US One Step Closer To Electric Grid Cyberguards 74
coondoggie writes "The US Department of Energy this week officially opened up the bidding for a National Electric Sector Cyber Security Organization that would protect the nation's electrical grid from cyber attacks. According to the DOE, the agency has set an aggressive goal to meet the nation's need for a reliable, efficient, and resilient electric power grid, as well as improved accessibility to a variety of energy sources for generation. In order to achieve this, an independent organization is needed (PDF) to provide executive leadership to facilitate research, development, and deployment priorities; identify and disseminate best cybersecurity practices; organize the collection, analysis, monitoring, and dissemination of infrastructure vulnerabilities and threats; and enhance cybersecurity of the electric grid, including control and IT systems."
Easy (Score:3, Insightful)
Disconnect those systems from the internet and make sure the networks they connect to are not connected to the internet.
If they want to be able to monitor, then add sensors as needed and connect that system to the internet.
Dumbasses, all around.
3 step plan (Score:3, Insightful)
1. Don't put key systems on the internet
2. ???
3. PROFIT!
I have a great way to protect against cyber-attack (Score:3, Insightful)
I have a great way to protect the power grid against cyber-attacks: Don't connect it to the internet!
If there's no route to the power grid's control computers via the internet, then there's no way that a cyber-attack could affect it. And no, this doesn't mean that power companies can't connect to the internet to accept bill payment or requests to connect/disconnect service - just that they shouldn't allow anything critical to be CONTROLLED over the internet - and it also doesn't mean that they can't have a private TCP/IP network that for sharing information among their various systems, which obviously is something that they will want to optimize the power grid and power production to get maximum return on their high capital investments.
Re:3 step plan (Score:3, Insightful)
Re:Easy (Score:3, Insightful)
Um... Ok, you have a closed network over hundred miles of wires, what stops me from doing a "on the wire" attack? Just because something is not connected to the internet does not make it physically safe. unless you wrap your communications wire with high voltage power wires... then, it would be rather difficult to perform a physical attack.
Re:I have a great way to protect against cyber-att (Score:3, Insightful)
What you're saying is like saying we shouldn't run railroads across the Wild West because it's Wild. We needed both complete railroad networks, and a governable West. And we got both. And then we got everything else that could follow on a governable, railroad accessible West.
I'm afraid your analogy breaks down because no one is suggesting we don't provide electrical service to homes that have Internet service, which is what your train analogy would imply. They are just suggesting that grid control systems not be run by computers connected to the Internet, which is quite a reasonable proposition.
Not the only problem (Score:3, Insightful)
Forget the power grid, all our communication infrastructure is equally if not more vulnerable.
A year ago, all of South San Jose suffered a communication outage due to this intentional fiber sabotage:
http://www.pcworld.com/businesscenter/article/162910/fiber_cuts_slash_silicon_valleys_internet_arteries.html [pcworld.com]
I was driving south on 101 to Morgan Hill to work. About 3 miles north of my destination, my cell phone call was lost. At work, we had power but no internet, phones, or cell phones. We had radio, that was about it. It was later blamed on the fiber lines cut, which happened coincidentally right after the AT&T union contract had expired. Might as well been a terrorist.