Slashdot Mirror
Power Grid Insecurities Examined
Joe Barr writes "Chris Gulker has taken a long and careful look at the infrastructure of our power grids and has come to some rather unsettling conclusions." A good read that outlines where the current power grid is at, and suggests some paths for the future that may help avoid future blackouts.
Wonderful -- as I read the article, plastered in the center of the page is the ad:
... it frankly scares the hell out of me.
:)
"Microsoft - Big business ambition. Small business resources. Get your FREE 6-month trial now. Windows Small Business Server 2003".
The very fact that the power grid, atm's, so on and so forth -- hell, I worked on the power supply to a embedded PC today for a newspaper printing press that had NT on it
There I'll be sitting there in front of my OS X or Linux box. Can't be too smug I suppose with no power. No telephone. No gas. No cash to buy bread. Hell, the auto-checkout lanes (which I refuse to use on principle) at Jewel are Mickey-MouseSoft based. Certainly no Internet.
For my business' I absolutely refused to allow a Windows server of any type in the datacenter. I still say, "are you nuts?". Yet people still did it. Once again, Bill Gates will get a chance to screw us I guess.
So, when is the next worm due to hit? At least my TiVo will still work...
Says Skroch: "If you have too much security [i.e., no network connections], then the power plant probably won't work."
power plants worked long before the internet was created. no important computer controlling very important things should ever be put on the internet.
The article does bring up a valid point. Many times, when large systems attempt are forced into security by fear, they overdo it, and the system becomes nearly unusable to the users, who have to run around in circles with security measures.
The lesson? Security is nice, but lets not go biometrics and 30 different passwords just to check the email.
You will be baked, and there will be cake.
"The situation is so bad, experts say, that bored script kiddies could soon be knocking out power stations as easily as they concoct viruses from toolkits available on the Web."
:)
Is it any easier now then it has ever been? It always seemed pretty simple to me. Go down to your local, unmanned, power station and blow it up. Get your buddies and some trucks and knock down some high tension wires. wheeeeee.
Why do people get excited by this? It might be my misanthropic nihilism talking, but shit happens. Every day. Deal with it.
You might lose power, you might lose running water, you might get hit by a bus.
Even if you hole up in a shack to protect yourself from the script kiddies, psychopaths, terrorists and/or government... you're still gonna die!
Have fun!
--- Do you believe in the day?
The power industry needs to be reinvesting profits in infrastructure (powerlines), not stock dividends. The same companies should have been upgrading their command and control systems to prevent chain reaction blackouts. Am I expected to believe the computer systems that manage the cooling rods in the nearest nuke plant are secure?
Seriously consider the economic impact of the grid failure compared to the recent worm problems. Then think about a nasty combination of the two.
Karma: Censored (mostly affected by decency laws)
It used to be that the utilities were highly regulated entities that had their profit margins basically regulated by the states they were in. They had to provide a given amount of reliability, and rate increases (and occasionally refunds!) were carefully scrutinized as to where the money went. You couldn't raise rates without showing some meaningful improvement that resulted from it.
Then along came degregulation, where the power seller and the power generator became two different things (which makes even less sense than the deregulated-but-shared local phone loop). Utility companies wanted out of the power generation arena -- too expensive, too many regulations, it was better to be in the new "commodity" end of the business, arbitraging power. So they split themselves into trading companies and generation companies, taking all the cash into the trading companies, who were deregulated and could spend it freely.
And then 10 years later, Enron and the whole deregulated power "market" has collapsed, and we wonder why we're 15-20 years behind the curve on power grid and other key infrastructure elements. All the money got spent on speculating in the newly deregulated power markets, and its all gone.
Nobody really pays any less for electricity, I don't have a bunch of people knocking on my door offering me their window electricity or biodiesel electricity or their pig shit methane electricity for that matter.
I only have the sheepish looking local utility trying to explain to me how they're trying to fix the power infrastructure built in the 1970s with the cash made in the 1980s which was spent in the 1990s on the promise of getting rich in the new millenium. When in fact, they actually need me to pay the prices of the next millenium for the service delivered in the 1990s, and, oh, would I please only use as much power as I did in the 1970s?
The valve at a dam probably doesn't need to be turned very often, so it's economically tempting to save the cost of 24/7 onsite coverage and have one central operations center.
Remote monitoring is all but imperative. The plants are already in a cooperative network sharing their power. Everyone on the grid needs at least basic information about what's going on.
None of which is ANY excuse for a direct or indirect connection to the public Internet. This is a job for a private network, and I don't mean a VPN that can be DOS'ed when a worm spreads through the public network.
We must encourage the development of high-end fusion generating stations
First, you have to make fusion work. Just once.
+1 Interesting? Who's smoking the crack out there?
Haha, what grand scheme of things?
Humanity isn't trying to reach for the pinnacle of its capabilities, it's trying to find more comfortable ways to live and fuck.
People want more power so they can do more cool shit, and do it cheaper. That's it.
Leading in all forms of waste and corruption. Nice example for the future. Here's a primer on human nature -- more of anything doesn't make people use it smarter, it makes them squander it faster. Western society is terrible for this.
Your post is an attempt to be modded insightful by using big words to sound profound. Nothing you've said makes any sense.
occultae nullus est respectus musicae - originally a Greek proverb
"Most of the power grid problem stems from the fact that very little maintainence is being done."
"Greedy utilities have brought this on themselves.Cutting jobs for the maintainence personell,doing nothing about aging lines, and then asking "WHY is this happening?"
There is nothing wrong with the "old" lines. The distribution grid carries some rated voltage and does it without much complaint. The problem is that there simply isn't enough of it, so most of the system is running at design capacity, and a small failure can cascade into a widespread failure.
There isn't enough distribution capacity primarily because of NIMBY. Power companies around the country want to build more capacity. Most of the time they must spend years battling the locals for right of way. Environuts are often blamed unfairly when locals couch their resistance in bogus environmental claims, but the truth is that it's just NIMBY.
And it's maintenance.
Maw! Fire up the karma burner!
So they are imposing realtime requirements onto a shared medium (a computer network)? That's like not putting lights or sirens on emergency vehicles, and then complaining about not being able to get to the scene in time during heavy traffic.
No wonder virii can cause so much damage to the power grid. The whole thing was badly designed to start with!
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
A script kiddy would never bring down the power grid...If they did, they'd be bored out of their Internet-dependent minds. Can you imagine these types of kids playing scrabble or cards?!? Or worse yet, being forced to take the opportunity of a black-out to spend quality time with their families. The Horror!
--
Luck is just skill you didn't know you had.
A fundemental weakness of the grid is its over-centralisation. Another argument for environmentally friendly local power generation schemes.
Actually, a fundamental strength of the grid is its centralization. A central facility generating gigawatts of power can afford to spend millions of dollars ekeing the last few percentage points of efficiency out, and wiping out the last few percent of emissions, because the economies of scale kick in.
Local power schemes, since they will be purchase by The General Public, can not and will not spend the money on these extra niceties, and as a result will necessarily be less efficient and more polluting per watt then centralized power. There is no way around this, there is no argument that can wipe it away, it's a fundamental economic fact of life.
Local power generation is one of the boondogles the bad environmentalists promote, without stopping for a moment to think that it's even worse then the alternative. (Altogether too many environmentalists aren't bothered by little things like "truth" or "evidence", which is why I can't call myself one, even though in theory I ought to be able to.)
Well, the problem is, my 2 computers alone (400 watt power supply each), and my fridge use about 10 kWh a day. And they don't run 24h a day. So I'm afraid that after this use investment, I still need the grid.
And did I mention the snow storms that will put the contraption out of use for days?
Did I also mention that solar cells need to be replaced every 10 years at least, when they degrade? And that manufacturing a solar cell costs actually more power than the thing will ever generate?
Aaaah, so that is why there aren't solar cells on every roof. It's not a conspiracy by Exxon and the Bush family.
It's because when you do the math, you see it is not worth the trouble.
Of course, the solution is simple: don't do the math and keep pushing solutions that don't work, then blame the oil companies.
Alternately, you might want to wonder why France is generating 75% of its energy with nuclear plants licensed from Westinghouse and still doesn't glow in the dark. Naaah, wouldn't work elsewhere.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
We're starting to see a few problems appear more than once, though.
-
Telecom vulnerability to power failure.
-
"Non-critical" systems that aren't.
-
Cross-connection between business systems and control systems
That's a more realistic picture of what's going on.AT&T was determinedly independent of the power grid in the days of Ma Bell. Every central office ran on 48VDC storage batteries, with backup generators. The backup generators were started once a week, and run for several hours once a month. Once a year, each central office ran for 24 hours cut off from external power.
That was a long time ago, back when AT&T was a regulated monopoly common carrier. In the new, competitive era, that depth of backup can no longer be assumed. Carriers in trouble (WorldCom, Adelphia) tend to cut things like that.
The details aren't in yet, but it's beginning to look as if, during the recent big blackout, some comm links went down very early, so that the fault information that's supposed to divide the grid cleanly into islands didn't get through. Once all the logs have been correlated, it will be clear what happened.
A few weeks ago, CSX, the railroad, had a shutdown due to a virus. Railroad signalling has used "code lines" for decades, for remote control of switches and signals. These are basically serial links over which commands and responses are sent. The safety logic is local, but if you lose a code line, the dispatcher can't throw switches and route trains.
The tendency to centralize train control has resulted in a need to transmit code line signals hundreds or thousands of miles. So they tend to be multiplexed over telecom-like facilities. CSX apparently routed theirs over their in-house general purpose network. The routers in that network were managed by a network management system that ran on Windows. When the Windows machines went down, system management of the routers stopped, and, after a while, this apparently took some key routers down. So a "non-critical" system actually stopped train movements.
It's really convenient to be able to see what the plant is doing from your desktop. Order processing is more efficient if the sales network connects to the factory network. Energy traders need to be able to see what the power plants are doing, and give directions to power dispatchers. These things all create vulnerable paths.
I still believe the security issue is not an issue. I think you can separate the worries in two:
In the end (see previous post about stolen servers), it would be easier to just, for example, tear down a line post with a truck, to short the line or to sabotage the facility...