They say they have the 'primary ingredients for an EMP attack", but no where do they talk about what is required to completely knock out the entire grid. There seems to be an assumption this can be easily done if you have some missiles and warheads. There is some conclusion jumping going on, its nice to leave that stuff out when one is writing such an article because it dampens reactions.
Engineers at power stations are old farts, and they like things a certain way, the old way. PLCs communicate to other machines in the field using ancient serial protocols, proprietary back planes, and discreet data points. As Rockwell and Siemens and etc decide they need to wake up to the real world however they are putting more of their data over ethernet, but security is an afterthought, and there's your problem..
Security is absolutely NOT an afterthought at power stations. At least not in the US. That's simply flat out wrong. And those old fart engineers know what keeps a plant running reliably, they have very good reasons and experience to have things a certain way. A smart noob would do well to ask the old engineer exactly why they like things a certain way. Now, there are always going to be better ways that come along, but they won't come through ignorance of what has been working well for quite some time.
But many improvements and changes in how the grid is managed were implemented after that event, and even that even did not take down the entire grid. Taking out a few pieces of equipment will certainly not do it. Now, if you simultaneously blew up 50,000 key components across the nation, yes, you could wreak some havoc.
That statement speculates what might happen IF the whole grid was taken down by an EMP, but says nothing about what it would take to do so or if who has the capability. The article is paywalled so if it does specifically state what exactly China and Russia are going to use to take down the entire grid at once, I'd like for you to post it.
It is not surprising that there are ths many attempts, or that most of them are accidental. There are a staggering number of people flying, and a high number of guns in the US.
Flying is also stressful for most people, at least as far as getting from the house to the airport. Worrying about time, where to go, security lines, crowds, etc. I can see why some people might forget things that should be otherwise obvious.
In contrast, when the last Soob went off to the junkyard, I bought a used Subaru, and over the last three years I've had to replace the transmission, two CV joints, the shocks, and am about to have to replace the u-joint/cv joint...
An important distinction between buying used vs new is risk. Those that are good at minimizing the risk can come out way ahead buying used vs. new over a series of purchases. The key with used is to get a good deal to start with (which means patience and saying no), so that even if you have a large repair expense you still come out ahead, and make sure the car is a reliable model and in great shape.
I have a Camry I bought almost 4 years ago, have put 50,000 miles on it, have had no costly repairs, and could sell it for about $2,000 less than I paid very easily.
Many moons ago, I had a friend who was a nuclear engineer at a power plant. His plant didn't have a separate computer network for the reactor simply because computers weren't allow to connect to the reactor. Anything piece of hardware with enough complexity to achieve Turing completeness was forbidden. When he wanted to add a monitoring circuit somewhere that included more than some piddly number of transistors, he had to document ever possible state that the system could enter.
That has been common practice for years. You can use one way 'data diodes' to pass information from control systems to monintoring networks, but even those monitoring networks are segregated from the corporate business network, which in turn has the only internet connections.
>> the government doesn't have regulations about it.
Yes, it is does....
And Yes, it is being carried over to every other generation and transmission entity (in the U.S., at least).
I love sensationalist reporting.
There certainly is published regulation regarding US nuclear power plant cyber security. There is less available regarding weapons facilities. The author chose his words carefully to make sure the average reader does not distinguish between the two, nor facilities that do nuclear related R&D but have no significant amount of nuclear material that would pose any kind of threat.
Lets summarize this article in one sentence from the article
Because of the secrecy surrounding military nuclear facilities, it was impossible to determine the levels of cyberprotection used to protect nuclear weapons in the nine countries known to possess them.
My initial reaction would be that anyone who allows an internet connection anywhere inside a nuclear power plant, storage facility, or weapons system is in serious need of psychiatric help. Is that going to make office work, etc a bit harder? I should think it will. So what?
And, although nuclear power plants are not the facilities they are talking about, and although nuclear plants absolutely don't connect their controls to the internet, you have reacted exactly as the authors wanted you to.
Just a little thought, why does the network that control of a nuclear facility need to be connected to the internet? I'm not saying it should be unplugged, but why they couldn't simply make two separate network? One for computer, the other to control the facility.
It isn't connected to the internet . These authors do a good job of confusing the reader. They do not distinguish between systems that control actual nuclear related equipment, communications and administrative networks, facility controls (hvac), etc. They also dont distingush between facilities that do nuclear research in a lab with little risk to start with vs those that process high grade materials vs those that just store materials. And they try to make some jump to conclusions that power plants are included, all of which works toward their agenda.
Unfortunately, fun does not perpetuate a functional society.
No single thing does, but I would argue that the enjoyment of at least a portion of one's time, be it at work or play, is an important element in a functional society.
Not of much use if you don't have control power, as you won't have HVAC functionality. Yes, you can get warned of a power outage, which 99.9% of the time will not just be control power, unless of course your wifi is not working...
I have wireless thermostats, not nest, but a simple lower cost brand item that I think is great. It doesn't need a battery as existing control power is used. It is simple, therefore needs no updates.
Its very easy to change the profiles for daily heating from a local browser. I can turn the heat down before I leave for vacation, and turn it back up just prior to returning. I can check while away to see what the temperature in my home is, so I know if there is a problem with one of my HVAC units.
I'm sure it has some security flaws in the eyes of the most critical , but I am not worried one bit. The cost/benefit/risk ratio is quite acceptable to me.
The one data collection service that makes sense to help get from A to B is traffic flow data. Participating in that can help us all. I use google maps traffic function almost daily and it helps me avoid congestion so I get to B faster and I don't make that congestion worse.
Otherwise, if I need data or information I'll use my phone.
What's the lifetime of the new incandescent bulb? Do they still burn out as fast as they used to? Or does recycling the heat cause them to take longer to burn out.ll.
Cycling is the greatest contributor to degradation, but the quality of bulb varies so much that their is no good answer. As you say, LED bulbs have now gotten cheap enough that its a no brainer. But we don't know the lifetime yet. While the LED chips are likely going to last, the cheap drivers are more likely to be what fails. I have my doubts they'll last as long as the claims.
After accounting for health status and physical activity, light to moderate alcohol drinking had no direct protective effect on mortality.
That is where one can be mislead by the article, as they are talking about an increase in health problems, not an increase in mortality. Specifically they talk about cancers, which in most cases are seen very late in life. So, basically, you have a small increase in added health issues right before you die.
Slashdot Mirror
Willingness to buy a smartgun does not equate to support of legislation to require only smartguns. That is the primary fallacy of the submitter.
They say they have the 'primary ingredients for an EMP attack", but no where do they talk about what is required to completely knock out the entire grid. There seems to be an assumption this can be easily done if you have some missiles and warheads. There is some conclusion jumping going on, its nice to leave that stuff out when one is writing such an article because it dampens reactions.
A couple of high altitude fairly large nukes would do the job just fine.
No, they would not.
Engineers at power stations are old farts, and they like things a certain way, the old way. PLCs communicate to other machines in the field using ancient serial protocols, proprietary back planes, and discreet data points. As Rockwell and Siemens and etc decide they need to wake up to the real world however they are putting more of their data over ethernet, but security is an afterthought, and there's your problem..
Security is absolutely NOT an afterthought at power stations. At least not in the US. That's simply flat out wrong. And those old fart engineers know what keeps a plant running reliably, they have very good reasons and experience to have things a certain way. A smart noob would do well to ask the old engineer exactly why they like things a certain way. Now, there are always going to be better ways that come along, but they won't come through ignorance of what has been working well for quite some time.
But many improvements and changes in how the grid is managed were implemented after that event, and even that even did not take down the entire grid. Taking out a few pieces of equipment will certainly not do it. Now, if you simultaneously blew up 50,000 key components across the nation, yes, you could wreak some havoc.
That statement speculates what might happen IF the whole grid was taken down by an EMP, but says nothing about what it would take to do so or if who has the capability. The article is paywalled so if it does specifically state what exactly China and Russia are going to use to take down the entire grid at once, I'd like for you to post it.
You may be able to take down a portion of the grid with a very very big EMP.
It is not surprising that there are ths many attempts, or that most of them are accidental. There are a staggering number of people flying, and a high number of guns in the US.
Flying is also stressful for most people, at least as far as getting from the house to the airport. Worrying about time, where to go, security lines, crowds, etc. I can see why some people might forget things that should be otherwise obvious.
Sigh. Brrr, that was cold.
In contrast, when the last Soob went off to the junkyard, I bought a used Subaru, and over the last three years I've had to replace the transmission, two CV joints, the shocks, and am about to have to replace the u-joint/cv joint...
An important distinction between buying used vs new is risk. Those that are good at minimizing the risk can come out way ahead buying used vs. new over a series of purchases. The key with used is to get a good deal to start with (which means patience and saying no), so that even if you have a large repair expense you still come out ahead, and make sure the car is a reliable model and in great shape.
I have a Camry I bought almost 4 years ago, have put 50,000 miles on it, have had no costly repairs, and could sell it for about $2,000 less than I paid very easily.
It is normal practice.
Many moons ago, I had a friend who was a nuclear engineer at a power plant. His plant didn't have a separate computer network for the reactor simply because computers weren't allow to connect to the reactor. Anything piece of hardware with enough complexity to achieve Turing completeness was forbidden. When he wanted to add a monitoring circuit somewhere that included more than some piddly number of transistors, he had to document ever possible state that the system could enter.
That has been common practice for years. You can use one way 'data diodes' to pass information from control systems to monintoring networks, but even those monitoring networks are segregated from the corporate business network, which in turn has the only internet connections.
>> two separate networks...
Yes, there are.
>> the government doesn't have regulations about it.
Yes, it is does. ...
And Yes, it is being carried over to every other generation and transmission entity (in the U.S., at least).
I love sensationalist reporting.
There certainly is published regulation regarding US nuclear power plant cyber security. There is less available regarding weapons facilities. The author chose his words carefully to make sure the average reader does not distinguish between the two, nor facilities that do nuclear related R&D but have no significant amount of nuclear material that would pose any kind of threat.
You thought just like the author wanted you to think, regardless of the facts.
Because of the secrecy surrounding military nuclear facilities, it was impossible to determine the levels of cyberprotection used to protect nuclear weapons in the nine countries known to possess them.
My initial reaction would be that anyone who allows an internet connection anywhere inside a nuclear power plant, storage facility, or weapons system is in serious need of psychiatric help. Is that going to make office work, etc a bit harder? I should think it will. So what?
And, although nuclear power plants are not the facilities they are talking about, and although nuclear plants absolutely don't connect their controls to the internet, you have reacted exactly as the authors wanted you to.
Just a little thought, why does the network that control of a nuclear facility need to be connected to the internet? I'm not saying it should be unplugged, but why they couldn't simply make two separate network? One for computer, the other to control the facility.
It isn't connected to the internet . These authors do a good job of confusing the reader. They do not distinguish between systems that control actual nuclear related equipment, communications and administrative networks, facility controls (hvac), etc. They also dont distingush between facilities that do nuclear research in a lab with little risk to start with vs those that process high grade materials vs those that just store materials. And they try to make some jump to conclusions that power plants are included, all of which works toward their agenda.
Unfortunately, fun does not perpetuate a functional society.
No single thing does, but I would argue that the enjoyment of at least a portion of one's time, be it at work or play, is an important element in a functional society.
Not of much use if you don't have control power, as you won't have HVAC functionality. Yes, you can get warned of a power outage, which 99.9% of the time will not just be control power, unless of course your wifi is not working...
I have wireless thermostats, not nest, but a simple lower cost brand item that I think is great. It doesn't need a battery as existing control power is used. It is simple, therefore needs no updates.
Its very easy to change the profiles for daily heating from a local browser. I can turn the heat down before I leave for vacation, and turn it back up just prior to returning. I can check while away to see what the temperature in my home is, so I know if there is a problem with one of my HVAC units.
I'm sure it has some security flaws in the eyes of the most critical , but I am not worried one bit. The cost/benefit/risk ratio is quite acceptable to me.
The one data collection service that makes sense to help get from A to B is traffic flow data. Participating in that can help us all. I use google maps traffic function almost daily and it helps me avoid congestion so I get to B faster and I don't make that congestion worse.
Otherwise, if I need data or information I'll use my phone.
Most people wear watches on their off hand, so it won't be a problem.
What's the lifetime of the new incandescent bulb? Do they still burn out as fast as they used to? Or does recycling the heat cause them to take longer to burn out.ll.
Cycling is the greatest contributor to degradation, but the quality of bulb varies so much that their is no good answer. As you say, LED bulbs have now gotten cheap enough that its a no brainer. But we don't know the lifetime yet. While the LED chips are likely going to last, the cheap drivers are more likely to be what fails. I have my doubts they'll last as long as the claims.
Man, what an irritating neighbor!
After accounting for health status and physical activity, light to moderate alcohol drinking had no direct protective effect on mortality.
That is where one can be mislead by the article, as they are talking about an increase in health problems, not an increase in mortality. Specifically they talk about cancers, which in most cases are seen very late in life. So, basically, you have a small increase in added health issues right before you die.