Backward Is Forward: Analog FailoverMay 23, 2017
Targeted attacks on the US' digitally enabled critical infrastructure call for new kinds of thinking – even if it points to old technology.
Have you ever heard the advice that "sometimes, you have to go slow to go fast"? How about this one: "you might need to go backwards to go forward"? And has someone ever told you to "seize the moment" because "opportunity only knocks once"?
These clichés strike us the way they probably strike you: comforting at times, irrelevant at others. These days, though, they feel oddly apt. We're wondering if those truisms, read together, are a package deal with a valuable message for the nation. There is no easy path to creating national cyber and critical infrastructure resilience. But what if we follow the cliché, and are open to "going backward a little?"
In the world of critical infrastructure operations, there is a subset of essential functions that are called the "lifelines." Water, electricity, communications, transportation, and emergency services are the bare minimum functions that support the basic functioning of nation in the 21st century. We propose adding at least one more to the list: The Global Positioning System (GPS).
Our lifelines now rely on systems in a converged, digital mega-space. And humans have yet to design a digital system that cannot be compromised.
All our lifelines today began as a physical or mechanical operation. They have migrated away from purely physical or mechanical operations with the rise of electronics and digital technology. They now rely upon a converged, digital mega-space. Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised.
Not long ago, none of the infrastructures ran off a common digital backbone. Anybody remember POTS – Plain Old Telephone Service? It ran on copper wire. Emergency responders used both copper-wire telephone and land-mobile radio (LMR). To mess with copper wire or LMR, you had to physically access the system.
While home-grown terrorism is a non-trivial concern, we have so far done a better job protecting our physical turf than protecting our cyber infrastructure. Not a perfect job; scary stories of physical breaches hit the news from time to time. But we generally know about these incidents.
What is less visible, less public, is the level of risk to our essential lifeline infrastructures from threat actors who do not need to cross our borders to do us harm, such as the Sony Pictures hack. Several times in the last two years, segments of the Ukrainian power grid were blacked out by cyber attack (this appears to be happening again in the spring of 2017). If it can happen in Ukraine…you, dear reader, can finish this sentence on your own.
We don’t know who is lurking in every critical infrastructure network, or who is covertly building the ability to access these networks via other, slightly removed entryways. We don't know what unauthorized foreign or domestic threat actors can do once in our networks, and we don’t know their intentions or goals.
A national resilience strategy should include the preservation of analog failover operational capability for lifeline functions.
So here is a radical notion: we need a national resilience strategy that embraces universal analog failover. Instead of moving wholesale to ever-more sophisticated technology, we should seek to balance investments in digital and quantum capability with investments that provide functional insurance, if you will: analog failover for the minimum essential functioning of each lifeline critical infrastructure serving a major population center.
A universal analog failure plan is not always about building something new. We don’t need to create the 21st century equivalents of the Works Progress Administration or the Tennessee Valley Authority, at huge taxpayer expense. Rather, the plan would primarily involve the identification and intentional preservation of infrastructure, technologies, protocols, and skills that are rapidly disappearing as newer generations of workers – so-called digital natives – have no experience of working in an analog world. We need to capture the decades of analog experience in our older workforce (and retirees) before we lose our chance.
Edison famously noted that "Genius is 1% inspiration and 99% perspiration" – in other words, not the ratio people might expect. What if resilience is 50% innovation … and 50% preservation?
In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise.
We can see parallels in other infrastructure sectors. In water, for example, today's digitally controlled infrastructure replaced electronically operated pneumatic pumps. Many water systems today still have legacy pneumatics in place (although it is not immediately apparent what condition the equipment is in). The people with deep knowledge of those systems are retiring, soon to be retired, or have already died. With a relatively small investment (when compared to widespread development and deployment of new technology), we could complement our innovation programs to refresh those systems and capture that knowledge – at least enough to get us through a real crisis.
The United States has experience of prioritizing the preservation of these valuable skills in other areas, such as the Navy's ship-building program or nuclear propulsion. If we had let "market forces" completely have their way, we could very well have lost the ability to produce the ships we need or maintain our Navy’s nuclear propulsion programs.
For space-based positioning and timing, we could backstop GPS with programs like the enhanced long-range navigation (e-LORAN) system. This system can provide PNT capabilities similar those of GPS, particularly in maritime environments like harbors and along the coasts, using existing infrastructure. It is not a perfect substitute for GPS, but in a world where we have to prioritize back-up systems for resiliency in the lifelines, it is certainly sufficient. Unfortunately, just like copper in the telecommunications sector, this reliable and once-widespread capability is no longer prioritized and portions are being decommissioned.
This post offers ideas for communications, for water, and one for PNT. But what about electricity generation? Power distribution? Emergency communications for our first responders? There’s much more to which we need to look back in order to move forward. Let’s get this conversation started – what would you recommend?