Perils of Power I

Part I of “Perils of Power: Cybersecurity Threats to American Energy Infrastructure Amidst a Renewable Revolution”

What exactly is cyberspace? Science fiction author William Gibson coined the term to describe a “consensual hallucination” that effervesces from human-generated data. However, as with nascent definitions of many breakthroughs like the internet, grappling with cyberspace has been an endeavor of the defense apparatus of the U.S.

 Professors Jarmon & Yannakogeorgos convey that the Pentagon has issued at least twelve definitions of what cyberspace represents at the time of writing. Dictionaries and encyclopedias alike have differing definitions as well – it is ostensibly anomalous for something so universal to encompass so many contrasting significations. Jarmon & Yannakogeorgos amalgamate the definition set by the U.S. Joint Chiefs of Staff, which reads as the following:

“The domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via network systems and associated physical infrastructure.”

An alternative definition is exhibited by the National Institute of Standards and Technology (NIST) – an interestingly influential entity with regards to cybersecurity standards within energy infrastructure. Their dissection of cyberspace is as follows:

“A global domain within the information environment consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.”

These two definitions, along with many others from a litany of sources, seem to superficially overlap in their diction, and include some keywords. 

Both stress the significance of a term that explains the provenance of cyberspace itself: the electromagnetic spectrum. Comprehending this foundational criterion is key to understanding just how universal and all-encapsulating cyberspace truly is. The electromagnetic spectrum (EMS) as defined by the National Aeronautics and Space Administration (NASA) is the oscillation and interaction of radiation – or fundamental energy – waves that entropically produce phenomena. This phenomena is polymorphous and scalable; it is everything ranging from the light emitted from the sun to the radio waves from our earphones. It permeates every fragment of our existence; from what we can feel, hear and see to what we can’t. 

Holding a hegemonic court over a scientific phenomenon sounds impossible. But it is what the U.S. has dutifully done. “For decades, the U.S. has had electromagnetic superiority over adversaries in all domains”, writes David Vergun at the Department of Defense. The FM-312 Report on Cyberspace Operations from the U.S. Department of the Army regards the electromagnetic spectrum as a domain that must be controlled with utmost importance. The ubiquitousness of Bluetooth, secured wi-fi, and satellite communications, all of which are deployed in congruence with each other, fundamentally alters the operational theater as one that is predicated on the EMS. 

Transportation, weaponry, communicative devices, sartorial equipment, and imaging technologies all exist on a model of digital confluence to assure mission continuity at a rate of several operations per second when in the field. Harold Cole of the Air War College writes that the successful “exploitation” of the EMS has holistically revamped military structures worldwide. Mastery of signals and communications paves the way for increasingly remote applications and instruments along the lines of unmanned aerial vehicles, more commonly referred to as drones. 

In light of the aforementioned, it is foundational to emphasize that the EMS encapsulates all operational environments, and consists of several domains which are crucial to define, especially with regards to energy infrastructure. If EMS is the pedigree from which cyberspace exists, it is therefore logical to ascertain that cyberspace is capable of “embedding” itself as a core facet in all earthly, physical domains. This is best visualized in the following Figure 2:

Now that we have sufficiently explored universally-accepted definitions of cyberspace and stressed the omnipresence of the EMS, we can subsequently shift gears and explore what this author regards as being the “dermal layers” of cyberspace. In the same manner that physicians dissect the skin into layers of the dermis, leading theorists of cyberspace have distilled its…

Figure 3. The three layers of cyberspace.

…seemingly infinite ether into distinct layers. These dermal layers are indelibly intertwined, and the verbiage it introduces is key to the discussion surrounding cyber threats to energy infrastructure. They are best represented by Figures 3 and 4.

Figure 4. The five subcategories of the three layers in Figure 3 visualized.

The presence of these layers comes as a surprise to many; given public sentiment would construe the layers of cyber as just being some intangible set of network communications. But as with the notion that cyber is embedded in all domains, the layers are all-encompassing and demonstrate just how incisive – and, for that matter, destructive – the potential of waging a cyber affront can be. Cyberspace can be divided into three principal layers: the physical, the logical and the social. These can further be carved up into segments in Figure 4. 

The physical layer represents the “where” and “what” of the system at its core. It encapsulates the “geographic and physical network components”: all of the levers, wires, switches, pulleys, and the physical connectors – all the hardware and physical infrastructure that one can envisage that contributes to cyberspace, as well as its actual location within the world. 

The logical layer represents the network component. Networks, while not deconstructed at length in this paper, consist of relationships between nodes – a node is a connection endpoint propounded by any device, like computers and smartphones. Anything that has an Internet Protocol (IP) address of a device on most public and commercial networks can be considered a node. Nodes themselves can be physical, in the form of the aforementioned devices, and serve different commercial purposes, e.g. an internet network or a telecommunications network for mobile phone customers. IoT networks rely upon the consistent communications from the devices’ nodes on said network back to the internet. This should be stressed in light of the energy controls that are prevalent in business and homes. 

The social layer “comprises the human and cognitive aspects”, including a term that sounds derived from a sci-fi movie: the cyber persona. This represents the digital detritus that we interpret commonly as contact information: e-mail, cell phone, a “profile” online, whatever unique identifiers a human participant in cyberspace utilizes to represent themselves with. Lastly, the identity, sometimes simply referred to as the persona, is the actual human being, devoid of their online facsimiles. Why make this differentiation? An identity can have multiple cyber-personas, i.e. multiple online accounts on a certain commercial network, and conversely multiple identities could all be logging onto one cyber-persona, posing as a singular entity.

The multifarious levels of cyberspace and all the permutations and angles from which it is present makes for a vast, infinite, all-encompassing ether. The fact that it is grandiose on this level is both advantageous and to our security detriment. Therefore, it is of utmost importance that those who wish to safeguard critical energy infrastructure at a time when controls are becoming increasingly portable and personal have an understanding of the levels of cyberspace. To have an understanding of cyberspace – the only manmade domain – is to secure it.

Part 2 Coming Soon…