Slashdot Mirror

← Back to Stories (view on slashdot.org)

DHS To Review Report On US Power Grid Vulnerability

Posted by kdawson on from the like-dominos dept.

CWmike writes "The US Department of Homeland Security is looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. Jian-Wei Wang, a network analyst at China's Dalian University of Technology, used publicly available information to model how the West Coast grid and its component subnetworks are connected. Wang and another colleague then investigated how a major outage in one subnetwork would affect adjacent subnetworks. New Scientist magazine reported on this a week or so ago, and the paper has been available since the spring."

12 of 138 comments (clear)

  1. Don't worry by dedazo · · Score: 5, Interesting

    The US power grid is so ancient, convoluted and in such a massive state of disrepair that we can be sure we're safe from terrorists. They wouldn't even know where to begin to find a point in the system that could be used to trigger a catastrophic cascading failure like the one in the East Coast a few years ago.

    Trees on the other hand... trees are truly evil.

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
    1. Re:Don't worry by Saliegh · · Score: 5, Funny

      Everyone knows that a small thermal exhaust port at the end of a long trench is the key to initiating a catastrophic cascading failure.

      --
      1368127 is prime!
  2. The amazing thing by guruevi · · Score: 5, Insightful

    The amazing thing is that nobody ever tried it or at least never succeeded. The US is apparently not that hated in the world since nobody ever does anything. We have hundreds of reports on how easy it would be to disable this or take that out of service. All it takes to black out the USA are some well placed charges or for somebody to hit a few poles hard enough but nobody does it. All we got was some measly hijacked plane (which has been done since the 70's) in a few buildings.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:The amazing thing by oodaloop · · Score: 4, Insightful

      All we got was some measly hijacked plane (which has been done since the 70's) in a few buildings.

      ...whose cost rose into the tens of billions and exacerbated our recession. It didn't topple our economy, which was their aim, but put a dent in it.

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    2. Re:The amazing thing by Ron+Bennett · · Score: 4, Interesting

      People have tried blowing up / cutting high-tension power towers, but it seems that either they're stopped part way through their plan, or simply never follow-through (ie. cutting one or more of the tower supports, but failing to taking down the line).

      Very often attacks are attempted at night, but that's a bad time, since load is often low. One would need to wait until mid afternoon on a very high load day (even more ideally when some major lines are down for maintenance) - that takes advanced planning and good luck.

      Furthermore, cutting lines, alone, probably wouldn't be enough to cause a cascade. One would very likely need to bypass / overwhelm (ie. in the 2003 east coast black out some of the monitoring computers were unresponsive due to a worm going around) some of the safety systems, as well, for a cascade failure to occur.

      On a related note, detonating a nuclear device high in the atmosphere at the right location would likely do it, but that would be extremely challenging - more likely, a terrorist with a nuke, probably of very low yield, would most likely detonate it at ground level, which would minimize EMP effects.

      Ron

    3. Re:The amazing thing by hoggoth · · Score: 5, Insightful

      > It didn't topple our economy, which was their aim, but put a dent in it.

      Yes it did. The cost of the buildings is negligible compared to our GNP. But the cost of the followup war in Afghanistan, war in Iraq, DHS, etc have toppled our already shaky economy. What's more their aim wasn't to topple our economy, it was to ruin our way of life. I'd say our descent into security theater, torture, surveillance and paranoia has gone a long way towards destroying our way of life. America the free?

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
    4. Re:The amazing thing by dkf · · Score: 4, Insightful

      But the cost of the followup war in Afghanistan, war in Iraq, DHS, etc have toppled our already shaky economy.

      Actually, it was the collective stupidity of millions of people that did that. And yes, believing that house prices would always go up in real terms (or that you'd at least be able to guarantee to get out without burning yourself when they stopped) is most certainly stupidity. On the other hand, as long as everyone believed, it almost worked; the only problem was this inconvenient thing called reality...

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
  3. Fragile Grid by Old+VMS+Junkie · · Score: 4, Informative

    The electric grid has already suffered multiple cascading failures from simple events that led to widespread outage. Look into the West Coast outages of 1996 and 1998 as well as the failure in the Northeast in 2003. There's a lot of interesting science going on around networks, graph theory, complexity and all. There's a really good book on teh subject, "Six Degrees" by Watts.

  4. This just in... by It+doesn't+come+easy · · Score: 4, Funny

    Jian-Wei Wang has just been added to America's Top 10 Most Wanted Terrorist list, according to a DHS spokeperson. "We believe this person has been studying some of our infrastructure with the intent to identify inherent weaknesses. It is only a matter of time before this person, or someone else, uses the knowledge gained to attack the USA." A few moments later, a nearby open microphone caught the DHS official's candid statement "Anyone using information, public or private, to point out our own stupidity is automatically suspect. To go so far as to publish their findings is criminal. Besides, since we can't find any real terrorists, we have to demonize someone so we can continue justifying our astronomical budget in these difficult economic times." After a reporter on the scene brought this admission to the attention of the spokesperson, the reporter's name was also added to the list.

    --
    The NSA: The only part of the US government that actually listens.
  5. Re:not attacked via the web by hoggoth · · Score: 4, Funny

    Jeez. Please read the article before posting. The article states that power company officials have found very small Chinese people hiding in cabinets inside 75% of our power stations. The situation is very precarious.

    --
    - For the complete works of Shakespeare: cat /dev/random (may take some time)
  6. Re:Power Station PLCs should _not_ be connected... by AB3A · · Score: 5, Interesting

    Not so fast. See the first paper in this bunch. The authors managed to hack a Koyo and AB PLC Ethernet interfaces. The AB Ethernet card had lots of useful stuff in it, including a symbol table. From the symbol table I saw many backplane calls that you could use to communicate with the PLC. How well do you trust a hacked Ethernet module on a PLC backplane?

    Having a physically separate port is nice, but it is no substitute for secure coding. If you think that coding is poorly secured in the PC world, you'll be shocked at what often gets done in embedded system coding.

    Some PLCs and Variable Frequency Drives have been noted for their inability to handle Denial of Service traffic. I've seen that demonstrated myself. This is the official cause of a reactor SCRAM at Browns Ferry a few years ago.

    Try a port scan of your PLC some time and tell me how many ports it responds to (DO THIS ON A TEST-BENCH --NOT PRODUCTION EQUIPMENT!). If you can identify everything that critter responds to, congratulations. If not, be afraid. Be VERY afraid. I've heard quite a few PLC models that have mysterious responses to ports where you wouldn't expect them to respond.

    Real Time embedded systems are not good candidates for direct internet exposure. They're too difficult to patch in a timely fashion. Often the windshield time alone is prohibitive. And if you have any notions of pushing patches to them remotely, remember, these things control some pretty high speed/high power processes. You don't just patch them. There are process and safety implications that you need to consider. This ain't some office application where you can say oops and restore from a backup. Real physical things will happen and real physical problems will be created that you can't clean up with a simple code reversion.

    Most of our infrastructure today has not been engineered with security issues in mind. There is still lots of Gee Whiz "Let's Share Data" synergy crap going on. This leads to all sorts of direct interconnections that aren't absolutely necessary. Many controls can be made over links that weren't intended for that purpose. It's not easy to split the data flows up any more because many organizations have been very profligate with their use of SCADA information and it isn't easy to find all the sources and sinks.

    I'd love to post data from a PLC directly to the public. But I just can't sleep at night with something like that waiting to screw things up.

    Good luck with your security, and I mean that quite sincerely.

    --
    Nearly fifty percent of all graduates come from the bottom half of the class!
  7. Re:not attacked via the web by thynk · · Score: 4, Funny

    Hack the Gibson!

    --

    Good judgment comes from experience, and a lot of that comes from bad judgment.