How Vulnerable Is Our Power Grid? 359
coreboarder writes "Recently it was divulged that the Brazilian power infrastructure was compromised by hackers. Then it was announced that it was apparently faulty equipment. A downplay to the global public or an honest clarification? Either way, it raises the question: how vulnerable are we, really? With winter and all its icy glory hurtling towards those of us in the northern hemisphere, how open are we to everything from terrorist threats to simple 'pay me or else' schemes?"
Old Axiom (Score:4, Insightful)
Re:Old Axiom (Score:4, Interesting)
If you are trading paper notes for electricity that "just works" and not involved in the operation of the utility, you are UTTERLY vulnerable. You have no idea what's going on, you have no idea if someone is neglecting or sabotaging the system, you are too ignorant of what's going on to recognize when someone is neglecting or sabotaging the system, you have no idea how to fix it if it stops working, and you have no idea how to recreate the system if it is necessary.
How much more vulnerable can you get than that?
Re: (Score:3)
How about being vulnerable to a random bird dropping a baguette on a junction and overheating the system? Not like that would ever happen, but I'd hate to think of something as complex as the electric grid being THAT vulnerable.
Re: (Score:3, Informative)
You mean like a wire being touched by a tree branch [wikipedia.org]?
Re:Old Axiom (Score:4, Insightful)
I have always believed that if you rely on systems that cannot be entirely your own, but require the co-operation of your fellows, the only way to mitigate the vulnerability of your dependence is to work on that system with your own two hands, and to have as clear a picture of how it operates as your personal faculties permit without any barriers between yourself and the system in question.
...
How much more vulnerable can you get than that?
We'd be a lot more vulnerable if the government stopped regulating and inspecting utilities.
Sorry if I don't buy into the "nothing is trustworthy. all caveat emptor, all the time." theory of life.
The logical conclusion to that line of thinking is either "be an expert in everything" or "be an island".
Re: (Score:3, Insightful)
Which is exactly what happened in So. California a while back .. years & chains of events led to Enron, look it up where that ultimately went
The insurance industry also was unregulated several decades ago, look at the cluster fuck that has turned into now
Some people are persuaded to dislike the idea of government regulating public services, but when those public services become deregulated and privatized, the s
Re:Old Axiom (Score:5, Insightful)
Damn, it must be awesome to have built your generator from the ground up!
Mining the ore, refining it, casting it, forming all the wiring. How long did it take?
Did you start with stone tools and work your way up too?
What sort of fuel are you producing for it? Are you working your way through the agricultural stages so you can be sure you know how your crop works if you are using a bio fuel? Which wild plants did you decide to domesticate?
Civilization works because everyone doesn't have to know everything. Not having to individually reinvent the wheel for every task and tool is why we can make progress.
Re: (Score:2)
Re: (Score:2)
The former is desirable, while not practical. Unfortunately for everyone, while the Utilities all think they have the former or something approximating it, most of them have something much closer to the latter.
Re: (Score:3, Insightful)
no external access points
No such thing as a network with no external access points. Think about it. If you were able to "get in there" to install, configure and maintain it, someone else can do the same.
Re: (Score:2)
I believe what was meant was no external access points outside a 'secure' physical location. It's widely (although not as widely as it should be) understood that a machine which attackers can physically get to is a big problem, but if you run a network entirely inside a secured location then although you can 'get in there' to maintain it, Joe Public can't even see the network exists let alone try to attack it short of either physically breaking in or social engineering.
Re: (Score:2)
You wouldn't be wrong, sadly...
Re: (Score:3, Informative)
I have always believed that if something is networked, it can be subject to unauthorized access. I hope I am wrong.
I know that you mean computer networking, but there are other types of networks and power grids are one of them. There is no single US power grid. North America has two major and several minor grids covering most of the US and Canada, and there are lots of local grids that aren't interconnected at all. http://en.wikipedia.org/wiki/File:Nercmap.JPG [wikipedia.org] I suppose that knocking out the Eastern or Western Interconnection is possible, but the other side would stay up, as would Alaska, Quebec and Texas.
Re: (Score:3, Funny)
But I also think there's some scare tactic behind these "how vulnerable we really are" news. I think I've read about these power grid hackers several times on slashdot alone.
Some are fearmongering... Some are brainstorming... :)
One word: Enron (Score:5, Informative)
Hijacking the power grid and forcing entire states to pay ransom or suffer brownouts? Such a thing has never happened before!
http://en.wikipedia.org/wiki/Death_Star_(Business) [wikipedia.org]
Re: (Score:3, Interesting)
Hey now. Don't leave out FirstEnergy Corp, which managed to (through poor maintenance combined with efforts to hide rather than fix problems) take out electricity for Ohio, Ontario, Quebec, New York, Pennsylvania, and New England in 2003.
Re: (Score:3, Informative)
Hey now. Don't leave out FirstEnergy Corp, which managed to (through poor maintenance combined with efforts to hide rather than fix problems) take out electricity for Ohio, Ontario, Quebec, New York, Pennsylvania, and New England in 2003.
Not really. FirstEnergy's ineptitude was one factor, but only a part of the perfect storm that led to the cascading failure in Michigan, Ohio, Ontario, Pennsylvania, (most of) New York and a (tiny) part of Connecticut (Quebec was unaffected). The big issues were the sudden tripping of a major Cleveland-area power station and corresponding deficit of reactive power in that area, and a control system that effectively stopped processing updates, leaving controllers in the dark about the actual state of the sys
Re:One word: Enron (Score:4, Interesting)
I'm having more and more difficulty determining which is worse, this new American flavor of capitalism - where monopolies are legislatively created and protected - or terrorists.
I'm gonna go with option A. I can shoot terrorists. If I shoot the CEO of my local cable monopoly I'm probably going to go to jail......
Re: (Score:2, Interesting)
I'm gonna go with option A. I can shoot terrorists. If I shoot the CEO of my local cable monopoly I'm probably going to go to jail......
How? When handguns are even prohibited to military people on a military base, what chance do we have?
Re: (Score:2)
Are you trying to claim that nobody has a registered handgun?
Re: (Score:2)
Checking the magazines. Making it street ready.
Nope, I still have mine. Bring on the terrorists or CEO's. :)
Re:One word: Enron (Score:5, Informative)
The military is it's own animal. But in 38 states [handgunlaw.us] (the blue and yellow ones on the map) you can easily obtain a concealed carry permit as a civilian, provided that you aren't a felon or mental case. In some of the remaining states you can also obtain one, though you may have to jump through additional hoops. The only two states where you absolutely can't get one are Illinois and Wisconsin.
It's probable that in a few years that you will be able to obtain one in all 50 states. SCOTUS is on the verge of incorporating the 2nd amendment against the states. Once that happens we can begin to dismantle the unconstitutional restrictions placed on our right to keep and bear arms by some of the more urban states.
Point being, that you have whatever chance you are willing to give yourself. Personally I carry everywhere that it's legal to do so. I hope and pray that I never have to use it. Should the day come though I won't be cowering under a desk waiting to be murdered by some mental case or Mumbai copy-cat.
Re:One word: Enron (Score:5, Insightful)
Point being, that you have whatever chance you are willing to give yourself. Personally I carry everywhere that it's legal to do so. I hope and pray that I never have to use it. Should the day come though I won't be cowering under a desk waiting to be murdered by some mental case or Mumbai copy-cat.
Most incidents of gun violence are domestic &/or perpetrated by someone you know.
Here's a prominent example that was in the news recently [smh.com.au]
Re:One word: Enron (Score:4, Insightful)
Re:One word: Enron (Score:5, Funny)
But you might be shot by someone else carrying a concealed weapon who thinks you look a bit too suspicious and figures it's better to shoot first and ask questions later. After all, you had a gun ;)
Re: (Score:3, Insightful)
You apparently don't know what you're talking about. The map to which you linked is for carrying of *concealed* weapons. It is not at all clear that prohibiting carrying of *concealed* guns is in any way a violation of the second amendment. It is fairly easy in both of the states you mention explicitly (Il & WI) to legally obtain firearms.
Re: (Score:3, Interesting)
It is not at all clear that prohibiting carrying of *concealed* guns is in any way a violation of the second amendment.
The right is the right to keep and bear arms. If the state wants to outlaw concealed carry then it should allow open carry.
It is fairly easy in both of the states you mention explicitly (Il & WI) to legally obtain firearms.
Bullshit. In IL you can't obtain any sort of firearm unless you have a firearm owners identification card issued by the state police. Somehow I don't think you'd agree that the spirit of the 1st amendment was being upheld if you needed permission from the state before you could buy a printer or use the connection.
Re: (Score:3, Interesting)
I'd like to add that many municipal regulations and even state laws violate their own state's bills of rights. It's easy enough to be distracted at a federal level by the great comma/militia debate, but the states' bills of rights are nearly always more explicit than the federal 2nd amendment.
For example IL Article 1, Sec. 22 states: Subject only to the police power, the right of the individual citizen to keep and bear arms shall not be infringed. WI Article 1, Sec. 25 states: The people have the right to
Re:One word: Enron (Score:4, Informative)
Are you sure about that? From Wikipedia:
Lt. General Cone stated the on-base firearm policy: "As a matter of practice, we do not carry weapons on Fort Hood. This is our home."[80] Military weapons are only used for training or by base security, and personal weapons must be kept locked away by the provost marshal.
While these types of incidents are, as you said, improbable they're hardly fantasy and usually occur in "gun free zones".
Re: (Score:3, Interesting)
All you and your gun nut buddies end up doing is drive up the sale of No Handguns Allowed signs. That and create 'friendly-fire' casualties when you overreact.
With all these "friendly fire casualties" you talk about, you would think one would make the paper. But all I see is Fort Hood, Virginia Tech, and so on... All gun free zones. I guess the didn't have enough signs.
Re: (Score:2, Informative)
Pay me or else? (Score:5, Insightful)
Suppose someone holds the nation's power grid hostage and then wants payment? So, why doesn't the government simply pay them, then track them down for assassination and release photos of their bullet ridden corpses? Would certainly discourage any copy-cat crimes. Somali pirates too.
Just a thought...
Re:Pay me or else? (Score:4, Insightful)
No it wouldn't deter anything. People always assume the bullet-ridden corpses were just dumb, and they will be smart and not get caught.
As for heating problems, I have a backup propane heater so even if the central electric died, I won't freeze. Worse-case I go sit in my car and get warm there. People should always have a backup plan.
Re: (Score:2)
As for heating problems, I have a backup propane heater so even if the central electric died, I won't freeze. Worse-case I go sit in my car and get warm there. People should always have a backup plan.
A heater or car can only run for so long. If you want a real backup plan I would suggest something passive (e.g. proper clothing). If you live in a climate where freezing to death in an emergency is a real concern odds are you already have everything you need to stay warm enough to survive. Just make sure you don't put too much or too little on at a time. If you put too much on you sweat and if you put too little on you get chilled, and once either of those happens it's hard to get comfortable again.
Re: (Score:2)
If you look at the politically correct response to the Somali pirates, you see why the west has to develop an effective and cheap response to this kind of crap.
Give the guys on our merchant ships guns and train them how to use them. There's your effective and cheap response. Arming merchant vessels halted piracy a few hundred years ago. Why wouldn't it do the same today?
Re: (Score:2, Funny)
But lets just hope the pirates aren't as tough as Vin Diesel... I mean, his last name is a fucking fuel, it doesn't get more hardcore than that.
Re: (Score:2)
The pirates aren't tough. Most of them are teenagers on the verge of starvation. The only reason they are as successful as they are is because they have AK-47s and their victims have fists. Give the victims their own firearms and I think you'll see that the problem solves itself in short order.
Of course in this politically correct day and age that isn't an option because someone might get hurt.
Re: (Score:3, Informative)
I'd seen a couple news stories on that. For the most part, the sailors are sailors. They didn't sign up for, nor do they want, to take part in any combat. I have heard that some ships are hiring private security companies (like Xe/Blackwater) to manage their protection in hostile areas. I believe they're using all handheld weapons.
They may also have problems coming into foreign ports, if weapons are not allowed. Just think of the trouble a common merchant ship would have,
Re: (Score:3, Insightful)
Just think of the trouble a common merchant ship would have, if it came into a US port with a 5" deck gun, and a couple 50 cal machine guns mounted up on it.
Who said anything about deck guns? You could defend against these attacks with semi-automatic rifles and handguns.
It may be better to lose the occasional ship to pirates, than to be fighting an all-out war.
What, "all-out war"? Is the failed state of Somalia going to declare war on the United States and/or EU? Seems rather unlikely. We aren't dealing with a nation-state here. We are dealing with criminals and terrorists. The right of self-defense applies. I would not be obligated to meekly surrender to a kidnapping attempt that occurred on land without a fight. Why should our merchant mari
Re: (Score:3, Insightful)
Sounds like the same way attempts to fight spam went.
Blue Security was doing a damn fine job...until one of the spammers got pissed off and stabbed them with a DDoS.
It's obvious that the bad guys have too much firepower.
A better solution would be to deal aggressively with pirates. Put them down, clap them in irons, and stamp it out with all your might. After a while, pirates will realize that crime doesn't pay. And above all the navies of the world need to make a stand against piracy.
Besides, if we simpl
Re: (Score:3, Insightful)
Now, if that assumption holds true, I absolutely think that the crew's lives are more important than a few hundred thousand worthless vietnamese sneakers. I'd rather the pirates didn't get anything at all, but lives are lives.
It has nothing to do with the value of the cargo. It has everything to do with stripping the sailors of their right to self-defense. You would not be obligated or expected to surrender without a fight to a kidnapping attempt that occurred on land. In fact, in US jurisdictions (including liberal ones like New York) you are allowed to respond with deadly force to any such attempt. So why do we disarm our sailors and leave them with no means to defend themselves against this horrible crime? Kidnapping ran
Re: (Score:2)
Gas pumps work on electricity too. I wonder if gas stations have backup diesel generators?
Several did in Houston after Ike. They made some big money too...
Re:Pay me or else? (Score:4, Insightful)
Re: (Score:2)
Suppose someone holds the nation's power grid hostage and then wants payment?
Same thing they did to Enron, nothing and/or get a cut of the profit?
Re: (Score:2)
Didn't you guys get Obama's memo? There is no such thing as terrorism - only human-caused disasters. Please report to the Ministry of Truth (http://www.whitehouse.gov/ [whitehouse.gov]) for sensitivity reprogramming.
You did not read carefully enough. There is still terrorism. There is no Muslim terrorism.
Major Brazil Power Failure Yesterday (Score:5, Informative)
Speaking of Brazilian power failures, Brazil had another major power failure yesterday. Power from the Itaipu dam was cut off, which apparently put millions of people in the dark as it generates something like 14GW. Itaipu blames the Brazilian grid, meanwhile Brazilian officials aren't sure what it was, but are protesting any idea that it was sabotage/hacking. Paraguay and Uruguay also get power from Itaipu and were similarly affected.
http://www.cnn.com/2009/WORLD/americas/11/11/brazil.blackout/index.html [cnn.com]
Re:Major Brazil Power Failure Yesterday (Score:5, Informative)
Re: (Score:2)
View from a US citizen living in Brazil. (Score:5, Interesting)
I've been living in São Paulo for over 9 years. I was without electrical power for a few hours last night.
The timeline on this is pretty entertaining. On the 7th, there were a bunch of stories saying the 2007 blackouts in Brazil were caused by crackers (the articles say "hackers"). On the 9th, there were strong denials all around, accompanied by stories saying that no, the 2007 blackouts were caused by "sooty insulators." On the 10th, Brazil suffered a blackout much worse than the ones in 2007. That looks to me like crackers saying "sooty insulators? We'll show you sooty insulators!"
By the way, power failures are normally abrupt, but the one last night was not. I usually go from lights to no lights almost instantaneously, but last night, the lights were flickering for a while. After a few minutes, I thought it was going to stabilize, because my compact fluorescents stayed on while my UPS beeped a lot to tell me it wasn't getting enough juice. The larger fluorescents in the kitchen couldn't start, but the compact fluorescents gave me some light in the living room.
Re:View from a US citizen living in Brazil. (Score:4, Insightful)
Re: (Score:2)
Brazil has both 110 and 220. If he is on a nominal 220 system and it dropped to ~110, that would cause no harm whatsoever to anything with a switching power supply which can probably run on about 100-250V. This is not the law or anything, but in practice almost anything with a switching supply is intended to take 100-250V and 50-60Hz so that it can be sold internationally with little to no modification. It would also explain why his CFLs stayed on, but his UPS was unhappy. But I'm just guessing, because he
Re: (Score:2)
A question for you o
Re: (Score:2)
Who decided the North American plug would be a good one for an international standard?
Re: (Score:2, Informative)
My opinion as a controls engineer for a utility contractor:
The accusation that this was the work of hackers is ridiculous. Not only would such a job be extremely difficult to execute, but I doubt that, IF it were successfully executed, it would be easily returned to a working state.
This has all the indications of poor maintenance of dielectrics, especially "sooty insulators." If a high-voltage dielectric became overly-dirty, a ground fault could easily occur with a short across the materials on the surfac
Re: (Score:2)
I wasn't affected, fortunately, and followed it RT (Score:5, Insightful)
I live in Rio Grande do Sul, in a region where we have smaller power dams that supply more than enough energy for us to keep running without Itaipu, and I must say it was quite interesting to follow everything from here in real time. I was chatting with a friend of mine from Rio de Janeiro, and we were about to play some Mario Kart online, when suddently she sends me an SMS in 22:14 telling me "You're not gonna believe it, but the entire city of Rio de Janeiro has no energy. Even the Cristo Redentor doesn't have any light, and I've never seen that happen in my entire life!". A few minutes later she comes back online using her notebook and a 3G modem, retwitted the infos I sent her to her friends, and following my suggestion took a couple of pictures of what she was (un)able to see.
I then called her and she proceeded to tell me about how chaotic things were on the streets, that basically the traffic was jammed, all buildings nearby had people locked inside elevators and she could hear the cries for help, and until 5 minutes after the blackout all cellphone lines were jammed too. I then kept following the news on portal websites and Twitter and reported back to her in real time to let her know what was happening and how big things where, although she had already contacted friends throughout the country and kind of knew the places that were online and the ones that weren't.
I must say it was quite an experience to follow things in real time and inform someone right there about it, and I guess she was "thrilled" about it too, even though she's afraid of the dark. :(
Here are the photos she managed to take:
- http://img137.imageshack.us/img137/1382/foto1jm.jpg [imageshack.us]
- http://img81.imageshack.us/img81/5272/foto2b.jpg [imageshack.us]
Re: (Score:3, Interesting)
Re: (Score:2)
You know what's funny about the Itaipu dam? It is located in the state of Parana and, still, it does not provide a single watt for that state (all Parana's eletricity is produced in smaller and local dams). If you see the Itaipu's power lines traject, it goes straight to the state of Sao Paulo (which does not pay a dime to Parana for that energy).
It's because the bastards linked Sao Paulo's power grid to Parana's, so when Itaipu is not enough (or have problems like the one yesterday), they suck energy which is created and supposed to be provided to Parana.
So if the power lines go straight to Sao Paulo, how is Sao Paulo's grid connected to Parana's? You contradict yourself here. Also, why should Sao Paulo get any money from Parana? The Brazil and Paraguay own the dam, not the state of Parana.
A bigger threat (Score:3, Interesting)
In any case, this winter could be bad - probably a good time to get a generator.
Re:A bigger threat (Score:5, Informative)
Actually it was Enron illegally manipulating the market which lead to the rolling blackouts. Notice they stopped shortly after the collapse of Enron and the arrest of those that hatched the schemes.
I read that link; appearly you think companies should be able to do whatever they want to public resources without restriction. I don't buy that nonsense, nor do I think corporations care about anything but squeezing money out of people. We allow them exist to serve a public good, not because they have any right to existence.
The "bribing" described in the article was Eddison trying to convience the local government that it would be worth it to install an electric grid. He proved to be right, but not every idea that comes along would pan out like that. The government is supposed to represent the people, and the people shouldn't have the roads they paid for torn up at the whim of a corporation, so the corporration (or Eddison) needs to convince OUR representives that there's something in it for us.
How is that any different.... (Score:4, Insightful)
than the current local power monopolies? We are already in a "pay me or else" scheme which threatens lives and leaves us with this vulnerable infrastructure in the first place. And, unlike the "terrorists", the power companies have the cojones to stand before Congress and admit the control systems are vulnerable, the transmission grid is old and failing, the expected load in the next 15 years can't be handled and then claim its not their problem, its too expensive and the government needs to pay for it. As if they aren't taking enough on the front end from the consumer, they want more off the back end too.
Sickening.
Re: (Score:2)
I realize this is Slashdot, so anything less than complete anarchocapitalism is no better than terrorists, but...
Terrorists generally have to inflict actual harm to get their job done, and they have very little to lose. Capitalists don't have to inflict harm, they just need to make profits (they might inflict harm upon the way). They have a lot to lose: if people get pissed off enough, something will be done about them -- probably something that ruins their business.
Wired or unwired? (Score:2, Insightful)
I don't know about the connectivity of power stations/substations, but I've seen quite a few that appear very vulnerable to physical damage by virtue of location (eg. Not enough space between fence and components, or down an embankment from a quiet unlit street. Seems like it wouldn't take much more than a steel bar and a good arm to cause some pretty spectacular fireworks and a whole lot of repairs.
Re: (Score:2)
Do you really want to be within crowbar-tossing distance of this?
http://video.google.com/videoplay?docid=-2674646408572574875# [google.com]
This vulnerable (Score:2)
If we can't get a reliable grid even without thinking about terrorists and hackers, then how secure do you think it could be? If one link in the chain can cause a widespread blackout, not very secure at all.
Re: (Score:2)
Re: (Score:2)
Interesting way of looking at it. If you are going for the five nines that means that the power grid is only allowed about three hours of downtime every 38 years.
Re: (Score:2)
How vulnerable is *your* power grid? (Score:5, Insightful)
I'm writing from the UK, so no matter what happens to *your* power grid, it won't affect *our* power grid.
Before you can get a sensible answer, you need to learn to ask a sensible question.
In any event, *your* power grid has already proven to be incredibly vulnerable to everything from single points of failure to social engineering for profit (Enron) so, quite frankly, worrying about the vulnerability of *your* power grid to hacking is like wondering about the vulnerability of a shiny new laptop left unattended on a car front seat to hacking... you have other issues to need to address first.
It is like wondering how vulnerable *your* road bridges and infrastructure are to hacking, while completely ignoring the fact that they are falling down by themselves due to lack of maintenance.
Re: (Score:2)
I'm writing from the UK, so no matter what happens to *your* power grid, it won't affect *our* power grid. ...unless you bought your control hardware and software from the same people we bought ours from (hint: to a moderate degree, you did).
Or unless you have equipment with similar issues in similar conditions.
As far as the "leaving laptops on seats" security issue, you must not have noticed the recent round of "British government officials leaving laptops on trains" stories.
Oops.
Re: (Score:3, Interesting)
Won't deny a thing you say about *our* grid and infrastructure, in fact I generally agree with you.
But what makes you think that *your* grid and infrastructure are in any better shape or state of maintenance?
Incidentally, a few years back I participated in a table-top exercise modeling a "potential cyber-incident". One of the people present was an IT guy who manages the job for *my* power grid. The guy knew his stuff, and the things he said made me feel really good about the command and control for *my* p
easy to solve, done many times. (Score:2)
Speaking for generation, NOT VULNERABLE (Score:5, Informative)
Speaking as a controls engineer for a major utility contractor, the control systems for power plants are completely isolated from the internet... it's common sense. There are security consultants out there feeding FUD to the public about the vulnerability of these control systems to viruses planted (either knowingly or unknowingly) by plant personnel. Well, if someone had intimate knowledge of the software AND close ties to the operators AND really thought that bringing down the plant would be a good way screw everyone over, despite the fact that when things go wrong, all valves and systems return to a fail-safe position, AND once the software was re-installed, everything is easily restarted...
Yeah, I guess it could happen. As far as the grid is concerned, I'm *guessing* that a lot of people were influenced by the same method of thinking.
Look, if anyone really wants bring down the power grid, we should be worried about a physical attack WAY more than an electronic one. I just can't conceive of how our systems are as vulnerable as people say they are.
Re: (Score:3, Insightful)
The generation systems are fine, it's the transmission system that is horribly vulnerable, both to deliberate damage or just random crap (refer to the 2003 northeast blackout. A single down line cascades and takes out 1/6th of the country). All the generation security in the world isn't worth anything if you can force the plant down (over 250 plants had to shut down due to the 2003 blackout) by taking out the grid.
Though I do very much agree the concern over "hackers" is far overblown.
Re: (Score:3, Interesting)
You sound like someone who's never met a DoE red team. Is your utility looking at the new shiny smart grid technology? There's a blackhat talk about worm propagation through the smart grid wireless mesh.
A worm wouldn't be so bad except for the fact these smart meters are built with a remote disconnect feature. A an engineer for a major utility, maybe you can tell the class what would happen if a hacker turned off power to 100,000 homes at the same time, all that current has to go somewhere.
Re: (Score:3, Interesting)
Threats to Grid overstated. (Score:3, Interesting)
I would say that threats to the power grid tend to be overstated.
a) Power grids in the USA are regional affairs, so, the worst that can happen is one section of the country might get whacked.
b) Power companies frequently operate their own private physical networks for control... at least, that's the way it was in the early 2000's when I was into it. Our company had built their own private fiber optic loop.
c) Extremely critical stuff is done with a phone call by people that know each other. Like, "turn the generator off", is something done not so automatically.
d) There are loads of incompatible stuff out there in the field for remote control and SCADA. So, if you could go out there, and tell every customer to turn off all their equipment, remotely, you'd be so rich from just building a product that could do that, you would not want to go to jail, when you could be a billionaire. Just reading a power meter has dozens of protocols, formats, etc, and many of them are actually just wired up with a dumb phone line.
It's not impossible, I'm sure.. but, its not like hacking into a machine knowing that its running either Linux / Apache or Windows / IIS and going from there. All these pieces of embedded equipment have their own stuff, and the knowledge tends to be very specialized.
The Brazilian power grid (Score:2)
fear mongering. plain and simple (Score:3, Informative)
I live in brasil, never heard anything about cracker being responsible for the blackouts in espirito santo in 2007. to tell the truth, the first time i heard about it was on the web a few days ago, reading blog posts about the 60min report.
the minister of energy and the national system operator (the office that controls our power grid) already denied the "information" from the 60min show.
IMHO, it's just another piece of typical american fear-mongering, probably aimed at selling some incredibly expensive, over-complicated and completelly unecessary "technology" to the government.
more here [estadao.com.br] (in portuguese).
disclaimer: estadão is a reliable, reasonably unbiased brasilian news agency.
One giant vulnerability (Score:2)
Only recently has there been any concern whatsoever given to securing the thousands of SCADA [wikipedia.org] links that monitor and control our electrical grid. The protocols are extremely basic, and anyone with a small amount of radio knowledge could easily override the point-to-point radio links commonly in use.
For instance, this substation [google.com] used to have a tower with a microwave SCADA link to Dominion's control point. Combine that knowledge with a little public searching of the FCC site, and you've got the exact frequenci
Move to Texas... (Score:2, Insightful)
How would the US possibly stop anyone? (Score:3, Insightful)
We have a military so politically correct that when faced with persons that give presentations to upper echelon staff with phrases like "We love death more than you love life", does nothing. End result: 12 people dead, more injured.
We have the TSA that is so fearful of "profiling" people so they feel they must hassle white grandmothers while letting young Muslim men proceed to test the boundaries of airline security.
We have police that do not wish to be accused of "profiling" in any way, so basically give a pass to illegal immigrants driving without licenses while stopping and ticketing others. This continues even in the face of significant numbers of accidents caused by such illegal immigrants.
While it might be illegal to defraud Americans in America, it clearly isn't when it is being done from places like Bulgaria. So we have US-based registrars setting up domains for people with names like "citibank-online.com" and "ebay-online.com" when the purchasor is in places where law enforcement isn't going to bother them. And then we poor Americans all cry about how bank security is so lax. Unfortunately, all of the protections that work in the real world aren't being applied online, so it is easy to steal from people without fear of any consequences.
Face it, we're due for some trouble. If thousands of people die because someone takes out the power grid for a week it isn't because security is lax - it is because the people that are paid to handle security are looking the other way. Intentionally. And no, unlike the guy on 60 minutes when thousands die it will not be a "wakeup call" and everything is magically fixed. It is going to take a lot more than that.
Stop living in a fantasy world. (Score:4, Interesting)
You live in a delusion created by far right commentators. The TSA profiles (compare how often "suspicious looking" passengers get searched per trip vs white grandmas). The police profile (compare rates of "random searches" and imprisonment for minor offences by race and socio-economic status). Only focusing on "suspicious people" and leaving your honest wholesome law abiding white picket fence self alone only tells the bad people how to get past the gate keepers. There are Muslims of European descent. There are Muslims that can pass for Italian-Americans or Hispanic-Americans. Not to mention that exclusively harassing one group of people, a sub-set of who are criminals, only engenders favor and support for the criminals amongst them. Or the fact that militant Muslims weren't the first people to blow up planes, nor will they be the last.
Given the current tensions over Obama the next terrorist attack in America is likely to be another McVeigh. Possibly carried out by a white grandmother. Or it could be a college aged female animal liberationist who has decided that direct action is the answer.
"Our" power grid? (Score:2)
Comment removed (Score:3, Insightful)
How many times need this question be answered? (Score:5, Insightful)
The question of grid vulnerability comes up again and again. Every time, it is treated as if the question was novel and never addressed before.
I work in the industry. My view is not that cyber security is being neglected. On the contrary, it seems more like the situation in the Grand Canyon where there were 30 anthropologists for every Indian being studies. Homeland Security and DOE Tiger teams and security auditors swarm like flies around the operations centers. Each of them looks forward to fame and fortune if they expose the one big unaddressed vulnerability.
The most recent fully public test of the grid's vulnerability was the Y2K scare. Many people, including renowned experts such as Capers Jones, figured that there would be no way the grid could survive Y2K without numerous incidents. The actual grid incident count on the night in question was zero. No hacker could conceivably create a more ubiquitous and more diverse cyber challenge to the grid than Y2K.
What about robustness and vulnerability to chains of failures? It is true that regional blackouts do occur. Every incident can be traced to a chain of failures. However, earthquakes, hurricanes and especially ice storms every year challenge the grids with multiple simultaneous failures; sometimes hundreds of thousands of simultaneous failures without triggering cascades. Do you really think that a hacker could think up something more challenging than an ice storm?
One thing not appreciated is the design criteria. The NERC criteria for blackouts is that blackouts affecting more than 10 million people should not happen more than once every 10 years. Using NYC as a benchmark, it was blacked out in 1965, 1977 and 2003.
The public, on the other hand, thinks erroneously that the grid should be infinitely reliable and that every regional level blackout represents an avoidable failure, and that each blackout reduces confidence in the system.
Ironically, people who live in places with frequent loss of electric service, such as India, adapt so well that it causes minimal disruption. It is a paradox that the more reliable electric supply, the less well prepared the public becomes for outages and the more neurotic they become over hypothetical threats.
Re: (Score:2)
Let please me know from where you have English tolearn.
Re: (Score:2)
Re: (Score:2)
Please let me know from what nationality a poster to Slashdot actually believes his is the only one represented on this website
United Federation of Planets, duh
Re:Who's We? (Score:4, Insightful)
Please let me know from what nationality a poster to Slashdot actually believes his is the only one represented on this website..
We all make assumptions.
Re: (Score:3, Informative)
Actually, I think there are more people here from outside of the US (mainly Europe) than you think. I think it's closer to a 50-50 ratio. And this is why:
Exhibit A) If you look at this poll [slashdot.org] you'll see that 43% of all voters chose the option "I Use Celsius, You Insensitive Clod!", which would obviously imply that they are not from the States.
Exhibit B) I'm Finnish (been browsing /. actively for a couple of years now) and I know I'm by far not the only Finn lurking around here. Moreover, if you look at, for
Re: (Score:2, Insightful)
If you believe in gun rights then you support terrorism in the US
Go fuck yourself.
Re: (Score:2)
If you believe in gun rights then you support terrorism in the US
Although this is flamebait, it's not entirely untrue. It is however an argument in favor of personal gun ownership in my book. You know how they call suicide bombers cowards and terrorists? Well, I call cruise missile launchers cowards and terrorists. Terrorism is just a word, and it's basically used by governments to describe the only type of military attack remaining to a disadvantaged group. If you can afford to launch a cruise missile and blow someone up 2,000 miles away then you're the dominant power,
Re: (Score:2)
If you believe in gun rights then you support terrorism in the US
It's pretty hilarious that you're going on about this so soon after Guy Fawkes day. Were you saving it?
The proximity to Guy Fawkes is totally coincidental. What I was pointing out is that you don't need any fancy high tech methods to take down the US power grid, all you need is some accurate shooting out of insulators in remote areas where no-one can observe you et voila one dead network in as fast a time as you can take 10-20 shots. And putting armed guards along the power grid in those areas is impossible,
Given the propensity of the US administration to declare various items as being the hallmarks of
Re: (Score:2)
If you believe in gun rights then you support terrorism in the US
That one is going to let some Al-Qaeda people confused.
Re: (Score:2, Insightful)
If you believe in freedom of sexuality then you support paedophiles.
If you are against the death penalty, you're a communist.
If any of the above seem reasonable to you, do your country a favour and continue to not vote.
Re: (Score:2)
If you don't believe in gun rights you support facism in the US.
I'd rather deal with a hypothetical lone nut than deal with actual Soviet style government.
Re: (Score:2)
Re: (Score:3, Interesting)
The lower 48 CONUS actually has 3 power grids, not just a singular grid
Maybe not for long .. check out the Tres Amigos project [fastcompany.com]
Re: (Score:2)
...I would also be very worried about the fact that you use suspended power wires even inside many of your larger cities (check out Miami, f.e. - sheesh!), as opposed to dug-down cabling.
Funny. I can't remember the last time I saw suspended power lines in a city. New York City doesn't have them. Nor does Washington DC. Are you sure you weren't in the suburbs?