A detailed look at the issues of energy resilience. While focused on military applications these same methodologies can be applied to industry and other public facilities and campuses to ensure the "Right Energy at the Right Time" is always available.
1. 1
Energy System Resilience
Dr. Robert L. Straitt, CEM, CDSM
Energy Systems Professional
February 2019 US Army’s Maneuver Fires Integrated
Experiment (MFIX) high-power
microwave and laser
https://www.army-technology.com/news/high-power-
microwave-laser-systems-tested-us-army-mfix/
Iowa Army Ammunition Plant
underground geothermal system
https://en.paperblog.com/iowa-army-ammunition-plant-
implements-geothermal-and-solar-energy-systems-492705/
Deploying the first micro-reactor at a
domestic DOD facility and recommends
actions to ensure its installment by Dec. 31,
2027, as prescribed in the NDAA.
https://www.nei.org/news/2018/micro-reactors-power-remote-
military-bases
2. Energy System Resilience
Dr. Robert L. Straitt
Energy Systems Professional
robert.straitt.ctr@mail.mil
Sain Engineering Associates, Inc.
Homeland Security ICS-CERT
Arkansas State University
USDA/NRCS Earth-Team
Advisors & Co-Authors
Dr. Rajesh Sharma (ASU), Dr. Paul Mixon (ASU), Dr. Andrzej Rucinski (UNH),
Dr. Nadya Reingand (Patent Hatchery), Walter Ellis (IBM Retired), Nadine Straitt (ASU)
February 2019
2
3. Speaker Background & Associations
3
Dr. Bob Straitt, CEM, CDSM
• Sain Engineering Associates
• Resource Efficiency Manager
• Energy Systems Implementation
• Energy Systems Security Analysis
• Advanced Resilient Technology Analysis
• Homeland Security
• Member Industrial Control Systems Joint Working Group (ICSJWG)
• Member Industrial Control Systems, Cyber Emergency Response Team
• Member Homeland Security Information Network
• USDA/NRCS Earth Team
• Technical Services Office Lonoke, AR
• Ag Energy & Sustainability Analysis
• Water Resource Management
• Cyber Security Analysis
• Arkansas State University
• PhD Student – EVS Program
• VFD and IoT Technologies
• Agricultural Energy Efficiency
• Suitability Technologies/Systems
• Energy Huntsville
• Chairman Economic Development Committee
4. Energy System Resilience - Presentation Overview
• What is an Energy System
• What is Resilience
• Energy Supply Resilience
• Energy System Resilience
• Energy Controls (Cyber) Resilience
• The Hidden Threat to Energy System Resilience
• The Resilience Model
• Example Resilient Energy Technology
• The future of Energy Resilient Technology in DoD
4
5. What is an Energy System?
5
An “Energy System” is an integral part of:
• A Weapons System
• A Logistical/Transportation System
• A Facilities System
• A Production System
Click Picture to Play Video
6. What is an Energy System?
In the context of Systems Engineering, the term
“Energy System”, we need to think of energy
systems as an integral part or subsystem of a
larger operational system that performs some
form of work/activity.
An “Energy System” generally should NOT be
considered a stand alone energy source, such as
a just a piece of generation equipment, or
distribution equipment, not intended to be
connected to a servicing piece of equipment.
6
7. Energy Infrastructure
The Next Pear Harbor?
7John Baxter OASD (Energy, Installations & Environment) Installation Energy, 20 April 2018
WWI, Black Tom Island in New York Harbor
WWII, Wheeler Army Air Field, Hawaii
War on Terror, World Trade Center, New York
8. What is Energy Resilience?
• Energy Security is “having assured access to reliable supplies of energy and the ability to protect and deliver
sufficient energy to meet mission essential requirements”- FY2012, National Defense Authorization Act (NDAA)
• Resilience is “the ability to anticipate, prepare for, and adapt to changing conditions and withstand, respond to, and
recover rapidly from disruptions” - E.O. 13653
• Energy Resilience is “The ability to prepare for and recover from energy disruptions that impact mission assurance on
military installations.” - DoDI 4170.11
• Energy Resilience includes “Following a catastrophic event, segments of state, tribal, and local governments as well as
NGOs and the private sector may be severely compromised. The federal government should be prepared to fill
potential gaps to ensure continuity of government and public- and private-sector operations. The incident may cause
significant disruption of the impacted area’s critical infrastructure/key resources, such as energy, transportation,
telecommunications, law enforcement, and public health and health care systems.” – DoDI 6055.17, February 14, 2017
• According to the National Response Framework, in the event of a natural or man made catastrophic event or
other emergency the DoD/U.S. Army Corps of Engineers is the responsible agency for Public Works and
Engineering Support ESF #3, and DOD will support the DOE in facilitating “the reestablishment of damaged
energy systems and components…” - National Response Framework, June 2016
8
9. What is Energy Resilience?
9
Resilience is the ability to resist energy disruptions
as a results of:
• Weather Event
• Geophysical Event
• Equipment Failure
• Terrorist Event
• Conventional War
• Nuclear War
10. What is Energy Resilience?
10
Energy Resilience
involves three key
areas interest.
Energy Supply
Photograph by Bloomberg via Getty Images
http://fortune.com/2016/01/15/decline-us-coal-industry/
Energy Systems
https://www.acaraenergy.ie/boiler-plant-district-heating-skid-
mounted-systems-cascade-systems/
https://images-na.ssl-images-
amazon.com/images/G/01/th/aplus/leviton/VersionCfor
amazon._V360668010_.jpg
Energy Controls
11. What is Energy Supply Resilience?
11
Energy Supply Resilience Include the following activities:
a. Supply Availability:
b. Supply Reliability
c. Supply Affordability
12. What is Energy Supply Resilience?
12
a. Energy Supply Availability:
Fuel/Energy Source is actually present for use in sufficient qualities to
meet demands of the energy users
Regulatory constraints allow for it to be extracted, sold, transported, and
used
Infrastructure, with reasonable redundancy, for transportation is available
Fuel/Energy Source is storable in sufficient quantities to meet defined
critical demand
13. What is Energy Supply Resilience?
13
b. Energy Supply Reliability
Fuel/Energy Source is consistently available when needed
Political/Regulatory activities are stable and will not restrict supply
Social/Labor activities will not to interrupt supply harvesting
Environmental events will have minable impact production/transportation
14. What is Energy Supply Resilience?
14
c. Energy Supply Affordability
Fuel/Energy Sources must have sufficient reserves to meet supply versus
demand economics
Distribution logistics must be based on sufficient and redundant
distribution paths and with sufficient capacity to keep costs competitive
Environmental events have minable impact on production, delivery, and
storage
15. What is Energy Supply Resilience?
15
Energy Supply Resilience Does Not Include the following activities:
a. Contracting:
Contracting from the same utility that is providing energy to provide backup energy when the utility has a
complete system failure is not resilient
Contracting for alternate supply such as trucking in compressed/liquefied natural gas when there is a
regional/national infrastructure failure is not resilient
b. Renewable Energy
Renewables like solar and wind are not resilient in of themselves, as they cannot always supply energy on demand,
although renewables when available can help extend supplies of resilient energy
• Solar doesn’t supply energy at night or when the sun is not shining enough such as cloudy days
• When there is not enough wind or there is too much wind blowing wind turbines don’t operate
• Battery back-up for renewable systems are reliable only when the renewable energy source is available daily but
fails if the sun is clouded over or the wind doesn’t blow adequately for several days in a row
c. Microgrids/Smart Grid System
A Microgrid or Smart Grid is a control system for energy generation
A Microgrid or Smart Grid not an energy generation system in of itself
A Microgrid can only control power generation/distribution systems if there is a resilient supply of fuel/energy to
generate usable energy with
16. What is Energy System Resilience?
16
Energy System Resilience Include the following activities:
a. System Reliability:
b. System Availability:
c. System Maintainability:
d. System Affordability:
17. What is Energy System Resilience?
17
a. Reliability: “Reliability can be defined as the probability that a product, system or
service will perform its intended function adequately for a specified period of
time, operating in a defined operating environment without failure.” – American Society
for Quality http://asq.org/learn-about-quality/reliability/overview/overview.html
• Probability of success: The likelihood that the system will be able to satisfy the operational needs for
the type, quality, and quantity of energy required when called on to perform.
• Durability: The system will be able to meet its environmental and operational demands placed on.
• Dependability: The prospect that the system will be able to consistently supply the energy needed
when need with minimal interruptions or cause for maintenance.
• Quality over time: The expect standard performance of the system will continue to be acceptable as
planned and/or degrade along a predefined and acceptable curve of performance.
• Availability to perform a function: The energy system is accessible and delivering energy that will
power the prescribed operations as expected.
18. What is Energy System Resilience?
18
b. Availability: As with reliability and maintainability, availability can be either a
demonstrated (descriptive) or predictive (inferential) measure of performance
— and as with any probability measure, its value is in the interval, cannot be less
than zero and cannot be greater than one. – Tim Adams, Nasa’s J.F. Kennedy Spaceflight Center
https://kscddms.ksc.nasa.gov/Reliability/Documents/160727.1_Availability_What_is_it.pdf
Demonstrated availability: The system’s actual uptime versus the total time it is required to be up.
Predictive availability: The system’s scheduled time based on, predicted scheduled maintenance,
unscheduled corrective maintenance, anticipated environmental events.
Inherent availability: A system design parameter based on a fail distribution mode and a repair
distribution model.
19. What is Energy System Resilience?
19
c. Maintainability: The ability of an item to be retained in, or restored to, a specified
condition when maintenance is performed by personnel having specified skill
levels, using prescribed procedures and resources, at each prescribed level of
maintenance and repair. – Defense Acquisition University https://www.dau.mil/glossary/pages/2183.aspx
Ability to Maintain: The organization has the in-house or contracted capability to physically maintain
the system. And, the system is not so obsolete or out of production as to not have supplies of spare
parts available.
Wiliness to Maintain: The organization’s management has committed to maintaining energy systems
and has dedicated the financial, human, and material resources to keep energy system fully
operational and technically up to date with state-of-the-art equipment.
Affordability of Maintenance: An organization has the financial resources (budget) to properly
maintain the system or the has the ability to utilize a 3rd party financing vehicle to properly maintain
energy system.
20. What is Energy System Resilience?
20
d. Affordability: “The engineering process or management discipline which assures
the final system, program, project, product, or service can be delivered (or owned,
operated, developed, and produced) at a cost which meets previously - established
funding (or best value) constraints, while still meeting all approved requirements
(or standards, needs, and specifications)” – NASA Cost Estimating Handbook, NASA, 2008.
Cost As an Independent Variable (CAIV): The ability to design and implement energy system residency
in a manner that energy costs are treated independently from other costs, allowing for a give and take
(cost trade off) management approach. The cost of more efficient hardware is offset by using less or
less costly energy sources.
Life Cycle Cost (LCC): A process for determining the Total Ownership Cost, which allows for conducting
of “What if Analysis” to determine the impact on the Total Cost of ownership for various design and/or
operational choices.
Total Ownership Cost (TOC): Is the economic costs of owning the energy system over the design,
implementation, and operational periods of the energy system. If this cost is beyond a satisfactory level
to which the owner can afford the Total Costs of owning the system, operational and/or other
considerations will have to be investigated, such as not having energy, in order to continue operations of
the system and/or providing the service that the system supported
21. What is Energy Control System (Cyber) Resilience?
21
Click Picture to Play Video
22. What is Energy Control System Resilience?
22
Energy Control System Resilience Include the following activities:
a. Physical Security:
b. Command Security:
c. Control Security:
d. Information/Intelligence Security:
23. What is Energy Control System (Cyber) Resilience?
23
Internet of Things
IOT
• Energy Control Systems are those systems
that provide information or automated
and/or remote control for:
• HVAC Systems
• Lighting Systems
• Building Security
• Fire Systems
• Appliance Controls (IOT)
• Mobility System (Elevators, Trams, Etc.)
• Production Control Systems
• Smart Meters Systems
24. Security Threats Posed BY Compromised Energy Systems
1. The first category of cyber threats includes the removal of data from an ICS or a DOD network
connected to an ICS. According to OSD’s March 2014 memorandum, a serious mission-disabling
event could occur if an ICS was used as a gateway into an installation’s information technology
system or possibly DOD’s broader information networks.
2. The second category of cyber threats involves the insertion of false data to corrupt the
monitoring and control of utility infrastructure through an ICS. In its March 2014 memorandum,
OSD noted that disruption of a computerized chiller controller could deleteriously impact
critical military operations and readiness.
3. The third category of cyber threats is the physical destruction of utility infrastructure controlled
by an ICS. According to United States Cyber Command officials, this threat—also known as a
“cyber-physical effect”— is the threat about which they are most concerned. This is because a
cyber-physical incident could result in a loss of utility service or the catastrophic destruction of
utility infrastructure, such as an explosion.
24
25. Energy Control System Vulnerability Triad
OPSEC
INFOSEC
Cyber
• COMSEC
• Tempest
• Insider Actors
• Foreign Agent Actors
25
26. The Security Vulnerabilities Triad
INFOSEC
Cyber
Security
OPSEC
Operational Security (OPSEC) - Army Regulation 530–1
“OPSEC protects sensitive and/or critical information from adversary observation
and collection in ways that traditional security programs cannot. While these
programs, such as Information Assurance (IA), protect classified information, they
cannot prevent all indicators of critical information, especially unclassified
indicators, from being revealed.”
• Most significant (dangerous) and least addressed security threat related to
any type of energy system.
• Involves the ability of an adversary to utilize cyber, COMSEC, EMSEC and
INFOSEC related information to gain unauthorized knowledge of critical
mission and/or organizational activities and plans, as well as disrupt operations
and/or destroy equipment and facilities.
• Results in mission failure, loss of important equipment & facilities, and most
egregiously the death and or incapacitation of highly trained personal.
• Cyber and INFOSEC activities exist to ensure that OPSEC goals can be
maintained and can be thought of as elements of Operational Security
(OPSEC)
Violations of OPSEC Regulations, Policies, and Directives can result in loss of
Security Clearances and Criminal Prosecution! 26
27. Energy Control Systems are Weakened Nodes In
Energy Systems Security
• OPSEC – Operational Security Threats
• “In concise terms, the OPSEC process identifies the critical information of
military plans, operations, and supporting activities and the indicators
that can reveal it, and then develops measures to eliminate, reduce, or
conceal those indicators.” Army Regulation 530–1
27NTTP 3-13.3M/MCTP 3-32B, NAVY OPSEC Guide
28. Energy Control Systems a Weakened Node
In Energy Systems Security
• 15. Engineering and Services Support.
• a. Housing capacity
• b. Housing use
• c. Design factors
• d. Utility requirements
• e. Environmental impacts
• f. Firefighting capabilities
• g. Road usage
• . Trash disposal
• i. New construction
• j. Structure modifications
• k. Facility maintenance
• l. Facility usage.
NTTP 3-13.3M/MCTP 3-32B, NAVY OPSEC Guide
The Dark Side of 'Smart' Meters
https://www.youtube.com/watch?v=FLeCTaSG2-U
Utility data contained in smart meters, control systems,
and energy reports is subject to OPSEC restrictions
28
Types of Energy Data Subject to OPSEC security Rules
29. Potential OPSEC Violation Scenarios
29
Ammunition Facilities
Intended energy usage data based on 15 minute sampling and one hour updating to
smart meter “Dashboard” systems could initiate and or contribute to the successful
completion of the following threats:
• Theft/sabotage of munitions and explosives shipments –
Broadcasting the energization (Lighting and Loading Equipment) of
loading facilities can notify terrorist of the exact arrival/departure
time of trucks carrying munitions and explosives, aid identifying
travel routes and passing of other critical facilities to generate
further collateral damage by an attack.
• Various production process are critically dependent on stable and reliable
energy. Variation of voltage, frequency, or availability of electrical power
during critical times can result in disastrous consequences. Providing
detailed equipment and energy utilization information can allow a
terrorists to accurately predict the critical times to disrupt the energy
services to create a catastrophic incident.
While the event on this page are not a result of a Smart Meter or Dashboard they do
demonstrated the levels of destruction that could occur as a result of an OPSEC event.
30. INFOSEC
Cyber
Security
OPSEC
The Security Vulnerabilities Triad
Information Security (INFOSEC)
• The second least addressed and second most concerning area
of the Security Vulnerabilities Triad.
• Addresses how individual elements of data are classified as
being critical to security of operational activities (OPSEC).
• Guides the evaluation of how individual unclassified elements
of data/information when made available on a single
information system become classified and significant OPSEC
vulnerabilities (compilation).
• Enforces international treaties and status of forces
agreements by controlling the release of information about
forces location, facilities being utilized, times of operational
activities, equipment contained in facilities, energy and
frequency information, and levels of personnel at individual
locations.
• INFOSEC protocols dictate what information may introduced
into a Cyber Secure System and who can see that information
at various levels of abstraction. 30
31. Energy Control Systems INFOSEC Risks
• AR 380-5 2-5
• 2–8. Classification criteria:
• a. Military plans, weapons systems, or
operations
31
• b. Vulnerabilities or capabilities of systems, installations, projects or plans
relating to the national security. Note: When used, these seven
classification categories are referred to by their reference letter, preceded
by“1.5,” the reference location within the EO. For example, “Military plans,
weapons systems, or operations” would be “1.5(a). ”
32. Energy Control Systems INFOSEC Risks (cont.)
AR 380-5 2-5
“Certain information that would otherwise be unclassified,
may require classification when combined or associated with other
unclassified information.
This is referred to as classified by compilation. However, a compilation of
unclassified items of information is normally not classified. In unusual
circumstances, classification may be required if the combination of unclassified
items of information provides an added factor that warrants classification.
Similarly, a higher classification may be assigned to compilations of
information that warrants higher classification than that of its component
parts. Classification on this basis shall be fully supported, in writing, accompanying
the compilation document.”
32
33. AR 380-5 2-5
“Certain information that would otherwise be unclassified, may
require classification when combined or associated with other
unclassified information. This is referred to as compilation.”
• Energy Control Systems Dashboards
associated with energy systems can
quickly compilate and disseminate to
unauthorized and/or hostile individuals
highly classified - compilations-of
information - without proper security
oversight, anywhere in the world.
The Dark Side of 'Smart' Meters
https://www.youtube.com/watch?v=FLeCTaSG2-U
33
Energy Control Systems INFOSEC Risks (cont.)
34. Potential INFOSEC Concerns
34
(a)Whenever, in the interests of national defense, the President defines certain vital military and naval installations or equipment as
requiring protection against the general dissemination of information relative thereto, it shall be unlawful to make any photograph,
sketch, picture, drawing, map, or graphical representation of such vital military and naval installations or equipment without first
obtaining permission of the commanding officer of the military or naval post, camp, or station, or naval vessels, military and naval
aircraft, and any separate military or naval command concerned, or higher authority, and promptly submitting the product obtained
to such commanding officer or higher authority for censorship or such other action as he may deem necessary.
(b)Whoever violates this section shall be fined under this title or imprisoned not more than one year, or both.
(June 25, 1948, ch. 645, 62 Stat. 737; Pub. L. 103–322, title XXXIII, § 330016(1)(H), Sept. 13, 1994, 108 Stat. 2147.)
18 U.S. Code § 795 - Photographing and
sketching defense installations
Some energy systems and “energy Dashboard” systems may be
providing an easy route for exfiltration of sensitive and/or
classified information.
• Maps/pictures include specific building/facility identification information
• Building infrastructure and equipment information including IT Network
identifiers for specific pieces of equipment
• Organizational information and activity status
• Installation vulnerability, readiness, and capabilities status information
Potentially Compromising Information Found on Google Images @
https://www1.eere.energy.gov/femp/pdfs/ns/advmet_12072011_lee.pdf
Actual Facility Information Redacted for this Presentation
35. • Production and mission critical facilities identification and critical operational
information. For facilities would include designation of:
• Operational start and stop times, identification of times when explosives
and/or other hazardous materials (such as chem./nucl. weapons) are at their
most vulnerable location or stage of handling.
• Construction schedules and details that identify when physical security and IT
network security systems will be inoperable, when the facility is easily
assessable for infiltration and/or other attacks.
• Name of Key Personnel and work Location is made publicly available along
with types of sensitive information the individual has access to.
• Identifies each building by name and functionality, time of normal usage and extraordinary usage, coming and going patterns of key
personnel.
• Command Building data place installation commander, VIPs, and other high ranking installation officials at extreme risks.
Potential INFOSEC Violation Scenarios
35
Found via unsecure Google search,
https://player.slideplayer.com/13/3797051/
What is Wrong with this Picture?
Actual Facility Information Redacted for this Presentation
US Navy Operations Security (OPSEC) Manual
NTTP 3-13.3M/MCTP 3-32B
36. INFOSEC
Cyber
Security
OPSEC
The Security Vulnerabilities Triad
Cyber Security
• Most recognized/addressed and yet the least critical
element of the Security Vulnerabilities Triad. Because???
• While not the most desirable solution the easiest security
measure to implement, do not use any electronic-data
communications, storage, processing, or retrieval systems.
• Involves the hardening of the data processing and data
transmission systems and subsystems, as well as, control
and monitoring systems.
• Typically involves access control techniques, data encryption
methodologies, and system integrity monitoring and
correction processes.
• Can be and often is the most vulnerable node of the Triad
as it does not address what information is compiled on the
system nor what intelligence value individual data element
or compiled information elements can reveal of operational
activities. 36
37. Energy Control Systems
The Boundaries of Cyber Security
• It is critical to understand that cybersecurity extends
beyond the bounds of information security, to include:
• Solid engineering that includes design features that
promote stability and security.
• Training and awareness to provide users, operators, and
sustainers with proper training to ensure they are vigilant.
• Response, recovery, and restoration to actively respond to
internal and external malicious attacks, as well as recover
from system failures caused by inadvertent operator error,
internal and external malicious attack, and major
calamities.
DoD Program Manager’s Guidebook for Integrating the Cybersecurity Risk Management Framework (RMF) into the System Acquisition Lifecycle
https://www.dau.mil/tools/Lists/DAUTools/Attachments/37/DoD%20-
%20Guidebook,%20Cybersecurity%20Risk%20Management%20Framework,%20v1.08,%20Sep%202015.pdf
37
GAO-15-6 Federal Facility Cybersecurity Manual, Page 11
38. Cyber Security and Risk Management Framework
When Cyber Security is Not Enough!
38
A cyber secure system can be a major breach of OPSEC
and/or INFOSEC security protocols….
• Insider threats
• Misuse of systems
• Unintentional INFOSEC or OPSEC compromise by trusted
personnel
• CYBER SECURITY protocols secure the hardware and software
systems NOT the intentional or unintentional distribution of
OPSEC or INFOSEC compromising information.
• Cyber Security systems do NOT protect against distribution of
Information Classified by Compilation and these systems
actually enhances the risk of security breaches and speed of
dissemination damaging information.
39. 39
The Hidden Threat to Energy System Resilience
Compromising Emanations
(TEMPEST & EMSEC)
41. Tempest & Cyber Security – Separate but Complimentary
• “TEMPEST In computer technology, the name Tempest originated with the U.S. military in the 1960s
as the name of a classified study of the security of telecommunications devices that emit
electromagnetic radiation (EMR).” (https://searchsecurity.techtarget.com/definition/Tempest)
• Tempest also includes emanations via optical, noise, vibrations, and heat/cold emissions.
https://arxiv.org/pdf/1808.07175.pdf
• “Every electronic, electro-optical or electromechanical device gives off some type of electromagnetic
signals, whether or not the device was designed to be a transmitter. The EMR that "leaks" from
devices can be intercepted and, using the proper equipment, reconstructed on a different device.”(https://searchsecurity.techtarget.com/definition/Tempest)
• “The EMR that is emitted by devices contains the information that the device is displaying or storing
or transmitting. With equipment designed to intercept and reconstruct the data, it is possible to steal
information from unsuspecting users by capturing the EMR signals. The distance at which
emanations can be monitored depends on whether or not there are conductive media such as
power lines, water pipes or even metal cabinets in the area that will carry the signals further away
from the original source.” (https://www.webopedia.com/TERM/T/Tempest.html)
• “The range in which an eavesdropper can monitor emanations varies tremendously according to
conditions. In most cases, the emanations can be picked up with proper equipment from a distance
of around 200-300 meters. However, in some cases where a signal has been captured by a
conductive medium (such as a power line), monitoring can occur over a distance of many
kilometers.” (https://searchsecurity.techtarget.com/definition/Tempest)
41
42. TEMPEST versus Risk Management Framework
The following Risk Management Framework (RMF) directives do not mention TEMPEST/EMSEC Security
Requirements
• Draft NIST Special Publication 800-37 Revision 2 Risk Management Framework For Information Systems And Organizations, October 2018
• NIST Special Publication 800-161 Supply Chain Risk Management Practices For Federal Information Systems And Organizations, April 2015
• NIST Special Publication 800-64 Revision 2, Security Considerations In The System Development Life Cycle
• NIST Special Publication 800-30 Revision 1, Guide For Conducting Risk Assessments Information Security
The following directives require implementation of TEMPEST protection for all Army facilities where classified
information is electronically and/or digitally produced, maintained, received, or transmitted, and where classified
electronic systems are housed and operated.
• Army Regulation 25–2 Information Management, Information Assurance
• Army Regulation 380–27, Security Control of Compromising Emanations
• Army Regulation 530–1, Operations and Signal Security Operations Security
• NIST Special Publication 800-53 Revision 5, Security And Privacy Controls For Information Systems And Organizations Refers To EMSEC (TEMPEST)
• Standards For Security Categorization Of FIPS Pub 199 Federal Information Processing Standards Publication Federal Information And Information
Systems, February 2004
42
43. Cyber Security - Tempest
Army Regulation 25–2, Information Management, Information Assurance
Information Assurance - The protection of systems and information in storage, processing, or transit from
unauthorized access or modification; denial of service to unauthorized users; or the provision of service to
authorized users. It also includes those measures necessary to detect, document, and counter such threats.
Measures that protect and defend information and ISs by ensuring their availability, integrity, authentication,
confidentiality, and non-repudiation. This includes providing for restoration of ISs by incorporating protection,
detection, and reaction capabilities. This regulation designates IA as the security discipline that encompasses
COMSEC, INFOSEC, and control of compromising emanations (TEMPEST).
2–23. Program executive officers and direct reporting program/project managers
• h. Ensure IA, COMSEC, and TEMPEST requirements are incorporated into life cycle planning
2–12. Commanding General, U.S. Army Materiel Command
• b. Assist IA functional proponents in identifying security requirements for proposed and existing sustaining base, tactical, and weapons
systems
2 –24. Commanders, directors, and managers
• h. Ensure IA, COMSEC, and TEMPEST requirements are incorporated into life cycle planning
2–25. Garrison commanders
• Review, before adoption, proposed changes that could affect the operation of the installation infrastructure’s network security and
operation (confidentiality, integrity, and availability).
3–3. Information Assurance support personnel
• 15) Assume only authorized roles and privileges as assigned
• e. TEMPEST personnel. Execute responsibilities as required in AR 381–14.
43
44. Cyber Security - Tempest
Army Regulation 380–27, Security Control of Compromising Emanations
• 1–12. Commander, U.S. Army Corps of Engineers
• The Commander, USACE will ensure that using agencies TEMPEST requirements are
incorporated into project design and construction contracts in Army facilities processing
classified national security information (NSI).
44
https://www.defensecommunities.org/blog/congress-
dod/milcon-funding-edges-up-under-fy19-minibus/
https://www.slideshare.net/ColoradoPTAC/corp-
ofengineermilconopportunities
https://www.hnc.usace.army.mil/Portals/65/docs/PAO
/Bulletin/2012/JULY.pdf
45. Cyber Security via Tempest
Army Regulation 380–27 Security Control of Compromising
Emanations
4–1. Army classified facility TEMPEST notification procedures
The Army Tempest Program Manager must be notified of existing systems and
facilities processing classified NSI and of any transmitters located within the
facility or within 20 meters of the facility. Transmitters are defined as cell
phones, two-way pagers, radios, transceivers (including alarm systems),
wireless systems, portable electronic devices, and repeaters. Transmitters
include both radio frequency (RF) and infrared types of devices.
45
GE kV2cer with IR and
Cellular RF Bidirectional
Transceivers
Johnson Controls
https://www.eetimes.com/document.asp?doc_id=1280739
46. Real World TEMPEST Protection Challenges
46
FEMA’s Multi Radio VAN, manufactured by
CTA Inc. Provides radio, telephone, and
satcom capabilities to FEMA, DOD, and
Homeland Security in times of
emergencies.
https://www.electronicspecifier.com/cms/images/FIgure%202-
MPE%20TEMPEST%20EMI%20equipment%20filters%20as%20installed%20in
%20a%20battlefield%20enclosure.JPG
Black and Red communications lines are
filtered similar to this fashion to prevent
leakage of and/or remote access to
classified systems and information.
(Image is not from FEMA RMV)
Power Filters such as these are used to
clamp hostile incoming signal and data
signal leakage from leaving the facility.
(Image is not from FEMA RMV)
TEMPEST/EMSEC requirements are beyond the realm of traditional Risk Management
Framework (RMF) activities requiring special technical training and security clearances!
47. 47
What IS A Successful Cyber Attack?
The Most Successful Security Breaches Are The Ones That Are
Never Discovered!!!
Most Common Reasons Cyber Attacks Are Discovered
• The most common known attacks are committed by “Jokers”, individuals who
are playing around with technology or have a personal grudge against the
system owner/operators.
• The second most common known attacks are committed by “Patsies”,
individual who are set up by a government or other entity to commit attacks.
These individuals may be classified as radicals, terrorist, idealist, activist,
fundamentalist, would be professionals, etc., but they set up with the
anticipation that they will be uncovered and that their activities will be
exposed.
• The least commonly known and most often classified types of attacks are
executed by “Intelligence Professionals” whose identities and activities are
seldom if ever detected or known to exist. An example of this is the work of
Captain Joseph J. Rochefort against the Japanese communications network in
WWII. Rochefort’s work was virtually unknown until well after WWII was
over. In several instances Allied forces were not alerted to dangers in order to
protect the ability to hack Japanese communications.
https://encrypted-
tbn0.gstatic.com/images?q=tbn:ANd9GcQXAAAbkWR8JR
B56Jl3cxiCf5OWOVJAyTOvUkn9l3ABVnttA9dCSQ
Captain Joseph J. Rochefort
48. 48
Security/Tempest Considerations for
Planning an Energy Efficiency Project?
1. Check with the Facility/Building Manager to determine if Classified Material in any Electronic Format is maintained, processed,
or generated within the building envelop.
2. If any classified material is maintained, coordinate any energy conservation measure planning, design, or implementation with
the appropriate installation and/or organizations OPSEC Manager, Tempest Program Manager, and Information Assurance
Manager as early as possible in the planning phase to determine security requirements.
3. If no classified material is maintained coordinate with the organizations OPSEC Manager and Information Security Manager, to
ensure that the ECM will not expose in critical information or create a classification by compilation situation.
4. Coordinate the appropriate security requirements for design and implementation requirements with the local DPW and Corps of
Engineer Program Office prior to designing or implementing an ECM to ensure that all required security elements are properly
considered and costed within the Life Cycle Cost Analysis.
5. When in doubt Contact your installations Corps of Engineers POC or the REM Program Manager at USACE to ensure the right
security analysis is being performed to prevent a Classified Leak, an OPSEC leak, or harmful emissions of compromising
information.
6. Remember the Corps of Engineers has the Responsibility and Authority to ensure TEMPEST requirements are satisfied in all
“project design and construction contracts in Army facilities”, along with the USACE Experts to get the job done
correctly.
Engaging USACE support early in the process is a key attribute of any successful
Energy Conservation Measure design and implementation effort!!!!
50. What is Energy Resilience Planning Process?
50
Energy Resilience Planning Process Include the following activities:
1. Identify Energy Assets and Potential Threats
2. Evaluate Installation Mission and Operational Goals
3. Determine the Risks/Impacts from an energy disruption
4. Develop an Energy Infrastructure that Resists Disruptions
5. Implement Energy Resilience Plans Before a Failure Occurs
Identify
51. Planning a Resilient Energy System!
51
https://m5.paperblog.com/i/49/492705/iowa-army-ammunition-plant-implements-geother-L-x5qJdT.jpeg
https://militarybases.com/iowa/iowa-army-plant/
Satisfying the 3 Key Objectives of
Energy System Resilience to meet
the needs of an Operational Facility.
52. Coal-gasification and Energetics Energy Recapture Plant
In Conceptual Planning Stage
Object
• Develop an efficient, affordable, and environmentally friendly Resilient energy system
for an Army Ammunition Production Installation
• Implement a safe and environmentally friendly method of recapturing energy from scrap
energetics and realize significant savings through avoiding costs associated with
handling, storage, and disposal of these materials.
52
Solution
• Build a central generation plant powered by ICCG coal-
gasification technology
• Incorporate scrap energetics into fuel stream of the coal-
gasifier to recapture energy and eliminate need of OBOD.
https://www.youtube.com/watch?v=iqqyL18gEoU
Click Picture to Play Video
53. Coal-gasification and Energetics Energy Recapture Plant
53
Supply Resilience
Coal Stored on site
Natural Gas Grid
Grid Electric Power
Diesel Stored on site
Scrap Energetics
System Resilience
Stacked Modular Gasification Plant is
Multiple Steam/Gas Generators
Multiple Backup Generators
Multiple Backup Electric Boilers
Cyber Resilience
Not connected to Government Networks
Not connected to Commercial internet
Uses Encrypted Spread Spectrum (Weapon System
Quality) Power Line Carrier Communications
Communications Electrically Clamped/Filtered at
Fence when Connected to the Grid
Tempest and Hack Resistant
Signal emanations are seen as background/white
noise or are filtered at source
System is completely isolatable with manual switch-
outs at every major load interconnect
Each critical load can be fed by a localized dedicated
generator during extreme emergencies
Coal Gasification Meets all Elements of an Energy System Resilience
54. Resilient Coal-Gasification Energy System Concept
54
Steam for Production
https://www.army.mil/article/101
306/scranton_army_ammunition_
plant_achieves_iso_500012011_st
atus
Industrial Electric Boilers
Sized for Each Line
https://www.indiamart.com/proddetail/industrial-
electrical-steam-boiler-3749343930.html
Electric Powered HVAC/Hot Water
http://alphamechanicalservice.com/hvachea
der/
Building Environmental Comfort
https://encrypted-tn0.gstatic.com/images?q=tbn:AN
d9GcSpr4KSAra1mzE_A46CwWWQ94-HvhXn-
RAGY3mn_P3WmUsjDseXug
Commercial Natural Gas for Backup
https://www.norskpetroleum.no/wp-content/uploads/OED_R%C3%A5Olje_english.png
Grid Power for Backup
https://www.shorehillcapital.com/investment/power-grid-components-inc/Grid
Emergency Backup
Generators and/or
Locomotives On-Site
https://s7d2.scene7.com/is/image/Caterpillar/CM201
70511-79068-45605?$cc-g$
https://www.volpe.dot.gov/sites/volpe.dot.gov/files/
Rail%20Modernization%20for%20DoD_USAX6515.jpg
Manual Switches
Protect against Cyber
attacks and Tempest Attacksgwelec.com
https://en.wikipedia.
org/wiki/Fuse_cutout
Backup Boilers for Maintenance or Repair
Activates kept on site to limit line downtime
https://www.indiamart.com/proddetail/industrial-electrical-steam-boiler-3749343930.html
55. Coal-gasification and Scrap Energetics Energy Plant
55
Coal Economic Resilience
Coal Prices are more stable over time
Coal Can be Bought and Stored when prices are low
Gasification Rates are variable to meet demand via
process control and switching in/out units
Competitive Analysis and Fuel Switching
During non-peak times when grid power maybe
cheaper, the demand can be switched to the grid
Blended use of commercial natural gas and syngas
can be utilized to maximize efficiencies
Syngas/Methane production can be varied to meet
on site demand and sales back to the NG supplier
Co-Generation Cost Offsetting
System Sized at 8 MW with an average demand of 4 MW
Excess Generation Capacity can be fed back into the
GRID
Running at full capacity with excess power supplied to
the grid realizes economies of scale profitability's, while
minimizing supply/demand management issues
Cost Avoidance
Scrap Energetic handling/disposal cost avoidance of
approximately $20/lb/yr
Smaller Electric Boilers can be idled or killed during
extended production costs reducing steam costs
Backup power can be provided directly to each line with
little additional infrastructure required
Coal Gasification is Affordable and Economically Sustainable
56. Profitable By-Products of Coal-Gasification
56https://www.netl.doe.gov/research/coal/energy-systems/gasification/gasifipedia/chemicals
57. Coal-gasification and Scrap Energetics Costs Savings - LCCA
57
LCCA Coal-Gasification without
Avoided Cost of Scrap Energetics
TOTAL COST………………………………………………… $18,871,625
PUBLIC UTILITY COMPANY REBATE..………………….. $232,040
TOTAL INVESTMENT………………………………………… $18,639,585
DEMAND SAVINGS ………………………………………… $196,300,800
TOTAL MMBTU SAVINGS………………………………….. $90,105,107
TOTAL NON-ENERGY DISCOUNTED
SAVINGS/COST ……………………………………………………….. $0
FIRST YEAR DOLLAR SAVINGS ………………………….. *$4,709,086
SIMPLE PAYBACK …………………………………………………… 3.96
TOTAL NET DISCOUNTED SAVINGS ………………… $90,105,107
SAVINGS TO INVESTMENT RATIO (SIR) …………………… 4.83
LCCA Coal-Gasification with
Avoided Cost of Scrap Energetics
TOTAL COST………………………………………………… $18,871,625
PUBLIC UTILITY COMPANY REBATE..………………….. $232,040
TOTAL INVESTMENT………………………………………… $18,639,585
DEMAND SAVINGS ………………………………………… $196,300,800
TOTAL MMBTU SAVINGS………………………………….. $90,105,107
ANNUAL RECURRING (+/-) Scrap
Energetics Avoidance Costs ……………………………. $10,000,000
TOTAL NON-ENERGY DISCOUNTED
SAVINGS/COST ……………………………………………… $196,000,000
FIRST YEAR DOLLAR SAVINGS ..………………………... *$14,709,086
SIMPLE PAYBACK ………………………………….…………………. 1.72
TOTAL NET DISCOUNTED SAVINGS ………………… $286,105,107
SAVINGS TO INVESTMENT RATIO (S) ……………………... 15.35
* Represents costs savings and sales of excess power
58. Coal-gasification and Scrap Energetics Costs Savings
Costs – Savings Model
58
Plant Design is 8 MW
Current Demand 4 MW
(Operating ½ Capacity)
Calculations assume
selling excess to grid.
59. Coal-gasification and Scrap Energetics Costs Savings
Raw Costs Data (DOE/NETL & JFK School of Government, Harvard University)
59
60. Future Direction of DoD Energy Resilience Programs
60
https://www.youtube.com/watch?v=RPI8G6COc8g
NUCLEAR ENERGY
Micro-Reactors Get Potential Boost in Defense
Authorization Bill Provision
FY ‘19 bill directs DOE to outline pilot program to build a
micro-reactor on Defense or Energy Department site.
(https://morningconsult.com/2018/06/08/micro-reactors-get-potential-boost-in-defense-authorization-bill-provision/)
What to Look for Next: Within the next year, the Department of Energy will develop a report on a pilot program for deploying micro-reactors at national
security facilities. Also, look for a formal engagement between DOD and a private reactor development company to start working on a project next
year. And keep a watch out for the submission of micro-reactor applications to the NRC sometime before 2021.
The Big Picture: The Pentagon's interest in the technology signals strong confidence in nuclear energy to meet the Pentagon’s energy resilience goals.
Through the National Defense Authorization Act the President has directed the Secretary of Energy to develop a report on a pilot program for deploying
micro-reactors at national security facilities. His signature on the bill points to the Administration’s confidence in the nuclear industry to support the country’s
national security interest
What DoD’s Troy Warshel, director of operations at the Office of the Deputy
Assistant Secretary for Operational Energy, has to say: “Ultimately our goal is
resilience. And what does resilience mean for the Department of Defense? It means
for our critical missions, when we flip the switch – there’s power. We see nuclear
energy as a huge potential partner in achieving our resilience goals.”
Click Picture to Play Video
61. 61
Author Biography
Dr. Robert L. Straitt began his professional career by upon joining the United States Air Force where he served
in the Regular Air Force, Air National Guard, and Air Force Reserve. During his time in the Air Force, he was a Flight
Test Engineer and Program Manager on advanced research and development programs, including developing and
testing advanced cryptology equipment for the Air Force, NATO, and National Security Agency Programs.
Dr. Straitt, managed a number of academic research initiatives with MIT Lincoln Laboratories, Oregon Graduate
Institute, University of New Hampshire, University of Corsica, and other institutions. Dr. Straitt later served as a
geophysics scientist at the Air Force Geophysics Laboratory where his duties included the monitoring foreign nuclear
weapons testing and managing the development of advanced digital mapping technologies.
Dr. Straitt, also served as NCOIC International Cooperative Programs Branch, Program Manager for a advanced
data collection and reporting programs, and Chief of an advanced software testing methodology program ($MART for
Software). Dr. Straitt was a supervisor responsible for facilities and nuclear weapons security, where he was certified
as training administrator. Dr. Straitt has successfully completed Air Force Space System Equipment technologies
training. Dr. Straitt finished his Air Force career developing domestic and international government/academic
cooperative research initiatives for SAF/IAQ.
More recently, Dr. Straitt has expanded his breath of technological expertise to include energy efficiency and renewable energy technologies, where he is Certified
through the Association of Energy Engineers as a Certified Energy Manager and Certified Demand Side Manager. Scholar. Dr. Straitt is a Member of the Homeland Security
Industrial Control Systems-Cyber Emergency Response Team and Member of the Homeland Security Information Network & Users Group.
Dr. Straitt is currently enrolled as a PhD student in Environmental Sciences, at the Arkansas State University-Jonesboro, where he is studying Variable Frequency Drive
technology and associate grid based control and communications technologies.
After leaving, activate duty with the Air Force, Dr. Straitt pursued a professional career in private industry as an engineer and consultant. Dr. Straitt has served as a
Tempest/EMI/EMC/EMP and Lightning Engineer, Certifying Official for AUTODIN and Tempest testing, managed the development/testing of Classified Automated Message
Handling Systems for GCCS (WMMICS) network, designed and implemented secure C4I systems for FEMA. Dr. Straitt has worked with some of the nation’s largest industrial
organizations to implement efficiency practices in diverse technologies from heavy manufacturing and telecommunications to environmental services. Dr. Straitt has also taught
engineering at the University of Corsica, France and guest lectured at other institutions and is a National Science Foundation Infinity Scholar.