Electrical grid overlords take drubbing over cyber attack vulnerability US lawmakers ripped into the organization that oversees North America's electrical grid, saying it isn't doing enough to prevent cyber attacks that could cripple the economy. US Representative James Langevin, chair of the House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, said he had "little …
Putting the Grid on the net has to be the most idiotic thing even done since the down of men, they may as well put a giant (electric) sign pointing to unlocked doors of electric centrals or put the key under the matt.
Electric plant should be completly isolated from the Net and phone line shoudl be for VOICE call only. In fact it should be a law.
Charge me a couple of cents more, but please equipment inside a electric plant is the last thing that need "net" access.
If thy can keep all of this isolated perhaps, but that makes it very hard to manage.
And dedicated lines, still represent a threat, if they want to get any form of remote system control in.
I think pragmatically they need to suck it up, and get some good security in place.
It also too easy for networks assumed to be isolated from the Net to get attached in someway - better to just accept you are on the Net and deal with that model.
I use to think that isolated systems would be better, but now I just think that it is set to get less and less practical. Systems have to be designed with both security and usability in mind.
I am a Controls and Instrumentation engineer for Gas turbines, and we do Scada interfaces quite often. I personally have never seen a control system directly connected to the internet. They are connected to a plant network that may or may not have a internet connection, most often the protocols for communicating to the scada are proprietary and as such would require the theorectical hacker to have the specific scada package used at the plant installed (these cost thousands, and would be diffcult to find on bittorrent etc). These packages would also have to be configured correctly and have the control program, or at least the tag database to be able to do anything at all. A ddos would be ineffective unless it brought the internal network down too. So it would be possible to shut down the remote interface over the network, however this would not shut down the turbine itself as in the event that the connection is lost to the remote interface the local control cab would take over.
I am not saying it is impossible but it is not nearly as easy as it may sound. The chances are that the only people that would be able to do anything dangerous would be the manufacturers or operators of the control system. All of which would have their name written all over the attack. So, only a complete fool or someone under incredible duress (being tortured to do it) would even try.
The threat to the supply grid is vastly greater from the lack of funds to do the required maintenance.
The lesson of the blackout in New York a couple of years ago does not seem to have been learned.
They will have to learn the real hard way , when a wide spread failure happens
They have been close to this a few times apparently l
I expect paying for the Iraq "liberation" and giving them peace and joy, has sucked up the necessary funds.
I wonder when the next highway bridge collapse will happen. The national roading network has been have studied neglect for years and a good disaster will be needed to make them aware of the folly of neglect of another vital network
President Eisenhower , the bloke who saw the need for a good roading system must be whirling in his grave.
Land of the free etc is more like the land of the fools.
Peace and Joy to you as well.
\
"only a complete fool or someone under incredible duress (being tortured to do it) would even try."
Or a disgruntled employee (present or past) with the required experience, how unlikely is that?
I used to work for Modicon, and Modbus was my 2nd language, and it's still the primary language for much of the controlled equipment out there. After that I spent some time working with a variety of SCADA package vendors and users, many in power generators and regional electricity companies. My experience says this stuff isn't quite the rocket science you want people to think it is.
All that's irrelevant anyway. To achieve the desired result (disruption of the control systems and reversion of the system under control to some fail safe mode eg shut down), how much in depth knowledge of the SCADA package do you need?
None. That's how much.
You just need to know one or more ways to stop the SCADA package working normally.
A trivial way of stopping many SCADA packages working normally is to disrupt the underlying platform. It's usually trivial, given that the underlying OS is usually Windows - I don't suppose there's much OS/2 or VMS or whatever around in SCADA these days, because ten years or more back the PHBs all wanted "open" systems, which then miraculously became Window boxes because they were "cheaper". Too right they were cheaper...
Around the time of MS Blaster worm (August 2003), iirc there was a big electrical shutdown in NE USA. Mr Gates, and the people installing his stuff in the SCADA world, should have had a few sleepless nights around then, and people would do well to remember those nights now.
"@Tim
By Simon Painter
Posted Friday 23rd May 2008 08:00 GMT
I love it when a pedant makes an ass of himself.
As the article states they are not named for the red berry but for the "surname of Tom Rasberry" and if he wishes to spell his surname in that fashion and the ants are named for him then they are rasperry ants and not raspberry ants.
Re: @Tim
By Sarah Bee
Posted Friday 23rd May 2008 08:43 GMT
Named 'after', surely, not 'for'?
Snurk"
Bleedover or waffler
The biggest threat to a utility grid will probably come from inside. A petroleum pipeline rupture and explosion near me may have been caused by the system operators using a SCADA terminal to surf the web during working hours. The system ground to a halt and didn't display alarms.
I say 'may have' because all system logs were deleted by operators and they have all pleaded the fifth under questioning.
Keeping malicious people from infiltrating the SCADA systems isn't difficult. But if all one needs to do is to swamp the intranet with traffic from a few nearby infected machines, you're still screwed. And try telling the pointy-haired boss that he may not plug his laptop into any convenient network jack in order to check his Hotmail and see how long your job lasts.
everybody's missing the point.
1) If it's accessible, it's visible.
2) If it's visible, people are going to poke at it.
3) If you poke it, it might "ACK!!! PHBBPPT!!!" and die spontaneously.
Being a programmer, and an old hand at MS-DOS and the Windows genre, I know just how little it takes for an unhandled exception to crash the entire system. And you never know what exception it will be until it crashes - that's why it was unhandled in the first place.
Maybe if they tried writing mathematically secure, compact device drivers for the electric grid, and made a tight, no-frills, non-Windows OS to boot it on, and kept it off the Internet (by using direct cable connections between sites), then maybe, just maybe it'd be completely safe. Until a backhoe driver cuts the cable and drops the entire country into darkness.
I tell you, the longer I live in this world, the more it seems we're heading backwards into candles and horseback riding.
We need a "Bill the Cat" icon. And a Pan-Galactic Gargle Blaster icon. Seriously, it's only one more row of icons. :)
Don't worry...be ACKey...
"I have noticed that her in blighty you could take out the grid with an enthusiastic use of spanners. Maybe an angle grinder if you like sparks."
You might be able to take out a small part of the electric grid this way if you didn't get electrocuted or caught. Unless all you wanted to do is blackout a few hundred premises around a small local transformer or chose your timing very carefully, the part you attacked would probably be adequately backed up by the redundancy of the grid as a whole. During the miners' strike in the eighties a couple of miners trying to prevent the delivery of coal energy via the use of the high voltage grid got arrested for trying to cut down a pylon. It didn't work then, even with thousands of angry, strong and practical people potentially on the case. Wannabe scrap metal thieves have been interested in this for years. In practice doubling the voltage of line plant cuts losses two ways, by halving the current and so quartering the resistive losses and by ensuring physical disruption to the network is likely to involve a short life expectancy for those who try.
But I still reckon it takes someone with background knowledge of the specific system. Fundementally the control is still performed by a PLC or similar device local to the generation equipment. Even if the entire SCADA system was brought crashing down and IF this were to cause a shutdown of the turbine (which it would not in all cases) it would take maybe 5 mins to bring it back up isolated from any network.
The real danger would be if a hacker with sufficient knowledge gained access to the PLC's internal program and enabled I/O forcing or started deleting/disabling rungs of logic. This could lead to the destruction of equipment in the field (some of these turbines I have seen are about 120 MW, which would leave a substantial hole/blast area). Anyway I stand by my statement that an attack on these systems would be traceable relatively easily. And most of the people that could do something like this, wouldn't.
120 MW? How big are Drax? Eggborough? Didcot? How big are the nukes (on the odd occasions when they're actually up to speed?)
Hint: more than ten times 120MW, m. By the sound of it Brian's worked with the ready-packaged CCGT stations which arrived by the boatload in the days of the UK's ill-judged "dash for gas" which followed electricity privatisation, in the days when "the market" thought we'd have cheap natural gas to spare for the foreseeable future (nowadays this leaves UK plc reliant on imported gas, from Russia, Libya, and the like, for a good proportion of our electricity).
What role do the PLCs actually play in your picture ? Probably not much, low level control of start up, shut down, closed loop speed control, fault detection, all on a local basis, but above and beyond that there's another layer of intelligence involved in matching demand against supply in real time, and detecting failures in real time. (My first employer was in the business of gas turbine control systems before gas turbines for electricity generation were trendy, so I have a little bit of a clue).
Oh, and by the time you can "trace" an attack, it's very likely too late.
Read the analyses of what (nearly) happened to Walham switching centre near Cheltenham/Gloucester in last summer's floods if you want to see what real grid disruption would have looked like, above and beyond knocking out a few PLCs. (GCHQ would allegedly have gone dark, according to the non-technical writeup at
http://www.glosfire.gov.uk/sections/about_us/downloads/glosfire02.pdf and other sources)
AC,
Please see link below stating that the largest Gas Turbine in the world is in fact 150MW
http://w1.siemens.com/innovation/en/publikationen/publications_pof/pof_fall_2007/materials_for_the_environment/world_s_largest_gas_turbine.htm
The article, if you read it properly attempts to attribute the lack of security to the SCADA systems primarily. I am merely pointing out that in fact these SCADA systems are not particularly vulnerable to the most common attacks by way of actually damaging the fundemental power generation machinery, just the scada terminal itself.
Couple this with the fact that the low level control can be very easily isolated from any network and continue to produce power and you see that this story is quite heavy on the hype, but thin on the danger.
The "higher level" of control matching demand can actually be achieved easily over the phone between the grid and individual plants. As happens in many parts of the world. ( I work all over the world, not just the UK/USA.)
A lot of power stations also have black start capability so even if the grid was down in its entirety it is still possible to restart quite readily, with just local control (maybe an hour or 2 depending on size and complexity of the plant (coal,/gas), except perhaps nuclear stations of which I have no experience).
I am not questioning your knowledge which may well be in advance of my own, but in relation to this story I believe it is just another attempt to scaremonger people into submission and spending on "security". (Does security actually exist anywhere ever?)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
