Saturday, November 3, 2018

Cybersecurity Risks are Existential II



In September I wrote an essay arguing that cyber attacks are existential risks, which I recommend reading because the sourcing is particularly interesting:

Majia's Blog: Cyber Attacks are Existential Risks


I noted that the US is actually more vulnerable to cyber attacks than many other nation-states because of networked interdependencies across the grid.

An extended power outage would cause significant and potentially existential threats for nuclear plants because they must continuously cool very hot fuel for years to avoid fire in the zirconium encased fissile fuel.

Back-up generators are prone to problems and require fuel. They are not easy to replace.

As I note in my September Post, the US has loosened its protocols for cyber-warfare, further straining detente in an increasingly unstable political environment, which I have described as echoing the build up to WWI (see here).

In this context is it ABSOLUTELY IMPERATIVE that nuclear power plants be secured from cyber-attacks and be equipped redundantly with resources needed to keep fuel cool for years in the event of a catrastrophic failure. If this is not possible, nuclear power plants should be shut down immediately.

Unfortunately, too many of our nations' "expert authorities" under-estimate the probability of high impact, but (perceived) low-probability events, as described by Taleb in his metaphor of the Black Swan (here).

Taleb argues that experts tend to over-estimate their control, mostly which is afforded by technologies whose assumptions turn out to be flawed. Taleb illustrates this with the CDS, or credit default swap, whose probability estimate for the risk of mortgage defaults was based on the probability of life insurance payouts.

Technologies are subject to many kinds of failures. Most of these failures are visible and can be modeled but are never addressed.

Ulrich Beck argued the Fukushima accident illustrates the system of ir-responsibility that leads to catastrophic failures because of unwillingness to address known risks:
“... We have a system of organized irresponsibility: Nobody really is responsible for those consequences. We have a system of organized irresponsibility, and this system has to be changed.”http://www.asahi.com/english/TKY201107060307.html
Here is an example of a risk assessment demonstrating known vulnerabilities that are not being addressed:
JOINT COMMENTS OF ISOLOGIC, LLC AND THE FOUNDATION FOR RESILIENT SOCIETIES, INC.PER NUCLEAR REGULATORY COMMISSION REQUEST FOR COMMENT ON DRAFT REGULATORY GUIDE DG-5061 
CYBER SECURITY PROGRAMS FOR NUCLEAR POWER REACTORS
NUCLEAR REGULATORY COMMISSION DOCKET ID: NRC-2018-0182
Submitted on October 22, 2018. Available:
https://www.academia.edu/37693436/Joint_Comments_of_Isologic_LLC_and_Foundation_for_Resilient_Societies_Cyber_Security_Programs_for_Nuclear_Power_Reactors
Recent Nuclear Regulatory Commission (NRC) actions addressing cybersecurity and safety-critical issues related to the transition from analog to digital technologies raise fundamental questions on Commission strategies to achieve modernization of nuclear licensee sites. 
On the NRC action, DG-50611, to amend Regulatory Guide 5-71, the processes that invoke RG 5-71 are clearly failing, affecting existing licensees and ultimately the development of new reactor designs. 
This is no more evident than in the transcript of the NRC Advisory Committee on Reactor Safeguards (ACRS) Digital Instrumentation and Control Systems Subcommittee meeting on May 17, 2018.2 
The purpose of this filing is seriously question the adequacy of qualified, expert support, to date, from sources that are successfully developing and adopting digital technologies.... 
....The potential challenges to cybersecurity are equally disturbing. It is well understood that digital systems frequently lack the security reliability of analog systems they replace. 3 However, Commission demands that individual licensees identify or develop digital systems that meet analog security standards have not, and will not, succeed.
Risks outlined MUST be addressed or we risk catastrophic failures, either as a result of "natural" disasters (flooding, asteroid, etc) or deliberate ones (cyber-attacks or outright war).

Why is it that today's leaders are escalating conflict at precisely the moment in human history requiring collective coordination to mitigate resource exhaustion, over pollution, and collective suicide?



1 comment:

  1. Why? It is because they are malicious, insane and stupid.

    ReplyDelete

Note: Only a member of this blog may post a comment.