Congressional Report: US Power Grid Highly Vulnerable To Cyberattack

An anonymous reader writes "Despite warnings that a cyberattack could cripple the nation's power supply, a U.S. Congressional report (PDF) finds that power companies' efforts to protect the power grid are insufficient. Attacks are apparently commonplace, with one utility claiming they fight off some 10,000 attempted attacks every month. The report also found that while most power companies are complying with mandatory standards for protection, few do much else above and beyond that to protect the grid. 'For example, NERC has established both mandatory standards and voluntary measures to protect against the computer worm known as Stuxnet. Of those that responded, 91% of IOUs [Investor-Owned Utilities], 83% of municipally- or cooperatively-owned utilities, and 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively-owned utilities, and 62.5% of federal entities reported compliance.'"

After the fertilizer hits the ventilator

[aphelion_rock]

Why bother with complex security measures?

(1) It costs money
(2) There is no measurable profit
(3) There is no measurable increase in productivity
(4) There is no measurable increase in share price
(5) The bozos who make the decisions usually don't understand the issues anyway

Only once the proverbial hits the fan will something be done and even the it will probably be blamed on the power lines sagging onto a tree on a hot day...

Re:You're kidding me

[OhANameWhatName]

Can't they spend $40 on a Linksys router and call it good?

You can never spend $40 on a Linksys router and call it good.

Very weird priorities

[http]

OMNI magazine recently set its archives loose online. Check the January 1989 issue, "The Rules of the Game" (http://archive.org/stream/omni-magazine-1989-01/OMNI_1989_01#page/n17/mode/2up, flip to page 42) for the low tech nightmare. If you think the nation without a power grid would make for a seriously bad month, you lack imagination. Try a seriously bad year, or longer. Pretty much every piece of infrastructure is built with the assumption that electicity is somewhere close at hand.

The physical infrastructure of the power grid is an infinitely easier target, with gigantic ROI for terrorists or actual enemy agents. The $100,000 you could spend for a good 0-day would be better spent on a few RPGs and some half-decent watches. Network attacks are a fool's errand. If you want to prevent awful things, your money is better spent on guards.

That OMNI article may be the first "How can I unknow this?" moment of my literate life.

Feeding an island is DEADLY.

[Ungrounded+Lightning]

It could even keep a local part of the grid up while all others around them suffer power failures.

And that is a BIG no-no. Because it kills linemen trying to fix the outage.

Those transformers work both ways. Your little generator or inverter gets stepped up to maybe 8,000 or 12,000 volts. Then a lineman who thinks the power is down brushes against a wire (or comes within a quarter-inch of it) and is "burned" - to death.

Grid-connected inverters with a "sell" feature MUST monitor the network and shut down if they detect islanding - being cut off from the grid, with one or a collection of generators running autonomously. It's perfectly OK to feed power into the grid when it's up (if you're using UL approved equipment, connected according to code, inspected for compliance, and the utility knows you're doing it according to the rules.) It's perfectly OK to have things wired so your equipment still feed your house if the grid goes down, but it MUST cut itself off from the dying or dead grid and stay off until the grid comes back up and stabilizes at the nominal voltage and frequency.