1 Imagining the energy cybergeddon Digitalization and security epistemics in the energy system Lars Gjesvik Master Thesis in Political Science, Department of Political Science UNIVERSITY OF OSLO Spring, 23.05.2018 2 Imagining the energy cybergeddon Digitalization and security epistemics in the energy system 3 © Lars Gjesvik 2018 Imagining the energy cybergeddon Lars Gjesvik http://www.duo.uio.no/ Print: Reprosentralen, Universitetet i Oslo Word count: 37 587 4 Abstract In this thesis, I examine how the process of digitalization in the energy system is leading to changing understandings of its security. More precisely I track how discourses place themselves into different epistemic logics of security when debating digital incidents versus non-digital ones. I draw on the work of several critical security studies scholars, most notably Claudia Aradau (2014) and her work on security epistemics and the rise of resilience-thinking in modern societies. The creation of problems, through expressing concerns, assessing impacts, and promoting solutions, creates an overarching narrative that frames how we understand security events and dangers. Analyzing a broad collection of texts, I examine how expert discourse make sense of security concerns, impacts and solutions, centered around four main cases. These cases are the Baumgarten explosion in 2017, the Industroyer malware taking down the Ukrainian power grid in 2017, as well as a broader reading of security concerns pertaining to digital technologies and non-digital risks. The analysis highlights how digital security concerns are in part understood as radically uncertain, being unable to be understood both in terms of occurrence and impact, which implies certain security practices of preemption and societal resilience. As digital technologies and tools become more commonplace in the energy system, protecting these systems becomes more centered around the security practices “allowed” by the dominant understanding of cyber security. As a consequence, the digitalization of energy systems pushes societies further along in the move away from threats and existential dangers, and towards catastrophic risks, resilience and the management of uncertainty. 5 Acknowledgements First of all, a large portion of gratitude and thanks is owed my supervisor Kacper Szulecki, for answering emails, providing valuable feedback, exerting stoic calm and for pushing the right buttons. A special thanks to everyone who contributed input and crucial feedback in the process of writing this thesis. I owe Håvard Markussen a great deal for his unrivaled knowledge on Discourse Analysis and anything having to do with methodology. My parents are owed months of gardening work and dog-watching for sacrificing weekends proofreading and debating text selection to no end. Every discussion I had with co-workers at NUPI provided valuable input. In particular this applies to Malin, Henriette, Maja, Ole Martin, Emil, Helene and everyone at the Security and Defence Group. Furthermore, everyone at the NUPI Cyber Security Centre participated with valuable feedback, I thank Niels Nagelhus Schia, Lilly Muller and Karsten Friis for support and excellent ideas. In particular I owe Erik Reichborn-Kjennerud for the lion’s share of the theoretical foundations. Finally, I thank Sarah for support, encouragement and being willing to bear with me through it all Lars Gjesvik 23.05.2018 6 Table of Contents 1. Introduction ......................................................................................................................... 8 1.2 The Research Question ..................................................................................................... 9 1.3 Approach ........................................................................................................................11 1.4 Structure .........................................................................................................................13 2. Theory ...............................................................................................................................16 2.4.2 Practice and experts .....................................................................................................16 2.2 Risk and Uncertainty: a history of vital systems ............................................................18 2.3 Cyber security as risk and uncertainty............................................................................21 2.4.1 Epistemics of security..................................................................................................23 2.4.2 Known and measurable impacts: risk, redundancy, and resilience .............................25 2.4.3 Unknown impacts, societal resilience, and the role of imaginings .............................27 2.5.4 Enter the actor: terrorism, preemptive security, and the departure from the accident 29 3. Methodology .....................................................................................................................33 3.1 Materialism and the role of objects ................................................................................34 3.2 Discourses and representations.......................................................................................35 3.3 Research design ..............................................................................................................36 3.4 Operationalization and the research process ..................................................................39 3.5 Clarifications, validity and reliability .............................................................................43 4. Background .......................................................................................................................47 4.2 The changing energy system ..........................................................................................47 4.2 A brief history of cyber security.....................................................................................51 5. Analysis: ...............................................................................................................................54 5.1 An Austrian Gas Explosion ............................................................................................54 5.1.2 Understanding Baumgarten .........................................................................................57 5.2 Hacking the Ukrainian Grid ...........................................................................................60 5.2.1 The makings of a cyber threat .....................................................................................63 5.3 The reliable and resilient power grid ..............................................................................66 5.3.2 Managing uncertainty in the system and society.........................................................71 5.4 Smart meters and the radical uncertainty of IoT ............................................................72 5.4.2 Understanding the smart grid ......................................................................................80 6. Discussion.............................................................................................................................85 7. Conclusion.........................................................................................................................95 Main Findings.......................................................................................................................95 7 Avenues for further research ................................................................................................96 Broader implications ............................................................................................................97 Bibliography .......................................................................................................................... 101 8 1. Introduction It was 3:30 p.m. last December 23, and residents of the Ivano-Frankivsk region of Western Ukraine were preparing to end their workday and head home through the cold winter streets. Inside the Prykarpattyaoblenergo control center, which distributes power to the region's residents, operators too were nearing the end of their shift. But just as one worker was organizing papers at his desk that day, the cursor on his computer suddenly skittered across the screen of its own accord. He watched as it navigated purposefully toward buttons controlling the circuit breakers at a substation in the region and then clicked on a box to open the breakers and take the substation offline. A dialogue window popped up on screen asking to confirm the action, and the operator stared dumbfounded as the cursor glided to the box and clicked to affirm. Somewhere in a region outside the city he knew that thousands of residents had just lost their lights and heaters. The operator grabbed his mouse and tried desperately to seize control of the cursor, but it was unresponsive. Then as the cursor moved in the direction of another breaker, the machine suddenly logged him out of the control panel. Although he tried frantically to log back in, the attackers had changed his password preventing him from gaining re-entry. All he could do was stare helplessly at his screen while the ghosts in the machine clicked open one breaker after another, eventually taking about 30 substations offline. The attackers didn't stop there, however. They also struck two o ther power distribution centers at the same
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages112 Page
-
File Size-