There is debate whether the April 16, 2013 attack on Pacific Gas & Electric’s Metcalf substation in San Jose, California was an act of domestic terrorism or not. Leaders in the energy sector claim that the 52 minute assault was premeditated by terrorists who cut telephone lines and fired over 100 bullets with pinpoint accuracy through the chain-link fencing. The sharpshooters’ bullets pierced transformers in such a way as to disable them without exploding them. PG&E’s workers courageously kept the power on under fire, but damages to the system took 27 days to repair. The FBI, however, challenges the industry leader’s account, preferring a less sinister explanation. Ultimately, the attack’s designation as an act of domestic terrorism, or locals having a wild night is a matter of semantics. The important take away is that this attack proves that our critical power and utilities infrastructure is at risk.[1]Attacks against critical infrastructure come in two forms. The physical attack comes in tangible threats such as natural disaster, inclement weather, or terrorism (as seen in San Jose). The virtual attack, however, focuses on intangible threats, with the most common source targeting computer resources. Analysts often focus on the sensationalist threat of physical attacks but, as the PG&E incident shows, protective measures have not matched pace with the hype. A look at the numbers shows a frightening reality, an expenditure of only 2% of the US GDP goes to shoring up the infrastructure per year.[2] The current stance is to address the threat after it has happened, but this is a threat to the tune of many lost lives and nearly 55 billion dollars in reported damages in 2011.[3]Critical Infrastructure Protection has traditionally focused on “hardening” sites against an unknowable threat. The fortressing of locations are no longer effective due to the increasing interconnectedness of smart power grids, run by SCADA systems which bring formerly isolated grids live and online. The old math of protection does not add up anymore, not only have the variables changed, but the equation as well. In light of the PG&E assault, it is more important now than ever that critical infrastructure needs to work the problem from a different angle to yield a different result. There is a need to look past the storm by stormresponse, and develop an action plan that involves “systemic preparedness, response, and [functional] resilience.”[4]Functional resilience ensures that a system can react to a threat, bending but not breaking in the face of a physical attack. Systems can be made to operate more efficiently, require fewer resources, and be far more flexible in order to maintain operation under duress.[5] This is not a new idea, often used in structural engineering, but its application to critical infrastructure protection is innovative. PEAKE, formally Incident Communictaion Solutions', long track record of success in the area of first response command and control, are uniquely situated to provide solutions that aid in functional resilience to power and utilities companies. PEAKE’s solutions draw upon the principles of functional resilience to strengthen the interconnected systems of critical infrastructure. There are several guiding principles to consider when adding functional resilience into your critical infrastructure protection plan[6]:1) Functional resilience will never fully replace physical protection. There are some sites that are so critical to the complex grid to forego the fortressing of their physical location. So efforts to establish functional resilience must complement existing physical protection efforts.2) Functional resilience is an exercise in capabilities mapping. Identify what the core capabilities of a facility are. It is crucial to know which capabilities are integral to the system and cannot degrade, which ones can run at half capacity, or which ones can be shut down completely during a crisis.3) Maintaining functional resilience will require periodic assessment, to see where each location falls on the continuum of preparedness. The continuum of preparedness measures from protection of facilities, to continuance of operation.If there is a silver lining to the dark, dark cloud that the PG&E attack has for us, it is that we can now know what areas to shore up in preparation for the next threat.

[1]http://www.latimes.com/business/la-fi-grid-terror-20140207,0,5892405.sto...