Slashdot Mirror
DHS To Review Report On US Power Grid Vulnerability
CWmike writes "The US Department of Homeland Security is looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. Jian-Wei Wang, a network analyst at China's Dalian University of Technology, used publicly available information to model how the West Coast grid and its component subnetworks are connected. Wang and another colleague then investigated how a major outage in one subnetwork would affect adjacent subnetworks. New Scientist magazine reported on this a week or so ago, and the paper has been available since the spring."
The US power grid is so ancient, convoluted and in such a massive state of disrepair that we can be sure we're safe from terrorists. They wouldn't even know where to begin to find a point in the system that could be used to trigger a catastrophic cascading failure like the one in the East Coast a few years ago.
Trees on the other hand... trees are truly evil.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Obviously you didn't read the article. They're talking about cascading failures due to the fact that they're connected via the electrical grid.
Basically the same thing that happened some years back on the eastern seaboard, but on the west coast and triggered on purpose.
Keep getting resource no longer available messages. The forums have been shit for 2+ years now.
That'll be fixed the day after they clean up the CSS on idle.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
There are dozens of Power Engineers at utilities and govt agencies whose job has been, for the last fifty years or so, to run just these kinds of simulations.
They do this all day, every day.
The problem areas are pinpointed, and sometimes money is budgeted toward ameliorating the situations.
Some problems can only be fixed by adding several billion dollar highlines, so those usually get postponed or ruled impractical.
The amazing thing is that nobody ever tried it or at least never succeeded. The US is apparently not that hated in the world since nobody ever does anything. We have hundreds of reports on how easy it would be to disable this or take that out of service. All it takes to black out the USA are some well placed charges or for somebody to hit a few poles hard enough but nobody does it. All we got was some measly hijacked plane (which has been done since the 70's) in a few buildings.
Custom electronics and digital signage for your business: www.evcircuits.com
you don't stop flying just because airplanes can crash.
No, you stop flying because you don't like having to bend over to get through the TSA security theater. Sorry, random offtopic rant because I just got back from a flight....
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
The electric grid has already suffered multiple cascading failures from simple events that led to widespread outage. Look into the West Coast outages of 1996 and 1998 as well as the failure in the Northeast in 2003. There's a lot of interesting science going on around networks, graph theory, complexity and all. There's a really good book on teh subject, "Six Degrees" by Watts.
I don't see the benefits of connecting them to the grid that can't be achieved through alternative means. That is, the data availability issues can be connected, but command/control functionality (ie, that which can be used to shut down service) should not be accessible from the internet.
Is there a reason you believe they should be?
The paper looks very interesting and should be another reason for a full grid upgrade, so we can use smarter power systems. It's a pity Edison's idea of local power stations never took off. Such a system would be much more fault tolerant and scalable. The same thing could be done now with pebble nuclear reactors.
if terra were to plant a nuclear bomb in my apartment, thousands in my neighboorhood could be killed. that's worse than a mere blackout! please give me a large grant so i can upgrade my apartment to a more secure version. think of the children!
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
get those new UPSs I've been wanting.
53 49 47 53 20 53 55 43 4B
Jian-Wei Wang has just been added to America's Top 10 Most Wanted Terrorist list, according to a DHS spokeperson. "We believe this person has been studying some of our infrastructure with the intent to identify inherent weaknesses. It is only a matter of time before this person, or someone else, uses the knowledge gained to attack the USA." A few moments later, a nearby open microphone caught the DHS official's candid statement "Anyone using information, public or private, to point out our own stupidity is automatically suspect. To go so far as to publish their findings is criminal. Besides, since we can't find any real terrorists, we have to demonize someone so we can continue justifying our astronomical budget in these difficult economic times." After a reporter on the scene brought this admission to the attention of the spokesperson, the reporter's name was also added to the list.
The NSA: The only part of the US government that actually listens.
So they're going to decide, therefore, that the thing to do is hide the information and ban research into it. You know, instead of actually making the systems secure.
Hooray for security for obscurity.
Now that power utilities are free to be profit-generating enterprises, there's less incentive for them to invest in the redundancies which make cascading failures possible. In the past, when utilities were heavily-regulated non-profits, people complained that their systems tended to be "gold-plated," due to so much potential profit being re-invested in the systems. But, as the northeast blackout of a few years back demonstrates, today the same money which would have gone to improving the infrastructure now goes to shareholders + private owners.
It's a no-win situation, unless you happen to be an owner, in which case you can probably afford your own private generator when the system you own fails.
-Z
They required all employees to use the same identical 4 letter password, to which I objected but was forced to do. My first few weeks there I discovered a keylogger on two PCs using Spybot. I reported it to management and suggested they have everyone scan their PCs, they said I was overreacting. Their email service was hosted by a remote 3rd party provider in Texas, who could be reading all their mail because they were too lazy to set up one in house. I recommended an internal email server and also that everyone use public key encryption to sign emails on several occasions and was told, "You do it and take responsibility for it when it fails."
Customers, like nuclear weapons/energy facilities, sometimes requested encrypted email or transmissions of files and our lead developer refused to do that because it was too hard to figure out. So, he just sent everything plaintext through zipit/rapidshare websites, he'd sometimes send whole CDs zipped up. And, when I voiced concerns about security they told me to shut the hell up, literally.
Also, when I mentioned I had made my code secure against remote attacks, they told me to stop wasting time on that because none of these machines would ever be connected to the Internet. However, when I pointed my boss to an article about guards at energy facilities hooking wifi routers to the network, which he had assured me they weren't allowed to do, he just ruffled his feathers at me and told me not to worry about it.
Suffice it to say, they let me go, and kept the engineers that didn't care about security. I remember having a conversation with one of the developers in my team who didn't think secure code was important and I stated that actual lives depended on our work, his response was, "I don't care it is just a job, you take it too seriously." I guess I did, that's why I'm gone and he's still there.
Here in Europe, we've also experienced a few cascading blackouts, triggered by single
failing power plants. Blackouts throughout Denmark caused by failing power plants
in middle/southern europe is not unheard of. When the power grid is so interconnected, a few
failures means the capacity of the rest of the plants does not meet the demand of the grid,
which in turn forces the rest of the plants to a grinding halt. A very well coordinated effort is then required
to bring the grid back up.
There's probably not much to be done about this, other than
perhaps segmenting the grid (making it harder so sell/buy power from other plants).
Interestingly, the grid in Denmark is naturally segmented by water. The western part of the country
is connected to the central european power grid, and the eastern part is connected to the rest of the North (Sweeden etc).
Because of a new tunnel under Storebelt, a (DC) powerline can help restart the northern power grid and vise versa.
This was used a couple of years back after a failure of a sweedish powerplant that caused Sweeden and eastern Denmark
to black out.
I started a book years about a coordinated attack by a small group of people that blacked out the west coast for months. That was early 90's. Surprisingly little has changed. Security is better, but it's still astonishing how much of our power infrastructure is unprotected.
Almost as surprising is how few people are prepared for an extended power outage. Ever since I worked around power management systems, I've dragged around a generator and keep enough gas on hand to run it at least two weeks.
It says good things about our electrical grid that I've only needed the generator a handful of times in all those years. But I've also noticed over the years we've come to take the grid for granted and are woefully unprepared for a wide spread outage that lasted more than a week. An interesting mental exercise is to look around your house and think about what things would be worth without electricity.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Already, subscribers are talking about a controversial military maneuver whereby a small unit or individual, outgunned and trapped may use an otherwise abandoned motor vehicle and a makeshift ramp to disable or destroy a rotory aerial vehicle.
At least one may in fact currently be viewing this via "the old satcomms".
-1, Disagree is not a valid option. Troll, Flamebait and Offtopic are not a substitute.
Why the heck the power infrastructure is connected to the internet ? Why the heck not use direct modem or similar non easily compromisible stuff, and certainly nothing a MALWARE could control ? Whiskey Tango Foxtrot ? Why not a freaking red button outside with "hit me to break me".
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
used to be, you had load dispatchers at switches in multiple areas. they had telephones and a small phone book of other dispatchers. under that system, the US became the world's dominant superpower and home of most wealth.
worth trying. not everything has to run on flash and crackberries.
if this is supposed to be a new economy, how come they still want my old fashioned money?
If you connect your PLC to the Internet, it can email you when a problem arises. If you haven't coded responses to incoming email, it simply won't respond. I didn't see any incoming email commands on the PLCs I've worked on, but that doesn't mean they don't exist.
So, you get error reporting and real-time data from your PLCs when you connect them to the Internet. Apparently that's stupid.
The programming ports on the ones I've used are physically separate from the ones used for communication, and the functions simply cannot be swapped.
There is also -- again, in the cases of all PLCs that I have used, which is not exhaustive of all that are on the market -- a physical toggle switch that switches the PLC from "run" to "program" mode.
I suppose that if the PLC was attached to the Internet, and then you had a guy flip the switch and swap the cables, and then put the cables back and flip the switch back later, then yes, you could reprogram a PLC online.
If you can figure out an easier way, Omron, Koyo, AB, and IEEE would like to have a word with you.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Reminds me of the swedish transport agency. It has several publications on its website describing, in great detail, how a terrorist may steal and release dangerous goods from vehicles.
Counties is Sweden also have more localized publications describing where to find the dangerous goods and vunerable sites.
Still no-one is putting the information to terror use. Seems there is other ways of protecting the homeland...
Break the sound barrier - bring the noise.
Not so fast. See the first paper in this bunch. The authors managed to hack a Koyo and AB PLC Ethernet interfaces. The AB Ethernet card had lots of useful stuff in it, including a symbol table. From the symbol table I saw many backplane calls that you could use to communicate with the PLC. How well do you trust a hacked Ethernet module on a PLC backplane?
Having a physically separate port is nice, but it is no substitute for secure coding. If you think that coding is poorly secured in the PC world, you'll be shocked at what often gets done in embedded system coding.
Some PLCs and Variable Frequency Drives have been noted for their inability to handle Denial of Service traffic. I've seen that demonstrated myself. This is the official cause of a reactor SCRAM at Browns Ferry a few years ago.
Try a port scan of your PLC some time and tell me how many ports it responds to (DO THIS ON A TEST-BENCH --NOT PRODUCTION EQUIPMENT!). If you can identify everything that critter responds to, congratulations. If not, be afraid. Be VERY afraid. I've heard quite a few PLC models that have mysterious responses to ports where you wouldn't expect them to respond.
Real Time embedded systems are not good candidates for direct internet exposure. They're too difficult to patch in a timely fashion. Often the windshield time alone is prohibitive. And if you have any notions of pushing patches to them remotely, remember, these things control some pretty high speed/high power processes. You don't just patch them. There are process and safety implications that you need to consider. This ain't some office application where you can say oops and restore from a backup. Real physical things will happen and real physical problems will be created that you can't clean up with a simple code reversion.
Most of our infrastructure today has not been engineered with security issues in mind. There is still lots of Gee Whiz "Let's Share Data" synergy crap going on. This leads to all sorts of direct interconnections that aren't absolutely necessary. Many controls can be made over links that weren't intended for that purpose. It's not easy to split the data flows up any more because many organizations have been very profligate with their use of SCADA information and it isn't easy to find all the sources and sinks.
I'd love to post data from a PLC directly to the public. But I just can't sleep at night with something like that waiting to screw things up.
Good luck with your security, and I mean that quite sincerely.
Nearly fifty percent of all graduates come from the bottom half of the class!
I have conceived of a distributed attack involving timed/coordinated thermite devices placed on transformer housings at substations. Place the same devices on any emergency generator housings where first responders are located, and massive chaos would quickly ensue.
Thermite is easily made/sourced from the components, timing devices are trivial. Thermite is not an explosive, but it would easily burn a hole in the top of a oil filled transformer housing, drop inside the transformer, burning all the way. I'm sure it would short the xformer, and ignite the oil inside. Same with generators, a thermite device placed on top would easily burn into the engine block or generator windings.
I'll leave the details out for the terrorists to figure out, but I see this as an easy attack for small cities. Larger cities will have the infrastructure more secure, but it is a large grid to secure. Too large. Modern society needs electricity like humans need air. I see my plan of attack as cheap, not too sophisticated for dedicated attacker(s) and probably effective, depending on how large a coordinated attack could be. It is very scalable.
What, who's at my door? DHS?
In the ice storm of 1998 in the Northeast more than 200,000 poles and 100,000 miles of lines were downed. The blackout did not extend much beyond the counties affected.
On 9/11 300 MW in NYC disappeared when the towers went down. The blackout did not extend more than a block.
Tornadoes, earthquakes, wildfires, ice storms, and hurricanes provide frequent tests of multiple unplanned simultaneous contingencies. They hardly ever cause cascading outages.
Yes cascading outages do occur in real life, but the grid is much more robust than popular chit chat assumes. If it were as vulnerable as pundits suggest, we'd have regional level blackouts weekly.
The design criterion is that blackouts affecting 10,000,000 or more customers should not happen more often than once every 10 years. (Source) The record for the past 40 years shows that performance is just about on-target.
My house is on a main tie power line substation that once was connected to a Al plant here. Now the power goes to two large
semiconductor fabs that have contracts for power with massive penalties for loss of production. I think I have had less than a hour of outage in 20 years.
When California disconnects my lights do get a little brighter. http://www.bpa.gov/power/pl/columbia/4-gal-1.htm
In GOD we trust, all others we monitor.
maybe the power station is geographically remote and economically unfeasible if it has to be manned. maybe it is also economically unfeasible if it has to have an expensive private data connection but can't use a VPN over satellite just fine.
people are going after the 'long tail' of generation with distributed generation such has small/micro hydro, solar etc and I bet a lot of that stuff ends up connected to the internet.
of course a nuclear station shouldn't be on the internet, but maybe a 200kw hydro is?
A combination of VPN access and firewalling does the trick. I've tested it with AB (EthernetIP) gear and it works fine. There are quite a few vendors that will sell you the parts, but they aren't the traditional ones (Omron, AB, etc,...) so most of the controls folks seem to ignore their existence. When it comes to control, go to them. If it's data security, Cisco, Juniper,...
They don't need to be put on the internet. Get a phone line, and run it between places where you want connections. Congratulations, you just made a network much more secure by taking it off the general, connected-to-everywhere-in-the-world internet.
The power grid is a relic of the past. It has been long over due for decentralised power. It seems to me that the power industry has kept this from happening for quite some time. Wouldn't it be nice to have the equivalent of a "Mr. Fusion" to power your whole house for decades. Even if you could generate ALL your power, I'm sure some law would be passed that will enable to energy industry to "charge" (aka gouge) you a nominal fee for the privilege.
This way, severe weather or terrorists, domestic or foreign wouldn't be able to disrupt power on a large scale basis as easily as they could now.
"I bow to no man" - Riddick
All I'll say is I am an Engineer in this industry and your a bit wrong. ...quite a bit.
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
I don't think so. I recognized his nick as the Ethernet channel on an PLC-5 system. His points are dead on.
As an American, I thank Jian-Wei Wang for bringing a possible worst case senario to our fine country. I would hope that the Leaders of China don't grace Mr Wang's thoughts by throwing him under, in this case, a Tank. Maybe the lesson that the Chinese Government learned the hard way is being reciprocated in kind. China lost a whole generation of children when they, 1) Ignored Earthquake building codes, and 2) the warning of large dams make large earthquakes from an analysis at the University of Alaska. China's loss is the World's loss. Maybe I should think more seriously about the 1 Giga Watt of Solar Panels that China will be shipping to the U.S. in about 4 more months. Maybe it's time for this little round eye to start thinking "Re-Newable Energy".
Anyone following any NERC guidelines knows this. Anyone not only needs an audit and millions in fines (per day).
Didn't Enron do this almost every day in 2000 and 2001 to raise rates?
Well, Usama bin Laden said
I notice how you use the new post year 2000 coup d'etat spelling. God forbid you use the regular spelling, "Osama bin Laden", and find that the administrations of Big Bush and Reagan not only heavily financed and trained his whole group but also held that scum up as a "freedom fighter" and hero.
The net, with the centralization of both sources and indexing/retrieval are making Revisionist history possible in ways barely even dreamed of by fascists, real or from literature.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
***you don't stop flying just because airplanes can crash.***
I expect that you would stop flying if any sociopathic teenager in Belgrade or Sendai could crash your plane from his bedroom with fifteen keystrokes. Would it be rude to point out that cyber security is a disaster area and the situation seems to be deteriorating, not improving?
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
No doubt the insulator is easy to replace, but what else gets damaged in the resulting short? If you hit a few of them power will certainly be out for a while no matter what. You could get a cascading failure which multiplies the damage.
Substation transformers are clearly another possible target.
The serious vulnerabilities are the distributed ones. Most likely a power plant has some kind of security - even a barbed wire fence and ID badges are a serious impediment to an attack. On the other hand, most substations run with almost nobody around, and the equipment is just sitting out in the open where it could be attacked with fairly simple weapons. With all that current it doesn't take much damage to destroy things permanently.
Will they be utterly predictable or will they actually care about a real solution? I have my bets down on this already based on past DHS performance and what is typical for bureaucracies.