How Vulnerable Is Our Power Grid? 359
coreboarder writes "Recently it was divulged that the Brazilian power infrastructure was compromised by hackers. Then it was announced that it was apparently faulty equipment. A downplay to the global public or an honest clarification? Either way, it raises the question: how vulnerable are we, really? With winter and all its icy glory hurtling towards those of us in the northern hemisphere, how open are we to everything from terrorist threats to simple 'pay me or else' schemes?"
Old Axiom (Score:4, Insightful)
Pay me or else? (Score:5, Insightful)
Suppose someone holds the nation's power grid hostage and then wants payment? So, why doesn't the government simply pay them, then track them down for assassination and release photos of their bullet ridden corpses? Would certainly discourage any copy-cat crimes. Somali pirates too.
Just a thought...
How is that any different.... (Score:4, Insightful)
than the current local power monopolies? We are already in a "pay me or else" scheme which threatens lives and leaves us with this vulnerable infrastructure in the first place. And, unlike the "terrorists", the power companies have the cojones to stand before Congress and admit the control systems are vulnerable, the transmission grid is old and failing, the expected load in the next 15 years can't be handled and then claim its not their problem, its too expensive and the government needs to pay for it. As if they aren't taking enough on the front end from the consumer, they want more off the back end too.
Sickening.
Wired or unwired? (Score:2, Insightful)
I don't know about the connectivity of power stations/substations, but I've seen quite a few that appear very vulnerable to physical damage by virtue of location (eg. Not enough space between fence and components, or down an embankment from a quiet unlit street. Seems like it wouldn't take much more than a steel bar and a good arm to cause some pretty spectacular fireworks and a whole lot of repairs.
Re:Pay me or else? (Score:4, Insightful)
No it wouldn't deter anything. People always assume the bullet-ridden corpses were just dumb, and they will be smart and not get caught.
As for heating problems, I have a backup propane heater so even if the central electric died, I won't freeze. Worse-case I go sit in my car and get warm there. People should always have a backup plan.
How vulnerable is *your* power grid? (Score:5, Insightful)
I'm writing from the UK, so no matter what happens to *your* power grid, it won't affect *our* power grid.
Before you can get a sensible answer, you need to learn to ask a sensible question.
In any event, *your* power grid has already proven to be incredibly vulnerable to everything from single points of failure to social engineering for profit (Enron) so, quite frankly, worrying about the vulnerability of *your* power grid to hacking is like wondering about the vulnerability of a shiny new laptop left unattended on a car front seat to hacking... you have other issues to need to address first.
It is like wondering how vulnerable *your* road bridges and infrastructure are to hacking, while completely ignoring the fact that they are falling down by themselves due to lack of maintenance.
Re:View from a US citizen living in Brazil. (Score:4, Insightful)
Re:Who's We? (Score:4, Insightful)
Please let me know from what nationality a poster to Slashdot actually believes his is the only one represented on this website..
We all make assumptions.
Re:You wanna that I take down the grid? (Score:2, Insightful)
If you believe in gun rights then you support terrorism in the US
Go fuck yourself.
Re:Pay me or else? (Score:4, Insightful)
Re:You wanna that I take down the grid? (Score:2, Insightful)
If you believe in freedom of sexuality then you support paedophiles.
If you are against the death penalty, you're a communist.
If any of the above seem reasonable to you, do your country a favour and continue to not vote.
I wasn't affected, fortunately, and followed it RT (Score:5, Insightful)
I live in Rio Grande do Sul, in a region where we have smaller power dams that supply more than enough energy for us to keep running without Itaipu, and I must say it was quite interesting to follow everything from here in real time. I was chatting with a friend of mine from Rio de Janeiro, and we were about to play some Mario Kart online, when suddently she sends me an SMS in 22:14 telling me "You're not gonna believe it, but the entire city of Rio de Janeiro has no energy. Even the Cristo Redentor doesn't have any light, and I've never seen that happen in my entire life!". A few minutes later she comes back online using her notebook and a 3G modem, retwitted the infos I sent her to her friends, and following my suggestion took a couple of pictures of what she was (un)able to see.
I then called her and she proceeded to tell me about how chaotic things were on the streets, that basically the traffic was jammed, all buildings nearby had people locked inside elevators and she could hear the cries for help, and until 5 minutes after the blackout all cellphone lines were jammed too. I then kept following the news on portal websites and Twitter and reported back to her in real time to let her know what was happening and how big things where, although she had already contacted friends throughout the country and kind of knew the places that were online and the ones that weren't.
I must say it was quite an experience to follow things in real time and inform someone right there about it, and I guess she was "thrilled" about it too, even though she's afraid of the dark. :(
Here are the photos she managed to take:
- http://img137.imageshack.us/img137/1382/foto1jm.jpg [imageshack.us]
- http://img81.imageshack.us/img81/5272/foto2b.jpg [imageshack.us]
Re:Speaking for generation, NOT VULNERABLE (Score:3, Insightful)
The generation systems are fine, it's the transmission system that is horribly vulnerable, both to deliberate damage or just random crap (refer to the 2003 northeast blackout. A single down line cascades and takes out 1/6th of the country). All the generation security in the world isn't worth anything if you can force the plant down (over 250 plants had to shut down due to the 2003 blackout) by taking out the grid.
Though I do very much agree the concern over "hackers" is far overblown.
Re:Old Axiom (Score:3, Insightful)
no external access points
No such thing as a network with no external access points. Think about it. If you were able to "get in there" to install, configure and maintain it, someone else can do the same.
Move to Texas... (Score:2, Insightful)
How would the US possibly stop anyone? (Score:3, Insightful)
We have a military so politically correct that when faced with persons that give presentations to upper echelon staff with phrases like "We love death more than you love life", does nothing. End result: 12 people dead, more injured.
We have the TSA that is so fearful of "profiling" people so they feel they must hassle white grandmothers while letting young Muslim men proceed to test the boundaries of airline security.
We have police that do not wish to be accused of "profiling" in any way, so basically give a pass to illegal immigrants driving without licenses while stopping and ticketing others. This continues even in the face of significant numbers of accidents caused by such illegal immigrants.
While it might be illegal to defraud Americans in America, it clearly isn't when it is being done from places like Bulgaria. So we have US-based registrars setting up domains for people with names like "citibank-online.com" and "ebay-online.com" when the purchasor is in places where law enforcement isn't going to bother them. And then we poor Americans all cry about how bank security is so lax. Unfortunately, all of the protections that work in the real world aren't being applied online, so it is easy to steal from people without fear of any consequences.
Face it, we're due for some trouble. If thousands of people die because someone takes out the power grid for a week it isn't because security is lax - it is because the people that are paid to handle security are looking the other way. Intentionally. And no, unlike the guy on 60 minutes when thousands die it will not be a "wakeup call" and everything is magically fixed. It is going to take a lot more than that.
Comment removed (Score:3, Insightful)
Re:Old Axiom (Score:4, Insightful)
I have always believed that if you rely on systems that cannot be entirely your own, but require the co-operation of your fellows, the only way to mitigate the vulnerability of your dependence is to work on that system with your own two hands, and to have as clear a picture of how it operates as your personal faculties permit without any barriers between yourself and the system in question.
...
How much more vulnerable can you get than that?
We'd be a lot more vulnerable if the government stopped regulating and inspecting utilities.
Sorry if I don't buy into the "nothing is trustworthy. all caveat emptor, all the time." theory of life.
The logical conclusion to that line of thinking is either "be an expert in everything" or "be an island".
Re:Pay me or else? (Score:3, Insightful)
Just think of the trouble a common merchant ship would have, if it came into a US port with a 5" deck gun, and a couple 50 cal machine guns mounted up on it.
Who said anything about deck guns? You could defend against these attacks with semi-automatic rifles and handguns.
It may be better to lose the occasional ship to pirates, than to be fighting an all-out war.
What, "all-out war"? Is the failed state of Somalia going to declare war on the United States and/or EU? Seems rather unlikely. We aren't dealing with a nation-state here. We are dealing with criminals and terrorists. The right of self-defense applies. I would not be obligated to meekly surrender to a kidnapping attempt that occurred on land without a fight. Why should our merchant marine sailors be obligated to do so?
How many times need this question be answered? (Score:5, Insightful)
The question of grid vulnerability comes up again and again. Every time, it is treated as if the question was novel and never addressed before.
I work in the industry. My view is not that cyber security is being neglected. On the contrary, it seems more like the situation in the Grand Canyon where there were 30 anthropologists for every Indian being studies. Homeland Security and DOE Tiger teams and security auditors swarm like flies around the operations centers. Each of them looks forward to fame and fortune if they expose the one big unaddressed vulnerability.
The most recent fully public test of the grid's vulnerability was the Y2K scare. Many people, including renowned experts such as Capers Jones, figured that there would be no way the grid could survive Y2K without numerous incidents. The actual grid incident count on the night in question was zero. No hacker could conceivably create a more ubiquitous and more diverse cyber challenge to the grid than Y2K.
What about robustness and vulnerability to chains of failures? It is true that regional blackouts do occur. Every incident can be traced to a chain of failures. However, earthquakes, hurricanes and especially ice storms every year challenge the grids with multiple simultaneous failures; sometimes hundreds of thousands of simultaneous failures without triggering cascades. Do you really think that a hacker could think up something more challenging than an ice storm?
One thing not appreciated is the design criteria. The NERC criteria for blackouts is that blackouts affecting more than 10 million people should not happen more than once every 10 years. Using NYC as a benchmark, it was blacked out in 1965, 1977 and 2003.
The public, on the other hand, thinks erroneously that the grid should be infinitely reliable and that every regional level blackout represents an avoidable failure, and that each blackout reduces confidence in the system.
Ironically, people who live in places with frequent loss of electric service, such as India, adapt so well that it causes minimal disruption. It is a paradox that the more reliable electric supply, the less well prepared the public becomes for outages and the more neurotic they become over hypothetical threats.
Re:Pay me or else? (Score:1, Insightful)
Nerd rage is the funniest rage.
Also, in all of recorded history, nothing bad has ever happened to non-Americans after surrendering.
Re:Pay me or else? (Score:3, Insightful)
Now, if that assumption holds true, I absolutely think that the crew's lives are more important than a few hundred thousand worthless vietnamese sneakers. I'd rather the pirates didn't get anything at all, but lives are lives.
It has nothing to do with the value of the cargo. It has everything to do with stripping the sailors of their right to self-defense. You would not be obligated or expected to surrender without a fight to a kidnapping attempt that occurred on land. In fact, in US jurisdictions (including liberal ones like New York) you are allowed to respond with deadly force to any such attempt. So why do we disarm our sailors and leave them with no means to defend themselves against this horrible crime? Kidnapping ranks right up there with rape as a violation of the person. The only worse crime is murder.
Also, I suspect piracy would be less of a problem if people would stop registering ships in tax-shelter countries with laughably small navies.
No argument there.
Re:One word: Enron (Score:5, Insightful)
Point being, that you have whatever chance you are willing to give yourself. Personally I carry everywhere that it's legal to do so. I hope and pray that I never have to use it. Should the day come though I won't be cowering under a desk waiting to be murdered by some mental case or Mumbai copy-cat.
Most incidents of gun violence are domestic &/or perpetrated by someone you know.
Here's a prominent example that was in the news recently [smh.com.au]
Re:Old Axiom (Score:5, Insightful)
Damn, it must be awesome to have built your generator from the ground up!
Mining the ore, refining it, casting it, forming all the wiring. How long did it take?
Did you start with stone tools and work your way up too?
What sort of fuel are you producing for it? Are you working your way through the agricultural stages so you can be sure you know how your crop works if you are using a bio fuel? Which wild plants did you decide to domesticate?
Civilization works because everyone doesn't have to know everything. Not having to individually reinvent the wheel for every task and tool is why we can make progress.
Re:Pay me or else? (Score:3, Insightful)
Sounds like the same way attempts to fight spam went.
Blue Security was doing a damn fine job...until one of the spammers got pissed off and stabbed them with a DDoS.
It's obvious that the bad guys have too much firepower.
A better solution would be to deal aggressively with pirates. Put them down, clap them in irons, and stamp it out with all your might. After a while, pirates will realize that crime doesn't pay. And above all the navies of the world need to make a stand against piracy.
Besides, if we simply look the other way and offer NO challenge to piracy, they'll get brave and grow until eventually they turn into an ocean mafia rivaling our own navy.
In Sicily around 80 percent of businesses pay protection money to Cosa Nostra. How do you think they got that big? Not getting flak from the law. They now have friends in high places protecting them. If the police were more aggressive against the mafiosi, they'd lash out at first and there'd be some damage, but eventually they'd get worn down and give up...that is if their gunpoint held political masters didn't call them off first.
If you want to have a clean garden, you get rid of the weeds. And weeds are much easier to be gotten rid of if they haven't had time to firm up and dig in.
Re:One word: Enron (Score:4, Insightful)
Re:Old Axiom (Score:3, Insightful)
Which is exactly what happened in So. California a while back .. years & chains of events led to Enron, look it up where that ultimately went
The insurance industry also was unregulated several decades ago, look at the cluster fuck that has turned into now
Some people are persuaded to dislike the idea of government regulating public services, but when those public services become deregulated and privatized, the system always melts down sooner or later.
Don't forget, the government is actually you & I.
This is a debate going on right now in the halls over healthcare. Once health care was privatized, we all got fucked. It's now become a big headache unraveling the mess. Don't let it happen again .. and especially with the national power grid
Re:One word: Enron (Score:3, Insightful)
You apparently don't know what you're talking about. The map to which you linked is for carrying of *concealed* weapons. It is not at all clear that prohibiting carrying of *concealed* guns is in any way a violation of the second amendment. It is fairly easy in both of the states you mention explicitly (Il & WI) to legally obtain firearms.