Slashdot Mirror


Power Grid Insecurities Examined

Joe Barr writes "Chris Gulker has taken a long and careful look at the infrastructure of our power grids and has come to some rather unsettling conclusions." A good read that outlines where the current power grid is at, and suggests some paths for the future that may help avoid future blackouts.

8 of 248 comments (clear)

  1. We should all generate power by Anonymous Coward · · Score: 5, Interesting

    In most states, if you generate your own power (ie solar), you can feed it back to the grid, and the electric companies are required to credit you! Any excess power you have can make you money. Sure, it's an investment up front to move to solar, but it is doable, and some states even offer tax credits.

    1. Re:We should all generate power by segment · · Score: 4, Interesting
      Sure, it's an investment up front to move to solar, but it is doable, and some states even offer tax credits.


      It's a nice thought but unless you live somewhere country-like, it's unfeasible to most people. Here's why, now firstly sure it is expensive to set up, but you would have to live in a geographically correct place as well. Say Florida, California, Arizona, Texas. States where it is rather sunny as opposed to say Seattle.

      You could use alternatives such as windmills, but again you would need massive space. When I was in Sweden, the government there was trying to limit where windmills could be used, as they often killed birds, some of which may have been rare, or on the verge of existence.

      I wish I wasn't too lazy and tired to offer links to prove my Swedish claims, but I'm sure anyone can find it on Google.

  2. Is Linux the latest "silver bullet"? by KNicolson · · Score: 4, Interesting
    That article read a bit like an advertorial for Verano (some Linux SCADA security company), with the "Oh, if we only had Linux all this wouldn't have happened!" conclusion.

    However, reading the text, the problem seemed more that the plant operators had indiscriminately attached critical systems to the Internet without proper firewall security in place, which seems to me to be a human, not a computer or OS, flaw.

  3. Legacy = Semi Safe, Microsoft = Unsafe by Bruha · · Score: 4, Interesting

    Legacy systems will provide more resistance to viruses than any MS based system mainly due to the lack of coders with the knowhow to write viruses for such systems. Though when paried next to and on networks containing Microsoft based systems a MSVirus could cause havoc just by crippling the network that those systems rely on.

    In any case a system using NFS/NIS would be especially vulnerable to traffic floods by MSVirii due to the lockups that can happen when high traffic causes such file/security systems to fail.

    I've seen flapping interfaces on certain cisco equipment that have made messes of NFS and NIS based systems requireing a total reboot of the entire network from the top down. And the flapping can be caused by recent MSBlaster virii that has recently seen action.

    As a safety precaution the legacy networks should be extremely firewalled, and not allowed to work on any shared media that also caters to any Microsoft systems. Such seperation of the network would prevent either from spamming the other to death. Also in many critical areas private networks with private loops vs being carried over the internet should be considered with backups such a MicroWave or Sattelite communications to critical centers in case of any large infrastructure outages in your carriers network.

  4. Disconenct us Canadians... by WebCowboy · · Score: 5, Interesting

    ...and many of you are liable to freeze (or in southern parts bake) in the dark. If it weren't for BC Hydro selling power to California's PG&E over the common power grid on the west coast it would have been a certainty. Moreover, PG&E DEFAULTED on MILLIONS of dollars owed for said power to BC Hydro--so perhaps the proper term would be BC GAVE California power. Sooo...who uses who's power grid?

    Also, before you start singing a round of "Blame Canada" it has been determined to a high degree of certainty by industry experts that the most recent power outage originated in the US (notwithstanding out boneheaded prime minister's impulsive comments on the matter before anything was determined). One thing is for certain--it was the Homer Simpsons on BOTH sides of the border that allowed the outage to propigate to the extent it did (operator error, scheduled outages that left the whole system running at capacity, etc...).

    Deregulation has been bungled in its implementation all over the continent, but moreso in the US and particularly in California (well...EVERYTHING involving goverenment in California is royally fscked and has been for the better part of the last decade). The process was always politicised and the fledgling market manipulated by the established players and governments no matter where deregulation happened.

    The concept is sound however...creaky old mandated monopolies should be broken up and the system made as open as technically possible to as many potential generation sources as possible. Decades of monopoly (in generation particularly) set us all up for the situation we are in now.

    As a result, we presently have a handful of creaky, large utilities running creaky, large power plants with obsolete technology--and newer technology tacked on with duct tape and baling twine with little attention to stability and security. This has nothing to do with what country you are in--it is the situation continent-wide.

    I've worked in the industry and have seen it first hand--and this was BEFORE the industry was deregulated (they still had several 1988-era 386s and a 286 in use--in 1996!). The argument then was that competition would compel established players to innovate and become more efficient. NOTHING has changed in these plants since deregulation--they are moving no slower OR faster in bringing new capacity to the grid. Only now demand has reached critical levels as predicted by some years ago. Only the argument has changed. Now instead of being the solution, deregulation is cited as the reason for problems (careless cost cutting rather than being sheltered from competition).

    I'm astonished (but not entirely surprised) that since I was last in a power plant that there has been enough integration of critical systems into the general network that blaster-like infections could disrupt operations. Back in the mid 90's where I was, there were two distinct networks with NO connection at all (be it physical or not). If course, the 'net wasn't what it is now either and dozens of on-site employees had to rely on a 56k leased line for outside access.

    Hopefully the blackout made everyone feel vulnerable enough to wake up and put at least as much or more into security and stability as they did into y2k compliance...

  5. Re:heh by delcielo · · Score: 4, Interesting

    Economics come in to play here a bit as well.

    The market for buying and selling excess power is VERY active and exists primarily on the internet. Multi-million dollar deals are made quickly, and while they can be made in advance, they may also be made at the whim of mother nature (excessive heat causing a company to purchase power, or a drop in temp making excess power available).

    Implementing the deal means interacting with control systems. I will admit to ignorance of how this happens exactly; but I suspect that the traders aren't driving to the power plant or transmission control centers and doing it themselves.

    For a company that has efficient generation, they can make a great deal of money selling excess power. This means their customers don't have to pay quite as much.

    Here is the real issue: Everybody wants better security; but just tell anyone that you're going to have to up their rates to provide it and see what the reaction is.

    --
    Hot Damn! It's the Soggy Bottom Boys!
  6. Bull. by Telecommando · · Score: 5, Interesting

    Hackers controlling the power grid? Utter and total bull.

    I work in IT for a major power company. Our control systems have never been hooked to our own network, let alone the Internet, and never will be. How stupid does this guy think we are?

    We've been running computerized control systems in nuclear and other types of generation plants for years. We've had computers in substations and control stations monitoring, controlling and reporting status before most industries even knew what to do with them. I saw my first Z-80 processor in a SCADA system shortly after the Z-80 came out. It could talk any of 5 different control protocols and replaced 2 seven-foot racks of hot, high-current RTL and DTL control logic. It was a thing of beauty.

    We're not newbs at this. And no way do any of our control systems run Windows. Get real.

    Why would we even want to hook up a generating plant or substation to a network just so it can be controlled from anywhere in the world, BY ANYBODY? No way. No how. Nuh-uh. Ain't gonna happen.

    We can't even monitor what's happening on the system from the company's own computer network. It's all totally seperate. And for good reason. Who wants a disgruntled employee or just some joker who's bored messing with the system? The only people who can make operational changes to the system are the people actually present at the secured control center or at the generation plants.

    We run quarterly modem audits, company-wide, looking for unauthorized lines with modem. We even restrict who gets an analog phone line and whether they can receive calls on that line. Computers attached to the control systems get NO modems. Never ever.

    Even our remote monitoring terminals at regional work centers require dedicated connections to the control center and are receive only. The control computers think the remote monitors are printers and only send data, not receive so they can't be hacked from there either.

    It's impossible to get to our control system through the Internet. It could probably be done to some degree (perhaps sending a 'breaker open' command to a key substation, if you know which one), but only by hijacking an existing dedicated connection undetected, which is getting harder as we connect stations via fiber optic.

    (Often we connect stations by installing the fiber near the high voltage lines on our towers, a security measure in and of itself. Imagine splicing a broken fiber hanging off a helicopter platform while the line 12 feet below you is energized to 350 thousand volts. No, I haven't done it, but I watched it being done and the crew earned every penny.)

    If any utility out there has their control systems connected to computers that can be reached via the Internet (or modem for that matter), the persons responsible should be taken out and shot. Then taken to a doctor, stitched back up and shot again. Same for their bosses all the way up to the CEO.

    Sorry if I seen a bit testy on this subject, the subject of keeping the control system secure has been drilled into me for more years than I care to remember. Now it's just automatic.

    However, on the subject of aging infrastructure, I totally agree. I blame deregulation. Every utility is now trying to cut each other's throat trying to grab customers away from each other. To cut costs (and thus lower their prices to better compete), most if not all utilities have cut their expenses by eliminting maintenance, lengthening replacement schedules and cutting staff, specifically skilled line workers). It's a race to the bottom to see who can provide the cheapest service. And it will probably go on until the whole thing blows up on them. And unfortunately, us as well.

    --
    Beta sux! Join the Slashcott! http://hardware.slashdot.org/comments.pl?sid=4760465&cid=46173047
  7. Re:Scared yet? by Anonymous Coward · · Score: 4, Interesting

    I work at a company where we sell grid control sofware (SCADA software for in-market lingo)

    We had a product which used a particular UNIX, not a BSD or Linux, but the real high dollar, blessed by AT&T stuff. It hardly mattered because so many of our customers are not computer people, they are power engineers. They're not interested in event the user/group/everyone security model, they are interested in which breakers to open or close in the event a thunderstorm takes out this power line.

    As a result, many of the UNIX systems were set up for conveinence, not security, and anything that reduced conveinence created cries of frustration from our customers (and developers). Eventually we succumbed to pressure from our customer base, and now large portions of our system have been replaced with MS Windows systems. The customers (our power companies) love it.

    You can't sell security to those who don't want to buy it, but you can always complain when it's not there.