Critical Infrastructure
CriticaL Infrastructures are usually divided into physical and socio-economic infrastructure systems. Physical Critical Infrastructure encompasses all basic services such as electricity and water supply, waste (water) management, transport or information and telecommunication technologies. Socio-economic infrastructures instead include facilities such as hospitals and schools but also public administration.
Today’s base industrial trend is to build “lean” and operate “agile” and many functions are programmed to be ‘just in time’; this often entails increasing the dependency on a single infrastructure unit. A simple example would be the shift to building bridges that can accommodate both rail and road – Sydney Harbor bridge, Afghan- Uzbek friendship bridge and the Godavari Bridge are just a few examples. An infrastructure is “critical” when the services it provides are vital to the nation at large. Today’s inter related manufacturing and social scenario has led to a growth in the list of critical infrastructure to accommodate the chemical sector, transportation, the defence industrial base, information and telecommunications, banking and finance, agriculture, food, water, public heath, government services, emergency services, and postal and shipping.
Aspects of Critical Infrastructure Failure in India
The threat of catastrophic terrorism has created a new relationship between national security and routine business decisions in private firms providing infrastructure services. The never-ending race for economy of scale and of scope that guarantees better results also leads to reduced redundancy, concentrated assets, and centralised control points. An increased dependence on a single point of infrastructure also tends to multiply failure after-effects.
The Indian perspective is unique as there are three major challenges to critical infrastructure failure – security breakdown, which involves anything from terror attacks to corporate sabotage; natural calamities and structural failure as well as geo political unrest.
Security Breakdown
A security break down would include an array of aspects such as vandalism, break ins and extremist attacks. If these events take place at a manufacturing unit, the after effects are localised. However, on a critical infrastructure unit – the effects are multiple.
Case Study:
A band of saboteurs that calls itself the “Niger Delta Avengers” has left the economy in shreds, thanks to a four-month long string of operations targeting oil pipelines. They achieved this by bombings and diving underwater to disrupt vital valves and pressure circuits. The resultant disruptions which included pipelines owned by Royal Dutch Shell and Eni Spa resulted in Nigeria’s economy contracting by 0.36% and losing it’s top oil producing and distribution ranking in Africa to Angola.
In an Indian scenario, Gammon India is building pipelines for Indian Oil Corporation, Gujarat State Petronet and GAIL in Uttar Pradesh, Gujarat, Bihar and Orissa. Many of these pipelines are passing through historic high risk areas such as Saharanpur in Uttar Pradesh and Barauni in Bihar, where risk mitigation infrastructure is lower than the national average and sabotage related incidents are higher. Similar attacks could see losses of large amounts along with disruption in supplies.
IoT (Internet of Things) platforms for securing such vital platforms can include a multitude of sensors. However, sensors detecting a breach is not the only solution. Integrating these inputs with situational awareness (quick dissemination of breach information to various departments miles away), predictive analysis (use geo political inputs along with historic data) and situational intelligence (understand real time data and execute SOP’s to prevent chain reactions) platforms can help mitigate risks in a stream lined manner internally and externally.
Structural Failure: A Railway Outlook The Indore Patna train accident in Kanpur that took the lives of 150 passengers is still fresh in the minds of Indians and the global community. The official cause for the accident is said to be a rail fracture. However, in the recent past the railway ministry has increased the speed of passenger trains by 5km/hour and commissioned heavier 25-tonne axle load wagons on freight routes, this on existing railway infrastructure.
IoT platforms have already been successfully implemented in railway projects in countries such as Japan and the UK. Japan has seen tremendous success in railway line integrity despite being in one of the most active seismic zones of the world and trains reaching speeds of over 250 km/hour. The Indian Journal of Science and Technology has also released a white paper and the results of basic experiments conducted on the implementation of “IoT based Railway Calamity Avoidance System” using cloud computing technology and cost effective implementation devices to comprehensively track the railway line status over long distances and more importantly “linking track statuses to the signalling network” using Wi-Fi and mobile networks to disseminate the information to all stakeholders.
A wide spread implementation of such systems will go a long way in ensuring a higher level of safety and goods continuity
Key Prospective Geopolitical locations for implementing IoT applications towards securing Critical Infrastructure
The recent Maoist attacks in Gadchiroli during which over 70 vehicles of a mining firm were set ablaze resulting in a complete shut-down of operations. The lack of physical security in large swaths of area could be addressed by IoT sensors and allied communication alerting mechanisms. States such as Madhya Pradesh, Chhattisgarh, Orissa, Assam etc. that have critical infrastructure projects lined up such as dams, high power transmission grids, power plants etc. in conflict regions will benefit from IoT security applications to a large scale. China has already taken steps to use IoT in securing their power grid in remote and geo-political risk zones.
IoT, a double – edged weapon?
Critics may also argue and rightly so – that IoT applications have a flip side and can dramatically increase critical infrastructure vulnerability. India has seen a host of cyber-attacks carried out by China and Pakistan. Broadcast of data from various access points on to the internet protocol has risks that can be exploited in a destructive manner. One of the scarier aspects of this problem is the ease with which hackers, using a search engine called “Shodan,” can find unprotected critical infrastructure in the IoT. Shodan is just like Google, only it crawls the Internet looking for devices instead of websites.
According to a survey taken by several Security heads across India, an IoT platform poses more of a risk due to security threats such as Distributed Denial of Service attacks (DDoS) and data privacy issues. However these risks are more profound in a cyber security framework and has profound implications in financial institutions or commercial technology oriented industries.
Guidelines for Implementing security of Physical Critical Infrastructure through IoT The key aspects to implementing IoT in securing critical infrastructure are:
• Identifying the scenarios that lead to a security breach.
• Identify the worst-case scenario that can happen due to the security breach.
• Identify departments that play a primary role in failure recovery and activation of redundancy procedures.
• Adopt sensors that can be integrated to a closed IP connection.
• Integrate predictive analysis of infrastructure breakdown using critical data points from sensors.
• Distribution of critical threshold data to all organisational stakeholders
The applications of IoT within the security of critical infrastructure are wide ranging. As India is witnessing a threat on multiple fronts securing physical critical infrastructure from communal violence, terrorism and insurgency will remain a critical challenge.
Malcolm Cooper is an Analyst at MitKat’s Information Services Team.