Models of mayhem

The government wants to simulate the ripple effects of critical infrastructure attacks

From major power outages and crippled telecommunications nodes to the dramatic spread of pneumonic plague, government agencies have increasingly played out mock disasters since last September's terrorist attacks using sophisticated modeling and simulation tools.

Yet few of those models take into account the set of "interdependencies," or specific repercussions, that affect the outcome when a disaster in one industry wreaks havoc on the nearby, dependent infrastructures of other sectors.

The electronic simulation of those interdependencies and relationships has emerged as a field begging for more federal research and development.

"We are looking for new types of capabilities to prove the robustness of infrastructures and to better equip

decision-makers and policy analysts," said Steve Rinaldi, joint program director of the National Infrastructure Simulation and Analysis Center (NISAC), led by Sandia and Los Alamos national laboratories.

In some cases, existing solutions are being modified into new applications. For instance, government officials are tweaking airport-modeling programs to simulate worst-case scenarios at the nation's seaports. Another push has vendors scrambling to adapt simulation tools — usually used for planning and analysis beforehand — to double as command and control centers that can help manage the infrastructure during a crisis should an anticipated event actually unfold.

All the while, emphasis is being placed on interdependencies. In the future, more simulation efforts will be designed to enable officials to answer often confounding questions, such as what happens to the water, telecommunications and financial infrastructures after massive failure in a power grid, or what steps responders should take when catastrophic events ripple across

infrastructures.

However, the federal government's disaster-modeling capabilities currently present a split picture: optimistic on one side, more cautious on the other.

"Each sector has the phenomenal ability to model their own individual infrastructure," said Brenton Greene, deputy manager of the National Communications System (NCS). "What is less robust and newer

science — and frankly more challenging science — is the ability to

accurately and predictively model the interdependencies among infrastructures."

NCS is co-managed by the White House and the Defense Information Systems Agency and assists the president, the National Security Council and federal agencies with their telecommunications functions. But it also serves an important homeland security function by coordinating communications for the government's national security and emergency preparedness initiatives.

Formidable challenges are tied to the fact that modeling interdependencies requires the use of complex algorithms capable of processing large volumes of data. On top of that, officials must overcome the technology and equipment differences among established efforts in separate industries, such as the work NCS has done in the telecommunications sector.

NCS' infrastructure modeling partnership with the telecom sector is well advanced (see "Project eyes global early warning system for the Internet," below). And its work is an example of the established single-sector modeling efforts that the push for interdependency modeling, led by NISAC, must not only build on, but also overcome.

Addressing Interdependence

To foster more comprehensive infrastructure modeling, President Bush in his National Strategy for Homeland Security pledged additional research in areas such as analysis, technical planning and decision support environments.

This need was also cited extensively in a June National Academies report that suggested ways to harness science and technology to fight terrorism.

"New and improved simulation design tools should be developed," the report recommended. "These efforts would include simulations of interdependencies between the energy sector and key infrastructures such as communication, transportation and water supply systems."

To make sure that happens, Bush tapped NISAC to lead this redoubled effort, which will pull in the private sector using R&D incentives.

"By funding modeling and simulation across critical infrastructures, we are trying to get at the complexities brought about by interdependence," Rinaldi said.

Currently endowed with a $20 million budget that flows from the Pentagon's Defense Threat Reduction Agency, NISAC has ramped up R&D efforts significantly since its formal inception in 2000. At that point, the center had only $500,000 in funding and was a mere joint effort between Sandia and Los Alamos officials.

NISAC officials are now on a campaign to wrap in many of the modeling and simulation efforts scattered across government.

"The plan is to take tools that have been developed and incorporate them into a common platform within NISAC," said Steve Fernandez, manager of the Infrastructure Protection Systems division at the Idaho National Engineering and

Environmental Laboratory (INEEL). "That way, when there is a problem or threat, officials will have a

virtual menu of different modeling capabilities."

As a sign that this consolidation has begun, Fernandez referenced increased NISAC involvement in national labs' efforts to model potential weaknesses in supervisory control and data acquisition (SCADA) systems.

Such systems are a crucial part of the control mechanism used to manage critical energy infrastructures because they direct the flow of energy and molecules, he said.

The architecture and interfaces between the scattered SCADA systems have become more open through advances in the technology industry, particularly public networks — and this has proved to be a mixed blessing. "The evolving SCADA systems are becoming more efficient and cost-effective, but arguably less secure," an April Sandia report concluded.

The National Academies report also suggested that SCADA systems "pose a special problem" and recommended encryption techniques, improved firewalls and intrusion-detection systems to reduce the risk of disruption.

Indeed, increasing the security of SCADA systems is now a top R&D priority for the labs, and simulations play a key role in that effort, Fernandez said.

"There are many different models as to how you should tie the SCADA systems together," he said. The INEEL staff has put together SGI 64-bit processors in a 32-node cluster to complete much of the modeling.

Means and Methods

To better simulate the interaction among industries, NISAC will pursue a series of modeling approaches.

The center is working to advance screening tools to stitch together existing simulators to form an early warning system. The system will rely on the development of algorithms and technologies that offer a composite view of all the nation's critical infrastructures.

Another approach is what NISAC's Rinaldi termed a "stocks and flows approach" that will show goods and services flowing through and across infrastructures.

"We built some pretty sophisticated models around the California energy crisis," he said.

Using the California models, NISAC was able to show the compounding effect of power outages. The models displayed the drain that the energy crisis put on other industries, such as the agricultural community, which is heavily reliant on hydro-electrical power.

NISAC is also testing agent-based simulation. "An agent is an encapsulated piece of software that acts as a decision-making piece of a physical infrastructure," Rinaldi explained.

For instance, in a simulation of a stock market, agents could be individual traders, acting separately but working to create the total functioning of the infrastructure. In an electric power plant, the agents could be generators or any objects working separately but impacting the whole.

A fourth area involves physics-based models, which will simulate operations occurring within infrastructures. For instance, within an oil or gas system, the models could be the detailed operation of a pipeline.

In both agent-based and physics-based modeling, the impact of disasters on infrastructures is more accurately simulated because of the level of detail. In the former case, the different behavior of agents is factored in. In the latter, the behavior of elements such as electricity or gas is built into the models.

Finally, Rinaldi described population mobility modeling, which the center is also exploring. "We are looking at how entities, namely people, move through a geographic area," he said.

As individuals move through an area, they impact, for example, the financial infrastructure through use of an automated teller machine or energy systems by fueling and driving a car. "This is a very microscopic view of how an individual moves through and interacts with infrastructures," Rinaldi said.

The common thread in the five areas is infrastructure assessment, he concluded. "We are looking for vulnerabilities, areas of mitigation and methods of response," he said.

Leaning on Industry

Along with the centralization of modeling efforts among the labs, NISAC is also getting more aggressive in its efforts to include private industry.

"One of the things that will be absolutely essential is for NISAC to work closely with the owners and operators of the infrastructures," Rinaldi said. "We are also working with the vendor and academic communities, which have expertise in the operational characteristics and the network topologies in place."

Vendors such as computer simulation specialist SGI have long worked with government to develop high-performance computing systems, visualization tools and advanced algorithms. That corporate history is now playing into homeland security opportunities, said David Shorrock, SGI's marketing development manager for government industries.

A key solution will be immersive visualization tools, which allow large amounts of data to be processed and simulated, Shorrock said. "We have honed [our] tool so that it is available to officials not only to practice response but to use operationally as a command and control center," he said.

As the proposed Homeland Security Department continues to take shape, R&D dollars are still flowing from various agencies. For instance, the Defense Advanced Research Projects Agency recently embarked on a "conceptual studies" initiative to address holes in simulation capabilities.

"Current trends in commercial high-performance computing are creating technology gaps that threaten continued U.S. superiority in important national security applications," DARPA officials reported during a June unveiling of the effort.

To explore the gaps, Cray Inc., IBM Corp., SGI and Sun Microsystems Inc. will each get $3 million to develop ways to analyze areas such

as the dispersion of chemical or biological agents and to work on advanced intelligence and surveillance

systems.

Shorrock also predicted that data fusion will be an area of intensive government R&D focus. "Nobody has conceived the breadth of this problem," he said. "Research like this has not been done to the depth now needed to satisfy the government's efforts to model disaster

responses."

Jones is a freelance writer based in Vienna, Va.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.