Slashdot Mirror

← Back to Stories (view on slashdot.org)

TVA Security Lapses Could Endanger US Health, Economy

Posted by timothy on from the tva-flooded-my-grandmother's-birthplace dept.

coondoggie links to a Network World story about myriad security flaws (described in a report from the Governmental Accountability Office) at all levels of the Tennessee Valley Authority, the country's largest public power utility, excerpting: "The Tennessee Valley Authority (TVA) is a federal corporation that generates power using 52 fossil, hydro and nuclear facilities in an area of about 80,000 square miles and has not fully implemented appropriate security practices to protect the control systems used to operate its critical infrastructures, the GAO concluded. TVA's corporate network infrastructure and its control systems networks and devices at individual facilities and plants reviewed were vulnerable to disruptions that could endanger a good portion of the country's economic security and public health and safety, the GAO said." The TVA is hardly alone, though, when it comes to governmental computer security. Reader bc90021 points out the Federal Government's newly released Computer Security Report Card (prepared for Congressman Tom Davis), which "breaks down the agencies and assigns them all a grade. There are plenty of Fs, not the least of which is for the newly reconnected Department of the Interior."

46 comments

  1. Tom Davis by alxkit · · Score: 0

    is that the guy who had his identity stolen? damn, they SHOULD beef up the security.

    1. Re:Tom Davis by um_atrain · · Score: 1

      No, that would be Todd Davis. Its 2 articles below this one, not that hard to check...

  2. Well no wonder by Sentry21 · · Score: 4, Funny

    No wonder the Department of the Interior is insecure, they're six years behind on their patches!

    They'll get it done, just give them a chance to catch up on their e-mail and slashdot first.

    1. Re:Well no wonder by The+Dark · · Score: 3, Funny

      They'll get it done, just give them a chance to catch up on their e-mail and slashdot first. I think you mean: "They'll get it done, just give them a chance to catch up on your e-mail and slashdot first."
      --
      sig's not here
  3. Um - why? by Gat0r30y · · Score: 4, Insightful
    It doesn't make any sense to me to allow any remote access to critical control systems like those described. Why would they want to use anything besides a local network?

    On control systems networks, firewalls were bypassed or inadequately configured, passwords were not effectively implemented, logging of certain activity was limited, configuration management policies for control systems software were not consistently implemented, and servers and workstations lacked key patches and effective virus protection. In addition, physical security at multiple locations did not sufficiently protect critical control systems. Ok the physical protections is an issue, but people in charge of major control systems for power generation should be on site - there is no reason to connect these boxes to the wider internet - a local network should be completely sufficient for their needs.
    --
    Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
    1. Re:Um - why? by Sta7ic · · Score: 2, Informative

      Frequently the measurements from the control centers gets shipped to other locations. Holes get punched in firewalls to distribute this data, and it's safe to say that there are IT workers out there who don't know enough about properly securing networks.

      In other cases, the particular control system could just be a digital switch for a breaker for line X. Sure, it's no more complicated than a big switch, but those 245kV lines tend to be pretty inconvenient to trip.

    2. Re:Um - why? by StickyWidget · · Score: 4, Insightful
      Originally, all process networks were designed like that, completely islanded off and self sufficient. Nothing in, nothing out. And that was fine while the industry was for the most part regulated. There wasn't a need for a large amount of data to be shared, everybody did their own thing according to regulations.

      Problem with that method is that there was no incentive to make upgrades to infrastructure and systems under regulation. ZERO. Which has lead to the situation we are in now: We have a first world nation with a third world electric power grid. Costs are rapidly rising, power demands are increasing (thank the internet for that), and the equipment is starting to get so old it can't be replaced anymore.

      So now, utilities are finally starting to look at way of improving their business. This means more data needs to flow from teh plant into other areas of the business. That data can be used to plan maintenance upgrades, to cost out fuel, to improve efficiency, to add green power to the mix, etc. Connecting these plants and control centers to each other provides a valuable service, it's just that utilities didn't know jack about securing them.

      To put it mildly, a generation plant can save $100,000 - $1,000,000 a year simply by sharing data with optimization consultants on a real-time basis. That's what we call "easy money". And in the absence of federal regulations, that's what they did. Now though, utilities are required to secure their network, most under the NERC CIP standards. Situations like TVA's are going to become very very common in the next few years, and then they are going to simply go away as utilities get the message that security means greater electric reliability.

      ~Sticky
      /I've spent the past 3 years of my life working in SCADA security, and plan several more.

    3. Re:Um - why? by bXTr · · Score: 3, Insightful

      You're right about unnecessary remote access. Even on a local network though, you don't let everybody on the network have access to the control systems. Most, if not all, the things mentioned in your quote apply to local networks, too.

      If I had my druthers, I would also pull out the floppy, CD and DVD drives and the USB and Firewire ports as well. Viruses, trojans and malware don't just come in over the Internet. I would also not have wi-fi. Just like with cell phones on airplanes, there may not be any chance of wi-fi interference with controls, but why take the chance if you don't have to?

      It seems like not enough people consider taking away or disabling things, not just adding things, to make their infrastructure more secure.

      --
      It's a very dark ride.
    4. Re:Um - why? by Anonymous Coward · · Score: 0

      It's not the IT guys that are popping holes in these things. Engineers and operaters demand access, whine to their executive (who is almost universally NOT the same executive as IT reports to), then the edict comes down from on high - "I'll huff, I'll puff, and I'll blow-ow-ow-ow your security down!".

      It's all you can do to try and piece together some semblence of security when you are held accountable for, yet cannot influence, the practice of others.

    5. Re:Um - why? by rrohbeck · · Score: 1

      What if the nuke operators want to work from home?

      --
      thegodmovie.com - watch it
    6. Re:Um - why? by Anonymous Coward · · Score: 1, Interesting

      My company provides software for utility companies (not control systems :-) ). I have to disagree with the statement that there was ZERO incentive to upgrade infrastructure. There is plenty of incentive. As always, the profit motive, well, motivates.

      An example: The industry has been moving, for years now, towards TOU rates (time of usage). This requires upgrading manually-read meters to meters that automatically upload their usage data. This saves utilities money in the long run because you don't have to send people out in trucks just to read meters. It saves the penny-conscious consumer money too -- win-win.

    7. Re:Um - why? by moosesocks · · Score: 2, Insightful

      There's a difference between "sharing data" and connecting your control systems to the outside world. I don't doubt that it's beneficial to release efficency/monitoring data to a third party.

      However, data collection and retreval should be on a completely separate network from the power plant's critical control systems. They're unrelated tasks; one requires strict reliability and security, while the other doesn't need to be any more secure than the typical business network.

      More to the point.... why the hell were those control systems taught to speak TCP/IP in the first place? Aren't there other industrial control protocols designed for this sort of thing that provide better redundancy, integrity, and security?

      --
      -- If you try to fail and succeed, which have you done? - Uli's moose
    8. Re:Um - why? by aproposofwhat · · Score: 1
      Ewwwwww - King-Size Homer immediately popped into my mind's eye.

      Thankyou - not!

      --
      One swallow does not a fellatrix make
    9. Re:Um - why? by AB3A · · Score: 1

      Why were they taught to speak TCP/IP in the first place?

      Because, in case you haven't noticed, while these systems are custom designs, we still need to maintain compatibility with COTS hardware and software. For example, which would you rather purchase? Belden 9860 Twinaxial cable? Or CAT5?

      There are also issues of training. Which would you rather test for? Profibus? or an Ethernet cable tester? You can get a well trained monkey to do the Ethernet testing. The Profibus tests, however, might prove a bit more esoteric.

      At the end of the day, we need the same sorts of tools that IT needs. We rely on COTS hardware, even if we don't use it the same way an IT shop would use it.

      --
      Nearly fifty percent of all graduates come from the bottom half of the class!
    10. Re:Um - why? by sjames · · Score: 1

      It' not a question of not speaking TCP/IP, it's a question of not randomly connecting separate networks together. Share data all you want, just collect it with one machine on the control network and hand it (via serial) to another on the business network.

  4. Geez man, get off our backs! by elrous0 · · Score: 3, Funny

    Look we told you that we're TOTALLY working on it. We're going to get those padlocks just as soon as we get paid this month. And we've got this buddy up in Kentucky, that we helped out at this great fucking party last year, who owes us big. And his brother is like this security wizard. We're talking the fucking security zen MASTER and shit. And he's going to be looking at our network just as soon as he can catch a ride down here. So don't worry bro, we're on it! Just chill for a while, okay? You're really harshing our buzz right now.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  5. Yeah, I live in Chattanooga... by tetrahedrassface · · Score: 4, Interesting
    And right beside Chickamauga dam is place that TVA insiders call "The Bunker". I have been in it, it has 4 or 5 (or more) floors underground ( I don't remember). Right after 9/11 I catered an event down in the bunker, no security whatsoever, and we got off on the bottom floor... it was nothing but racks of servers as far as I could see. It looked like something out of a movie. It is HUGE. We hopped onto the elevator came up two floors and got off on the correct floor. From there they can control everything in an emergency if they have to, except if some entity compromises their unsecured computers.

    More about "The Bunker" it has bedrooms, conference areas, and a whole slew control panels, and server farms. The employee that was with me and I left there and on the way back to my business we were like "If we were the bad guys we could have just caused major mayhem. Needless to say I returned again a couple of months later on a job and instead of just walking in, I got a M16 clad officer at the door. I would think their security is likely better now.. At least I *hope* it is.

    P.S. I hope they don't come after me for telling this.

    1. Re:Yeah, I live in Chattanooga... by Anonymous Coward · · Score: 0

      P.S. I hope they don't come after me for telling this. This is the they you speak of, and were coming after you.
    2. Re:Yeah, I live in Chattanooga... by jburton71 · · Score: 4, Interesting

      I lived in Chattanooga for about 12 years. Somewhere around 1998 or 1999 I visited the exact place you are talking about with a friend of mine (who was then and still is a TVA IT employee). I was just becoming interested in computers at the time and he told me that he would show me where the TVA kept "the brains" of their operation as he put it. Even at that time I questioned whether or not he could get me into this area and his reply was "nobody will know and even if they did nobody will care".

      I went back to Chattannoga to visit my old friend a couple of years ago. He had since moved up the govermental ladder and was more or less "in charge" of certain systems. During my visit he took me back to the place, on a Saturday. There was a single security guard on duty at the entrance. As we entered the guard didn't give us much notice as my friend swiped his ID card and entered a key code. I was holding my friend's laptop bag and the guard never asked to look at it or see it. For all he knew I could have been carrying in a brick of explosives. Once inside, I had access to pretty much any place in the "bunker" that I wanted to go, including various control panels, servers, etc.

      Short answer, no their security is not better than it was back then.
    3. Re:Yeah, I live in Chattanooga... by KudyardRipling · · Score: 1

      This goes to show that the 'civil rights' culture is going to get us all killed. Go and learn what YANKEE-WHITE security clearance means and how it should be expanded to tasks other than dealing with the POTUS.

      +5, Comfortable lie

      --
      Submission as evidence constitutes plaintiff and/or prosecutorial misconduct.
  6. SCADA Security Sucks by adavies42 · · Score: 3, Informative

    I wrote my master's thesis on SCADA (power system control) network security, and while I'm not surprised TVA is insecure, I never got the impression anyone else was any better.

    --
    Media that can be recorded and distributed can be recorded and distributed.
    -kfg
  7. Watch out for the inside guy. by onkelonkel · · Score: 3, Insightful

    I work in an industrial controls field that has a lot of technology in common with the big utilities like TVA. Very little of the remote control software has any sort of security on it. Some systems will have access passwords, but SCADA often has no security at all. An attacker wanting to disrupt services who was familiar with the SCADA equipment and protocols could cause all sorts of havoc by remote control. Imagine the hottest day of the year, power consumption is at its absolute peak, and somebody starts opening breakers, turning off compressors, sending in false failure alarms etc. Pick your time and place carefully and you get one of those cascading failure events and half the eastern seaboard has no lights. Repeat a week later. Maybe not as compelling as kamikaze jetliners, but not without its charms.

    --
    None of them can see the clouds; The polished wings don't care.
    1. Re:Watch out for the inside guy. by jd · · Score: 1
      History tends to suggest economic terrorism is far more effective than any other kind, so it is definitely an area I would consider a likely target in future. As such, the strengthening of security against physical attacks on computer network infrastructure and electronic attacks against either individual computers or the system as a whole should be the number one priority.

      SCADA and other such networks for operating industrial equiptment exist in open-source form, so secure reference implementations would seem to be a possibility. I don't know of any effective method of mandating such changes, other than perhaps to have those packages which require Government certifying lose their certification if they use insecure protocols or are otherwise demonstrably vulnerable to known attacks.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    2. Re:Watch out for the inside guy. by Anonymous Coward · · Score: 0

      I work for TVA and its partially true that if you had the right sort of confidential information you could bring down the entire power system of ANY part of the country. However there are alot easier ways to do it, there isn't a single security person at any of the 500kV substation, a lone person with a handgun could just walk into any of their control rooms and turn everything off manually with no need to learn complicated computer protocols. Even easier you could just shoot the 500kV transformers a few times until they blow up, those transformers take a year to rebuild, if you got a group of like 5 people together and they could blow up all those transformers easy without having to know anything about SCADA or computer hacking or anything like that. Even the main conrol room in Chattanooga you could get in with 10 dudes with guns and shut down every single power plant.

  8. 80,000 square miles? by Mr.+Sketch · · Score: 1

    Just think that with only a fraction of that, they could power the entire country with solar. According to this, we only need 8,500 square miles of solar to power the states.

    --
    Things you think are in the Constitution, but are not.
    1. Re:80,000 square miles? by geekoid · · Score: 1

      Yes, that technology is awesome. The Government should be giving incentives for getting that going.

      Of course when you had building parking lot and other infrastructures need, it will be more then 8500 Sq. Miles.
      Can that 80,000 mile be correct? 1000 miles wide and 80 miles long?
      I'm sure it's not shaped like that, I was just using those numbers to get the area in my head.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    2. Re:80,000 square miles? by Anonymous Coward · · Score: 0

      Note that this is land in the Tennessee Valley, not out in Arizona. You get a lot more cloud cover, long winter nights, and steep hillsides.

    3. Re:80,000 square miles? by Ana10g · · Score: 2, Informative

      All we need to do is clear off every structure in those 8,500 square miles, and we're golden!

      I don't think that TVA's facilities actually occupy 80,000 square miles (that would be ridiculous). I believe their service area is 80,000 square miles. http://www.tva.gov/sites/sites_ie2.htm

      --
      just an analog boy living in a digital age.
  9. This is not a new problem by HangingChad · · Score: 4, Interesting

    I had a large utility administration customer back in the early 90's. Back then I was constantly shocked (pun intentional) about how vulnerable our power distribution system really was. And the weakest links were frequently the most lightly protected. I even started drafting a novel about a small group of terrorists able to take down the power grid on the entire west coast for months and the effects on society of such an extended outage.

    Hopefully grid security is better now, but there's still a lot of lightly protected hardware that will remain difficult to harden.

    Ever since then I've kept a 4 Kw generator and extra gas, just in case. Even though I've only needed it a few times in all those years. Our power grid is surprisingly reliable. So much so we tend to take it for granted.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
    1. Re:This is not a new problem by geekoid · · Score: 1

      "...entire west coast for months ..."
      Months? how the hell do you do that? days, sure.... a week in really bad weather, but months? I can't see that happening.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  10. Interesting. by jd · · Score: 1

    They've improved security by dressing up in giant M16 costumes? Well, I suppose that would be an improvement. What depresses me is that the departments listed as C, D and F aren't that much different from what they were last year, the year before that, or any other year they've produced these scores. As much as I like NASA, I believe they have the least excuse of any of them, due to the sheer mass of geeks they have working for them. Maybe there should be a suspension on funding for any department that fails to show good faith in improving/maintaining security.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  11. Homer, Mo here - just click "Yes/No/Cancel" again! by Anonymous Coward · · Score: 0

    "generates power using 52 fossil, hydro and nuclear facilities in an area of about 80,000 square miles and has not fully implemented appropriate security practices to protect the control systems used to operate its critical infrastructures" What could possibly go wrong?
  12. FYI by geekoid · · Score: 2, Insightful

    Most companies would get an 'F'. Government organizations aren't alone in this, and it's the people who do security audits in there best interest to find problems. The will take a tiny risk and blow it way out of proportion.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  13. Nothing seems to be happening... by NMBLNG · · Score: 1

    The internet ate my post. The first one was better. Here's a short version: With all the poorly protected organizations out there, why do we hardly ever hear about this kind of thing? Does the public not notice the damage caused? Or are there not many attacks in the first place? Or is the damaged caused never reported?

    1. Re:Nothing seems to be happening... by Anonymous Coward · · Score: 0

      "Or is the damaged caused never reported?"

      Ding ding ding!!! We have a winner!!!

    2. Re:Nothing seems to be happening... by anti-human+1 · · Score: 1

      Ate your post? You mean you don't write all of your posts in a word processor before copypasta to the internet? You must not use windows or IE.

  14. There is no effective solution. by Joe+Snipe · · Score: 1

    Even if they were able to shore up all the issues with TVA, there are countless other services critical to America that could be easily comprimised. For example our nations oil refineries are very loosely guarded; it would be trivial to arrange for a synchronized attack on them and the result would be utterly devastating.

    Note to the NSA: I am not a terrorist, please don't take me away.

    --
    Sometimes, life itself is sarcasm...
  15. Criteria?? by Gogo0 · · Score: 2, Interesting

    What is the criteria for grading?

    I work in IA for the DoD, and there is a lot of stupid stuff that happens, but in the end, the number of minor security incidents is very low, and the number of SERIOUS security incidents is absolutely minuscule. Serious incidents are usually along the lines of information leakage, someone inside doing something stupid without malicious intent.

    my point being, this isnt a signal that these departments are insecure because they dont show WHAT theyre grading. are they counting serious incidents? minor ones? number of missed security deadlines? number of workstations with wsus errors? number of MWR personnel that clicked on an exercise phishing link? what??

    lots of directives in the government are lists of objectives with deadlines next to them created by a higher-up that doesnt understand any part of it. i am not discounting this "report" entirely, but iv seen this enough times to understand how little it could actually mean, especially considering there is no information provided.

    I wonder how much of a stink Tom Davis is going to raise in congress about it, or if he is going to look at it and understand that it tells him nothing.

  16. Security? What security? by Anonymous Coward · · Score: 0

    http://www.tva.gov/cgi-bin/search?txtquery=</title><script>alert('Slashdot was here')</script>
    http://tinyurl.com/6h5l52

  17. No Worse than the Bushit Administration by bratwiz · · Score: 1


    I don't see how it could be any worse than what the Bushit Administration and Repugnicants have already done to national security and the economy. (Oh and I guess we should blame some of those do-nothing Demoflats too)

  18. SHHHH! by Silentlaw · · Score: 1

    I think the terrorists may soon develop the ability to read!

  19. Re: by Anonymous Coward · · Score: 0

    Yep. Ubuntu.