Slashdot Mirror
Domestic Terrorists Could Use OSINT To Pinpoint US Substations For a Blackout (darkreading.com)
An anonymous reader writes: A project called 'Gridstrike' found that free and publicly available information can be used to determine the most critical electric substations in the US, which if attacked, could result in a nationwide blackout. Researchers from iSIGHT Partners used a combination of publicly available transmission substation information, maps, Google Earth, and grid congestion documentation, and drew correlations among the substations that serve the top ten cities in the US. They ID'ed 15 substations that if attacked and knocked offline would result in a nationwide blackout, they say. Their research took the spin of whether a homegrown terror group with little funding could get this crucial information. The study was inspired by the 2013 Federal Energy Regulatory Commission (FERC) study in 2013 that found that attacks on just nine electric substations in the U.S. could cause a blackout across the entire grid.
That's what you get when you let your critical infrastructure design by entities that care more about profit than providing that critical infrastructure.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
One should ponder upon this http://www.cybersquirrel1.com/ might it really be the time to stop being afraid and not buy into the fear mongering going on all over the globe ?
All Trump jokes aside, it worked and the only way terrorists are getting in is social engineering or a drone delivered bomb.
Here's an example of one I saw by a Meijer while visiting family this holiday: https://www.google.com/maps/@42.5377077,-83.1838428,3a,75y,103.25h,84.91t/data=!3m6!1e1!3m4!1sX2tgS8AwSpo7QlxFj2Q3jQ!2e0!7i13312!8i6656!6m1!1e1
Who wrote this summary???
and then vandalize wikipedia.
I need help.
magnet:?xt=urn:btih:4b2f4139c20b4064f06570dbefd4eb102533556d&dn=Spartakus+and+the+Sun+Beneath+the+Sea+1985+ENG+RUS+FR+HUN+%2836+pa&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969
Planned attack? It doesn't need that, just a couple of accidents or screw-ups at the same inopportune times. One mistake by a rookie engineer in Arizona took out the grid for most of southern California. One or two more mistakes or equipment failures while they were still trying to recover from the first one could've seen the entire grid west of the Rockies go down. And the main cause is frankly the profit motive: for the sake of efficiency and cost-effectiveness the generation and transmission companies have eliminated the majority of the redundancy in the system and put off expensive maintenance and upgrades as long as the system wasn't failing during normal operation. It wouldn't take a group of terrorists, just a couple of maintenance engineers more interested in getting home for dinner than in following every rule to the letter or system operators who haven't had their morning coffee and are still a bit groggy.
Never email donotemail@WeAreSpammers.com
Who the fuck wrote this shit??
Well, if the terrorist crashing the planes into WTC instead had crashed them into the key nodes in the grid the effects would have been a lot worse. Then imagine that done timed to an extreme cold spell - that would cause a lot of water pipes to freeze and crack.
But also realize that it can still happen. Many electrical grid nodes don't have much personnel on site - if any at all, most of them are controlled remotely and are only monitored by cameras.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
SARCASM_ON:
Because it tells you where to find the leaning tower of pisa, therefore you do now know how to damage the itallian economy by demolishing that building.
Threat cleared:
I call for a ban on all travel maps therefore nobody will be able to find these places.
More Threats
I call for a ban on teaching geography!
The maps show industrial buildings, transport infrastruture and natural resources!
SARCASM_OFF:
OSINT, INTINT, TINTINTIN
So long for calling public accessable information and teaching material OSINT, I call bull shit on this try to infiltrate the common language with this intelligence "cool" style new speak!
the solution to this is to completely decentralize our power, virtually destroying "the grid" by putting solar+battery at every home. it wont work for absolutely everyone but it will work for the vast majority of people. it comes with nice side effects too: it will cause people to buy more efficient electronics, lower the price of solar panels, devastate the coal/gas industry which in turn will cause a massive reduction in CO2 emissions and result in fewer mountain tops being blown up.
so you get security, energy independence, massive pollution reduction and preserving the environment. what's not to like? oh yeah, it doesn't pay congress critters to stay in office, so it wont happen. #BanCongress ;-P
Anons need not reply. Questions end with a question mark.
Everyone involved in publishing this article is stupid. From TFA, to submitter, to the editor who submitted this.
"Terrorists" want "terror". They want to kill people, they want smoking buildings and bombed, shot cars and a whole lot injured and dead people. That causes terror. YOU have to fear you will get shot/bombed when you leave the house, go shopping, go on a vacation. That is achieved by maximum terror.
They do not want to "effectively damage the infrastructure". That is what a solider would do to achieve a military goal. Yes, it would be smart and effective. Some people might die (e.g. in hostiptals), the economic damage would be massive - but it surely would not be terror, for most of us it would be "annoying".
They are called "Terroists" for a reason and not "Annoyoists".
Furthermore: there might be smart planners behind terror attacks, but mostly it is the ideologists and strategists who are actually pretty smart. Most terrorists are actually not smart.
The usual terrorist gets a gun or a bomb by his supervisor and is shoved out of the door to do his terror. The smartest ones so far we had were those who were able to fly planes. And even that scores relatively low on the "Hollywood List of Creative Terror-Plots".
1. Terrorists want terror. Attacks on the infrastructure per se are not "terror".
2. Most terror groups are too stupid to pull a coordinated attack on "infrastructure" off.
IF infrastrcuture (traffic, airports, trains etc) is hit it is NOT about the infrastructure but about the "terror" on the population.
Go away with your fearmongering!
work even if an event like Northeast blackout of 1965 https://en.wikipedia.org/wiki/... could happen again. The still slightly separated and distinct grids are pushed to the limits and beyond thanks to poor design, lack of national planning, errors, over usage and the important sites per state, city stays up even when the grid power fails locally.
When the US grid fails locally most of the federal and important sites have really well designed, bespoke deep back up power. Inner city ares might not have power, some folks might do stuff in the dark, banking services might not work but the US mil bases, larger teaching hospitals, well guarded gov and mil storage site, bases will be just fine.
Why? They suffer black out and brownouts every decade due to a lack of local grid reliability.
Most of the security cleared shift workers have trained for years about what to do when a really unexpected event occurs. Stay at work, traditionally expect a land line phone call or pager or other contact if away from work or just return to work by default if no contact is made due to total power loss.
The shift at work can manage until their expert co worker drive in just as trained.
Most advanced nations have kind of "trained" their vital infrastructure staff for all kinds of strange events over different decades.
The USA has had several different larger events eg 1965 or 2003 https://en.wikipedia.org/wiki/... that have given decades of standard operating procedures to a total power loss events over hours, days or much longer per state, region, city, federally.
What happens next? The faults are traced back, contractors have staff, funds and equipment made available just like during a really big storm, flood or other state wide event.
A new narrative of spending more on some expensive tech, enlarge or grant more hidden powers to the federal bureaucracy, enrich foreign contractors with a US front company to "rent" a fancy security new solution is always interesting.
"Substations" are deigned to be isolated, fixed and are really well understood by gov, private sector owners and operators. Every part of the grid can turn off, on and be fixed over time. Just as its fixed during normal maintenance or after unexpected big storms or massive once in a generation floods, weather... or after another brownout https://en.wikipedia.org/wiki/... .
Domestic spying is now "Benign Information Gathering"
Yo dawg, I heard you like fear, so I got some fear to put on top of your fear next to your fear....
I went to a DHS conference in Boston a few years after 9/11, and it was a wall-to-wall exhibition of all the crazy ways the bad guys were going to get us. Grid attacks, bus attacks, backflushing municipal hydrants with poisoned water, poisoning drinking water supplies, spraying anthrax on the lettuce in the supermarket. 99% of it were "weaknesses" conjured up by security researchers to get some money from the golden spigot labeled DHS.
The DHS basically put the brakes on this and started demanding solutions, not a laundry list of insane attack vectors.
The upshot is, any reasonably complex distribution system will have security vulnerabilities, dependent on the definition of "vulnerability". Some "vulnerabilities" are highly improbable, difficult to exploit, and only cause temporary or low-level disruption. Other vulnerabilities are obvious, easy to exploit, and will take down society. Without getting hysterical about it, the sensible thing to do is to make the vulnerabilities hard to exploit i.e. get infrastructure control systems airgapped and off the fucking Internet (duh). Make the system fault tolerant - if they do blow up something, have a means to contain it.
Can we do this and get on with our lives, please? These vulnerabilities have been talked about for decades, we know what the solutions are, but no one wants to pay for it. Industry and government are staring at each other expecting the other to pick up the tab. If that is the situation nothing will get done, ever. Critical infrastructure needs to be nationalized so it is clear who is in charge of maintenance and security. Industry won't pay unless it hits their bottom line.
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
From
- using Google Maps and Earth?
- Actually getting their friends in the US to drive around and map these critical installtions?
- buying large scale maps
Storm in a teacup if you ask me.
At least within the borders of the US, terrorism is clearly minuscule. Our infrastructure is in general fragile and unprotected. Even major metropolitan areas have choke points of just one or two substations which could easily be destroyed by anyone with a little ingenuity. This doesn't happen, even though this has been the state of affairs all along.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Your synopsis and assessment were perfect, and then suddenly you swerved off the road and into the weeds with that bit about the "need" to nationalize the grid.
There is no doubt about who is in charge of maintenance and security. The owners of that section of the electrical generation and distribution system are responsible for its maintenance ans security. They know this well, and will be the first to point this out. They also answer, on a high level, to state level public service commissions.
With reasonable care, which I feel many or most do exhibit, there is not large scale wide area risk, just the fear mongering that you illustrated. If Los Angeles or New York get blacked out, it will be a significant inconvenience, especially for those, possibly millions, sitting in the dark for a few days. It might even spill into a larger economic impact in so much as Wall Street being impacted. But, it certainly won;t be the end of the world. People everywhere else; Dallas, Seattle, Chicago, Miami, Denver, Minneapolis, San Francisco... They aren't going to notice and the country will continue on just fine.
Nationalizing the grid, making a distributed system into a centrally controlled and government mismanaged system would be a spectacularly bad idea.
"We were extremely concerned about the amount of publicly available information"
Then you're "concerned" about the wrong thing. Any idiot driving down the road can see "Oh, there's a huge substation with lots of power lines coming out of it, its probably important". "Hiding" it by removing its existence from public documentation doesn't do a thing to improve safety/security. Fixing the issue entails actually FIXING it, not hiding the fact that a problem exists. Build more backup substations, install more circuit breakers and improve power plants to endure unexpected spikes/drops in electrical usage coinciding with disasters both man-made and natural.
Just one problem with your plan...it won't work. There simply isn't enough energy hitting most places to do what you claim.
Linux, FreeBSD,and OS X are all much better.
This is much less a weakness to terrorism and much more a weakness in the infrastructure system in its inability to fail gracefully.
If you actually read the article it goes on to say "...never publicly revealed the crucial substations ID'ed by FERC for obvious reasons, nor does iSIGHT plan to disclose publicly the ones it found...."
So they never publicly revealed the "crucial" substations, have done nothing to make them less "crucial" (I think they mean critical) and have no plans to "disclose" (I think they mean reveal) the ones they found.
This is either a spoof of a 1980s evil-soviet-Russia-movie or something because if it's real it has to be the STUPIDEST LAMEST excuse for secops people not doing their jobs rights.
This shouldn't be hidden "because oh no bad guys will find it" but rather "good guys might say oh no wait wtf really???"
Ehud
That's what you get when you let your critical infrastructure design by entities that care more about profit than providing that critical infrastructure.
I'm eager to hear your discourse on capital expenditures in the electricity industry, and how increased redundancy would impact the electricity bill of the average homeowner and business. I assume you have an in-depth analysis, including a prepared power point slide, that includes extensive analysis in this area.
Or maybe you just wanted to say "HAHA Look how much smarter I am than EVERY utility in the country, and how much smarter I am than EVERY public utilities commission in the country. I'm not in a position to decide how limited resources are best spent, but I can make snarky comments about the people who bear this responsibility!"
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
Instead of stupidly terrorizing yourself with fear, anxiety, and stress, there's what you can do about it (I wish every story had a section like this):
1) When you're done with that milk/juice bottle, wash it out, near fill it with water, then put it in your freezer and forget about it. When the power goes out, the ice will help keep the freezer cool. If you end up with water supply issues, you'll have a minor store of fresh water to drink too. If you have the room, make a couple ice bottles. Do the same in your fridge too.
2) Make sure you have enough winter clothing + blanks to survive the coldest days and nights in your area.
3) Keep some long-term food that doesn't require cooking to eat. Make sure you can manually open the packaging.
4) Know basic first aid and basic self defense as nowadays you won't be able to call for help with the power dies. Not that you should ever rely on 911 for anything. At anytime they could be too busy to get to you and even then, you'll have to deal with whatever it is before calling 911 anyway.
5) Don't worry about being unable to contact your loved ones. If you guys can't handle being out of contact for a few days or longer, you're really immature.
6) Handling special life support systems are specific to those systems so I can't go into those and most people don't have them anyway.
7) Keep a months supply of cash in your house for basic needs like buying food and water. You likely won't have access to banks and may have trouble paying bills (but hopefully the companies will have trouble too and won't charge everyone late fees. You could auto-pay, but I never trust companies to charge me properly and correcting bad charges is harder than not making them. Plus they'll claim it was your responsibility to make sure auto-pay worked so they'll probably charge you late fees anyway. Too bad class action lawsuits are against every terms agreement now.)
8) Have a paper map of your surrounding area.
There now. Do those things and sleep restfully at night without worrying about things out of your control.
Any other advice?
Those domestic terrorists can't even set up a siege without bringing enough food with them. What makes you think they're going to read?
A terrorist attack might take out a key substation while a windstorm will knock down a pole, taking out my neighborhood. Since the utility doesn't have a stockpile of spares or the line crews available to install them, for me its all the same. Fire up the generator and ride through it.
Have gnu, will travel.
A guy with a .22 could do serious damage to the electric grid by taking out transformers.
The fact that it is so ridiculously easy and the fact that it doesn't happen *regularly* is pretty damning proof that the threat of terrorism is exceedingly small and you should ignore any people who try to make you fear terrorism, because ALMOST ALL PEOPLE AREN'T INSANE TERRORISTS.
Well said. The North American power grid was built out as needed, where needed... in every instance adding just enough spare capacity to accommodate Summer or Winter peaks without alarming long-term investors. Few redundant interconnects. There was no Central Planning Committee deciding how much redundancy may be required, and especially no paranoid engineering on what are essentially un-protectable fragile spans of infrastructure. As with most other modern systems its very existence relies on human restraint.
Which is why only the dreariest of personalities are attracted to the "terrorist alarm industry" where people stay up nights brainstorming all the various things terrorists could do... so terrorists don't have to. They share their findings to an excitable tabloid press and hold conferences, tongues lolling and eyes rolling back as they receive a congratulatory 'pat' on the head for proclaiming the latest "thing" that terrorists could do. In the place of the Cold War excess we now have a behemoth DHS arm of the government who considers the US as its enemy. Every penny spent on it has been wasted.
The real problem --- if in fact there is one --- is that so many are engaged in this paranoid (but fun for them!) pastime of pointing out vulnerability to potential social malfeasance and so few have been engaged in advancing technology in ways that may alleviate all kinds of threat. This means the harnessing and producing of more energy, not less.
Sorry! To all of you in the US who are pushing for micro-grids of wind and solar as a 'plus', it is not. It is a drain, a bad idea, and dangerously stupid. You are being isolationist and foolish, advocating the most expensive and ultimately disastrous options a time when half of all Americans have no savings whatsoever. As if the greatest industrial power the world has ever known should scale back to some quasi-medieval level of energy consumption. As if grid would be made 'better' by introducing countless points of failure (foreign made) devices. Yeah, let's take power generation outside shall we. During the first continent wide hard Winter freeze a hundred million might die from this Darwinian experiment. Meanwhile your ridiculous dreams will bankrupt us all. Every penny spent on it has been wasted. What stark clinical madness! Your own children will not forgive you this frankly 'hippie' level of denial, which has persisted for decades.
The only way out of this mess is to create wealth the old fashioned way by the creation of something that did not exist before. A relatively few massive energy sources that are completely self-contained, defensible, protected from the elements, stock enough fuel for weeks or months or years, and help to decrease the corporate and personal cost of living. Some have heard me say it all before: put a national priority on grid scale DC-AC tech, build overlapping HVDC loops across the country to feed the legacy grid, and above all, feed those HVDC loops with nuclear energy --- yes, fission --- in ways that are proven and new ways we already know can be done.
FRANKLY, everything else, including the mass distribution of fragile natural gas pipeline networks, are shit solutions.
(the following is a repost but relevant to this discussion)
Take a moment to review NERC EOP-005-2: System Restoration from Blackstart Resources. If you live in North America, plans described in this document are your only real line of defense from the chaos and harm that may arise from grid-down disaster. Here is a peek at some software tools used by the industry and Black Start specific enhancements in prog
<blink>down the rabbit hole</blink>
you really think a wall with metal gate is going to stop a terrorist attack ? That is for preventing copper theft not an attack by a team with explosives who will breach the metal door in seconds.
The land take of the stations / routeing of lines get's in the way as well.
Also the nimby people don't like them as well.
https://www.youtube.com/watch?...
OSINT is acknowledgement that Security Through Obscurity is no longer an option. The acronym is a blessing to the security world regardless how you feel about making everything(including knowledge) sound more OPERATOR/Call of Duty. If people weren't so accustomed to ignoring good advice that isn't dressed up in secret squirrel/ninja wrapping paper then it wouldn't be necessary to resort to it.
Which is a perfect example of there being situations where governments should have the right to overrule its people if it is for the greater good. Yes, that power has to be used with a lot of oversight and with enough red tape that it is uncomfortable and tedious to do, but the ability has to exist. There are times when the needs of the many outweigh the sensitivities of the egoists.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"Open Source Intelligence Collection and Exploitation" is part of what used to be called "researching the target." Of course, Domestic Psychos will use OSINT. And our infrastructure is so fragile it doesn't take as much effort to damage it as the paranoid article mentions.
All this terrorism bullshit is done.
All lies. All fucking done.
WTF is OSINT? A new Linux distro?
Ain't that new, the various ...INT acronyms have been around for over 65 years. Although not so far back I remember when even some of the derivative ...INT terms were classified in themselves. (At least I think I remember, memory getting hazy.)
Tracy Johnson
Old fashioned text games hosted below:
http://empire.openmpe.com/
BT