1 / 31

Three passive infrared detectors

Sabotage and CIP-001-1 SWEDE 2013 Don Roberts-San Bernard Electric Cooperative. SCADA Controlled. Four 500-watt lights. Four cameras connected to network video recorder. Siren with red strobe. Three passive infrared detectors. Armed indicator light.

chet
Télécharger la présentation

Three passive infrared detectors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sabotage and CIP-001-1 SWEDE 2013 Don Roberts-San Bernard Electric Cooperative SCADA Controlled Four 500-watt lights Four cameras connected to network video recorder Siren with red strobe Three passive infrared detectors Armed indicator light Withlacoochee River Electric Cooperative

  2. The Great Northeast Blackout November 9, 1965 To the chairman of the Federal Power Commission, “Today’s failure is a dramatic reminder of the importance of the uninterrupted flow of power to the health, safety, and well being of our citizens and the defense of our country. This failure should be immediately and carefully investigated in order to prevent a recurrence. You are therefore directed to launch a thorough study of cause of this failure. I am putting at your disposal full resources of the federal government and directing to the Federal Bureau of Investigation, the Department of Defense, and other agencies to support you in any way possible. You are to call upon the top experts in our nation in conducting the investigation. A report is expected at the earliest possible moment as to the causes of failure and the steps you recommend to be taken to prevent a recurrence. Lyndon B. Johnson”

  3. EUROPEAN WORKSHOP ON INDUSTRIAL COMPUTER SYSTEMS TECHNICAL COMMITTEE 7 Reliability, Safety, Security WP: 5086 V1.1 “Towards the end of the 20th century electric power systems (EPSs) emerged as one of the most critical infrastructures in the sense that all other critical and vital infrastructures depend on reliable electricity supply. At the same time they are considered as the most vulnerable to physical and cyber attack.”

  4. Critical Infrastructure ProtectionHomeland Security Official website of the Department of Homeland Security Food and Agriculture Banking and Finance Chemical Commercial Facilities Communications Critical Manufacturing Dams Defense Industrial Base Emergency Services Energy Government Facilities Healthcare and Public Health Information Technology National Monuments and Icons Nuclear Reactors, Materials and Waste Postal and Shipping Transportation Systems Water How many aren’t dependent on electricity?

  5. Likely Sources of Sabotage • Terrorism and sabotage • Vandalism (Hunters) • Disgruntled employees and ex-employees • Malicious code and viruses • Insiders and associates • Labor conflicts • Customers(ROW, bills) • Economic conditions • Curiosity and ignorance • Fraud and theft • Extremism (environmental, political) • Organizations (separatists, politicalradicals, anti-technology and/or anti- nuclear extremists, cartels) • Blackmail/Extortion • N.I.M.B.Y. (Not In My Back Yard)

  6. Is the Energy Threat Real? In fiscal year 2012,* the Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), received and responded to 198 cyber incidents as reported by asset owners and industry partners. Attacks against the energy sector represented 41 % of the total number of incidents. That's 65% more than the 120 attacks reported to ICS-CERT in 2011

  7. Europe France has experienced assassinations of energy officials as well as bombings, arson, rocket attacks on energy facilities, and grounding of transmission lines. Germany has suffered similar acts from the Baader-Meinhof group, Red Army Faction, and other groups. An intensive campaign to destroy transmission lines by cutting or bombing towers resulted in about 150 acts of such sabotage in 1986 alone. Transmission lines from nuclear reactors have been a major focus, and the nuclear industry itself has been a target The saboteurs included anarchic, separatist, and political terrorists, and anti-nuclear extremists

  8. What does a Terrorist Look Like?Terrorism in America-Pipe Bombs and Pipe DreamsBrent L. Smith Demographic Characteristics of International Terrorists Average Age at Indictment, 36 Youngest, 23; oldest, 48 Sex, All males Education, Moderate   Only 8% had a college degree; Over half (56%) had never attended college. Occupation, Varied   Most Libyans were posing as students;   Only Omega 7 members held routine, full-time employment. • Ethnicity 50% Irish 34% Arab/Middle Eastern 13% Hispanic 3% Oriental Includes members from the following groups or nationalities: Provisional Irish Republican Army, Japanese Red Army, Omega 7, Amal, Libyans, and the Syrian Social Nationalist party.

  9. Terry Nichols Michael Fortier Timothy J. McVeigh Convicted Co-Conspirators Oklahoma City Bombing

  10. EMETICThe Evan Mecham Eco-Terrorist International Conspiracy On May 30, 1989, three members of the group were caught cutting through a support tower that delivered electricity to a local substation. David Foreman was named with the others in the federal indictment released the following month. Charged with conspiracy (among other things), the group apparently intended to use the May 30 vandalism at Wenden, Arizona as a practice session before simultaneously attacking the power transmission lines at three separate nuclear facilities in California, Arizona, and Colorado.

  11. Power Line Raid Clouds Security : Sabotage Believed Aimed at Troubled Reactor Site WINTERSBURG, Ariz. — It was a death-defying act of sabotage. In what a Nuclear Regulatory Commission inspector calls a "well-coordinated assault," at least three people climbed more than 100 feet up on widely separated, high-voltage power transmission stanchions--towers literally tingling with electricity--and in 25 minutes knocked out three of the four transmission lines supplying power to the Palo Verde nuclear plant here.

  12. Reward offered in sabotage of Mason County power lines By Noelene Clark Seattle Times staff reporter A utility company is asking the public to help identify the person who shot down a major power line, causing a fire near Hoodsport, Mason County. Firefighters were able to extinguish the blaze before it threatened local homes, said Doug Johnson, spokesman for Bonneville Power Administration. Another line was also damaged by firearms. The utility estimates repairs will cost more than $50,000. "Obviously it was done intentionally," Johnson said, calling the shooting an act of sabotage. It takes multiple shots to bring down a 230-kilovolt line, he said. Bonneville Power Administration is offering a reward of up to $25,000 for information leading to an arrest and conviction. The utility is working with the Mason County Sheriff's Office as well as federal law enforcement, said Pete Jeter, the utility's director of security, in a news release. He said deliberately shooting the power lines is a federal offense because the lines are considered Homeland Security infrastructure.

  13. USA Today - Two transmission towers intentionally knocked over As federal agents scoured the area where two 80-foot transmission towers toppled over the weekend, the company that owns them offered a $10,000 reward Monday for information about the person who tampered with them. Oak Creek Police Chief Thomas Bauer said bolts had been removed from the base of at least one of the towers before they fell over Saturday evening, cutting power to 17,000 customers, including Milwaukee's airport.

  14. Labor Disputes In July 1989, a tower on a 765-kV line owned by the Kentucky Power Co. was bombed, temporarily disabling the line: in 1987-88, power line poles and substations were bombed or shot in the Wyoming-Montana border area. Later in 1988, similar attacks were experienced in West Virginia (all during a Coal Mine Strike). In January 1999, members of the International Brotherhood of Electrical Workers union toppled two transmission line towers at Thompson Pass, Alaska, depriving 400,000 Alaskans of power in the dead of winter.

  15. N.I.M.B.Y. The CU Powerline Project Cooperative Power Association and United Power Association "Bolt Weevils“ • August 1978, a group that called themselves the "Bolt Weevils" began to sabotage power line towers and shoot out electrical insulators. • The General Assembly to Stop the Powerline (GASP) put out a regular newsletter called “Hold That Line”. • The electrical co-ops hired outside security officers that used helicopters and vehicles to patrol the line. • UPA and CPA launched a public relations campaign to communicate to customers that vandalism would lead to electric bill increases. • In the end, Bolt Weevils tore down 14 power line towers and shot out nearly 10,000 electrical insulators

  16. You are here: Home » Time is Short: The Bolt Weevils and the Simplicity of Sabotage February 20, 2013 | DGR News Service | 4 Comments Time is Short: The Bolt Weevils and the Simplicity of Sabotage By Alex Budd / Deep Green Resistance Redwood Coast Resistance against exploitation is nothing new. History is full of examples of people—perfectly ordinary people—fighting back against injustice, exploitation, and the destruction of their lands and communities. They move through whatever channels for action are open to them, but often, left with no legal or political power, they turn to militant means to defend themselves. It is hardly a simple decision, and rarely the first or preferred option, but when all other paths have been explored and found to lead nowhere, militant action becomes the only realistic route left. Movements and communities come to that truth in many different ways, but almost without fail, they come to it borne by a collective culture of resistance. One inspiring example is the Bolt Weevils.

  17. What if some forms of limited resistance were undertaken? What if there was a serious aboveground resistance movement combined with a small group of underground networks working in tandem? • The abovegrounders would …… use both direct and indirect action to try to curb the worst excesses of those in power, to reduce the burning of fossil fuels, to struggle for social and ecological justice. • The undergrounders would engage in limited attacks on infrastructure (often in tandem with aboveground struggles), especially energy infrastructure • These attacks would not be symbolic attacks. They would be serious attacks designed to be effective but timed and targeted to minimize the amount of “collateral damage” on humans. • They would mostly constitute forms of sabotage. They would be intended to cut fossil fuel consumption by some 30 percent within the first few years, and more after that. • There would be similar attacks on energy infrastructure like power transmission lines. Because these attacks would cause a significant but incomplete reduction in the availability of energy in many places, a massive investment in local renewable energy (and other measures like passive solar heating or better insulation in some areas) would be provoked.

  18. Ecodefense: A Field Guide to Monkeywrenching Powerlines However, there have been successful and justifiable ecotage actions against major powerlines. The most successful was in western Minnesota in the mid- to late-1970s, when a group of farmers, the “Bolt Weevils,” continually monkeywrenched a 500 KV powerline under construction. Although that powerline was ultimately built, a dozen other projected powerlines were never built. The following guidelines on monkeywrenching powerlines come from anonymous Bolt Weevil veterans. Powerlines are highly vulnerable to monkeywrenching from individuals or small groups. The best techniques are: Removing bolts from steel towers; …….if tower bolts are welded to the nuts, cutting steel towers with hacksaws, torches (be careful not to breathe the vapors of galvanized metal — see the “Cutting Torch” section in the Vehicles and Heavy Equipment chapter), or cutting wheels; and …….shooting out insulators (with a shotgun), and shooting the electrical conductor itself (a high-powered rifle is best) which frays it and reduces its ability to transmit electricity.

  19. Standard CIP-001-2a Sabotage Reporting Purpose: Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies. Applicability • 4.1. Reliability Coordinators. • 4.2. Balancing Authorities. • 4.3. Transmission Operators. • 4.4. Generator Operators. • 4.5. Load Serving Entities. • 4.6. Transmission Owners (only in ERCOT Region). • 4.7. Generator Owners (only in ERCOT Region).

  20. As presently written, the CIP-001-1 standard does not apply to TO and GO entities • Requirements • R1. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and Load Serving Entity shall have procedures for the recognition of and for making their operating personnel aware of sabotage events on its facilities and multi-site sabotage affecting larger portions of the Interconnection. • R2. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and Load Serving Entity shall have procedures for the communication of information concerning sabotage events to appropriate parties in the Interconnection. • R3. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and Load Serving Entity shall provide its operating personnel with sabotage response guidelines, including personnel to contact, for reporting disturbances due to sabotage events. • R4. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and Load Serving Entity shall establish communications contacts, as applicable, with local Federal Bureau of Investigation (FBI) or Royal Canadian Mounted Police (RCMP) officials and develop reporting procedures as appropriate to their circumstances.

  21. ERCOT Interconnection-wide Regional Variance • Requirements • EA.1. Each Reliability Coordinator, Balancing Authority, Transmission Owner, Transmission Operator, Generator Owner, Generator Operator, and Load Serving Entity shall have procedures for the recognition of and for making their operating personnel aware of sabotage events on its facilities and multi-site sabotage affecting larger portions of the Interconnection. • EA.2. Each Reliability Coordinator, Balancing Authority, Transmission Owner, Transmission Operator, Generator Owner, Generator Operator, and Load Serving Entity shall have procedures for the communication of information concerning sabotage events to appropriate parties in the Interconnection. • EA.3. Each Reliability Coordinator, Balancing Authority, Transmission Owner, Transmission Operator, Generator Owner, Generator Operator, and Load Serving Entity shall provide its operating personnel with sabotage response guidelines, including personnel to contact, for reporting disturbances due to sabotage events. • EA.4. Each Reliability Coordinator, Balancing Authority, Transmission Owner, Transmission Operator, Generator Owner, Generator Operator, and Load Serving Entity shall establish communications contacts with local Federal Bureau of Investigation (FBI) officials and develop reporting procedures as appropriate to their circumstances. • Note also that the references to the Royal Canadian Mounted Police are removed in the regional variance, because the variance only applies in Texas.

  22. SBEC Sabotage Evaluation and Response Procedure Rev 6 (1/21/2013)  1.       Evaluation of the Threat or Sabotage 1.1   Sabotage threats may be received by telephone, written notes, through a third party such as the media or the police department, or by actual discovery of a suspicious package or a suspected explosive device at an SBEC facility or substation (including customer and/or mutually owned substations). While few Sabotage threats are in written form, those that are should be handled by as few persons as possible once they have been identified as a threat. To minimize handling, the note should be placed in a clean, clear plastic bag and given to local law enforcement authorities. All sabotage threats will be treated as serious.  However, as a guideline, most prank calls contain very general information which makes it difficult to develop an appropriate response.  When the threat contains specific information and has positively identified a target within the facility, the threat will be treated as very serious and immediate action taken to remove workers from the threatened area.

  23. 2.      If a call is received from any source indicating that a bomb or other explosive device has been placed or hidden within the facility, the individual receiving the call should assume that the threat is real. • 2.1   In the event of a sabotage call or threat: • If so equipped, hit the “Record” feature on your phone, otherwise, write down their exact words • Keep the caller on the line as long as possible • Ask the caller to repeat the threat • Stay calm, do not make the caller angry • 2.2   Any of the information collected may provide clues as to whether or not the caller is familiar with the facility.  Make every effort to get the caller to indicate: • The type and location of the device; • Appearance, including size, shape, color, etc.; • The time of detonation; • Why is the threat being made, and who is responsible; and • The caller’s name and where they are calling from.

  24. 2.3   Pay particular attention to any strange or peculiar background noises such as music (type), voices, motors running, machinery, laughing or any noise that might provide clues as to the place from which the call is being made. • 2.4   Listen closely to the voice (male or female), voice quality (nervous, confident, pitch, etc.), accents, speech impediments, approximate age (young or old), etc. • 2.5   When a sabotage threat is received or a worker finds a suspected explosive device or any package that looks suspicious: • Never attempt to touch or shift the position of the object; • Notify 911 and give all pertinent information; • Notify your immediate supervisor; • The supervisor will notify the Facility Manager, the Safety/Loss Control Specialist, and any available Staff Member; • The Safety/Loss Control Specialist will also notify the target area supervisor so that all affected workers may evacuate the building/area. DANGER; NEVER MOVE OR ATTEMPT TO MOVE A PACKAGE SUSPECTED OF CONTAINING AN EXPLOSIVE DEVICE.  BOMBS MAY BE DESIGNED TO EXPLODE WHEN THE PACKAGE IS TAMPERED WITH.  IN THE EVENT THAT A BOMB OR EXPLOSIVE DEVICE IS LOCATED, NO ATTEMPT WILL BE MADE TO DISARM OR NEUTRALIZE THE DEVICE.

  25. 2.6   When a “Positive Target Identification” has been made, the following additional actions shall be taken: • Evacuate workers to the following locations or at least one-thousand (1000) feet from the targeted area; • Bellville Office- Follow standard evacuation procedures but meet on the opposite side of the Fire Department Building (use building for protection from flying debris) • Field Store- Follow standard evacuation procedures but meet on the opposite side of the Fire Department Building (use building for protection from flying debris) • Columbus – Drive toward Columbus to Robert and Charlene Little’s residence at 4230 Hwy 71. If possible, park cars so as to observe the SBEC facility as well as watching for responding law enforcement. • Hallettesville - Drive west ¼ mile to the beige Ehler’s Mini Storage building on the right. If possible, park cars so as to observe the SBEC facility as well as watching for responding law enforcement. • If possible, establish a security perimeter at a distance compatible with the evacuation distance to prevent unauthorized entry. If this proves unfeasible, follow directions of local law enforcement. At a minimum, place cones at the entrances to prevent members/visitors from coming onto premises.

  26. Suspicious Field Activity • Note: While wire theft is much more likely an occurrence than sabotage, in either event the perpetrator is likely to be armed. DO NOT confront anyone found in the act and consider them to be armed and dangerous. •  3.1 During the course of routine line and/or substation inspections, employees should look for any suspicious activities such as; • Broken or open locks on gates and/or substation doors • Damage to security fences • Obvious damage to equipment • Switches inexplicably left open or in the wrong setting • Any other evidence of entry or missing items • 3.2 If an SBEC employee suspects possible attempts at sabotage, the employee should immediately; • Treat the area like a crime scene and make every attempt to minimize disturbing any possible evidence • Contact the SBEC Dispatcher and report the activity • Contact his/her immediate supervisor • Contact local law enforcement if directed to do so by SCADA Dispatcher

  27. 4.0 Dispatcher responsibilities • Upon receiving any field report of suspicious activity, the SCADA Dispatcher shall • Notify his/her immediate supervisor. The Dispatch Supervisor will immediately confer with both the reporting employee and that employee’s supervisor to determine the severity of the suspicion • Upon agreement that the event should be reported, the Dispatch Supervisor shall either contact local Law Enforcement, or direct the reporting employee to do so. • Local Sheriff Departments are; • Waller County – 979 826 8282 • Austin County – 979 865 3111 • City of Bellville Police-979 865 3122 • Colorado County – 979 732 2388 • Lavaca County – 361 798 2121 • Dispatcher-361 798 5250 • Harris County (Northwest) Precinct 5 – 281 290 2100 • Grimes County – 936-873-2151 • Montgomery County – 936 760 5871 • See additional emergency numbers in Appendix A

  28. Notify LCRA SOCC of any sabotage or suspected sabotage event. Information provided in the notification shall include: • Location • Time event occurred (if known) • Any detailed sabotage information as available • Information about which authorities were/are being contacted • The LCRA has their own Ranger division which may respond if an LCRA sub is involve. Inform SOCC if anyone else is expected to be on site when the Rangers arrive. • Maintain documentation of event for audit purposes • If considered a possible act of sabotage, the Dispatch Supervisor will immediately notify the Houston office of the FBI, Weapons of Mass Destruction (WMD) Division Joel Holmes O.  713-936-8827 M.  713-819-1858 Joel.holmes@ic.fbi.gov Supervisor Brian Rasmussen O.  713-936-8800 M.  602-725-1172 Brian.rasmussen@ic.fbi.gov Amanda Koldjeski O.  713-936-8826 M.  713-725-6455 Amanda.koldjeski@ic.fbi.gov If unavailable at these numbers, call the FBI main switchboard at 713-693-5000

  29. Appendix A EMERGENCY PERSONNEL PHONE NUMBERS ALL EMERGENCIES - DIAL 911 BELLVILLE EMERGENCY COMMUNICATION DISTRICT 979-865-1911 AUSTIN COUNTY SHERIFF AND AMBULANCE SERVICE979-865-3111 CITY OF BELLVILLE POLICE 979-865-3122 BELLVILLE FIRE DEPARTMENT 979-865-2323 FIELDSTORE WALLER COUNTY SHERRIFF 979-826-8282 HEMPSTEAD VOLUNTEER FIRE DEPT. 979-826-2963 WALLER COUNTY EMS AND MONAVILLE VOLUNTEER FIRE DEPT. 979-826-8527 OR 979-826-6581 PRIAIRE VIEW VOLUNTEER FIRE DEPT. 936-857-9522 WALLER VOLUNTEER FIRE DEPT. 936-372-9512 COLUMBUS COLORADO COUNTY SHERRIFF 979-732-2388 COLUMBUS FIRE CHIEF 979-732-7736 COLUMBUS POLICE DEPT. 979-732-3351 AFTER HOURS EMERGENCIES 979-732-2388 COLORADO COUNTY EMERGENCY MANAGEMENT 979-733-0184 HALLETTSVILLE LAVACA COUNTY SHERIFF 361-798-2121 LAVACA COUNTY SHERIFF DISPATCHER 361-798-5250 LAVACA COUNTY EMS 361-798-5111 LAVACA CO. EMERGENCY MANAGEMENT 361-798-5628

  30. Operation Circuit Breaker An Examination of Vulnerabilities in the Electric Transmission Infrastructure of the United States and How They Could Set the Stage for the Next 9/11 By David Omick Morethan a decade into the new millennium, it’s still September 10, 2001 in America.

  31. France heat wave death toll set at 14,802 The 2003 European heat wave was the hottest summer on record in Europe since at least 1540.[1] France was hit especially hard. The heat wave led to health crises in several countries and combined with drought to create a crop shortfall in parts of Southern Europe. Peer reviewed analysis places the European death toll at 70,000.[

More Related