Slashdot Mirror
US Electricity Grid Reportedly Penetrated By Spies
phantomfive worries about a report in the Wall Street Journal ("Makes me want to move to the country and dig a well") that in recent years a number of cyber attacks against US infrastructure have been launched over the Internet: "Cyberspies have penetrated the US electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia, and other countries, these officials said, and were believed to be on a mission to navigate the US electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war."
...you must live in perpetual fear. Whenever you're starting to focus on the reality of life, new fear WILL be injected into it to distract you. This is how the natural order sustains itself.
"Some officials" come forward and warn about threats from China, Russia, Iran and North Korea. "Ya know, Sir, we need funding for enhancing national security, so please make sure you get your budget right."
Aren't these people just admitting that they were incompetent? That's refreshingly honest of them.
http://twitter.com/onion2k
I thought mission critical computers should not be reachable from the Internet. So the spies walked to those computers and planted the software there???
Colorless green Cthulhu waits dreaming furiously.
So, the week before a review is due looking into whether or not they should increase the flow from the money pump, "current and former national-security officials" have come forward to draw attention to a network of spies in the power grid.
Look, I'm not saying that cyber-attacks don't happen, or that there isn't a risk, but bloody hell, this article reads like a well-crafted piece of BS, designed to put the N back into FUDing.
'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
The systems I work on are typically airgapped, but there is a constant push from users for some access to the internet. A user might need to access meteorological information, and the simplest way is to go online to get the data. Another user might need to refer to work instructions on the corporate intranet, but the intranet gets you to the internet anyway. Like it or not, the internet is working its way into many types of work and many people are starting to expect it to be available.
http://michaelsmith.id.au
China, Russia, and other countries,
So you mean there are people capable of hacking the US energy grid but who can't start the attacks from a hacked box in Madagascar?
"Who's attacking us?"
"Sir, the attacks come from half a million infected machines all around the world."
"From all coutries?"
"Yes, sir."
"So China and Russia too?"
"Hmm, Yes, of course, sir"
"Damn commies... We should've nuked them a long time ago."
Then I'd suggest they need two PCs.
Please read my Canon EOS tech blog at http://www.everyothershot.com
Nope, electrical grid computers in exUSSR region do not even have the theoretical capacity to be connected to the public Internet. I am amazed there is an actual data linkage between the public Internet and the computers even remotely related to the power control functionality.
I actually do work with these exact systems. I have yet to install a system in a control room that had net access to the operator consoles or even the operational servers. These computers - yes, running Server 2003/8 or XP Pro - are patched to the latest and greatest before they leave our shop, but once on-site should never, ever, ever interact with the Internet.
That being said, the PI data servers are designed to be a go-between for the internal secure network, and the rest of the world so the data logging can reach those who need it. Not only does the PI server have security protocols built in, but is required to be installed in a DMZ with full firewall protections, and in some cases a dedicated leased hard line to an off-site office.
So, to summarize, no, the Op stations, the Op servers, should NEVER be connected to the Internet, and we do out best to disable any way of the operators even getting to the OS level, but there are times and reasons that you need to hook the internal network (through full security measures) to the outside world.
Everyone wants money for their projects. Part of getting it is knowing what to sell in your given field. Well, as of late with federal government dollars, national security has been the name of the game. Was more narrow to anti-terror but they are kind losing focus on that. So, it is also no surprise that is what people use to try and get the money, even if what they want really has fuck all to do with it.
For example Consolidated Edison wants to install a super conducting core in for New York's power grid. Reason is the existing grid has load problems and this looks like the best way to handle it, rather than massive amounts of more copper. This is expensive, of course. To the best of my knowledge when this is deployed, it'll be the first super conductor used for commercial power delivery. Means plenty of R&D in addition to the actual costs. Well, sure would be nice if the government would help pay for that... So they got them to.
How? Well they sold it to DHS as an "anti-terror" deal. No idea how this is supposed to be more terror resistant, but DHS bought it and that's what's important. They gave ConEd something like half the money they need for the project.
Now you know that ConEd isn't really doing this as an anti-terror measure, they are doing it as a "grid is overloaded" measure. However, they put that spin on it to get government funding, and it worked. I'm betting this is a similar money grab.
On one they're controlling the power station, on the other they're reading slashdot.
Unless typing 'FIRST POST! LOL' on the wrong box causes a reactor meltdown, I think we'll be ok :)
Jolyon
Please read my Canon EOS tech blog at http://www.everyothershot.com
Close, they're drumming up support for S.773 and S.778. These bills are designed to give the executive the power to control the security of vital parts of the internet. If they can show that these vital parts of the net are compromised, and therefore risking America, they have an easy talking point when lobbying congress members.
Blowing all my moderation to reply to this.
Let me make this clear. Putting a critical system on to the internet is pure, stupid, incompetence.
ALL of your "situations" can be solved with a second $399.95 DELL sitting next to the critical workstation. Anyone saying that that is not practical is a blathering moron. I have seen MANY water filtration plants that the Supervisors in charge of the whole operation are so incompetent they put the entire plant's operation system on the corporate or city network. Then we have the low quality SCADA software called WonderWare that is so badly written that the company requests they have direct access to the machines so they can issue fixes faster.
If any mission critical machines are on anything but a sealed private non connected network, the person that designed it is a incompetent idiot that should take the fall for any failures. Gitmo time for whoever approved or asked for interconnection.
I have been appalled at the amount of interconnection I see in really important SCADA systems. I have seen this stupidity in major infrastructure control systems for 14 years now. Typically put here by some asshole manager that wants to "keep an eye" on his guys while he is at home. he get's a workstation (typically the one in his office) set up with a second network card and Pc anywhere or another Remote control system to interconnect the secure to the un-secure. and does it with a stupid windows box. Then the idiot uses it to check email, surf the net,etc... All installed by your friendly company IT slackie After the SCADA installation guys go home.
Every system I looked at that was "secure" typically had one of these bridging computers on it the only way to find the is to do a hard audit of every computer, the rate of finding these security breaches goes up as the age of the installation increases.
Do not look at laser with remaining good eye.
The WSJ article was apparently triggered by a letter sent by NERC (North American Electric Reliability Council) to its members. I think it shows a healthy development of security digging down to yet another layer of depth.
Forget the major computers in the major control centers. That's what everyone thinks of first. At that level it is becoming like the Indians and athropologists in the Grand Canyon. For every utility cyber worker there seems to be 30 government gumshoes and overseers looking over their shoulders. One would expect no aspects of security to be neglected at that level.
The NERC letter refers to devices at a lower level. Primarily, what the industry calls "protective relays" in substations. From 1888 to a few years ago these functions were really done with electromechanical relays. Now, many of them have been replaced by digital equivalents on a one-by-one basis. In a household analogy, it is like the difference between a central electric control computer for the house, as compared to a "smart" digital LED light bulb. One worries about the central computer being hacked, but at first blush, not the light bulb.
The problem is that the engineers who deal with this level of equipment aren't used to thinking of these devices like the light bulb instead of like computers in a network. They have not identified many of these low-level devices as "cyber critical". The NERC letter urges utilities to change that culture.
This is an industry that owns and maintains hundreds of millions of diverse pieces of equipment. Every day, some fraction of them are converted to digital. No single study, no single policy can change this infrastructure overnight. I think they are approaching cybersecurity thoroughly and methodically, but it will take time.
Remember Y2K? Roughly the same collection of hundreds of millions of devices were threatened by a common-mode failure (Y2K). It was very analogous to an external cyber attack. The utility industry tackled Y2K, thoroughly reviewed all those devices, and performed flawlessly on the morning of 1/1/2000.
My point? Sure we should worry about cyber attacks on critical infrastructure, but don't jump to the conclusion that no security exists or that nothing competent is being done about it.
I am a control systems engineer, a member of ISA-99, and a contributor to several other standards on industrial control system cyber security.
The parent post is what SHOULD be done in a recently installed system. I can tell you from experience of dealing with other infrastructure (not the electric grid) that it isn't always that way. There were many systems installed around Y2k that are still in service. And most of you will remember that back then very few people took security seriously. Back then it was all about compatibility. Security wasn't even an issue. The big issue was SHARING the data.
Control systems and SCADA have long working lives ranging from ten to twenty years. The reason for this is because the field I/O validation cost is significant. It dwarfs the cost of the software, the control center, and all that lovely flashy stuff you're so used to seeing. Updating a configuration is very expensive, not just in validation costs, but also training costs, for miscellaneous costs such as review of operating procedures, control system narratives, and so forth. This is why many are forced to keep their systems isolated in the hope that by doing so, things will somehow stay secure.
But these days, that's no easy feat. Nearly every company has a contingent of data surfing desk jockeys with enough authority and enough dream-weaving synergy talk to push for interconnections. That's when things get very ugly.
The problem isn't that they want the data. The problem is that they want the data IN REAL TIME. Most of the time these idiots say the term though they do not understand the implications or even what it means. And that's how the exploits get started.
There are solutions. There are relatively secure methods for moving data in and out of a SCADA system. But they need careful review by people who know both the industrial side of things (to identify what is at risk) and the IT side of things (to know what the potential vectors could be). And the number of people with that kind of expertise is extremely small. We're talking about hundreds or maybe a thousand such people world-wide.
There simply aren't enough people to train the trainers who will train the trainers. And so, we're stuck with the status quo until we can build a community of cross trained people who understand industrial processes, control systems, and IT large enough to handle this situation.
I know many of you probably think you have it bad in the office IT business. And it is. Just know that there is far more truth in the Homer Simpson character than you'd ever dream of...
Nearly fifty percent of all graduates come from the bottom half of the class!