US Electricity Grid Reportedly Penetrated By Spies 328
phantomfive worries about a report in the Wall Street Journal ("Makes me want to move to the country and dig a well") that in recent years a number of cyber attacks against US infrastructure have been launched over the Internet: "Cyberspies have penetrated the US electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia, and other countries, these officials said, and were believed to be on a mission to navigate the US electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war."
Re:Software programs? (Score:2, Interesting)
Be careful if you live in the UK, this could be classed as material likely to be useful to a terrorist and get you arrested.
Ya not a real surprise (Score:5, Interesting)
Everyone wants money for their projects. Part of getting it is knowing what to sell in your given field. Well, as of late with federal government dollars, national security has been the name of the game. Was more narrow to anti-terror but they are kind losing focus on that. So, it is also no surprise that is what people use to try and get the money, even if what they want really has fuck all to do with it.
For example Consolidated Edison wants to install a super conducting core in for New York's power grid. Reason is the existing grid has load problems and this looks like the best way to handle it, rather than massive amounts of more copper. This is expensive, of course. To the best of my knowledge when this is deployed, it'll be the first super conductor used for commercial power delivery. Means plenty of R&D in addition to the actual costs. Well, sure would be nice if the government would help pay for that... So they got them to.
How? Well they sold it to DHS as an "anti-terror" deal. No idea how this is supposed to be more terror resistant, but DHS bought it and that's what's important. They gave ConEd something like half the money they need for the project.
Now you know that ConEd isn't really doing this as an anti-terror measure, they are doing it as a "grid is overloaded" measure. However, they put that spin on it to get government funding, and it worked. I'm betting this is a similar money grab.
Quite so... (Score:3, Interesting)
From TFA:
But protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week.
Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget.
The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more.
A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage.
Sounds a lot like someone is making up excuses and drumming up support to ask for more government money.
Re:China and Russia? (Score:3, Interesting)
So you mean there are people capable of hacking the US energy grid but who can't start the attacks from a hacked box in Madagascar?
Maybe the attackers did start the attacks from the box in Madagascar or wherever, but if that box could be hacked by the attackers then I suppose it's possible that it was also hacked by those tracking these attacks who found evidence pointing back to the usual suspects. That becomes all the more likely if at least some of the hacked systems are parts of a honey net or monitoring of compromised systems in the US shows an abnormally high level of communication back to some countries and not others.
What I find quite interesting about this though is that it's the older cold war opponents being singled out, and not the terrorists like all of those alleged Al Qaeda sympathisers in in quite well connected countries like Pakistan that we keep hearing about. If this were a FUD campaign, then which of those is Joe Public more likely to get worked up about, do you suppose?
Re:Why are they on the internet? (Score:3, Interesting)
There are some situations where security MUST override convenience.
Tell that to the union. Remember power industry operational environments are blue collar work places. I have seen people in similar environments go to any length to get a system they don't want to see shut down. They will play totally dumb, like not noticing they are using the wrong keyboard for hours at a time. Assume that your users are hostile to you. Then design a solution.
Re:Quite so... (Score:2, Interesting)
Don't forget an easy way to shut down the internet when some whistleblower decides it's time to disseminate those files he has before the government removes him... Only instead of in the movies where he gets away with it, because the internet is 'free' and routes around damage. The whole damn thing suddenly goes dark because our glorious and incorruptable administrators decided it's 'better for all involved' this way.
Re:Former officials... (Score:5, Interesting)
Re:Why are they on the internet? (Score:2, Interesting)
Re:Why are they on the internet? (Score:5, Interesting)
Blowing all my moderation to reply to this.
Let me make this clear. Putting a critical system on to the internet is pure, stupid, incompetence.
ALL of your "situations" can be solved with a second $399.95 DELL sitting next to the critical workstation. Anyone saying that that is not practical is a blathering moron. I have seen MANY water filtration plants that the Supervisors in charge of the whole operation are so incompetent they put the entire plant's operation system on the corporate or city network. Then we have the low quality SCADA software called WonderWare that is so badly written that the company requests they have direct access to the machines so they can issue fixes faster.
If any mission critical machines are on anything but a sealed private non connected network, the person that designed it is a incompetent idiot that should take the fall for any failures. Gitmo time for whoever approved or asked for interconnection.
I have been appalled at the amount of interconnection I see in really important SCADA systems. I have seen this stupidity in major infrastructure control systems for 14 years now. Typically put here by some asshole manager that wants to "keep an eye" on his guys while he is at home. he get's a workstation (typically the one in his office) set up with a second network card and Pc anywhere or another Remote control system to interconnect the secure to the un-secure. and does it with a stupid windows box. Then the idiot uses it to check email, surf the net,etc... All installed by your friendly company IT slackie After the SCADA installation guys go home.
Every system I looked at that was "secure" typically had one of these bridging computers on it the only way to find the is to do a hard audit of every computer, the rate of finding these security breaches goes up as the age of the installation increases.
Wolf! (Score:3, Interesting)
It is rather stupid to keep crying wolf, when there is little to nothing to raise the alarm about. Or, alternatively, it is very clever, if you want people to not take security warnings seriously; only, I can't see why anybody in America would wan't to achieve that.
Don't we hear these allegations all too often? It's "the Chinese and Russians" they say, and apparently it comes from the CIA or something, so we can't get to see any documentation. Perhaps some would like to think they can poison China's or Russia's reputations with this kind of stories, but as I point out, all they achieve is to weaken America's defence by undermining public trust in the agencies that are supposed to help protect them - it seems idiotic to me.
And objectively, why should China or Russia want to harm America? Like it or not, they are no longer likely to be enemies of America in a future, global conflict, which will probably be between the industrialised and developing nations. To my mind it seems more believable that the culprits are international criminal gangs; multinational companies have grown to almost nation-like power, and it seems almost unthinkable that international gangs haven't grown proportionally, especially since the introduction of the internet. They would certainly have an interest in staking out as much of the public infrastructure as they can. And, of course they might also see an interest in people not believing public security warnings.
Re:Remember, folks... (Score:3, Interesting)
Re:Why are they on the internet? (Score:3, Interesting)
ALL of your "situations" can be solved with a second $399.95 DELL sitting next to the critical workstation. Anyone saying that that is not practical is a blathering moron.
In all the control room environments I have worked in this approach is just not acceptable. The users expect to get a single, integrated UI environment.
Re:Remember, folks... (Score:5, Interesting)
In this case the parent is quite accurate. The truth is our electrical grid security has been dismal for decades. Hackers infiltrating control systems is only the latest discovery. If a foreign government wanted to sabotage our electrical grid it would be shockingly easy to do. 5 to 10 people working together with a few resources could black out the entire west coast for weeks if not months.
Okay, so now they can disrupt control systems from the comfort of their data center. Whoopy do. Yes, fix the data security, but spend the money to make the needed improvements to physical security and redundant infrastructure. Our grid is routinely stretched to the breaking point. There's very little extra capacity. I think of people realized how vulnerable our electrical grid really is, they'd be terrified. The fact electricity is so reliable we take it for granted is testimony to the quality of the people working in the field.
Imagine living in L.A. or San Francisco with no electricity for a week.
Re:Remember, folks... (Score:3, Interesting)
So your statement should be modded more
Re:Remember, folks... (Score:4, Interesting)
Re:Remember, folks... (Score:1, Interesting)
The problem is that people are people, and once someone in a location that should be secure realizes that there is access to internet resources, you have wireless routers poping up like weeds. Then it becomes a matter of public perception of the people whom work at the location...Joe is a Hero because he has brought internet to the secure location, IT are EVIL because they removed the router giving us access to Pron, NPR, Stocks, ETC... If you can design drills of things failing after the connection to the internet has been established, then they may learn the lessons the hard way. (LAST TIME SOMEONE PLUGGED US INTO THE INTERNET, ALL OUR SYSTEMS WENT HAYWIRE AND WE SPENT A WHOLE DAY SORTING THINGS OUT...YOU CAN KEEP YOUR INTERNET)
Re:Why are they on the internet? (Score:3, Interesting)
The solution is oversight. Congress passes a law noting that major pieces of infrastructure are critical to national security. An oversight body is created to set policies for administration of such intrastructure. Violation of these policies carries criminal penalties.
Then you have the Feds start busting control rooms. Manager in charge gets sent to prison.
Let's see how fast those managers can arrange to have competent people on-duty 24x7 and not need to use pcAnywhere or whatever to get in.
As much as I'm not a fan of a lot of military culture this is one thing they REALLY get right. The mission comes first. Just think about it - they manage to work out every process to something that some 20-year-old with two years experience can supervise with 18-year-olds doing the grunt work. The officers then stay on top of things. The captain of the ship sleeps on the ship and can be woken up at any time should the situation require it. Even the president can be woken up if the chain of command truly requires it.
Manager too lazy to come in to work to see what is going on - no problem, just hire one for each shift.
Not every business needs to be run like a ship. However, the power grid isn't just any business - it requires a much higher level of rigor.
Some have pointed out labor relations issues. These sorts of issues should not impact national security - just look at the Air Traffic Controller strike. By all means the workers should be given proper time to complete their jobs in a secure way - if two computers slow them down then hire a few more people and give them time to do the job right. The solution isn't to cut corners.
Re:Remember 2003 Blackout from Worm (Score:3, Interesting)
As the story unfolded the early reports said the machines were unpatched. Then that story seemed to be brushed for reasons I can only guess with tinfoil hat securely fastened.
I imagine there were many factors that met on that day contributing to the blackout. And I doubt the virus was designed to take down the grid. But the lesson I took from it is that there are many critical machines that are hooked up to the internet or networks that hook up to the internet that aren't properly maintained and these sort of events will be more common. Also that if a non-specific virus can do that much harm I shudder to think what a well designed attack would unleash.
Re:Why are they on the internet? (Score:5, Interesting)
I am a control systems engineer, a member of ISA-99, and a contributor to several other standards on industrial control system cyber security.
The parent post is what SHOULD be done in a recently installed system. I can tell you from experience of dealing with other infrastructure (not the electric grid) that it isn't always that way. There were many systems installed around Y2k that are still in service. And most of you will remember that back then very few people took security seriously. Back then it was all about compatibility. Security wasn't even an issue. The big issue was SHARING the data.
Control systems and SCADA have long working lives ranging from ten to twenty years. The reason for this is because the field I/O validation cost is significant. It dwarfs the cost of the software, the control center, and all that lovely flashy stuff you're so used to seeing. Updating a configuration is very expensive, not just in validation costs, but also training costs, for miscellaneous costs such as review of operating procedures, control system narratives, and so forth. This is why many are forced to keep their systems isolated in the hope that by doing so, things will somehow stay secure.
But these days, that's no easy feat. Nearly every company has a contingent of data surfing desk jockeys with enough authority and enough dream-weaving synergy talk to push for interconnections. That's when things get very ugly.
The problem isn't that they want the data. The problem is that they want the data IN REAL TIME. Most of the time these idiots say the term though they do not understand the implications or even what it means. And that's how the exploits get started.
There are solutions. There are relatively secure methods for moving data in and out of a SCADA system. But they need careful review by people who know both the industrial side of things (to identify what is at risk) and the IT side of things (to know what the potential vectors could be). And the number of people with that kind of expertise is extremely small. We're talking about hundreds or maybe a thousand such people world-wide.
There simply aren't enough people to train the trainers who will train the trainers. And so, we're stuck with the status quo until we can build a community of cross trained people who understand industrial processes, control systems, and IT large enough to handle this situation.
I know many of you probably think you have it bad in the office IT business. And it is. Just know that there is far more truth in the Homer Simpson character than you'd ever dream of...
Re:Remember, folks... (Score:1, Interesting)
Honestly? If there was no choice between US fascists and some foreign regime based on Islam, I'd pick the US fascists. At least I'd be able to live in the 1930's instead of the 14th Century.
Even at its worst, the junk that the wingnuts in government keep throwing at us at least gives lip service to the concept of liberty and the ability to live in a modern age. Islamo-radicals are making no such promises.
Re:Why are they on the internet? (Score:3, Interesting)
Color codes can help a lot. Blue network is scada, green is public. Scada network has blue ports, blue cables and blue stripes on the devices. Public internet has same deal but in green.
Plugging anything in the wrong color is a firing offense. Specially designated and signed off gateway machines might have a blue port and a green port and special markings that it is OK. Otherwise, any color mis-match or mixing is to be reported immediately.
For extra paranoia, all blue network devices get the high octet set to non-zero (on the card's flash, not just setting it by the OS). The wrong MAC seen on either network is an emergency.
Watch the union guys cheer when said asshole manager is escorted from the building for plugging a green cable into a blue workstation.
Forget Cybersecurity... (Score:1, Interesting)
Forget Cybersecurity. Start with regular security!
In the area where I live, there is a mothballed power station with a perfectly live substation attached to it. This is a particularly large one because it controls most of the power to and around a major city. Copper thieves are regulars here, despite the extra cameras that were recently installed. In fact, before the cameras were installed, one of the copper thieves found an interesting locked door. He hotwired a forklift and started ramming it into this door, and stopped only when he got the forklift stuck in a stairwell.
Turns out that behind this locked door were the controls to the substation. Flipping the wrong switch, let alone several switches, would have damaged equipment and rendered the city dark for quite some time. Thankfully security is much better there now, but someone who knew what they were looking for could easily evade notice long enough to force their way into this room.
My point is this: your electrical system is only as secure as your delivery system, and those substations are only as secure as the corroded fences and the broken windows they are decorated with. Anyone determined to cause massive damage to the system already knows that they don't need the trojan army to disable you.
Re:Why are they on the internet? (Score:3, Interesting)
Such products exist. The problem is that data often does need to go both ways.
For example, load shed, distribution system models, and demand forecasts often go to servers and clients outside the distribution control center.
These sorts of operations are near-real time processes.
Likewise the outputs include run times, certain transient events, and hourly/daily total meter data often go in the other direction.
As I said before, with careful consideration given to a DMZ between the office network and the control systems, with a sacrificial historian server, and with careful monitoring and alarming, it should be possible to safely set up a portal to the office network.
People have written books on this subject, and I expect to be doing so before long. It is not something I can fit in to a nice pithy message here.