Military Review English Edition May-June 2014 | Page 26

the processes in our energy, transportation, water management, and other industries. They are the backbone in the technical structure of our society. SCADA systems can remain viable for decades, depending on the processes and machinery these systems control. However, SCADA systems often lack capacity or are difficult to upgrade to meet contemporary cybersecurity challenges. Many of these systems were never intended nor designed to be connected to any other computer, let alone linked to a global information network such as the Internet. The range of vulnerabilities has increased dramatically as embedded software in electro-mechanical machinery has become a standard feature. These programmable controllers in industry and utility companies have limited cybersecurity features. The hardening and increased protection of American SCADA systems is likely to take decades; the majority of the SCADA systems are not upgraded once installed and need additional computer hard- The Big Tujunga Dam is under construction to reinforce the walls due to an increased debris flow from recent severe winter storms, La Cañada Flintridge, Calif., 2 August 2010. (Adam DuBrowa, FEMA) 24 ware to be secured. The defense of these systems is defense in depth, where the corporations and municipalities are parties, as well as the Department of Defense in conjunction with other federal agencies. The most able components in these defensive layers reside within the federal sphere. The question is—if cyberdefense fails, what could happen? The environmental ramifications deserve as much attention as the potential threat to computer systems. Hydroelectric Dams and Reservoirs For example, a series of dam failures in a large watershed would have significant environmental impacts. Hydroelectric dams and reservoirs are controlled using different forms of computer networks, either cable or wireless, and the control networks connect to the Internet. A breach in the cyberdefenses of an electric utility company could lead all the way down to the logic controllers that instruct the electric machinery to open the floodgates. Many hydroelectric dams and reservoirs are designed as a chain of dams in a major watershed to create an even flow of water for generating energy. A cyberattack on several upstream dams could release water that would increase pressure on downstream dams. With rapidly diminishing storage capacity, downstream dams would risk being breached by the oncoming water. Eventually, the attack could have a cascading effect, literally and figuratively, through the river system and result in a catastrophic flood. The traditional cybersecurity way to frame the problem is to consider the loss of function and disruption in electricity generation—overlooking the potential environmental effect of an inland tsunami. This is especially troublesome where the population and the industries are dense along a river, such as in Pennsylvania, West Virginia, and other areas with cities built around historic mills. If the cyberattack occurred during a heavy rain when the dams were already stressed, any rapid increase in water level could trigger successive dam collapses. 8 This could lead to a catastrophic loss of lives and property and a critical loss of hydroelectric capacity. The environmental effects would be dramatic and long-term: freshwater resources would be contaminated, complete ecosystems destroyed, toxic agents released, and soil heavily eroded or May-June 2014 MILITARY REVIEW