Slashdot Mirror

← Back to Stories (view on slashdot.org)

Securing the US Electrical Grid

Posted by samzenpus on from the locking-things-down dept.

An anonymous reader writes The Center for the Study of the Presidency & Congress (CSPC) launched a project to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather. In this interview with Help Net Security, Dan Mahaffee, the Director of Policy at CSPC, discusses critical security challenges.

21 of 117 comments (clear)

  1. Great way to waste your money by Anonymous Coward · · Score: 3, Interesting

    The best thing they could possibly do to protect the electric grid is to figure out how to make it not an electric grid. Because right now, J. Random Asshole can get in his pickup truck, drive 50 miles to some tower in the middle of nowhere, and cut it down with tools you can get at any construction supply store. Taking this one tower down would take out power to most of the East Coast.

    Or you could simply do nothing, because the power companies are doing a great job screwing things up on their own.

    1. Re:Great way to waste your money by bobbied · · Score: 5, Insightful

      I figured I'd pipe in and call your idea stupid, but I thought better of it. Let me show you why we have a grid..

      Transport of power - The power grid is designed to transport power from where it is generated to where it is used. This means we can use hydroelectric power without having to build our houses and businesses near the dam. It also allows us to transfer power from regions where there is generation capacity to regions where power is needed.

      Efficiency - Efficient power generation is easier to achieve on an industrial scale, and the ability to put the plant near a fuel source saves transportation costs. It also lets us use the more efficient generation plants from other regions when power is available.

      Redundancy - The power grid provides redundant paths for power to flow from where it is generated and where it is used and it also provide the ability to have multiple generation plants providing power so the failure of one plant can be made up by the rest.

      The problem you are going to have with "remove the grid" idea is reflected in all of the above. If you need reliable electrical power, you have to keep the grid. If you want efficiency, you need to keep the grid. If you ever need more power than can be generated locally, you need the grid.

      I'll conclude with this.. If you want to keep using all the things that make modern life possible, you need reliable, efficient and abundant electrical power and that means you need the grid. Unless of course you don't mind giving up modern life, which I consider a stupid idea...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  2. Cyber is easy, EMP is possible by gurps_npc · · Score: 4, Insightful
    Cyber is easy - simply no direct connect to the internet. Anything less is effectively nothing. Anything more is not needed.

    If you have data that you absolutely positively must have accessible via the internet, set up a dial and point an internet connected camera at the dial.

    EMP pulse is not hard - we know the basics of shielding.

    Sabotage and weather are however not easily defensible. No matter what we do, we can't provide complete protection, but we can do pretty well.

    --
    excitingthingstodo.blogspot.com
    1. Re:Cyber is easy, EMP is possible by Charliemopps · · Score: 2

      EMP pulse is not hard - we know the basics of shielding.

      The entire US electrical power grid is unshielded. Every single one of those wires is a direct conductive link into every electronic device in America. You would need to shield those lines to prevent EMP damage. On top of that, the amount of shielding required to prevent a decent EMP is huge. They tried putting it on Ragens airforce 1 in the 80s and it made the jet so heavy it couldn't take off. I think they eventually figured it out, but the point is, it was not an easy task.

    2. Re:Cyber is easy, EMP is possible by mdsolar · · Score: 2

      Seems like this project would help: http://westfaironline.com/6503...

    3. Re:Cyber is easy, EMP is possible by Charliemopps · · Score: 2

      I think you have a fundamental misunderstanding how EMP's work on electronics, large circuits (Transformers, power lines, generators, etc) are virtually unaffected by EMP's as the additional voltage introduced is insignificant compared to their operating voltage. The issue is very small electronics that are susceptible to even the smallest change in their voltage input. The only way that these larger systems are effected is if they have control systems that utilize computer chips. As long as you shield the IC chips (the chips physically and regulate the voltages being supplied to them) everything else (transistors, resistors, transformers, batteries, etc) usually doesn't need any form of shielding.

      Sorry, you've been mus-informed.
      http://www.nasa.gov/topics/ear...
      Canada has power outages all the time as a result of Solar Flares (basically natural EMPs) The pulse hits the grid everywhere at once creating a spike in voltage that affects everything attached to the grid. Because Canada is tilted more towards the sun than we are, they are more susceptible.

    4. Re:Cyber is easy, EMP is possible by judoguy · · Score: 4, Interesting

      Cyber is easy - simply no direct connect to the internet. Anything less is effectively nothing. Anything more is not needed.

      Not that easy. I worked for a company that did just that. Air gapped completely. We sneaker netted the web orders, etc. back and forth between the internal system and the outside world. Huge pain in the ass, but secure.

      When we had to be certified as PCI compliant by our auditors, they wouldn't. Said that the air gap was a security risk! Made us connect and go through the hoops with more firewalls, et al., to be certified so we could stay in business.

      I will NEVER believe that they are more secure now than before. We checked the sneakernet data for SQL injection, ran AV, limited removable media to a few trusted and audited employees and so forth. But in the end, we had to get that PCI cert or our bank would refuse to do business with us.

      --
      Peace is easy to achieve, just surrender. Liberty is much harder get/keep.
  3. INL working on these issues. by Mr+D+from+63 · · Score: 2

    They have some pretty sharp folks working on grid security at INL. While I've seen some disturbing government R&D waste in many areas, this is actually one where I have been highly impressed.

    Meanwhile, the US grid has been quite reliable overall throughout the years, and the few major events that have caused large disturbances have been analyzed in detail so the preventative measures can be taken.

    1. Re:INL working on these issues. by HornWumpus · · Score: 2

      Cascade failures always come down to the same thing. Insufficient spinning/ready reserves. We know how to fix it. But it's cheaper just to let it fall over once every 20 years.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    2. Re:INL working on these issues. by tverbeek · · Score: 2

      The US grid is "quite reliable"... by third-world standards. I live in a city of a quarter million, and my power goes out for 4-24 hours at least 3 or 4 times a year. Every thunderstorm that blows through leaves me wondering if I'm going to get to test the UPSes on my home servers again that day.

      --
      http://alternatives.rzero.com/
    3. Re:INL working on these issues. by Obfuscant · · Score: 2

      The US grid is "quite reliable"... by third-world standards. I live in a city of a quarter million, and my power goes out for 4-24 hours at least 3 or 4 times a year.

      You think that's third-world? You mean the world where people go to neighbor's houses on a regular basis to recharge their cell phones because they don't have power themselves and the neighbor has a solar panel and a battery? And a large philanthropic effort makes headlines because it designs laptops that mesh network (to get around no network infrastructure) and have hand-cranks so they can charge the batteries?

      I knew someone from India who told us about his house and that they shut the power to the whole city off EVERY NIGHT.

      Wow. Three or four temporary outages a year, and you think that's a grid issue. Call the power company and get your money back.

  4. Reinventing Fire by mdsolar · · Score: 4, Informative

    The book "Reinventing Fire" by Amory Lovins goes into detail in how to make the grid less vulnerable to inclement weather (including space weather). "Finally, letting distributed generators compete and interconnect fairly could nearly eliminate blackout risks by organizing the grid into local “microgrids” that normally interconnect but can stand alone at need (“islanding”). This resilient future, already demonstrated in about 20 experiments worldwide... " http://www.rmi.org/electricity

    1. Re:Reinventing Fire by Mr+D+from+63 · · Score: 2

      Lovins repetitively misses the underlying issues with his solutions. Just look up his Hypercar predictions, or backyard microturbines. Despite those laughers, he continues to be popular amongst the extreme greens simply by telling people what they want to hear.

    2. Re:Reinventing Fire by mdsolar · · Score: 2

      I know you don't like to listen to what energy experts have to say. Would have helped with Katrina or Sandy though.

    3. Re:Reinventing Fire by HornWumpus · · Score: 2, Funny

      You don't know what you're talking about. I _am_ a grid expert. I've forgotten more about the grid then Lovins knows.

      He is of the category of cranks that believes 'If you just do what I say, ignoring costs, everything will be great!' Adults ignore him.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    4. Re:Reinventing Fire by mdsolar · · Score: 2

      Read the book. There are things being done about those issues.

  5. Re:air gaps by mlts · · Score: 4, Interesting

    Nothing is 100%, but an air gap will force a black hat to either get someone physically on site, do some social engineering, or find someone that they can control to do their work for them.

    By keeping stuff off the Internet, either air gapping or having a separate network with tightly controlled access points (or perhaps even something like a data diode [1]), it blocks all but the most well-heeled attackers, and big firms/governments are well adapted to deal with physical threats far more than stuff coming via the Internet.

    [1]: I've taken two machines, each on a different network, plugged in a serial cable with one of the lines cut (so bits only moved one way), then used syslog on the secure network, and redirecting the port's output to a file on the insecure network. This wasn't fast, but it got data to people who needed it, while keeping stuff on the secure side off the Internet unless someone physically accessed it. A true data diode does the same thing, except faster... however expensive. As a hack, a dedicated line-level Ethernet tap might be something to be used because the computer plugged into the mirrored port will be unable to change or reply to the network stream coming from the secure side.

  6. Solar is helping in California by mdsolar · · Score: 2

    "Somebody ought hand renewable energy a cape and be done with it...." http://grist.org/news/solar-is...

  7. Assume it isn't secure by EmperorOfCanada · · Score: 3, Insightful

    The worst thing they can do is to secure it and then depend upon the security working. Thus the system should be designed so that if it is hacked every other Monday that it can survive. There have been a number of recent (last 20 years) events that have shown that single points of failure can have devastating effects. So make sure that if terrible things happen that a lesser grid can be maintained manually.

    A great example of this would be a local grocery store chain's SAP system failed shortly before Christmas(some years ago). They were so dependant upon it that their ability to order stuff and manage inventory was pretty much non existent. So the store ended up looking like some kind of soviet grocery store where the only goods on the shelves were pretty much those that are managed by the distributors themselves; things like milk.

    This grocery store hopefully has learned from this and now has some kind of manual backup plan where a store manager can actually phone in his orders and crudely manage the store's needs in the case of another serious computer outage.

    The same with the grid. Ideally they set some sort of minimal functionality emergency plan whereby humans can crudely manage the system as opposed to a system that either works perfectly by computer or doesn't work at all.

    But I worry far less about hackers and far more about system design failures and Carrington events.

  8. US Government is the Biggest Attack Vector by anorlunda · · Score: 2

    If NSA has installed weaknesses and/or back doors into most commercial hardware and software globally, then everyone, Al Qaeda, as well as power companies, use the same stuff.

    Ask any security manager. He'll tell you that we must assume that bad guys will eventually learn how to exploit those weaknesses and/or back doors, leaving us highly vulnerable to attack.

    The Cyber Command wing of NSA has the responsibility to assure that they can successfully attack any enemy, any time. They can not know now who that future enemy might be. Therefore, the only way they can be assured of accomplishing that mission is to make sure that no computer, no IT operating anywhere on the planet is really secure. I fear that they are planting the seeds by which bad guys can attack the power grid in the future.

  9. "Inclement weather" by matbury · · Score: 2

    I reckon "inclement weather" will turn out to be the most disruptive force on electricity production and supply. Firstly, drought will starve coal, gas, and nuclear power stations of the huge amounts of water they need to run at all. Secondly, warmer water in water sources may make cooling less efficient for nuclear power stations (and possibly a danger in some cases). Thirdly there's a higher and growing risk of extreme weather events; floods, flash floods, droughts, tornados, hurricanes, and ice-storms. Just think of the more recent extreme weather events but more extreme and more frequent.