Posted on 08/01/2012 10:23:27 PM PDT by blam
The Government Admits The US Power Grid Can Be Taken Out At Any Time
Walter Hickey
Aug. 1, 2012, 7:00 PM
The Government Accountability Office just released a report backing up earlier findings: because a series of recommendations were ignored, the U.S. electric grid remains highly susceptible to cyberattacks.
The grid is reliant on a number of IT systems that have known and likely unknown vulnerabilities. The result of a cyberattack on the grid could result in damage to electricity control systems, power outages, and failures in safety equipment on a scale currently unknown.
GAO believes that there are still massive problems in the way the grid secures itself. Here are some of the reasons why they said the grid was open to attack:
* A lack of a coordinated approach to monitor industry compliance with voluntary standards.
* Aspects of the current regulatory environment made it difficult to ensure the cybersecurity of smart grid systems.
* A focus by utilities on regulatory compliance instead of comprehensive security. * A lack of security features consistently built into smart grid systems.
The verdict? A terrible regulatory environment that makes the industry focus on things that don't make the grid more secure. Electric companies who couldn't care less about spending more on security. A lack of focus on preventing an attack against the electric lifeblood of the United States.
The worst is, GAO told the Government what they had to do last year, and it was ignored.
The Department of Commerce's report on smart grid security was "missing key elements" and has not been fixed.
The Department of Energy was tasked with "periodically evaluate[ing] the extent to which utilities [...] are following voluntary interoperability and cybersecurity standards" and this report says they haven't.
(snip)
(Excerpt) Read more at businessinsider.com ...
Yep.
If the first act is to spoof the system into reporting everything is normal no one will have the information warning them now would be a good time to unplug the routers.
Compare to the mid-Atlantic Air France crash.
The crew believed their readouts and stalled the Airbus every inch of 30,000 ft to the water.
That was an accident caused by iced-over pitot tubes, would the outcome have been different if the pitot tubes were clear, but a deliberate act of malware fed false data to the crew?
Are you saying that no one anywhere on earth is clever enough to figure out a way to deliberately feed false data to a control center?
Are you saying that even if they could spoof, say, the Texas grid, they couldn’t possibly spoof the other two?
That’s going to be a hard sell.
... Compare to the mid-Atlantic Air France crash.Different situation; inexperienced, low-hour PIC (pilot in command) in a cockpit (Airbus model that does NOT use coupled sticks like Boeing aircraft to allow one pilot to feel the sidestick/control inputs that the other is applying) that did _not_ provide feedback to the other pilot as to what his 'control inputs' (in effect, full back 'stick' for almost the entire time during stalled descent into the sea) were ... when the actual captain came to the flight deck it was too late and one can read/hear his words as to the action taken by the inexperienced PIC ...The crew believed their readouts and stalled the Airbus every inch of 30,000 ft to the water.
You need to read the PPRUNE pilot's 'take' (real pilots, of both Boeing and Airbus aircraft) on that event that explains what I tried to summarize above in extreme brevity; that isn't near the case with system operators in a 'control area' of the 'grid' (excepting maybe First Energy a few years ago, but that was in part willful negligence on their part coupled with unusual outside events (including unexpected warm weather/high electric demand and delayed tree-trimming that tripped critical lines at a critical time)).
BTW, neither pilot on the flight deck at the time the pitot tube iced over (and they left "Normal Law") had near the time of the captain had (and he was NOT on the flight deck until the final minute.)
http://www.pprune.org/tech-log/489774-af-447-thread-no-9-a.html
BTW, you 'breezed' right into a 'spoofing' scenario without the slightest regard for the barriers in place I mentioned in my previous post; this the 'magic' hand-waving scenario you propose in lieu of the hard, actual work of hacking into the network and providing a number of bogus inputs to the 'state estimator' (that provides the system status reports) from the wide-spatial-ranging inputs (currents and voltages and their phase relationships) to show a 'spoofed' state? Gee, I like this hand-waving magical approach to throwing out hacking 'threats' ... maybe hand-waving 'magical' solutions are also required (magic beads and the burning of incense as a start maybe)?
... Compare to the mid-Atlantic Air France crash.Different situation; inexperienced, low-hour PIC (pilot in command) in a cockpit (Airbus model that does NOT use coupled sticks like Boeing aircraft to allow one pilot to feel the sidestick/control inputs that the other is applying) that did _not_ provide feedback to the other pilot as to what his 'control inputs' (in effect, full back 'stick' for almost the entire time during stalled descent into the sea) were ... when the actual captain came to the flight deck it was too late and one can read/hear his words as to the action taken by the inexperienced PIC ...The crew believed their readouts and stalled the Airbus every inch of 30,000 ft to the water.
You need to read the PPRUNE pilot's 'take' (real pilots, of both Boeing and Airbus aircraft) on that event that explains what I tried to summarize above in extreme brevity; that isn't near the case with system operators in a 'control area' of the 'grid' (excepting maybe First Energy a few years ago, but that was in part willful negligence on their part coupled with unusual outside events (including unexpected warm weather/high electric demand and delayed tree-trimming that tripped critical lines at a critical time)).
BTW, neither pilot on the flight deck at the time the pitot tube iced over (and they left "Normal Law") had near the time of the captain had (and he was NOT on the flight deck until the final minute.)
http://www.pprune.org/tech-log/489774-af-447-thread-no-9-a.html
BTW, you 'breezed' right into a 'spoofing' scenario without the slightest regard for the barriers in place I mentioned in my previous post; this the 'magic' hand-waving scenario you propose in lieu of the hard, actual work of hacking into the network and providing a number of bogus inputs to the 'state estimator' (that provides the system status reports) from the wide-spatial-ranging inputs (currents and voltages and their phase relationships) to show a 'spoofed' state?
Gee, I like this hand-waving magical approach to throwing out hacking 'threats' ... maybe hand-waving 'magical' solutions are also required (magic beads and the burning of incense as a start maybe)?
Incense, or a judicious application of high explosives...
My money's on a nation-state (or religion-state) throwing enough assets at the problem of the barriers to overcome them and do real damage to the generators and difficult to repair or replace critical items.
Another possibility is a coordinated attack on power lines by any number of OTMs that have crossed our hyper porous southern border over the last decade that could black out enough areas as to be a practical equivalent of shutting down "the grid".
Or even something neither you nor I are clever enough to foresee.
[insert Larson cartoon "They're lighting their arrows! Can they DO that???"]
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.