Panel Paper:
Protecting the Grid: Lessons learned from 50 years of Attacks in Colombia
*Names in bold indicate Presenter
Alvaro Cardenas
Jennifer S. Holmes
Over the years, operators of these critical infrastructures in Colombia developed a series of technologies (e.g., rapid reconfiguration of the topology of the power grid, situational awareness tools designed specifically to identify terrorist-created faults, etc.), best practices, and emergency response principles to protect and react with agility to these emergency situations, and thus providing practical examples of resilient control systems. This vast experience in risk analysis and operation of a critical infrastructure under constant attack has largely remained outside the realm of academia, mostly because the Colombian government has focused on the practical actions to these terrorist acts, and has not funded academic research in this area.
We are working to identify the successful practices and lessons learned by countries subject to persistent attacks on their critical infrastructures, and incorporate these lessons into social and technical solutions that the U.S. can use to better understand the nature of the threat, and to motivate better public and private sector postures for the protection of U.S. critical infrastructures from physical as well as cyber-attacks. The research is leveraging the experience of five decades of sustained attacks against the critical infrastructures of Colombia and study the government and industry responses and best practices in that country.
Several analytical and theoretical models for interdiction or interdependencies of critical infrastructures remain abstract and speculative not only because there is scarce data on attacks to critical infrastructures, but also because it is easier to consider simple models or assumptions in order to keep the problem analytically or computationally tractable. Evidence and empirical data of how attacks on critical infrastructures are planned and executed are essential for studying their impact on critical infrastructures, and for identifying the technical and social aspects for protecting these systems. Extracting policy and strategic trends, and factors that have influenced the outcomes observed in datasets will require extensive analysis of a complex socio-technical component where multiple stakeholders (government, asset owners, services industry, and vendors) have different factors influencing their actions and decisions.