DHS To Review Report On US Power Grid Vulnerability 138
CWmike writes "The US Department of Homeland Security is looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. Jian-Wei Wang, a network analyst at China's Dalian University of Technology, used publicly available information to model how the West Coast grid and its component subnetworks are connected. Wang and another colleague then investigated how a major outage in one subnetwork would affect adjacent subnetworks. New Scientist magazine reported on this a week or so ago, and the paper has been available since the spring."
Don't worry (Score:5, Interesting)
The US power grid is so ancient, convoluted and in such a massive state of disrepair that we can be sure we're safe from terrorists. They wouldn't even know where to begin to find a point in the system that could be used to trigger a catastrophic cascading failure like the one in the East Coast a few years ago.
Trees [wikipedia.org] on the other hand... trees are truly evil.
Re:not attacked via the web (Score:4, Interesting)
What a prawn.
Re:Power Station PLCs should _not_ be connected... (Score:1, Interesting)
I don't see the benefits of connecting them to the grid that can't be achieved through alternative means. That is, the data availability issues can be connected, but command/control functionality (ie, that which can be used to shut down service) should not be accessible from the internet.
Is there a reason you believe they should be?
Re:The amazing thing (Score:5, Interesting)
People have tried blowing up / cutting high-tension power towers, but it seems that either they're stopped part way through their plan, or simply never follow-through (ie. cutting one or more of the tower supports, but failing to taking down the line).
Very often attacks are attempted at night, but that's a bad time, since load is often low. One would need to wait until mid afternoon on a very high load day (even more ideally when some major lines are down for maintenance) - that takes advanced planning and good luck.
Furthermore, cutting lines, alone, probably wouldn't be enough to cause a cascade. One would very likely need to bypass / overwhelm (ie. in the 2003 east coast black out some of the monitoring computers were unresponsive due to a worm going around) some of the safety systems, as well, for a cascade failure to occur.
On a related note, detonating a nuclear device high in the atmosphere at the right location would likely do it, but that would be extremely challenging - more likely, a terrorist with a nuke, probably of very low yield, would most likely detonate it at ground level, which would minimize EMP effects.
Ron
I worked in Nuclear security... (Score:1, Interesting)
They required all employees to use the same identical 4 letter password, to which I objected but was forced to do. My first few weeks there I discovered a keylogger on two PCs using Spybot. I reported it to management and suggested they have everyone scan their PCs, they said I was overreacting. Their email service was hosted by a remote 3rd party provider in Texas, who could be reading all their mail because they were too lazy to set up one in house. I recommended an internal email server and also that everyone use public key encryption to sign emails on several occasions and was told, "You do it and take responsibility for it when it fails."
Customers, like nuclear weapons/energy facilities, sometimes requested encrypted email or transmissions of files and our lead developer refused to do that because it was too hard to figure out. So, he just sent everything plaintext through zipit/rapidshare websites, he'd sometimes send whole CDs zipped up. And, when I voiced concerns about security they told me to shut the hell up, literally.
Also, when I mentioned I had made my code secure against remote attacks, they told me to stop wasting time on that because none of these machines would ever be connected to the Internet. However, when I pointed my boss to an article about guards at energy facilities hooking wifi routers to the network, which he had assured me they weren't allowed to do, he just ruffled his feathers at me and told me not to worry about it.
Suffice it to say, they let me go, and kept the engineers that didn't care about security. I remember having a conversation with one of the developers in my team who didn't think secure code was important and I stated that actual lives depended on our work, his response was, "I don't care it is just a job, you take it too seriously." I guess I did, that's why I'm gone and he's still there.
and Smart Grid will let any 10-year-old crash all (Score:3, Interesting)
used to be, you had load dispatchers at switches in multiple areas. they had telephones and a small phone book of other dispatchers. under that system, the US became the world's dominant superpower and home of most wealth.
worth trying. not everything has to run on flash and crackberries.
Re:Don't worry (Score:3, Interesting)
Back around 2000 there was a complete failure of the SF Bay Area power grid when a couple of engineers activated the grounding switches to a local area of the power line before decoupling it from the main grid.
Re:Power Station PLCs should _not_ be connected... (Score:5, Interesting)
Not so fast. See the first paper in this bunch [digitalbond.com]. The authors managed to hack a Koyo and AB PLC Ethernet interfaces. The AB Ethernet card had lots of useful stuff in it, including a symbol table. From the symbol table I saw many backplane calls that you could use to communicate with the PLC. How well do you trust a hacked Ethernet module on a PLC backplane?
Having a physically separate port is nice, but it is no substitute for secure coding. If you think that coding is poorly secured in the PC world, you'll be shocked at what often gets done in embedded system coding.
Some PLCs and Variable Frequency Drives have been noted for their inability to handle Denial of Service traffic. I've seen that demonstrated myself. This is the official cause of a reactor SCRAM at Browns Ferry a few years ago.
Try a port scan of your PLC some time and tell me how many ports it responds to (DO THIS ON A TEST-BENCH --NOT PRODUCTION EQUIPMENT!). If you can identify everything that critter responds to, congratulations. If not, be afraid. Be VERY afraid. I've heard quite a few PLC models that have mysterious responses to ports where you wouldn't expect them to respond.
Real Time embedded systems are not good candidates for direct internet exposure. They're too difficult to patch in a timely fashion. Often the windshield time alone is prohibitive. And if you have any notions of pushing patches to them remotely, remember, these things control some pretty high speed/high power processes. You don't just patch them. There are process and safety implications that you need to consider. This ain't some office application where you can say oops and restore from a backup. Real physical things will happen and real physical problems will be created that you can't clean up with a simple code reversion.
Most of our infrastructure today has not been engineered with security issues in mind. There is still lots of Gee Whiz "Let's Share Data" synergy crap going on. This leads to all sorts of direct interconnections that aren't absolutely necessary. Many controls can be made over links that weren't intended for that purpose. It's not easy to split the data flows up any more because many organizations have been very profligate with their use of SCADA information and it isn't easy to find all the sources and sinks.
I'd love to post data from a PLC directly to the public. But I just can't sleep at night with something like that waiting to screw things up.
Good luck with your security, and I mean that quite sincerely.
Duh, the equipment is exposed (Score:3, Interesting)
Thermite is easily made/sourced from the components, timing devices are trivial. Thermite is not an explosive, but it would easily burn a hole in the top of a oil filled transformer housing, drop inside the transformer, burning all the way. I'm sure it would short the xformer, and ignite the oil inside. Same with generators, a thermite device placed on top would easily burn into the engine block or generator windings.
I'll leave the details out for the terrorists to figure out, but I see this as an easy attack for small cities. Larger cities will have the infrastructure more secure, but it is a large grid to secure. Too large. Modern society needs electricity like humans need air. I see my plan of attack as cheap, not too sophisticated for dedicated attacker(s) and probably effective, depending on how large a coordinated attack could be. It is very scalable.
What, who's at my door? DHS?
Re:Power Station PLCs should _not_ be connected... (Score:2, Interesting)