc.gov/AEOD/pib/reactors/389/b/389b011.html
Source: www.nrc.gov/AEOD/pib/reactors/389/b/389b015.html
Emergency Response
Mr. Joseph F. Myers
4010 Harpers Ferry Drive
Tallahassee, FL 323089440
(904) 386-6632
[email protected]
Source: www.nrc.gov/AEOD/pib/reactors/389/b/389b018.html
www.nrc.gov/AEOD/pib/reactors/389/b/389b021.html
www.worldpages.com/worldsearchrl
Emergency Response
*
* St. Lucie County = Local Emergency Planning
Committee, FL District 10
Source: www.nrc.gov/AEOD/pib/reactors/389/b/389b019.html
www.nrc.gov/AEOD/pib/reactors/389/b/389b023.html
Florida State Warning Point
Communications Capabilities
Commercial Telephone System (POTS)
Hot Ring Down System (HRD)*
Emergency Satellite Communications System
(ESATCOM)**
Computer-Based Bulletin Board (dial-up capability)
High Frequency Radio
VHF-UHF-800 Radio (regional relay stations)
PROACTiv Decision Line (e.g., tele-conference)
SunCom Network (e.g., DSN with 11 switches)
National Alerting and Warning System (NAWAS)
Amateur Radio
* = Primary emergency comm link
** = Secondary emergency comm link
Source: www.state.fl.us/comaff/DEM/RESPONSE/SWP/(assorted)
Key Emergency Contacts
Local FEMA POC
FEMA Region 4, Atlanta GA
Richard Prevatte, St. Lucie
Plant Senior Resident
Inspector
Mark Miller, St. Lucie Plant
Resident Inspector
State of Florida
Emergency/Disaster POC
Joseph Myers, Director, FL
Div. of Emergency
Management
William O’Brien, Area 7
Coordinator (includes St.
Lucie County), FL Bureau of
Preparedness & Response
Local City Government
Leaders
Local NRC POC
Dennis Beach; City Manager,
Ft. Pierce
Edward Enns; Mayor, Ft.
Pierce
Donald B. Cooper; City
Manager, Port St. Lucie
Robert E. Minsky; Mayor,
Port St. Lucie
Local Fire/HazMat POC
Paul Haigley Jr., St. Lucie
County Fire Chief
Source: www.state.fl.us/comaff/DEM/HTML/emerge.html
www.state.fl.us.DEM/RESPONSE/SWP/perlist.html
www.pbpost.com/fyi/slgovt.htmrl
Key Emergency Contacts
St. Lucie County
Government officials
Tom Kindred, County
Administrator
Ron Brown, Public
Works Manager
Morris Adger, Port
Director
Curtis King, Airport
Director
William Blazak,
Utilities Services
Manager
Local Sheriff/Police
Chief
R.C. Knowles, Sheriff
of St. Lucie County
J. Mahar, Chief of
Police Ft. Pierce
C.L. Reynolds, Chief
of Police Port St.
Lucie
Source: www.pbpost.com/fyi/slgovt.htmrl
www.co.st-lucie.fl.us/DIRECTORY/GOV.HTML
www.co.st-lucie.fl.us/DIRECTORY/POLICE.HTML
Power Delivery System Comms
Backbone
FPL LeJeune-Flagler office outside
Miami controls network
9250 W Flagler St, Miami FL
33174
2 Synchronous Optical Networks
(SONET)
ATM backbone - 8 Northern
Telecom (Nortel) Magellan
Passport Model 160 switches to
integrate/improve capacity of 2
SONETs
16 slot design, voice and data
Unit-specific cooling required
Know installed unit size, network
protocols and power
requirements
Reconstitution extremely difficult:
Nortel engineers spent months
configuring network
www.nortel.com/home/press/19996c/9_30_96_283FPLMagellan.ht
www.nwfusion.com/cgi-bin/gate2?I33xE/1WbUeg01/1Ek1Eb/x3
www.nortel.com/entprods/magellan/products/pp-glo.html
Disaster Recovery of Data
FPL uses an IBM ADSTAR
Distributed Storage Manager for
data back-up and recovery
Back-ups done on a IBM 3390
Model 9 in Miami, then sent over
a T-3 line to an auto tape library
110 miles away
Backup volumes and basic
databases then physically moved
off-site for storage
Daily back-ups for entire company
are done on 239 platforms
105 AIX and HPUX servers
93 Novell servers
41 Windows, O/S 2, and
Macintosh workstations
Source: www.storage.ibm.com/storage/software/adsm/adsmfpl.htm
St. Lucie County
Telecommunications
Radio: Commercial &
Infrastructure
Frequency assignments
Physical locations
TV: Broadcast & Cable
Frequency assignments
Physical locations
Telephone
Wire
Wireless
Infrastructure
Telephone numbers, frequency
assignments
Physical locations
Radio
Commercial
Local radio stations
EAS Local Primary 1 & 2
Call letters & frequencies
[LP1]WRMF-FM 97.9/ WJNOAM 1230 [LP2] WQCS-FM
88.9)
Office locations & key personnel
WRMF & WJNO
P.O. Box 189
West Palm Beach, FL
33401
Lat/long & orientation of
transmission towers/antenna(s)
WRMF: N263437 W0801432
WJNO: N264336 W0800303
WQCS: N272517 W0802123
Infrastructure
Telephone numbers,
assigned radio frequencies,
and locations of city/county
police, fire, and rescue
departments
Assigned radio frequencies
used by local telephone and
electric power companies
Assigned radio frequencies
for FEMA, DOE National
Emergency Search Team and
other national emergency
medical services
Source: www.co.st-lucie.fl.us/DIRECTORY/RADIO.HTML
www.radiostation.com/cgi-bin/fmcall
tiger.census.gov/cgi-bin/mapbrowse
fcn. state.fl.us/oraweb/owa/teldir.county_query_22
www.fab.org/opareas.html
PSTN Locator
$100 can purchase software
and database containing all
U.S. Telecommunication
Switching Centers
Company Name
Switch Name & identifier
Area code and exchanges
serviced
Lat / Long (To second)
Architecture
Switch features
Distance to other switches
Fort Pierce, Florida
PSTN Location
Electric Power Grid
Utilities buy and sell electricity to each other via consortia
called power pools
Power pool's principal mission is to coordinate, monitor,
and direct the operations of the major generating and
transmission (bulk power system) facilities
Source: www.epri.com
Joint Transmission Services
Information Network (JTSIN)
Federal Energy Regulatory Commission
mandated electric utility industry share
transmission capacity data on a network
Internet-based because infrastructure
exists
JTSIN will use:
Microsoft SQL Server databases and Netscape’s
FastTrack Web server
OS is Windows NT on 150-MHz Pentium servers
Source: techweb.cmp.com/582/pf97/82ioutl.htm
Inter-Control Center
Communications Protocol (ICCP)
Provides utilities a standardized, flexible method for
exchange of real-time operational data (basically a WAN)
Has a real-time interface to power plant control systems
Suitable for dispatch and security operations associated with
Independent Grid Operators, regional pools and security
centers, and transmission control centers
Has open standard interfaces for both real-time and historical
power system monitoring
System accepts dial-up modem protocols (TCP/IP) or DECnet
protocols
Prototype ICCP version 5.1 uses DEC Alpha computers running
Open VMS operating system (Electric Reliability Council of
Texas)
Source: www.epri.com/pdg/pf97/gop/gop1_18.html
www.pacifier.com/~nsrvan/iccp/iccp.htm
www.livedata.com/ICCPwp.htm
Collection Plan
What we know
Site plan and schematics; recent history of “insider” problems
Leadership, with addresses, e-mail, fax and phone numbers
Emergency evacuation routes, and notification procedures
Emergency communications plans and frequencies
Plant computer systems and back-up procedures
Details of power distribution monitoring network
Interface into the North American power grid, entry protocols
to real-time interface with power generation
What we don’t know... yet
Details “of security plans and equipment, and response
weapons and tactics” (March 24 Letter from NRC)
Worker schedules, plant routines, etc.
Not My Problem?
“Congress mandated by the Sunshine Act
that much of what your team found should
be provided to the public.”
“…an act that preys on public fears… or
assassinates key staff… not be regarded by
the NRC as “successful” if there is no
danger to the public health and safety from
the operation of the facility. Furthermore,
the NRC does not have the regulatory
authority to address these acts.”
NRC letter to my team; 24 March 1997
Assessment
“Intelligence” gathered from the
Internet reveals infrastructure
vulnerabilities
Continued unrestricted access to
information will empower adversaries
Information may not be perfect, but it
may give “80% solution”
Collection and integration of information
is simplified; agent actions limited and
focused