Panel 2: Needs and Requirements of the Infrastructure Community

Moderator: Richard G. Little,

National Research Council

Michael Brandenburg

AT&T

Mr. Brandenburg described the ways in which AT&T has used either underground placement or underground construction to protect vital company systems. Many of these facilities presently have available capacity since today's equipment is much more compact than earlier systems. He then detailed the use of UGFs to support a major DoD communications program as one strategy for protecting critical systems. A second strategy is a robust program for patching and routing around network problems. A third is development of mobile assets for emergency response.

Mr. Brandenburg noted that AT&T has been burying cables (i.e., critical infrastructures) for over 100 years. At the height of the Cold War, AT&T maintained 20 key switching centers for DoD's Automatic Voice Network (AUTOVON) in hardened 25-foot-deep underground sites. The AUTOVON network also contained hardened buried cable routes. The buildings housed noninterruptable power supplies, emergency generators, and emergency provisions. These structures are still in place but are underutilized. AT&T continues to work with buried cable routes and has in place the largest fiber optic network in the United States. The company has mechanisms, including computer-controlled restoration systems, for quickly patching and routing around any switches that go out of service. AT&T's strategy also allows it to field mobile assets that can respond quickly to an emergency. The company maintains a fleet of large semitrailer trucks with telecommunications equipment at strategic locations across the United States. These mobile assets can be deployed in hours and have been used over 20 times in the past four years.

Mr. Brandenburg explained the ways in which AT&T might respond to a problem in the context of risk assessment and management and noted that organizations need to conduct a risk assessment to determine their vulnerabilities. AT&T carries out such exercises four times a year. In closing he pointed out that UGFs are just one of many tools available that can help protect critical infrastructures.

Paul Rodgers

President's Commission on Critical Infrastructure Protection

Mr. Rodgers began his remarks with a historical account of how ancient cultures used UGFs. History provides a solid precedent for the use of UGFs to protect critical infrastructures against natural disasters, the explosion of



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 24
Use of Underground Facilities to Protect Critical Infrastructures: Summary of a Workshop Panel 2: Needs and Requirements of the Infrastructure Community Moderator: Richard G. Little, National Research Council Michael Brandenburg AT&T Mr. Brandenburg described the ways in which AT&T has used either underground placement or underground construction to protect vital company systems. Many of these facilities presently have available capacity since today's equipment is much more compact than earlier systems. He then detailed the use of UGFs to support a major DoD communications program as one strategy for protecting critical systems. A second strategy is a robust program for patching and routing around network problems. A third is development of mobile assets for emergency response. Mr. Brandenburg noted that AT&T has been burying cables (i.e., critical infrastructures) for over 100 years. At the height of the Cold War, AT&T maintained 20 key switching centers for DoD's Automatic Voice Network (AUTOVON) in hardened 25-foot-deep underground sites. The AUTOVON network also contained hardened buried cable routes. The buildings housed noninterruptable power supplies, emergency generators, and emergency provisions. These structures are still in place but are underutilized. AT&T continues to work with buried cable routes and has in place the largest fiber optic network in the United States. The company has mechanisms, including computer-controlled restoration systems, for quickly patching and routing around any switches that go out of service. AT&T's strategy also allows it to field mobile assets that can respond quickly to an emergency. The company maintains a fleet of large semitrailer trucks with telecommunications equipment at strategic locations across the United States. These mobile assets can be deployed in hours and have been used over 20 times in the past four years. Mr. Brandenburg explained the ways in which AT&T might respond to a problem in the context of risk assessment and management and noted that organizations need to conduct a risk assessment to determine their vulnerabilities. AT&T carries out such exercises four times a year. In closing he pointed out that UGFs are just one of many tools available that can help protect critical infrastructures. Paul Rodgers President's Commission on Critical Infrastructure Protection Mr. Rodgers began his remarks with a historical account of how ancient cultures used UGFs. History provides a solid precedent for the use of UGFs to protect critical infrastructures against natural disasters, the explosion of

OCR for page 24
Use of Underground Facilities to Protect Critical Infrastructures: Summary of a Workshop bombs, and the deployment of weapons of mass destruction. The existing surplus of UGFs today represents a huge investment that should be relatively inexpensive to occupy, operate, and maintain for new purposes. The vulnerability of critical infrastructures has grown markedly in recent years as a result of a number of factors, including increased competitive pressures from deregulation and globalization and the use of information technologies to improve competitiveness. Another element is the widespread concentration of operations for many organizations in a smaller number of facilities to decrease costs. This has resulted in less redundancy and reserved capacity. Together these trends have created vulnerabilities where none previously existed. Until now, these infrastructures have been protected from attack by distance, effective defenses, and the near certainty of retaliation. Adequate parallel capacity has usually been available as assurance against all but the most serious outages. Today, the computers that control critical infrastructures can be attacked through the Internet from any point on the globe. Military forces are not organized or deployed to defend the nation's vast infrastructures from physical and network-based sabotage. The threat of retaliation is less effective against small and elusive groups that strike anonymously and have no territory to hold at risk. Clearly, the owners and operators of today's infrastructures should assess the risk to their physical facilities and determine whether placing critical facilities underground is appropriate and cost effective. Prime candidates for this kind of protection are the supervisory control and data acquisition (SCADA) systems and other computer processes and their backup facilities for use in emergencies. These systems work from a remote location to monitor, maintain, and manage financial services, electric and gas systems, petroleum product pipelines, telecommunications, transportation operations, and a host of other infrastructures. The U.S. banking and finance infrastructure is the most advanced and robust in the world. Critical aspects of it are the key funds transfer and messaging systems, and the securities and commodities exchanges and their supporting clearing, settling, and depository infrastructures. The New York Stock Exchange, because of its prominence in the financial community and its close identification with U.S. capital systems, is an attractive target for a physical terrorist attack. As illustrated by the 1993 World Trade Center bombing, which caused many Wall Street firms to add backup locations, there is a need for contingency data systems, centers for key systems, and trading locations for the exchanges that can survive such attacks. Surplus UGFs would be a cost-effective means to enhance security. The use of remote secure locations would eliminate the risk of concentrating resources in one place. The electric power system is critically important to the operations of all other infrastructures in the United States. Electric power uses the ultimate just-in-time delivery system, since electricity cannot be stored at the point of consumption but must be used at the time of delivery. Unfortunately, electric power is also our most vulnerable infrastructure because of the multitude of above-ground, high-voltage transmission lines and towers that crisscross the

OCR for page 24
Use of Underground Facilities to Protect Critical Infrastructures: Summary of a Workshop nation. They are easy targets that cannot be defended on any kind of comprehensive basis. The United States will have to cope with this vulnerability until such time as it may become technologically and economically feasible to place them all underground. The practicality of building electric generating plants underground should be assessed, particularly those to be constructed under the new concept of distributed generation, owing to the abundance and low cost of natural gas. This concept includes the construction of small electric generating plants close to the customers they serve. The natural gas and petroleum industry has 1.4 million miles of pipelines that are already underground, except where they are suspended above ground for major river crossings. Many key assets are above ground, such as control and processing centers, pumping and compressor stations, refineries, storage facilities, and receipt and delivery points. The need for and economic feasibility of placing critical facilities underground must be examined, especially in the case of new construction. The U.S. telecommunications industry alone generates more revenue than most nations produce. The potential of explosive, chemical, and biological attacks against the country's telecommunications infrastructure has increased, as service providers have concentrated operations in a smaller number of facilities. Remote access technology has reduced the number of staff facilities needed to operate the network. New technology also permits cost-saving consolidation of switching equipment and transmission paths. Consolidating network control in central offices and megacenters lowers building, real estate, and labor costs. Key assets, such as switching facilities, should be reviewed to determine whether placement of existing or planned installations underground would increase their security. A 1988 fire in Hinsdale, Illinois, demonstrated the widespread and long-standing effects associated with the destruction of a major telecommunications network's switching facility. Half a million customers lost service, air traffic control at O'Hare International Airport was disrupted, and ATM banking networks were shut down. Full recovery required installation of a massive new switch, a process that took several weeks. Another means for assuring the operation of our critical infrastructures is to stockpile replacement parts needed to restore service and antidotes to chemical and biological attacks. Here, again, UGFs should be considered as alternatives in the selection of secure and convenient locations for stockpiling. Mr. Rodgers concluded by observing that there is a compelling case for increasing the use of UGFs to protect critical assets. Existing facilities represent a huge investment by the public and private sectors, such as federal and municipal UGFs, mines, missile sites, and tunnels that have been abandoned, and many are available for multiple uses. In the interest of carrying forward the national infrastructure assurance program, Mr. Rodgers stated his personal view that a federal agency should be designated as the matchmaker to inventory available UGFs, identify the terms and conditions governing occupancy, and promote their use by those seeking to protect critical facilities. The American Underground Construction Association should be helpful in this regard, since its goal is to promote the development and use of UGFs.

OCR for page 24
Use of Underground Facilities to Protect Critical Infrastructures: Summary of a Workshop Daniel Schutzer Citibank Dr. Schutzer focused his remarks on the threats to and current operating environment of the financial services industry. Of all the daily financial transactions in the United States, only about 5 percent can be termed on-line, but by the year 2000 that figure could reach 15 percent. On-line brokerage transactions may be as high as 25 percent but the bulk of financial transactions today are still face to face and paper based, approximately 80 percent of 350 billion transactions a day. Approximately 15 percent of all transactions represent paper checks, and 5 percent are credit card and other on-line transactions. The advantage of using the Internet and on-line capabilities is that they are global and can reach anybody with appropriate access equipment. The Internet's disadvantage is that it is a very attractive target because it is widely distributed. Loss of privacy and identity theft also are serious issues today. Much work in the financial services industry is done remotely, so it has large problems in terms of authentication. Another key point raised by Dr. Schutzer was that financial institutions are service providers that do not really control their environment. Their users, whether they are companies or individuals, select the access devices of their choice. These access devices are general purpose (and include personal computers, workstations, telephones, hand held devices, and television sets.). This technology is open and widely known and is available over public networks. The problems that are paramount here are loss of privacy, fraud, and identity takeover. Attacking the system by flooding communications lines and thus denying customer service is an additional concern. This is rapidly becoming a global concern because temporary cash-flow imbalances can cause businesses to fail. Dr. Schutzer also discussed security and the integrity of transactions. As money is spent on security, performance slows and inconvenience rises for customers. Customers are less likely to accept this situation. This is critically important because ''point-of-sale'' cryptography is not yet available, and although financial institutions will not pay for such security now, they will make up for it in processing costs. The financial services industry will not provide as much security on the retail side as it will in other areas. In this way the losses can be absorbed rather easily at present. The financial services industry is concerned about making sure services are up and available at all times. There are some backup facilities and alternate sites. Multiple alternate sites located both in the United States and in other countries are a part of the industry's security strategy. This includes backup power and alternate providers and routes. The industry does not make widespread use of UGFs, except for the storage of documents and tapes. Instead, it worries substantially about the activities of insiders and emphasizes intrusion detectors and anomaly detection among the tools for identifying attacks and

OCR for page 24
Use of Underground Facilities to Protect Critical Infrastructures: Summary of a Workshop intrusions. Biometrics, sophisticated passwords, and other high-security tools also are being used. Michael Shannon Oklahoma City Fire Department Mr. Shannon spoke about the difficulties encountered by rescuers when entering a damaged facility. Hazards, risk, and protection all play a role in how help can be rendered when needed. A structure that is heavily compartmentalized can better survive a fire, but escaping such a structure can be a problem for rescue operation teams. One person's protective measures are another person's obstacles, and the same defense mechanisms for protection from attackers can also keep rescuers out of a structure. There is a trade-off between knowing about hazards and developing acceptable protective measures to mitigate them. It is absolutely essential to address protective measures in either above-ground or underground construction during the engineering design process. The controlled environment within UGFs is advantageous. UGFs face the problem of access points becoming possible avenues for an attack, but proper engineering can mitigate the impact. Even when attacked, UGFs still their structural integrity. Protective measures should be based on risk analysis and on the specific hazards identified. Mr. Shannon recounted his experience supervising rescue efforts in Oklahoma City after the bombing of the Murrah Building and some of the special problems faced by rescue teams there. Questions and Answers Mr. Little opened the question-and-answer session by summarizing the viewpoints expressed by the panelists. UGFs are essentially a physical solution to a problem, but there is debate as to which infrastructure vulnerabilities are physical issues. He alluded to Mr. Brandenburg's discussion of choosing between hardening and mobility for increasing the survival rate of an infrastructure. In the banking industry, very few threats are directly physical, although there is a need for better backup facilities. The question is to what extent these backup facilities need to be located underground. Mr. Rodger's comments made it clear that there are sectors of the energy industry for which physical solutions are necessary and that users and suppliers must be brought together. Finally, Mr. Shannon urged that these facilities be engineered with rescue and recovery in mind. Mr. Little highlighted the enormous need for coordination between service providers and the infrastructure community for development of the physical solutions to infrastructure protection problems.

OCR for page 24
Use of Underground Facilities to Protect Critical Infrastructures: Summary of a Workshop Mr. Brandenburg noted that AT&T has underutilized UGFs and that AT&T's attempts to interest federal agencies in them have met with limited success. Mr. Rodgers stated that one PCCIP recommendation was that critical infrastructure owners and operators in the private sector conduct periodic vulnerability assessments; this could lead to greater interest in UGFs. A federal matchmaker could catalog underground capacity and promote its use when economical and feasible. Mr. Schutzer mentioned two key issues for the financial services industry: many critical facilities are unmanned and can be checked out from remote locations, and such facilities must be connected to the outside world. Several questions were raised concerning the psychological impact on workers of being in underground buildings. Mr. Brandenburg said that going underground has never been a significant personnel issue at AT&T; he noted that there is an awareness of heightened security among those working in an underground environment. Mr. Shannon commented that not everyone is comfortable working underground and that those who do must understand the changes it will require. Other questions focused on how to safely communicate information on vulnerability and reduce the number of critical local points where assets are at risk. Mr. Schutzer stated that the financial services industry generally shares criminal alerts, particularly for money laundering, computer intrusions, viruses, and fraudulent activities. There are well-established connections between banks, financial institutions, and federal law enforcement institutions, such as the FBI. Systems can also be run outside the United States to increase security. Mr. Brandenburg added that AT&T also participates in computer emergency response teams. He noted, however, that the competitive marketplace has real barriers in place that inhibit the exposure of unique operating systems; some proprietary information will not be shared. In answer to another question concerning attacks against both primary and secondary switches, Mr. Brandenburg responded that, although he did not know if that particular scenario has been evaluated, AT&T has 130 switches throughout the country, and thousands of software and database changes are occurring daily.