1. The Grid is a high-value target to foreign Intelligence Agencies. It's been said - correctly, IMHO - that while there are friendly foreign governments, there are no friendly foreign Intelligence Agencies.Well, reality has caught up to Borepatch 2010:
2. The computer systems that run the Grid (called SCADA systems) are based on old technology, and are difficult to patch. This means that it's quite likely that the computers running the grid are riddled with security holes.
3. While these systems are not supposed to be connected to the Internet, the incentive to do so is very, very high. For example, it's a lot easier to reset something by remotely connecting to it from home than getting up, getting dressed, and driving 20 miles in a storm at 3:00 AM.
4. Nobody has accurate maps of precisely what their network looks like. Network aren't so much designed as grow, almost organically. The Power Company networks are no exception.
Taken together, this paints the picture of high-value, low-risk for an adversary.
In a new troubling escalation, hackers behind at least two potentially fatal intrusions on industrial facilities have expanded their activities to probing dozens of power grids in the US and elsewhere, researchers with security firm Dragos reported Friday.It looks like the only plausible explanation is that someone doesn't want to be able to shut down the US power grid, they want to be able to wreck it.
The group, now dubbed Xenotime by Dragos, quickly gained international attention in 2017 when researchers from Dragos and the Mandiant division of security firm FireEye independently reported Xenotime had recently triggered a dangerous operational outage at a critical-infrastructure site in the Middle East. Researchers from Dragos have labeled the group the world's most dangerous cyber threat ever since.
The most alarming thing about this attack was its use of never-before-seen malware that targeted the facility’s safety processes. Such safety instrumented systems are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising. When gas fuel pressures or reactor temperatures rise to potentially unsafe thresholds, for instance, an SIS will automatically close valves or initiate cooling processes to prevent health- or life-threatening accidents.
In April, FireEye reported that the SIS-tampering malware, known alternately as Triton and Trisis, was used in an attack on another industrial facility.
It's certain that the Powers That Be are not treating this with the urgency it demands. While the Department of Energy has been at least awake for the last 4 or 5 years about this, this country needs a crash course on making the grid more robust. Not hardening it - that's likely a fool's errand in these days. Rather, the grid needs to become more survivable in the face of attack:
- Safety systems need to be isolated from network compromise. This means direct servo connection rather than commands sent via the network (what happens when the network router gets disabled by a Bad Guy?).
- The grid needs to better handle portions of it going off-line, and then coming back online. This seems to be where the first experimental hacking was concentrated, and it's key that surviving parts of the grid do not get damaged by high voltage surges during these events.
- There needs to be a lot more stocking of spare components than there is. A large scale grid shutdown will mean there is no chance of "just in time" component resupply.
- Manufacturing of things like high voltage transformers needs to come back to the United States from China. If the grid is down there's no time to wait the 6 weeks to get the darn things shipped from Shanghai.
All of this costs money, and so nobody wants to do it. But we pay people at DoE (and Homeland Security) to think about this, and to convince the policy makers that this is an existential threat. If the grid is damaged, a lot of people will die as gas stations run out of gasoline, hospital generators fail, etc.
Sadly, confidence is not high in the Powers That Be. I recommend a generator, with two weeks' fuel. A diesel generator will be more expensive, but it will last longer. More importantly, the fuel won't go bad.