Critical infrastructure, Cyber and worsebaecd57d-e4d4-459d... · Critical Infrastructure and Cyber...
Transcript of Critical infrastructure, Cyber and worsebaecd57d-e4d4-459d... · Critical Infrastructure and Cyber...
Critical infrastructure, Cyber and worseCRO Assembly 22 Mai 2019
Dr. Eric Durand, Head Cyber Centre of Competence
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Agenda
1. Of Infrastructures and Critical Infrastructures
2. A realistic worst-case (Cyber)
3. An even worse realistic worst-case ?
2
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Cyber and Infrastructures, some past events
3
Sources: - World Energy Council- www.risidata.com
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
• Individual view = Underwriting view critical and non-critical “infrastructure”
– any (insured) machine
– any (insured) process
Property Damage, Business Interruption, Contingent BI, (Supply Chain)
Three different aspects
4
sources: fema, NIST
• Societal view – critical infrastructure events – little insurance coverage
• (Re)Insurance and society’s survival – largest critical infrastructure events.
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
How to Attack the Electric Power Grid
1: Control centres of TSO/ISO/RTOs1
– Intrusion into SCADA2 system (e.g. via corporate network)
– Making persistent changes on SCADA software
– Manipulation of transformers, breakers and switching centres → generally well protected, but a single attack can cause large blackouts
2: Power plants control centres, power generators– Intrusion into power plant control centres– Installing a malware (Logic Bomb) to distort the protection system of generators.
→ Attacks on single plant not critical thanks to the security reserves kept within the grid. A high number of plants need to be attacked synchronously for large-scale outage very unlikely.
3: “Smart Grid” consumers and producers
– Attack on power meters (consumers) or steering units (decentralised producers)
→“Smart Grid” is still in its infancy. Attack might be a concern in 10-15 years, but not today.
1
2
3
Se
lecte
d
sce
na
rio
1) TSO: Transmission System Operator, central entities that control the flow of electric power in European CountriesISO/RTO: Independent System Operator / Regional Transmission Operator (same function in the USA)
2) SCADA = Supervisory Control and Data Acquisition = System for remote monitoring and control
5
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019 6
Risk Scenario Cambridge
• US Grid study by Cambridge University (May 2015) in collaboration with Lloyds andwith contribution from the Department of Homeland Security
• 15 US States affected, 93 Mio. US Citizens without power for 2-7 days (three subscenarios S1, S2, X1)
• Quantification of Economic Loss and Insurance Industry Losses
• Economic costs (revenue calculation incl. Supply Chain) from USD 61bn to 223 bn
• Insurance losses range from USD 21bn to 71bn
Europe ? Germany, France !
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
• The RTOs in the USA are somewhat prepared, they have been regularly practicing crisis management and incident response (e.g. the Grid Exercise 2016 organized by NERC) also to some extent in case of a cyber attack.
• Two full days are required to regain control over the RTO/ISO’s system and to commence with the restore procedure.
• Fast recovery of 50% of the network can then be achieved within 1 days• Gradual recovery of the other 50% of the network within 11 days
7
Scenario parameters, example
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Swiss Re Approach for Cyber on Critical Infrastructure (electricity production/transmission) for Single Risks
• All single-risks of electricity producers and electricity consumers (industry –commerce –individuals)
• BI, CBI, supplier extensions
FIRST STEP
• Turnover (daily)
• Industry segment
SECOND STEP
• Black-out duration vs. waiting period/deductible
• Black-out size vs. geographical distribution(mono- vs multi-location risks)
THIRD STEP
• Coverage conditions (trigger, exclusions)
FOURTH STEP
• Coverage limitations (Sum Insureds, limits, layer length)
• Minimal capacity charge
FIFTH STEP
• Resulting capacity
SIXTH STEP
8
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019 9
Out of Swiss Re Annual Report 2018, Financial part
Un
ce
r-ta
inty
ran
ge
Not at scale
Worse realistic worst-case ?
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019 11
Solar Storm Events: aka- Coronal mass ejection (CME)- Geomagnetic Disturbance (GMD)- Severe Space Weather- Geo-magnetically Induced Currents (GIC)
Bild: Solar Dynamics Observatorybservatory
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019Slide 12
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
From varying B-fieldandAuroral ElectrojetstoE-field.
13
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Calculation steps
14
1) Substations- per states- 3 EHV voltage levels- with & w/o spares
2) Geo-magnetic latitude3) Resistivity
- down to 100 Km- equivalent impedance
4) Proximity to sea
5) Empirical vulnerabilityof transformers:
(Binomial distribution asfunction of all the above)
For scenario (S2)0 not impacted1 tripped2 slightly damaged3 strongly damaged4 destroyed
%-age of Outage days Outage daystransformers w/o spares with spares
49% 0 033% 5 514% 91 14
3.6% 182 140.4% 243 14
%-age of Outage days Outage daystransformers w/o spares with spares
49% 0 033% 5 514% 91 14
3.6% 182 140.4% 243 14
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Metatech Corp, John Kappenman [2010].- > 130 m people affected
- Assumptions: strength as May 1921 event
- 200-300 transformers affected
- Economic costs > USD 1 trillion
- Lengthy restoration times, chronicshortages for up to 4 to 10 years for a fullrecovery
Scenarios of large-scale and long-lasting power outageWorst case solar storm scenario:
15
Lloyds study (aer) [2013]: Carrington-level storm (1859): 20-40 million people affected, Power outage 16 days to 1-2 years,Economic cost estimated at $0.6-2.6 trillion USD.
Cambridge Uni. [2016]: Total economic “shock”: S1, S2, X1 0.5 – 2.7 trillion USDS1 = “optimistic” view, power outage up to 1 year.X1 = “deliberately extreme, reflects Kappenman’s perspective”(insured is estimated at roughly 10-15%)
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Swiss Re Approach for GMD on Critical Infrastructure (electricity production/transmission) for Single Risks
• All single-risks of electricity producers and electricity consumers (industry –commerce –individuals)
• BI, CBI, supplier extensions
FIRST STEP
• Turnover (daily)
• Industry segment
SECOND STEP
• Black-out duration vs. waiting period/deductible
• Black-out size vs. geographical distribution(mono- vs multi-location risks)
THIRD STEP
• Coverage conditions (trigger, exclusions)
FOURTH STEP
• Coverage limitations (Sum Insureds, limits, layer length)
• Minimal capacity charge
FIFTH STEP
• Resulting capacity
SIXTH STEP
16
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019 17
Out of Swiss Re Annual Report 2018, Financial part
Un
ce
rta
inty
ra
ng
e
Not at scale
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019 18
Discussion time !
1. Of Infrastructures and Critical Infrastructures
2. A realistic worst-case (Cyber)
3. An even worse realistic worst-case ?
Agenda today was:
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Appendix
19
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019Slide 20
DST (disturbance – storm time) index
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Aurora Borealis
Credit : NASAhttp://www.youtube.com/watch?v=N5utQxtma2U
21
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019
Legal notice
©2016 Swiss Re. All rights reserved. You are not permitted to create any modifications or derivative works of this presentation or to use it for commercial or other public purposes without the prior written permission of Swiss Re.
The information and opinions contained in the presentation are provided as at the date of the presentation and are subject to change without notice. Although the information used was taken from reliable sources, Swiss Re does not accept any responsibility for the accuracy or comprehensiveness of the details given. All liability for the accuracy and completeness thereof or for any damage or loss resulting from the use of the information contained in this presentation is expressly excluded. Under no circumstances shall Swiss Re or its Group companies be liable for any financial or consequential loss relating to this presentation.
22
Critical Infrastructure and Cyber | CRO - Assembly | 22 May 2019 23