Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congressional Report: US Power Grid Highly Vulnerable To Cyberattack

Posted by Soulskill on from the industry-strangely-averse-to-voluntary-protections dept.

An anonymous reader writes "Despite warnings that a cyberattack could cripple the nation's power supply, a U.S. Congressional report (PDF) finds that power companies' efforts to protect the power grid are insufficient. Attacks are apparently commonplace, with one utility claiming they fight off some 10,000 attempted attacks every month. The report also found that while most power companies are complying with mandatory standards for protection, few do much else above and beyond that to protect the grid. 'For example, NERC has established both mandatory standards and voluntary measures to protect against the computer worm known as Stuxnet. Of those that responded, 91% of IOUs [Investor-Owned Utilities], 83% of municipally- or cooperatively-owned utilities, and 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively-owned utilities, and 62.5% of federal entities reported compliance.'"

6 of 124 comments (clear)

  1. You're kidding me by Anonymous Coward · · Score: 3, Insightful

    Our power grid is plugged into the Internet? Can't they spend $40 on a Linksys router and call it good?

    1. Re:You're kidding me by White+Flame · · Score: 3, Insightful

      Stuxnet spread via USB sticks, and successfully 'cyber' attacked nuclear refinement systems that were not on the net.

      These regulations (at least from what I'm familiar with from the nuclear end of things) cover a lot of human & portable equipment policy, and destroy I/O ports in non-connected equipment to try to eliminate potential attack vectors or non-policy human activity that might compromise security. It does go beyond simply unplugging CAT5 cables.

    2. Re:You're kidding me by lightknight · · Score: 3, Insightful

      Not going to happen. The US, and other parts of the world, have been very Marie Antoinette about internet / technology literacy, and the implications of a populous dependent on using said devices where the culture is set to super-apathy mode. They just...they don't care, and the way things are setup, there is no way to make them care, until the inevitable something horrid happens to them, then it's "why can't you guys do anything about this?"

      Consider this: your average secretary for a CEO / Chairman / President of a company may or may not have the technological literacy to know whether or not his / her machine has become infected, and is now sending the VIP's electronic Rolodex / tax returns to some bad people. But the VIP is totally cool with how things are, until some insider breaks his company, or personally targets him. And then it's asking IT / the FBI to track down some people who have had a six month start, and probably swept their tracks right before their big heist. This is how technology illiteracy is killing companies.

         

      --
      I am John Hurt.
  2. After the fertilizer hits the ventilator by aphelion_rock · · Score: 4, Insightful

    Why bother with complex security measures?

    (1) It costs money
    (2) There is no measurable profit
    (3) There is no measurable increase in productivity
    (4) There is no measurable increase in share price
    (5) The bozos who make the decisions usually don't understand the issues anyway

    Only once the proverbial hits the fan will something be done and even the it will probably be blamed on the power lines sagging onto a tree on a hot day...

  3. No, the idiots connect them to the Internet by Anonymous Coward · · Score: 2, Insightful

    Read it an weep, I'd be sacked if ever I did that, yet their network admins seem to think it's an 'improvement':

    "Grid operations and control systems are increasingly automated, incorporate two - way
    communications, and are connected to the Internet or other computer networks. While these improvements have allowed for critical modernization of the grid, this increased interconnectivity has made the grid more vulnerable to remote cyber attacks."

    So they took a critical system and connected it to every hacker and script kiddie on the planet, knowing that botnets endlessly test every IP address for vulnerabilities. And they complain about botnets testing the stuff THEY CONNECTED to the internet! WTF.

    It's a case of incompetent sysadmins, couples to a self serving 'cyber-war' agenda on behalf of the people who should be advising them to disconnect them from the internet!

  4. let me say by Anonymous Coward · · Score: 0, Insightful

    NO its not the power grid that is the problem
    ITS THE FUCKING RETARDS IN YOUR GOVT THAT ARE YOUR THREAT.....
    Who the fuck makes this shit
    no fucking really time to get nasty ass on old people that have no fooking excuse to do insane things like ...i dunno make the entire electricity grid accessible to a smuck idiot dumb nuts script kiddy....
    USA should be turned into DIM
    DUMB IDIOT MORONS
    smarten then fuck up and dont you dare take someones civil rights cause you wankers designed a system that deserves to get bitch slapped to show HOW RETARDED YOU ARE