Protection of Critical Infrastructures against High Power Microwave Threats

Project Context and Objectives:
The justification of the HIPOW project, Protection of Critical Infrastructures against High Power Microwave Threats, is the combination of technical developments within the realm of Radio Frequency (RF) Directed Energy Weapons, and the society’s ever increasing dependence on digital electronic infrastructure.
RF Directed Energy Weapons based upon various physical principles are expected to become more important in the future for military effects based operations. Unfortunately, such technologies are quite useful for criminal and terrorist purposes as well. Non-Nuclear Electromagnetic Pulse/ High Power Microwaves, or NNEMP/HPM, technologies are developed and can be used in special weapon systems to disturb military or civilian system behaviour. Intentional and unintentional electromagnetic radiation can have an important impact on different services and facilities containing electronic hardware and/or using telecommunication technologies.
Research on potential NNEMP/HPM use and mitigation has been conducted within the military realm for decades, but only rarely in civilian contexts. Because of the Cold War era threat from Nuclear Electromagnetic Pulse (NEMP) and High Altitude EMP (HEMP) during nuclear bomb detonations, the military sphere has a legacy of, and tradition for, mitigation against relevant adverse effects. The civilian society, and civilian Critical Infrastructure (CI), on the other hand has apparently not had much focus on Man Made Electromagnetic threats. Even potentially dangerous natural phenomena, e.g. lightning strikes and Geomagnetic Storms, receive less attention than expected. However, the dramatic increase in dependence on electronic and digital Critical Infrastructure clearly indicates the need to increase protective efforts and raise the immunity against EM incidents.

The HIPOW Consortium consists of 14 partner companies and organizations, spanning 10 European countries. Many have previously been involved in research on natural threats, NNEMP/HPM effects and mitigation in a NATO context, as well as protection of Civilian CI. All have relevant backgrounds, covering Electromagnetic Compatibility (EMC), CI design and protection, as well as configuration and implementation of modern digital infrastructure. We have a good mix of Government, Industry and Academic organizations, a Consortium well suited for efficient analysis of the NNEMP/HPM problem universe.
The HIPOW project is articulated through eight well defined work packages that aim at covering all the requirements specified in the topic SEC-2011.2.2.2. The stated objectives for the HIPOW project are:
1) HIPOW will conduct a threat analysis and risk assessment of the occurrence of NNEMP/HPM events and their most likely modalities. This includes also estimating the costs of potential attacks to visualize for policy makers the possible economic impact of NNEMP/HPM attacks.
2) HIPOW will investigate the influence of NNEMP/HPM pulses on civil objects, like buildings, energy units, transport, banks, communication systems, computer networks, computers and electronic units. Critical infrastructures can be characterized as complex systems with tight couplings. In such systems even minor failures in technological components can have far reaching consequences. HIPOW will select a variety of civil objects that make up critical infrastructures and test the ability of these objects to withstand NNEMP/HMP pulses.
3) HIPOW will evaluate the efficiency of current protection (if provided). Current protection consists of mainly two strategies, either hardening or building robust architectures.
4) HIPOW will investigate the feasibility of hardening measures. Although hardening measures have been identified, this does not mean that these measures are feasible. Cost level, practical implementation and limited effect in total might influence on whether a measure is feasible or not. HIPOW will investigate and recommend measures that are feasible and which support existing protection regimes and standards.
5) HIPOW will prepare a NNEMP/HPM detection and diagnostic systems as key tool for a risk management regime (sensor, networking capabilities and data fusion) and a risk management process.
6) HIPOW will build on existing knowledge of NNEMP/HPM protection and develop guidelines and input to standards for protecting civil objects against NNEMP/HPM threats. In addition to scientific publishing of results in a dissemination work package, there is a separate work package designed to over this objective, which covers input to EU’s standards organizations and to the International Electrotechnical Commission (IEC). A handbook is also listed as a main deliverable.
Our Handbook is intended to consist of several sections; basic theory and information on the HPM/NNEMP threat, expected component and system level effects, methodologies for Cost and Risk Analysis, mitigation techniques etc. The intention is to assist both in the analysis and decision making, as well as practical design and implementation of counter measures.
Within the first year, 1 June 2012 to 1 June 2013, HIPOW started five Work Packages, in the second year two more Work Packages were kicked off. So a total of 7 WP were active in the 1 June 2013 to 31 May 2014 timeframe covered by Periodic Review 2. At the end of reporting period two a total of 7 deliverables were past the due date, and three of them fall within period two. All are completed.
One achievement in order to emphasise the need to develop system level mitigation were special HIPOW sessions during the 2012 EUROEM Conference in Toulouse, France, covering HIPOW’s work and system level effects, and the organization of a separate ‘EU Project’ session in the AMEREM 2014 Conference in Albuquerque.

Project Results:
One major finding from reported in the first periodic review, was the lack of formal requirements for CI protection against NNEMP/HPM and adverse natural phenomena on the national level throughout Europe. We reiterate on this issue here, because it has consequences for the remaining work in the project- Among the 10 nations represented in the consortium, only Norway has legal requirements for NNEMP/HPM hardening of CI. A few nations have requirements for CI protection against HEMP and natural electromagnetic phenomena, and the rest default to the regular EMC standards. One possible explanation is that until recently acknowledged international EMC standards covering NNEMP/HPM did not exist. It is difficult to impose mitigation requirements without corresponding standards to refer to. This situation justifies the existence of the HIPOW project, and emphasises the need to improve on the available reference material.
The practical implication of the above will influence the output from WP7, the Handbook etc. Rather than just tell End Users how to protect themselves, we also need to provide incentives and justify why they should protect themselves in the first place! It is pointless to provide ‘nuts and bolts’ guides if the End Users don’t see any need for them.
Another important issue, much emphasised by the work in HIPOW, is a need to shift the focus from individual pieces of equipment to system level, when implementing mitigation procedures. Modern technology is significantly different, i.e. smaller and more mobile and complex than its predecessors a decade older. Consequently, traditional hardening techniques cannot be cost effectively applied in many cases. Instead one must endeavour to implement mitigation measures in the entire system, or even systems of systems, so that the overall immunity is improved. This conceptual change in approach will also be reflected in the final output.
The major undertakings in Period Two are the Outdoor full threat Trials, the prototyping of the HIPOW Web Site and the completion and testing of our prototype HPM/NNEMP Detector System. The HIPOW trials, named ‘Radio Frequency Attack on Infrastructure Devices’ (RAID), were organized 26-30 August 2013, at a test site in Norway. The RAID Trials entailed typical digital infrastructure devices installed in an industrial environment, I.E. in a real building. These setups were then irradiated with HPM/NNEMP threat simulators, both from the road outside and from within the building itself.
The HIPOW website is up and running and a prototype of the database is also ready. The technical implementations of the web tools are up to schedule, but we are so far lacking in contents. This is due to the shortage of relevant material, which also is non-copyrighted and trustworthy. However, this is no surprize, it is actually the very rationale behind the HIPOW project. Once WP7 is underway, we will produce our own material for the database.
Our third major achievement in Period Two was the Detector. We have analyzed the technical possibilities for suitable HPM/NNEMP detectors, and conducted experiments with several candidate systems. Two of these were actually tested during the HIPOW Raid trials. One was finally chosen and implemented as our Prototype Detector in Deliverable 4.3.

Potential Impact:
The technological developments of electronic hardware, as well as their proliferation, seem to be accelerating. From a Societal Security perspective it is of vital importance that mitigation techniques and the legal frameworks and other incentives to protect CI keep pace with the general technological developments and trends.
HIPOW is exploring the basis for various aspects of NNEMP/HPM threats, their potential implications as well as relevant mitigation techniques. Through scenario based analysis, and realistic experiments, we aim to improve upon the present situation, and present our findings to the Owners, Designers and Operators of European CI, as well as European and International Standards Organizations, in formats that are directly applicable to them. The project will endeavour to increase the awareness and understanding of NNEMP/HPM threats, consequences and mitigation in the context of modern Civilian Critical Infrastructure.
Among the end products from the HIPOW project are a guidebook, a web site and a database, all intended to be End User friendly references on CI analysis and protection. Interaction with an End User group, and studies of the legal, economic and political frameworks, will aid the HIPOW project to focus and present our results and recommendations in order to maximize the impact of the end products. It is important that our output is useful and applicable to contemporary and near future CI, and that our suggested regime for risk assessment and priority fits well into the framework of European CI Risk Management in general.

The main output of the HIPOW project is a 'Handbook on HPM/NNEMP protection. Along with the web site and data base the purpose is to provide owners, designers and operators of Critical Infrastructure tools, guidelines and references. This in order to enable them to correctly analyse their Critical Infrastructure, and aid in the practical implementation of cost effective mitigation against HPM/NNEMP threat. Furthermore we develop a prototype Detector System, that will raise alarm if an HPM/NNEMP incident occurs, as well as analyse the nature and origin of the incident electromagnetic fields.

Our readily exploitable foreground consists mainly of the HIPOW website and database, and the Prototype HPM/NNEMP detector.
List of Websites:
http://www.hipow-project.eu/hipow/