Hackers Have Penetrated Energy Grid, Symantec Warns (fortune.com)

← Back to Stories (view on slashdot.org)

Hackers Have Penetrated Energy Grid, Symantec Warns (fortune.com)

Posted by BeauHD on Wednesday September 6, 2017 @09:20AM from the root-access dept.

An anonymous reader quotes a report from Fortune: Hackers have been burrowing their way inside the critical infrastructure of energy and other companies in the U.S. and elsewhere, warns cybersecurity giant Symantec. In a new report, Symantec claims that the threat of cyberattack-induced power outages in the west has elevated from a theoretical concern to a legitimate one in recent months. "We're talking about activity we're seeing on actual operational networks that control the actual power grid," Eric Chien, technical director of security technology and response at Symantec, told Fortune on a call. Reports surfaced over the summer of hackers targeting staff at nuclear energy facilities with phishing attacks, designed to steal login credentials or install malware on machines. The extent of the campaign as well as the question of whether the attackers had breached operational IT networks, rather than merely administrative ones, was unclear at the time. Symantec is now erasing all doubt. "There are no more technical hurdles for them to cause some sort of disruption," Chien said of the hackers. "All that's left is really motivation." Symantec detailed its findings in a report released Wednesday morning. The paper tracks the exploits of a hacker group that Symantec has dubbed DragonFly 2.0, an outfit that the company says it has linked to an earlier series of attacks perpetrated between 2011 and 2014 by a group it dubbed DragonFly.

49 of 69 comments (clear)

Min score:

Reason:

Sort:

they by turkeydance · 2017-09-06 09:22 · Score: 1

did n
1. Re:they by Mr+D+from+63 · 2017-09-06 09:30 · Score: 4, Informative
  
  More hyperbole with little substance. With the obligatory mention of NUCLEAR! even though no nuclear plant was involved in the referenced attack. And now some generic reference to 'operational networks' which tells me they were not control networks, so any 'disruption' as claimed still isn't going to turn off power anywhere.
  
  Maybe there is a reason, despite these continuously 'escalating attacks', that we are not seeing any power outages in the US. Maybe it is because our methods to prevent them from being successful are effective. Maybe because we know about all these attacks before they are doing any harm is also a sign our methods are effective.
  
  We can't let our guard down, but we don't have to fall for the hype.
2. Re:they by zlives · 2017-09-06 09:33 · Score: 3, Funny
  
  also, the only way symantec is going to detect/know about anything is if a snail mail letter is delivered to their headquarters from the self aware botnetwork.
3. Re:they by Pascoea · 2017-09-06 09:54 · Score: 1
  
  I didn't read the article (I know, right?), but it theoretically isn't that difficult to "hack" an airgapped system to drop off some sort of time-bombed attack. I've worked on generation facilities' DCS systems, the ones that are connected to a network but not the internet. Every Workstation/Server/switch in the system is COTS hardware, every one of them has USB ports on them that they use to apply patches/etc. All it takes is one system engineer with a hacked PC plugging a USB stick into his computer then plugging it into the airgapped system.
4. Re:they by zlives · 2017-09-06 10:14 · Score: 1
  
  yes it also takes that same dumbass to hit the off switch, no hacking required.
5. Re:they by Mr+D+from+63 · 2017-09-06 10:16 · Score: 1
  
  Well, they were not talking about air gapped systems (although their vagueness leaves much to assume). There are what can be called 'operational networks' that are not part of any plant or grid control, but merely places where operational data is stored. This is most likely what they are talking about because you can bet if a plant control system had been breached it would have been spelled out. They specifically avoid the term 'control' network.
  
  Yes, there are ways to breach air gaps, and the human element is the weak link, but there are also proven ways to deal with those risks. One air gap breach is rarely that large of a vulnerability as those systems are so segmented/fragmented Even with that, a successful breach of an air gap is one thing, one that actually instigates significant damage is another. There are layers to get through.
6. Re: they by that+this+is+not+und · 2017-09-06 10:57 · Score: 1
  
  Symantec is a 'security giant' because they make an antivirus product that runs in userspace on Windoze clients.
  I remember Symantec C++, back when they were a tech company.
7. Re: they by zlives · 2017-09-06 11:17 · Score: 1
  
  i guess they are back to their "scareware" tactics to move products. some people always bought their products for some reason.
8. Re:they by Known+Nutter · 2017-09-06 13:02 · Score: 1
  
  I sure hope all the system design engineers who haven't considered "air gapped systems and the USB port threat" are reading slashdot. You may have just saved the day!
  
  --
  Beware of the Leopard.
9. Re:they by Rogue974 · 2017-09-07 00:32 · Score: 1
  
  Interesting your take on the fact they didn't say control network to mean they didn't breach to the controls layer. They said:
  "We're talking about activity we're seeing on actual operational networks that control the actual power grid"
  "The extent of the campaign as well as the question of whether the attackers had breached operational IT networks, rather than merely administrative ones, was unclear at the time."
  I read actual operational network and operational IT networks as they were saying the controls networks had been breached. There are quite a few vague things about the article but I thought they were meaning controls network without knowing the terms. They could have meant a DMZ between the two or something else as well. I read the same thing and took it to mean something other then you are asserting it meant.
  You also said they would have spelled it out if there were breaches on the controls network. The vagueness of the article and the fact it came from fortune and not a controls publication make me think they have little clue what they are talking about or very few details. You are also talking about the power grid and there are homeland security implications to discussing breaches on those networks, as in, if there is a breach, it can be classified as secret and if you provide details one of the government agencies shows up to talk to you, which could have lead to limited details being shared.
  And FYI, I know the difference. I am a controls engineer sitting at a desk with 2 laptops, one on the business network and one on the controls network and while I am not the sole person responsible for network security between the 2, I am one of the major played in it where I work.
10. Re:they by angel'o'sphere · 2017-09-07 02:21 · Score: 1
  
  USB ports are usually disabled.
  You are not allowed to bring laptops into the facility.
  Your laptop would not get any access to the network, as it has an unknown MAC.
  Try again ...
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
11. Re:they by angel'o'sphere · 2017-09-07 02:26 · Score: 1
  
  I don't really understand the difference between operational and control, they both translate to the same german word.
  I assume with 'operational' you mean the buisiness part? Well, it is easy to hack the 'control' part by feeding wrong information into the business part.
  E.g. that your company just made a successful deal at the spot market and is supposed to feed in 1GW extra into the grid from next hour on ... your 'operational' grid will react to that and power up the plants close to the feed in point and might cause an 'overload' and black out. (extremely unlikely, as there are enough safe guards to prevent that, just speaking in laymen terms ;) )
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
12. Re:they by Pascoea · 2017-09-07 02:43 · Score: 2
  
  I'm not trying to be a dick, but I've worked in multiple power generation facilities (Coal, non-nuclear). Literally have managed the complete upgrade of 4 DCS systems. I'm not just pulling this out of my ass. I'm also not saying this has happened, merely speculating that it could be a potential attack vector.
  
  USB ports are usually disabled.
  Probably in some cases, not the ones I worked on.
  
  You are not allowed to bring laptops into the facility.
  False. I (and every other contractor, including those that actually applied the programming to DCS.) brought our laptops on-site every day. One particular facility required you to get a permit to have a computer, but it was literally just a piece of paper saying you are authorized to bring it on-site.
  
  Your laptop would not get any access to the network, as it has an unknown MAC.
  To the managed network, you are likely correct. That's not what I was implying as the attack vector.
13. Re:they by angel'o'sphere · 2017-09-07 04:40 · Score: 1
  
  USB ports active and external Laptops allowed in your facilities ...
  Not fase in general.
  Here in Germany you can not even bring a phone or a pad, and often not even an eBook reader into a facility.
  Regardless if the facility is nuclear or not ...
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
14. Re:they by Mr+D+from+63 · 2017-09-07 10:50 · Score: 1
  
  All good points. I agree they could have meant a DMZ, but I have been reading these types of article that talk about power system (or company) breaches and one thing that has been consistent is where there is vagueness, and where the actual details come out later, the original article was misleading, making things sound worse then they really were.
  
  I did not mean to assert when they meant, but meant to point out that there is good reason, based on the vagueness coupled with hyperbole, to be very skeptical. "operational' and even "controls" can mean a lot of different things. You might be control some monitoring function but not actually any equipment, for example. I get that for some facilities, secrecy brings vagueness, but they are talking about power companies, and grid systems, not likely to have that type of restriction and I can think of no reason why they could not have given a generic explanation of the type of control network, or type of thing they claim could have been disrupted. And 'disrupted' is a nice word for any effect on anything, no matter how small. A malware infection that does nothing is a "disruption" because it forces you to take action. "networks that control the actual power grid" needs a lot of clarification. "the actual power grid" is really a collection of systems, many levels, fragmented and segmented. Choosing that terminology tells me there may be confusion on their part about the specifics. It makes little sense in this context.
  
  I do appreciate your thoughtful reply. Its nice to have an intelligent discussion. I hope you understand my basis for significant skepticism. That doesn't mean I'm right but I'd make a big bet on it.
15. Re:they by Mr+D+from+63 · 2017-09-07 10:58 · Score: 1
  
  Operational can simply mean a system used for monitoring and statistics. It could even mean a system for scheduling maintenance. You could feed it the wrong information, or the system could have an internal fault, a bad sensor, and present the wrong information. Bu like you said, the systems can handle anomalies. Its not like some movie where they fool everyone.
  
  Of course we could guess at what they mean all day. That's the problem, they are intentionally vague, and every time we see that the reality is much more benign than the hyperbole. Too much doesn't make sense, maybe they are just not competent at explaining. That's sometimes part of the problem, having IT guys trying to talk about power and grid related systems in context.
Great! by ELCouz · 2017-09-06 09:23 · Score: 1

Now Symantec will just sell them their AV crap!
In other news, by dwywit · 2017-09-06 09:25 · Score: 1

electrical grids to switch to McAfee security products.

--
They sentenced me to twenty years of boredom
1. Re:In other news, by Lije+Baley · 2017-09-06 15:30 · Score: 1
  
  Yeah, my power company uses McAfee, no probl^#&^%&!)+!#&*!%#& NO CARRIER
  
  --
  Strange things are afoot at the Circle-K.
Reliability by StormReaver · 2017-09-06 09:26 · Score: 5, Insightful

I would need to see this confirmed by a competent, reliable source.
1. Re:Reliability by DontBeAMoran · 2017-09-06 09:54 · Score: 2
  
  Dude you forgot to wr{#`%${%&`+'${`%&NO CARRIER
  
  --
  #DeleteFacebook
2. Re:Reliability by Plus1Entropy · 2017-09-06 10:24 · Score: 1
  
  If he was dying he wouldn't bother to carve 'Aggghh', he'd just say it.
  
  --
  Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
But, maybe ... by fahrbot-bot · 2017-09-06 09:54 · Score: 1

"There are no more technical hurdles for them to cause some sort of disruption,"

But maybe, they're here to help. IT COULD HAPPEN !!! :-)

--
It must have been something you assimilated. . . .
Clever Marketing. Recent Solar CME by Hylandr · 2017-09-06 10:01 · Score: 1

Any power outages caused by the recent CME eruption from our sun might scare people into purchasing 'protection'.
http://spaceweather.com/

--
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
Mostly Russians and some Chinese by WillAffleckUW · 2017-09-06 10:08 · Score: 2

While there are a few North Koreans hacking the grid, it's mostly been Russian state hackers and Chinese state hackers. In point of fact, we made a deal with China to hold off on that, so now it's mostly just the Russians.
Source: various agencies. No, not linking it.
On the plus side, residential and commercial building solar and wind power systems are mostly not hacked.
Far more risk factor from fires, quakes, floods, and storms, actually.

--
-- Tigger warning: This post may contain tiggers! --
This is what I meant. by Gravis+Zero · 2017-09-06 10:10 · Score: 1

I've argued in favor of decentralized off-grid solar power because centralized power is vulnerable to attack. People either don't grasp what I mean or write it off as paranoia but this is a prime example of the vulnerability that centralized power systems create.
Be it a tree or hacker, centralized power systems a vulnerable to attack. (We shouldn't have pissed off the trees.)

--
Anons need not reply. Questions end with a question mark.
1. Re:This is what I meant. by blindseer · 2017-09-06 10:50 · Score: 3, Interesting
  
  I've argued in favor of decentralized off-grid solar power because centralized power is vulnerable to attack.
  It seems every time solar is brought up there is a mention of a "smart grid" to address issues of this thing called "night" that keeps solar collectors from providing 24/7 power. So, which is it? Do we get cheap solar energy from a "smart grid" or do we have expensive decentralized power?
  If you want energy that is cheap, reliable, and decentralized then solar power cannot make any significant portion of the grid. Solar is only cheap if it is connected, and that means there's some centralized utility. If you take solar off the grid then you need storage, and that costs money.
  
  I've argued in favor of decentralized off-grid solar power because centralized power is vulnerable to attack.
  I live in the US Midwest, and we have a lot of "attacks" on the power grid. It was quite interesting to work the late shift at a call center in the middle of a rainstorm when a nearby lightning strike took out the grid power. We sat in the dark for a few seconds until the backup diesel generators started up. If that call center had decentralized solar power then the lightning strike would not have taken out the power, but that's because we'd have been running on the diesel generators since sundown.
  I'm not too concerned about attacks on the power grid since we get them all the time and people have the means to deal with them. If a hacker wants to shut down a grid for a while then what does that mean in the end? Not much really.
  I remember some idiot in California tried shooting up a large transformer with a rifle and was almost successful in creating a pretty big blackout. It was only because the guy goofed and missed out on cutting all the control wires for diverting power that he was not successful in making the substation go up in sparks and flames. Of course you then had some US senators call for more gun control (because in California the gun ban didn't work so we have to ban them again) and to armor up all substations (because utility prices aren't high enough already).
  How do you protect solar panels from an attack? Wouldn't an idiot with a rifle be even more successful in attacking solar panels than a coal, nuclear, or natural gas power plant? I mean we can (and do) put a nuclear power plant in a big concrete dome to protect it from attack but we can't do that to solar panels. What of a hail storm? Wouldn't that turn your precious decentralized solar panels into a worthless (and toxic) busted up mess? Without a tie to the grid then how are these people supposed to get power until the solar panels are repaired? I know the answer, on site diesel generators, kind of like how we deal with grid outages now.
  I'm sure that there's a lot of things we could do to secure our electrical supply. I'm also sure that solar power isn't one of those things.
  
  --
  I am armed because I am free. I am free because I am armed.
2. Re:This is what I meant. by Gravis+Zero · 2017-09-06 12:55 · Score: 1
  
  Solar is only cheap if it is connected, and that means there's some centralized utility. If you take solar off the grid then you need storage, and that costs money.
  Careful or facts might get in the way. It's called economies of scale and it's helped us before.
  
  Wouldn't an idiot with a rifle be even more successful in attacking solar panels than a coal, nuclear, or natural gas power plant?
  The point is the reduce amount of damage that can be done by one person. With shingles they could use a shitload of ammo to destroy the power system for one house but they can't do that to millions of houses. Even if one guy shot a bunch of solar panels, you can just go to wal-mart and buy a new panel.
  
  I mean we can (and do) put a nuclear power plant in a big concrete dome to protect it from attack but we can't do that to solar panels. What of a hail storm?
  Oh those pesky facts are at it again!
  
  Without a tie to the grid then how are these people supposed to get power until the solar panels are repaired? I know the answer, on site diesel generators, kind of like how we deal with grid outages now.
  With solar shingles, you would have to take them all out to reduce power generation to zero. If someone shoots three-fourths of them, you just don't use high power high-power things until you can get replacement shingles. With panels, again, you can just go to wal-mart and buy a new panel. This isn't rocket science.
  
  I'm sure that there's a lot of things we could do to secure our electrical supply. I'm also sure that solar power isn't one of those things.
  You're also an idiot who ignores inconvenient facts, so nobody should take your word for it.
  
  --
  Anons need not reply. Questions end with a question mark.
3. Re:This is what I meant. by blindseer · 2017-09-06 13:48 · Score: 1
  
  I have a video with those pesky facts too.
  https://www.youtube.com/watch?...
  What will your windmill or solar panel look like after a plane crashes into it? I don't care if your solar panels are bulletproof, they are never going to hold up to the abuse that a concrete bunker can.
  
  This isn't rocket science.
  I'm pretty sure rocket science was involved in the survivability tests of a nuclear power plant.
  
  The point is the reduce amount of damage that can be done by one person.
  Right, and no single person is going to take down a nuclear power plant, or any significant portion of the electrical grid. A hail storm, tornado, wildfire, hurricane, flood, or whatever, however can bust up a lot of windmills and solar panels for miles around. With buried power lines, and a power plant in a bunker, and people can see power restored within hours of the storm passing.
  
  With panels, again, you can just go to wal-mart and buy a new panel.
  If a bunch of solar panels and windmills get busted up then Walmart is going to run out of both real quick.
  Also, you show graphs of solar panels getting cheaper but can't nuclear power get cheaper too? I know natural gas and coal prices can go up and down with market forces but nuclear power is very price insensitive to the fuel since it uses so little for so much energy. We've got an effectively unlimited supply of nuclear fuel on Earth, we'll run out of solar power (by the sun going nova) before we run out of uranium.
  Battery prices are meaningless to the argument of solar energy. Batteries don't care where the electricity comes from. If batteries get cheap enough then we'll just use coal and nuclear power to charge them up at night to meet the peak demands during the day.
  
  --
  I am armed because I am free. I am free because I am armed.
4. Re:This is what I meant. by blindseer · 2017-09-06 13:52 · Score: 1
  
  I didn't mean to quote the same line twice. The second quote was supposed to be:
  
  Be it a tree or hacker, centralized power systems a vulnerable to attack.
  For some reason I didn't catch it in the preview.
  
  --
  I am armed because I am free. I am free because I am armed.
5. Re:This is what I meant. by Gravis+Zero · 2017-09-06 14:40 · Score: 1
  
  What will your windmill or solar panel look like after a plane crashes into it? I don't care if your solar panels are bulletproof, they are never going to hold up to the abuse that a concrete bunker can.
  Are you concerned about planes crashing into your house? I've never had that problem. Do you live in a concrete bunker in fear of planes?
  
  Right, and no single person is going to take down a nuclear power plant, or any significant portion of the electrical grid
  Did you not see what the article was about? it doesn't matter if your power supply could withstand a kinetic orbital strike if a single hacker can destroy the entire electrical grid infrastructure via computer network.
  
  If a bunch of solar panels and windmills get busted up then Walmart is going to run out of both real quick.
  If only there was a way to move such large items from one town to the next! -_-
  
  you show graphs of solar panels getting cheaper but can't nuclear power get cheaper too?
  If it hasn't happened in the last 70 years, why do you think it would start now? https://en.wikipedia.org/wiki/...
  
  (by the sun going nova)
  Sol will never "go nova".
  
  If batteries get cheap enough then we'll just use coal and nuclear power to charge them up at night to meet the peak demands during the day.
  LOL! You think people are going to pay for infrastructure that they aren't dependent on? Have you not seen the results of mass outages?
  You do not seem to understand the how our electrical grid actually functions as a whole. Please read up on it before arguing nuclear's invulnerability. While you're at it, read up on economics and human behavior because you aren't grasping some basic things about people.
  
  --
  Anons need not reply. Questions end with a question mark.
6. Re:This is what I meant. by blindseer · 2017-09-06 15:49 · Score: 1
  
  Are you concerned about planes crashing into your house? I've never had that problem. Do you live in a concrete bunker in fear of planes?
  No, but I do make sure my truck is parked in a garage if hail is mentioned in the weather forecast. I've seen what hail can do to a solar panel, and to a patch of concrete. The concrete looks pretty much the same afterwards, the solar panel not so much.
  
  Did you not see what the article was about? it doesn't matter if your power supply could withstand a kinetic orbital strike if a single hacker can destroy the entire electrical grid infrastructure via computer network.
  I read the article and it's a bunch of crap, and so is the mention of trying to address the problem with decentralized solar power. A hail storm busting up a bunch of solar panels is many orders of magnitude more likely to disrupt power than any computer attack.
  
  If only there was a way to move such large items from one town to the next! -_-
  Yes, if only. Have you seen a windmill get moved before? Those things are huge and not trivial to move. I see the blades for the windmills going down the interstate all the time around here. One truck held up traffic for miles during rush hour because it had trouble navigating the cloverleaf with such a long trailer. I was late for class because of it. That's just one blade on one windmill. Think what would happen if a tornado tore up a field of them. They'd be out of operation for months or years as they tried to get all the bits and pieces made and moved to the site. Do you think they keep a bunch of spare parts for windmills on a shelf? Do you really think that if a storm busted up a bunch of solar panels that there's just spares lying about to fill in? I've seen what storms can do to supply chains. Generators, drywall, dust masks, gloves, bottled water, and even Pop-Tarts get hard to find after a major storm.
  I've seen what high winds can do to a windmill. They'll get twisted up and bent over like a child plucking a dandelion. And solar panels on a roof? You'll find them in a cornfield... in the next county. You can nail them down and armor them up for such things but that just adds to the cost, and they are already too expensive.
  
  If it hasn't happened in the last 70 years, why do you think it would start now?
  Because Trump.
  Now, I'll give a more serious answer. Because the nuclear power plants we built 40 or 50 years ago are reaching the end of their operational lifespan. They've been providing roughly 20% of our electricity since then. Building enough coal plants to replace them would be a political nightmare. Building natural gas plants to replace them might be feasible but also an economic problem. Solar and wind simply cannot replace them. There are existing nuclear power plant sites, with trained staff there, and that means a lot of people could lose their jobs. As politically difficult it may have been to build a nuclear power plant in the past it's going to get real easy to make the case real soon now. Obama kicked that can down the road for eight years, and we can't do that for another eight. It only takes one successful nuclear power plant to show it can be done again, and again, and again. With practice comes perfection. We will see nuclear power prices come down for the same reasons we saw solar collector prices come down, economies of scale, technological advancements, competition, and so on.
  
  Sol will never "go nova".
  We'll also never run out of nuclear fuel.
  
  --
  I am armed because I am free. I am free because I am armed.
7. Re:This is what I meant. by edtice1559 · 2017-09-07 03:15 · Score: 1
  
  The parent mentioned "off-grid" which means you have your own huge battery pack and don't connect to anything. Right now that is somewhat nonsense as they are expensive and an environmental catastrophe. We really don't need batteries for the night. That's why God invented combined-cycle gas turbines. We don't need to shift to 100% renewables to avoid making the planet inhospitable. Short-term, we're going to see more smart grid with more attach surface.
Better grid protection from Orkin or Symantec? by remoteshell · 2017-09-06 10:12 · Score: 5, Funny

According to http://cybersquirrel1.com/ there have been 1049 successful grid attacks YTD by squirrels, although raccoons pose a significant threat. Grid operators track outage causes, and human attacks are paltry compared to natural causes. A ton of strategically placed sunflower seeds could be bought for about the cost of 20 Symantec licenses. I for one quake in fear of our bushy tailed nemesis.

--
Just the washing instructions on life's rich tapestry
Re:No by Mr+D+from+63 · 2017-09-06 10:21 · Score: 1

Despite the breathless reporting, there is no "energy grid" that can be hacked. Individual servers and routers can be hacked. Unprotected SCADA systems can be hacked. But it would take far more than this to bring down the electric system in the US. It's not contiguous or synchronous. It's not impervious either (see 2003 blackout) but it doesn't work the way it's described here.
That's the impression many seem to have. It takes a tremendous effort just to bring down one small part of the grid, the rest will hum along just fine as the grid is designed to deal with disturbances. The 2003 blackout is well studied and many improvements and changes have been made to prevent the same from recurring. Isolation should happen before a cascade of failures. Although we haven't had any events to test it, the causes were quite clear and therefore we can have good confidence.
This is our Government by BluPhenix316 · 2017-09-06 10:34 · Score: 1

Our government is behind this in order to make everyone afraid and give up more rights and to justify their cyber warfare initiatives.
I'll need more credibility by kaatochacha · 2017-09-06 10:48 · Score: 1

i need more than just Symantec saying so, since they themselves verge on malware.
Re:No by Tailhook · 2017-09-06 10:51 · Score: 1

and many improvements and changes have been made to prevent the same from recurring.
Oh horsepucky. 2003 wasn't the first cascade failure and it won't be the last. It's been 14 years and these power companies are padding their exec bonus packages like nothing ever happened and the unions are padding the pension schemes and the grid rots. Meanwhile developers develop and lines get extended and plants get uprated and the margins get incrementally smaller and smaller until ping! Some tree branch outside Deplorableville, PA shorts a high tension line or a long overdue for service transformer welds itself together and the North East goes dark for a day.
And then we'll have ourselves another "investigation" that concludes with nothing of note beyond "Moare Money!" and another round of "never let this happen again" from the prevailing notables. Rinse. Repeat. All this story contributes is a possible reordering of the list of failure modes; sabotage jumps up a few notches and perhaps approaches the level of neglect and incompetence.

--
Maw! Fire up the karma burner!
For some reason, I'm not worried much by Rick+Schumann · 2017-09-06 11:11 · Score: 1

1. Isn't it true that this sort of thing isn't exactly new? That we could do it to any number of countries, too, if we wanted to, right now?
2. If this is actually more than just FUD, then why isn't, for instance Cal ISO issuing a press release about it? I'd think they'd know before anyone else would.
1. Re:For some reason, I'm not worried much by AHuxley · 2017-09-06 12:18 · Score: 1
  
  Re "1. Isn't it true that this sort of thing isn't exactly new? That we could do it to any number of countries, too, if we wanted to, right now?"
  The US moved to build networks into its grid to replace union workers on site.
  A few people with computer networks could replace a lot of workers on site per state/city.
  But few experts expected the networks to just stay in place over years once connected to the internet.
  New upgrades have to be sold to make the networks better and more secure.
  The news cycle moves with the upgrade cycle.
  No upgrades are bad. Cyber news about internet access.
  New upgrades are expensive and the costs get passed onto poor communities.
  The dial up modem can alter settings on the grid network.
  The internet can access the grid network.
  New cyber upgrades are needed for the grid to ensure poor communities have cooling, heating and lighting...
  Hire more trusted humans again to stop new cyber issues?
  Humans join unions and new wage costs get passed onto poor communities.
  More computer networks to keep wage costs down so poor communities have less to pay?
  
  --
  Domestic spying is now "Benign Information Gathering"
Film at 11... by Hognoxious · 2017-09-06 11:53 · Score: 1

After the break, barber claims long hair causes cancer.

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Bad SSL Certs? by sirsky · 2017-09-06 12:08 · Score: 1

I wonder if this is the result of them issuing bad SSL certs?

Symantec Mis-issuing 30,000 SSL Certificates

Just sayin'...
Re:No by Mr+D+from+63 · 2017-09-06 12:27 · Score: 1

and many improvements and changes have been made to prevent the same from recurring.
Oh horsepucky. 2003 wasn't the first cascade failure and it won't be the last. It's been 14 years and these power companies are padding their exec bonus packages like nothing ever happened and the unions are padding the pension schemes and the grid rots. Meanwhile developers develop and lines get extended and plants get uprated and the margins get incrementally smaller and smaller until ping! Some tree branch outside Deplorableville, PA shorts a high tension line or a long overdue for service transformer welds itself together and the North East goes dark for a day.
And then we'll have ourselves another "investigation" that concludes with nothing of note beyond "Moare Money!" and another round of "never let this happen again" from the prevailing notables. Rinse. Repeat. All this story contributes is a possible reordering of the list of failure modes; sabotage jumps up a few notches and perhaps approaches the level of neglect and incompetence.
Well, that's quite a ranting list of assumptions.
Re:No by Tailhook · 2017-09-06 14:01 · Score: 1

Well, that's quite a ranting list of assumptions.
And every single one is individually more plausible than any part of your "prevent the same from recurring" platitude.

--
Maw! Fire up the karma burner!
Re:Better grid protection from Orkin or Symantec? by blindseer · 2017-09-06 14:08 · Score: 1

Don't you mean "nemeses"? There's more than one you know.

--
I am armed because I am free. I am free because I am armed.
Re:Better grid protection from Orkin or Symantec? by Lije+Baley · 2017-09-06 15:57 · Score: 1

This gets modded funny, but I'd like to see the security freaks respond to this someday. Hey security guy, let's say I'm a power company exec --Why should I pay you twice what the guys battling the squirrels get? How about I fire you and hire two more squirrel fighters...

--
Strange things are afoot at the Circle-K.
Stuxnet by Zamphatta · 2017-09-07 04:55 · Score: 1

Everyone's known since Stuxnet was identified in late 2010, that these companies were vulnerable to serious attacks. So for 7 years they've done either nothing or not enough, to secure themselves. I think they're putting the public at risk, therefore, they should be in trouble for negligence. Hopefully nobody's harmed by their negligence.
Need an ethical hacker? by paulina+james · 2017-09-07 10:36 · Score: 1

Should you need the services of a hacker, i implore you to visit http://www.hackerspod.com/inde... or you should contact liammoore015@usa.com. i hired him for personal exploits early december last year and that was the decision that lit up my christmas and got me set for 2017. try to hire certified veterans for your hacking needs. this guy surely works like an elite, he is efficient,reliable and provides lasting and permanent solutions.
Bullshit, and what? by poofmeisterp · 2017-09-08 01:36 · Score: 1

First off, what in the hell would Symantec AV stuff be doing on infrastructure-critical machines that can affect said infrastructure (versus just looking at data points)? Secondly, this isn't something that would be announced by a company unless it was trying to sell a product. They would responsibly notify the infrastructure officials and have them take control of the situation, IF IT EXISTED.
This reeks of a ploy to induce fear and sell their amazing product that cane "detect things like this" magically. What complete bullshit. We know hackers, anyway. They would have started fucking with things to make sure they actually had control by now. I haven't heard of any fuckings-with-of-components. I see the voltage and frequency of the incoming mains varying as predicted and as applicable every day. A little 30-dollar device can show you that. Basically, it ain't happening and this is Facebook-like/Twitter-like bullshit that I can't believe people are buying into. If Symantec is releasing this information, they should be cut up and destroyed immediately.