"O dark, dark, dark. They all go into the dark." Preparing to Recover from Cyber Disruptions of the Grid

Roland Trope, Trope and Schramm LLP

Friday, November 21, 2014, 3:30pm

Spanos Auditorium

This seminar is part of the Jones Seminars on Science, Technology, and Society series.

The North American Bulk Power System ("BPS") is perhaps the most vital of our critical infrastructures. The country's economy and national security depend on the BPS remaining resilient. BPS owners and operators have learned from experience to prepare for, respond to, and recover from "normal" emergency events (such as hurricanes, earthquakes, tornadoes, ice storms). They are, however, much less prepared to respond to and recover from high impact, low frequency events. Geomagnetic disturbances and kinetic cyberattacks may cause damage so catastrophic that afterwards complete restoration of BPS operations might not be possible. If a successful kinetic cyberattack were to damage heavy equipment such as large power transformers, sufficient replacement units might not be available. The long-lead time for these procurements would take at least 8 to 14 months. Meanwhile, the BPS would have to operate at a reduced state of reliability and supply. The electricity industry's capabilities would be stressed far beyond its already robust emergency response capabilities. This "New Normal" would be characterized by "islands" of electrical power, which would be stabilized by load shedding and rolling blackouts. Electricity would have to be rationed to support the highest priority customers. The North American Electric Reliability Corporation (NERC) refers to such occurrences and consequences as "Severe Events."

Knowing that disruption of a national grid can produce extraordinary damage to a country's economy and social fabric, how might a cyber adversary exploit the vulnerabilities in the BPS to cause a "Severe Event"? How much of the North American grid might remain seriously degraded for months or years thereafter? What preparations are BPS owners and operators making to be ready to mitigate the damage and manage an orderly and efficient recovery? If commercial companies and critical infrastructure firms are not apprised of the details of such recovery plans, will their own contingency plans leave them ill-prepared to cope with a "Severe Event"? Will their domestic transactions and cross-border deals survive the uncertainties of long periods of interrupted communications, delayed production, missed delivery dates, and unreliable albeit good-faith assurances? We will explore those questions in light of a few salient facts. Cyberattacks are becoming increasingly sophisticated, destructive, and stealthy. They may even be capable of impairing the situational awareness of BPS control rooms and Board rooms. The grid's aging heavy equipment and the ongoing deployment of "smart grid" technologies are expanding the vulnerabilities and attack surfaces far beyond what any BPS company can defend. As a result, it may be that critical infrastructure companies need to recognize that they have emergent corporate cyber responsibilities that include readiness to recover from "Severe Events."

About the Speaker

Roland Trope is a partner in the New York City offices of the U.S. and Dutch law firm of Trope and Schramm LLP and an Adjunct Professor in the Department of Law at the U.S. Military Academy at West Point, where he has been teaching since 1992. Mr. Trope lectures in USMA's Departments of Electrical Engineering and Computer Science, Civil and Mechanical Engineering, and Systems Engineering where he teaches intellectual property, project management, and ethics. He serves on the American Bar Association Task Force on Cybersecurity, is Co-Chair of the Subcommittee on Cybersecurity for the ABA’s Cyberspace Law Committee, is on the Supervisory Board of IEEE Security & Privacy and previously served on its Editorial Board. Mr. Trope advises on government procurement, protection and licensing of intellectual property, cross-border tech transfers, export controls, economic sanctions regulations, anti-corruption laws, cyberspace law, and cybersecurity.

Mr. Trope has written more than 25 articles and co-authored two law books published by American Bar Association: Checkpoints in Cyberspace: Best Practices for Averting Liability in Cross-Border Transactions and Sailing in Dangerous Waters: A Director’s Guide to Data Governance. He also wrote Maddening for Militaries and Museums: Why Large-Scale RFID Systems May Lose Track of Objects (a chapter in RFIDs, Near-Field Communications, and Mobile Payments: A Guide for Lawyers) and Duty to Advise Clients Concerning Use of Cyber and Other Digital Technologies (a chapter in The ABA Cybersecurity Handbook – A Resource for Attorneys, Law Firms & Business Professionals). Mr. Trope earned a B.A. in Political Science from the University of Southern California. As a Marshall Scholar and as a Danforth Fellow, he studied English Language and Literature at Oxford University, earning a B.A. and M.A. He earned a J.D. at Yale Law School. He clerked on the Minnesota Supreme Court, and began practicing law in New York City in 1982.

For more information, contact Haley Tucker at haley.tucker@dartmouth.edu.