US Electricity Grid Reportedly Penetrated By Spies 328
phantomfive worries about a report in the Wall Street Journal ("Makes me want to move to the country and dig a well") that in recent years a number of cyber attacks against US infrastructure have been launched over the Internet: "Cyberspies have penetrated the US electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia, and other countries, these officials said, and were believed to be on a mission to navigate the US electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war."
Re:Why are they on the internet? (Score:5, Informative)
Re:Why are they on the internet? (Score:4, Informative)
I actually do work with these exact systems. I have yet to install a system in a control room that had net access to the operator consoles or even the operational servers. These computers - yes, running Server 2003/8 or XP Pro - are patched to the latest and greatest before they leave our shop, but once on-site should never, ever, ever interact with the Internet.
That being said, the PI data servers are designed to be a go-between for the internal secure network, and the rest of the world so the data logging can reach those who need it. Not only does the PI server have security protocols built in, but is required to be installed in a DMZ with full firewall protections, and in some cases a dedicated leased hard line to an off-site office.
So, to summarize, no, the Op stations, the Op servers, should NEVER be connected to the Internet, and we do out best to disable any way of the operators even getting to the OS level, but there are times and reasons that you need to hook the internal network (through full security measures) to the outside world.
Re:Quite so... (Score:5, Informative)
Close, they're drumming up support for S.773 and S.778. These bills are designed to give the executive the power to control the security of vital parts of the internet. If they can show that these vital parts of the net are compromised, and therefore risking America, they have an easy talking point when lobbying congress members.
Re:Big surprise (Score:2, Informative)
You do know that the US penetrated the Soviet pipeline system and has caused industrial accidents with that right?
The US didn't "penetrate" the pipeline system. The Soviets did it to themselves by stealing software.
Lesson to be learned: If you find pipeline control software inside a big wooden rabbit then don't take it and certainly don't run it.
Comment removed (Score:3, Informative)
Re:Big surprise (Score:2, Informative)
You do know that the US penetrated the Soviet pipeline system and has caused industrial accidents with that right?
This is what I believe you are talking about: http://www.builderau.com.au/architect/work/soa/US-software-blew-up-Russian-gas-pipeline-/0,339024596,320283135,00.htm
Russia tried to steal the software to control the pipelines. The US caught wind of the plan and planted bugs in there to cause problems. The US did NOT hack in and cause it.
Re:Big surprise (Score:4, Informative)
how else is a power station operator on a remote plant supposed to work? You don't expect them to go to the plant if it is hours away from anything. Stay at the plant, away from families? Forget it. operators telecommute too!
Do you REALLY think that a "properly" run allows "any" connections to their control units or SCADA systems ? I don't think so. I'm pretty sure that they have people there 24/7 to handle any type of contingencies.
People always say these things aren't connected to the internet and there are supposed to be seperate control and communication and PC networks but I bet few plants actually have that. Maybe super critical ones like nuclear, but your average small hydro or peaking gas plant...
They aren't the "power grid", they are power stations. The "power grid" are the master control centers (Like NYISO, CalISO, Midwest ISO, PJM, etc) and the local control centers. There are FERC [ferc.org] requirements for how THEY must be configured/setup (like the control room's network must be separated from the rest of the companies network, etc).
Time, Budget, the need to get that sensor or remote control connected to something, anything, whatever is near by so we can talk to it *now* and then the temporary fix becomes permanent
Nope. Not likely. If anything it is a PRIVATE network managed by the local control center.
Re:refusals to permit security updates... (Score:3, Informative)
I'm afraid not, that was 20 years ago: I no longer have the originals. There were a set of published security updates for telnet and sendmail at the time, which the Morris Worm probably exploited on my systems: the vendors had not revealed all the exploit details. (Few vendors do.) We frankly didn't bother to do extensive analysis at the time, we had critical work to do and a lot of systems to rebuild, very painfully, from bootstrap systems that hadn't been tested in years and backup policies that I'd also written about as being badly scheduled and incomplete.
Having the "I told you so" documents on paper can be critical: they have much more power than mere verbal testimony. The fact that I'd kept them under lock and key and wouldn't let the originals out of my hands were an interesting source of internal strife, and revealed some other bureaucratic issues when other documents were somehow "lost" by the people assessing the situation.
Re:Why are they on the internet? (Score:3, Informative)
If you were the designer, then you did not do your job educating them as to why they are not supposed to do that, and the repercussions for not following them
It is the SCADA system designers job to inform the customer as to the incredible danger of their desire to be convenient.
If you were a employee that worked at one of those stations, why did you never voice your concern about it? One word to the regulators and your bosses would have been screamed at and fined heavily for having an integrated UI for internet, SCADA, and email. Most regulatory commissions REQUIRE security and system separation.
The Attention is Healthy (Score:5, Informative)
Forget the major computers in the major control centers. That's what everyone thinks of first. At that level it is becoming like the Indians and athropologists in the Grand Canyon. For every utility cyber worker there seems to be 30 government gumshoes and overseers looking over their shoulders. One would expect no aspects of security to be neglected at that level.
The NERC letter refers to devices at a lower level. Primarily, what the industry calls "protective relays" in substations. From 1888 to a few years ago these functions were really done with electromechanical relays. Now, many of them have been replaced by digital equivalents on a one-by-one basis. In a household analogy, it is like the difference between a central electric control computer for the house, as compared to a "smart" digital LED light bulb. One worries about the central computer being hacked, but at first blush, not the light bulb.
The problem is that the engineers who deal with this level of equipment aren't used to thinking of these devices like the light bulb instead of like computers in a network. They have not identified many of these low-level devices as "cyber critical". The NERC letter urges utilities to change that culture.
This is an industry that owns and maintains hundreds of millions of diverse pieces of equipment. Every day, some fraction of them are converted to digital. No single study, no single policy can change this infrastructure overnight. I think they are approaching cybersecurity thoroughly and methodically, but it will take time.
Remember Y2K? Roughly the same collection of hundreds of millions of devices were threatened by a common-mode failure (Y2K). It was very analogous to an external cyber attack. The utility industry tackled Y2K, thoroughly reviewed all those devices, and performed flawlessly on the morning of 1/1/2000.
My point? Sure we should worry about cyber attacks on critical infrastructure, but don't jump to the conclusion that no security exists or that nothing competent is being done about it.
Re:Remember, folks... (Score:3, Informative)
Cheers
Re:Remember, folks... (Score:3, Informative)
I assume this was meant as a joke, but seriously, if you were able to take out a large portion of the power grid for any sustained length of time, it would have a huge economic impact. Just from the loss of money while businesses and industries are unable to function would add up to millions, if not billions. That's not even counting the looting and rioting (come on, you know it would happen!)
Define sustained. Storm-related outages lasting a week or more are not rare, and do not lead to riots or widespread looting. This idea that power outages equal riots seems to stem from the 1977 NYC blackout, but that was a match in a fireworks factory. Most outages are just a bloody nuisance.