Slashdot Mirror
Massive Power Outages In Brazil Caused By Hackers
Hugh Pickens writes "CBS reports on 60 minutes that a massive two-day power outage in Brazil's Espirito Santo State affecting more than three million people in 2007, and another, smaller event in three cities north of Rio de Janeiro in January 2005, were perpetrated by hackers manipulating control systems. Former Chief of US National Intelligence Retired Adm. Mike McConnell says that the 'United States is not prepared for such an attack' and believes it could happen in America. 'If I were an attacker and wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer,' says McConnell, 'I would probably sack electric power on the US East Coast, maybe the West Coast and attempt to cause a cascading effect.' Congressman Jim Langevin says that US power companies need to be forced to deal with the issue after they told Congress they would take steps to defend their operations but did not follow up. 'They admit that they misled Congress. The private sector has different priorities than we do in providing security. Their bottom line is about profits,' says Langevin. 'We need to change their motivation so that when see vulnerability like this, we can require them to fix it.' McConnell adds that a similar attack to the one in Brazil is poised to take place on US soil and that it may take some horrific event to get the country focused on shoring up cyber security. 'If the power grid was taken off line in the middle of winter and it caused people to suffer and die, that would galvanize the nation. I hope we don't get there.'"
Probably impossible.
As we all should know by now, impenetrable security doesn't exist. What we should probably have is tighter backup power for essential services and places like hospitals, where local redundancy could help in the face of a remote 'hacker' type attack
Places where there is a lot of danger for people without electrical power don't need billions spent on the security of their power systems. They need redundancy, generators in their buildings that could be used to keep people alive, batteries, and common sense.
Oh well, let's spend a bunch of money on fear like we always do.
Long live the BSD license
Who thought it would be a swell idea to to hook the grid's computers to the INTERNET?
Did someone surf some pr0n sites on the Win98 powered control computer down at the power plant?
I have to return some videotapes...
Exactly right, this is a capitalist society, ran on making money. If they won't integrate safety systems to protect the system properly from hacker attacks, hit them in the wallet, hard. Pass sound regulation to force them to implement safeguards, require inspections/audits that they are done, not just take their BS word for it. If all they give you is hot air and no implementation, fine them millions of dollars, and on a regular basis if needbe til they implement it.
Things like this make me wonder why mission- and life-critical systems are (presumably) set up on Internet-facing systems. Sure, it's cheap, but when the walls come tumbling down like this article implies, cost is a moot point.
I don't see why they can't just buy a phone line for each power station and link to central stations (also with NON-Internet-facing systems) like that.
Most systems here in the US are only secure because they're obscure. Someone who has worked in the industry for more than about a year has enough knowledge to cause some widespread destruction. Up until recently, the emergency broadcast service was only a phone number and modem, with no authentication!
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Awfully reminiscent of the hysteria that took place in the 80s, when the FBI and media were convinced that hackers were going to "crash the grid," launch a nuclear attack or god knows what other heinous crimes. The cost to the freedom of their own citizens, and the financial expenditure on all of this hysteria seems awfully prohibitive compared to the actual risk.
I work for a company involved in SCADA systems that control half of Australia's water supply and a fair bit of the country's power grid.
SCADA networks have evolved, out of convenience, to coexist with existing LANS and thus progressively have become more dependent on TCP/IP protocols, thus becoming (rather by default) Internet-enabled.
Vulnerabilities are to some degree covered by the RTU programming, which has built in safeguards against doing wrong things. But it's not impossible for a dedicated hacker to create a bit of havoc, and this point is not lost on our client base. Our clients are actively investing now to isolate SCADA networks from the Internet, because safety has to overrule operational convenience. Work is going on now, and the door is fast closing on this avenue of attack.
It's all about SCADA. Little intelligent valves in little steel boxes attached to a lot of industrial plant. It's automation, true, but there are rather a lot of eyes watching it.
Do not mock my vision of impractical footwear
Can you guys dream about Canadian currency being valued at 50% when we export and 500% when we import?
Thanks in advance.
Are you suggesting censorship? I think the current modding system does the trick in most cases, but if you'd like I'm sure a slashdot.cn can be arranged.
You can't take the sky from me.
Yep. We lost the terminology war a decade ago. It's time we deal with it.
Because the remedy for bad speech is more speech. Censorship is never justified. If a post gives you the vapors, stop reading it. A free society is one where it's perfectly fine to stand on a soapbox and make a fool of yourself. I'd like Slashdot to stay as free as possible.
If you have transmission lines running from point A to point B then why cant you just string a data line right below the transmission lines? You already own the right of way. You already have the towers/pole line ran. Compared to the cost of a big high tension line the cost of a little data line would be nothing.
I have to return some videotapes...
If 9/11 was any indication, our national response would be characterized by...
Only in my wildest fantasies would such an attack mobilize the country to have a rational, balanced cyber-security posture.
So the enron-organized power embargo hitting california in the summer of 2001 is now being recognized as terrorism? The central valley and inland empire areas hit 100+ degrees most summer days. Wonder how many elderly died, or had their lifespans shortened due to heat stress during the rolling power outages.
Remain calm! All is well!
You are extremely Naive if you believe this garbage. Blaming bandits for the shortcomings of the government is one of the oldest tricks in the book.
Take what ye can. Give nothing back!
Up until recently, the emergency broadcast service was only a phone number and modem, with no authentication!
The CATV company I work for had a crazy insecure ebs system. It was these ancient boxes in the head ends that just watched for a carrier on a certain freq in the return path. Once it saw any carrier it would flip over the EBS system and all the audio on our analog channels would go down. This carrier came from another dumb box that was in the main head end. That box was triggered by a unsecured phone line and all you needed to do was know the number to it. All anyone needed to spam 250K customers was a telephone.
The whole system looked like it was built by some ham radio op with parts from RadioShack in the 1980's.
We only got rid of this system LAST YEAR after some prankster with a signal generator figgered out how to trigger one of the dumb boxes. We now have a new system with scrolling text across the screen and clear audio... though I wouldn't be surprised if it was just as half assed as the old system.
Im posting this AC because coworkers know my /. nick :)
I think you're confused about the English language! "In America" certainly includes any country in either North or South America.
English is defined by customary usage. If you said "In America" to 100 English speakers, MAYBE one would include any other country than the US. If you're lucky.
More liberal regulation. Doesn't everyone know that capitalism is best for us? Those that control the energy industry seek money and that in America is a worthwhile goal in and of itself. Money fixes everything. After all our money says 'In God We Trust'. It's practically blessed. The golden calf is god.
I haven't been modded troll or flamebait in a long time, just thought I'd try it out.
Enron demonstrated that it was possible for a single employee to shut down a power station remotely, simply by calling the control centre from an Enron office, giving his name and position, and asking politely whether it would be possible for the plant to have an impromptu maintenance shutdown for a few hours please, and yes, he did appreciate that once it was shut down it'd take a while to start it up again.
That's how brokers caused the plant shutdowns that caused the brownouts that allowed Enron to gouge electricity prices in California, by charging for the emergency rerouting required to patch the problems that they'd just deliberately created.
So back in the Enron days, you wouldn't have needed two nuclear subs. Just one guy with a telephone, calling all the power stations in turn and asking each of them nicely if they could shut down at a predetermined time and go into "heavy maintenance" mode, but please not to discuss this with anyone else, because of company confidentiality (or because of security).
BTW, you know how you take out the conventional phone and mobile networks? You don't have to. Once the emergency services see the power stations going down and think there's a coordinated attack, they shut down all the public communications as a security measure. You get that for free. So the Employee tells the plant to shut down as a security measure because the NSA has tipped them off that Something Bad is going down, and for God's Sake not to power up again under any circumstances unless they get a particular codeword (which, of course, nobody else has). All the plants shut down together, a bunch of pre-programmed scare stories break on the net, this seems to support the tale that the employee told about there being an imminent security thing, the phone lines and media communications go dead, and by the time people have worked out what's happened, nobody can get through to the power plants to tell them that they've been conned. And when they do, they don't have the fake password. You then have the local power guys desperately defending their plant from the local enforcement guys who want to turn it back on, and perhaps even sabotaging it if they look like they're about to lose.
Telephones are dangerous things. Hopefully it wouldn't work nowadays, because people are more savvy about such things (and because they remember the Enron tapes).
Eric Baird
Having worked at a utility in an IT consulting position I've had some experience supporting/implementing the control systems for a reasonably large scale SCADA system.
What I've come across is the people running/maintaining the SCADA system often don't have a Security/IT background, they have an electrical engineering or similar background. This can often make discussions about firewalls - TCP/IP and routing challenging. On top of this, most of the guys (and it is guys) involved are older, engineering types with the culture and communication differences that that implies. They are often very reluctant to let IT in to their systems to assist. Workstations/servers are often not visible to standard IT management processes like patch management and antivirus because of inter-group politics.
We run into the classic security vs. usability argument. More security often makes it more difficult for them to do their job (at least for them) and is also much harder to implement, maintain and troubleshoot.
A lot of systems have historically been serial and have migrated over to IP gradually. This has often been done without adequate planning and analysis, resulting in a system that is deemed successful because it works, not because it is secure.
Money as always is a factor. I know for a fact the enhanced security version of the SCADA solution was NOT installed, as it was too hard and too expensive and as a result was put off until later.
In our case, all the devices and RTUs out there come in over a private network, NOT the internet. This traffic is in the process of being encrypted with IPSEC. The weak point is and will always be the client devices or terminals. Remote access to these is the achilles heel of any system. Having such systems completely separate should be a requirement, but is often put aside in the name of usability for workers to get access from home, or the ability to access the internet from the control PC.
The requirements for criticial infrastructure exists and has done for some time, ISO27002 and NERC have a huge number of requirements. Good luck finding a utility that complies with all of them.
A horrific incident may be the catalyst to have changes made. But in the meantime it's down to money, silos and politics.
The Independent System Operators (ISOs) exercise real-time control of the grids. I can't speak for others, but I do know how the New England ISO does things. Yes, there's a lot of automation... but the entire system is designed to have a "man in the loop". Add to this the fact that there are two completely independent systems for monitoring the Area Control Error (ACE) (the amount by which generation doesn't match load) and you get a situation where a hacked system would become very obvious, very quickly.
The uber-emergency last ditch ACE monitor is an un-networked box that monitors analogue signals sent to it over microwave relays. As of today (as far as I know) you can't hack a box that you cannot connect to.
Yes, it's possible for a cyber attack on an ISO to create a measure of chaos, a degree of frustration and a burning desire to "get rid of" that hacker, but these men and women are dedicated professionals and they engage in a process that has been honed and refined over the last few decades. I shan't say that it's impossible, but I honestly believe that it would be highly unlikely that meddling in the data stream (SCADA) or accessing the control computers would bring about massive failures.
For that sort of thing to happen, you need a perfect storm of failures.
-Eldurbarn
...it been taken out in the U.S.?
If there's a dozen guys pissed off and zealous/brave/willing/stupid enough to hijack planes and fly them into buildings, surely there's 100s more pissed off guys with m@d sk1llz who could do this, and wouldn't be held back because it's not a suicide mission, and doesn't directly burn thousands to death in an ensuing fire and crash.
And I'd wager that hacking the power system is probably a decidedly less resource-intensive activity than even small-scale physical attacks (bomb/gun/kidnapping/etc), the participants can engage in almost total anonymity, and there's no messy explosives/weapons to buy or store or get caught with. All this means its something that even a lone crank could pull off, opening the doors to a whole panoply of groups with gripes, including or especially all manner of domestic crackpots. You don't need Al Quaalude or zillions of dollars or a complex intelligence network.
Forcing the grid offline and in a way that kept it down/brain damaged for any length of time over 48-72 hours, especially if it was widespread, would have such a cascading effect and probably spawn anarchy. At a minimum billions lost, thousands killed, possibly riots or widespread civil disorder. Katrina times 9/11. So the effect would be substantial and easily deniable, making it the kind of thing China or Russia or any other competitive major power might want to do just to fuck with the Americans and keep them off balance.
Yet it hasn't happened here or Western Europe or most modern Asian countries. Why?
I know all the comments are about to come flooding in that these systems should be air gapped from the Internet, but that isn't practical in today's environment. These systems need to be indirectly connected to the corporate networks, because the data is valuable to the companies. Much of this is due to deregulation. Since deregulation electric utilities no longer operate as islands with their own generation, transmission and customers. Since nobody liked monopolies in the energy industry, the pieces aren't necessarily owned by the same companies anymore. Energy is also bought and sold in a market environment with prices changing all the time and the information is exchanged over the Internet. If you want to see the current Megawatt Hour (MWh) prices in the midwest check out http://www.midwestiso.org/page/LMP+Contour+Map+(EOR). Needless to say air gapping isn't practical in today's environment.
just because the hacker didn't have an UPS...
Oh yeah, well if I were an attacker, I would build a gravity weapon so powerful that it would pull the moon out of its orbit and crash it into the earth.
OR I would create a poison so potent that just a few drops of it in any lake would kill everyone within a 5-mile radius.
OR I would plant thermonuclear bombs in the capitals of the 10 largest cities in the U.S. and detonate them all at once.
See, Mike McConnell? It's easy to invent terrorist movie plots. If they gave out awards for Most Creative Terrorist Strategies That Would Never Work, you all all of your three-letter agencies would win first prize every time.
The SCADA systems. Some genius decided to write a TCP/IP stack for SCADA and then put an ethernet port on the damned things. And what did the utility companies do but hook em' up to an IP network. Not very smart.
Barbarians.
Do not mock my vision of impractical footwear
You hit the problem for today - the social engineering, how the command hierarchy works and that's much more dangerous than any "computer" virus or whatever. I have worked on nuclear power, stock exchange, banking (even Swiss!), military, public safety, hospital, etc environments and they used to have "fail safes" against this kind of problems - now, today, those "fail safes" are often disabled because of business, profits whatever? And it's scary!
Enron couldn't be possible 20 years ago, at least not in environments, countries and corporations I was working at that time, too tight security / control but today?
Anyhow, back to the original subject, the technology is there - it was there in 80's when I was involved to some nuclear / power control systems. Is the knowledge / will there today is another question. Almost seems that this "maximizing profits" is even accepting the problems (for public) as long as the business can make more?
Electric utilities are already being required to beef up security. The North American Electric Reliability Corporation (NERC) has a fairly extensive set of mandatory compliance standards for "Critical Infrastructure Protection (CIP)." I don't know why this was omitted from the story. If you don't comply with the standards, you're subject to some heavy fines. Go search on 'nerc cip' and see how there's a whole cottage industry of consultants gearing up for this.
"We need to change their motivation so that when see vulnerability like this, we can require them to fix it.'"
Why the hell is this so hard to figure out? Hold cooperation responsible for the negative effects caused by their negligence. Power going out because a skilled hacker found an exploit that the best security experts couldn't find is one thing. But power going out because the IT dept. at the power company decided that they didn't need to take basic security measures is another, that's negligance.
If people die because the power went out and the power went out due to negligence (i.e. some 15 year old managed to ssh into the power plant and fuck everything up because the root password was "password") then charge the company with criminally negligent homicide.
We don't need some special, new incentive to get companies to protect the public interest. We just need to remove all of the immunity we've given the companies. The only question we have to answer here is why the fuck did we give companies immunity from the consequences of their actions?
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Unsecure infrastructure networks vulnerable to internet based attack.
Movie at 10.
Movie Postponed due to power failure.
I work for the Department of Redundancy Department.
Yes.
There is actually more than one way to turn them off (safeguards and such), but the actual generator button at my plant is both big and red. Additionally, it's not wired in to the system. The safeguards are also physically wired to cause trips. There are also redundancies built in to ensure those trips and they're hardwired. At best, for the plant that I work at, a hacker could operate a non-critical component. That's assuming they could get through the truckload of security from their end to the control end, which is engineered to be absolutely impossible.
Smart grid makes it more exposed to hacking. If we're talking about the ability to manage major appliances such that they can be spread out so that we can put a higher load on the grid without overloading it, imagine if someone broke into that system and did the opposite by synchronizing usage. Coupled with the fact that loads are even higher, it's a perfect storm for melting down parts of the grid which would take a long time to repair. During that time, people who are most vulnerable (the elderly) would die.
>
Yet it hasn't happened here or Western Europe or most modern Asian countries. Why?
Well, at least where I work, we no longer allow modems to be attached to any equipment. This is a huge cost item; that means we have to fly in a tech with a laptop for several thousand dollars when something goes down instead of allowing the factory to dial in on their modem.
We choose to do this as we are a "major" target - a medium sized public utility. I would guess many of the smaller utilities don't have the resources to do this. So it's a question of targets; if someone was to study the network, they could identify a weak small utility that could bring down a larger utility that would then cascade to a major failure down the line. I'd guess it hasn't happened because the outcome is uncertain and not guaranteed; our operators are pretty damn good at taking care of upstream failures.
The blackout in 2005 was a human failure. One transmission line went down, the team recovering that line made a mistake and instead of activating the repaired line disabled the backup line. Result: 3 states withou electric power.
The blackout in 2007 was due a circuit breaker shutting down one line, the same happening after in the backup line, that could manage the excess load (this happened during peak hours, 5 p.m. during a working day).
Ok, these are official explanations and the blackouts may have been caused by evil hackers but, in this case, the brazilian government made an excelent job holding that information for years, leaking now thanks to an american former military that may have some vested interest spreading fear.
2 cents..
I'm a Canadian, and I've lived throughout Canada. I have NEVER met anybody outside the Internet who thinks American, in spoken English, means anything other than somebody from the United States of America (North American, maybe, but never "American"). There are a significant portion of them that would be insulted to be themselves referred to as Americans; the rest (aslo a significant portion) would simply be amused.
It's not about not being the whole world. It's about how the language is used. What the hell does your crowd call Canadians, anyway? Can't be "United Statesians", since there's more than one United States in the world.
I assert (based on admittedly anecdotal evidence) that if you ask a random sampling of 100 native born English-speaking Canadians, probably less than 1 and certainly less than 5 would think "American" would refer to anything else but people from the USA.
And I think you know that too, if you're truly Canadian. Although it's a big country, maybe you live in some small enclave where that flies among your friends. I've spent most of my time in the most populous parts of the country. But certainly national television *always* uses American to refer to people from the USA.
Yet it hasn't happened here or Western Europe or most modern Asian countries. Why?
Because the enemies you keep hearing about, are neither as a numerous nor as powerful as your government would like you to believe.
It suits the agenda of those in power, to have a public who are so shit-scared about terrorists, that they will accept any indignity, any intrusion into their lives, any loss of freedom... just to make the terrorism fear go away.
Actually, the grandparent post is totally right.
First, because English is defined by customary usage: if, for instance, a majority of English speakers start pronouncing a word in a different way, then that pronunciation will become valid after a while. The shift could also occur semantically. The French have the Académie française, the Germans have the Rat für deutsche Rechtschreibung; but for the English tongue, there exist no such academy.
Secondly, one should not forget that language is by no means systematic. Take the word "anti-Semitism," for example. We all know it means "hatred towards Jews." Now, let's decompose that word for analytical purposes:
- anti- means "against"
- Semite means "Semitic-speaking person"
Woah, wait... Arabic — among other languages — is also a Semitic language. So why has the word "Semite" come to specifically designate Jews? For the same reason we call the United States "America" or the Caribbeans, the "West Indies."
So, the bottom line is: in linguistics, pragmatism often wins where logics ought to prevail.
"The body may heal, but the mind is not always so resilient." -- Deus Ex: Human Revolution
Such a simple solution...keep at least 1 staff person there (3 shifts) and have a computer that connects their desktop system to where-ever it needs to go - but leave the systems that manages the critical systems off the internet...100% hacker proof. There is plenty of room in a profit-margin to employ someone to sit there and watch a screen.
There is little hard evidence in the 'report' as to what caused these outages in Brazil. And given that since at least 2003, the US administration has been well aware of the dangers of putting control equipment on the Internet, why are they still doing it? This whole cyberscare story is yet another pretext for getting more funding.
.. was caused by a combination of technical and human error .. when two of the four lines running from the Cachoeira Paulista substation - between Sao Paulo and Minas Gerais states - to Rio de Janeiro failed. A third line was switched off because of the low consumption on what was a public holiday, and the system operator accidentally disconnected the fourth line
Authorities blame human error for Jan.1 blackout - Brazil
A power cut
In areas that are cold enough to require heat to survive, Electricity is not allowed to be the only source of heat. You must have a backup such as propane or a woodstove. I'm not sure but I think its part of building code. If you think people are going to die from the cold, you, like the congressman, are misguided.
Oh Crap, I'm an optimist.....