Slashdot Mirror

← Back to Stories (view on slashdot.org)

Domestic Terrorists Could Use OSINT To Pinpoint US Substations For a Blackout (darkreading.com)

Posted by timothy on from the where-extension-cords-converge dept.

An anonymous reader writes: A project called 'Gridstrike' found that free and publicly available information can be used to determine the most critical electric substations in the US, which if attacked, could result in a nationwide blackout. Researchers from iSIGHT Partners used a combination of publicly available transmission substation information, maps, Google Earth, and grid congestion documentation, and drew correlations among the substations that serve the top ten cities in the US. They ID'ed 15 substations that if attacked and knocked offline would result in a nationwide blackout, they say. Their research took the spin of whether a homegrown terror group with little funding could get this crucial information. The study was inspired by the 2013 Federal Energy Regulatory Commission (FERC) study in 2013 that found that attacks on just nine electric substations in the U.S. could cause a blackout across the entire grid.

18 of 97 comments (clear)

  1. Redundancy cuts into profits by Opportunist · · Score: 5, Insightful

    That's what you get when you let your critical infrastructure design by entities that care more about profit than providing that critical infrastructure.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Redundancy cuts into profits by NoNonAlphaCharsHere · · Score: 3, Insightful

      I assume your house has a backup refrigerator and stove in case one of the primaries goes down :) Seriously, our grid is in far more danger from a CME taking it out. The chances of multiple, coordinated, successful terrist attacks blacking out the country are miniscule. Chalk this story and its ilk up to security theatre industry's version of sabre-rattling.

    2. Re:Redundancy cuts into profits by Z00L00K · · Score: 4, Insightful

      You can't protect yourself enough against attacks on central nodes in the net. It's almost impossible. And it's not that hard to find out key nodes in the electrical grid using just Google Earth and some patience. That's not unique to the US but essentially applicable to every modern country.

      It also highlights that everyone is responsible for doing their part when it comes to disaster preparedness. Keep some fuel, dry food and canned stuff around that can be used when things go sour. But modern society has evolved into a situation where we do our daily shopping run for food for the day and the day when we can't do it we are going hungry.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    3. Re:Redundancy cuts into profits by gtall · · Score: 2

      And you base this opinion on your deep analysis of the grid and its power suppliers? Hell, you should run to be the next Trump.

    4. Re:Redundancy cuts into profits by Anonymous Coward · · Score: 2, Insightful

      I assume your house has a backup refrigerator and stove in case one of the primaries goes down

      Everyone that lives in an old house where it snows has a backup for both. The garage/outside is a wonderful secondary fridge and everyone with an old house has at least one fireplace.

      Don't think everyone lives as precariously as you do.

    5. Re:Redundancy cuts into profits by jabuzz · · Score: 2

      Actually they do. Hospitals have separate circuits for critical life support and operating theatre equipment which has separate backup.

      While it's not great if you x-ray machine looses power it is a whole deal better than the ventilator loosing power or a heart bypass machine in theatre loosing power.

    6. Re:Redundancy cuts into profits by aaarrrgggh · · Score: 4, Informative

      US hospitals have four "independent" power networks, although most rooms only have two (normal branch and critical branch). Moreover, critical equipment generally also has internal batteries.

      Back to the utility grid, the design is to be maintainable rather than fault-tolerant. Maintenance causes limited impact in theory. Faults are isolated and can be repaired. Personally, I think everyone should have a small backup power source-- when Mother Nature or nut jobs do something bad it could take significant time to repair to 100%.

    7. Re:Redundancy cuts into profits by KGIII · · Score: 2

      I know you've had some replies but I'd like to add that you'd probably die up where my house is and I live in the US. Well, you might not die but you'd probably end up leaving - assuming you could.

      I live in an unincorporated township, in NW Maine, many miles from a village, and a lot of miles for a real town, and hours from a city of any size. I can be in Canada quicker than I can be in a moderately sized town.

      Yes, I retired there on purpose but I am cheating and wintering in Florida this year.

      At any rate - I have backups for all of those things. In all actuality, the mains power is my backup. I've multiple ways to heat, cook, and store food. I have multiple food suppliers - though I prefer to grow, fish, or hunt for most of it. It's fun. But, yeah, you might die with that sort of thinking.

      Yes, we lose a few people here every year to weather/temperature related causes. Usually they were unprepared for one reason or another. So long as you're prepared then it's not too bad. Most of us live in small villages, towns, and whatnot. It's easier in those places. I have solar, wind, two generators, underground diesel tanks, and grid power - for example. I don't just have a plow truck, I have a backup. I own a couple of snowmobiles should I need them. The list goes on.

      --
      "So long and thanks for all the fish."
  2. Doesn't take a terrorist attack by Todd+Knarr · · Score: 5, Insightful

    Planned attack? It doesn't need that, just a couple of accidents or screw-ups at the same inopportune times. One mistake by a rookie engineer in Arizona took out the grid for most of southern California. One or two more mistakes or equipment failures while they were still trying to recover from the first one could've seen the entire grid west of the Rockies go down. And the main cause is frankly the profit motive: for the sake of efficiency and cost-effectiveness the generation and transmission companies have eliminated the majority of the redundancy in the system and put off expensive maintenance and upgrades as long as the system wasn't failing during normal operation. It wouldn't take a group of terrorists, just a couple of maintenance engineers more interested in getting home for dinner than in following every rule to the letter or system operators who haven't had their morning coffee and are still a bit groggy.

  3. Dangerous: Travel Guide Maps, Geography lessons,.. by burni2 · · Score: 3, Insightful

    SARCASM_ON:
    Because it tells you where to find the leaning tower of pisa, therefore you do now know how to damage the itallian economy by demolishing that building.

    Threat cleared:
    I call for a ban on all travel maps therefore nobody will be able to find these places.

    More Threats
    I call for a ban on teaching geography!
    The maps show industrial buildings, transport infrastruture and natural resources!

    SARCASM_OFF:

    OSINT, INTINT, TINTINTIN
    So long for calling public accessable information and teaching material OSINT, I call bull shit on this try to infiltrate the common language with this intelligence "cool" style new speak!

  4. there is a solution by Gravis+Zero · · Score: 3, Interesting

    the solution to this is to completely decentralize our power, virtually destroying "the grid" by putting solar+battery at every home. it wont work for absolutely everyone but it will work for the vast majority of people. it comes with nice side effects too: it will cause people to buy more efficient electronics, lower the price of solar panels, devastate the coal/gas industry which in turn will cause a massive reduction in CO2 emissions and result in fewer mountain tops being blown up.

    so you get security, energy independence, massive pollution reduction and preserving the environment. what's not to like? oh yeah, it doesn't pay congress critters to stay in office, so it wont happen. #BanCongress ;-P

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:there is a solution by Anonymous Coward · · Score: 2, Interesting

      I live in Juno, Alaska. Explain how solar is a viable option for me.

    2. Re:there is a solution by Anonymous Coward · · Score: 3, Funny

      I live in Juno, Alaska. Explain how solar is a viable option for me.

      OK, hold up guys, as AC points out, this idea clearly doesn't work for 100% of the population, unlike all our other ideas which work for everyone, everywhere. We'll have to go back to the drawing board.

    3. Re:there is a solution by jenningsthecat · · Score: 2

      the solution to this is to completely decentralize our power, virtually destroying "the grid" by putting solar+battery at every home...

      Thank you! I jumped on here to say pretty much the same thing. I'd just like to add that we can have our cake and eat it too. We can disconnect small local grids from the larger grids and use them to pool the local outputs from wind, solar, and possibly even nuclear generation. That way we can have independence down to the residence level, while being able to take advantage of the benefits of sharing power when necessary.

      Another thing to consider is the dumpster-sized reactors that can provide power for 10K to 20K homes, or for factories. I don't love nuclear, but I also don't love AGW, and at least in the short term, nukes may be a necessary evil for rapidly cutting greenhouse gas emissions. (That, and foregoing cattle as a food source - but I digress).

      The point being that continental power grids are dinosaurs and we need to hasten their extinction. We have much better alternatives at hand, and will develop even better ones at a faster rate if we get off our complacent asses and start using to full advantage the techniques and technologies currently available. Right now we're staring at an awesome and wildly varied smorgasbord of potentially planet-saving options while we continue to chow down on Big Macs.

      --
      'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    4. Re:there is a solution by Dereck1701 · · Score: 2

      "completely decentralize our power"

      That would definitely be a good thing, but you don't even need to go that far. Every decently sized city/region should have their own co-generation power plant in addition to a decent amount of residential solar/wind generation. There would still be a national grid to handle electrical demand in the case of plant maintenance, extremely high demand, an accident or some kind of disaster. But in the case of something happening to the national grid each city/region could trip the fuses leading out of the city and run on their own. There is an example of this in my own area, during the last major blackout (2003 North East blackout) a village with their own power plant cut themselves off from the grid and powered the city on their own until the grid was restored. Waste heat from each facility could be used to heat nearby homes/businesses in the winter or provide heat for industrial applications.

  5. Terrorists want to terroize, not annoy. by Anonymous Coward · · Score: 2, Interesting

    Everyone involved in publishing this article is stupid. From TFA, to submitter, to the editor who submitted this.

    "Terrorists" want "terror". They want to kill people, they want smoking buildings and bombed, shot cars and a whole lot injured and dead people. That causes terror. YOU have to fear you will get shot/bombed when you leave the house, go shopping, go on a vacation. That is achieved by maximum terror.

    They do not want to "effectively damage the infrastructure". That is what a solider would do to achieve a military goal. Yes, it would be smart and effective. Some people might die (e.g. in hostiptals), the economic damage would be massive - but it surely would not be terror, for most of us it would be "annoying".

    They are called "Terroists" for a reason and not "Annoyoists".

    Furthermore: there might be smart planners behind terror attacks, but mostly it is the ideologists and strategists who are actually pretty smart. Most terrorists are actually not smart.
    The usual terrorist gets a gun or a bomb by his supervisor and is shoved out of the door to do his terror. The smartest ones so far we had were those who were able to fly planes. And even that scores relatively low on the "Hollywood List of Creative Terror-Plots".

    1. Terrorists want terror. Attacks on the infrastructure per se are not "terror".
    2. Most terror groups are too stupid to pull a coordinated attack on "infrastructure" off.

    IF infrastrcuture (traffic, airports, trains etc) is hit it is NOT about the infrastructure but about the "terror" on the population.

    Go away with your fearmongering!

  6. Yo dawg, I heard you like fear... by Irate+Engineer · · Score: 4, Insightful

    Yo dawg, I heard you like fear, so I got some fear to put on top of your fear next to your fear....

    I went to a DHS conference in Boston a few years after 9/11, and it was a wall-to-wall exhibition of all the crazy ways the bad guys were going to get us. Grid attacks, bus attacks, backflushing municipal hydrants with poisoned water, poisoning drinking water supplies, spraying anthrax on the lettuce in the supermarket. 99% of it were "weaknesses" conjured up by security researchers to get some money from the golden spigot labeled DHS.

    The DHS basically put the brakes on this and started demanding solutions, not a laundry list of insane attack vectors.

    The upshot is, any reasonably complex distribution system will have security vulnerabilities, dependent on the definition of "vulnerability". Some "vulnerabilities" are highly improbable, difficult to exploit, and only cause temporary or low-level disruption. Other vulnerabilities are obvious, easy to exploit, and will take down society. Without getting hysterical about it, the sensible thing to do is to make the vulnerabilities hard to exploit i.e. get infrastructure control systems airgapped and off the fucking Internet (duh). Make the system fault tolerant - if they do blow up something, have a means to contain it.

    Can we do this and get on with our lives, please? These vulnerabilities have been talked about for decades, we know what the solutions are, but no one wants to pay for it. Industry and government are staring at each other expecting the other to pick up the tab. If that is the situation nothing will get done, ever. Critical infrastructure needs to be nationalized so it is clear who is in charge of maintenance and security. Industry won't pay unless it hits their bottom line.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

  7. Re:Ignorant trite from someone not ready to pay by davester666 · · Score: 2

    Meanwhile, the utilities go "If I turn of this power station now for 'maintenance', the other power stations I own will be able to charge at least 25% more. Make it so."

    --
    Sleep your way to a whiter smile...date a dentist!