Dr Livio. It's working towards. His research and that's our systems use for his research I think it will instruct zero zero zero zero or at first. He holds three others he has promised people looks at more than two hundred that a person has every major test that you have just as was the over the years in ninety nine when I mean that a fellow I think Lee and he's he was sort of our distinguished professor two thousand and six he was in the second record and they said you were sick and he was picked up any administrator of our systems are broken. Joining us. Thank you very much and thank you for being here I would like to talk to you today about. An important issue that we have in the in this God And I mean any kind of basically that is say the electric energy system as you all know really like you go through the electric energy system has been recognized as one of the critical infrastructures and we see this many times of you remember back in two thousand and three when we had the major blackout that last that only basically less than an hour for the majority less than a day for the majority of the people that affected basically everything came to a standstill without electric power we cannot do anything we can i don't know banks are going to run. Out of computers we're going out there on our lights and so on. Of course what we want in a bar is what if I'm not back at it and I see here I have some distinguished out bikers here because we're on talk about the. Project where he he was there Packer. And if an attack it takes hold of our system then he can do things that are. Denial of Service and so on but more important we worry about thinks the will damage the system and they will it may take months even years to repair this case where we're going to be in the dark for a long time so these are the things that I would like to talk to you about today in some of the research we do here in Georgia Tech to develop matters to our very that. So I'm going to talk a little bit about the background the threats to the electric energy systems. There is a lot of activity in terms of standards not only the United States but also abroad some other fact. Some of the standards said to say that there will we started the standards here in the United States something like thirty five years ago but then we're going to a period that we did not care about this in the Europeans to go over and now the rest of the world the Europe and Sinai certain things are ahead of us and that's said but hopefully we can catch up with them. So when I talk about intrusion detection systems and I'm going to focus in one recent project where basically we try to. To a steady Kate call months go months can be anything that can. Cause that Sainz in the power system and some of these commands have the have the capacity to cause damage if that done in their own player in their own time so I'm going to give you some examples of this so what I would like to do is or Fedak a this command so that we can make sure that the. The damage is done to the system. And I'm going to talk about some laboratory testing and some demonstrations that we've done recently come first of all it will look at the electric energy system the attack Sophos is increasing. It is a very busy slide but you can see here several communication lay Yes. And also like to point out the four think we have here the physical system this is just the substation has breakers that are for most lines etc. The hardware of the electric energy system and what we do there we have. Devices that equation and so on and from there on everything is in the cyber space everything we do goes through the embedded computers. Throughout the system and now we have the need to communicate between the various parts of the system so there is a lady here that we use for the operational part of the system where we excel is very critical data for the operation of the system what should be doing is what is the narrator should be doing Think of this as a massive job graphically dispersed dust the real control system that and then we have. Other layers where because the electric grid is either connected with other it is for example our local grids here is connected to the V.A. in the next neighbor or in the next state so we have the need to exchange that the real time so we have another layer of that with say is that the between control centers of the various I did this and if we go all the layers we don't have time to discuss all of this including the cloud we have also the need to have layers to interface with the. Customers one example today in the Atlanta area you can go to your i Pod MC in your neighborhood or in your in your neighborhood what if the distribution system is intact if there is a now thirds and so on or if you experience and now did you can see who and the out there will be repaired then you get the electricity back so this shows a very huge. Communication network and of course that opens up the surface at dark for the system and the body can go into a system from the various points. And is not going to get better because everything is digitized and we. There is a lot of work to even more digitize the electric power grid and therefore the south is going to be increasing. So if it gets in the system quite a could do well he can do things like course if you are disruptions to like Agreed you have to do the papers the attack in Ukraine but there is not only the only attack is a lot of other attacks and so on or it can course it will damage the major electrical components. Some of the. Electrical energy grid executives they say where we worry more about the second part of the rather large dogs or the other is maybe just a nuisance but they go together if somebody gets into the system then we can do both of them together then. I will have to concentrate on the damage that can be done from these attacks and I'm going to discuss two examples the first example is what do we name our road attack this is basically somebody gets into a system and damages a large generator and this generators are. Synchronous. Since they have a hole. It's not only the center it is the whole plant and if it is damaged then it takes. At least a year to repair and then we have a controller at parks where they can go and damage your own electric system in the house. So let me talk specifically about this to our docs and there are many others in fact one of our sponsors the Department of Energy does not want us to talk about these things I think that we give. The know how but on the other hand that's not true I guess here is a. Generating plant there is a generator somewhere here and what is. There are a lot of devices. Cyber devices that they control the whole process from the how much gas goes into the burning. Fuel to what the speed of the generator or and so on so there is a. Substantial cyberspace in there and of course there is here this part here is the break you think of the breaker switch that connects the system the generator to the rest of the electric energy system. Now the generators being see her as my since. The in order to connect that then I read to the system we have to. Have a motor to print the generator up to speed and when the speed of the generator is comparable to the speed of the rest of the system then we close the break Now what about if somebody gets into the cyber system and. While the generator is at standstill closures that break. Will happen in this case. The generator is going to be in about them. A fraction of a second is going to be a piece of junk. The coil is going to fry the. The balls they're going to pop and so on and of course you cannot go to Home Depot and buy another generator to replace it. You need at least six months or a year to do that so that's one of the serious attacks that can happen again of course. Once we realize this problem then we have now systems where we have either locks and people cannot do that but. The locks are I could be nation of cyber systems and hardware mechanical systems but we moving to the point where all of this all the derelicts are through the cyberspace so if someone attack it can get into the system and knows what he's doing there he can bypass all of this and cause a lot of them it's got. Another closer closer to home to the neighborhoods and so on is. Again access to the distribution system going Castle's here is a distribution system that's the graphical view and here is the houses they take power from the from the grid through. Three transformers and now of course the system has controls all the controls are controlled by the cyber system for example does this last form or has what we call tops it can raise that the walls as up and down and then of course we have distributed capacitors along the system so you can get through the system you can take the tops to the marks and so you can raise the vaulters of the Transformers to the maximum can close the. The capacitor Strawn and very easily with other systems realize what's happened in the. Voters can go to forty percent over a ball that's now what'll happen if you look at a freezer A There has been twenty volts he has one hundred twenty volts times to one point four is not going to take very long for the refrigerator to want to fail also on the transformers that feed the houses if the wall this is forty percent because of the way that a swarm is working and so on it takes anywhere from ten minutes to thirty minutes for this transformer to become a fireball it has all the heat goes up and so on and therefore is going to be destroyed so easily sell body get into the system can do this now months and then the question is how secure our distribution system communications networks and by has the answer that my grandmother can get in the system. So some of our one of the utilities here do not. Do this the answer to this question the company and the company did a very simple system that they can go anywhere to a distribution system and. Thus get into the system without any any difficulty and so on. Now of course these are all the systems that. The communication network is a system of radios. And I hadn't megahertz and so on and now their utilities now are phasing this out and their utility is now basically they. They're replacing the systems with L.T.E. networks of course in their teenage wars we have a lot of more security and so on but the sad story is that there are a lot of systems they all systems are open basically that so that's. That's the state of the art now. Now a lot of our going to exemptions are. Working on developing standards we have the idea poorly this nice not fair all of these are developing the cybersecurity standards and there are literally zillions of committees that the that work on the standards that for example nice came up with the Cybersecurity Framework for. Energy Systems back in one thousand two thousand and fourteen and network has developed a series of standards that are known as the sips and that's critical here for us that our infrastructure protection and what this means is that if a facility is. Electric and if the facility is classified as a critical infrastructure for the nation then they have to go through these three groups implementation of cyber security standards. And. Because this is just. Some of the standards that. Have been developed or are being developed I guess and basically the standard procedures from how we stored. The cyberspace of the electric utility how we communicate that what kind of fire walls we have to do and so on. Now I would like to cause a great in the actual structure of an electrical power system this is that's an example we have here the physical energy system that and then we have sensors that they continuously monitor the system. This is the news technology medicine units measure gives us the vision systems and they generate the data and they said the data to some process boss to see really this is. Totally in secure connection little market prices and so on. That is concentrated on the process by us then we have relays the relays are another set of embedded computers they can connect directly to the physical system and they do have processing of the doubt that there are so on and then they communicate with the process boss which is typically is a man as the streets then we communicate this data some of that that are needed locally some of the data we have to communicate them through. The communications infrastructure of course today we have. Synchronization through G.P.S. clocks and so on. So this is the typical system and keep in mind the whole thing that this one of this is of course. By the computer in a typical substation. Even a small. Medium sized substation we may have something like two hundred of these devices all of the connected and doing it's one doing a specific task. So the system is quite huge. And the typical practice is the fall in going back to the surrogate. The the present practice is that we do use a lot of cyber cyber security systems on the communications part with encryption and so on but there is little very little security inside the substation yet and there is people talk about keeping things inside the fence because basically every software has a fence so if it is inside the fence it is secure but that's not you know that's not true right so we need to secure also what's going on inside the succession so let me go briefly through. The communications I guess typically ride use is used for. Around. For communications. Assume you you know that produces a client server protocol that runs on a case unless you're using U.D.P. Star Sport and the partner says of this these two or thirty gate users or devices before granted grabbed an access to the network authorized users or devices to for specific network services and account for use of services and of course this can be farther. Secured by using the Internet protocol security that provides cover this confidentiality through encryption. Integrity or through the caisson and provides interoperable high quality cryptographically basic unity for IP for an I P V six. And it is the respondent obligations and many times we use it the Net access and so on so this is the the present way with the Secure the communications in the power system other than the ones that the Mason before the through the of the older systems and so on. Now whether we like to spend more time here is basically we know the attackers are very resource rules resource will and occasionally will get into the system so the question is what is our line of defense if an attacker gets in the system. So we can we have to level approach the first approach is we're looking at. Network traffic signals you're seeing the anomaly and typically what we want about is what gets back to the physical system so that this means what comes from the network into the substation and so on that. But now get more sophisticated that can mimic the signature of the syntax and so on so that. That's not the full proof and the other level is that. We can detect if there is an attack or there is a malicious command now what we need to do here is basically to utilize what we know about the system and see if the DOT of this gun going through the network. And I'm talking out the local network inside the station if this data is consistent with the operating conditions of the system so this means that we need to track continuously What is the operate the state of the system so if I know that then I can tell if the DOT has been attacked or not and also if there is a command then I need to know what will be the effect of this call model the system and then I can see whether this was initiated because of a malicious intent to cause damage to the system so let's see how we can. Detect last year so at level one basically many methods and tools have been the bells and the majority of the research is focused on this which is unfortunate because we need to do to spread very service in other areas as well so syntax in saying that your and see the Excel or a reason to detect but that targets are becoming sophisticated and easily avoid their arse in signal to receive that. Many messages characterize the traffic and look for unexplained anomalies. And there are many methods by tracking the. Traffic and so on. But what happens with this method is that because of the electric energy system goal other goals sudden say this continuously we streets in alliance with streets break are seen and now. Live in some part of the system there is a. Big changes and so on shore in the peak lead this matters provides a lot of false positives and that's a problem with this matters so what we've. To press recently is that instead of looking at that as the actual traffic data let's look at the difference between the actual data and the State of the system that will say what the data should have been OK so if we trace this the difference only then these methods have a better way of. More reliably detecting any that attacks come so these are the most of his that get the masses and basically we are in the process of. Starting a project where we're going to do exactly that using with Sandia National Labs and so on to. To use that in matters that are detecting our normally sensor on but feel the need of the systems not the actual traffic but the difference between the traffic and while the traffic should be based on the operating state of the system. Now the other issue is to detect that then. Any alteration of the data will cause problems I'm going to give you some examples of what kind of all their actions can cause our problems and then the other issue is that. Commands one more thing I forgot to discuss here is the fall in that. Because the traffic is not the only data is it has traffic. Events commands and so on so some of the some of the traffic it is basically. So to speak Proctor of and therefore we cannot say what is the. Was the difference between the traffic and the system without really doing some simulation and that's where that Sol and this happened in the systems and I'm going to talk to you about the method where overcome some of these talentless come. So we tried to detect doubt though that the corporations and also we need to detect any commands that might be malicious to the system. Now from the operating point of the system. We do not have techniques to know the intention of what this command was so what we can do is simply detect if or determine if a command will cause problems to the system. And therefore could be a malicious command issued by an attacker or could be an operator making them a mistake and send in their own command to the system that. Operator errors are well and alive so with a systems are going to talk about is that we can capture both and basically we cannot distinguish the two other than if it is a command. That will cause problems for the system we can block the command. That. And of course important thing is to inspect and provide that the beauty of where this attack or the bed that that came from whether it is a command or a alterations of that and if we do it in real time would be a lot easier to attribute the saw the two cops are the source of this command and then we'll know what devices are compromised what devices are not compromised and. We can correct the issues in real time. So the basic approach for this is a mess and then live to continuously mourn it thought of the state of the system that. In the way we monitor the state of the system here is. An example here we have the physical system on the top here and for substation this is the cyber infrastructure of the substation the interested detection systems that is connected to the station bus of the of this structure and of course this happens for every substation there are many substations and then of course every substation says that data into a control said there where the control said there looks and says knows what's going on in the entire system. So if we have a ticking method where the state the operator state of the system is monitored continuously and we're talking about very fast they believe every sixteen milliseconds. Then we can compare the traffic against the operators that of the system and determine if there is an anomaly. So we can detect that they're a diverse area of data and commands and the protective a level that is the lowest part of the floor of the infrastructure of the cyber infrastructure. So other adversaries adversarial data are detected by comparing that to real time model and we do also context based context based commodification by basically corruption of the command do not that I do not like it to propagate. And we do faster than real time simulation to see what will be the effect of the command of the system and if it is detrimental to the system we block the command now we have to realize that all the commas throughout the system whether they come from the control said there are some several cases. Nor are anywhere else they have to go through there he lays eventually to trip the devices to control the physical system them therefore if we have this intrusion system and the substation then all the traffic all the commands that there would be. Would be seen. Now the tools we we use Of course the have to be domain specific. So we use a physically based model in where your state is the masonry where yours said there is protection and first the real time simulation so I'm going to talk briefly about. These things here. So what is the physically based in the greater physical or cyber system comando that you see in this big sort of the substation this is to transform our Swan To those who are here now the rest were there there are busses and so on and basically we have the. Cyber devices. We use the word I.D.C. in the in our systems basically they're connected to the physical system through sensors so this device for example monitors. The voltages of these bars this device monitors the borders of these bars and the current through this link of the system and so on so these devices have. Access to everything that is going on in the system this is a very simple substation. It is located in villages in islands and presently this is them exist but all the lines are connected there on the ground you've been reading the papers right. Now. And not not is the holy thing that if I matter if I count the number of devices exist in this small substation this is as small as you can comes it's twenty three computer embedded systems that can now of course when we need to generate the call model between the fuse eco system and the twenty three devices that we have the the full infrastructure so I'm going to go briefly through some of the slides where it's show how this is. Done so before we go there I guess the physical base the graded system drives the operation of the system to be a dynamic status basically we have a model of the physical system we have the data stream in continuously so we can compare that to see everything from our my sis So you know validate the model of the system. And we have to do that very fast as a measure we're doing that every cycle dismiss at every sixteen site sixteen milliseconds. So that when I'm steady is the measure provides I get at the knowledge of the state of the system with a faster device writes The Bigley sixteen milliseconds. So the intrusion detection system depends on the are good at the knowledge of the state of the system. Now the dynamic state is the mission there's some other factor you're probably. There is a number of papers that. Tried to use the status the mission for the exactly same power process that we're discussing here. And there are many variations of the status mission. And whether Well I have to point out that. The traditional status the mission proper is very slow at this it provides the state of the system every few minutes so in this raid is very difficult to detect any intrusions. So here are those that they could develop as they just measure back in two thousand and seven by Karen and rephrase the state of the system every sixteen milliseconds and that is a huge advantage in. In detecting any intrusion in the system. So it's not just measuring awards very simple basically. As we take the data from the various devices. We have the model of the power system the physical system and this limitation we define the state of the system we have a mayor number of measurements and then we do without this they distillation process and now everything is object oriented so this is done automatically as the data stream in the state is the measure running and every sixteen milliseconds I know what is the state of the system in a very accurate way. And then this can be used for. And here is how we we have the were built the physical the degraded system. You can see here that this is part of the physical system this is a particular transformer. This is the secret of the reformer. Then we have the. The doubt there is that coming out of the water basically we have a. An ID that connects to the various parts of it are swarming to communicate through a certain. IP address and so on so all the data coming in and you can see the measurements the top then of the system and of course these measurements are fed into the status to married or to generate and of course we have. The this from a Doesn't sound is basically the link between the cyber system and the physical system how the sensors are sensors are connected to the system here are both the sensors These are current sensor sensors etc etc. So once we said this thing is already the sensors of course our physical systems they have. Silk is not connect to the physical system and so on and also they have sent then. Characteristics this is the transfer function of one of the sensor secrets and so on all of this is obviously domain specific the end result is that we have streaming data. And now we have developed over the years and years are the faces who are basically we can build the model in for any substation in a mater of one day which is. Very very fast compared to the standard technologies and so on. So once we have this then we can stream of the doubt and so on. I'm going to give you some examples later on of how the system works you look at the. Commodity education yeah remember commands can be benign could be seduced could be closing the breakout of a generator and destroying the generator and so on so it's a very very serious issues issue and therefore we need to have a way of. Orthopedic aid in this command to make sure that the commands going to cause any harm to the system. So we cut through the command and we determine the effect of the command of the system using real time model and faster than real time simulation. So by just looking at the commander we cannot tell. What will be the effect on the system. And of course we act accordingly know whether we do a simulation to see whether the command you have to realize the other issue with energy systems their electric energy system is huge for example the U.S. energy system is. It spreads from the west to Seattle and so on and of course we have three the connections but with the with dealing with a very large scale system so we cannot do simulation for the entire system so what we do in this case is since we have this the core model for every substation and if I mean there is that let's say or this up there what they can say is that I can generate an equivalent of the rest of the system. And then use they quibble and plus the the system of interest to do this to us by doing this way of achieving speedups in excess of one hundred. Points means the four think that is I can do a simulation for one second in there in about. How many milliseconds. Than milliseconds right. Saw by doing this then I can have the answer because another another important issue is the whole thing that you have the command comes out from protectively Lay I see something faulty on the system and therefore I have to protect the system for I have to open this breaker and so on the it has to be done within a few cycles cycles means about. Point one seconds therefore I do not have much time to authenticate this comment that but by the. Because of the speed up now I can do I can take the decision within one cycle and therefore I can like the Camargue. Through or not depending on the results of the faster than real time simulation that's why we're doing this so obviously get a system where we're generating the equivalent and then we use the equivalent of the system of readers to do this relation and get the results now we do not need the long length this is less because their results of a command. We can see them within one second simulation if I simulate one second of all over operation of the system after the command was implemented it then I have all the information I need to see what will be the effect on the system. So these are the. The parameters that we're working with for how we're doing that for time. Not much time OK so I'm going to skip some of the details here or so again Zomby do the results obviously these things you have to be tested in the laboratory here is we have a laboratory next building I guess in the E.C. where would you set up the infrastructure of a substation can do this test then we just completing a project project and we had three demonstration of this one a Southern governor one in us busy nylons and also banks. And for these other companies the most the nation basically we built a part of the system by Parul cyber system for the substation you can see here that actually has the relays as Mazie units as computers fire walls and so on and. Because other companies very touchy about cybersecurity where the system running the power little basically was connected to the physical system but we didn't have access to control breakers and so on so the traffic was only one way. And. We know this things were tame here adores it there we tested them we implemented the algorithms and so on and then they were shipped back to this other company where we did the the most recent when the system runs you see pictures for example these pictures mean a lot of things to the. Operate those they see a lot of data how the system is doing and the other important block here is the that their greedy. Detection when you see a picture like this where this number is less than one then all the data are secure. And. I'm going to show you an attack where the work happens if I attack some. Of the dot com. Now the in order to do the experiments we we set up a system where basically. This party is the cyber infrastructure of the dogs I showed you earlier this is the streets that connect the. The ideas substation to our to the doors that that system here and we allow to our starters. And sort of got I.D.'s. System and one of the packets is here in. The room here. So the system was run in continuously and then the attackers will occur in force commands and so on and see if the system will respond in time and of course that the most recent was live on live operating system so let me give you a couple of examples that this attack is somebody goes into there lays it in a set changes the setting of the. Of the sensor from twelve thousand to five to twenty four hundred to five so what this does all of this is themselves this is of course what this does is basically the the doctor will be coming from the. Sensor will be doubled from what should be OK so instead of saying that the system around eight hundred and appears it was sixteen random numbers. How this can be detected. Well was he does this immediately know this was happening here. Obviously we're going to show you the live we have to go to circle of Florida to see this alive basically the From point the one value here exam to about eight This triggers the fact that there is. That attack. The system has the capability basically to identify which doubt is attacked so I mean there is going to tell us this idea has been compromised the the world changes and so on so that that is. Immediately recognizable crap and of course not is that we have also reviews that back to specific ideas and so on now let's assume that. The system failed and we did not detect the that attack what would happen to the system. Here is the idea that was attacked so it seems that out of there from this value to this value and now who have been in the system is not is this this controls a particular transmission line. A listers misalign is located here so what do happen there what will happen there is that this attack will will stay dormant that nobody's going to notice it if it is not detected. And then if we do the whole thing happens is if I have a fault if suddenly I have a fault which happens all the time in the systems what's happened. Can happen any time then of course this was misaligned who'll be disconnected by the action of the relays but because of the bagged up I'm here this line is going to be taken at this going to. Disconnected because the relay is going to think there is a fault there as well because the car is going to be now doing double of what it was before. And it will disconnect this line no Was it this connects this line so we have two lines going out and suddenly this part of the system is blocked out saw the entire system here is going to be into a blackout so we'll get a lot of people lose electricity. So this is one of the another attack is the fall I think. Two point five And Melissa is control is said to open the breaker of the east gates in the heels line let me show you where that is. That is the line between scenic here and the gate so there is a command that descend there and not do that before. During the before the grandmother was received. This lines were operating normally and what the the command says that if if this goes through the vault that is going to dip two point eight eight per unit if the water's dips to eighty four eighty eight percent then a lot of other secondary events can happen for example have protective relays the look at the wall that's the start creeping more devices they have at this cascade in outage. And also not is that the did the detection happen within twenty eight point five milliseconds. And here is if we let this come and go Here is the vault of this and this particular I just picked two points here the world is worth one point zero two community point I did this as normal voltages in the system. As long as is within plus plus minus four percent everything is normal but if this break it is opened the world this year is going to go to eighty eight but he unit and then a number of other secondary things can happen and with this I guess I will summarize I think the time is all there. Basically. In my mind is we need to do to be developed methods context based methods for detection of intrusion on the power system in addition of course to all the others methods we have for securing the networks and saw saw a laptop on the floor to any questions yes yes. Yes absolutely but also you have to realize that the they let me get energy sector. You have all systems your systems and continuously are great in projects. So for example the local utility. Has a has a very large zero graphical area we did all of this in the past I call area where where the systems are ready to implement these systems as a mark what I showed you has been implemented in three successes. So there is different levels of advice implementations throughout the they are nicely States and continually utilities subgrade the systems to the new technologies you're the can always have more capability of implementing the implementation is going to be smoother than with all the systems. Thank you. Yeah. That's a good question because I'm going to tell you the story with the implementation there next to this are these three substations were not. Classified this critical infrastructure but one of the lines goes to a plant Christe plant where it's is designated as critical infrastructure. And. Because of the way utilities interpret the. Network basically they do not allow us to go through. OK So obviously the idea of the standards for America is to implement this methods into the critical. Critical substations and and plants and so on but. Working with the critical infrastructures it's a little bit especially for universities because we have to have space. Non-disclosure agreements and so it becomes a little bit difficult but we we do work with it we work with P.G. and E. and so on and. And most of the substations are in the critical infrastructure of this ignition. Very good question but. It opens up a lot of problems. Yes. There. Is that. Yeah if I have access if I have the if you have access I can go to any idea really and so on and change the settings. That. I think about this you know the this is less are connected to the sensors the current responders and so on and this got in the US where most are more the ratio. Who is to tell that. You're connected to them to five to twenty four hundred to five so it's just part of the unit in process nobody checks that that by the way that they can easily develop this is captured immediately if some engineer could be just an error by the engineer. Yes. Because here you have a feeling for how was the generalized any sort of distributed critical control system. Sort of probe but it would generalize. To any thing system absolutely as a matter fact. Today you will look at the standards development. That is a push to have one single standard for the systems and then of course we support as you know the standard with the system and that will be if we get to the point where. It is within one specific standard and not having different protocols different and so on and it is straightforward to generalize to all systems but I would take a long time that standards development takes a long long time OK. Yes you just got on the ability of the system do you have any sense of the level of the attack environment that it was going to take one thousand times that you have left what's the end of your understanding of the threat environment that exists within our. It's very gray there's we're going to see from the stories obviously. We don't have these data but the. I would imagine is a very large because we get only when somebody gets through. And now they're getting through quite often the but the Luckily so far it is on the local level and so on you get. The big story so you can and when it was a. The biggest scale and so on but the local scale it's. It's quite often Yeah yeah. And the other questions. OK Well thank you very much for listening.