Slashdot Mirror
DHS To Review Report On US Power Grid Vulnerability
CWmike writes "The US Department of Homeland Security is looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. Jian-Wei Wang, a network analyst at China's Dalian University of Technology, used publicly available information to model how the West Coast grid and its component subnetworks are connected. Wang and another colleague then investigated how a major outage in one subnetwork would affect adjacent subnetworks. New Scientist magazine reported on this a week or so ago, and the paper has been available since the spring."
To that new-fangled interweb.
Simple.
Why they are, is question simply answered with "stupidity".
Bye.
If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
The US power grid is so ancient, convoluted and in such a massive state of disrepair that we can be sure we're safe from terrorists. They wouldn't even know where to begin to find a point in the system that could be used to trigger a catastrophic cascading failure like the one in the East Coast a few years ago.
Trees on the other hand... trees are truly evil.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Obviously you didn't read the article. They're talking about cascading failures due to the fact that they're connected via the electrical grid.
Basically the same thing that happened some years back on the eastern seaboard, but on the west coast and triggered on purpose.
Keep getting resource no longer available messages. The forums have been shit for 2+ years now.
That'll be fixed the day after they clean up the CSS on idle.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
There are dozens of Power Engineers at utilities and govt agencies whose job has been, for the last fifty years or so, to run just these kinds of simulations.
They do this all day, every day.
The problem areas are pinpointed, and sometimes money is budgeted toward ameliorating the situations.
Some problems can only be fixed by adding several billion dollar highlines, so those usually get postponed or ruled impractical.
The amazing thing is that nobody ever tried it or at least never succeeded. The US is apparently not that hated in the world since nobody ever does anything. We have hundreds of reports on how easy it would be to disable this or take that out of service. All it takes to black out the USA are some well placed charges or for somebody to hit a few poles hard enough but nobody does it. All we got was some measly hijacked plane (which has been done since the 70's) in a few buildings.
Custom electronics and digital signage for your business: www.evcircuits.com
The electric grid has already suffered multiple cascading failures from simple events that led to widespread outage. Look into the West Coast outages of 1996 and 1998 as well as the failure in the Northeast in 2003. There's a lot of interesting science going on around networks, graph theory, complexity and all. There's a really good book on teh subject, "Six Degrees" by Watts.
The paper looks very interesting and should be another reason for a full grid upgrade, so we can use smarter power systems. It's a pity Edison's idea of local power stations never took off. Such a system would be much more fault tolerant and scalable. The same thing could be done now with pebble nuclear reactors.
if terra were to plant a nuclear bomb in my apartment, thousands in my neighboorhood could be killed. that's worse than a mere blackout! please give me a large grant so i can upgrade my apartment to a more secure version. think of the children!
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
What better way for a Chinese spy to get further access to not-public data? Just produce a report that says "You're vulnerable!" and let DHS open the secrets vault.
get those new UPSs I've been wanting.
53 49 47 53 20 53 55 43 4B
Jian-Wei Wang has just been added to America's Top 10 Most Wanted Terrorist list, according to a DHS spokeperson. "We believe this person has been studying some of our infrastructure with the intent to identify inherent weaknesses. It is only a matter of time before this person, or someone else, uses the knowledge gained to attack the USA." A few moments later, a nearby open microphone caught the DHS official's candid statement "Anyone using information, public or private, to point out our own stupidity is automatically suspect. To go so far as to publish their findings is criminal. Besides, since we can't find any real terrorists, we have to demonize someone so we can continue justifying our astronomical budget in these difficult economic times." After a reporter on the scene brought this admission to the attention of the spokesperson, the reporter's name was also added to the list.
The NSA: The only part of the US government that actually listens.
If you're going to troll, you could at least make your third partisan claim be one that actually has something to do with budgeted funds like the first part. I mean, seriously, it's not even good bad-rhetoric, and frankly it feels like you're not really respecting people enough to disrespect them with effort.
So they're going to decide, therefore, that the thing to do is hide the information and ban research into it. You know, instead of actually making the systems secure.
Hooray for security for obscurity.
of course the study just happens to be linked to china ..
and you mean to tell me the DHS has not done it's own studies on the vulnerability of the us infrastructure .. and what are they using their funding for ..
just what are they there for then ??
oh Ya! .. i forgot protecting us intellectual property rights .. building detention centres for when you all wake up .. and domestic spying ..
Congress has not funded the grid, ...
The Federal government doesn't own "the grid", so why should they be blamed?
Now that power utilities are free to be profit-generating enterprises, there's less incentive for them to invest in the redundancies which make cascading failures possible. In the past, when utilities were heavily-regulated non-profits, people complained that their systems tended to be "gold-plated," due to so much potential profit being re-invested in the systems. But, as the northeast blackout of a few years back demonstrates, today the same money which would have gone to improving the infrastructure now goes to shareholders + private owners.
It's a no-win situation, unless you happen to be an owner, in which case you can probably afford your own private generator when the system you own fails.
-Z
They required all employees to use the same identical 4 letter password, to which I objected but was forced to do. My first few weeks there I discovered a keylogger on two PCs using Spybot. I reported it to management and suggested they have everyone scan their PCs, they said I was overreacting. Their email service was hosted by a remote 3rd party provider in Texas, who could be reading all their mail because they were too lazy to set up one in house. I recommended an internal email server and also that everyone use public key encryption to sign emails on several occasions and was told, "You do it and take responsibility for it when it fails."
Customers, like nuclear weapons/energy facilities, sometimes requested encrypted email or transmissions of files and our lead developer refused to do that because it was too hard to figure out. So, he just sent everything plaintext through zipit/rapidshare websites, he'd sometimes send whole CDs zipped up. And, when I voiced concerns about security they told me to shut the hell up, literally.
Also, when I mentioned I had made my code secure against remote attacks, they told me to stop wasting time on that because none of these machines would ever be connected to the Internet. However, when I pointed my boss to an article about guards at energy facilities hooking wifi routers to the network, which he had assured me they weren't allowed to do, he just ruffled his feathers at me and told me not to worry about it.
Suffice it to say, they let me go, and kept the engineers that didn't care about security. I remember having a conversation with one of the developers in my team who didn't think secure code was important and I stated that actual lives depended on our work, his response was, "I don't care it is just a job, you take it too seriously." I guess I did, that's why I'm gone and he's still there.
Here in Europe, we've also experienced a few cascading blackouts, triggered by single
failing power plants. Blackouts throughout Denmark caused by failing power plants
in middle/southern europe is not unheard of. When the power grid is so interconnected, a few
failures means the capacity of the rest of the plants does not meet the demand of the grid,
which in turn forces the rest of the plants to a grinding halt. A very well coordinated effort is then required
to bring the grid back up.
There's probably not much to be done about this, other than
perhaps segmenting the grid (making it harder so sell/buy power from other plants).
Interestingly, the grid in Denmark is naturally segmented by water. The western part of the country
is connected to the central european power grid, and the eastern part is connected to the rest of the North (Sweeden etc).
Because of a new tunnel under Storebelt, a (DC) powerline can help restart the northern power grid and vise versa.
This was used a couple of years back after a failure of a sweedish powerplant that caused Sweeden and eastern Denmark
to black out.
I started a book years about a coordinated attack by a small group of people that blacked out the west coast for months. That was early 90's. Surprisingly little has changed. Security is better, but it's still astonishing how much of our power infrastructure is unprotected.
Almost as surprising is how few people are prepared for an extended power outage. Ever since I worked around power management systems, I've dragged around a generator and keep enough gas on hand to run it at least two weeks.
It says good things about our electrical grid that I've only needed the generator a handful of times in all those years. But I've also noticed over the years we've come to take the grid for granted and are woefully unprepared for a wide spread outage that lasted more than a week. An interesting mental exercise is to look around your house and think about what things would be worth without electricity.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Already, subscribers are talking about a controversial military maneuver whereby a small unit or individual, outgunned and trapped may use an otherwise abandoned motor vehicle and a makeshift ramp to disable or destroy a rotory aerial vehicle.
At least one may in fact currently be viewing this via "the old satcomms".
-1, Disagree is not a valid option. Troll, Flamebait and Offtopic are not a substitute.
Why the heck the power infrastructure is connected to the internet ? Why the heck not use direct modem or similar non easily compromisible stuff, and certainly nothing a MALWARE could control ? Whiskey Tango Foxtrot ? Why not a freaking red button outside with "hit me to break me".
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
used to be, you had load dispatchers at switches in multiple areas. they had telephones and a small phone book of other dispatchers. under that system, the US became the world's dominant superpower and home of most wealth.
worth trying. not everything has to run on flash and crackberries.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Power grid report YOU !
Yours In Astrakhan,
Kilgore T.
Meh. Call me when Jack Bauer want's to check the powerplants.
Reminds me of the swedish transport agency. It has several publications on its website describing, in great detail, how a terrorist may steal and release dangerous goods from vehicles.
Counties is Sweden also have more localized publications describing where to find the dangerous goods and vunerable sites.
Still no-one is putting the information to terror use. Seems there is other ways of protecting the homeland...
Break the sound barrier - bring the noise.
I guess next he'll suggest that a decentralized network would be more resilient? Locally produced power, maybe solar or some such? Pure green propaganda. This man probably claims global warming is real and hates business.
Who needs terrorists to take down the entire West Coast power grid when you've got Enron? It WILL happen again, especially with the current state of the California government.
I sometimes ask revealing, often ignorant-seeming questions. Maybe they're harder to answer than you think.
I have conceived of a distributed attack involving timed/coordinated thermite devices placed on transformer housings at substations. Place the same devices on any emergency generator housings where first responders are located, and massive chaos would quickly ensue.
Thermite is easily made/sourced from the components, timing devices are trivial. Thermite is not an explosive, but it would easily burn a hole in the top of a oil filled transformer housing, drop inside the transformer, burning all the way. I'm sure it would short the xformer, and ignite the oil inside. Same with generators, a thermite device placed on top would easily burn into the engine block or generator windings.
I'll leave the details out for the terrorists to figure out, but I see this as an easy attack for small cities. Larger cities will have the infrastructure more secure, but it is a large grid to secure. Too large. Modern society needs electricity like humans need air. I see my plan of attack as cheap, not too sophisticated for dedicated attacker(s) and probably effective, depending on how large a coordinated attack could be. It is very scalable.
What, who's at my door? DHS?
In the ice storm of 1998 in the Northeast more than 200,000 poles and 100,000 miles of lines were downed. The blackout did not extend much beyond the counties affected.
On 9/11 300 MW in NYC disappeared when the towers went down. The blackout did not extend more than a block.
Tornadoes, earthquakes, wildfires, ice storms, and hurricanes provide frequent tests of multiple unplanned simultaneous contingencies. They hardly ever cause cascading outages.
Yes cascading outages do occur in real life, but the grid is much more robust than popular chit chat assumes. If it were as vulnerable as pundits suggest, we'd have regional level blackouts weekly.
The design criterion is that blackouts affecting 10,000,000 or more customers should not happen more often than once every 10 years. (Source) The record for the past 40 years shows that performance is just about on-target.
Your village called and asked you to return.
Power station PLCs are connected to power station control networks that have links to power company administrative networks. These links are necessary as it's kinda difficult to ensure fuel arrives on time if you have no idea how much you're using. It's also kinda useful if you can coordinate power output with other power stations on the grid too or things tend to blow up. Oh, and since the grid itself is a distribution mechanism shared by many companies, you probably want some way of measuring how much power you put onto the grid so that your accounting department can ensure that your power company gets paid for it and stays in business.
Are you seeing the picture yet?
If you're looking for a purely air-gapped computer, might I suggest you start with your own so we can be spared your ignorant arrogance?
America is LOADED with lots of holes just because we run windows and are hiring more and more offshore. Offshore REALLY could not care less if America was attacked and taken down. Heck, just the other day, verizon had a major attack on its network. Where were the openings? In work from India. Yet, that kind of stuff is being kept quiet.
My house is on a main tie power line substation that once was connected to a Al plant here. Now the power goes to two large
semiconductor fabs that have contracts for power with massive penalties for loss of production. I think I have had less than a hour of outage in 20 years.
When California disconnects my lights do get a little brighter. http://www.bpa.gov/power/pl/columbia/4-gal-1.htm
In GOD we trust, all others we monitor.
The power grid is a relic of the past. It has been long over due for decentralised power. It seems to me that the power industry has kept this from happening for quite some time. Wouldn't it be nice to have the equivalent of a "Mr. Fusion" to power your whole house for decades. Even if you could generate ALL your power, I'm sure some law would be passed that will enable to energy industry to "charge" (aka gouge) you a nominal fee for the privilege.
This way, severe weather or terrorists, domestic or foreign wouldn't be able to disrupt power on a large scale basis as easily as they could now.
"I bow to no man" - Riddick
As an American, I thank Jian-Wei Wang for bringing a possible worst case senario to our fine country. I would hope that the Leaders of China don't grace Mr Wang's thoughts by throwing him under, in this case, a Tank. Maybe the lesson that the Chinese Government learned the hard way is being reciprocated in kind. China lost a whole generation of children when they, 1) Ignored Earthquake building codes, and 2) the warning of large dams make large earthquakes from an analysis at the University of Alaska. China's loss is the World's loss. Maybe I should think more seriously about the 1 Giga Watt of Solar Panels that China will be shipping to the U.S. in about 4 more months. Maybe it's time for this little round eye to start thinking "Re-Newable Energy".
Didn't Enron do this almost every day in 2000 and 2001 to raise rates?
Insulators are easy to replace. Substation and generator transformers, on the other hand, are often custom made, and much easier to hit. Generator transformers have the added bonus of having no circuit breaker protection.
Problem is money, there is simply not enough to go around and in some cases there is no money at all.
The problem is never money in things like this. What we need for that is work. Labor. And the materials, most of which can be found within the US.
Especially with the current economic situation and unemployment rates, it would be easy for government to find people willing to work for a while if the government gives them housing, food and some commodities for a while. Perhaps money (because not everything can be regulated well. "You get 3 movie tickets this month.") but only a very small amount of that would be needed.
It could never fly in the USA, though. "That would be socialism!" and all that. And yes, that would indeed be socialism. The question just is if it would be a good idea or not. Government would save money, taxes would go down, unemployment rates would go down and infrastructure would be improved...
Well, Usama bin Laden said
I notice how you use the new post year 2000 coup d'etat spelling. God forbid you use the regular spelling, "Osama bin Laden", and find that the administrations of Big Bush and Reagan not only heavily financed and trained his whole group but also held that scum up as a "freedom fighter" and hero.
The net, with the centralization of both sources and indexing/retrieval are making Revisionist history possible in ways barely even dreamed of by fascists, real or from literature.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
No doubt the insulator is easy to replace, but what else gets damaged in the resulting short? If you hit a few of them power will certainly be out for a while no matter what. You could get a cascading failure which multiplies the damage.
Substation transformers are clearly another possible target.
The serious vulnerabilities are the distributed ones. Most likely a power plant has some kind of security - even a barbed wire fence and ID badges are a serious impediment to an attack. On the other hand, most substations run with almost nobody around, and the equipment is just sitting out in the open where it could be attacked with fairly simple weapons. With all that current it doesn't take much damage to destroy things permanently.
http://en.wikipedia.org/wiki/Double_Identity_(Quantum_Leap)
Will they be utterly predictable or will they actually care about a real solution? I have my bets down on this already based on past DHS performance and what is typical for bureaucracies.