CIRCUIT: Introduction

A Cyber Dimensions Demo Case Study

Critical Infrastructure Context

Case Study Classification: Municipal Smart Grid Cybersecurity Incident
Educational Framework: Posthuman cybersecurity analysis
Methodological Approach: Artifact-based learning with authentic document analysis
Target Audience: Advanced cybersecurity students, infrastructure professionals, policy makers

Welcome to CIRCUIT

On March 15, 2024, at precisely 2:17 PM, automated security systems at Ribera Municipal Utilities in Ribera, Arizona detected sophisticated unauthorized access attempts targeting the municipal power grid’s industrial control systems. What unfolded over the following 72 hours reveals the complex web of human expertise, technological agency, and inter-organizational coordination that defines modern critical infrastructure cybersecurity.

This case study presents authentic artifacts from the incident response—from the initial SCADA alerts through federal advisories and media coverage. Each document demonstrates how cybersecurity emerges not just from human decision-making or technological capabilities alone, but through the dynamic assemblages that form when automated systems, human operators, vendor networks, regulatory agencies, and community stakeholders coordinate in response to infrastructure threats.

Learning Through Authentic Artifacts

Most cybersecurity case studies give you a tidy narrative written after the fact. CIRCUIT drops you into the messy reality of an active incident. You’ll read the actual SCADA logs that first detected the attack, follow email threads as staff figured out what was happening, and listen to conference calls where decisions got made under pressure.

The collection includes regulatory filings showing how utilities must document incidents, federal advisories that warn other infrastructure operators, and media coverage that translates technical complexity into public concern. Each document type reveals different aspects of how cybersecurity actually works in critical infrastructure.

Posthuman Cybersecurity Perspective

The traditional view treats cybersecurity as humans using technology tools to solve problems. But when you examine what actually happened during this incident, something more complex emerges. The SCADA systems didn’t just alert human operators—they made their own decisions about isolating compromised components and maintaining grid stability. Human experts didn’t just override the technology—they worked symbiotically with automated systems to interpret alerts and coordinate responses.

This blurs the lines between human agency and technological capability. Security emerges from the relationships between people, systems, protocols, and institutions rather than from any single actor. When something goes wrong, responsibility gets distributed across these networks rather than landing on one person’s decision.

Case Study Organization

CIRCUIT is structured in three coordinated parts:

Introduction (this section): Context, methodology, and learning framework
Content: The complete artifact collection with incident documentation
Assignment: Assessment framework with analysis questions and evaluation rubrics

Learning Objectives

After working through the CIRCUIT artifacts, you’ll be able to trace how security emerges from interactions between automated systems, human expertise, and organizational protocols. You’ll see how infrastructure incidents require coordination across multiple organizations—utilities, vendors, regulators, and federal agencies—each with their own priorities and capabilities.

The case also develops skills in assessing responsibility when both humans and technologies participate in security outcomes. Where does accountability lie when an automated system makes critical decisions during an incident? How do you design response strategies that work with technological agency rather than against it?

Methodological Background

Assemblage Theory in Infrastructure Security

Critical infrastructure cybersecurity doesn’t happen inside any single organization or system. It emerges from networks that span municipal utilities, vendor support, state regulation, and federal oversight. These networks form what theorists call “assemblages”—dynamic relationships between human actors, technological systems, protocols, and institutions that produce security outcomes together.

The Ribera Municipal Utilities incident shows this in action. SCADA systems detected threats and initiated responses automatically. Human operators interpreted those alerts within broader operational contexts. Vendor networks provided technical expertise that exceeded internal capabilities. Regulatory frameworks shaped how the incident got documented and reported. None of these actors could have managed the incident alone.

Postphenomenological Ethics

Smart grid technologies aren’t neutral tools that humans simply use to solve cybersecurity problems. They actively reshape what cybersecurity means and how it gets practiced. The artifacts show how these technologies amplify some security capabilities—automated detection can spot threats faster than human monitoring. But they also reduce others—operators lose direct oversight of system interactions that happen too quickly for human intervention.

More fundamentally, smart grid technologies transform infrastructure governance itself. They create new stakeholder relationships, change the temporal rhythms of incident response, and shift the boundaries between human and technological decision-making.

Getting Started

Ready to engage with the artifacts? The incident begins with automated SCADA system alerts and unfolds through email exchanges, voice transcripts, regulatory filings, federal advisories, and media coverage.

Technical Context

If you’re new to industrial control systems, a few terms will help you navigate the artifacts. SCADA stands for Supervisory Control and Data Acquisition—these systems monitor and control industrial processes like power generation and distribution. HMI means Human-Machine Interface, which is how operators interact with automated systems through screens and controls.

You’ll also see references to OT and IT networks. Operational Technology controls physical processes (like opening circuit breakers), while Information Technology manages data and communications. Industrial systems use specialized protocols like Modbus and DNP3 instead of standard internet protocols. The smart grid refers to electrical infrastructure enhanced with two-way digital communication and automated control capabilities.

Academic Context

This case study demonstrates methodologies developed through NSF-funded research in posthuman cybersecurity education at the University of Arizona. The approach has been validated across multiple infrastructure sectors and educational contexts, showing improved student engagement with complex sociotechnical systems and enhanced understanding of distributed responsibility in critical infrastructure protection.

CIRCUIT represents one application of the broader Cyber Dimensions methodology documented in the complete OER toolkit.

Cross-Artifact Analysis

When you work through all the artifacts, patterns emerge that show how cybersecurity actually functions in critical infrastructure. The SCADA logs reveal automated systems making real-time decisions about threat response. Email threads show human operators interpreting those decisions within broader operational contexts. Conference call transcripts capture cross-organizational coordination under time pressure.

What becomes clear is that effective incident response doesn’t happen through either human expertise or technological capability alone. It emerges from the relationships between people, systems, protocols, and institutions working together. Current infrastructure modernization decisions create both new vulnerabilities and enhanced protective capabilities that will shape how future incidents unfold.

Summary

The CIRCUIT artifacts drop you into the reality of critical infrastructure cybersecurity as it actually unfolds—not through neat organizational charts or idealized procedures, but through the messy coordination between automated systems, human expertise, organizational protocols, and regulatory frameworks. The assignment framework helps you analyze these dynamics and develop more realistic approaches to infrastructure protection.

Reuse

CC BY-NC-SA 4.0

--- title: "CIRCUIT: Introduction" subtitle: "A Cyber Dimensions Demo Case Study" --- ```{r} #| label: setup #| include: false # This chunk allows for single-file rendering for development source("_scripts/solo_render.R") ``` ::: {.callout-important title="Critical Infrastructure Context"} **Case Study Classification**: Municipal Smart Grid Cybersecurity Incident **Educational Framework**: Posthuman cybersecurity analysis **Methodological Approach**: Artifact-based learning with authentic document analysis **Target Audience**: Advanced cybersecurity students, infrastructure professionals, policy makers ::: ## Welcome to CIRCUIT On `r world$incident_date`, at precisely `r world$scada_alert_time_display`, automated security systems at `r world$utility_name` in `r world$city_name`, `r world$state_name` detected sophisticated unauthorized access attempts targeting the municipal power grid's industrial control systems. What unfolded over the following 72 hours reveals the complex web of human expertise, technological agency, and inter-organizational coordination that defines modern critical infrastructure cybersecurity. This case study presents **authentic artifacts** from the incident response—from the initial SCADA alerts through federal advisories and media coverage. Each document demonstrates how cybersecurity emerges not just from human decision-making or technological capabilities alone, but through the dynamic assemblages that form when automated systems, human operators, vendor networks, regulatory agencies, and community stakeholders coordinate in response to infrastructure threats. ## Learning Through Authentic Artifacts Most cybersecurity case studies give you a tidy narrative written after the fact. CIRCUIT drops you into the messy reality of an active incident. You'll read the actual SCADA logs that first detected the attack, follow email threads as staff figured out what was happening, and listen to conference calls where decisions got made under pressure. The collection includes regulatory filings showing how utilities must document incidents, federal advisories that warn other infrastructure operators, and media coverage that translates technical complexity into public concern. Each document type reveals different aspects of how cybersecurity actually works in critical infrastructure. ## Posthuman Cybersecurity Perspective The traditional view treats cybersecurity as humans using technology tools to solve problems. But when you examine what actually happened during this incident, something more complex emerges. The SCADA systems didn't just alert human operators—they made their own decisions about isolating compromised components and maintaining grid stability. Human experts didn't just override the technology—they worked symbiotically with automated systems to interpret alerts and coordinate responses. This blurs the lines between human agency and technological capability. Security emerges from the relationships between people, systems, protocols, and institutions rather than from any single actor. When something goes wrong, responsibility gets distributed across these networks rather than landing on one person's decision. ## Case Study Organization **CIRCUIT** is structured in three coordinated parts: 1. **[Introduction](circuit-intro.qmd)** (this section): Context, methodology, and learning framework 2. **[Content](circuit-content.qmd)**: The complete artifact collection with incident documentation 3. **[Assignment](circuit-assignment.qmd)**: Assessment framework with analysis questions and evaluation rubrics ## Learning Objectives {#sec-learning-objectives} After working through the CIRCUIT artifacts, you'll be able to trace how security emerges from interactions between automated systems, human expertise, and organizational protocols. You'll see how infrastructure incidents require coordination across multiple organizations—utilities, vendors, regulators, and federal agencies—each with their own priorities and capabilities. The case also develops skills in assessing responsibility when both humans and technologies participate in security outcomes. Where does accountability lie when an automated system makes critical decisions during an incident? How do you design response strategies that work with technological agency rather than against it? ## Methodological Background ### Assemblage Theory in Infrastructure Security Critical infrastructure cybersecurity doesn't happen inside any single organization or system. It emerges from networks that span municipal utilities, vendor support, state regulation, and federal oversight. These networks form what theorists call "assemblages"—dynamic relationships between human actors, technological systems, protocols, and institutions that produce security outcomes together. The `r world$utility_name` incident shows this in action. SCADA systems detected threats and initiated responses automatically. Human operators interpreted those alerts within broader operational contexts. Vendor networks provided technical expertise that exceeded internal capabilities. Regulatory frameworks shaped how the incident got documented and reported. None of these actors could have managed the incident alone. ### Postphenomenological Ethics Smart grid technologies aren't neutral tools that humans simply use to solve cybersecurity problems. They actively reshape what cybersecurity means and how it gets practiced. The artifacts show how these technologies amplify some security capabilities—automated detection can spot threats faster than human monitoring. But they also reduce others—operators lose direct oversight of system interactions that happen too quickly for human intervention. More fundamentally, smart grid technologies transform infrastructure governance itself. They create new stakeholder relationships, change the temporal rhythms of incident response, and shift the boundaries between human and technological decision-making. ## Getting Started Ready to engage with the artifacts? The incident begins with automated SCADA system alerts and unfolds through email exchanges, voice transcripts, regulatory filings, federal advisories, and media coverage. ## Technical Context If you're new to industrial control systems, a few terms will help you navigate the artifacts. SCADA stands for Supervisory Control and Data Acquisition—these systems monitor and control industrial processes like power generation and distribution. HMI means Human-Machine Interface, which is how operators interact with automated systems through screens and controls. You'll also see references to OT and IT networks. Operational Technology controls physical processes (like opening circuit breakers), while Information Technology manages data and communications. Industrial systems use specialized protocols like Modbus and DNP3 instead of standard internet protocols. The smart grid refers to electrical infrastructure enhanced with two-way digital communication and automated control capabilities. ## Academic Context This case study demonstrates methodologies developed through NSF-funded research in posthuman cybersecurity education at the University of Arizona. The approach has been validated across multiple infrastructure sectors and educational contexts, showing improved student engagement with complex sociotechnical systems and enhanced understanding of distributed responsibility in critical infrastructure protection. **CIRCUIT** represents one application of the broader **Cyber Dimensions** methodology documented in the [complete OER toolkit](https://ryanstraight.github.io/cyber-dimensions-oer). ## Cross-Artifact Analysis When you work through all the artifacts, patterns emerge that show how cybersecurity actually functions in critical infrastructure. The SCADA logs reveal automated systems making real-time decisions about threat response. Email threads show human operators interpreting those decisions within broader operational contexts. Conference call transcripts capture cross-organizational coordination under time pressure. What becomes clear is that effective incident response doesn't happen through either human expertise or technological capability alone. It emerges from the relationships between people, systems, protocols, and institutions working together. Current infrastructure modernization decisions create both new vulnerabilities and enhanced protective capabilities that will shape how future incidents unfold. ## Summary The CIRCUIT artifacts drop you into the reality of critical infrastructure cybersecurity as it actually unfolds—not through neat organizational charts or idealized procedures, but through the messy coordination between automated systems, human expertise, organizational protocols, and regulatory frameworks. The assignment framework helps you analyze these dynamics and develop more realistic approaches to infrastructure protection.