Slashdot Mirror

← Back to Stories (view on slashdot.org)

Domestic Terrorists Could Use OSINT To Pinpoint US Substations For a Blackout (darkreading.com)

Posted by timothy on from the where-extension-cords-converge dept.

An anonymous reader writes: A project called 'Gridstrike' found that free and publicly available information can be used to determine the most critical electric substations in the US, which if attacked, could result in a nationwide blackout. Researchers from iSIGHT Partners used a combination of publicly available transmission substation information, maps, Google Earth, and grid congestion documentation, and drew correlations among the substations that serve the top ten cities in the US. They ID'ed 15 substations that if attacked and knocked offline would result in a nationwide blackout, they say. Their research took the spin of whether a homegrown terror group with little funding could get this crucial information. The study was inspired by the 2013 Federal Energy Regulatory Commission (FERC) study in 2013 that found that attacks on just nine electric substations in the U.S. could cause a blackout across the entire grid.

5 of 97 comments (clear)

  1. Redundancy cuts into profits by Opportunist · · Score: 5, Insightful

    That's what you get when you let your critical infrastructure design by entities that care more about profit than providing that critical infrastructure.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Redundancy cuts into profits by Z00L00K · · Score: 4, Insightful

      You can't protect yourself enough against attacks on central nodes in the net. It's almost impossible. And it's not that hard to find out key nodes in the electrical grid using just Google Earth and some patience. That's not unique to the US but essentially applicable to every modern country.

      It also highlights that everyone is responsible for doing their part when it comes to disaster preparedness. Keep some fuel, dry food and canned stuff around that can be used when things go sour. But modern society has evolved into a situation where we do our daily shopping run for food for the day and the day when we can't do it we are going hungry.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    2. Re:Redundancy cuts into profits by aaarrrgggh · · Score: 4, Informative

      US hospitals have four "independent" power networks, although most rooms only have two (normal branch and critical branch). Moreover, critical equipment generally also has internal batteries.

      Back to the utility grid, the design is to be maintainable rather than fault-tolerant. Maintenance causes limited impact in theory. Faults are isolated and can be repaired. Personally, I think everyone should have a small backup power source-- when Mother Nature or nut jobs do something bad it could take significant time to repair to 100%.

  2. Doesn't take a terrorist attack by Todd+Knarr · · Score: 5, Insightful

    Planned attack? It doesn't need that, just a couple of accidents or screw-ups at the same inopportune times. One mistake by a rookie engineer in Arizona took out the grid for most of southern California. One or two more mistakes or equipment failures while they were still trying to recover from the first one could've seen the entire grid west of the Rockies go down. And the main cause is frankly the profit motive: for the sake of efficiency and cost-effectiveness the generation and transmission companies have eliminated the majority of the redundancy in the system and put off expensive maintenance and upgrades as long as the system wasn't failing during normal operation. It wouldn't take a group of terrorists, just a couple of maintenance engineers more interested in getting home for dinner than in following every rule to the letter or system operators who haven't had their morning coffee and are still a bit groggy.

  3. Yo dawg, I heard you like fear... by Irate+Engineer · · Score: 4, Insightful

    Yo dawg, I heard you like fear, so I got some fear to put on top of your fear next to your fear....

    I went to a DHS conference in Boston a few years after 9/11, and it was a wall-to-wall exhibition of all the crazy ways the bad guys were going to get us. Grid attacks, bus attacks, backflushing municipal hydrants with poisoned water, poisoning drinking water supplies, spraying anthrax on the lettuce in the supermarket. 99% of it were "weaknesses" conjured up by security researchers to get some money from the golden spigot labeled DHS.

    The DHS basically put the brakes on this and started demanding solutions, not a laundry list of insane attack vectors.

    The upshot is, any reasonably complex distribution system will have security vulnerabilities, dependent on the definition of "vulnerability". Some "vulnerabilities" are highly improbable, difficult to exploit, and only cause temporary or low-level disruption. Other vulnerabilities are obvious, easy to exploit, and will take down society. Without getting hysterical about it, the sensible thing to do is to make the vulnerabilities hard to exploit i.e. get infrastructure control systems airgapped and off the fucking Internet (duh). Make the system fault tolerant - if they do blow up something, have a means to contain it.

    Can we do this and get on with our lives, please? These vulnerabilities have been talked about for decades, we know what the solutions are, but no one wants to pay for it. Industry and government are staring at each other expecting the other to pick up the tab. If that is the situation nothing will get done, ever. Critical infrastructure needs to be nationalized so it is clear who is in charge of maintenance and security. Industry won't pay unless it hits their bottom line.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!