my new favourite quote:
"... they've ignored the physics of how things actually work," Hines says.
"This can lead you grossly astray."
There have been a lot of scare stories in the media about electrical power grids in recent times, suggesting that it would be a simple matter to bring down a national transmission system by way of a minor cyber attack or physical sabotage - thereby bringing that nation's infrastructure to a grinding halt. There's just one …
"... they've ignored the physics of how things actually work," Hines says.
"This can lead you grossly astray."
Was just going to say the same thing.
Such an understated and educated slapdown.
all started because of *one* mis-specced component.
Murphys law will win out, every time.
that such things follow a power law - i.e. the common failures of smaller components are unlikely to cause problems, whereas the rarer failures of larger components are more likely to. The fact that the smaller components fail more often means that sooner or later the failure of ONE of them might cause a cascading problem, but most of the time the failures won't have a severe effect. Therefore deliberately causing a cascading failure by attacking a minor component such as a substation would have a low probablility of success; an attacker would have to attack a large number of substations to cause the whole network to fail, whereas attacking a large component (such as a power station) is more likely to screw things up.
That goes both ways, of course. It's still bloody hard to pick just the right component to sabotage exactly such that it will fail with the maximum possible effect on everything else. Which, in fact, was the point the boffins were making.
Now, something like stuxnet might be able to provide some miscreant with enough information to pick the right target, but even so it would require a lot of study to pick just the right places to attack. For simply shutting down everything you can isn't going to be very effective compared to just the right sequence of commands to cause an actual "HCF" in the grid.
Reading that the issue wasn't just the wrong setting being applied, but rather the other circuits being unable to cope with the load when that circuit went down ie no redundancy - the same would have happened if the circuit had gone down for any other reason.
We broke out the camping gear (coleman stove, lights, etc...) for dinner, and then sat in our car listening to the radio description of the outage. Takes me back, yes it does!
It's common sense that targetting a local substation would not take out the whole grid. It happens often enough by accident without taking anything out in the wide area network.
It's not the substations, it's the switching stations
but that article (some registration required) just specifies the best place to cause a cascade failure in the US; OK , Ian Fells says (briefly) how to do it in UK.
whilst this article here
says how it **actually** happened on "Black Wednesday 1981" (New Scientist 29 Oct 1981 pp295) and I agree it might be hard to find two trees in the UK, I could go on....
Tell someone that everything's fine and they'll ignore you. Tell them there might be a possible threat (note: 3 levels of uncertainty) and you have their attention. You don't even have to mention that the "might" is a one-in-a-million eventuality, the "possible" is almost infinitely improbable and the "threat" is so non-specific; in degree, importance and eventuality that it becomes meaningless.
Until someone is able to quantify some potential badness - attributing a real, numerical chance to it AND to describe the extent of the effects said badness would have (if it did come to pass), there's no information available to base a response on. So when a low-level manager starts running around, waving their arms in the air claiming that "there's a potential security lapse that would let allow someone to steal our data", without solid facts about what data, what could they do with it, how many times has this happened (to other organisations) and how many attempts have been made to steal ours - all you have some unfocussed paranoia. Sadly, these days that seems to be all you need to trigger all sorts of draconian limitationss, huge inconvenience and massive costs simply because an impressionable individual watched too much TV the night before.
Back to the case in point. While it *does* seem like some nuaghty people somewhere did create a worm targeted specifically at an Iranian institution that they didn't particularly like - and that it's perfectly possible for some other bad people to do the same, again. The fix is simple: KEEP YOUR INFRASTRUCTURE OFF THE INTERNET. The facilities have fences, security guards and locks on the doors, the control systems can go one better and isolate themselves completely. There are almost no circumstances where workers, doing their jobs in such plants need any sort of internet access - or to plug in thumb-drives, CDs or any other media. Prevent them from doing this and the threat (if it was ever really there int he first place) just goes away. In the small number of cases where it is needed, use the same level of security and scrutiny that is used for anything else entering or leaving the establishment.
Once you have sewn things up, tight. Sit back, breathe deeply, hire a team of penetration experts to keep your security up to scratch and focus on the things that could actually go wrong, rather than the hysteria from unqualified commentators who thing Die Hard, or The Matrix is real-life.
But I didn't have time to finish reading it because the current terror threat level is Severe:
So I'm too busy panicking to even go to the shops and buy more tin foil.
I find the best way to panic and act hysterical is to pat my head, rub my belly, and scream the tune of Ode to Joy at passers by while I run around the bus station wearing nothing but a used condom.
LA LA LA LA LA LA LA LA
Their risk analysis is outdated post-Stuxnet, but they weren't to know that when they started. Their theoretical analysis also doesn't wholly tie in with observed events.
Anyway, it depends what you call a large outage. Large parts of greater London were blacked out not many years ago when the wrong size fuse (too small) was installed in a significant distribution station (as part of rotine maintenance iirc) but not noticed at the time because it wasn't in a circuit active at that time. A distribution network reconfiguration which ought to have been perfectly routine brought that fuse into active use and not surprisingly blew the under-rated fuse. The consequence was a somewhat inconvenient chain of events. Anybody got a reference for more details?
A lot of Britain's electricity is used in, but not generated in, the South East, and is shipped in via small number of 400kV overhead cables. Sometimes one of the 400kV lines is out of service for maintenance, leaving less headroom than usual. See where I'm headed?
And didn't large parts of southern Europe have a widespread outage not all that long ago? Might that class as a large outage?
That was a wrongly specified relay, not a fuse, the reconfiguration was as a result of a fault. Unfortunately where you are headed is nowhere. The system has surprising resilience left in it even in the event of a fault during a planned outage.
As for Europe, well poor planning and costcutting. Terrorist accountants, now there IS an idea.
There are a handful of pinch points in the system, but they only let you near a small portion of network. And even then, no guarantees that it will achieve much. Take out windfarms for political gain and no-one would notice.......................................................................
having a bit of industry knowledge these so called boffins are funny it is not terrroists or disgruntled 4chan nublets we have to worry about, it is capacity the UK power infrastucture is balanced on a knife edge and a surge in demand could do more damage than any outside attack.
Most european power grids are ropey at best each helping the other in times of need it would not take much more than a prolonged nasty winter of more than 3-4 weeks to outpace supply V'rs Demand or sever agreements between member states.
God help us if we lost a whole power station.
Maybe so, but that's nothing that cannot be fixed by some infrastructure work.
OTOH, the latest "cybergeddon" alert level pushed among others by Terrorexpert Richard Clarke (See http://www.wired.com/threatlevel/2010/04/cyberwar-richard-clarke/ and http://www.computer.org/portal/web/computingnow/silverbullet ) which is being used among other to shovel tax monies to dubious companies and to hand the Nobel Peace Laureate an Internet Kill Switch is NOT about accidents...
Switch on a load of kettles halfway through Corrie?
And like the other man said, the money being spent on the "shovel ready jobs" ain't going into the grid because they think we use too much energy as is so it will be good for us to have to limit ourselves.
I thought there was an incident a few years back when the powergrids went screwy due to one part going BANG?
Yup - using an angle grinder on a few pylons is going to cause no problem at all - I mean just like the internet they've invested so much in redundancy that its easy to route all the power through the other lines!
As for garnering the information required no-one can afford the high tech required to drive round the m25 and look up.
We're not doomed We're not doomed!
Is it wrong that I misread that as "bumslack" and giggled like a school girl?
I misread it as 'bumsack'. Twice.
Dont think it would need much C4 or whatever its called to take down a pylon. Could even be done with a decent angle grinder. Take down 10 pylons around the country - would that create a big problem? Or is the grid resilient enough to havng entire lines taken down in that way? Could never be guarded against, as these pylons are in fields in the middle of nowhere.
IRA tried that for London in the 70's. They had to switch the lines out to rair the (still upright) pylons later......FAIL Temporary towers can be erected in about a day anyway.
in a RTA a few years ago 1 leg of a pylon (an L4M no less, so not at all beefy) was completely taken out the pylon remained upright.
These things are designed to meet pretty severe weather conditions (9.5mm of ice and a 380 N/m wind) and still maintain a factor of safety of 2.5.
Ohh, I thought this would be about the ridiculous plan to install remotely accessible computers attached to a meter in everyone's house.
I live in the mid-western US and between the tornadoes, lightening strikes, and the occasional blizzard the US would never have electricity if the doom and gloomers were right. We lose substations, switching stations, power lines and various other bits of infrastructure on a fairly regular basis. If splatting one of these took the entire grid down, there would be no grid.
Once again reality gets in the way of a good funding, er, scare tactic.
This also helps explain why the mid-west is so sparsely populated compared to the coasts. Of course you get the earthquakes on the west coast and hurricanes on the east coast. Come to think of it, it is amazing the US has survived at all. According to all these "scientists" running around, the US should have been knocked back to the Stone Age and everyone killed decades ago.
It's about scare stories to extract funding for empire building.
It would be much easier to cripple the communications networks. Having just trivial knowledge of the layout of fibre in a key city would allow one to effect a devistating blow using carefully planned multipoint attack.
Just saying ...
Our local telephone exchange is on the other side of a very deep canal. It seems that all the cables come across at a single point - a few years ago, someone poured petrol down a single manhole and killed every telephone in a sizeable portion of the city. (We had a fair few customers needing computers replacing that week thanks to the sudden isolation of every alarm system....)
I for one am disgusted with the way in which you refer to members of the scientific community. This is the final straw and I feel I should inform you that I will rely on The Guardian for all my news in the future.
Disgusted, Tonbridge Wells
There I fixed it.
How very dare you continue to use the "boffin" epithet in flagrant disregard of the Graun's highlighting of it to you as a Bad Word.
Please cancel my subscription etc. etc.
J. Random Modern Parent
Power sub-stations go out all the time. It rarely effects any but those directly connected to it.
If you carried out that study here, you would be had up for having information likely to be of use to a terrorist.
What a great law that is.
.....despite what many people think, London and the Southeast is NOT the whole of the UK.
Also critcal sites have these things called a UPS and generators....I Hope.
Oh, and if you're interested in paying huge consultancy fees for advice on how to avoid these strikes then here's my card.
Bugger that. Get enough people to switch a kettle on at the same time and the whole lot browns out. You could cause chaos with a well timed cuppa.
Anon, because if it happens I don't want to end up in a cell somewhere.
Its the reason for pumped storage hydro stations.
As soon as the break in Corrie comes on, the power requirements spike from all the kettles turning on for a cuppa.
The guys at the national grid know what to expect though. They have it down to a fine art when the footie or soaps cause a nation wide timed surge.
I haven't crashed my car or fell badly on steps today so why are my ribs sore? I think I maybe laughed? Yes, I did, I'm sure I did. HAHAHAHAHAHAHA.......and breathe.
More than once we had cases where the local underage hoods-in-training would lob some suitable metal object like a bicycle into the local substation for a laugh (failing, as such idiots generally do, to realize they were shutting off the power to their own neighbourhoods; shitting on their own doorsteps is something they were always star performers at).
Yet the only "ZOMG the gridz are asplode!" moment I recall was during a huge storm one night when Norn Iron's only major generating plant at the time got a good old soaking from the salt spray and shut down for several hours plunging a large portion of the province into darkness. Which is what you get when you really don't have enough redundant generating capacity.
Speaking of which, all the terr'ists have to do is wait while the increase in energy use outstrips the greedy power companies' willingness to invest in infrastructure. Then all the bad guys will need to do is launch "Operation Time For A Cuppa" and kaboom!!
i represent a greedy power company and am grudgingly expanding our infrastructure.
to this end i would like to stick a pylon in your backgarden....
oh, you want me to do what with my pylon???
i could try that, but id have to cut the crossarms off it and use a bloody big pot of vaseline
[Not again. Where's The Other Steve, please?]
Get a clue. Or keep off the keyboard till you've got a clue.
Stuxnet did not need the Internet.
Sneakernet (USB sticks etc, or a machine which connects alternately between "secure" and "outside" network) works just fine for virus propagation, and has done for several years pre Stuxnet, in case you weren't aware (see e.g. Conficker).
Stuxnet's successors will not need the Internet.
Stuxnet's successors might need some inside info on the software and systems in use in specific places e.g. switching centres (they're not the same as substations) such as the one in Gloucester (?) which the fire brigade and army tried desperately to protect from floods not many years ago because it supplied much of the local area (including GCHQ).
but when a tree isn't trimmed in Brooklyn, it's all over huh?
They used the word 'impossible'.
Expect random power failures starting next week
Sell it off, then allow someone else to sell it off again to a company that's going to cut back on even bare bones maintainance. Then wait a few years. Add a lack of generating capacity near where the main loads are and wait for a nice icy spell. Voila. Now where are the candles?
...used in a lot of power stations?
Didn't BT have a trial run for that a few months back with the Paddington exchange fire+flood (or vice versa) which hit over four hundred exchanges and hundreds of thousands of customers?
It would be easier to take out a 50kv transmission line . Bye bye switching stations.