US Scrambles to Keep Fuel Flowing After Pipeline Cyberattack. Russian Cybercriminals Suspected

A ransomware attack affecting a pipeline that supplies 45% of the fuel supplies for the Eastern U.S. has now led U.S. president Biden to declare a regional emergency providing "regulatory relief" to expand fuel delivery by other routes.

Axios reports: Friday night's cyberattack is "the most significant, successful attack on energy infrastructure" known to have occurred in the U.S., notes energy researcher Amy Myers Jaffe, per Politico. It follows other significant cyberattacks on the federal government and U.S. companies in recent months... 5,500 miles of pipeline have been shut down in response to the attack.
The BBC reports: Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer... Colonial Pipeline said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service. On Sunday evening it said that although its four mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational...

Independent oil market analyst Gaurav Sharma told the BBC there is a lot of fuel now stranded at refineries in Texas. "Unless they sort it out by Tuesday, they're in big trouble," said Sharma. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York..." The temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity, Mr Sharma warned.
UPDATE (5/10): "On Monday, U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not been disrupted," reports the Associated Press, "and the company said it was working toward 'substantially restoring operational service' by the weekend."

CNN reports that a criminal group originating from Russia named DarkSide "is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official. DarkSide typically targets non-Russian speaking countries, the source said... Bloomberg and The Washington Post have also reported on DarkSide's purported involvement in the cyberattack..."

If so, NBC News adds some sobering thoughts: Although Russian hackers often freelance for the Kremlin, early indications suggest this was a criminal scheme — not an attack by a nation state, the sources said. But the fact that Colonial had to shut down the country's largest gasoline pipeline underscores just how vulnerable American's cyber infrastructure is to both criminals and national adversaries, such as Russia, China and Iran, experts say. "This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe," said Andrew Rubin, CEO and co-founder of Illumio, a cyber security firm...

If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free reign to criminal hackers who target the West, said Dmitri Alperovitch, co-founder of the cyber firm CrowdStrike and now executive chairman of a think tank, the Silverado Policy Accelerator. "Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cyber crime," he said.
Citing multiple sources, the BBC reports that DarkSide "infiltrated Colonial's network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet... "

The BBC also shares some thoughts from Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online: Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic — the rise of engineers remotely accessing control systems for the pipeline from home. James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.

He says it is possible for anyone to look up the login portals for computers connected to the internet on search engines like Shodan, and then "have-a-go" hackers just keep trying usernames and passwords until they get some to work.

"We're seeing a lot of victims now, this is seriously a big problem now," said Mr Chappell.

Corporation are no longer victims.

[Gravis Zero]

People seem to get confused a lot when it comes to companies being slammed by ransomware. Corporations that get ransomware'd are not the victims here, they are in fact the perpetrators. What they did was neglect security to such an extent that they have no backup plan. Their systems could not be restored quickly from backups and they didn't put money into ensuring the software they use was bulletproof. This kind of attack is inevitability and they did nothing to prepare for it.

Re:

[Mal-2]

We don't know that they did nothing. Clearly they didn't do enough, but that doesn't prove negligence. It does suggest it, but that's the old saw about incompetence rather than malice.

Re:Corporation are no longer victims.

[bloodhawk]

yes it really does prove negligence, being hit doesn't, not being able to recover rapidly after being hit DOES.

Re:

[gweihir]

Being hit does indicate negligence and should be investigated. Being unable to recover does indicate negligence but does not prove it. It should be investigated as well, though.

Re:

[Entrope]

They probably have a disaster recovery plan. But almost always, they would only be able to restore to their vulnerable state. Until they figure out how the attackers got in, and how to plug that hole, just restoring a backup won't fix the problem.

Re:

[bjwest]

Until they figure out how the attackers got in, and how to plug that hole, just restoring a backup won't fix the problem.

The attackers got in because this critical infrastructure system was connected to the internet where anyone anywhere in the world could attack it at their leisure. Remove that vulnerability and you eliminate 99% or more of the attack vectors.

Re:Corporation are no longer victims.

[1s44c]

Incompetence is a choice. It's the choice to not invest in competence. It's a rational PHB decision to not spend money on competence and take it as bonuses instead. If the worst happens they worm their way out of responsibility but they keep their bonuses.

Re:

[ceoyoyo]

Not doing enough is pretty much the definition of negligence.

Re:

[Powercntrl]

Or how about this: Don't connect critical systems to the internet.

Why is that so hard to understand?

Re:

[thegarbz]

Why is that so hard to understand?

It seems you've never looked at a pipeline before. If you did you'd understand it, or you'd just massively increase the cost of your pipeline to the point of being unviable. Mind you a pipeline that doesn't get built is likely not going to suffer from an attack either so maybe that's just some 4D chess you're playing there ;-)

Re:

[fuzznutz]

Because pipelines didn't exist before the Internet.

Re:Corporation are no longer victims.

[CaptQuark]

What they did was neglect security to such an extent that they have no backup plan. Their systems could not be restored quickly from backups and they didn't put money into ensuring the software they use was bulletproof. This kind of attack is inevitability and they did nothing to prepare for it.

None of those claims are substantiated by the press release. They could have perfectly adequate backups, but why restore to a point where you know there are vulnerabilities? Also, restoring from backups takes you to a prior state which might not be the best option. Changes in storage levels, the status of hundreds of valves, forensic information could all be lost by just restoring from the backups of three days past.

Also, almost any remote access software is going to have a major weakness - the human element. The bad guys may have been testing for weak user/password combinations for weeks before they found a valid logon account. Two factor authentication can reduce this vulnerability, but even that has the potential for a vulnerability. As the many hack-a-thons have proven, even the best maintained software can have zero-day exploits. To suggest they were negligent in their security is not supported in the information we currently have.

--

Re:

[PolygamousRanchKid]

The bad guys may have been testing for weak user/password combinations for weeks before they found a valid logon account.

I don't get this at all. On my company's systems my new passwords are checked for strength. If a password is weak, I get a pop-up saying: "Grow up and get a real password, kid!"

My company checks passwords too

[aberglas]

And I use same password on all my porn accounts because I know it is a strong one...

Re: My company checks passwords too

[aRTeeNLCH]

Let me guess, it's truly hardened...?

And limit logins

[Kludge]

I am required to have strong enough passwords too, AND I get 8 failed attempts and then I get blocked. No way you can guess my password or anyone else's in 8 shots. I smell negligence.

Re:

[Canberra1]

Rubbish. Corporate Continuity is a CEO responsibility. DR plans are not about DR but include corporate continuity - that is the restoration of BAU business as usual. DR plans always include things such as undiscovered compromise or needing other post restore adjustments. Therefore simply stopping the pipes WAS the plan? Lets see the risk plan, and I hope it did not reduce to pick up the phone and call for help.

Re:

[DarkOx]

Also, restoring from backups takes you to a prior state which might not be the best option. Changes in storage levels, the status of hundreds of valves, forensic information could all be lost by just restoring from the backups of three days past.

All of that kind of thing should be addressed in a competent DR plan - and maybe it is. Which might be why it takes time. Servers have to get imaged or storage arrays have to be swapped out to preserve the forensic data. There probably are complex restart procedures for industrial process data gathering and control that likely requires engineers onsite etc. It all takes time.

But or our so smart slashdoter believes because that because they can click thru the Ubuntu installed and extract their tarball of /ho

Re:

[jbmartin6]

Also, we don't know what physical limits there are on restarting service after an emergency shutdown. Possibly there are a bunch of physical checks and tests they have to do before restarting

Re:

[drinkypoo]

To suggest they were negligent in their security is not supported in the information we currently have.

Your facts were good but your conclusion is weak.

No critical infrastructure's critical control systems should ever be connected to the internet in a way that enables write access. There are hardware read-only links that can be used for monitoring.

The fact that an internet-based attack can shut down critical infrastructure frankly proves that their security is negligent.

Re:

[DarkOx]

No critical infrastructure's critical control systems should ever be connected to the internet in a way that enables write access

I am sorry but this dumb. The reality is remote access from where the engineers who can support these systems are actually at (which means internet) is pretty important. Something like a large forest fire might mean engineers etc can't even get to some kinds of industrial sites safely or might have to evacuate.

Being able to do things like remotely shut valves on pipelines that might be in the path of such a catastrophe is a good thing! There might be some exceptions like managing that nuclear reactor etc,

Re:

[aaarrrgggh]

This is much less about negligent security than it is about nothing can be perfectly secure. Remote access can be pretty darn secure, but many of the systems that were put in place during the early days of the lockdown were bootstrapped.

I am a bit baffled by why exactly their pipeline systems were impacted by a data exfiltration attack though. Even a lazy remote access system should have sufficient logging to identify a breach on the SCADA systems.

Re:

[thegarbz]

and they didn't put money into ensuring the software they use was bulletproof.

Do you have meteorite insurance? I mean you could got struck by one at any point. Why didn't you invest in this. Why leave yourself open to a risk rather than make something "bulletproof"? /s Okay sarcasm aside the fact that you think that you can completely secure against this kind of thing shows an incredible amount of ignorance. Defense in depth is the name of the game. Business continuity strategies are what should be invested in.

The idea that just pouring a little more money into security makes this al

Re:

[gweihir]

Indeed. Regular _independent_ security reviews and pen-tests are mandatory if you provide a critical service. Apparently they had nothing of that. The whole things sounds like some amateurs or low-skill criminals got in easily. Also, how can somebody exfiltrate 100GB of data and nobody notices?

Re:

[Canberra1]

Mod up. See SSID and BSSID, WiGLE and Google Maps. Probably most of these are still unprotected, and advertising their vulnerabilities. Get them to produce their risk plan, and manual recovery times, and who signed off on it. By law, they are supposed to have up-to-date risk plans, and after solarwinds and similar attacks, everyone should have been on red alert. BTW it appears their backup/Restore plan was also deficient, and some hints that intrusion logs may have been pregnant with wild login guesses.One

Re: Corporation are no longer victims.

[sonoronos]

At first, I thought I disagreed with your comment. However, the more I thought about it, the more I realize that you are correct.

As sysadmins of servers that are not even close to critical infrastructure, we receive non-stop 24-7 attacks over the network.

Worse, the intimation here is that a country with national infrastructure that is silly enough to architect itself into cyber vulnerability, combined with lax security policy that makes it possible for itself to be ransomwared into shutdown (which by itself

Re:

[Canberra1]

Let me explain BSSID's and WiGLE and SSID's. Suppose you work in a secure facility, or rather a facility that is a critical bit of infrastructure. SSID's tell you lots, if you map them back to the plant. When the engineer goes home, its location is logged, and the BSSID or Mac address tells you a lot about that laptop. Two big companies allow you to search... You could really design some clever scenarios - even script kiddies. Now google your own SSID and gasp. An attack is inevitability. The quality of t

Re:

[Ogive17]

That's quite an ignorant take on the situation.

Humans are often the weak link. The company could have done everything right only to be done in by a random employee to was phished.

Backups are also not instantaneous. I learned quite a bit when my employer was hit last year. It took a few days to get the most critical systems back online, remaining network drives were down for a couple weeks. Any infected PC had to be completely wiped. Can't just flip a switch and be operating again.

Re:

[LostMyAccount]

It's possible they had an elaborate plan but it didn't work right.

I know I've seen most all organizations struggle to get this right. It's colossally expensive and there is constant financial pressure to not spend money on idle resources, the kind almost necessary for credible DR/recovery plans.

Even the ones that do make a big effort to at least try struggle with actually making it work, a problem compounded by organizations' lack of willingness to endure downtime on dry runs or other ongoing DR practice to

Re:

[DarkOx]

This is all spot on. The other truth about enterprise DR is you may have plan, you may have run books, you might have strategic assets - it all seems solid right up until you get punched in the face.

I remember the great east cost power outage. We had generators for our data center and stand by fuel delivery contracts from multiple vendors. - Guess what it turned out when you have power over that large a region everyone wanted diesel and we could not get it. Our standby site - ~100 miles away - no power ther

Re:

[GrumpySteen]

Yeah... blame that victim! It's not like they buy control systems from third parties. They should just spend more to buy the magical (and somewhat inconveniently non-existent) hardware that has no vulnerabilities!

Capitalism will save us all if we just spend more money!

Re:

[ceoyoyo]

Governments should really be creating intelligence units to hack their own infrastructure and uncover this kind of negligence. Whatever the gang wants in ransom it's probably a deal, but it would be better if the money didn't go to criminals.

Re:

[Inglix the Mad]

I agree, in part. However let's take this a step further:

The corporation that was attacked wasn't a victim, however their customers (who are US citizens and companies) are victims. This means those victims deserve not only compensation from the attackers but, should the attackers be state sponsored, that state. Since the state that (likely) sponsored the attack will be unwilling to pay up, it's up to the US government to respond in-kind with an extra dollop of F-U to the nation state playing games.

I'm

If the remote access explanation is true...

[93 Escort Wagon]

I wouldn't be surprised if we eventually find out the remote access solutions were set up and configured by the petroleum engineers. After all, if they're knowledgeable about one technical subject, they must be knowledgeable about every other technical subject...

Team Viewer? Seriously?

Re:

[evanh]

Much more likely to be the MBAs directing all that. Often even chiding the engineers for not having used the conferencing software before.

Re:If the remote access explanation is true...

[thegarbz]

This is isn't the fault of engineers. This is the fault of management not segregating responsibilities between people who know what they are doing.

We dinged a site for this during a consultancy visit recently. Big red mark on the report: You have no IT people in the team managing your control system. The site had no idea what we were talking about so we expressly had to spell it out for them: You have a bunch of process engineers who trained how to use vendor software, and how learnt what firewalls and security are from a 1 week online course.

Hire the right people. Segregate responsibilities. That responsibilities lies with managers, not with people who don't know any better forced to work in areas outside their expertise.

Re:

[gweihir]

Old story: Hiring cheap people or no people is usually very expensive in the long run when it comes to IT.

Re:

[swillden]

This is isn't the fault of engineers. This is the fault of management not segregating responsibilities between people who know what they are doing.

We dinged a site for this during a consultancy visit recently. Big red mark on the report: You have no IT people in the team managing your control system. The site had no idea what we were talking about so we expressly had to spell it out for them: You have a bunch of process engineers who trained how to use vendor software, and how learnt what firewalls and security are from a 1 week online course.

Hire the right people. Segregate responsibilities. That responsibilities lies with managers, not with people who don't know any better forced to work in areas outside their expertise.

While what you say is true, it raises the question of how management is supposed to know that process engineers who say they've got the security thing under control are wrong. Just how much specialization is required is something that only experts know.

In your example I think management did an excellent job: They hired some expert consultants to come look at their system and find out what they were doing wrong. Well, assuming they then acted on the expert recommendations. If they didn't hire IT staff -- i

Re:

[thegarbz]

While what you say is true, it raises the question of how management is supposed to know that process engineers who say they've got the security thing under control are wrong.

Well two things:
1) Sites which have the problem almost never ask the question, rather they dictated the "solution" (send em on a training course) which caused the problem in the first place.
2) Management is paid to understand when to seek external advice. Management fundamentally doesn't understand most things which go on in detail. Trusting your own people on security is just poor management which is precisely why consultancies, assurance, standards, best practices, etc, etc, etc exist in the first place.

T

Re:

[Entrope]

Do you think there aren't chemical engineers who know cybersecurity? My wife is one. She started out with a specialization in control systems, and that general field recognized a long time ago that cybersecurity was important. Now she has switched to security entirely, and she's not the only one to have done so (especially after her first employer moved their R&D company to Texas). She's more familiar with the NIST SP 800 series than most of my CS and EE coworkers.

Re:

[DarkOx]

Your wife sounds like the kind of person I'd want on my staff designing security policy around ICS.

You are kind of making the grand parents point though. I don't think they were implying that someone with a chemical/process engineers background can't do cyber security but more that someone needs to make it their business to specialize in that, keep abreast of the issue learn standards etc. The person focused on what temperature the distillation column needs to be held at, and if reagents are being consumed

Re: If the remote access explanation is true...

[reanjr]

If you don't provide proper SSH or RDP access, you're just begging for your employees to open holes in your system with Team Viewer et al.

If they didn't use VPN someone needs to get fired

[Pinky's Brain]

Sure VPN gateways can have exploits too, but VPN with smartcard/usb-tokens is the minimum to be expected. Maybe on short term without dedicated laptops if there's a mass influx of remote workers, but they should have intranet only company laptops ASAP (VM based separation will just confuse the normies).

pot, meet kettle

[Tom]

"Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cyber crime," he said.

Says someone in the USA. The country that invented spam and is also in the top 10 sources of cyber attacks.

Re:pot, meet kettle

[kot-begemot-uk]

Russian cybercrime long left Russia. As their own infrastructure recovered from the hell of the 90es, their tolerance for cyrbercriminals dropped. They now have a working bank system, etc and their powers that be take a very dim view of cyrbercriminals - it hits the pockets of the wrong people.

Russian cybercrime is now elsewhere - The core is in Transnistria (moved there as early as the early 2000s) and Ukraine (both Ukraine proper and the rebel enclaves). There is significance presence in the Baltic states (corrupt law enforcement and excellent connectivity). Some things like f.e. bot farms are operated out of really weird locations like Turkmenistan. Some operations are even further afield - bot CNC can be found in some of the Pacific and Indian ocean island nations, etc.

Proof in point - a sizeable chunk of the Solomon Islands network allocation is listed in various GeoIP databases as Russian. That's for a reason - it runs the Russian mob bullet proof hosting.

Re:

[Viol8]

"and their powers that be take a very dim view of cyrbercriminals - it hits the pockets of the wrong people. "

You'd have to be a particularly cretinously stupid russian hacker to hack sites in your own country because when (not if) they caught you your lifespan going forward would probably be measured in minutes (Ooops, hacker stepping in front of gun. Me very sorry) But I doubt the putin regime cares too much if foreign non ally sites get blizted and in fact it may well have its tacit blessing.

Re:

[DarkOx]

I doubt the putin regime cares too much if foreign non ally sites get blizted and in fact it may well have its tacit blessing.
Flag as Inappropriate

I would not count on that. Sanctions or no sanctions you really think those kleptocrats don't have international investments or international investments that have international investments.

Don't miss understand I am not saying Putin and his favored domestic allies will never attack western interests or anything of the sort just that they are very unlikely to think willfully ignoring or actively condoning indiscriminate attacks by criminals serves their personal or Russia's national interests. They care about the specifics of the where, when and what. This isnt the 18th century and they are not issuing defacto letters marque to attack anything with a US flag on it.

I would say a lot of this higher-end ransomware/cyber crime type of attacks where there is some evidence the victim was actively targeted are either state sponsor and coordinated or if it is purely criminal enterprise it is viewed as undesirable by the host regime even if they are not willing to commit the resources to put a stop to it.

Re:

[JaredOfEuropa]

Today, well personally I felt safer in St. Petersburg than I did in Rome, for example.

At some point, the leadership of state organs (Putin's FSB not being the least of them) involved in fighting organised crime in the 90s took a look at what was going on and said: "we can run this racket better". And they do not tolerate any competition. Fast forward to today, and you see a Russia with safe streets and even some prosperity, but run by thugs. As a simple tourist or small time businessman it might be harder to cross the wrong people, but when you do, you will not be safe even when you retur

Re:

[Tom]

and you see a Russia with safe streets and even some prosperity, but run by thugs

I'd call it a corrupted class of rich and well-connected. Not so much different anymore than in the West, unfortunately. On the face more civilized, but the amount of corruption in our governments is beginning to put African countries to shame.

Re:

[quonset]

Today, well personally I felt safer in St. Petersburg than I did in Rome, for example.

Of course you would. St. Petersburg is where the Internet Research Agency [theatlantic.com] is housed. Putin wants to make sure all those folks posting lies on FB, Twitter, et al are protected. After all, they did such a great job in 2016 helping the Russian asset get elected [businessinsider.com].

Re:

[Tom]

And I guess Navalny is a terrorist

I don't know. I don't have enough reliable information to judge. According to the media here, Navalny is a freedom fighter and important opposition politician. According to some of my Russian friends, he's some YouTuber with limited influence.

and putin is the saviour of his people too?

That's how many Russians see him and why he is so popular, yes. Your problem is that you think today, and you think from the outside. From the Russian perspective, as I've been told by actual Russians, Putin took charge when the country was in ruins and crime in the st

Re:

[Viol8]

LOL :) I'm not even american nor do I live there but nice try Igor.

Re:

[J-1000]

It's the 3rd most populous nation, so being 10th in cyber attacks means a lot of smaller countries are punching well above their weight.

Downtime cost

[misnohmer]

If the cost of this downtime is high enough, perhaps the company will re-think its security, or specifically the money spent on securing things. Nothing is unhackable, but with money you can make it prohibitively expensive to hack. People expect high security of banks guarding millions, so it seems reasonable to have similar expectations for securing infrastructure with downtime costs in millions, right?

It might be time...

[The123king]

It might be time to get all those PDP-11's off the internet, and replace them with something modern. Maybe get some Pentium 4's and install XP on them...

Re:

[storkus]

It might be time to get all those PDP-11's off the internet, and replace them with something modern. Maybe get some Pentium 4's and install XP on them...

You didn't read correctly then: didn't you see they were running Team Viewer and M$ RDP? That's EXACTLY what the did!

Re:

[93 Escort Wagon]

Hey, I have fond memories of playing Star Trek on the PDP-11 during my high school days...

The mind boggles

[gweihir]

One would think that an operation this critical and big has both the funds and the skills to secure its IT. Apparently some "manager" did this on the cheap or not at all.

What systems are affected?

[chipperdog]

I can't tell from the article if it the control systems affected or only business systems?

GOOD and this is why:

[couchslug]

Humans won't prioritize security unless they suffer for ignoring it.

We need MORE such attacks to coerce building robust systems. Nothing else will work because human nature.

BTW this pipeline worked fine before computers, which is a hint it does not require them. It should not be a goal to blindly infest every system with computers.

Working out well for Colonial

[oh_my_080980980]

Colonial Pipeline can use this to distract from their major spill in North Carolina.

The other thing is it appears Colonial intentionally took down their operational network down, over billing. Because they would not be able to invoice customers who receive fuel if their IT network is locked with ransomware, preventing them from being paid for fuel. https://twitter.com/KimZetter/... [twitter.com]

Ain't capitalism grand...

Re:I don't see the problem.

[Powercntrl]

Aren't those cars equipped with an always-on cellular connection? Just wait until Tesla gets hacked and the hackers push out an update which bricks 'em all. It seems like an absurd trope from a dumb Hollywood movie, until it happens.

Re:

[GameboyRMH]

Almost happened already:

https://electrek.co/2020/08/27... [electrek.co]

Re:

[niftydude]

Your solar panels still supply power to your dwelling when the grid goes down?

Re:

[Ol Olsoc]

Your solar panels still supply power to your dwelling when the grid goes down?

You think that solar panels need the grid to operate?

Re:I don't see the problem.

[Moridineas]

For most residential solar panel installs in the US, yes, that is absolutely true--if the grid goes down, the panels go down as well. The reason for that (as it was explained to me) is the power companies don't want solar systems feeding electricity back into the grid if lines are down, potentially zapping linemen and so forth. It is absolutely possible to install separators so that your house can completely isolate from the grid, and if you have a battery backup system you can isolate as well.

I had panels installed two years ago. I spoke to three different installers while getting quotes. All three said the same thing--very few residential installs can stay up if the grid goes down.

I had my system installed so that I can easily install batteries in the next few years, but at the moment I am also at the whims of the grid.

Re: I don't see the problem.

[OrangeTide]

my solar panels are grid tied, but there is a separate circuit that I can use for auxiliary things. turning that circuit on removes me from the grid. but my panels aren't quite powerful enough to run my whole house at full demand. so i have the aux going to its own plug. in a pinch i can charge a cell phone or run the fridge. something more elaborate could let me run water pumps and hot water heater, but like everything that costs money. (a transfer switch)

Re:I don't see the problem.

[lobiusmoop]

This is the 'Self Centered American' thing in one post. 'I have an electric vehicle so I'm fine, screw everyone else'.

Where are you driving to?

Does everybody else at your school or job have an electric vehicle? If not, you have nobody to teach you or no job to drive to,

Does everybody delvering goods to the store have an electric vehicle? If not, you have no food to buy.

Does everybody working at the power station have an electric vehicle? If not, you have no electricity, heating or tap water.

You need to stop concentrating on yourself and think about how everybody else is doing.

Re:

[swillden]

This is the 'Self Centered American' thing in one post. 'I have an electric vehicle so I'm fine, screw everyone else'.

Perhaps, but it's also worth noting the fact that when we get to the point where everyone is driving EVs (including truckers), and everyone has solar panels, this sort of problem will be much less painful. Distributed power generation is much more resilient than long, integrated energy supply chains, at least with respect to regional, short-term problems.

For that matter, even without the distributed generation, electrical power grids are easier to harden against both physical and cyberattack than long-dis

Re:I don't see the problem.

[thegarbz]

this sort of problem will be much less painful

Will it though? Nearly all the solar systems currently being put in residential houses cannot provide power when the grid is down as they rely on the grid to provide the frequency to synchronise against. Most of people slapping panels on their suburban home aren't buying fancy off the grid inverters or batteries to hold up their supply as a cloud passes over (and incidentally the reason why inverters rely on the grid because most systems aren't setup to be self sufficient anyway).

But I have a better question for you: In 2021 what has gone so horribly wrong that you are unable to rely on critical infrastructure? I mean you pay taxes and bills right? Rather than settling for solving the problem yourself you should instead be angry and demanding better from the companies supported by subsidies you pay for.

Other cultures

[DrYak]

This is the 'Self Centered American' thing in one post.

Speaking about regional cliché, let's also do the smug european version.

Where are you driving to?

To travel on week-end and vacations, mostly. (Tourism is also possible with public transportation here around).
Occasionally to transport groceries and other purchases.

Does everybody else at your school or job have an electric vehicle?

Several countries in Europe, including here around, have very good public transportation networks (which extensively rely on electricity. Which some countries like France produce nearly entirely without fossil thanks to nuclear. Or here around we benefit a lot from hydro). Most of the people don't drive to work.

Also in several cities biking to work is popular, and the current city I live happens to be big on bicycles.

(I personally have always biked-to-school and -to-work since forever, even in other cities).

My current employer doesn't even botter having a parking to begin with, that gives you a good idea of how little driving to work is criticial to the employee.
(On the other hand, they help with paying public transport yearly cards, and have rebates at car sharing companies).

So yes, in several European countries, a significant fraction of the workforce doesn't even rely on cars to go to work, and thus the whole society is less reliant on fuel, and a increase in price / decrease in availability isn't as devastating as in other countries.

Does everybody delvering goods to the store have an electric vehicle?

Surprisingly, the answer would be sort-of yes:
- some companies (like postal service) are massively switching to electric vehicles for most deliveries.
- other companies are switching to biofuels (e.g.: oils recycled into diesel ; agricultural waster fermented into ethanol ; urban waste fermented into methane)
- the whole country (Switzerland) is pushing massively toward rail instead of trucks for long range transportation.

The net result is that a few countries here around are a lot less reliant on fossil to do commerce and will be slightly less affect than you'd expect if your entire reference point is limited to the US.

Does everybody working at the power station have an electric vehicle?

Litterally yes. The power company love to show off the EVs that they charge, and advertise loudly that the electricity used to charge them comes from their renewable power production.

Though, again, most of the work force tend travel by public transports (see again topmost point of the list) so the "type of vehicle" question doesn't affect that many vehicles in practice.
That public transport tends to also be electrically powered (cue in advertising campain with power company slapping "this is powered by renewable power" billboards on tramways).

So end result: there a larger fraction of personnel at power companies that is going to be affected by less fuel availability than in the USA.

You need to stop concentrating on yourself and think about how everybody else is doing.

Luckily, in some countries, governments are doing some of that thinking and are putting some efforts to help reduce the reliance on fossils by offering alternative and creating incentives to using them.
But that requires putting public money into infrastructure. Yes, I know, sounds crazy.

Of course it helps that the population density makes it easy to instantly have lots of people benefiting by simply building a couple of km of rail tracks.
Whereas, to us, the USA sound like a country where you need to take a plane for 3 hours to reach any other place you need to go, and during the whole travel you'd be exclusively flying over desertic zones.

Of course all of the above depend on the perspective and the reference point.

-

Re:

[Anne Thwacks]

Europe, right?? Too bad I can't carry my ACP so I can protect my luggage from all the great cultural diversity.

Don't know what an ACP is, and I have no idea why you would want to protect yourself from a choice of food and music.

Where I live, we can eat a different culture's food every day of the month without walking more than 500 metres, and it is very rare to be shot by the police. (Although you might be run over by a pizza delivery moron on a push-bike).

Re:

[slashdot_commentator]

...oof, the smug...

Re:I don't see the problem.

[geekmux]

No problem, I have solar panels.

Who cares if the normies have their power plants running on fossil fuels shutdown? They're too stupid to install solar and drive on sunshine, they get what they deserve.

Think your grocery store gets stocked by sunshine and rainbows? Or your local hospital and critical supplies? Even your water?

Ignorance like yours deserves to starve to death.

Re:

[Admiral Krunch]

Think your grocery store gets stocked by sunshine and rainbows? Or your local hospital and critical supplies? Even your water?

Well at least the water comes from rainbows.

Re:

[excelsior_gr]

It's not ignorance, it's arrogance. It's the "screw you, I got mine" mentality. People like that already know the points you mentioned, they just don't care.

Re:I don't see the problem.

[GrumpySteen]

You don't actually think the OP, who posted under their real account, suddenly decided to post as AC and brag obnoxiously about having solar panels, do you?

It's an obvious troll post which you fell for.

Re:

[thegarbz]

It's an obvious troll post which you fell for.

The only thing obvious is that in 2021 you can no longer assume troll posts. Obvious stupidity is only obvious when the common folk don't demonstrate equal stupidity themselves.

In many cases it's better to call out stupidity (even by trolls) before some unwitting moron adopts their belief as legitimate.

Re:

[skam240]

Only Nuclear produced power can be reliable enough to leave oil behind.

Right because everyone knows that energy storage also only works during the day also.

Re:

[Ol Olsoc]

Only Nuclear produced power can be reliable enough to leave oil behind.

Right because everyone knows that energy storage also only works during the day also.

And this might come as a shock to the guy, but traditional power generation systems also use energy storage.

Turbine based systems have a real issue with sudden demands or sudden end of demands. Which is not the perfection some seem to think it is.

Meanwhile, we've only been hearing about these vulnerabilities for more than a decade. I guess it was too expensive to protect ourselves from them.

Re:

[ArchieBunker]

The sun doesn't shine in the winter?

Re:

[Ol Olsoc]

The sun doesn't shine in the winter?

And the earth is flat as well!

We've made it too easy for dumb people to get on the internet, don't you think?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[misnohmer]

It seems simple. Capture and possibly even extradition of said hackers would go a long way to disproving this. Let's wait and see whether that happens. If not, that means nobody is willing to do anything about those hackers, hence they are in fact harboring and tolerating them.

Re:

[jarkus4]

Extradition is pretty much impossible: US has no extradition treaty with Russia.

Re: Evidence?

[misnohmer]

If that means that they cannot capture and/or extradite the criminals targeting the US, can we conclude here and now that simlly because Russia has no extradition agreement, it automatically means they harbor and tolerate cyber criminals targeting US targets? Harboring and tolerating in this case jusy means allowing them to live there without being held responsible for their attacks.

Re:

[qaz123]

Oh yes. The US will just point a finger at someone in Russia and Russia will extradite that person to the US. That's what you want?

Re:

[gweihir]

So, capture and extradition without proof they even did it? You seem to not quite understand how the law works.

Re: Evidence?

[misnohmer]

No, capture after investigation and trial. Lack of investigation means tolerance.

Re:

[jlar]

It seems simple. Capture and possibly even extradition of said hackers would go a long way to disproving this. Let's wait and see whether that happens. If not, that means nobody is willing to do anything about those hackers, hence they are in fact harboring and tolerating them.

USA is the country of origin for over 10% of email spam. Did you capture and extradite these spammers to Russia or other countries where they cause damage (the cost of spam is hundreds of billions of dollars at least). If you don't do that it means that nobody is willing to do anything about those spammers, hence you are in fact harboring and tolerating them.

Is that really your logic?

Personally I do believe that Russian intelligence agencies of co-opt Russian criminal hackers to a much larger extent than US

Re: Evidence?

[sonoronos]

Yes, please. It seems awfully convenient that somehow during a Democrat presidency, suddenly an incredibly devastating attack on an oil refinery occurs, along with a non-stop media campaign pushing the message that Russia is involved. Weird. Or maybe not.

It seems totally warped to me that the politically minded canâ(TM)t even see that Republicans blame everything on China, while the Democrats blame everything on Russia. Without thinking.

I feel like Slashdot news feeds are like dinners with my conspirac

Re:

[quonset]

It seems awfully convenient that somehow during a Democrat presidency, suddenly an incredibly devastating attack on an oil refinery occurs, along with a non-stop media campaign pushing the message that Russia is involved. Weird. Or maybe not.

So it's like what happened in 2020 during a Republican presidency [forbes.com] where multiple government agencies were breached?

Re:

[quonset]

These are extremely serious allegations. Am I the only one who would like some evidence or at least arguments that Russia is giving hackers that target foreign targets a free reign?

It may very well be the case but there are also forces who wish to expand the rift between USA and Russia. So evidence, please.

Shut up, Vasily. And go work on your English. No one speaks like this.

Re:

[Fly Swatter]

Well, most hacking problems originate from those two countries, mainly because they are so big. And in those cases it is either state-backed or simply the state doesn't care or can't control their own problems. Eventually something like this will be so catastrophic it will be considered an act of war.

But just get those damn systems off the internet and things like this are less likely to happen.

Re:

[flyingfsck]

Russia is a petrol station with a flag on top. Its economy is about the same size as Italy and its military is about as strong as France. Russia is the USA's favourite bugbear, but goodness knows why - it would be pathetic if it wasn't so funny.

Re:

[jlar]

Well, most hacking problems originate from those two countries, mainly because they are so big. And in those cases it is either state-backed or simply the state doesn't care or can't control their own problems. Eventually something like this will be so catastrophic it will be considered an act of war.

I assume you mean: "most hacking problems in the USA" since USA probably has the most comprehensive and advanced state sponsored hacking operations of any country. Google "snowden revelations" for more information. The amount of personal information that the NSA collects (abroad without court orders) is huge. The US has however shown much more restraint in using offensive hacking capabilities than both Russia and China (probably due to the US being a democracy with rule of law. Russia and China on the other

Re:

[1s44c]

Nobody knows exactly what happened, but the nationality of the attacks is known with absolute certainty.

This was ransomware, not state level sabotage.

Re:

[jbengt]

This was ransomware, not state level sabotage.

North Korea, for one state, is known for making foreign exchange money through ransomware.
Also, Russian hackers are believed to be allowed by the Russian government to operate for profit as long as they attack the government's adversaries and do the occasional favor for Putin's buddies.
Israel / USA are known to have cyber-sabotaged Iran's nuclear power infrastructure.

Re: 4 years of russia collusion....

[reanjr]

And what happens if American hackers hack Russian target? You think they'd be extradited to Russia for charges? You think American courts would take the time to charge an American for a crime using Russian evidence?

Just because Russia looks the other way when hackers hack other nations, that doesn't mean they are supporting the hacks.

Re:

[GameboyRMH]

Two actually, it also accidentally led to the creation of the WipeOut series of sci-fi racing games - development of the first game only started because they essentially wanted the game for use as a movie prop.