Massive Power Outages In Brazil Caused By Hackers

Hugh Pickens writes "CBS reports on 60 minutes that a massive two-day power outage in Brazil's Espirito Santo State affecting more than three million people in 2007, and another, smaller event in three cities north of Rio de Janeiro in January 2005, were perpetrated by hackers manipulating control systems. Former Chief of US National Intelligence Retired Adm. Mike McConnell says that the 'United States is not prepared for such an attack' and believes it could happen in America. 'If I were an attacker and wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer,' says McConnell, 'I would probably sack electric power on the US East Coast, maybe the West Coast and attempt to cause a cascading effect.' Congressman Jim Langevin says that US power companies need to be forced to deal with the issue after they told Congress they would take steps to defend their operations but did not follow up. 'They admit that they misled Congress. The private sector has different priorities than we do in providing security. Their bottom line is about profits,' says Langevin. 'We need to change their motivation so that when see vulnerability like this, we can require them to fix it.' McConnell adds that a similar attack to the one in Brazil is poised to take place on US soil and that it may take some horrific event to get the country focused on shoring up cyber security. 'If the power grid was taken off line in the middle of winter and it caused people to suffer and die, that would galvanize the nation. I hope we don't get there.'"

Re:guess what's next ?

[ErkDemon]

Enron demonstrated that it was possible for a single employee to shut down a power station remotely, simply by calling the control centre from an Enron office, giving his name and position, and asking politely whether it would be possible for the plant to have an impromptu maintenance shutdown for a few hours please, and yes, he did appreciate that once it was shut down it'd take a while to start it up again.

That's how brokers caused the plant shutdowns that caused the brownouts that allowed Enron to gouge electricity prices in California, by charging for the emergency rerouting required to patch the problems that they'd just deliberately created.

So back in the Enron days, you wouldn't have needed two nuclear subs. Just one guy with a telephone, calling all the power stations in turn and asking each of them nicely if they could shut down at a predetermined time and go into "heavy maintenance" mode, but please not to discuss this with anyone else, because of company confidentiality (or because of security).

BTW, you know how you take out the conventional phone and mobile networks? You don't have to. Once the emergency services see the power stations going down and think there's a coordinated attack, they shut down all the public communications as a security measure. You get that for free. So the Employee tells the plant to shut down as a security measure because the NSA has tipped them off that Something Bad is going down, and for God's Sake not to power up again under any circumstances unless they get a particular codeword (which, of course, nobody else has). All the plants shut down together, a bunch of pre-programmed scare stories break on the net, this seems to support the tale that the employee told about there being an imminent security thing, the phone lines and media communications go dead, and by the time people have worked out what's happened, nobody can get through to the power plants to tell them that they've been conned. And when they do, they don't have the fake password. You then have the local power guys desperately defending their plant from the local enforcement guys who want to turn it back on, and perhaps even sabotaging it if they look like they're about to lose.

Telephones are dangerous things. Hopefully it wouldn't work nowadays, because people are more savvy about such things (and because they remember the Enron tapes).