Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Preps Cyber Outfit To Protect Electric Grid

Posted by ScuttleMonkey on from the call-bruce-willis dept.

coondoggie writes to mention that the US Department of Energy is planning to set up a new "National Energy Sector Cyber Organization" in order to protect the national bulk power electric grid. For the low, low cost of $8.5 million they will help integrate smart grid technology with the electric grid, speed research, and establish new policy and protocols. "It is paramount that smart grid devices and interoperability standards include protections against cyber intrusions and have systems that are designed from the start (not patches added on) that prevent unauthorized persons from gaining entry through the millions of new access points created by the deployment of smart grid technologies, Hoffman stated."

11 of 58 comments (clear)

  1. Make the process open by teeks99 · · Score: 2, Insightful

    Recently I saw that a bunch of stimulus funds were handed out for bringing the nation's electrical grid into the 21st century. A big part of this is using computers to control various parts of the grid, from utility scale substations down into the home with smart meters and smart appliances.

    Anytime you take infrastructure and connct it to computers you are opening it up to a whole new set of threats as well as bringing privacy implications.

    Here's a couple great articles that go into the details better than I can.

    I believe that there is are a couple things that really need to be address for grid security:

    - Open protocols and specifications
    With all the new technology coming down the pike, all sorts of companies will be sprining up with their gadget or software that will solve some problem. They need to work towards making standards of interoperability so that all these entities could work together.

    - Network security
    Putting millions of new, network connected, devices out there could lead to a field day for hackers. I believe that they sould quickly develop security technologies that manufactures could then cheaply incorporate into their devices.
    A lot of this could be easily (and cheaply) addressed with various communities already out there. For instance, SSL technology has already been built into products like OpenVPN that could easily and cheaply secure huge numbers of smart endpoints.

    - Privacy
    We need to provide software that is built from the ground up to give uses the privacy that they deserve, while still pushing forward great new technologies.

    1. Re:Make the process open by Adambomb · · Score: 5, Insightful

      Systems that control key infrastructure for your nations production and commerce should be on an completely separate network. End of story really.

      For the information that needs to be distributed over the internet, make it eyes only transferred from the control network to the internet connected systems (double workstation setup). Then your only concern is direct espionage.

      --
      Ice Cream has no bones.
    2. Re:Make the process open by teeks99 · · Score: 3, Interesting

      I agree that it should be, however it is completely cost prohibitive to get a separate network run to the smart meter in everyone's home. Even running a separate network to all the utility substations would be challenging.

      In reality, VPNs run all over the public internet, and can be extremely secure. DOD even allows parts of their classified networks to run over the commercial internet, provided they have the correct encryption gear at each end. The DOD gear is really expensive and tough to get setup, but there is no reason this needs to be the case existing Public Key and Symmetric Key crypto is plenty strong, and could even be implemented in dedicated (cheap) hardware.

    3. Re:Make the process open by Sandbags · · Score: 2, Insightful

      They ARE. I serviced DR systems for serveral power companies. by LAW there is not even an internet connection allowed in the BUILDING (let alont the room) housing the grid switch control systems, not even a modem.

      I was frisked each time entering, and had to go through 2-3 layers of security to get in the room. Even then, i could only touch the DR equipment once an employee physically disconnected it (for hardware repairs), or they had to enter all the keystoks personally, all i could do was watch and instruct.

      This is NOT for the grid itself, it's for the "smartgrid" essentially, coming up with secure protocols to collect billing and use information from read-only devices at houses.

      --
      There is no contest in life for which the unprepared have the advantage.
  2. "Cyber Outfit" by Culture20 · · Score: 2, Funny

    Did anyone else imagine the "Greatest American Hero" suit?

  3. Whenever You See the Prefix "Cyber"... by RobotRunAmok · · Score: 2, Funny

    ...and you double-check the calendar, and you see that it is not 1996, you know you are in for some expensive government boondoggle or another.

  4. Small pricetag by jwinster · · Score: 3, Informative

    It should be noted that this initiative is just for the developing a plan or plans for integrating smart grid technology, not actually implementing anything; thus the small pricetag.

    --
    Q.E.D.
  5. Wouldn't a Smart Grid be Less Secure? by gyrogeerloose · · Score: 2, Insightful

    From the summary:

    they will help integrate smart grid technology with the electric grid

    It's pretty obvious to anyone familiar with computer networking that making the the electric power grid "smart" would make it more vulnerable to attack. After all, if the grid's control apparatus isn't online, there's no way to hack into it in the first place. I realize there are other advantages to a smart grid but to claim that making the current "dumb" grid smart would also make it more secure seems disingenuous at best.

    --
    This ain't rocket surgery.
  6. Is Bruce Willis involved? by gestalt_n_pepper · · Score: 2, Funny

    I mean you just kind of figure he'd have to be.

    --
    Please do not read this sig. Thank you.
  7. We can't get a real Cybersecurity Czar, but... by zero_out · · Score: 3, Interesting

    we are expected to have a secure smart grid? How hard is it to give some real powers to the Cybersecurity Czar so he's something more than a scapegoat, and get him to stay put long enough to complete his New Employee Orientation? We can't even do that, yet we're supposed to find a way to secure the smart grid?

    Has the current Cybersecurity Czar even made a statement about the recent hacking invasion from the Chinese government?

  8. I'm not worried about *cyber* attacks. by gmarsh · · Score: 2, Insightful

    A nation's electrical infrastructure is everywhere and largely unguarded - there's really nothing stopping a single, determined individual from doing an extreme amount of *physical* damage to a power company via sabotage.

    Theoretically, there's no reason I can't:

    - Sneak into the woods with a gas angle grinder and start cutting guy wires on hydro towers. Cut down a few >300KV lines feeding a city and they'll have no power for days.
    - Break into unmanned substations and open oil drains on transformers. Or shoot a hole in a transformer with a high caliber rifle for the same effect - oil spill, destroyed transformer, easily a week of no electrical service.
    - You probably can't do much to a power station directly (lots of staff, security, etc) but there's plenty of other things. Sabotage a rail line feeding a coal power station, a pipeline feeding a natural gas station, an oil tank at a oil station, etc. Or the power lines exiting them.

    Get a large, determined group of people doing this, and you've got a big problem. Especially since we depend on electricity so much nowadays for day-to-day things - phones (who owns a corded phone anymore?), light, refrigeration, heating, etc. You can secure a power company system against "cyber-attacks" by keeping the damn thing off the internet - but good luck securing the physical power grid, since it's so big.

    The solution to all of this?

    - Intelligence, and
    - Not pissing the fucking world off such that they *want* to do this shit. (Yeah, cliche, whatever.)