Massive Power Outages In Brazil Caused By Hackers 462
Hugh Pickens writes "CBS reports on 60 minutes that a massive two-day power outage in Brazil's Espirito Santo State affecting more than three million people in 2007, and another, smaller event in three cities north of Rio de Janeiro in January 2005, were perpetrated by hackers manipulating control systems. Former Chief of US National Intelligence Retired Adm. Mike McConnell says that the 'United States is not prepared for such an attack' and believes it could happen in America. 'If I were an attacker and wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer,' says McConnell, 'I would probably sack electric power on the US East Coast, maybe the West Coast and attempt to cause a cascading effect.' Congressman Jim Langevin says that US power companies need to be forced to deal with the issue after they told Congress they would take steps to defend their operations but did not follow up. 'They admit that they misled Congress. The private sector has different priorities than we do in providing security. Their bottom line is about profits,' says Langevin. 'We need to change their motivation so that when see vulnerability like this, we can require them to fix it.' McConnell adds that a similar attack to the one in Brazil is poised to take place on US soil and that it may take some horrific event to get the country focused on shoring up cyber security. 'If the power grid was taken off line in the middle of winter and it caused people to suffer and die, that would galvanize the nation. I hope we don't get there.'"
You need SCADA security (Score:4, Informative)
I work for a company involved in SCADA systems that control half of Australia's water supply and a fair bit of the country's power grid.
SCADA networks have evolved, out of convenience, to coexist with existing LANS and thus progressively have become more dependent on TCP/IP protocols, thus becoming (rather by default) Internet-enabled.
Vulnerabilities are to some degree covered by the RTU programming, which has built in safeguards against doing wrong things. But it's not impossible for a dedicated hacker to create a bit of havoc, and this point is not lost on our client base. Our clients are actively investing now to isolate SCADA networks from the Internet, because safety has to overrule operational convenience. Work is going on now, and the door is fast closing on this avenue of attack.
It's all about SCADA. Little intelligent valves in little steel boxes attached to a lot of industrial plant. It's automation, true, but there are rather a lot of eyes watching it.
Re:Why? (Score:1, Informative)
If you have transmission lines running from point A to point B then why cant you just string a data line right below the transmission lines? You already own the right of way. You already have the towers/pole line ran.
You don't. Transmission owners are not grid operators. There are lots of different entities out there; a transmission owner is different from a generator, and neither of them is an ISO/RTO.
Re:So... (Score:5, Informative)
Re:Hit'em in their wallets (Score:3, Informative)
and that we then deregulated the banks,
We did not deregulate the banks. We removed some of the regulation, but we did not deregulate them. You can't do some things half-way and have them not fail. We had too much regulation to make them be fully deregulated and therefore not fail, and too little regulation for them not to fail. We can't know what would happen if banks were fully deregulated because they were not (and don't even bring up the great depression because there was again, too much regulation to be free and too little to be controlled).
The government regulates the energy sector, and look at what we have: a system that has not imploded on itself
Yeah, but a system that is still a pain. Lets see, if I'm unhappy about the level of service of my current utility what are my options? Not a whole lot. If I don't like my bank there are at least 5 within about 5 miles where I live. On the other hand if I don't like my utility company (and for the record I don't) my options are to either move far away and thats about it. Utility companies are inflexible, charge outrageous rates, have low standards of service, and have unexplained long blackouts. I'm confident that a Windows server can have a higher uptime than some utility companies... Just because the electricity is -mostly- on doesn't mean that its a great system.
and given the attacks in Brazil, it sounds like the government should add some new regulations to the list for energy companies, in the interest of national security.
Or you know, how about allowing utility companies to actually compete for prices, service and security. For example, Rackspace is going to do everything in is power to keep their servers online and free of any attacks that might endanger their uptime because there are many hosting companies out there, utility companies on the other hand are free to take their sweet time, its not like their customers can exactly switch to a different company.
Re:guess what's next ? (Score:5, Informative)
Enron demonstrated that it was possible for a single employee to shut down a power station remotely, simply by calling the control centre from an Enron office, giving his name and position, and asking politely whether it would be possible for the plant to have an impromptu maintenance shutdown for a few hours please, and yes, he did appreciate that once it was shut down it'd take a while to start it up again.
That's how brokers caused the plant shutdowns that caused the brownouts that allowed Enron to gouge electricity prices in California, by charging for the emergency rerouting required to patch the problems that they'd just deliberately created.
So back in the Enron days, you wouldn't have needed two nuclear subs. Just one guy with a telephone, calling all the power stations in turn and asking each of them nicely if they could shut down at a predetermined time and go into "heavy maintenance" mode, but please not to discuss this with anyone else, because of company confidentiality (or because of security).
BTW, you know how you take out the conventional phone and mobile networks? You don't have to. Once the emergency services see the power stations going down and think there's a coordinated attack, they shut down all the public communications as a security measure. You get that for free. So the Employee tells the plant to shut down as a security measure because the NSA has tipped them off that Something Bad is going down, and for God's Sake not to power up again under any circumstances unless they get a particular codeword (which, of course, nobody else has). All the plants shut down together, a bunch of pre-programmed scare stories break on the net, this seems to support the tale that the employee told about there being an imminent security thing, the phone lines and media communications go dead, and by the time people have worked out what's happened, nobody can get through to the power plants to tell them that they've been conned. And when they do, they don't have the fake password. You then have the local power guys desperately defending their plant from the local enforcement guys who want to turn it back on, and perhaps even sabotaging it if they look like they're about to lose.
Telephones are dangerous things. Hopefully it wouldn't work nowadays, because people are more savvy about such things (and because they remember the Enron tapes).
From Experience (Score:4, Informative)
Having worked at a utility in an IT consulting position I've had some experience supporting/implementing the control systems for a reasonably large scale SCADA system.
What I've come across is the people running/maintaining the SCADA system often don't have a Security/IT background, they have an electrical engineering or similar background. This can often make discussions about firewalls - TCP/IP and routing challenging. On top of this, most of the guys (and it is guys) involved are older, engineering types with the culture and communication differences that that implies. They are often very reluctant to let IT in to their systems to assist. Workstations/servers are often not visible to standard IT management processes like patch management and antivirus because of inter-group politics.
We run into the classic security vs. usability argument. More security often makes it more difficult for them to do their job (at least for them) and is also much harder to implement, maintain and troubleshoot.
A lot of systems have historically been serial and have migrated over to IP gradually. This has often been done without adequate planning and analysis, resulting in a system that is deemed successful because it works, not because it is secure.
Money as always is a factor. I know for a fact the enhanced security version of the SCADA solution was NOT installed, as it was too hard and too expensive and as a result was put off until later.
In our case, all the devices and RTUs out there come in over a private network, NOT the internet. This traffic is in the process of being encrypted with IPSEC. The weak point is and will always be the client devices or terminals. Remote access to these is the achilles heel of any system. Having such systems completely separate should be a requirement, but is often put aside in the name of usability for workers to get access from home, or the ability to access the internet from the control PC.
The requirements for criticial infrastructure exists and has done for some time, ISO27002 and NERC have a huge number of requirements. Good luck finding a utility that complies with all of them.
A horrific incident may be the catalyst to have changes made. But in the meantime it's down to money, silos and politics.
Re:So... (Score:3, Informative)
Remote access and e-mail notifications more often drive the internet connections we have seen. When facility engineering is out-sourced, it becomes even more complicated, because there is fundamental conflict in the way the contracts are written-- the Owner might require all security go through them, but they don't allow the facility engineers to be on their network.
Usually you end up with a DSL connection and a "firewall router." Usually it is just a monitoring network, but control seems to creep in more each month.
Re:America? (Score:3, Informative)
Barbarians.
Re:Hit'em in their wallets (Score:5, Informative)
The great blackout of 2003, which took out the north east united states and a good chunk of ontario, was caused by deregulation (removing the requirement to clear the branches around the power lines [wikipedia.org]).
Quebec, which has state-owned power (Hydro-Quebec) was not hit hard by that blackout, because it keeps its grid out of phase with those dangerously unregulated parts around it.
Learn the lesson: You can't trust the greedy to run critical infrastructure.
Misleading and incorrect.
1. The article your cited does not state that the blackout was due to deregulation "removing the requirement to clear branches around the power lines." It states, quite clearly, that the main cause was due to a generating plant going offline, then several power transmission lines going offline (or "tripping") due to tree contact. Nowhere does it say that deregulation had anything to do with that sequence of events.
Since you're too busy being pedantic and patronizing to look for this follow-up info, here's the keywords you need: “Utility Vegetation Management Final Report,”
At first glance, Rule 218 seems clear in its intent, but it has historically generated a great deal of
industry discussion regarding what it actually requires. For example, the use of the word
“should” versus “shall” points to its application as a general guideline, not a mandate. More
importantly, Rule 218 does not specifically state that clearances should be “maintained”
between energized lines and vegetation. While some have argued that it can be interpreted as a
“no-touch rule”, the industry has not interpreted it to require that mandatory clearances be
maintained at all times.
You have to FORCE them to do their job right, or else they'll argue that they don't have to, and they'll let their negligent ways cause major inconveniences for millions of people.
Re:So how exactly does this work? (Score:3, Informative)
Yes.
There is actually more than one way to turn them off (safeguards and such), but the actual generator button at my plant is both big and red. Additionally, it's not wired in to the system. The safeguards are also physically wired to cause trips. There are also redundancies built in to ensure those trips and they're hardwired. At best, for the plant that I work at, a hacker could operate a non-critical component. That's assuming they could get through the truckload of security from their end to the control end, which is engineered to be absolutely impossible.
Re:Hit'em in their wallets (Score:5, Informative)
We did not deregulate the banks.
Not completely, but enough to cause the financial mess. The Glass-Steagal act was passed in the Depression to prevent future disasters like that. It worked, until the Act was overturned in 1999/2000 by a Republican congress and Bill Clinton. Then we got a real estate bubble and a meltdown.
Yeah, but a system that is still a pain. Lets see, if I'm unhappy about the level of service of my current utility what are my options? Not a whole lot. If I don't like my bank there are at least 5 within about 5 miles where I live.
Apples and oranges. What do you propose? 10 sets of power lines running everywhere? There's a reason utilities are highly regulated monopolies: because it's simply impractical and absurd to have multiple power companies, multiple (landline) phone companies, multiple cable companies servicing the same areas. They tried this with telephones in the early 1900s in Manhattan and it was a disaster; you can find photos on the internet showing the ridiculous telephone poles with hundreds of wires on them. Maybe you'd like to have dozens of water and sewer pipes running everywhere too.
If you don't like your power company, you're free to buy a generator and make your own power. Part of living in a society means giving up some of your freedoms, and freedom of choice is definitely one of those. You can't choose your government (at least without agreement from your fellow voters), and you can't choose your utilities. Deal with it.
Or you know, how about allowing utility companies to actually compete for prices, service and security.
Compete against who? No one wants dozens of sets of power lines running through their neighborhoods. Stop being idiotic.
Re:If the power grid is so vulnerable, why hasn't. (Score:4, Informative)
>
Yet it hasn't happened here or Western Europe or most modern Asian countries. Why?
Well, at least where I work, we no longer allow modems to be attached to any equipment. This is a huge cost item; that means we have to fly in a tech with a laptop for several thousand dollars when something goes down instead of allowing the factory to dial in on their modem.
We choose to do this as we are a "major" target - a medium sized public utility. I would guess many of the smaller utilities don't have the resources to do this. So it's a question of targets; if someone was to study the network, they could identify a weak small utility that could bring down a larger utility that would then cascade to a major failure down the line. I'd guess it hasn't happened because the outcome is uncertain and not guaranteed; our operators are pretty damn good at taking care of upstream failures.
Re:Good luck with that (Score:3, Informative)
Uh, in what made up world?
http://www.globalsecurity.org/military/world/spending.htm [globalsecurity.org]
We can't go improvin' our infrastructure now, that'd be socialist and SCARY
And we can't rely on our socialist defense now can we? That'd be socialist and SCARY too... Oh wait.
Re:America? (Score:5, Informative)
I'm a Canadian, and I've lived throughout Canada. I have NEVER met anybody outside the Internet who thinks American, in spoken English, means anything other than somebody from the United States of America (North American, maybe, but never "American"). There are a significant portion of them that would be insulted to be themselves referred to as Americans; the rest (aslo a significant portion) would simply be amused.
It's not about not being the whole world. It's about how the language is used. What the hell does your crowd call Canadians, anyway? Can't be "United Statesians", since there's more than one United States in the world.
I assert (based on admittedly anecdotal evidence) that if you ask a random sampling of 100 native born English-speaking Canadians, probably less than 1 and certainly less than 5 would think "American" would refer to anything else but people from the USA.
And I think you know that too, if you're truly Canadian. Although it's a big country, maybe you live in some small enclave where that flies among your friends. I've spent most of my time in the most populous parts of the country. But certainly national television *always* uses American to refer to people from the USA.
Re:Good luck with that (Score:1, Informative)
Are we better off spending money assaulting terrorists where they live, or would we be better if we built more skyscrapers? I think no one knows.
The question is pretty much bullshit since we arent really "assaulting terrorists where they live" in the first place. The war in Iraq has as much to do with stopping terrorism as Slashdot has to do with losing ones virginity.