Tuesday 2 October 2018

A European-wide power and infrastructure break-down (“blackout”) and railways operators

Share this article

This is the theme of the 14th UIC World Security Congress, which will take place from 16 to 18 October 2018 in Bled, Slovenia.
As part of our preparations for the next UIC World Security Congress and because the topic interests various partners and stakeholders beyond the railway companies, we have asked a number of experts to give their analysis or point of view on this theme. The following article has been written by Herbert Saurugg. He is an expert on preparation for failure of vital infrastructures and was a career officer in the ICT Security Section of the Austrian Armed Forces until 2012. Since then he has been engaged in raising awareness of the increasing systemic risks caused by the rising interconnections and dependen-cies between Critical Infrastructures, which are contributing to extreme events. He is known as one of the most experienced blackout experts beyond the borders of Austria. He runs an extensive blog, cur-rently only available in German (www.saurugg.net).

A European-wide power and infrastructure breakdown (“blackout”) is hardly imaginable for many peo-ple, including most decision makers. While many countries in the world, such as Australia, Turkey and North America, have experience of handling major interruptions, this knowledge is largely missing in Europe due to the excellent security of supply thus far. Nevertheless, the warning signs have never been as concrete as over recent months and the author foresees the concrete risk of a European-wide black-out within the next five years. System instabilities have been increasing rapidly for years. The reasons for this include the very volatile electricity production from renewable energies, the increase of ex-treme weather events, and rising coordination requirements between electricity generators, network operators and distribution, which have a tight technical and physical dependency. In addition to this, the threat landscape from cyberspace is growing. In 2015, the first known hacker-caused power blackout occurred in Ukraine. German cyber security authorities have also recently stated that a blackout could be triggered by a cyberattack [1]. Furthermore, the European Network of Transmission System Operators (ENTSO-E) pointed out in its investigation report on the Turkey Blackout in 2015, which was triggered by a chain of individual events during a phase of instability in the grid operation, that “the electric supply should never be interrupted, there is, unfortunately, no collapse-free power system.” [2]

The typical development of a blackout may be divided into three major phases (see picture below). Due to the lack of experience in Europe, it is very difficult to forecast how long it would take to restore and stabilise the European power supply. The estimated timeframe from experts differs from many hours up to several days for different regions.

The consequences of such a major interruption would be devastating for our highly interdependent in-frastructures and society. Particularly disastrous would be the failure of the telecommunications supply (mobile phones, landlines, Internet, etc.). Without it, there would be no production, no logistics, and no supply – not even a fuel supply, because tankers, petrol stations and other parts of the supply chain are heavily dependent on working data connections. Consequently, there are many uncertainties in Phase 2. At the same time, German and Austrian studies [3] [4] conclude that almost one-third of the population would hardly be able to cope with a three-day supply interruption. After seven days, this would affect almost two-thirds of the population. The situation would intensify and accelerate if the water supply and sanita-tion were to break down in some regions. In cities, this would be catastrophic.
Since railways are heavily dependent on power and telecommunications supplies, such an event would also have a significant impact on the railway undertaking. For instance, fuel supply would become im-possible or very difficult, and cooling problems could cause freight trains with dangerous goods to leak during this time. Furthermore, hundreds or thousands of passengers could get trapped in trains or at railway stations. Even where appropriate fall-back arrangements and emergency generators have been put in place, a multi-day emergency operation due to a blackout situation has only rarely been tested.

The handling of the impacts of a blackout affects the entire society – from the government and the au-thorities to industry and providers, as well as each individual person. As part of the critical infrastruc-ture, railway operators have a very important role in restoring and stabilising supply chains after a blackout. Not everything can be secured, but appropriate measures to enable the organisation and the staff to handle such a major incident can be prepared.

The first step begins with the organisational awareness and appropriate risk assessment that such an event is possible, or indeed highly likely (business continuity management). On this basis, business conti-nuity and crisis management plans must be constantly updated and must include measures for before, during and after a blackout situation. The responsibilities involved in handling a local power cut, as well as a whole infrastructure collapse, must be described. In this context, the development of offline-plans is essential. These plans should provide easy instructions describing what measures have to be taken when chaos situations are starting and contact cannot be made with decision makers or emergency services. What are the prerequisites for restarting operations after the event? In addition, offline plans should outline the options for communication with staff and third parties, such as public crisis management, law enforcement and authorities, emergency services, and suppliers, when public telecommunication systems are offline. Staff play an essential role in the implementation of these plans. It is therefore cru-cial that they are aware of business continuity and crisis management plans and that they are regularly trained. However, psychological aspects must also be considered when, for example, staff are separated from their families and have not prepared them to survive on their own.

As shown in this short article, a social discussion involving all stakeholders is essential – covering the preparation of our families and the implementation of organisational plans which must be familiar to all staff members and decision makers. Let’s start now!

Raising awareness of the impact of blackout situations on the railway environment is the core top-ic of the 14th UIC World Security Congress. Under the umbrella theme of “Crisis Management and Resilience”, different examples of (partial) blackout situations and their handling will be shared between congress participants. In addition, further developments and insights in the field of crisis management will be presented. The programme of the 14th World Security Congress is available at https://events.uic.org/14th-uic-world-security-congress-crisis-management-and-resilience and will be updated regularly.

If you are interested in participating, please don’t hesitate to register at https://events.uic.org/14th-security-congress-registration-form

For further information please contact Jacques Colliard, Head of the UIC Security Division: colliard@uic.org

3 Votes

Average rating: 5 / 5