FreshRSS

Normální zobrazení

Jsou dostupné nové články, klikněte pro obnovení stránky.
PředevčíremHlavní kanál
  • ✇IEEE Spectrum
  • How to EMP-Proof a BuildingEmily Waltz
    This year, the sun will reach solar maximum, a period of peak magnetic activity that occurs approximately once every 11 years. That means more sunspots and more frequent intense solar storms. Here on Earth, these result in beautiful auroral activity, but also geomagnetic storms and the threat of electromagnetic pulses (EMPs), which can bring widespread damage to electronic equipment and communications systems.Yilu LiuYilu Liu is a Governor’s Chair/Professor at the University of Tennessee, in Kno
     

How to EMP-Proof a Building

25. Květen 2024 v 15:00


This year, the sun will reach solar maximum, a period of peak magnetic activity that occurs approximately once every 11 years. That means more sunspots and more frequent intense solar storms. Here on Earth, these result in beautiful auroral activity, but also geomagnetic storms and the threat of electromagnetic pulses (EMPs), which can bring widespread damage to electronic equipment and communications systems.

Yilu Liu


Yilu Liu is a Governor’s Chair/Professor at the University of Tennessee, in Knoxville, and Oak Ridge National Laboratory.

And the sun isn’t the only source of EMPs. Human-made EMP generators mounted on trucks or aircraft can be used as tactical weapons to knock out drones, satellites, and infrastructure. More seriously, a nuclear weapon detonated at a high altitude could, among its more catastrophic effects, generate a wide-ranging EMP blast. IEEE Spectrum spoke with Yilu Liu, who has been researching EMPs at Oak Ridge National Laboratory, in Tennessee, about the potential effects of the phenomenon on power grids and other electronics.

What are the differences between various kinds of EMPs?

Yilu Liu: A nuclear explosion at an altitude higher than 30 kilometers would generate an EMP with a much broader spectrum than one from a ground-level weapon or a geomagnetic storm, and it would arrive in three phases. First comes E1, a powerful pulse that brings very fast high-frequency waves. The second phase, E2, produces current similar to that of a lightning strike. The third phase, E3, brings a slow, varying waveform, kind of like direct current [DC], that can last several minutes. A ground-level electromagnetic weapon would probably be designed for emitting high-frequency waves similar to those produced by an E1. Solar magnetic disturbances produce a slow, varying waveform similar to that of E3.

How do EMPs damage power grids and electronic equipment?

Liu: Phase E1 induces current in conductors that travels to sensitive electronic circuits, destroying them or causing malfunctions. We don’t worry about E2 much because it’s like lightning, and grids are protected against that. Phase E3 and solar magnetic EMPs inject a foreign, DC-like current into transmission lines, which saturates transformers, causing a lot of high-frequency currents that have led to blackouts.

How do you study the effects of an EMP without generating one?

Liu: We measured the propagation into a building of low-level electromagnetic waves from broadcast radio. We wanted to know if physical structures, like buildings, could act as a filter, so we took measurements of radio signals both inside and outside a hydropower station and other buildings to figure out how much gets inside. Our computer models then amplified the measurements to simulate how an EMP would affect equipment.

What did you learn about protecting buildings from damage by EMPs?

Liu: When constructing buildings, definitely use rebar in your concrete. It’s very effective as a shield against electromagnetic waves. Large windows are entry points, so don’t put unshielded control circuits near them. And if there are cables coming into the building carrying power or communication, make sure they are well-shielded; otherwise, they will act like antennas.

Have solar EMPs caused damage in the past?

Liu: The most destructive recent occurrence was in Quebec in 1989, which resulted in a blackout. Once a transformer is saturated, the current flowing into the grid is no longer just 60 hertz but multiples of 60 Hz, and it trips the capacitors, and then the voltage collapses and the grid experiences an outage. The industry is better prepared now. But you never know if the next solar storm will surpass those of the past.

This article appears in the June 2024 issues as “5 Questions for Yilu Liu.”

  • ✇IEEE Spectrum
  • Default Passwords Jeopardize Water InfrastructureMargo Anderson
    Drinking-water systems pose increasingly attractive targets as malicious hacker activity is on the rise globally, according to new warnings from security agencies around the world. According to experts, basic countermeasures—including changing default passwords and using multifactor authentication—can still provide substantial defense. However, in the United States alone, more than 50,000 community water systems also represent a landscape of potential vulnerabilities that have provided a hacker’
     

Default Passwords Jeopardize Water Infrastructure

21. Květen 2024 v 18:08


Drinking-water systems pose increasingly attractive targets as malicious hacker activity is on the rise globally, according to new warnings from security agencies around the world. According to experts, basic countermeasures—including changing default passwords and using multifactor authentication—can still provide substantial defense. However, in the United States alone, more than 50,000 community water systems also represent a landscape of potential vulnerabilities that have provided a hacker’s playground in recent months.

Last November, for instance, hackers linked to Iran’s Islamic Revolutionary Guard broke into a water system in the western Pennsylvania town of Aliquippa. In January, infiltrators linked to a Russian hacktivist group penetrated the water system of a Texas town near the New Mexico border. In neither case did the attacks cause any substantial damage to the systems.

Yet the larger threat is still very real, according to officials. “When we think about cybersecurity and cyberthreats in the water sector, this is not a hypothetical,” a U.S. Environmental Protection Agency spokesperson said at a press briefing last year. “This is happening right now.” Then, to add to the mix, last month at a public forum in Nashville, FBI director Christopher Wray noted that China’s shadowy Volt Typhoon network (also known as “Vanguard Panda”) had broken into “critical telecommunications, energy, water, and other infrastructure sectors.”

“These attacks were not extremely sophisticated.” —Katherine DiEmidio Ledesma, Dragos

A 2021 review of cybervulnerabilities in water systems, published in the journal Water, highlights the converging factors of increasingly AI-enhanced and Internet-connected tools running more and bigger drinking-water and wastewater systems.

“These recent cyberattacks in Pennsylvania and Texas highlight the growing frequency of cyberthreats to water systems,” says study author Nilufer Tuptuk, a lecturer in security and crime science at University College London. “Over the years, this sense of urgency has increased, due to the introduction of new technologies such as IoT systems and expanded connectivity. These advancements bring their own set of vulnerabilities, and water systems are prime targets for skilled actors, including nation-states.”

According to Katherine DiEmidio Ledesma, head of public policy and government affairs at Washington, D.C.–based cybersecurity firm Dragos, both attacks bored into holes that should have been plugged in the first place. “I think the interesting point, and the first thing to consider here, is that these attacks were not extremely sophisticated,” she says. “They exploited things like default passwords and things like that to gain access.”

Low priority, low-hanging fruit

Peter Hazell is the cyberphysical security manager at Yorkshire Water in Bradford, England—and a coauthor of the Water 2021 cybervulnerability review in water systems. He says the United States’ power grid is relatively well-resourced and hardened against cyberattack, at least when compared to American water systems.

“The structure of the water industry in the United States differs significantly from that of Europe and the United Kingdom, and is often criticized for insufficient investment in basic maintenance, let alone cybersecurity,” Hazell says. “In contrast, the U.S. power sector, following some notable blackouts, has recognized its critical importance...and established [the North American Electric Reliability Corporation] in response. There is no equivalent initiative for safeguarding the water sector in the United States, mainly due to its fragmented nature—typically operated as multiple municipal concerns rather than the large interconnected regional model found elsewhere.”

DiEmidio Ledesma says the problem of abundance is not the United States’ alone, however. “There are so many water utilities across the globe that it’s just a numbers game, I think,” she says. “With the digitalization comes increased risk from adversaries who may be looking to target the water sector through cyber means, because a water facility in Virginia may look very similar now to a water utility in California, to a water utility in Europe, to a water utility in Asia. So because they’re using the same components, they can be targeted through the same means.

“And so we do continue to see utilities in critical infrastructure and water facilities targeted by adversaries,” she adds. “Or at least we continue to hear from governments from the United States, from other governments, that they are being targeted.”

A U.S. turnaround imminent?

Last month, Arkansas congressman Rick Crawford and California congressman John Duarte introduced the Water Risk and Resilience Organization (WRRO) Establishment Act to found a U.S. federal agency to monitor and guard against the above risks. According to Kevin Morley, manager of federal relations at the Washington, D.C.–based American Water Works Association, it’s a welcome sign of what could be some imminent relief, if the bill can make it into law.

“We developed a white paper recommending this type of approach in 2021,” Morley says. “I have testified to that effect several times, given our recognition that some level of standardization is necessary to provide a common understanding of expectations.”

“I think the best phrase to sum it up is ‘target rich, resource poor.’” —Katherine DiEmidio Ledesma, Dragos

Hazell, of Yorkshire Water, notes that even if the bill does become law, it may not be all its supporters might want. “While the development of the act is encouraging, it feels a little late and limited,” he says. By contrast, Hazell points to the United Kingdom and the European Union’s Network and Information Security Directives in 2016 and 2023, which coordinate cyberdefenses across a range of a member country’s critical infrastructure. The patchwork quilt approach that the United States appears to be going for, he notes, could still leave substantial holes.

“I think the best phrase to sum it up is ‘target rich, resource poor,’” says DiEmidio Ledesma, about the cybersecurity challenges municipal water systems pose today. “It’s a very distributed network of critical infrastructure. [There are] many, many small community water facilities, and [they're] very vital to communities throughout the United States and internationally.”

In response to the emerging threats, Anne Neuberger, U.S. deputy national security advisor for cyber and emerging technologies, issued a public call in March for U.S. states to report on their plans for securing the cyberdefenses of their water and wastewater systems by May 20. When contacted by IEEE Spectrum about the results and responses from Neuberger’s summons, a U.S. State Department spokesperson declined to comment.

❌
❌