A DEFENSE AGAINST CASCADES
Global guerrillas can gain leverage from small attacks by assiduous study of the dynamics of the networks they attack. Within scale free networks with dynamic flows (electricity, information, etc.), cascades of failure can be induced by attacking central hi-load nodes (see the brief Cascading System Failure for more). These nodes can be identified as those with a high betweeness centrality, a term used to describe those nodes with the largest number of "shortest paths" that pass through them. When these nodes are shut down through an attack, the flow they handle (most likely with expensive high capacity equipment) is automatically routed to other lower capacity nodes that fail under the load (a cascade of failure). Within global guerrilla warfare, these critical nodes are called systempunkts -- the point at which an attack will cause systemic collapse.
A Proposed Defense
Traditional methods of defense against cascading failure include "islanding," homogeneity, and radical redundancy. Unfortunately, all of these techniques are either too drastic (islanding) or expensive (homogeneity and radical redundancy) to be good solutions. Adilson Motter, from the Max Planck Institute, offers a more elegant solution in his paper, "Cascade Control in Complex Networks." He proposes that cascades can be controlled by (he proposes an algorithmic approach):
- Disconnecting peripheral transmitting nodes. Networks with dynamic flows have two types of nodes. Those that transmit flow and those that convey flow. Hi-load nodes, in scale-free networks of this type, are those that convey flow. To protect against too much flow on the remaining low capacity nodes, transmitting (or production) nodes should be selectively disconnected from network. This will allow the network to remain with capacity limitations and thereby limit the spread of the cascade.
- Pruning central links. When central hi-load nodes fail, the loads they previously conveyed are re-routed via new central links. If those overloaded cental links are pruned (eliminated), it may be possible to prevent a general cascade. Essentially, this action will push the cascade back towards the transmitting nodes that are oversupplying the network.
How do you know which links need to be shutdown, and can you do it in time to prevent a cascade failure ?
In order to prune any links, the operators of such an infrastructure need to have an accurate, real time picture of the state of their network.
During the 14th August 2003 electricity cascade failure in the North Eastern USA and Canada, one of the contributory factors was a failure of the load balancing calculation model computer systems in one power company.
N.B. this entire cascade failure took only a few minutes to propagate.
There are research projects underway, such as the international SAFEGUARD project ("Intelligent Agents Organization to Enhance Dependability and Survivability of Large Complex Critical Infrastructure") funded by the European Union, headed by John Bigham at the Queen Mary's College, University of London, (www.elec.qmul.ac.uk/department/staff/academic/jb.htm)
which aim to use software agents to measure the state of local sensors and report intelligently back to a central system, taking into account anamolous behavior, hardware failures, the different behaviors of human operators etc.rather like applying a computer network intrusion detection system to heavy industrial switch and valve gear SCADA systems etc.
The sensor and SCADA communications network also needs to be secure from its own physical failures and deliberate attacks and spoofing of sensor readings - especially given the increased use of unesecured radio and, even unsecured internet links in such systems.
Posted by:Watching Them, Watching Us | Sunday, 29 August 2004 at 03:52 PM
Intersting ideas ... should something that could be modelled to test viabilty.
Posted by:Rob Schneider | Monday, 30 August 2004 at 01:22 AM