Monday, July 19, 2010

Power grid compromised

I try to not fall into the ZOMG the Sky is falling category of Internet Security, but I've written frequently about the risk to the power grid. Basically, I believe pretty strongly that the following are likely:

1. The Grid is a high-value target to foreign Intelligence Agencies. It's been said - correctly, IMHO - that while there are friendly foreign governments, there are no friendly foreign Intelligence Agencies.

2. The computer systems that run the Grid (called SCADA systems) are based on old technology, and are difficult to patch. This means that it's quite likely that the computers running the grid are riddled with security holes.

3. While these systems are not supposed to be connected to the Internet, the incentive to do so is very, very high. For example, it's a lot easier to reset something by remotely connecting to it from home than getting up, getting dressed, and driving 20 miles in a storm at 3:00 AM.

4. Nobody has accurate maps of precisely what their network looks like. Network aren't so much designed as grow, almost organically. The Power Company networks are no exception.

Taken together, this paints the picture of high-value, low-risk for an adversary. I'm not the only one who thinks this, either. Stewart Baker writes at Volokh of a newly discovered attack targeting SCADA via USB devices, and makes a lot of sense:
As far as I can tell, there’s no reason to compromise a SCADA system other than to take it down. The SCADA system doesn’t contain credit card numbers or other financial data, and I doubt that compromising it is a cost-effective way to steal power for free. The guy who found the SCADA calls, Frank Boldewin, says, “As this Siemens SCADA system is used by many industrial enterprises worldwide, we must assume that the attackers’ intention was industrial espionage or even espionage in the government area”. In fact, though, there are no obvious secrets to steal from a SCADA system – other than the secret of how to bring the system down. So the logical goal of the malware is not so much espionage as sabotage.
Yup. The secrets are on Siemens' corporate network, not on the SCADA systems. If you wanted to reverse-engineer one, you can buy one. The only plausible reason to hack into one is because you want to be able to turn off the USA's power.

My advice is to get a generator with at least a week's worth of gas, and to consider getting off the grid. Bad things happen when the power goes out for an extended period, and if it were a large scale outage, it could take months to restore things.

BTW, this attack is more than plausible: not only do we have confirmed malware samples, but we've seen this sort of thing used against the classified DoD networks in the past.

9 comments:

Anonymous said...

Gee whiz. Now we see why it is so damned difficult to keep your open and secure networks separate - nobody wants to!

Jim

NotClauswitz said...

Hey, how about those PG&E "Smart Meters"!? They can turn off the electricity remotely!

A said...

This a "test" and only a test of my new off grid internet connection

(banging two hard rocks together)

Please let me know if there are obvious spelling corrections or other errors I may need to address in future testing?

This has been a "test" of the emergency internet system, you may now go back to your normal internet blather and interest.

auditions-auditions said...
This comment has been removed by a blog administrator.
bluesun said...

And don't forget the apocalyptic sun flares!

ZZMike said...

Those on the West Coast remember the Great Blackout of some years back. It lasted 6 - 8 hours. (We had to help rescue an ice-cream store by eating the contents before they melted). I forget the details, but I think it was a domino effect - something failed up in Washington state, then that overloaded the next link, and so on down into Southern California.

Then there was the New York blackout some years before that.

One of the more annoying effects of the blackout was the fact that traffic lights stopped working.

Think a little further: ATMs stop; gas stations stop; cell phones stop (landlines are run by batteries).

It wouldn't be all that hard for someone or someones with evil intent to bring down a large segment of the grid.

roy in nipomo said...

ZZMike - The great 1996 outage was caused (IIRC) by the mix of a power line and a tree limb.

Jake (formerly Riposte3) said...

ZZMike:

Landlines may be run by batteries, but how many people these days have phones that don't need external power?

Cell phones probably wouldn't stop right away - I believe most towers and other parts of the system have backup generators good for at least a few hours. For a prolonged outage, the cell carriers should be able to get extra fuel to key points to keep at least most of the system running.

B said...

do a diesel genny if you are gonna bother to get a generator. They last longer, are more reliable, and the fuel doesn't go bad.