US Electricity Grid Reportedly Penetrated By Spies 328
phantomfive worries about a report in the Wall Street Journal ("Makes me want to move to the country and dig a well") that in recent years a number of cyber attacks against US infrastructure have been launched over the Internet: "Cyberspies have penetrated the US electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia, and other countries, these officials said, and were believed to be on a mission to navigate the US electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war."
Remember, folks... (Score:5, Insightful)
Big surprise (Score:2, Insightful)
So once a while (Score:5, Insightful)
"Some officials" come forward and warn about threats from China, Russia, Iran and North Korea. "Ya know, Sir, we need funding for enhancing national security, so please make sure you get your budget right."
Software programs? (Score:5, Insightful)
Re:Software programs? (Score:3, Insightful)
Very convenient ... (Score:5, Insightful)
So, the week before a review is due looking into whether or not they should increase the flow from the money pump, "current and former national-security officials" have come forward to draw attention to a network of spies in the power grid.
Look, I'm not saying that cyber-attacks don't happen, or that there isn't a risk, but bloody hell, this article reads like a well-crafted piece of BS, designed to put the N back into FUDing.
Re:Why are they on the internet? (Score:5, Insightful)
Then I'd suggest they need two PCs.
This is the new war. (Score:4, Insightful)
There's a reason the military is starting to get mighty interested in nerdy types, although most programs designed to leverage these skills are in their infancy. We need to get serious about this fast; other nations certainly are.
No control structure is on internet (Score:4, Insightful)
Re:Remember, folks... (Score:1, Insightful)
Re:Remember, folks... (Score:5, Insightful)
Re:Remember, folks... (Score:5, Insightful)
Are there real threats? Yes, of course there are. But when enough scaremongering is mixed into them, you get the reaction that the OP AC shows: Cry wolf once too often and people will ignore you.
Also, there are a few things that I'd consider a lot more dangerous and worrysome that you don't hear about at all. Intentionally or not, your decision.
Re:Big surprise (Score:5, Insightful)
Nope, electrical grid computers in exUSSR region do not even have the theoretical capacity to be connected to the public Internet. I am amazed there is an actual data linkage between the public Internet and the computers even remotely related to the power control functionality.
Re:Why are they on the internet? (Score:3, Insightful)
The systems I work on are typically airgapped, but there is a constant push from users for some access to the internet. A user might need to access meteorological information, and the simplest way is to go online to get the data. Another user might need to refer to work instructions on the corporate intranet, but the intranet gets you to the internet anyway. Like it or not, the internet is working its way into many types of work and many people are starting to expect it to be available.
Then your users need two PCs and a KVM (or even two completely separate PCs - ideally on opposite ends of the desk - to properly drive the point home).
There are some situations where security MUST override convenience.
Re:This is the new war. (Score:3, Insightful)
The threat is actually in consumer PCs, insecure and filled with malware. My fear is that, if we do not get those boxes secure soon, the Powers That Be will see them as a threat and, instead of requiring you, the user, to take responsibility for your box, demand that all boxes have to be made "secure", i.e. have some kind of mandatory surveillance available to them, or that you may only install whatever is approved and seen as ok by whatever entity your country may put in that place. All in the name of national security, of course. And while we're at it, a few kickbacks here or there may 'encourage' said entity to ensure some monopolies are set in stone.
Not a good thing if you ask me. I'd call for responsibility for your box. Because in the long run, either you're responsible what happens with your box, or that responsibility is taken out of your hands. And given the current political climate, where personal responsibility is shunned in favor of governmental meddling, I'm pretty sure we'd see the latter happening.
Re:Remember, folks... (Score:5, Insightful)
Re:Remember, folks... (Score:5, Insightful)
Not to mention the creation of an alien enemy. Obviously - OBVIOUSLY - the IP addresses come from Russia and China - and in no way could a proxy be used from those countries - by an American. No way that could ever happen.
Obviously the spies are Russian or Chinese, because Americans would have no reason to hack into their own government's systems.
Re:Remember, folks... (Score:4, Insightful)
There are many real threats (assuming this one is). Why do we get to hear about this one now? Is it coincidence that this surfaces at the 'right' time when security money is being redistributed?
Re:Software programs? (Score:2, Insightful)
Re:Remember, folks... (Score:5, Insightful)
Probably not coincidence, but that doesn't mean it's sinister or improper. If you knew of a significant threat that wasn't being addressed, and it was that time when the People In Charge were working out where to spend money (i.e. are actively seeking information and advice on the most effective use of their funds), wouldn't that seem like an ideal time to try to raise awareness of it?
Or would you prefer to wait until there's no money to spend and nobody currently in a position to do anything about it before announcing it?
Not saying it isn't all another scam to get free money, but just because it might be doesn't mean it is.
Re:Remember, folks... (Score:5, Insightful)
What the hell are systems like the electric grid doing hooked in any fashion to the publicly accessible internet?? These should be on their own network, separate and apart from anything that touches the public wan.
Seems like that would have been a no brainer?!?!
Re:Remember, folks... (Score:4, Insightful)
Not necessarily. One of the cornerstones of Marxism (gasp!, not in US!) is the concept of perpetual revolution. If there is always a target, always a crusade against the badies, the government can more easily legitimatize and perpetuate bad policy (ie domestic wiretapping). This is always advertised as being for the good (but always at the expense) of the whole of the people. The vain promise, the mirage on the horizon, is a safer, happier people. The world will be secure from the bad guys!
Re:Remember, folks... (Score:5, Insightful)
Mod parent up plse. He refers correctly to the type of brainwashing the way the Bush administration has pursuid the last 8 years. Off course there are still a number of elements present that continue this style up to today.
You mean like the Obama elements?
Re:Remember, folks... (Score:3, Insightful)
If you have segregated networks, all the spy needs to do is find a single place to tap into your "secure" one, and you're toast. You thought it was secure, so you didn't lock it down properly. And somebody, somewhere left a way in, an unguarded terminal, or cheated and put a cross-connect to the public net for his own convenience, thinking it would never be found.
If it's all on the public net, but thoroughly locked down with good security and encryption protocols, and tight firewalls, you may be in better shape. You know it's dangerous to let your guard down. And we're also pretty confident we have protocols which, when applied to spec, are truly cryptographically strong, and so forth.
Plus it's a lot cheaper than building out a whole nother net, including access for your critical engineer who's off at a conference somewhere when the unpredicted crisis with the unique system in your plant that she's the genius about requires immediate attention. Sometimes making sure the right people have solid access from anywhere they are is also essential to security. The public net - with the right protocols - does that.
Re:Remember, folks... (Score:5, Insightful)
Mod parent up plse. He refers correctly to the type of brainwashing the way the Bush administration has pursuid the last 8 years. Off course there are still a number of elements present that continue this style up to today.
You mean like the Obama elements?
You have the "Create a crisis" part down, but you forgot the "Profit" line. [vodpod.com]
"Never let a serious crisis go to waste." -- Rahm Emanuel (Obama's Rove)
Re:Remember, folks... (Score:5, Insightful)
Why not have both? Use the most secure protocols in existence to protect your network, and then as an added measure against zero-day exploits provide strong physical security to keep people out of this network.
Such a piece of critical infrastructure shouldn't depend on any one human being who might be at a conference and need remote access. When a balistic missle submarine 1000 feet under the ocean is interpreting orders to nuke some foreign country do they depend on being able to reach some particular person to ask questions? Any system critical to national security must be engineered so that it is completely self-sufficient in a crisis.
Electrical grids are very critical to national security. A well-planned attack could leave melted transmission lines, damaged generators and gearboxes, and a nationwide blackout in its wake. With the possibility of substantial physical damage it isn't like you could just repair from this kind of catastrophe in a few days - or even weeks. Power plants are physical machines that have a symphony of fast-moving parts with thousands of tons of force being transmitted - a well-engineered attack could result in major failures.
Power grids should have as much security as any other piece of critical military infrastructure. They're going to be targets in any attack. The networks should be subject to routine penetration testing and auditing. Access needs to be the minimum needed to do any particular job. The system should be reasonably partitioned so that one spy getting a job in one office somewhere doesn't subject the entire system to compromise. Those who circumvent authorized procedures (rogue access points, bridges, etc) should be made public examples with criminal penalties. People should be given the funds needed to do their jobs right, and then should be expected to do them right.
Security is just a matter of being thorough and not cutting corners. There is a lot at stake here. I don't really care who is behind these penetrations (Chinese, hackers, whatever) - the blame rests with the folks who should be protecting this infrastructure.
Right as Obama is asking for emergency powers to c (Score:2, Insightful)
Re:Remember, folks... (Score:5, Insightful)
I can well understand that. And I actually see the whole deal as an attempt to cover their butts to show that they "did something" concerning the threat. They'd be eaten alive by the media if something happened and nothing had been done.
9/11 is a prime example. What was the first thing we heard? The FBI knew ages before the attack that something like this was planned. Sure they did. And they also heard about a thousand other things that never happened.
You cannot prepare for everything. I do not expect that. I do expect reasonable preparations, at the most. My liberty is worth more than my life, and I do expect my government to primarily protect my freedom. If the solution to the terrorist craze is to eliminate all freedom then, well, why bother fighting? After all, a regime of terror, fear and total control is pretty much what the terrorists allegedly want to create for us. If we do that ourselves, do we really win?
Re:Remember, folks... (Score:5, Insightful)
If you have segregated networks, all the spy needs to do is find a single place to tap into your "secure" one, and you're toast. You thought it was secure, so you didn't lock it down properly. And somebody, somewhere left a way in, an unguarded terminal, or cheated and put a cross-connect to the public net for his own convenience, thinking it would never be found.
Tha WOULD require them physical access to the facility. None of the control centers are going to just "allow" someone access to their network, let alone physical access to the facility. We are told to notify security (who will notify the police officer in the guard shack) if we see anyone who isn't badged.
If it's all on the public net, but thoroughly locked down with good security and encryption protocols, and tight firewalls, you may be in better shape. You know it's dangerous to let your guard down. And we're also pretty confident we have protocols which, when applied to spec, are truly cryptographically strong, and so forth.
The Control Centers aren't supposed to take that risk. Its separate the control centers from the company network AND from direct access to the internet.
Plus it's a lot cheaper than building out a whole nother net, including access for your critical engineer who's off at a conference somewhere when the unpredicted crisis with the unique system in your plant that she's the genius about requires immediate attention. Sometimes making sure the right people have solid access from anywhere they are is also essential to security. The public net - with the right protocols - does that.
Is it ? Can you honestly say that even the remote possiblity of a compromised system is worth the cost savings if it affects that existence of your company (as a control center) ?
You have THAT room connected to specific routers that only allow "limited" access and ensure that the users can't install software that would compromise that system. You block their access to ANYTHING that they don't need for business reasons. PERIOD.
Re:Remember, folks... (Score:3, Insightful)
Yes, actually. He's called the President."
Trust me...when those subs get their orders, and they are verified by the means they use. They do NOT resurface to radio in and ask the president "Are you really, really sure?"
Re:Remember, folks... (Score:3, Insightful)
Are there real threats? Yes, of course there are. But when enough scaremongering is mixed into them, you get the reaction that the OP AC shows: Cry wolf once too often and people will ignore you. Also, there are a few things that I'd consider a lot more dangerous and worrysome that you don't hear about at all. Intentionally or not, your decision.
I disagree with your cry wolf. Lets say someone says there is a threat and everyone needs to be prepared and we are going to invest tons of resources to stop the threat. Now we stopped the threat before anything happened. Does that mean we cried wolf? I am willing to bet you a lot of people, including a hell of a lot of people here, would say "CRY WOLF CRY WOLF" when in reality - the threat was stopped due to our efforts. Then again, if we didn't stop the threat people would say "why didn't you do anything? We had evidence this was going to happen and you ignored it. Shame on you" That situation could...oh wait, it did happen...9/11. Has anything like that happened since? No. Does that mean it can't ever happen again? No. Maybe part of the reason is due to our increased security, maybe just luck, and maybe because our gov't thwarted those events. We don't get to see the whole picture all the time. While this may hurt your feelings, it is necessary (I am sure there have been times in your life you avoided telling someone the whole truth for their own good).
Is there fear mongering? Yes. Are there people who want to spend more money to line their pockets and nothing else? Obviously. Does that mean we should not take every possible precaution to help save people's lives? Hell no. I would rather spend too much money and potentially save a life then spend too little money and potentially lose a life.
Re:Remember, folks... (Score:2, Insightful)
...you must live in perpetual fear. Whenever you're starting to focus on the reality of life, new fear WILL be injected into it to distract you.
Nice bit of cynicism, I like it. But as a former cybersecurity professional who has worked inside of electric power plants, let me remind you that there is a difference between scaremongering (ala Global Warming, mass extinction, and other such nonsense) and REAL threats such as that in TFA.
I've known for years about this threat. It's nice to finally see someone in the mainstream press take notice.
Unfortunately, I'm not optimistic that THE solution will ever be seriously considered: QUIT USING WINDOW$ ON CRITICAL INFRASTRUCTURE CONTROL SYSTEMS.
Re:Remember, folks... (Score:3, Insightful)
Actually, it's a lot more common than that, if you study history. Whenever one group feels unfairly suppressed, and the means of suppression is disabled more than temporarily, you're apt to have an, at least minor, uprising. It usually doesn't lead to anything more than worse oppression in the future, of course, but it is a predictable result. (Doesn't *always* happen, but it's the way to bet.)