Chinese Researcher Says US Power Grid Is Vulnerable, Strategist Overreacts

An anonymous reader writes with a story about Wang Jianwei, a grad student in China who recently released a paper detailing a vulnerability in the US power grid. Despite the paper being rather typical for security research, its origin set off alarm bells for military strategist Larry M. Wortzel, who testified before Congress that the student was a threat, despite the fact that the published attack wasn't really feasible. Quoting: "'We usually say "attack" so you can see what would happen,' [Wang] said. 'My emphasis is on how you can protect this. My goal is to find a solution to make the network safer and better protected.' And independent American scientists who read his paper said it was true: Mr. Wang's work was a conventional technical exercise that in no way could be used to take down a power grid. The difference between Mr. Wang's explanation and Mr. Wortzel’s conclusion is of more than academic interest. It shows that in an atmosphere already charged with hostility between the United States and China over cybersecurity issues, including large-scale attacks on computer networks, even a misunderstanding has the potential to escalate tension and set off an overreaction. 'Already people are interpreting this as demonstrating some kind of interest that China would have in disrupting the US power grid,' said Nart Villeneuve, a researcher with the SecDev Group, an Ottawa-based cybersecurity research and consulting group."

typical military response

[corbettw]

Yes, it would've been much better for this guy not to publish his research so we wouldn't know about this problem and leave it wide open. We should be thanking this man for his hard work, not lambasting him just because he happens to be Chinese.

If the Chinese government were interested in disrupting our power systems, wouldn't they be a little more secretive about their intentions than shouting out our flaws to all the world?

Re:typical military response

[bunratty]

The problem is confirmation bias. The U.S. has been concerned that the Chinese are going to threaten U.S. security by using computers. When the U.S. found a paper written by a Chinese researcher that talked about using computers to attack the U.S. power system, they thought they found someone who was threatening U.S. security. In other words, when they found "evidence" that looked on the surface that it was what they were looking for, they jumped to the conclusion they had found it.

This is just the same as the "quote mining" we've seen from, say, intelligent design supporters who are continually on the lookout for evidence that evolution is wrong. It's also the reason that the hacked CLU emails are being misinterpreted to mean that AGW is a hoax. If you set out looking for evidence to support your idea, you need to make sure you also look for evidence that supports the opposite of your idea, and make sure you are interpreting the evidence you find correctly and neutrally.

Public security research is not a threat

[Andrioid]

Public security research is not a threat. Vulnerable infrastructures that go unchecked are. The trend is to penalize security researchers for publishing their findings will only increase underground security research that will then just be sold to the highest bidder.

Re:The pro-China modbombers are out in force today

[santax]

I really can't understand this way of thinking. It will probably get me modded down but I ask of you to think about this. What are you afraid of? every time I turn on the tv I see news from the US and every time it is about being scared or about why you should be scared and every time it turns out to be a lie. Why do you feel threatened by a person who is not born in the USA who tells you there is a flaw in your system and goes so far to even tell you all about that flaw.... I don't get it. I just don't get in, I'm sorry.

I'm also not sure how it's a big deal

[Sycraft-fu]

All power grids are always vulnerable to physical attack. There are few generation stations, relative to the number of customers and many large scale distribution lines. Take those out, and you've disabled power for a long time since they have to be rebuilt. A big, distributed, power grid like we have that does not have tons of excess capacity is just going to be at risk of having large parts taken off line by physical means. Ask anyone who lives in an area of heavy snow.

Now, I understand that an electronic attack could be done remotely, in theory without warning. Ok... To what end? In case people haven't noticed there's a big ole' swath of ocean between the US and China. So if China was to try that as a precursor at an attack, it wouldn't do any good. We'd either already know about the attack, having seen the ships on the way, or it would be way too early, since the ships would take a long time to get here, and it would be back up by the time they got here.

Not that any of that is very relevant to defense. It isn't like aircraft carriers are on the power grid, they've got their own nuclear reactors (2-4 of them in fact). You discover a good deal of important stuff has its own power backup since it isn't like power doesn't go out all the time anyhow. Hell we lose power to our building at work probalby 3-4 times per year, hence there's a generator on critical systems.

I just don't see how this sort of thing is that big a deal. Now please understand, I'm not saying we shouldn't try to secure it. When you find a security hole, you should fix it. Just a good idea over all so you don't have problems in the future. However I don't see it as being a military threat. I see it as being more of a script kiddie type of threat. Some asshole takes power out because they think it is funny. I don't see China trying to knock it out because I can't see how it would be useful, and it would have some rather large negative repercussions if they did and the US found out who was responsible.