Forgot your password?
typodupeerror
Security United States IT

US Preps Cyber Outfit To Protect Electric Grid 58

Posted by ScuttleMonkey
from the call-bruce-willis dept.
coondoggie writes to mention that the US Department of Energy is planning to set up a new "National Energy Sector Cyber Organization" in order to protect the national bulk power electric grid. For the low, low cost of $8.5 million they will help integrate smart grid technology with the electric grid, speed research, and establish new policy and protocols. "It is paramount that smart grid devices and interoperability standards include protections against cyber intrusions and have systems that are designed from the start (not patches added on) that prevent unauthorized persons from gaining entry through the millions of new access points created by the deployment of smart grid technologies, Hoffman stated."
This discussion has been archived. No new comments can be posted.

US Preps Cyber Outfit To Protect Electric Grid

Comments Filter:
  • by teeks99 (849132) *

    Recently I saw that a bunch of stimulus funds were handed out [arst.ch] for bringing the nation's electrical grid into the 21st century. A big part of this is using computers to control various parts of the grid, from utility scale substations down into the home with smart meters and smart appliances.

    Anytime you take infrastructure and connct it to computers you are opening it up to a whole new set of threats as well as bringing privacy implications.

    Here's a couple great [wired.com] articles [arst.ch] that go into the details better t

    • by Adambomb (118938) on Friday January 15, 2010 @02:56PM (#30782152) Journal

      Systems that control key infrastructure for your nations production and commerce should be on an completely separate network. End of story really.

      For the information that needs to be distributed over the internet, make it eyes only transferred from the control network to the internet connected systems (double workstation setup). Then your only concern is direct espionage.

      • Re: (Score:3, Interesting)

        by teeks99 (849132) *

        I agree that it should be, however it is completely cost prohibitive to get a separate network run to the smart meter in everyone's home. Even running a separate network to all the utility substations would be challenging.

        In reality, VPNs run all over the public internet, and can be extremely secure. DOD even allows parts of their classified networks to run over the commercial internet, provided they have the correct encryption gear at each end. The DOD gear is really expensive and tough to get setup,

        • Encryption doesn't solve all problems. What about a DDOS attack? Think China could manage something quickly with tomorrow's 0-day attack with IE?
        • Was the Interstate Highway System too expensive? It seems to me that this is something our country needs and could actually create jobs in a depressed economy. A "private" network to homes across the country could serve many useful government purposes (voting/motor vehicle registrations/census).
          • Yes, I want a government owned network piped into my house without my permssion.

            That would make me a happy taxpayer.

            mmmmhmmmmm

            I love you, government. I would marry you, if you were a woman (so as to fit within the proper constitutionally defined government definition of marriage as "one man and one woman"). But you don't so that would be wrong.

            Forgive my transgressions oh, government and deliver me from evil.

            blah blah blah.

        • I agree that it should be, however it is completely cost prohibitive to get a separate network run to the smart meter in everyone's home. Even running a separate network to all the utility substations would be challenging.

          The smart meter is already connected to a network of hard-lines which links it to every other smart-meter in its area, as well as the substations those houses draw power from.
          How cost-prohibitive is that?

      • by Dr. Spork (142693)

        Yeah, I totally agree with this. Hopefully that will be exactly the recommendation that these geeks make to the government. We simply cannot afford to take chances with the security of our power grid. If it's at all possible for hackers to knock it out, they will.

        Future terrorism will be aimed at hollowing out national governments, to basically make them unable to control their territory. (This is already happening now in Mexico, Nigeria, Iraq, etc.) To do this, attacks disrupt the very services that pro

      • Re: (Score:3, Insightful)

        by Sandbags (964742)

        They ARE. I serviced DR systems for serveral power companies. by LAW there is not even an internet connection allowed in the BUILDING (let alont the room) housing the grid switch control systems, not even a modem.

        I was frisked each time entering, and had to go through 2-3 layers of security to get in the room. Even then, i could only touch the DR equipment once an employee physically disconnected it (for hardware repairs), or they had to enter all the keystoks personally, all i could do was watch and ins

      • by mlts (1038732) *

        One of the better systems I've seen for doing this was one implemented for a company that had a private network that was disconnected fron the Internet just for embedded devices:

        The internal network for reporting on embedded stuff had one machine that polled the embedded controllers and pulled data from them. The corporate intranet had another box which took the data and moved it to a Web server. Connecting the two was a serial cable, which was fast enough at 19200 BPS to move the small datasets, and a cr

      • Security approaches: Intrinsic vs. Extrinsic; Mutual vs. Unilateral.

        How about decentralizing the "brittle power" system more in the first place, so you have "intrinsic security" so it degrades slowly under attack rather than rely heavily on "extrinsic security" through guards or passwords for controlling some central system? For example, renewables such as solar panels and fuel cells at each home would make energy production in a country difficult to interrupt intrinsically (assuming there was no single poi

    • How 'bout not including any network commands that would actually change anything? I mean, the power grid was under manual control for decades. Was that such a bad thing?
    • I agree purely with what you say, they must take into consideration the bruce willis factor, he might not be around next time to save the day, and we still have so many bad guys out there.
      Seriously though, I do hope they do a better job this time around then last time to maintain the integrity of the power grid

  • by Culture20 (968837) on Friday January 15, 2010 @02:54PM (#30782126)
    Did anyone else imagine the "Greatest American Hero" suit?
  • This was covered in "Live Free or Die Hard". Hello!!! What if Timothy Olyphant were to go crazy one day and believe he is still on the set of Live Free or Die hard? We might actually be taken over by cyberpunk terrorist. God help us....

  • by RobotRunAmok (595286) on Friday January 15, 2010 @02:56PM (#30782144)

    ...and you double-check the calendar, and you see that it is not 1996, you know you are in for some expensive government boondoggle or another.

  • Small pricetag (Score:3, Informative)

    by jwinster (1620555) on Friday January 15, 2010 @03:05PM (#30782240)
    It should be noted that this initiative is just for the developing a plan or plans for integrating smart grid technology, not actually implementing anything; thus the small pricetag.
  • by gyrogeerloose (849181) on Friday January 15, 2010 @03:05PM (#30782242) Journal

    From the summary:

    they will help integrate smart grid technology with the electric grid

    It's pretty obvious to anyone familiar with computer networking that making the the electric power grid "smart" would make it more vulnerable to attack. After all, if the grid's control apparatus isn't online, there's no way to hack into it in the first place. I realize there are other advantages to a smart grid but to claim that making the current "dumb" grid smart would also make it more secure seems disingenuous at best.

    • by teeks99 (849132) *
      Word on the street is that the current grid is already dangerously insecure and extremely vulnerable to digital attacks. You're right that the "smarter" we make it the more vunerable it is, but we've got to do something to fix it already, so we might as well get some of the huge benefits of making it smarter.
    • by Sandbags (964742)

      No,this is simply integrating PoE technology to smartgrid devices. It has absolutely NOTHING to do with managing the grid, grid switching systems, or other critical data that makes the grid stable (that's already a segregated system, actually even more secure than the ATM networks).

      This is about policies for ensuring your home grid monitoring meter can access real-time info about local grid conditions, and to report usage information over the grid to the power company. It is NOT in any way about connectin

      • So the power company can send a magic packet to my furnace. :)
      • by astar (203020)

        so maybe it is not security they are really interested in

        here are a few thoughts

        most federal electric policy seems to be designed to make price gouging practical. from a certain point of view, the problem with last big electrical speculation frenzy is that the power transmission lines could not support the manipulation, so the big push was for more power transmission lines

        so only authorized persons should have your data. think of the political and ideological advantages of knowing exactly what you were us

    • Best way to take out an enemy's catapult offensive is, obviously, to build your own squad of catapults!
  • Create an array of devices running firewall/VPN and gateway on embedded hardware [prevelakis.net] and don't create 'millions of new access points' ...
    • by teeks99 (849132) *
      Yeah, that's totally the right idea. I just scanned through the PDF and it seems more geared towards desktop PC use, and it even talks about the gateway running on a commodity PC. Rather, I think we need to think more about cheap, single use computers. Take something small like a gumsitx board, put two ethernet ports on it and load OpenVPN and a key onto it, then plug in the existing smart device into one port and the existing internet connection into the other port...suddenly the device can't be seen (a
      • by gmuslera (3436)
        Firewalls and VPNs stop direct remote access from unauthorized parties. But "commodity PCs" could have rogue programs that enable thru it access to unauthorized people. Computer connected, any password typed captured, and most usual security is defeated.
        • by segin (883667)
          Run your own OS, don't use the hard drive shipped with the PC without wiping it, and do unit testing with the hardware long before it's ever deployed to see if the BIOS runs everything in a VM. There was a virus reported a while back here on /. that ran Windows Vista in a VM, and there was a manner in which to detect it by detecting that the OS was running in a virtual machine.
  • Personally, I'm glad that someone is finally getting around to dealing with the proper education of our grids. Just yesterday I was hearing all about education cuts in my state due to budget shortfalls, and how student achievement in my state was going to suffer as a result.

    It is heartening to hear that though some facets of our educational system will have to tighten their belts, the dumb grids will still pop out the other side of their educational experience so much smarter (and deployed!) than before
  • by gestalt_n_pepper (991155) on Friday January 15, 2010 @03:09PM (#30782322)

    I mean you just kind of figure he'd have to be.

  • by Anonymous Coward

    20 guys, 20 uhauls, 20 tons of explosive, 20 throw way cell phones all parked under the 20 biggest transmission lines and there's not a thing that technology can do to stop it.

  • Securing the electrical grid is very, very simple. Do not allow remote access to it, *period*.

    There, I just saved you 8.5 million dollars.
    • by D Ninja (825055)

      :: facepalm ::

      Now, if it was *really* that simple, don't you think it would have already been done that way? The problem is, it's not that simple. For a variety of reasons (both technical, and non-technical), electrical systems can't just be disconnected from the grid. Too many other systems rely on this connection. And, even if it could, would that really be the answer? With more and more members of industry talking about smartgrid technologies, does it really make sense to do it this way? Then, of c

      • by yttrstein (891553)
        What are you talking about? Ten years ago, less than 20 percent of power stations were accessible remotely via any other method than analog modem via ISDN backtrace and caller ID. Now theres a web interface to every one of them, that any idiot can bust into and shut off a city.

        And I mean that.

        The breakage is recent, and can be rolled back. Roll it the hell back.

        As always, the biggest problem here is the one that you're showcasing strongly: the "its just too HARD" modality. Yeah, its really hard. Do it
  • by zero_out (1705074) on Friday January 15, 2010 @03:31PM (#30782608)
    we are expected to have a secure smart grid? How hard is it to give some real powers to the Cybersecurity Czar so he's something more than a scapegoat, and get him to stay put long enough to complete his New Employee Orientation? We can't even do that, yet we're supposed to find a way to secure the smart grid?

    Has the current Cybersecurity Czar even made a statement about the recent hacking invasion from the Chinese government?
  • If you get in trouble on the Internets, just say, "Let's Cyber!"

  • I'm surprised the current administration hasn't called the whole smart grid idea off. After all, won't it put tens of thousands of meter readers out of work? That probably hasn't occurred to them yet, but you just wait. Please, someone think of the meter readers!

  • If we all have our mini solar, wind, tidal, geothermal, chemical generators and trickle storage systems then we'll be smarter than the grid. If the grid remains smarter than us, then I guess we're not going to be very effective protection. Perhaps if we could just figure out how to stop people from trying to destroy our lives, our grids would endure, and we could avoid their crude oil and behavior.
  • A nation's electrical infrastructure is everywhere and largely unguarded - there's really nothing stopping a single, determined individual from doing an extreme amount of *physical* damage to a power company via sabotage.

    Theoretically, there's no reason I can't:

    - Sneak into the woods with a gas angle grinder and start cutting guy wires on hydro towers. Cut down a few >300KV lines feeding a city and they'll have no power for days.
    - Break into unmanned substations and open oil drains on transformers. Or sh

    • by jeffstar (134407)

      i bet it takes a lot longer than a week to get a 30-60 MVA transformer delivered and installed. oil/explosion clean up would take a week!

    • by FooAtWFU (699187)

      - Not pissing the fucking world off such that they *want* to do this shit. (Yeah, cliche, whatever.)

      So what got Al-Quaeda all interested in blowing up US buildings to begin with? It's not about Afghanistan or Iraq (those were post-911, after all). How was the US pissing off the Arab world? Oh! It's because the US was friendly with the Israel. Israelis are obviously deplorable monsters, as you can tell from their religion and their tendency to shoot back when you launch a bunch of rockets at them from acros

Thus spake the master programmer: "After three days without programming, life becomes meaningless." -- Geoffrey James, "The Tao of Programming"

Working...