Putting the Grid on the net has to be the most idiotic thing even done since the down of men, they may as well put a giant (electric) sign pointing to unlocked doors of electric centrals or put the key under the matt.

Electric plant should be completly isolated from the Net and phone line shoudl be for VOICE call only. In fact it should be a law.

Charge me a couple of cents more, but please equipment inside a electric plant is the last thing that need "net" access.

it's probably all locked up (for security reasons) and managed over the net from India or where ever to save on costs, to them not the consumer.

Just leaving.

Hollywood has already shown us how vulnerable we are to cyber attacks. We're all doomed unless our leaders wise up and do something about it.

I love it when a pedant makes an ass of himself.

As the article states they are not named for the red berry but for the "surname of Tom Rasberry" and if he wishes to spell his surname in that fashion and the ants are named for him then they are rasperry ants and not raspberry ants.

I am a Controls and Instrumentation engineer for Gas turbines, and we do Scada interfaces quite often. I personally have never seen a control system directly connected to the internet. They are connected to a plant network that may or may not have a internet connection, most often the protocols for communicating to the scada are proprietary and as such would require the theorectical hacker to have the specific scada package used at the plant installed (these cost thousands, and would be diffcult to find on bittorrent etc). These packages would also have to be configured correctly and have the control program, or at least the tag database to be able to do anything at all. A ddos would be ineffective unless it brought the internal network down too. So it would be possible to shut down the remote interface over the network, however this would not shut down the turbine itself as in the event that the connection is lost to the remote interface the local control cab would take over.

I am not saying it is impossible but it is not nearly as easy as it may sound. The chances are that the only people that would be able to do anything dangerous would be the manufacturers or operators of the control system. All of which would have their name written all over the attack. So, only a complete fool or someone under incredible duress (being tortured to do it) would even try.

The threat to the supply grid is vastly greater from the lack of funds to do the required maintenance.

The lesson of the blackout in New York a couple of years ago does not seem to have been learned.

They will have to learn the real hard way , when a wide spread failure happens

They have been close to this a few times apparently l

I expect paying for the Iraq "liberation" and giving them peace and joy, has sucked up the necessary funds.

I wonder when the next highway bridge collapse will happen. The national roading network has been have studied neglect for years and a good disaster will be needed to make them aware of the folly of neglect of another vital network

President Eisenhower , the bloke who saw the need for a good roading system must be whirling in his grave.

Land of the free etc is more like the land of the fools.

Peace and Joy to you as well.

\

Bruce Sinton wrote:

"President Eisenhower , the bloke who saw the need for a good roading system must be whirling in his grave."

So wrap him in copper wire and get a few big magnets and there's your secure electricity supply....

"only a complete fool or someone under incredible duress (being tortured to do it) would even try."

Or a disgruntled employee (present or past) with the required experience, how unlikely is that?

I used to work for Modicon, and Modbus was my 2nd language, and it's still the primary language for much of the controlled equipment out there. After that I spent some time working with a variety of SCADA package vendors and users, many in power generators and regional electricity companies. My experience says this stuff isn't quite the rocket science you want people to think it is.

All that's irrelevant anyway. To achieve the desired result (disruption of the control systems and reversion of the system under control to some fail safe mode eg shut down), how much in depth knowledge of the SCADA package do you need?

None. That's how much.

You just need to know one or more ways to stop the SCADA package working normally.

A trivial way of stopping many SCADA packages working normally is to disrupt the underlying platform. It's usually trivial, given that the underlying OS is usually Windows - I don't suppose there's much OS/2 or VMS or whatever around in SCADA these days, because ten years or more back the PHBs all wanted "open" systems, which then miraculously became Window boxes because they were "cheaper". Too right they were cheaper...

Around the time of MS Blaster worm (August 2003), iirc there was a big electrical shutdown in NE USA. Mr Gates, and the people installing his stuff in the SCADA world, should have had a few sleepless nights around then, and people would do well to remember those nights now.

Best laugh I've had all week. Thanks.

It may be rare, and there may be proprietary systems providing security by obscurity, but the up-and-coming prevalence of ZigBee will no doubt present an opportunity for poorly written systems to allow access into these systems. Just like encryption, obscurity only buys time.

everybody's missing the point.

1) If it's accessible, it's visible.

2) If it's visible, people are going to poke at it.

3) If you poke it, it might "ACK!!! PHBBPPT!!!" and die spontaneously.

Being a programmer, and an old hand at MS-DOS and the Windows genre, I know just how little it takes for an unhandled exception to crash the entire system. And you never know what exception it will be until it crashes - that's why it was unhandled in the first place.

Maybe if they tried writing mathematically secure, compact device drivers for the electric grid, and made a tight, no-frills, non-Windows OS to boot it on, and kept it off the Internet (by using direct cable connections between sites), then maybe, just maybe it'd be completely safe. Until a backhoe driver cuts the cable and drops the entire country into darkness.

I tell you, the longer I live in this world, the more it seems we're heading backwards into candles and horseback riding.

We need a "Bill the Cat" icon. And a Pan-Galactic Gargle Blaster icon. Seriously, it's only one more row of icons. :)

Don't worry...be ACKey...

"I have noticed that her in blighty you could take out the grid with an enthusiastic use of spanners. Maybe an angle grinder if you like sparks."

You might be able to take out a small part of the electric grid this way if you didn't get electrocuted or caught. Unless all you wanted to do is blackout a few hundred premises around a small local transformer or chose your timing very carefully, the part you attacked would probably be adequately backed up by the redundancy of the grid as a whole. During the miners' strike in the eighties a couple of miners trying to prevent the delivery of coal energy via the use of the high voltage grid got arrested for trying to cut down a pylon. It didn't work then, even with thousands of angry, strong and practical people potentially on the case. Wannabe scrap metal thieves have been interested in this for years. In practice doubling the voltage of line plant cuts losses two ways, by halving the current and so quartering the resistive losses and by ensuring physical disruption to the network is likely to involve a short life expectancy for those who try.

But I still reckon it takes someone with background knowledge of the specific system. Fundementally the control is still performed by a PLC or similar device local to the generation equipment. Even if the entire SCADA system was brought crashing down and IF this were to cause a shutdown of the turbine (which it would not in all cases) it would take maybe 5 mins to bring it back up isolated from any network.

The real danger would be if a hacker with sufficient knowledge gained access to the PLC's internal program and enabled I/O forcing or started deleting/disabling rungs of logic. This could lead to the destruction of equipment in the field (some of these turbines I have seen are about 120 MW, which would leave a substantial hole/blast area). Anyway I stand by my statement that an attack on these systems would be traceable relatively easily. And most of the people that could do something like this, wouldn't.

AC,

Please see link below stating that the largest Gas Turbine in the world is in fact 150MW

http://w1.siemens.com/innovation/en/publikationen/publications_pof/pof_fall_2007/materials_for_the_environment/world_s_largest_gas_turbine.htm

The article, if you read it properly attempts to attribute the lack of security to the SCADA systems primarily. I am merely pointing out that in fact these SCADA systems are not particularly vulnerable to the most common attacks by way of actually damaging the fundemental power generation machinery, just the scada terminal itself.

Couple this with the fact that the low level control can be very easily isolated from any network and continue to produce power and you see that this story is quite heavy on the hype, but thin on the danger.

The "higher level" of control matching demand can actually be achieved easily over the phone between the grid and individual plants. As happens in many parts of the world. ( I work all over the world, not just the UK/USA.)

A lot of power stations also have black start capability so even if the grid was down in its entirety it is still possible to restart quite readily, with just local control (maybe an hour or 2 depending on size and complexity of the plant (coal,/gas), except perhaps nuclear stations of which I have no experience).

I am not questioning your knowledge which may well be in advance of my own, but in relation to this story I believe it is just another attempt to scaremonger people into submission and spending on "security". (Does security actually exist anywhere ever?)

That link shows that the largest GT in the world is in fact 340MW. I was wondering how a 1.2GW GT could hold together under such huge forces. It can't it would appear, but my mistake in previous post stating 150MW.