Massive Power Outages In Brazil Caused By Hackers 462
Hugh Pickens writes "CBS reports on 60 minutes that a massive two-day power outage in Brazil's Espirito Santo State affecting more than three million people in 2007, and another, smaller event in three cities north of Rio de Janeiro in January 2005, were perpetrated by hackers manipulating control systems. Former Chief of US National Intelligence Retired Adm. Mike McConnell says that the 'United States is not prepared for such an attack' and believes it could happen in America. 'If I were an attacker and wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer,' says McConnell, 'I would probably sack electric power on the US East Coast, maybe the West Coast and attempt to cause a cascading effect.' Congressman Jim Langevin says that US power companies need to be forced to deal with the issue after they told Congress they would take steps to defend their operations but did not follow up. 'They admit that they misled Congress. The private sector has different priorities than we do in providing security. Their bottom line is about profits,' says Langevin. 'We need to change their motivation so that when see vulnerability like this, we can require them to fix it.' McConnell adds that a similar attack to the one in Brazil is poised to take place on US soil and that it may take some horrific event to get the country focused on shoring up cyber security. 'If the power grid was taken off line in the middle of winter and it caused people to suffer and die, that would galvanize the nation. I hope we don't get there.'"
Hit'em in their wallets (Score:5, Interesting)
Exactly right, this is a capitalist society, ran on making money. If they won't integrate safety systems to protect the system properly from hacker attacks, hit them in the wallet, hard. Pass sound regulation to force them to implement safeguards, require inspections/audits that they are done, not just take their BS word for it. If all they give you is hot air and no implementation, fine them millions of dollars, and on a regular basis if needbe til they implement it.
Sure it's going to happen... (Score:1, Interesting)
Protecting against virtual attacks is going to be the next growth industry; at least if defense contractors have anything to with it. The following from cryptome [cryptome.org], which I'd link to if there were a way to do that.
Security (Score:5, Interesting)
Most systems here in the US are only secure because they're obscure. Someone who has worked in the industry for more than about a year has enough knowledge to cause some widespread destruction. Up until recently, the emergency broadcast service was only a phone number and modem, with no authentication!
Re:Hit'em in their wallets (Score:3, Interesting)
Exactly right, this is a capitalist society, ran on making money. If they won't integrate safety systems to protect the system properly from hacker attacks, hit them in the wallet, hard.
This is the fundamental point. Those with the ability to secure the system need to be the ones paying for breeches. Bruce Schneier had several good articles around this point. The main example being banks/credit card companies paying for fraud. If they could just push that onto the customer, there would be far more instances of fraud. Instead, they take responsibility for the whole system and customers are far better off for it.
Re:Hit'em in their wallets (Score:5, Interesting)
The government regulates the energy sector, and look at what we have: a system that has not imploded on itself, the way the banks nearly did. Sounds like a pretty solid strategy to me -- and given the attacks in Brazil, it sounds like the government should add some new regulations to the list for energy companies, in the interest of national security.
Re:Hit'em in their wallets (Score:3, Interesting)
Credit card companies push the consequences of fraud onto stores and such. Those stores that choose to accept credit card payments factor the risk of fraud into the prices they charge. The credit card companies do attempt to protect their customers from fraud, but only because they wouldn't make any money if they didn't have any members (they also work with stores to prevent fraud, as they figure it will lead to clearing more transactions).
The credit card companies certainly don't pay for fraud though.
Re:Nostalgia (Score:3, Interesting)
To be fair, almost no amount of prevention could begin to equal the cost of a truly major event like a significant amount of the US power grid being down for more than a brief flicker.
California power embargo of 2000/1 (Score:5, Interesting)
So the enron-organized power embargo hitting california in the summer of 2001 is now being recognized as terrorism? The central valley and inland empire areas hit 100+ degrees most summer days. Wonder how many elderly died, or had their lifespans shortened due to heat stress during the rolling power outages.
No Security (Score:5, Interesting)
Up until recently, the emergency broadcast service was only a phone number and modem, with no authentication!
The CATV company I work for had a crazy insecure ebs system. It was these ancient boxes in the head ends that just watched for a carrier on a certain freq in the return path. Once it saw any carrier it would flip over the EBS system and all the audio on our analog channels would go down. This carrier came from another dumb box that was in the main head end. That box was triggered by a unsecured phone line and all you needed to do was know the number to it. All anyone needed to spam 250K customers was a telephone.
The whole system looked like it was built by some ham radio op with parts from RadioShack in the 1980's.
We only got rid of this system LAST YEAR after some prankster with a signal generator figgered out how to trigger one of the dumb boxes. We now have a new system with scrolling text across the screen and clear audio... though I wouldn't be surprised if it was just as half assed as the old system.
Im posting this AC because coworkers know my /. nick :)
Re:Good luck with that (Score:5, Interesting)
there's the attitude: There is always somebody out there smarter than you, and there is always going to be a bug or security vulnerability somewhere in the system.
There was an interesting blog in the economist magazine pondering what else could be done with the 680 billion the US spends annually on defense.
While the US has spent a trillion in Iraq the chinese have spent a trillion improving their infrastructure.
Independent System Operators (Score:2, Interesting)
The Independent System Operators (ISOs) exercise real-time control of the grids. I can't speak for others, but I do know how the New England ISO does things. Yes, there's a lot of automation... but the entire system is designed to have a "man in the loop". Add to this the fact that there are two completely independent systems for monitoring the Area Control Error (ACE) (the amount by which generation doesn't match load) and you get a situation where a hacked system would become very obvious, very quickly.
The uber-emergency last ditch ACE monitor is an un-networked box that monitors analogue signals sent to it over microwave relays. As of today (as far as I know) you can't hack a box that you cannot connect to.
Yes, it's possible for a cyber attack on an ISO to create a measure of chaos, a degree of frustration and a burning desire to "get rid of" that hacker, but these men and women are dedicated professionals and they engage in a process that has been honed and refined over the last few decades. I shan't say that it's impossible, but I honestly believe that it would be highly unlikely that meddling in the data stream (SCADA) or accessing the control computers would bring about massive failures.
For that sort of thing to happen, you need a perfect storm [wikipedia.org] of failures.
If the power grid is so vulnerable, why hasn't... (Score:5, Interesting)
...it been taken out in the U.S.?
If there's a dozen guys pissed off and zealous/brave/willing/stupid enough to hijack planes and fly them into buildings, surely there's 100s more pissed off guys with m@d sk1llz who could do this, and wouldn't be held back because it's not a suicide mission, and doesn't directly burn thousands to death in an ensuing fire and crash.
And I'd wager that hacking the power system is probably a decidedly less resource-intensive activity than even small-scale physical attacks (bomb/gun/kidnapping/etc), the participants can engage in almost total anonymity, and there's no messy explosives/weapons to buy or store or get caught with. All this means its something that even a lone crank could pull off, opening the doors to a whole panoply of groups with gripes, including or especially all manner of domestic crackpots. You don't need Al Quaalude or zillions of dollars or a complex intelligence network.
Forcing the grid offline and in a way that kept it down/brain damaged for any length of time over 48-72 hours, especially if it was widespread, would have such a cascading effect and probably spawn anarchy. At a minimum billions lost, thousands killed, possibly riots or widespread civil disorder. Katrina times 9/11. So the effect would be substantial and easily deniable, making it the kind of thing China or Russia or any other competitive major power might want to do just to fuck with the Americans and keep them off balance.
Yet it hasn't happened here or Western Europe or most modern Asian countries. Why?
Why these systems are connected to the Internet (Score:3, Interesting)
I know all the comments are about to come flooding in that these systems should be air gapped from the Internet, but that isn't practical in today's environment. These systems need to be indirectly connected to the corporate networks, because the data is valuable to the companies. Much of this is due to deregulation. Since deregulation electric utilities no longer operate as islands with their own generation, transmission and customers. Since nobody liked monopolies in the energy industry, the pieces aren't necessarily owned by the same companies anymore. Energy is also bought and sold in a market environment with prices changing all the time and the information is exchanged over the Internet. If you want to see the current Megawatt Hour (MWh) prices in the midwest check out http://www.midwestiso.org/page/LMP+Contour+Map+(EOR) [midwestiso.org]. Needless to say air gapping isn't practical in today's environment.
Re:Good luck with that (Score:3, Interesting)
Impenetrable security may not exist, but good security and crappy security do exist. We'd rather have good than crappy, but the power companies would rather spend on executive bonuses than on good security.
We do need improved security on SCADA (like making it REALLY separate from the internet and business LANs), but that's not billions in cost. As you point out, backup power is good.
More resiliency in the grid is a big one. If the grid has adequate spare capacity it can tolerate a few sudden losses and can be less tightly coupled in the first place. Given enough added capacity, SCADA can go back to just local control and human operators will again be fast enough to intermediate at the regional level.
Part of it has to do with (Score:3, Interesting)
Re:guess what's next ? (Score:5, Interesting)
You hit the problem for today - the social engineering, how the command hierarchy works and that's much more dangerous than any "computer" virus or whatever. I have worked on nuclear power, stock exchange, banking (even Swiss!), military, public safety, hospital, etc environments and they used to have "fail safes" against this kind of problems - now, today, those "fail safes" are often disabled because of business, profits whatever? And it's scary!
Enron couldn't be possible 20 years ago, at least not in environments, countries and corporations I was working at that time, too tight security / control but today?
Anyhow, back to the original subject, the technology is there - it was there in 80's when I was involved to some nuclear / power control systems. Is the knowledge / will there today is another question. Almost seems that this "maximizing profits" is even accepting the problems (for public) as long as the business can make more?
NERC CIP (Score:2, Interesting)
Re:Good luck with that (Score:3, Interesting)
Re:Good luck with that (Score:3, Interesting)
Ten years ago when I last toured an ISO's command center, they were able to project load to within 0.5% 24 hours in advance. Granted, spinning reserve was higher back then, but the fundamental logic hasn't changed much.
So I am lost as to what the smart grid is actually supposed to do, aside from a fancy version of automated demand-response. It wouldn't be fast enough to actually function as "protection".
Re:Good luck with that (Score:3, Interesting)
I'm suddenly curious at whether, statistically, this use of the word steal garners as much commentary as the copyright infringement use of the word steal does, on slashdot.
Re:Good luck with that (Score:3, Interesting)
Maybe it might be for the best to have SCADA controlling systems airgapped, or at the least, if people want reports from the systems, have locked down machines that poll them and then copy the results to another network. You could have two boxes on separate networks that communicate text solely through a serial cable (no PPP or SLIP, just data passed as a stream through the cable from the inside box to the outside one. Perhaps even cut the RX+ and RX- lines going to the inner box for maximum security) to ensure the inside box doesn't get rooted. This is slow (serial isn't the fastest of all protocols, but it is simple), but it will take someone with physical access to compromise such a setup. I have used similar configurations for secure syslog dump hosts (one box would take syslog dumps, then pass them via a serial cable to another box that is not connected on any network. This way even if someone rooted all boxes, he or she couldn't touch the last syslog dump.)
Maybe these days, two boxes connected via serial and one machine just parsing the other's serial output stream with a glorified tail -f going to whever (web pages, databases) may be not the epitomy of high tech connectivity, but it ensures that a blackhat from offshore isn't going to cause a BLEVE that takes out several city blocks.
Re:NERC CIP (Score:1, Interesting)
I've spent a significant portion of the last year doing just this, getting local utilities up to the NERC CIP compliance standards.
The good news is that many places take this serious. The bad news is the cascading affects one or a small handful of even small local utilities can have on the whole system. Power distribution is not my area of expertise, IT security is, but I understand this is a very challenging area. You can't just put a "power firewall" in between utilities the way things are bought and sold non-stop and usage is up/down all the time.
Another problem many systems have is that if they were to lose power, they don't have the ability to start back up. You can't "turn on" a generation plant without power, and if the grid connecting you to other utilities is all down, how to you get going? This requires "black start [wikipedia.org]" locations that can start without any external power. Guess what, most generation plants don't have this, as it costs more money for something that is "never needed", and when does the grid ever fail?
Yet another problem we face is that many small utilities are run by boards who are locally elected, and often by a population that knows nothing about running utilities or who is qualified and elects equally unqualified board members to make the financial decisions.
Re:If the power grid is so vulnerable, why hasn't. (Score:3, Interesting)
Yet it hasn't happened here or Western Europe or most modern Asian countries. Why?
Because the enemies you keep hearing about, are neither as a numerous nor as powerful as your government would like you to believe.
It suits the agenda of those in power, to have a public who are so shit-scared about terrorists, that they will accept any indignity, any intrusion into their lives, any loss of freedom... just to make the terrorism fear go away.
Re:Hit'em in their wallets (Score:2, Interesting)
Well, the energy sector has traditionally been heavily regulated, and works well compared to the huge mess the deregulated banking system made of itself. You do realize that the government took over the entire banking sector because certain bankers failed to run the companies they managed rather than let the companies go bankrupt so the assets could be put under better management?
There, fixed that for you.
Does that mean local terrorists like Enron also? (Score:1, Interesting)
How can they protect against US traders who game the system like Enron did?
http://www.marketwatch.com/story/enron-caused-california-blackouts-traders-say?siteid=mktw
Phantom congestion
"What we did was overbook the line we had the rights on during a shortage or in a heat wave,'" one trader said. "We did this in June 2000 when the Bay Area was going through a heat wave and the ISO couldn't send power to the North. The ISO has to pay Enron to free up the line in order to send power to San Francisco to keep the lights on. But by the time they agreed to pay us, rolling blackouts had already hit California and the price for electricity went through the roof."
redundancy (Score:2, Interesting)