Slashdot Mirror
US Preps Cyber Outfit To Protect Electric Grid
coondoggie writes to mention that the US Department of Energy is planning to set up a new "National Energy Sector Cyber Organization" in order to protect the national bulk power electric grid. For the low, low cost of $8.5 million they will help integrate smart grid technology with the electric grid, speed research, and establish new policy and protocols. "It is paramount that smart grid devices and interoperability standards include protections against cyber intrusions and have systems that are designed from the start (not patches added on) that prevent unauthorized persons from gaining entry through the millions of new access points created by the deployment of smart grid technologies, Hoffman stated."
Recently I saw that a bunch of stimulus funds were handed out for bringing the nation's electrical grid into the 21st century. A big part of this is using computers to control various parts of the grid, from utility scale substations down into the home with smart meters and smart appliances.
Anytime you take infrastructure and connct it to computers you are opening it up to a whole new set of threats as well as bringing privacy implications.
Here's a couple great articles that go into the details better than I can.
I believe that there is are a couple things that really need to be address for grid security:
- Open protocols and specifications
With all the new technology coming down the pike, all sorts of companies will be sprining up with their gadget or software that will solve some problem. They need to work towards making standards of interoperability so that all these entities could work together.
- Network security
Putting millions of new, network connected, devices out there could lead to a field day for hackers. I believe that they sould quickly develop security technologies that manufactures could then cheaply incorporate into their devices.
A lot of this could be easily (and cheaply) addressed with various communities already out there. For instance, SSL technology has already been built into products like OpenVPN that could easily and cheaply secure huge numbers of smart endpoints.
- Privacy
We need to provide software that is built from the ground up to give uses the privacy that they deserve, while still pushing forward great new technologies.
Did anyone else imagine the "Greatest American Hero" suit?
This was covered in "Live Free or Die Hard". Hello!!! What if Timothy Olyphant were to go crazy one day and believe he is still on the set of Live Free or Die hard? We might actually be taken over by cyberpunk terrorist. God help us....
...and you double-check the calendar, and you see that it is not 1996, you know you are in for some expensive government boondoggle or another.
It should be noted that this initiative is just for the developing a plan or plans for integrating smart grid technology, not actually implementing anything; thus the small pricetag.
Q.E.D.
From the summary:
they will help integrate smart grid technology with the electric grid
It's pretty obvious to anyone familiar with computer networking that making the the electric power grid "smart" would make it more vulnerable to attack. After all, if the grid's control apparatus isn't online, there's no way to hack into it in the first place. I realize there are other advantages to a smart grid but to claim that making the current "dumb" grid smart would also make it more secure seems disingenuous at best.
This ain't rocket surgery.
Create an array of devices running firewall/VPN and gateway on embedded hardware and don't create 'millions of new access points' ...
Personally, I'm glad that someone is finally getting around to dealing with the proper education of our grids. Just yesterday I was hearing all about education cuts in my state due to budget shortfalls, and how student achievement in my state was going to suffer as a result.
It is heartening to hear that though some facets of our educational system will have to tighten their belts, the dumb grids will still pop out the other side of their educational experience so much smarter (and deployed!) than before.
I mean you just kind of figure he'd have to be.
Please do not read this sig. Thank you.
Get residences and businesses OFF the grid. The best form of national defense.... much harder to target everybody.
Oh wait, that means the electric companies couldn't tax us...so they could raise money to fund national defense systems to protect the grid(s). Never mind, please move along - nothing to see here.
20 guys, 20 uhauls, 20 tons of explosive, 20 throw way cell phones all parked under the 20 biggest transmission lines and there's not a thing that technology can do to stop it.
Securing the electrical grid is very, very simple. Do not allow remote access to it, *period*.
There, I just saved you 8.5 million dollars.
In Washington DC, $8.5 million dollars a year gets you an office with an executive and a secretary and a pencil sharpener. Anything else costs waaaay more.
we are expected to have a secure smart grid? How hard is it to give some real powers to the Cybersecurity Czar so he's something more than a scapegoat, and get him to stay put long enough to complete his New Employee Orientation? We can't even do that, yet we're supposed to find a way to secure the smart grid?
Has the current Cybersecurity Czar even made a statement about the recent hacking invasion from the Chinese government?
If you get in trouble on the Internets, just say, "Let's Cyber!"
When the sun finally shining in Jerusalem tomb of your Lengji, we will meet your resurrection.
If you mod me down, I shall become more powerful than you could possibly imagine.
You're aware that the bulk grid isn't owned by just one entity? And that it doesn't just carry power from one power company?
I'm surprised the current administration hasn't called the whole smart grid idea off. After all, won't it put tens of thousands of meter readers out of work? That probably hasn't occurred to them yet, but you just wait. Please, someone think of the meter readers!
If we all have our mini solar, wind, tidal, geothermal, chemical generators and trickle storage systems then we'll be smarter than the grid. If the grid remains smarter than us, then I guess we're not going to be very effective protection. Perhaps if we could just figure out how to stop people from trying to destroy our lives, our grids would endure, and we could avoid their crude oil and behavior.
A nation's electrical infrastructure is everywhere and largely unguarded - there's really nothing stopping a single, determined individual from doing an extreme amount of *physical* damage to a power company via sabotage.
Theoretically, there's no reason I can't:
- Sneak into the woods with a gas angle grinder and start cutting guy wires on hydro towers. Cut down a few >300KV lines feeding a city and they'll have no power for days.
- Break into unmanned substations and open oil drains on transformers. Or shoot a hole in a transformer with a high caliber rifle for the same effect - oil spill, destroyed transformer, easily a week of no electrical service.
- You probably can't do much to a power station directly (lots of staff, security, etc) but there's plenty of other things. Sabotage a rail line feeding a coal power station, a pipeline feeding a natural gas station, an oil tank at a oil station, etc. Or the power lines exiting them.
Get a large, determined group of people doing this, and you've got a big problem. Especially since we depend on electricity so much nowadays for day-to-day things - phones (who owns a corded phone anymore?), light, refrigeration, heating, etc. You can secure a power company system against "cyber-attacks" by keeping the damn thing off the internet - but good luck securing the physical power grid, since it's so big.
The solution to all of this?
- Intelligence, and
- Not pissing the fucking world off such that they *want* to do this shit. (Yeah, cliche, whatever.)
If security is the goal, smartgrid is the wrong direction. If security is the goal, we need implement dumbgrid. we don't need a 'skynet' grid that adjust itself to prevent outages. everywhere there is a computer making such decisions, put a human being. also, we need to discourage such heavy reliance on centralized electricity. hell, we need to fight centralization of everything!
How 'bout not including any network commands that would actually change anything? I mean, the power grid was under manual control for decades. Was that such a bad thing?
In today's times, budgets for any new gov't organization require multimillions, on order of 100+million.
$8.5mil will only run 10-12 people in R&D for a year, producing ZERO results and a bunch of far fetched papers/publications.
So I suspect this money will likely end up in a few CEO's (those pitching smart grid tech) pockets.
Funny. I see gov't is up to it's usual ways.
So in other words, from what we receive from the government..that "cyber" fits in this situation?
Security approaches: Intrinsic vs. Extrinsic; Mutual vs. Unilateral.
How about decentralizing the "brittle power" system more in the first place, so you have "intrinsic security" so it degrades slowly under attack rather than rely heavily on "extrinsic security" through guards or passwords for controlling some central system? For example, renewables such as solar panels and fuel cells at each home would make energy production in a country difficult to interrupt intrinsically (assuming there was no single point of failure like automatic software upgrades of embedded controllers).
http://en.wikipedia.org/wiki/Brittle_Power
"""
Brittle Power: Energy Strategy for National Security is a 1982 book by Amory B. Lovins and L. Hunter Lovins, prepared originally as a Pentagon study, and re-released in 2001 following the September 11 attacks. The book argues that domestic energy infrastructure is very vulnerable to disruption, by accident or malice, often even more so than imported oil. According to the authors, a resilient energy system is feasible, costs less, works better, is favoured in the market, but is rejected by U.S. policy. In the preface to the 2001 edition, Lovins explains that these themes are still very current.
"""
And while we're at it, how about a little "mutual security" too, instead of a "unilateral security" policy that as often as not seems to provoke attacks? From an interview with Morton Deutsch:
http://www.beyondintractability.org/audio/morton_deutsch/?nid=2430
"""
Q: You're starting to see the analogy to international conflict, or intractable conflict on a larger scale?
A: Yes. Well, I wrote a paper about preventing World War III. That was during the height of the cold war, I think I wrote it in 1982, it was called "The Presidential Address to the International Society to Political Psychology." And there I took the relationship between the United States and the Soviet Union and characterized it as a malignant relationship, which had some of the characteristics that I was talking about with the couple. It was right for both the United States and the Soviet Union to think that the other was hostile, would undo it, would damage it, you know, all of these things. The relationship was a malignant one. They had to become aware of the malignancy, and the only way out really was recognizing that it's hurting, recognizing that there is a potential better way of relating. And that better way of relating involves having a sense that one can only have security if there's mutual security. And that's true in most relationships. That's particularly true to recognize groups that have had bitter strife where they've hurt each other. They have to deal with the problem of how to get to where they can live together. It may be ethnic groups within a given nation or community. They can only live together if they recognize that their own security is going to be dependent on the other person's security. So each person, each side, each group has to be interested in the welfare of the other.
"""
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Hell no. A former C-level executive at Microsoft is not going to touch that, it's an international incident that he helped cause. Look instead for smoke and noise about some other happy horseshit. It's bizarre how he could squeak past the employment interviews. Any background check should have turned up his employment at Microsoft, so either none was done or there is some serious corruption and a serious breach:
"Find and Lean on your insider friend, 'the fox' Having a trusted MSfriend in the account is critical...they are true believers"Comes v Microsoft, Plaintiff's Exhibit 9346, p63
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
(Let's try that again with the correct link.) http://www.latimes.com/news/nation-and-world/la-na-cyber-czar23-2009dec23,0,6636463.story
Hell no. A former C-level executive at Microsoft is not going to touch that, it's an international incident that he helped cause. Look instead for smoke and noise about some other happy horseshit. It's bizarre how he could squeak past the employment interviews. Any background check should have turned up his employment at Microsoft, so either none was done or there is some serious corruption and a serious breach:
"Find and Lean on your insider friend, 'the fox' Having a trusted MSfriend in the account is critical...they are true believers"Comes v Microsoft, Plaintiff's Exhibit 9346, p63
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.