Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Power Security United States News IT

US One Step Closer To Electric Grid Cyberguards 74

Posted by Soulskill from the take-off-your-shoes-before-replacing-that-fuse dept.
coondoggie writes "The US Department of Energy this week officially opened up the bidding for a National Electric Sector Cyber Security Organization that would protect the nation's electrical grid from cyber attacks. According to the DOE, the agency has set an aggressive goal to meet the nation's need for a reliable, efficient, and resilient electric power grid, as well as improved accessibility to a variety of energy sources for generation. In order to achieve this, an independent organization is needed (PDF) to provide executive leadership to facilitate research, development, and deployment priorities; identify and disseminate best cybersecurity practices; organize the collection, analysis, monitoring, and dissemination of infrastructure vulnerabilities and threats; and enhance cybersecurity of the electric grid, including control and IT systems."
This discussion has been archived. No new comments can be posted.

US One Step Closer To Electric Grid Cyberguards More

US One Step Closer To Electric Grid Cyberguards

Comments Filter:

  • Re:Easy Not quite (Score:3, Informative)

    by AJ Mexico ( 732501 ) on Friday April 02, 2010 @04:29PM (#31709662) Homepage

    Disconnect those systems from the internet

    Remember, a lot of these are old school systems. I know that a lot of remote SCADA (Supervisory Control and Data Acquisition) equipment was never on the Internet. Why? Because it had a modem instead. The electric utilities upgrade their stuff at glacial speed. I bet a lot of that stuff is still out there, and still has a modem connected and has weak to no security.

  • Re:I have a great way to protect against cyber-att (Score:3, Informative)

    by OzPeter ( 195038 ) on Friday April 02, 2010 @04:29PM (#31709664)

    I have a great way to protect the power grid against cyber-attacks: Don't connect it to the internet!

    I work in Industrial Automation, IE the kind that is used in Power Plants, Manufacturing Plants and basically anything else that is automated. The equipment and software is generally controlled by third party manufacturers. Of course as no software is really bug free, these manufacturers are continually releasing updates (although I have reported some of those practices on The DailyWTF) and they release these updates via .. The .. Internet.

    Fine, so how do I get my updates in a timely manner? Perhaps I should download from the public internet and walk the software across the air-gap to the secure Internet?? Well that sounds fine and dandy until you consider that right now (while I am slacking off) I am in VA and working on a manufacturing system in SC, so walking that air-gap would take at least a 6 hour, one-way drive just to get to the plant. So we are talking an extra $1000 on top of the project costs just to do a single, simple update.

    That kinda screws my effectiveness to do my job. And that is the base argument of why things are connected to the internet - convenience and cost. But the answer is not go backwards and take all the tools away. The answer is to provide better security on the systems that are connected to the Internet

    Two thoughts have crossed my mind while I was writing this:

    • The Internet's root DNS servers are connected to the Internet, but no one is running around screamin that the sky is falling because they are vulnerable. And if they get taken down then when are in deep shit
    • I have said this before, 1/2 dozen guys with SUV's and high powered rifles could easily take down the power grid in a matter of hours

  • Re:I have a great way to protect against cyber-att (Score:2, Informative)

    by mswhippingboy ( 754599 ) on Friday April 02, 2010 @05:15PM (#31710044)

    I have a great way to protect the power grid against cyber-attacks: Don't connect it to the internet!

    Nothing on the grid is, or will be connected to the Internet. Yes, you may find it amazing, but the IT folks in the energy sector have already figured this out, even without your advice! Duh..

    However, if you think that's all it takes to secure the grid you're even more naive than you sound.

    All of the transmission organizations I've worked with have their grid networks completely isolated from their "business" networks that may have some external connectivity. Most won't even allow a simple serial (as in RS-232) wire connection between these systems to transfer data (it's a royal pain when we need to get data from one network to the other and usually involves some form of sneaker-net).

    The problem is that even that level of isolation does not guarantee that these systems can't get hacked into. Some of the equipment on the grid is ancient and the cost to upgrade to something modern is cost prohibitive. Contrary to what most people think, power companies are tightly regulated by public utility commissions. They can't raise rates willy-nilly, so expensive upgrades usually don't get approved. Local politicians don't want their constituents pissed off because they approved a rate increase to enhance the infrastructure.

    This is going to be a tough nut to crack and I for one am glad to see that this threat is finally being taken seriously.

    Whether anything comes of it will remain to be seen.

Slashdot Top Deals

"Experience has proved that some people indeed know everything." -- Russell Baker

Close