China Denies Role In US Grid Hacks

Slatterz writes "The Chinese government is denying any involvement in the reported infiltration of US electric grid systems. Xinhua news agency quoted Chinese foreign ministry spokesperson Jiang Yu as saying that any sort of involvement from China in the incident 'doesn't exist at all.' The denial follows a report in the Wall Street Journal which claimed that agents from China and Russia along with several other countries had infiltrated the computer systems charged with managing electricity in the US and left behind software payloads which could be used to control or disable electric grids in the US." Bruce Schneier is skeptical about the whole story.

Two schools of thought here:

[slimjim8094]

Either they did it and aren't telling (would we?) or these are simple hackers like in Russia, the Ukraine, or even here. Or they're part of the mob.

This assumption that it must have been committed by the government is unfounded; though I would not be surprised at all. Wouldn't we if we got the shot?

Re:Two schools of thought here:

[toQDuj]

Perhaps it's just a case of the US energy grid getting old and crappy, and someone else needing a scapegoat for the trouble to come.

B.

"along with several other countries"

This is code for "Israel".

Re:"along with several other countries"

[furby076]

If Israel hacked the US grid they are most likely getting paid by the US to show the US where the weak-points are. This is not unheard of. Israel is very good with technology and network security. But Israel really doesn't work with Russia, Russia hates Israel - largely due to the fact Israel supported the US during the cold-war against Russia.

i know ill get bitched at for this

[nimbius]

but could it be possible that for once, we're not under constant attack from enemy nations and have nothing to really fear?
the last time we cringed in terror at another country as a pretext for invasion, it turned out they were guilty of a lot less than we
originally conjectured.

if china were hacking into our powerplants and infrastructure, what purpose would it seriously serve? china manufactures a bulk of american goods, and holds a bulk of american debt.
we are an economic interest, so one could argue harm to us is harm to china.

Re:i know ill get bitched at for this

[emocomputerjock]

Are you honestly asking what purpose does technological dominance serve? Do you think any nation would turn down the ability to flip the switch on another country, regardless of the status of relations between the two?

Re:i know ill get bitched at for this

[izomiac]

and holds a bulk of american debt. we are an economic interest, so one could argue harm to us is harm to china.

Well, apparently China holds 1/16th of the national debt, which is essentially what Japan has as well, so I wouldn't call that the bulk. OTOH, if they did hold the bulk of the US debt, debt as a deterrent isn't that great an idea. Or at least it didn't end well for the Knights Templar...

Re:Homer Simpson did it as he so dumb and china is

[InsertWittyNameHere]

Me fail English? That's unpossible!

I'm just jealous

[lordandmaker]

I wish my country's government (UK) was anywhere near that technically adept...

the solution is ..

[viralMeme]

The solution is to take computer systems charged with managing electricity off the Internet

Re:the solution is ..

[greyfeld]

While that sounds good, it really isn't a realistic or technically feasible. The grid was not originally designed to handle the huge amounts of electricity that are currently being transferred between entities. The power pools must have some way to manage the flow of electricity across the wires to keep the system from being overloaded and brought down. It is also necessary to monitor the flows to collect the tariffs that are charged.

For example, if Company A in Oklahoma City sells electricity to Company B in Des Moines, the power pools must be able to verify that there is capacity on the lines in between, whose lines the electricity will be travelling across so that they can maintain the stability of the grid, and collect the tariff paid to all the intervening transmission line owners. Without these systems being connected via computers, there is no way to accurately maintain and monitor the current system.

As the Northeast blackout of a few years ago pointed out, lack of visibility into these systems can result in a devastating cascade of blackouts. If the Chinese or Russions actually do have Trojan Horses planted in these systems, they could literally bring us to our knees and shut down the country. It is really not that far-fetched since many of the smaller electric companies are locally owned co-ops or run by small cities with little or no budgets for security infrastructure or staff. The NERC CIP standards are certainly a step in the the right direction, but require a huge investment in time and manpower many of these smaller companies can't really afford.

What it really comes down to in the end is continually increasing rates as customers demand reliability from their electricity provider. This reliability comes in the form of better computer controls of the electric system along with increases in the security around those systems. It is no longer feasible from a cost perspective to have a human being at each substation and switch gear with a walkie talkie. Utilities are trying to keep the rates down by automating the systems. Unfortunately, that introduces a new kind of risk. The risk that they are hacked, not only by the simple hacker, but by the nation state that views having a backdoor into our systems as a type of insurance in the event of war.

Re:the solution is ..

[IP_Troll]

it really isn't a realistic or technically feasible.

Either you missed the point of the OP or are ignoring it on purpose. There is no reason for the power grid to be on the consumer internet and you cited none.

The power grid was designed before the internet.

The controls you described to switch power between providers already exist. There is not a human being flipping switches at every substation with "walkie talkies", there is already an automated system to switch power which is completely independent from the internet. If you want to upgrade this already existing network to include modern hardware, do not connect it with the internet.

You are acting like it is impossible to create a network of computers without WWW access. The power grid doesn't need twitter, or even a GUI interface, it just needs to send simple signals between embedded systems. transmitting signals between embedded systems can be accomplished without connecting the power grid to facebook.

The proof is on the wire.

Well I happen to work for a government agency, and a very disproportionately large number of the attacks we see on a daily basis are coming from China. Whether or not these are state sponsored, I don't know, but the Chinese government certainly isn't making any real effort to hold these "useful idiots" at bay. You would of course expect more because they are more populous but it really is disproportionate, more like 8x-10x the amount of attacks seen from other wired countries per capita. At what point does a country become responsible for the traffic that leaves its borders? Especially one with border firewalls? I'm on board with the information warfare theory. I see it every day...I'm in favor of holding them responsible.

Iran's lost connectivity

[viralMeme]

"Schneier is a computer security expert, not a geo-strategist, and he was wrong about Iran's lost connectivity a few months ago when we all discovered the high frequency of Internet cables malfunctions"

In what way was Schneier wrong about Iran and how does not being a geo-strategist relate to the validity of the claims that China infiltrated the US power grid?

Re:Someone please hack my grid?

[palegray.net]

Roger that. I set your coffee machine to start brewing your coffee in about three minutes, but I also took the liberty of making a couple of tweaks to the internal thermostat, just to make sure it's good and hot when you get home. You've got insurance in case something goes awry, right?

FUD

[omar.sahal]

"intrusions were detected not by the companies in charge of the infrastructure"

but

"U.S. intelligence agencies"

Officials cautioned that the motivation of the cyberspies wasn't well understood
Officials are the ones making the accusations

China, for example, has little incentive to disrupt the U.S. economy because it relies on American consumers and holds U.S. government debt.

A spokesman for the Chinese Embassy in Washington, Wang Baodong said..

"some people overseas with Cold War mentality are indulged in fabricating the sheer lies of the so-called cyberspies in China."

As Bruce Schneier said which one of these power outages is by hackers
I just hope this isn't some cover for the US to do what their accusing others of, why else this line below...

Congress approved $17 billion in secret funds to protect government networks

Bargaining Chip

[kenp2002]

Modern day espionage as far as I can see it is bargaining chip, much like nuclear weapons. It's about what leverage you have. It's not so much the use of it, but rather a demonstration of what can be done.

We now are now entering the age of Digital Mutually Assured Destruction and Economic Mutually Assured Destruction. For you wee tikes out there that was what kept the USA and Soviet Union (hell do the kids even know what a soviet is anymore?) from turning the world into the game Fallout 3...

N-MAD and now D-MAD and E-MAD.