WSJ: Spies Hack the US Electricity Grid

[fleur-de-lis]

From the Wall Street Journal: Electricity Grid in US Penetrated by Spies




WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven''t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."

The espionage appeared pervasive across the U.S. and doesn''t target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."

 

[movie zombie]

no surprise here. we do things to them, they do things to us, then we do more things to them and then....well, the story just continues on and on.

mz

 

[AllieGator]

Like movie zombie said, it doesn''t surprise me...we''ve done plenty of illegal stuff (destabilizing Chile''s government, so we could overthrow a democratically elected president, for example). This is just the way things go...it doesn''t concern me too much, I''m sure we''ll be able to undo anything that they have implanted in our system.

 

[perry]

This is not a new problem at all - and if fact we are now in a lot better shape than before.

I really wish the article was a lot more accurate about the issue as it relates to the electrical grid.

Here is what the issue is and isn''t:

The electrical grid is a truely massive system of switches and other controls that allow the flow of electricity from power plants to consumers over transmision and distrubution lines.

These systems are controled by what is know as SCADA (System Control And Data Acquisition).

These systems do not directly control baseload Power Plants (Nuclear or conventional); but can control peaking units (Diesels, Gas Turbines, and some Hydro).

Each utility has its own SCADA system - but virtually all such systems are independent of the internet - and I would be very surprised that any utility actually is using the internet for SCADA due to how inherently unsecure the internet is. Utilities have their own systems that transmit signals down the power lines - or use their own radio-communication systems (special frequencies). Most of the new power lines actually have fiber optics inside the power cable.

The problem with the SCADA systems is that virtually all utilities used the same one and the code is well known. Thus, anyone who knows can tap into a local utilities SCADA system and with a little effort on mapping the utility transmission and distribution system (where are the switches, etc) could send signals to open or close swithes and other things. Utilities have been working to upgrade their SCADA systems with more secure communication protocols - but there is about 50 years worth of installed SCADA systems in the US (and much of the system uses analog computer equipment at the substations).

It never ceases to amaze me how often the press talks about how a cyber attack can take over a nuclear power plant. Can''t happen. The NRC from day one, and the Atomic Energy Commission before them has always required that the computers that run the plants are totally independent of any outside system. While it is true that there are over a thousand computers at my plant with internet access. These are personal work stations. They are not the computers in that run the plant. Their is a Data Acquisition Plant Computer that exports data - though not one but two independent one way data filters - to allow people at personal workstations to access real time and historical plant data. The most that can be accessed by someone from the internet about the operating plant is these instrument readings. Temperatures, pressures, levels, etc for plant equipment (about 3000 individual points are available at my plant); of course, you need to know which points are available and what they mean.

What a cyber attack on a nuclear facility could do is cut off access to email, the web, or electronic document retrieval. Since anything of important also exist on paper - and the operators still use paper procedures (with existing file cabinets stocked full of them) - it would have no affect on plant operations other than potentially slowing down maintenance and future planning. In fact, we already are required to have a fully functional system to operate without our computer desk stations.

As far as the "Cyber Security" initiatives. Nuclear Power Plants instituted those years ago - and as far as I can tell; all the NERC did was to tell the rest of the Utilities that they had to implement the same requirements that had already been developed and implemented at Nuclear Plants to alll of their plants - and to any SCADA systems control computers (not that it solves the local access SCADA issues for older SCADA systems).

It is noted that City Water, Natural Gas, and Oil Pipelines also use the same old SCADA system and commands- and are just as vunrable as the electrical grid to anyone who taps in to a local SCADA system.


As far as hacking.... The internet was designed to be highly reliable; to be able to continue to function on a regional and national basis in the event of a large scale nuclear attack and other natural disasters.

However, to achieve that potential level of reliability - security was the tradeoff. The intenet is inherently insecure. It is very difficult to make anyting on the internet secure. Multidiget code encryption is only successful because it generally takes to much work to break the code than the information is worth. However, the actual coded data is available for all to read.

People with expensive and critical infastructure tend not to connect it to the internet as now the cost of breaking the code may be worthwhile. As such, I expect the article is talking about some small local utility that though using the internet was a cheap way to do things - and not the larger system operators (In Wisconsin - one company operates the electrical transmission grid).


Perry

 

[strmrdr]

bottom line is...
scare the sheeple into accepting more government control.
Just like the economy crash.
Just like camera''s in cities.
Most people are accepting the government running the banking and auto industries and very few people are questioning it.
Utilities are next and the internet will follow then "1984" is complete.