Power Grid Insecurities Examined

Joe Barr writes "Chris Gulker has taken a long and careful look at the infrastructure of our power grids and has come to some rather unsettling conclusions." A good read that outlines where the current power grid is at, and suggests some paths for the future that may help avoid future blackouts.

Scared yet?

[krray]

Wonderful -- as I read the article, plastered in the center of the page is the ad:

"Microsoft - Big business ambition. Small business resources. Get your FREE 6-month trial now. Windows Small Business Server 2003".

The very fact that the power grid, atm's, so on and so forth -- hell, I worked on the power supply to a embedded PC today for a newspaper printing press that had NT on it ... it frankly scares the hell out of me.

There I'll be sitting there in front of my OS X or Linux box. Can't be too smug I suppose with no power. No telephone. No gas. No cash to buy bread. Hell, the auto-checkout lanes (which I refuse to use on principle) at Jewel are Mickey-MouseSoft based. Certainly no Internet.

For my business' I absolutely refused to allow a Windows server of any type in the datacenter. I still say, "are you nuts?". Yet people still did it. Once again, Bill Gates will get a chance to screw us I guess.

So, when is the next worm due to hit? At least my TiVo will still work... :)

heh

[Comsn]

Says Skroch: "If you have too much security [i.e., no network connections], then the power plant probably won't work."

power plants worked long before the internet was created. no important computer controlling very important things should ever be put on the internet.

Security Vs Usability

[Admiral Justin]

The article does bring up a valid point. Many times, when large systems attempt are forced into security by fear, they overdo it, and the system becomes nearly unusable to the users, who have to run around in circles with security measures.

The lesson? Security is nice, but lets not go biometrics and 30 different passwords just to check the email.

Stock up on booze and smokes

[soupforare]

"The situation is so bad, experts say, that bored script kiddies could soon be knocking out power stations as easily as they concoct viruses from toolkits available on the Web."

Is it any easier now then it has ever been? It always seemed pretty simple to me. Go down to your local, unmanned, power station and blow it up. Get your buddies and some trucks and knock down some high tension wires. wheeeeee.

Why do people get excited by this? It might be my misanthropic nihilism talking, but shit happens. Every day. Deal with it.

You might lose power, you might lose running water, you might get hit by a bus.
Even if you hole up in a shack to protect yourself from the script kiddies, psychopaths, terrorists and/or government... you're still gonna die!

Have fun! :)

Well, what did they spend all my payments on...

[BSOD from above]

The power industry needs to be reinvesting profits in infrastructure (powerlines), not stock dividends. The same companies should have been upgrading their command and control systems to prevent chain reaction blackouts. Am I expected to believe the computer systems that manage the cooling rods in the nearest nuke plant are secure?

Seriously consider the economic impact of the grid failure compared to the recent worm problems. Then think about a nasty combination of the two.

Re:heh

[Steinfiend]

I cannot agree more with this, it amazes me every time I hear of some important computer system being affected by an internet based infection or an internet routed hack.

Surely the only people who need to control a power plant (or dam release valves, or weapons sytems or whatever) are the people in the facility working at that time? So why have any type of network access to the system other than what is required within the grounds of the facility?

Of course I might be being naive, but I don't think so.

Spent on Enron-style energy trading companies

[swb]

It used to be that the utilities were highly regulated entities that had their profit margins basically regulated by the states they were in. They had to provide a given amount of reliability, and rate increases (and occasionally refunds!) were carefully scrutinized as to where the money went. You couldn't raise rates without showing some meaningful improvement that resulted from it.

Then along came degregulation, where the power seller and the power generator became two different things (which makes even less sense than the deregulated-but-shared local phone loop). Utility companies wanted out of the power generation arena -- too expensive, too many regulations, it was better to be in the new "commodity" end of the business, arbitraging power. So they split themselves into trading companies and generation companies, taking all the cash into the trading companies, who were deregulated and could spend it freely.

And then 10 years later, Enron and the whole deregulated power "market" has collapsed, and we wonder why we're 15-20 years behind the curve on power grid and other key infrastructure elements. All the money got spent on speculating in the newly deregulated power markets, and its all gone.

Nobody really pays any less for electricity, I don't have a bunch of people knocking on my door offering me their window electricity or biodiesel electricity or their pig shit methane electricity for that matter.

I only have the sheepish looking local utility trying to explain to me how they're trying to fix the power infrastructure built in the 1970s with the cash made in the 1980s which was spent in the 1990s on the promise of getting rich in the new millenium. When in fact, they actually need me to pay the prices of the next millenium for the service delivered in the 1990s, and, oh, would I please only use as much power as I did in the 1970s?

The case for remote control

[Beryllium Sphere(tm)]

The valve at a dam probably doesn't need to be turned very often, so it's economically tempting to save the cost of 24/7 onsite coverage and have one central operations center.

Remote monitoring is all but imperative. The plants are already in a cooperative network sharing their power. Everyone on the grid needs at least basic information about what's going on.

None of which is ANY excuse for a direct or indirect connection to the public Internet. This is a job for a private network, and I don't mean a VPN that can be DOS'ed when a worm spreads through the public network.

Re:heh

[segment]

So why have any type of network access to the system other than what is required within the grounds of the facility?

It is a matter of convenience to be able to access offices from other offices, as we as people have become so lazy due to the boom in computer usage. It is much easier to be able to perform tasks using computers rather than doing things manually, and depending on what job duties you have, it can actually be a bit safer for the worker. However, in my opinion, people have just become lazy as shit and choose to use machines as an excuse for avoiding working. I say this as coincidentally (while I watch the news) a reporter just stated that 90% of working people are unhappy at their jobs. So why take an extra step when a computer could eliminate five steps.

But first...

[YrWrstNtmr]

We must encourage the development of high-end fusion generating stations

First, you have to make fusion work. Just once.

+1 Interesting? Who's smoking the crack out there?

Re:Potential Social Implications?

[dsanfte]

It is only then that we reach our full potential in our academic and athletic pursuits which substantiate our integrity in the grand scheme of things.

Haha, what grand scheme of things?

Humanity isn't trying to reach for the pinnacle of its capabilities, it's trying to find more comfortable ways to live and fuck.

People want more power so they can do more cool shit, and do it cheaper. That's it.

Yes, we can and we shall. It is what makes us the leading society in the western hemisphere and as history as proved, it is our greatest asset.

Leading in all forms of waste and corruption. Nice example for the future. Here's a primer on human nature -- more of anything doesn't make people use it smarter, it makes them squander it faster. Western society is terrible for this.

Your post is an attempt to be modded insightful by using big words to sound profound. Nothing you've said makes any sense.

Re:Scared yet?

[BWJones]

... it frankly scares the hell out of me.

Hey, it's not just the power grid and atm's. There are command and control systems used by the department of defense that folks have migrated to Windows. Our Dept of Homeland security has standardized on Windows. Certain FAA traffic control systems are running on Windows. The Army's Landwarrior program is using Windows. Traffic control for trains and shipping are running on Windows. etc...etc...etc...

This should scare the hell out of a lot of people.

Re:Power Grid

[Tailhook]

"Most of the power grid problem stems from the fact that very little maintainence is being done."

"Greedy utilities have brought this on themselves.Cutting jobs for the maintainence personell,doing nothing about aging lines, and then asking "WHY is this happening?"

There is nothing wrong with the "old" lines. The distribution grid carries some rated voltage and does it without much complaint. The problem is that there simply isn't enough of it, so most of the system is running at design capacity, and a small failure can cascade into a widespread failure.

There isn't enough distribution capacity primarily because of NIMBY. Power companies around the country want to build more capacity. Most of the time they must spend years battling the locals for right of way. Environuts are often blamed unfairly when locals couch their resistance in bogus environmental claims, but the truth is that it's just NIMBY.

And it's maintenance.

Data Networks & Realtime Requirements

[Ichijo]

From the article:

The worm's scanning slowed the internal network to a crawl, eventually crashing the plant's Safety Parameter Display System, according to reports.

[snip]

Control systems operate in real time, where processes, availability, and reliability are paramount.

So they are imposing realtime requirements onto a shared medium (a computer network)? That's like not putting lights or sirens on emergency vehicles, and then complaining about not being able to get to the scene in time during heavy traffic.

No wonder virii can cause so much damage to the power grid. The whole thing was badly designed to start with!

Bored script kiddies would never do this...

[thepacketmaster]

A script kiddy would never bring down the power grid...If they did, they'd be bored out of their Internet-dependent minds. Can you imagine these types of kids playing scrabble or cards?!? Or worse yet, being forced to take the opportunity of a black-out to spend quality time with their families. The Horror!

Re:The grid is over centralised

[Jerf]

A fundemental weakness of the grid is its over-centralisation. Another argument for environmentally friendly local power generation schemes.

Actually, a fundamental strength of the grid is its centralization. A central facility generating gigawatts of power can afford to spend millions of dollars ekeing the last few percentage points of efficiency out, and wiping out the last few percent of emissions, because the economies of scale kick in.

Local power schemes, since they will be purchase by The General Public, can not and will not spend the money on these extra niceties, and as a result will necessarily be less efficient and more polluting per watt then centralized power. There is no way around this, there is no argument that can wipe it away, it's a fundamental economic fact of life.

Local power generation is one of the boondogles [m-w.com] the bad environmentalists promote, without stopping for a moment to think that it's even worse then the alternative. (Altogether too many environmentalists aren't bothered by little things like "truth" or "evidence", which is why I can't call myself one, even though in theory I ought to be able to.)

Re:Scared yet?

[digitalunity]

I highly recommend QNX [qnx.com] real-time OS. It is top notch. We have embedded devices here where I work that have *never* failed and some of them are running QNX. Just amazing stuff.

OK, let's do the math

[SysKoll]

I know that for enviro-dreamers, math is a dirty word because it always derail their gravy train. But humor me. I'm in a place where I get 120 sunny days a year average. I have 50 square meter (500 sq ft) of root at my disposal Assume I can use half of it and buy a 25 m^2 solar cell panel, at a great cost. With good cells and orientable panels (an eye sore but you don't care), I can get a 20% efficiency, for a glorious 150 W/m^2 peak. Assume a 70% efficiency in power conversion (widly optimistic). So far, I have 25 * 150 * 0.70 = 2625 W peak. With an average of 8 hours a day useable, 120 days a year, I get 2625 *8 *120/365 = 6.9 kWh avg a day, call it 7. Never mind the 15 car batteries I need to store that.

Well, the problem is, my 2 computers alone (400 watt power supply each), and my fridge use about 10 kWh a day. And they don't run 24h a day. So I'm afraid that after this use investment, I still need the grid.

And did I mention the snow storms that will put the contraption out of use for days?

Did I also mention that solar cells need to be replaced every 10 years at least, when they degrade? And that manufacturing a solar cell costs actually more power than the thing will ever generate?

Aaaah, so that is why there aren't solar cells on every roof. It's not a conspiracy by Exxon and the Bush family.

It's because when you do the math, you see it is not worth the trouble.

Of course, the solution is simple: don't do the math and keep pushing solutions that don't work, then blame the oil companies.

Alternately, you might want to wonder why France is generating 75% of its energy with nuclear plants licensed from Westinghouse and still doesn't glow in the dark. Naaah, wouldn't work elsewhere.

-- SysKoll

Poor analysis, but there are real problems

[Animats]

That's not a "long and careful look". It's more like "general mouthing off".

We're starting to see a few problems appear more than once, though.

• Telecom vulnerability to power failure.

  AT&T was determinedly independent of the power grid in the days of Ma Bell. Every central office ran on 48VDC storage batteries, with backup generators. The backup generators were started once a week, and run for several hours once a month. Once a year, each central office ran for 24 hours cut off from external power.

  That was a long time ago, back when AT&T was a regulated monopoly common carrier. In the new, competitive era, that depth of backup can no longer be assumed. Carriers in trouble (WorldCom, Adelphia) tend to cut things like that.

  The details aren't in yet, but it's beginning to look as if, during the recent big blackout, some comm links went down very early, so that the fault information that's supposed to divide the grid cleanly into islands didn't get through. Once all the logs have been correlated, it will be clear what happened.

• "Non-critical" systems that aren't.

  A few weeks ago, CSX, the railroad, had a shutdown due to a virus. Railroad signalling has used "code lines" for decades, for remote control of switches and signals. These are basically serial links over which commands and responses are sent. The safety logic is local, but if you lose a code line, the dispatcher can't throw switches and route trains.

  The tendency to centralize train control has resulted in a need to transmit code line signals hundreds or thousands of miles. So they tend to be multiplexed over telecom-like facilities. CSX apparently routed theirs over their in-house general purpose network. The routers in that network were managed by a network management system that ran on Windows. When the Windows machines went down, system management of the routers stopped, and, after a while, this apparently took some key routers down. So a "non-critical" system actually stopped train movements.

• Cross-connection between business systems and control systems

  It's really convenient to be able to see what the plant is doing from your desktop. Order processing is more efficient if the sales network connects to the factory network. Energy traders need to be able to see what the power plants are doing, and give directions to power dispatchers. These things all create vulnerable paths.

That's a more realistic picture of what's going on.

Re:SACTA

[EuropeanSwallow]

I still believe the security issue is not an issue. I think you can separate the worries in two:

1. Fake measures: This is solved by what is called a State Estimator in the SCADA, that in simple terms, tries to reduce measurement errors and to infer on unavailable ones using measure redundancy. That means that, even though the RTU message to the SCADA would be tapped, and measures faked, the SCADA would filter it out. Only chance would be to fake them on a geographically large area, with coherence, and that would be, to say the least, complicated.
2. Tele-command: Since SCADA also involves the tele-control of grid equipments, ex: breakers, a fake order could be sent to the RTU. This is complicated because:
   
   • You would need to also fake measurements (previous point).
   • Not all kind of maneuvers and maneuvering sequences are allowed by the local controllers or apparatus.
   • Given the fact that measures are hard to fake, the control center would detect the error quickly and call the local units or send a team to see whats happening.
   
   

In the end (see previous post about stolen servers), it would be easier to just, for example, tear down a line post with a truck, to short the line or to sabotage the facility...