In September 1998, a natural gas explosion in Victoria, Australia, shut down the area for two weeks, causing 100,000 people to lose their jobs and 1.4 million customers to go without gas. The economic loss was estimated at almost $1 billion.
In August 1999, a man was arrested for plotting to bomb the Trans-Alaska oil pipeline on New Year’s Day. He allegedly devised the scheme in the hope that oil prices would spike upward after the disruption so that he could reap windfall profits.
In the past decade more than 15,000 infrastructure-related incidents have occurred worldwide in the electric power, oil, and gas industries alone. Incidents like these make governments more aware of their energy infrastructure vulnerabilities.
Three years ago, the U.S. government began funding multidisciplinary research in the new area of “critical infrastructure assurance.” Critical infrastructure embraces the physical and computer-based systems that enable the U.S. government and economy to function. Elements of our infrastructure include transportation services (interstate highways, railways, waterways, and airports), as well as energy and water systems. Important also are the electronic networks used for these infrastructure components and also for banking and finance, telecommunications, and emergency services. The purpose of the research funding is to identify weak links and find better ways to help protect and assure the reliability of the country’s critical infrastructures.
After the terrorist attacks of September 11, 2001, the Department of Energy was asked to focus on energy infrastructure assurance and define the concept of energy infrastructure assurance and DOE’s role in it. DOE staff gathered information on the accomplishments and capabilities of DOE national laboratories in assessing vulnerabilities and developing technologies for prevention, detection, and mitigation of threats, as well as recovery from natural, accidental, and deliberate actions of disruption. As a result, a report was produced that lays out DOE’s research role in energy infrastructure assurance. The report indicates that energy infrastructure includes coal and uranium mines, oil and gas wells, oil and gas pipelines, petroleum refineries, electric transmission lines, and power plants (including hydroelectric dams), as well as information technologies that operate these systems.
According to a February 27, 2002, article in the New York Times on a conference on the security of the electric system, “The computers that control the electric power system around the nation have been probed from the Middle East, and terrorists may have inspected the physical equipment.” The article noted that “government experts identified nuclear power plants as perhaps the most attractive targets but said dams, gas pipelines, and oil refineries were not far behind. Federal officials urged companies that generate, transmit, and distribute electricity to take steps to increase security.”
In the summer of 2002, key U.S government personnel will hear a discussion of the DOE report and a report released in May by the National Academy of Sciences concerning the role of science and technology in combating terrorism. Personnel from ORNL’s new Oak Ridge Center for Advanced Studies will use the conclusions of these discussions to write a report on how science and technology can help DOE implement its energy infrastructure assurance plan.
Some of the capabilities and achievements of ORNL researchers in this area are presented in this section called “Protecting Our Energy Infrastructure.” This article and subsequent articles describe ORNL technologies that could play a role in assuring the reliability of the U.S. energy infrastructure and the protection of people should the infrastructure be disrupted.
Researchers at Oak Ridge National Laboratory have developed a number of technologies that could be applied to identifying vulnerabilities in the energy infrastructure and providing it with better protection. As a side benefit, some of these technologies could be used also for protection against terrorism in particular and for homeland security in general.
ASSESSING VULNERABILITY OF DAMS AND DRINKING WATER
Drinking water is made available to the U.S. population through groundwater and up to 10,000 intakes located at lakes, rivers, small streams, and reservoirs (dams), according to data collected by the U.S. Environmental Protection Agency. Many of these intakes are located at hundreds of the 80,000 dams listed in the National Inventory of Dams. The Geographic Information Science and Technology (GIST) Group led by Budhendra Bhaduri in ORNL’s Computational Sciences and Engineering Division (CSED) has developed a geospatial model in which these data are incorporated along with data on land cover, population, roads, and water supply pipelines.
“These dams are critical to the U.S. energy infrastructure because they supply hydropower and are used for transportation that ships coal and other energy-related supplies,” says Bhaduri. “We can use this model to pinpoint dams that might be more vulnerable to attack because they are far from heavily traveled roads and highly populated areas.”
The model can also be useful for determining the need for mitigation and recovery strategies if a terrorist group were to blow up a dam or contaminate it so that responders must cut it off from the water supply system. The ORNL model can predict how many people might be affected downstream and indicate where sensors should be placed to identify and measure concentrations of toxic chemicals. The measurements could indicate whether it is safe for people there to continue drinking tap water or whether they should switch to bottled water until they are told the water is safe again to drink.
This vulnerability assessment model was developed as part of a national pesticide usage impact modeling project. One purpose of the model is to determine which of the 10,000 drinking water intakes is most likely to receive pesticides used to protect agricultural crops from attack by insects and pathogens. The pesticides get into rivers and lakes from runoff.
“One thing we can look at,” Bhaduri says, “is whether pesticides applied in Minnesota that get into the Mississippi River actually make it all the way to New Orleans. Some of the pesticides may decay on the way or get diverted into a tributary or end up in a dam where they eventually are deposited into the sediment.”
ORNL’s ability to predict whether a substance entering a reservoir can reach a number of people through drinking water intakes can also have homeland security applications. For example, if terrorists were to dump a biological agent such as botulinum toxin or a chemical agent such as cyanide into a reservoir, the model can predict which drinking water intakes might receive the toxic agent in hazardous concentrations. It can also predict the locations and number of people that would likely be exposed to dangerous amounts of the toxin in their drinking water.
HYDROLOGIC TRANSPORT ASSESSMENT SYSTEM
Suppose that a terrorist group were to dump a toxic chemical or disease-causing biological agent or a suitcase full of nuclear materials into the Mississippi River. A witness sees the dastardly deed and reports it to the police. The water and sediments at the point of dumping are sampled, and the dangerous substance is identified by analytical chemists. The local population is informed about the attack and advised to drink bottled water until further analysis determines the water is safe to drink.
Is there a risk to people living further downstream from the site where the hazardous material was dumped? Fortunately, ORNL has developed a numerical model for simulating the transport and fate of nuclear, biological, and chemical agents in water bodies. Called the Hydrologic Transport Assessment System (HYTRAS), the model predicts material concentrations in the water and sediment over time and distance downstream in rivers or lakes.
“HYTRAS includes health effects data and will eventually incorporate population data from ORNL’s LandScan USA model,” says CSED’s David Hetrick. “Thus, the model will be able to predict how many people downstream of the site of a dumping incident are at risk of being exposed to the hazardous substance through their drinking water, the doses they are likely to receive, and the health effects of those doses. This information could be very useful for emergency responders and health care centers.”
About 200 rivers worldwide are included in a map database in HYTRAS. A new river database being developed for HYTRAS will have thousands of rivers, including water intakes for the United States. The model was originally developed to help energy production plants and manufacturing firms estimate the health effects of the pollutants they discharge to waterways.
GEOGRAPHIC INFORMATION SYSTEMS AND REMOTE SENSING
The GIST Group has been a leader in developing, implementing, and applying geographic information systems (GIS), science, and technology since 1969well before the advent of commercial GIS. The ORNL group is the oldest in the DOE laboratory system to use geographic information systems technology combined with remote sensing information obtained from satellite and airborne imagery.
“Every incident has a geographic nature,” Bhaduri says. “We can display, for example, the spatial relationships between an oil refinery, the plume of pollutants that are spewed out as a result of an accident or deliberate attack, and the number of people who may be affected.”
Satellite images and video taken from aircraft can vividly show plumes from volcanoes and smoke from forest fires. But satellite imagery combined with ORNL’s GIS technology can provide insights about whether destruction of a field of green plants is the result of a natural, accidental, or deliberate action.
“Take a forest fire,” says Bhaduri. “If satellite imagery shows many little fires combined to make a large forest fire, that suggests the fire was caused by multiple lightning strikes. But if only one small fire by a road was spotted before the whole forest eventually erupted into flames, that suggests that it was deliberately started by an arsonist or perhaps accidentally started by someone who carelessly threw a lit cigarette into the woods.”
The ability of GIS technology to find patterns in satellite imagery can be used for homeland security. “We have the capabilities to demonstrate that GIS technology combined with remote sensing can be used to monitor fields of crops such as corn and cotton to detect bioterrorism,” Bhaduri says. “With the bird’s eye view of satellite imagery and pattern analysis using GIS, we can detect whether fields of valuable crops are being invaded by killer weeds or insects or pathogens that are destroying them.”
The mission of the GIST Group is to support national energy, environmental, and security programs through research, development, and application of geographic information and analysis systems. The GIST Group can provide advanced digital remote sensing, advanced GIS algorithms, design of decision support systems, advanced image analysis and interpretation, three-dimensional visualization and animation, digital terrain modeling, demographic modeling, and global positioning information.
POPULATION DISTRIBUTION MODEL
Perhaps the most important research project of the GIST Group is the LandScan Population Distribution Model, which shows global population data in the finest resolution yet available (each cell is 1 square kilometer). CSED’s Eddie Bright, Phil Coleman, and Bhaduri are developing a very high-resolution population distribution database for the United States, called LandScan USA. LandScan USA predicts with high accuracy how many people are present in any given area (90-m cell) during the night, as well as the day. “The U.S. census provides nighttime population information,” Bhaduri says. “It is based on the number of people who live and sleep in each home in a city block.”
To develop Land-Scan USA, the ORNL group conducted a pilot study in a 29-county area in southeast Texas around Houston and Port Neches. The goal of the study was to develop needed algorithms and to identify and resolve issues surrounding the development of LandScan USA.
When the World Trade Center twin towers collapsed after being struck by two hijacked airplanes, it was estimated that as many as 10,000 people were in these buildings. It was later determined, based on missing person reports and injury reports, that fewer people were present. The GIST Group is determining average daytime populations for buildings such as the Sears Tower in Chicago, where the nighttime residential population is zero. Bhaduri believes that by using real-time remotely sensed data around busy city business districts, reliable information about the dynamic daytime population can be effectively estimated.
LandScan USA includes demographic attributes (age, sex, race), as well as spatial distributions for both nighttime and daytime populations. “The combination of both residential (i.e., nighttime) and daytime populations will provide the best estimate of who is potentially exposed to ambient pollutants from, say, an industrial facility,” Bhaduri says. “We can also use the model to determine how many women in a certain age group are more than 15 miles away from a health care center that gives mammograms. The National Cancer Institute is interested in this kind of information.”
LandScan USA could be useful for homeland security. The GIST Group has applied this population model to a spatio-temporal simulation in which a terrorist releases smallpox germs in Neyland Stadium during a University of Tennessee football game attended by more than 100,000 people. “Suppose that 72 hours after the game a season ticket holder who feels very ill goes to a Knoxville hospital emergency room, where he is diagnosed with smallpox,” Bhaduri says. “Because of our GIS-based data modeling, we can efficiently locate people inside the stadium as well as in the surrounding region (where they might have come from) to predict the possibility of an epidemic attack originating in the stadium. We may be able to determine the extent of the epidemic, as well as the zip code locations of the people who are ill and the hospitals that should be notified that they must be prepared to receive many smallpox patients soon.”
THREAT ASSESSMENT AND MODELING
Suppose that an airplane crashes into an American nuclear power plant as a result of an accident or deliberate attack. The U.S. response might be to shut down all nuclear power plants to protect them against possible additional attacks (until the cause of the crash is determined). What will be the consequences of this massive shutdown? How will it affect the electrical power grid and the many usersfrom elevators to subways, from homes to hospitals, from mines to manufacturing facilitiesthat depend on the nation’s electricity (20% of which is supplied by nuclear power)? If a plume of radioactivity is released from the crash site, where will it go and how many people might be exposed to it?
The consequences of the crash and the effects of the shutdown decision can be modeled at ORNL by a threat assessment and modeling system that combines several ORNL modeling technologies. One technology is the Virtual Information Processing Agent Research (VIPAR) system, developed by CSED’s Collaborative Technologies Group led by Thomas Potok. “VIPAR consists of intelligent agents, or software robots, that can retrieve open-source information, including vast stores of government data, from the Internet and other electronic archives,” Potok says. “These software robots can help model various effects and predict con-sequences of various actions.”
VIPAR also can be linked to ORNL’s GIS and remote sensing technologies for determining, say, the geographical distribution of impacts from a shutdown of nuclear power plants. CSED’s Hazard Prediction and Assessment Capability (HPAC) code can accurately predict the direction and fission product concentrations of the radioactive plume emana-ting from the nuclear plant crash site, as well as the size and location of the population at risk of being exposed.
“VIPAR’s intelligent software agents can gather related data about a certain problem from the Internet,” Potok says. “Other software agents store the most relevant data, fetch updates for data that frequently change, and integrate all the data, which initially came in different formats. VIPAR, which has a friendly graphic user interface, then analyzes the data and displays relationships among crucial pieces of information as a visualization that is meaningful to the user. A picture is worth a thousand words. VIPAR minimizes the time needed to communicate possible solutions to a problem. For example, one possible solution might be to get hydroelectric dams to generate more power to compensate for the temporary loss of electricity from the nuclear plants.”
ORNL’s threat-modeling system provides various levels of user access so that only people who have a need to know receive all the pertinent data. Other users are sent only selected data that allow them to perform their particular tasks effectively. The modeling system could improve data exchange among government agencies and departments, allowing a more coordinated response to threats to homeland and national security.
TRANSPORTATION ROUTING MODEL
If a road is blocked by a landslide or a railroad bridge is blown up by a terrorist group, a computer tool built over 20 years ago at ORNL could quickly calculate an alternative route, say, for trucks or trains carrying spent nuclear fuel. As a result, they could get to nuclear waste disposal sites as fast as possible.
The routing tool is called the Transportation Routing Analysis Geographic Information System (TRAGIS) model. Developed by CSED’s Paul Johnson and Richard Michelhaugh of ORNL’s Nuclear Science and Technology Division, TRAGIS can determine the fastest highway, railroad, or waterway transportation routes between a starting point and a destination. It also provides information on population distribution counts and densities along each route. These data are of value to government users who wish to select a route that minimizes the risks to people in the unlikely event of a transportation accident. The route and population information is also used for health risk assessment models and environmental impact statements.
“TRAGIS can generate routes that meet Department of Transportation regulations for shipping radioactive materials,” Johnson says. “DOT requires that trucks carrying certain types of radioactive materials must take the shortest distance to the nearest interstate highway, the quickest interstate routes, the interstate exit closest to the destination, and the shortest route there from the exit. Another rule is that trucks carrying these materials must take beltways around large cities rather than pass through them.”
TRAGIS databases identify the nuclear power plants and coal-fired power plants located on the U.S. rail network. Using Department of Defense funding, Johnson is completing the development of a new rail network for the U.S. Navy; it is a 1:100,000-scale networkthat is, every centimeter on the network is equivalent to a kilometer in real space. This rail network tool will help the Navy select the fastest routes for getting armored personnel carriers and materials from inland bases to ports in case of an attack. According to Johnson: “Our rail model can tell you which rail lines crossing each other are interconnected and which ones may be separated, as in the case of a railroad bridge crossing over a ground-level rail line.”
The ORNL model also has been used in environmental impact statements for predicting how many spent fuel assemblies are likely to be delivered from nuclear power plants to nuclear waste repositories by rail and by truck. The model has been used to calculate the routes likely to be used for delivery of these assemblies to the proposed Skull Valley site in Utah and the proposed Yucca Mountain site in Nevada.
The TRAGIS waterway database, which is a 1:2,000,000-scale network, represents the inland waterway system and interconnections among U.S. deep-water ports.
PREDICTING INDUSTRIAL AND NUCLEAR FACILITY VULNERABILITIES
A terrorist group drives a truck loaded with explosives into a building at a nuclear power plant. The building houses a pool of water covering spent nuclear fuel. What is the probability that an explosion will cause the release of radioactive fission products from the spent fuel into the atmosphere?
At another nuclear power plant, a disgruntled employee who has received a termination notice leaves a “briefcase bomb” next to a heat exchanger. If the bomb goes off, what is the probability that the explosion will “kill” the heat exchanger? If the heat exchanger is destroyed, what is the probability that a core melt might result, causing a release of radioactive fission products to the environment?
These are two make-believe scenarios that CSED’s Robert H. Morris, Robert L. Sanders, and C. David Sulfredge and their colleagues might use to test their new computer code for predicting vulnerabilities at nuclear power plants and nuclear reprocessing facilities. Their Visual Interactive Site Analysis Code (VISAC) is of interest to the U.S. Nuclear Regulatory Commission and other governmental agencies because the code can determine and analyze nuclear facility vulnerabilities to natural, accidental, and deliberate threats.
VISAC is a Java-based expert system that provides mission planners with a coordinated capability to predict and analyze the outcomes of various accidents or incidents at nuclear and industrial facilities. “Our code can also predict the outcomes of accidents at industrial facilities that use chemicals, such as nuclear reprocessing plants,” Morris says. “For these industrial facilities, VISAC can calculate the initial direction of the plume and its chemical concentrations. This information is then fed to HPAC, which predicts how far the plume will go and where and how much of the plume’s hazardous chemicals will be deposited on the ground.”
VISAC also has the capability to model any nuclear facility, such as power or research reactors, and simulate the results of various incidents. Simulated incidents have ranged from simple equipment sabotage to complex sorties involving military weapons, truck or car bombs, or satchel charges.
By using fault-tree methodology similar to that employed in probabilistic risk assessments, VISAC calculates the probability of facility destruction and undesirable side effects, such as a chemical or radiological release. It also estimates how long the facility will be out of service for repairs. VISAC has access to a library of models that can be customized by the user in both geometry and logic to approximate a number of facilities of interest.
According to Morris, “Our code can be used by utilities to guide them in determining which parts of their nuclear power plants need better protection.”
Related Web sites
Web site provided by Oak Ridge National Laboratory's Communications and External Relations