Monday, June 24, 2019

Power grid compromised

I've been writing about the risk to the power grid for a long, long time.  Here's one example from 2010:
1. The Grid is a high-value target to foreign Intelligence Agencies. It's been said - correctly, IMHO - that while there are friendly foreign governments, there are no friendly foreign Intelligence Agencies.

2. The computer systems that run the Grid (called SCADA systems) are based on old technology, and are difficult to patch. This means that it's quite likely that the computers running the grid are riddled with security holes.

3. While these systems are not supposed to be connected to the Internet, the incentive to do so is very, very high. For example, it's a lot easier to reset something by remotely connecting to it from home than getting up, getting dressed, and driving 20 miles in a storm at 3:00 AM.

4. Nobody has accurate maps of precisely what their network looks like. Network aren't so much designed as grow, almost organically. The Power Company networks are no exception.

Taken together, this paints the picture of high-value, low-risk for an adversary.
Well, reality has caught up to Borepatch 2010:
In a new troubling escalation, hackers behind at least two potentially fatal intrusions on industrial facilities have expanded their activities to probing dozens of power grids in the US and elsewhere, researchers with security firm Dragos reported Friday.

The group, now dubbed Xenotime by Dragos, quickly gained international attention in 2017 when researchers from Dragos and the Mandiant division of security firm FireEye independently reported Xenotime had recently triggered a dangerous operational outage at a critical-infrastructure site in the Middle East. Researchers from Dragos have labeled the group the world's most dangerous cyber threat ever since.

The most alarming thing about this attack was its use of never-before-seen malware that targeted the facility’s safety processes. Such safety instrumented systems are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising. When gas fuel pressures or reactor temperatures rise to potentially unsafe thresholds, for instance, an SIS will automatically close valves or initiate cooling processes to prevent health- or life-threatening accidents.

In April, FireEye reported that the SIS-tampering malware, known alternately as Triton and Trisis, was used in an attack on another industrial facility.
It looks like the only plausible explanation is that someone doesn't want to be able to shut down the US power grid, they want to be able to wreck it.

It's certain that the Powers That Be are not treating this with the urgency it demands.  While the Department of Energy has been at least awake for the last 4 or 5 years about this, this country needs a crash course on making the grid more robust.  Not hardening it - that's likely a fool's errand in these days.  Rather, the grid needs to become more survivable in the face of attack:

  1. Safety systems need to be isolated from network compromise.  This means direct servo connection rather than commands sent via the network (what happens when the network router gets disabled by a Bad Guy?).
  2. The grid needs to better handle portions of it going off-line, and then coming back online.  This seems to be where the first experimental hacking was concentrated, and it's key that surviving parts of the grid do not get damaged by high voltage surges during these events.
  3. There needs to be a lot more stocking of spare components than there is.  A large scale grid shutdown will mean there is no chance of "just in time" component resupply.
  4. Manufacturing of things like high voltage transformers needs to come back to the United States from China.  If the grid is down there's no time to wait the 6 weeks to get the darn things shipped from Shanghai.
All of this costs money, and so nobody wants to do it.  But we pay people at DoE (and Homeland Security) to think about this, and to convince the policy makers that this is an existential threat.  If the grid is damaged, a lot of people will die as gas stations run out of gasoline, hospital generators fail, etc.

Sadly, confidence is not high in the Powers That Be.  I recommend a generator, with two weeks' fuel. A diesel generator will be more expensive, but it will last longer.  More importantly, the fuel won't go bad.


Jeffery in Alabama said...

Preparing to the best of ones ability for family is primary. I would stock up plenty of fresh drinking water first. Without electricity municipal water treatment and pumping stations will not be functional. During the huge tornado outbreak in north Alabama eight years ago, I was without electricity for six days (some in my area were without for over three weeks). Water departments relied on water stored in gravity forced water tanks. About the eighth day these began to run dry. Next gasoline and diesel pumps were implemented to pump water into the tanks. Since such pumps were rarely (if ever) used they would not start or experienced mechanical failures and people began to run out of water. So, knowing humans cannot live without water a sustainable/stored source of H2O is top priority. Also if you live in an urban area, part of the emergency plan should include how to deal with human waste. It is a normal function and will happen If toilets don't flush,,,,,,,,,,well you know the rest. Next, I would stock up on necessary life sustaining prescription medications if someone in my tribe has to have them. No electricity means it is harder to refrigerate meds such as insulin. Generators are good, but are only as good as they are in running order and fuel is available. They could be ran short term to chill a refrigerator or make ice for cooling such meds. I wouldn't worry to much about keeping fresh meats and veggies cool other than what I had on hand (eat that stuff first) since in a week or longer grid down there will little or no such items in a grocery store. Think canned foods that your family normally eats and likes that requires very little preparation/heating using (remember the microwave and electric range will not be working). Crackers, dried meats, dried fruits, and some candies, are good food ideas to break the monotony. Battery powered flash lights and radios are good too, but only for as long as there are batteries. There are several different models of hand crank/solar powered radio-flashlight combinations on the market at reasonable prices. Candles and coal oil lanterns are good too. but use caution. I know I am preaching to the choir here, but having a gunl ammunition, and possessing the knowledge to proficiently use it to protect self and property is necessary. Think of kids too if they are going to be part of your tribe. Not only will they require much of what I've already listed, they will need things to occupy their time depending on age (coloring books, games, puzzles, musical instruments, novels, magazines, etc). As one last note on generators, they are handy, but also noisy and let bad guys know where you are and that you have "stuff". Where one lives will factor in how "rough" or dangerous such blackouts could be. Naturally, people in rural areas will fare much better than those who live in the "hives".
Just my quick two cents worth.

waepnedmann said...

Duel fuel gasoline/propane are even a better option than diesel unless you are talking about a very large generator.
Diesel will go bad. It lasts longer than gasoline in storage, but diesel will grow bacteria which ruins it.
Some gasoline generators can have their carburetors converted to duel fuel.
Costco sells a duel fuel generator. Or they used to until PG&E announced that there will be blackouts in areas this summer to prevent power lines from causing wildfires in Northern California.
Costco sold out of generators rather quickly.

Eck! said...

Prepping is a science of getting the right mix of
material and required resources to sustain family
and home for a period of time longer than days.

Funny that gas was first. Things like Insulin and
other drugs for those dependent should always be on
hand as point of sale in most drug stores are
dependent on power (as is the internet). Then water,
food, personal hygiene supplies (soap!) come to mind.

In general, for those using gensets as a backup. Don't
try to power up and live as normal, its costly and eats
fuel. A better plan is enough generation for long
enough periods, but not continuous, to charge batteries
and maintain refrigeration and heating if needed.
Refrigeration and freezers can go for many hours or
more unpowered and then only a few hours of operation
to keep them cold.

The year of Sandy and the early winter storm a
5500W genset running about 8 hours total a day
for about three days was managed easily on 10
gallons of gas. This is with electric stoves,
oil fired hot water and heat and of course
refrigeration. Use as needed but try to not
use it up.

Solar power , non grid tied, can make life comfortable
at that time I had 60W of solar that charged a 60ah
battery for powering some led lights, radios, TV
and a few fans to circulate air. That small solar
project was very effective and has been upgraded.
Grid ties is mostly useless save for it lower the
power bill. Most grid tied systems are several
thousand watts of solar with no storage and no
way to use it when the grid goes down, seems a
great waste to me.

The strength of the power grid is interconnected
nature as its possible to route power around trouble
spots. Its not one giant blob. The big east coast
power failures of 1964 and later 74 did have an effect
on the system making it less prone to cascade failures.
While SCADA presents risk, its also dumb as a rock,
so any hacking is clearly aimed and how to attack it
for best effect.

Getting parts like those 30 ton transformers and
large high voltage switches is a big issue, we need
to get that back on shore and under US control. This
is critical as not only does it take 6 weeks by
container ship but they have to build it first
assuming they want to!

Be prepared was good then and is now. The real
question is for how long.

Just one persons thoughts.


ASM826 said...

And you are running a generator and you have lights on, while all your neighbors are sitting in the dark, how long before someone decides they want what you have?

Chaos is the result.

MattB said...

The bigger transformers must be ordered 6 months to a year ahead of when you anticipate the need for replacement. The electric utility I worked for would keep at least 1 transformer of each size on hand in case of emergency. Not all electric companies are big enough to keep a million dollar transformer on hand.