Lack of US Cybersecurity Across the Electric Grid

Lasrick writes: "Meghan McGuinness of the Bipartisan Policy Center writes about the Electric Grid Cybersecurity Initiative, a collaborative effort between the center's Energy and Homeland Security Projects. She points out that over half the attacks on U.S. critical infrastructure sectors last year were on the energy sector. Cyber attacks could come from a variety of sources, and 'a large-scale cyber attack or combined cyber and physical attack could lead to enormous costs, potentially triggering sustained power outages over large portions of the electric grid and prolonged disruptions in communications, food and water supplies, and health care delivery.' ECGI is recommending the creation of a new, industry-supported model that would create incentives for the continual improvement and adaptation needed to respond effectively to rapidly evolving cyber threats. The vulnerability of the grid has been much discussed this last week; McGuinness's recommendations are a good place to start."

Re:http://www.linuxadvocates.com/

[Russ1642]

If money doesn't grow on trees why do banks have branches?

Why not a separate WAN?

Why not a separate WAN for the power based stuff, similar to NIPRNet and SIPRnet? That way, if there is a bridge across the Internet, it is point to point encrypted, but most traffic would be on separate leased lines. With this in place, combined by measures to limit connectivity, it would make it far harder than just having an Internet connected box to be able to do power grid shenanigans, unless one has physical access to the substations/stations.

Re:Why not a separate WAN?

[Desler]

Because that would require huge amounts of capital expenditure that eats into profits.

Re:Why not a separate WAN?

[Em+Adespoton]

Why not a separate WAN for the power based stuff, similar to NIPRNet and SIPRnet? That way, if there is a bridge across the Internet, it is point to point encrypted, but most traffic would be on separate leased lines. With this in place, combined by measures to limit connectivity, it would make it far harder than just having an Internet connected box to be able to do power grid shenanigans, unless one has physical access to the substations/stations.

Because you have to treat the network as if it is already compromised -- as it is guaranteed to be by a combination of ineptness, laziness, malfeasance, temporal complexity creep, etc. Plus, airgapping is not a panacea, as Stuxnet showed us.

Add to that how dumb some of the components of the energy grid are, and you have a situation where you really do have to prepare yourself for the worst. I think the overall chaos and complexity is likely the only thing that has protected it to date.

Re:Why not a separate WAN?

[bobbied]

Add to that how dumb some of the components of the energy grid are, and you have a situation where you really do have to prepare yourself for the worst. I think the overall chaos and complexity is likely the only thing that has protected it to date.

Now you are just pandering fear. You rightly observe that it would be an extremely complex problem to try and disrupt the power infrastructure in this country using what is connected to the internet. There are a multitude of systems, control types and locations, all of which are constantly changing over time. This makes trying to figure out how you could use these contact points to actually do something significant to the power grid using the internet a problem complex enough to be worthy of a supercomputer and a long time to research and catalog what was accessible would be required to feed such a computer.

But there is one thing you forget (or just don't know). MOST of the critical infrastructure, the really important stuff, is NOT unprotected. It is very much behind firewalls with encrypted VPN links. You might find access to some backup generator on the web, but a major power plant will be secured pretty well. They are not going to let some yahoo hacker mess with millions of dollars of equipment, but they might let the building manager monitor his emergency backup generator from home or something. The really critical stuff is protected. What's not, is the far flung stuff, the really remote substation, and how much damage are you going to do from there? Not much, certainly nothing of national significance or more than say an Ice Storm.

Cyber attacks are not that big of a risk... How do I know? Has it happened yet? Even on a small scale? Why? Because nobody thought of or tried it? No, because it's way too hard of a problem for just anybody to mount an effective attack, and if they HAVE done it, there was so little disruption in things as to be insignificant compared to other events which happen more often.

Re:Why not a separate WAN?

[Antique+Geekmeister]

> MOST of the critical infrastructure, the really important stuff, is NOT unprotected.

Yes, it has 95% coverage. Unfortunately, it's alike a dike against a flood. One weak spot and the intruders are in. The intruders don't even have to be clever, just persistent.

Re:Why is this crap on the internet

[i+kan+reed]

Because efficiency. If you have to pay some laborer to drive down to the substation to change settings, you're going to be spending a lot of money on humans.

If you can get Bob in the office to click "change", you can have one person doing dozens of them in 5 minutes.

And I don't know if you noticed during recent crises, but officially speaking, the only "critical" things according to the US government are police and military. Everything else is "non-essential". Infrastructure barely even counts for long term planning.

clouds to come

[turkeydance]

cloud-synergy-profit!

Re:Why is this crap on the internet

[pixelpusher220]

Attaching it to the PUBLIC INTERNET is bad. Said 'laborer' can still happily sit in his office making a change to an air-gapped system that IS connected directly to the substation.

There's simply no point in having the same system that runs critical stuff also be able to browse Facebook.

Re:Why is this crap on the internet

[khasim]

I'd pay extra to have humans working instead of insecure Internet connections being used.

If nothing else it would get rid of these stupid stories all the time.

Re:Why is this crap on the internet

[Joe_Dragon]

AIR gapped network eats in to our profit.

also what if we want to have bob be replaced by some over seas?

Re:Why is this crap on the internet

[i+kan+reed]

But since we're talking about a utility, it's not that simple. That increase unilaterally affects people who can barely afford their electric bill as is.

Re:Why is this crap on the internet

[i+kan+reed]

Because, again, efficiency. Do you want to build a separate redundant, self-routing network of switches, identifiers, and miles of cable for your company's network, when you can piggyback on the one that's already there? You probably do, since that would provide jobs in slashdot's main sector, but that's personal, "you" are an electric company in this scenario.

Low hanging fruit

[AK+Marc]

I could take out a substation with parts found in any store and wouldn't trigger any alerts buying them. Heck, damage things with a bow and arrow and thick metal wire. There are cheaper/easier ways to take down power. Back a pickup truck into a tower. The "cyber" complaint is FUD. It may be true, but is still FUD because it's easier to attack the infrastructure in other ways.

Re:Low hanging fruit

[Em+Adespoton]

I could take out a substation with parts found in any store and wouldn't trigger any alerts buying them. Heck, damage things with a bow and arrow and thick metal wire. There are cheaper/easier ways to take down power. Back a pickup truck into a tower. The "cyber" complaint is FUD. It may be true, but is still FUD because it's easier to attack the infrastructure in other ways.

If you're in Jilin province China, backing a pickup truck into a tower is going to be a wee bit tricky. Clicking a button to take out power for the Midwest? Pretty easy at the moment.

Re:Low hanging fruit

[AK+Marc]

A guy did about a million dollars of damage with a gun on the Alaska pipeline (the smaller-leak set off detectors, but wasn't as identifiable as larger leaks, and was in a remote area for complicated cleanup). But I've seen a few hundred thousand dollars of substation taken out by a snake. Throwing a water mellon over the fence with exceptional aim would have a similar effect.

The benefit of the cyber attacks is untouchability. Perform the attack from a place with no extradition, and you'll be fine. Also, you can hit multiple places at once, something that would take a small army to do in person.

But for "effort for damage" buying a watermelon and thowing it over the substation fence onto a transformer probably has cyber beat.

Re:Low hanging fruit

[bobbied]

How right you are.. Just stand back from the wire when you launch that arrow...

The Cyber FUD is like the Y2K FUD of 15 years ago and the EMP FUD and the Solar Flair FUD... All designed to make you fear something most of us don't understand.

Re:Low hanging fruit

[SuricouRaven]

A little looking on google sat imagery lets you see where the big pylons go. Can't be that hard to identify the lines into a major city and have your acy-cutter team down a few pylons on each one.

Re:Low hanging fruit

[AK+Marc]

Tie one end of the cable to the base of the tower, have enough line that when you fire it, it'll pull away from you, and not stay coiled at your feet. The arc from the power line to the base will likely vaporise the line, so you wouldn't want to be too close, and it will damage the line, the tower, and the equipment on both ends of the line.

The Cyber FUD is like the Y2K FUD of 15 years ago and the EMP FUD and the Solar Flair FUD... All designed to make you fear something most of us don't understand.

Y2K wasn't FUD. 95% of it was needed work to prevent more expensive failures after. Yes, a broken date on a system clock isn't that bad, unless your accounting software uses the date, and you accidentally send out 99 years of pay for the next pay stub (amazingly enough, back then and even now, there are few systems that have flags thrown up for unusual amounts). It isn't going to kill anyone (like flying an F-22 across the date line, or taking off from below sea level could have), but there would have been mass confusion and unplanned error fixes. It was easier to spend 6 months doing firmware updates, and replacing old hardware, and the software updates needed so things would work. And even after, there were still lots of little issues with dates.

EMP is FUD until North Korea detonates a nuke 500 miles above MO/KY (I'd go MO/KY to lean east to ensure the loss of NYC, but they could go KS and hope to get all of CA and NY), taking out NASDAQ, Wall Street, the power grid, and 99% of all cars in the continental US. That's the worst-case WWIII scenario.

Solar flares have yet to cause anything more than a mild increase in bit errors in ICs.

Re:Low hanging fruit

[AK+Marc]

I'd hire a cement mixer and weld on some push bars, and drive into them. Faster, and more fun.

Re:Low hanging fruit

[AK+Marc]

In my area the sub-station already has those safety features in place, if you tried a attack with a 'bow and arrow, with think wire" it would do anything, other then disrupt the system for a few minutes, before it determines whether there's something wrong like a short, before powering back up. And the company responds quickly to any sub-station issues, to make sure the system reset, or to physically inspect any problems..

About 5 years ago, a snake took out my substation for 5+ days. I think you greatly over-estimate the level of monitoring and response times.

Re:Low hanging fruit

[SuricouRaven]

Depends how many minions your terrorist cell has. Speed would be essential - you need to get down as many pylons as possible before the power company realises what just happened and sends in the local police, FBI and DHS after you. So it should be a coordinated strike in multiple places at once.

Re:Low hanging fruit

[sjames]

Y2K wasn't entirely FUD. Yes, the world is ending crowd were spreading FUD, but the fact is, there was a big effort in the mobnths leading up to Y2K to fix the many very real problems. Most of the fixes were successful, but it required paying enough to get people who moved up from coding in COBOL to management years ago to go back to coding for a while.

Re:Low hanging fruit

[Neil+Boekend]

Solar flares aren't exactly FUD.
A big CME that hits earth will take out the electrical grid on the side of the planet it hits.
Problem is, it would be unaffordable to prepare for the energy that would dump into the net. The currents would be massive and unlike lightning strikes a higher placed cable isn't going to fix it. You'd need to do something like equipping all masts with a lightning arrester AND make it possible to physically short the in- and outputs for all transformers. Then the amount of igniting/exploding transformers might be manageable.

Re:Low hanging fruit

[Xipher]

Physical attacks may be easy, but attacking over network infrastructure can be coordinated without even being in the country and could take out ever target simultaneously.

Re:Low hanging fruit

[bobbied]

I failed to make my real point... Sorry...

What I'm trying to say is that any Cyber attack I can imagine is less likely and less damaging than many of the other possible issues. A CME *could* cause an extremely serious and lasting problem. But we are talking about a once in a century (or more) event, which because of it's infrequency and the "recent" technological advance we call electricity, nobody really *knows* how such an event would play out.

Personally, I'm not so sure a CME would put the grid out of operation and damage it badly enough to keep it down for long. It could be pretty disruptive, but remember that there are a lot of fail-safe aspects of how the grid was implemented to prevent damage from things like lighting, which is itself a very high energy event (at least locally). I believe that is is highly likely that a CME could take large parts of the grid off line, but I also don't believe that there will be much equipment damage, leaving us with the difficult task of restarting the grid, a process that could take weeks to fully complete in some places, but certainly not the months or years some seem to be talking about.

Re:Low hanging fruit

[bobbied]

Y2K was certainly FUD in popular culture of the day. I knew many people who had prepared for the power grid to go down for months, buying food, bottled water and storing large quantities of fuel. They knew I was an electrical engineer/programmer and kept asking me "How bad is it going to be?" My response was exactly what I'd say about a cyber attack today. Some limited outages are possible, but highly unlikely, don't worry about it.

Like all FUD, they took the first phrase and chopped out "limited" and kept stocking up. Personally, I had a few gallons of water, canned food and a propane camp stove (which I used for camping anyway). I was ready for that day without power, should the worst possible thing I could imagine actually happened because somebody didn't do their Y2K remediation work correctly. Turns out I was way over prepared.

Look, you should have a survival kit that is good for a few days anyway. Keep a stock of water, canned food (and a manual can opener) around to hold you and the family should you have to shelter in place should something happen. Might be a good idea to keep the gas tank at least half full in case you need to "get out of dodge". So why are we up in arms about some cyber attack on the electric grid? You are already prepared right?

Re:Low hanging fruit

[sjames]

Yes, that's why I said not entirely FUD.

A cyber attack has more potential to bring the grid down for an extended time than Y2K did. Y2K would have been random-like failures and would have covered limited areas. A deliberate attack OTOH would be targeted at the grid's weak spots and would be more likely to result in physical damage to critical equipment. It's not the end of the world scenario some would have us believe, but it's a potentially serious problem.

Re:Low hanging fruit

[Em+Adespoton]

If you're in Jilin province China, backing a pickup truck into a tower is going to be a wee bit tricky. Clicking a button to take out power for the Midwest? Pretty easy at the moment.

Uhh... What? Would you care to back this statement with something other than FUD and bollocks? Please educate yourself on NERC CIP.

No, I wouldn't. And I already have; and it doesn't really matter.

The issue is that how things actually exist doesn't line up with the procedures and protocols that are laid out. Sure, they're followed properly in most installations, but all it takes is one, and as we've seen, you can get a cascading failure. Right now what's protecting the grid is a combination of CIP 5 compliance, complexity, and obscurity. An attacker can overcome the second remotely and wait for someone to breach the first -- leaving the last as the final bastion of protection.

Now the reality is that to get past the last one, you either need an all-out digital assault on the infrastructure, which gives away the attacker and highlights the insecurities in a way that they can likely be protected prior to catastrophic failure, or you need a man on site to run discrete tests, such as what was done with stuxnet. But once that's done, you don't even have to be on the same continent to set off the appropriate chain of events to cause failure.

Re:Low hanging fruit

[bobbied]

Yes, that's why I said not entirely FUD.

A cyber attack has more potential to bring the grid down for an extended time than Y2K did. Y2K would have been random-like failures and would have covered limited areas. A deliberate attack OTOH would be targeted at the grid's weak spots and would be more likely to result in physical damage to critical equipment. It's not the end of the world scenario some would have us believe, but it's a potentially serious problem.

IMHO, the risk of a Y2K issue on January 2nd, 2000 was higher than a successful cyber attack is today.. (Yes, that's a full 24 hours after the 2 digit year rolled over..)

Your mileage may vary.

Re:Low hanging fruit

[sjames]

I saw a few Y2K issues on Jan 2nd.

Re:Low hanging fruit

[bobbied]

My lights stayed on pretty much the whole year before and the year after... But I suppose...

Re:Low hanging fruit

[sjames]

Did I say the issue was the lights?

Re:Low hanging fruit

[bobbied]

I don't know about you, but I've been talking exclusively about the power grid.. Which was what the original article was about.

If you want expand from there, I've seen Y2K problems as recently as a month ago. Not that it mattered that my sprinkler controller isn't Y2K aware. First of March, just pick a year that starts on the right day of the week and it will work, at lest until the end of February. All you have to do is ignore the year in the mean time.

I never said Y2K wasn't a problem, only that all the yahoos who thought the Apocalypse was upon us as we approached January 1, 2000 and the grid was going to fail and the banks where going down too, where out to lunch. As out to lunch as the crazies who are saying the same thing about cyber warfare taking down the grid now...

Re:Low hanging fruit

[Neil+Boekend]

A blown transformer can be replaced. No problem. 2000 blown transformers including the one that powers the transformer factory is a whole other matter. It would probably take years to get the system back up.

Lightning protection doesn't work as well as it seems. Lightning protection is based on short high voltage high current spikes that blow the transformer in a fraction of a second.
The low voltage "fry a transformer in an hour" DC currents a CME would inject in the system are a different matter entirely. Sure, if the cable is decoupled on both ends the voltage will rise to above the lightning arrester's breakthrough voltage and just arc the energy away but that doesn't work if the cable is not decoupled.
Currently decoupling the cables is a manual job that can not be done for all transformers in the country in the 3 days of heads up a CME gives us.

Re:Why is this crap on the internet

[K.+S.+Kyosuke]

Do you want to build a separate redundant, self-routing network of switches, identifiers, and miles of cable for your company's network, when you can piggyback on the one that's already there?

You mean the wires that are already there? If only it were possible to use the power lines to transport a modest amount of control information...

Windows and SCADA

[symbolset]

OK, that's enough nightmare fuel for one day.

Re:Windows and SCADA

[bobbied]

OK, that's enough nightmare fuel for one day.

BSOD takes on a whole new meaning..

Profit!

[eyepeepackets]

But, but...what about the poor baby profits?

Seriously, you won't see these corporations do anything like this until they are forced to do so with heavy regulations, potential heavy fines and the real possibility of criminal prosecution upon proof of criminal negligence by a prosecuting attorney.

MBA school teaches them this: costs equal profits taken out of your pocket, so anything you can do to put the costs anywhere else is the profit in your pocket. This is how they think and how they operate. This is why you don't want business running and maintaining your infrastructure.

Core competency

[PPH]

Companies want to concentrate on their core competencies. To an electric utility, IT isn't a core competency.

My power company can't be bothered to trim trees and replace rotten poles. That's all contracted out. Their core competency is collecting bills. Heck, they don't even read their own meters. That's contracted out.

So good luck with the whole 'secure the system' idea. Outages are all classified as 'Acts of God'. Maybe. I guess God has it in for corporate morons.

Re:Core competency

[delcielo]

Electric utility companies do have some interesting dynamics. Staff tend to have long tenures, so many of the plant operations folks remember days before they had to deal with IT folks to do their business. But, everybody (and I mean everybody) at this point understand the necessity and value of a strong IT staff. They may resent it, but they get it.

And, you can bet that the IT departments at electric utilities are as professional as any. Your assumption that they don't want to be good at it is utterly and shamefully false. Even if it were true, they have no choice. There's a lot going on at utility companies that these types of scare-mongering authors never talk about. She very briefly mentions the NERC-CIP regulations (glossed them over, really) without also mentioning the IT components of reliability audits, internal audits, internal exercises, external pen tests, coordinated exercises with regional entities, law enforcement, FERC, etc. Industry peer groups play a big role as well. Protecting the power grid is vitally important to us. Why on earth would it not be? We run a metered business. We can't bill if we aren't creating, transmitting and distributing power.

Is it vulnerable? Of course, as is the highway system, water, food distribution, agriculture, shipping, etc.

Now, I totally agree that NERC-CIP should be more assistive and less about pure compliance with standards; but "continuous improvement" is a concept that is constantly harped on by both staff and regulators. It's already there.

Re:Core competency

[PPH]

I work for a water utility

Public or private? That makes a lot of difference. Public utilities tend to take more responsibility for the collateral aspects of their mission than private organizations.

My local power company was a publicly traded corporation. That was bad for anything they didn't consider to be a 'profit center'. But then they fell on hard times and were taken private by a consortium of utility service providers (contractors, outside IT and engineering outfits). The core utility profit margins are kept tight by the state regulators. But the pass through charges from the contractors (unregulated) is still highly profitable. The utility is being kept on life support for the benefit of the contractors.

The remaining shell company may in fact take their security responsibilities seriously. But they are being squeezed between regulators trying to keep prices down and their vendors who sell them old technology, insecure systems. Because the new ones are expensive when provided by the vendors and there isn't enough utility staff left to do the job in house.

Re:Why is this crap on the internet

[Em+Adespoton]

Ah; but the guy down at the station babysitting the PLC probably wants to get his Facebook fix too -- so he hooks up a wireless USB stick and presto! The entire national WAN is now online....

I remember Y2K, do you?

[bobbied]

So here we go again... Some uncontrollable thing is going to disrupt our electric grid and technological infrastructure!

Just over a decade ago it was Y2K. Folks where stockpiling food, water and fuel for generators in fear that the electric grid was obviously going down at 12:00AM January 1, 2000 when all their 2 digit year clocks rolled over.

Since then, I've heard stories about people who fear an EMP that will take out the grid and are out stocking up on food, water, fuel getting ready to live without power for years..

Last week, here on slashdot, we had a story on a huge solar storm powerful enough to bring down the grid... Folks where encouraged to stock up, by food, water, fuel and prepare for weeks without power..

So, here we are today discussing a cyber attack on the power grid that could bring the grid down.... Need I type the rest?

Really? Look, it would *really* suck if the power grid in North America went down. Yes people would die and it would be a huge mess to fix with disruptions in food supplies and fuel. Of all the ways the grid could be disabled, cyber attack is the least likely and the one easiest to fix. It's unlikely to take the whole grid down unless the saboteurs where extremely crafty and organized. They would have to first find enough infrastructure to access, manage to break in, understand how all the stuff they could control was interconnected and what failures they could induce and THEN coordinate all the individual attacks well enough to actually do something more than just local damage before they cut power to enough infrastructure they needed to continue the attack. How all the infrastructure is connected and interrelates are not easy problems to solve.

We have bigger fish to fry than fearing some mythical cyber attack on infrastructure like the power grid. I won't say it will NEVER happen, but you are talking about something that his bordering on impossible. This is like Y2K. A bunch of Chicken Little's that don't have a clue about how things *really* work or how resilient things really are overall, stoking up panic over small things. So, go stock up on food, water and fuel, just don't do it because you fear some cyber attack on the power grid.

Re:I remember Y2K, do you?

[SuricouRaven]

The EMP people tend to be a bit silly. They have no idea how an EMP would actually work or what it would do, and often end up doing silly things like making sure their torches are packed in metal boxes so the pulse won't somehow damage the electronics.

Re:I remember Y2K, do you?

I'm going to don my tinfoil hat here. However, people forget regions like Katrina hit areas and places where power goes down and stays down.

Until the national guard came in after Katrina, there were marauders taking everything a person had, and if they couldn't smash, shoot, or bully their way into a house, they torched the place.

Now, picture this on a regional basis. Most grids are interconnected except for ERCOT (and who wants to touch Texas power.) Something that brings a grid down and keeps it down for more than a few hours will end up turning into riots and looting.

Once the food truck and grocery stores are inop for more than three days, people will think they are starving... and will go batshit. Donner party anyone? There won't be escape by car since people will have run out of gas due to the grossly neglected roadways in most places that are way overcapacity normally. (Houston had people having to leave their cars when an evacuation was called three days earlier due to a hurricane.)

Yes, this sounds like prepper stuff, but if you look at regions that have had protracted power outages in the US, you will see that they devolve into government by the gang with the most firepower until the national guard is called in. If this is spanning states, people will die by the millions.

So, a grid down event on a wide scale is a major thing.

Re:I remember Y2K, do you?

[PPH]

Something that brings a grid down and keeps it down for more than a few hours will end up turning into riots and looting.

Try days or a week out where I live*. Nobody riots. Everyone has a camp stove and supplies. Many of us have gensets and don't even notice the flicker when the power goes down.

The local power company no longer has the staff to maintain their own system. Its all done by contractors or surrounding utilities sending in help. And I don't live in some backwater hick town. I can spit on Bill Gates' house** from my place.

*No cyber attack required. Rotten poles fall over. In fact, we could never tell the difference between a major terrorist attack and normal utility operations.

**Having worked for electric utilities in the past, I am shocked and surprised at the poor shape their systems are in. Even right out in front of Mr. Gates modest hovel.

Re:I remember Y2K, do you?

[angel'o'sphere]

if (xx00 > yy99)
      payOut100YearsOfSavings();

no payment

if ( 2000 > 1999)
      payOut100YearsOfPayment();

Wow, even after expanding the second example, it is still buggy.
What you think how many Y2K bugs I have fixed?
What day was 27th of december xx01? Monday, Sunday? Certainly 1901 was a different day than 2001. So ... does your elevator - which is shut down on sundays - work at 27th of december 2001, which is mistaken for 1901?
Claiming Y2K was FUD is biggest idiotic thing I have ever heard.

Re:I remember Y2K, do you?

[Darinbob]

Y2K was indeed going to be a problem. But there weren't too many serious problems precisely because people did something about it. There was enough warning that there was some time to solve things. In 1996 even we had some Y2K problems. The myth was that things would suddenly die at midnight on 1/1/2000 which was not what Y2K was all about.

Re:I remember Y2K, do you?

[bobbied]

Y2K was indeed going to be a problem. But there weren't too many serious problems precisely because people did something about it. There was enough warning that there was some time to solve things. In 1996 even we had some Y2K problems. The myth was that things would suddenly die at midnight on 1/1/2000 which was not what Y2K was all about.

But that's what the "prepers" of the day latched on to as justification of their stocking up binge. It was FUD, propagated by people who over estimated the risks and the effects of problems and under estimated our ability to mitigate the issues that *might* have come up at 12:01 AM January 1, 2000.

Fear and uncertainty of a possible Cyber attack is being used the same way and in my mind with even less justification. Is is an issue for the grid operators to look at? Sure, but it's not a huge risk, and I'll bet my electricity supply they already have been looking and fixing this issue where it counts most for decades now.

Re:I remember Y2K, do you?

[bobbied]

.... I was claiming that the FUD about the Y2K bug taking down the electric grid or doing away with society as we know it was FUD...

Example code aside, how many *real live* issues have you seen from Y2K bugs that didn't get fixed? None worth mentioning? None that caused the loss of life or property. Yea, me too. I got nothing either. Seems the *problem* got fixed for the most part.

Re:I remember Y2K, do you?

[angel'o'sphere]

What nonsense is that?
The problem got fixed and that is the reason it is FUD?
If the problem had not been fixed ... what then?

There are hundreds of scenarios where life indeed was in danger ... but luckily the 'bugs' got fixed in time.

Re:I remember Y2K, do you?

[bobbied]

Really?

I'm comparing the historical FUD that came BEFORE January 1 2000, with what I'm calling FUD about cyber attacks today. Come on it's not that hard..

Re:I remember Y2K, do you?

[angel'o'sphere]

It is hard, as before 2000 it was no FUD.
About current day cyber attacks I have no opinion.
Except: would take me 5 minutes to cause a USA wide power outage. Well, worst case 50 ... in fact every one with google skills likely needs less than 24h to figure how to take it down. I would call that a serious thread and not FUD.

Re:I remember Y2K, do you?

[bobbied]

It is hard, as before 2000 it was no FUD. About current day cyber attacks I have no opinion. Except: would take me 5 minutes to cause a USA wide power outage. Well, worst case 50 ... in fact every one with google skills likely needs less than 24h to figure how to take it down. I would call that a serious thread and not FUD.

If 50 min is all it takes, then why as it not happened? Surely there is some nut job out there crazy enough to do it and smart enough to pull it off. Surely... It's not like all the folks in the middle east are somehow stupid, and a lot of them have serious issues with the USA and would love nothing more than to put us all in the dark, if even for a short time. Wide spread outages, caused by somebody hacking, simply have not happened. Why? If it is so easy, surely somebody would have tried it by now because there are a lot of smart people out there who would be willing to do it.

I strongly suspect you are making stuff up now.. So this is where we stop.

Re:I remember Y2K, do you?

[angel'o'sphere]

There are likely not many people that have any interest in taking out the power grid.
Just like many people have no interest in randomly killing neighbours.
Just because it can be done it does not mean there are people out there mad enough to do it.
The next thing is: you need access to a computer (an important, not a random one) on the network of the power company, that means physical access. Obviously a computer involved in controlling a power plant is very unlikely to be reached via the internet.

Re:I remember Y2K, do you?

[bobbied]

We have been discussing a cyber attack on the power grid Just so it's clear..

There are likely not many people that have any interest in taking out the power grid.

We part ways on that statement. There are *countries* where you would be hailed as a hero if you did this. Countries where they would gladly pay great sums to anybody who could actually *do* this at their bidding. So I hope you see how wrong you seem to me on your above statement.

Full stop now... Don't think we are getting anywhere now..

Energy Control Systems Online?

[BoRegardless]

After 10 years of HEAVY security articles & discussion, remind me again why ANY critical infrastructure SCADA system should be allowed to be online?

Come on now. Why? Are we talking total incompetence at the top of these orgs and their watchdogs?

Re:Energy Control Systems Online?

[mlts]

I wonder what ever happened to the concept of the data diode. That way, stuff can be monitored... but it would take someone physically there for action [1]. I've done this on a low bandwidth basis by using two machines on physically separate networks, a serial cable that has one line cut (so it could only send signal one direction), syslog on one side, and a redirect from the serial port to a file on the other side.

[1]: Of course, this isn't 100%, someone can pretend to be a manager or upper muckety muck, but it is a step up from a remote attacker just typing in blkdiscard /dev/sda on an embedded machine that got exploited.

Re:Energy Control Systems Online?

[PPH]

I wonder what ever happened to the concept of the data diode.

Many SCADA systems are inherently bi-directional. Some controller monitors system parameters. It then returns feedback to control the processes. Or it forwards them upstream for human attention and intervention.

You could try to 'air gap' such a system from the Internet. But the guy carrying a laptop around to update PLC firmware is going to use it to check his company e-mail. And eventually, the CEO is going to send out one of his/her missives company-wide over the cocktail lounge WiFi at the golf course. Now you're screwed.

Air gaps didn't do Iran much good against StuxNet.

Re:Energy Control Systems Online?

[jbrandv]

Easy answer, money and greed. The corporate overlords want more money not more security they have to pay for.

end the gridlock

[jcomeau_ictx]

there is zero need for a grid any more. wind power has been under a dollar a watt for years, and PV panels for about two years now, and I'm talking about consumer prices. the only thing keeping people from installing their own sources of electricity is laziness.

Re:Why is this crap on the internet

[pixelpusher220]

Presto nuttin. Disabled USB ports don't give you much

Re:Why is this crap on the internet

[pixelpusher220]

To paraphrase a bit:

Those who give up some security for some efficiency deserve neither.

Seriously, you don't engineer CRITICAL INFRASTRUCTURE to be insecure simply because you don't want to run 2 sets of wires. It's simply a cost of doing the job correctly - which we haven't yet.

Re:BFD

[AK+Marc]

They traced most of the "big blackouts" down to a single line failure, and cascade failures after that. That should demonstrate the fragility of our grid.

Re:Why is this crap on the internet

[gmhowell]

Ah; but the guy down at the station babysitting the PLC probably wants to get his Facebook fix too -- so he hooks up a wireless USB stick and presto! The entire national WAN is now online....

And the next day, he finds a pink slip waiting for him.

Lack of US Cybersecurity Across the Electric Grid?

[DTentilhao]

"ECGI is recommending the creation of a new, industry-supported model that would create incentives for the continual improvement and adaptation needed to respond effectively to rapidly evolving cyber threats"

How about not connecting your Electric Grid directly to the Internet ..

Article and Associated Reports Misunderstand

[jofny]

That article and the sources it references fatally misunderstand both the nature of cybersecurity as a large scale problem space and the paths to improve the situation.

First, cybersecurity is inherently a business management problem - how the business itself operates is what introduces vulnerable systems (whether through purchasing decisions, operating maturity, development, HR, market timing, financial trade-offs, user awareness and responsibility management etc.). Even if the rate at which those vulnerabilities are introduced by the business remains constant, increasingly connected and complex systems assure that the vulnerable space will increase is the overall business - not just the dedicated cybersecurity functions & capabilities are improved. It will become, if it hasn't already, functionally impossible to resource cybersecurity in a way that keeps risk down to limits we find acceptable. In other words, train up all the security people you want and create all the security specific standards you can - unless you standardize and base business environments into predictable patterns, those security efforts will continue to fail.

Second, because of the deeply embedded business nature of the problem (only the symptoms of which are really technical), any external organization that comes in to try and help "fix it" will face substantial challenges - telling an independent organization that it must change the way it makes money fundamentally in order to meet theoretical and apparently-to-non-security-folks abstract risks doesn't go far quickly and involving government in any way assures that the conversation will stay as log jammed as it has been. There has to be a DEEP culture change that involves planning for long term business maturity, and that is almost antithetical to the culture in the U.S.

Third, there ARE organizations and programs that are and have been attempting this. This stuff isn't "new", just the reporting on it is - journalists rarely investigate this stuff beyond what it takes to write a succulent story. (I work for one of those organizations.)

Fourth, for all of the talk about all the "attacks against the grid" as opposed to other attacks, there is almost no information provided of useful analytical value. How much are other sectors looking? What kind of attacks are these? Real? Automated? A function of being on the internet at large? Etc. etc.

Finally, for all you "air gap" people - get with reality. There are no air gaps. Anywhere. Data moves across systems - whether they are connected by technology or not. If you're someone who is seriously attempting to interfere with critical infrastructure operations, you know this, know how to exploit it, and have the time/resources to do so.

Ditto ...

Used to do "threat assesments" for commecial nuclear plants as part of modification packages while a staff EE; easy as falling off a log to break the distribution and transmission systems with 'rocks and sticks' technology, harder-n-hell to break a power plant from the outside in a way that the shutdown systems can not prevent major unrecoverable damage ... OK, true only if the "operators" keep their damn hands in their pockets.
This newly discovered vulnerability IS well understood by almost every EE I have worked with, who was an actual utility employee doing Engineering NOT MLM, this transmission system as the most vulnerable part of the industry is NOT a new thing.

Re:Why is this crap on the internet

[Em+Adespoton]

Ah; but the guy down at the station babysitting the PLC probably wants to get his Facebook fix too -- so he hooks up a wireless USB stick and presto! The entire national WAN is now online....

And the next day, he finds a pink slip waiting for him.

You have much faith in his local IT managers and their managers... I've seen places run for months with such a setup with nobody noticing... and then when something happens as a direct result of the rogue router, it still takes significant time to isolate it and take appropriate steps. Sometimes, the guy who set up a system like this doesn't even work for the company by the time they realize what is wrong. This despite the fact that on paper, it should be as you say -- something logged and flagged up, resulting in a pink slip less than 24 hours later.

Re:Why is this crap on the internet

[gmhowell]

It was actually wishful thinking rather than faith. I've seen the same things you describe. I've also seen where things like this are swept under the rug forever. Then, the root cause analysis comes back and people flip shit because nothing was done about it in the past. Well, nothing other than ignore the recomendations of us morlocks...

Re:http://www.linuxadvocates.com/

[INT_QRK]

What do avocados have to do with linux? Avocados have pits, for goodness sakes, not kernels. Makes no sense.

Squirrels

[ShoulderOfOrion]

And birds. Those are the true power-line terrorists around these parts. They create massive power grid outages regularly. They also like to start brush fires with their suicidal attacks.

Re:Why is this crap on the internet

[jbrandv]

Why does anyone, anyone whatsoever, think that attaching their critical national energy infrastructure is a good idea?"
Easy answer, money and greed.

Re:wow. they can't read directions.

[jbrandv]

Easy answer, money and greed.