Forgot your password?
typodupeerror
Government Power Security United States Politics

Chinese Researcher Says US Power Grid Is Vulnerable, Strategist Overreacts 203

Posted by Soulskill
from the what-color-is-his-hat dept.
An anonymous reader writes with a story about Wang Jianwei, a grad student in China who recently released a paper detailing a vulnerability in the US power grid. Despite the paper being rather typical for security research, its origin set off alarm bells for military strategist Larry M. Wortzel, who testified before Congress that the student was a threat, despite the fact that the published attack wasn't really feasible. Quoting: "'We usually say "attack" so you can see what would happen,' [Wang] said. 'My emphasis is on how you can protect this. My goal is to find a solution to make the network safer and better protected.' And independent American scientists who read his paper said it was true: Mr. Wang's work was a conventional technical exercise that in no way could be used to take down a power grid. The difference between Mr. Wang's explanation and Mr. Wortzel’s conclusion is of more than academic interest. It shows that in an atmosphere already charged with hostility between the United States and China over cybersecurity issues, including large-scale attacks on computer networks, even a misunderstanding has the potential to escalate tension and set off an overreaction. 'Already people are interpreting this as demonstrating some kind of interest that China would have in disrupting the US power grid,' said Nart Villeneuve, a researcher with the SecDev Group, an Ottawa-based cybersecurity research and consulting group."
This discussion has been archived. No new comments can be posted.

Chinese Researcher Says US Power Grid Is Vulnerable, Strategist Overreacts

Comments Filter:
  • by WrongSizeGlass (838941) on Sunday March 21, 2010 @09:24AM (#31557064)
    The biggest mistake he made in his paper was the assumption that Homer still works at Springfield Nuclear Power Plant. Clearly China is several seasons behind in their 'research'.
    • Re:Couldn't Happen (Score:5, Informative)

      by girlintraining (1395911) on Sunday March 21, 2010 @10:23AM (#31557386)

      The biggest mistake he made in his paper was the assumption that Homer still works at Springfield Nuclear Power Plant. Clearly China is several seasons behind in their 'research'.

      The biggest mistake we made was that we actually still have Montgomery Burns running our power plants, and people like him running our national infrastructure. Which was this guy's point: There is in fact a systemic flaw in capitalism -- adding security decreases profitability, therefore security is rarely focused on even in applications that are critical to a country's well-being. The soviets published a report in the mid 80s detailing key areas in our national infastructure that lack redundant power pathways. If about 5% of our infrastructure were destroyed in key areas, about 45% of the grid would be inoperable.

      That's simply unacceptable.

      • Re: (Score:3, Interesting)

        by CBravo (35450)

        since you guys beat the Russians financially I think that is debatable.

        • Re: (Score:3, Insightful)

          since you guys beat the Russians financially I think that is debatable.

          We didn't beat them financially. They imploded with a coup de etat. It was an internal affair that the US intelligence community later took credit for orchestrating. Which is part bullshit because if it hadn't have had the support of people within the former Soviet Union to begin with, it never would have succeeded. And I question that we "beat them financially" -- because we've lost in a lot of other areas. International opinion of our country, social services, and other domestic areas. There are large tra

          • Tea comes from China, maybe those Tea Partiers are mere commie puppets!
          • Re: (Score:3, Informative)

            We didn't beat them financially. They imploded with a coup de etat.

            Huh? The only successful coup d'etat was in 1993 (when there was no USSR anymore), when Yeltsin dissolved the commie parliament. The one before it in 1991 was hardline commies trying to oust Gorbachev, and it wasn't successful.

            Regardless of which one you're referring to, the country was gutted long before either one of them.

          • Re: (Score:2, Informative)

            by Securityemo (1407943)
            You go back in time and tell that to the political prisoners in the gulags. Russia was hell under communism. Why was there corruption? Because the system didn't work at all. Now, as a Swede I can firmly give a reasoned and experienced backing of extensive socialist policies apparently considered "extreme" in the US, but don't confuse that for "communism".
          • Re: (Score:3, Interesting)

            by dkf (304284)

            And I question that we "beat them financially"

            While I don't know about "financially" (since the USSR didn't organize its finances in an easily comparable way) it's reasonably clear that it was economically where the USA and its allies were ahead of the USSR (and their allies). In particular, the west was able to sustain a higher level of military spending without crippling the rest of its economy.

            Of course, we only really knew how bad things had got through the '70s and early '80s quite a bit later, and that wasn't a period when the Maniacs of Wall Str

    • by alexhs (877055)

      Well, maybe inbetweening [wikipedia.org] is done in China now ? (it has already been done in South Korea [wikipedia.org])

      In which case, maybe are YOU a few seasons behind ;)

  • by corbettw (214229) <.corbettw. .at. .yahoo.com.> on Sunday March 21, 2010 @09:27AM (#31557076) Journal

    Yes, it would've been much better for this guy not to publish his research so we wouldn't know about this problem and leave it wide open. We should be thanking this man for his hard work, not lambasting him just because he happens to be Chinese.

    If the Chinese government were interested in disrupting our power systems, wouldn't they be a little more secretive about their intentions than shouting out our flaws to all the world?

    • by Neoprofin (871029)
      From TFA:

      Mr. Wang’s work was a conventional technical exercise that in no way could be used to take down a power grid.

      no practical scenarios of an attack on the real power grid can be derived from such work.

      It doesn't sound like there is a problem per say, having not read his actual work, but it looks like he simply based his theoretical problem in the US because the base data set was the best maintained and he speaks English.

    • by TheLink (130905)

      Maybe the Chinese universities would be happy to take him, let him do his research and publish his stuff.

      Just like the other researchers they are welcoming:

      http://www.nytimes.com/2010/03/18/business/global/18research.html [nytimes.com]

      • Re: (Score:3, Informative)

        by Neoprofin (871029)

        Maybe the Chinese universities would be happy to take him, let him do his research and publish his stuff.

        I understand that you didn't read the article, no one ever does, but to not read the summary? He's a Chinese Grad student at a Chinese university. They already let him do his research and publish his findings. The reason he didn't do it on China's grid is that they wont provide him with any data.

        • by TheLink (130905)
          > I understand that you didn't read the article, no one ever does, but to not read the summary?

          Sorry, was going to wait for the dupe :).
    • by skids (119237)

      Case in point: the insane people who think it's dandy to use wireless technologies for intra-plant communications.

      Like here [renewableenergyworld.com].

      Perfect setup for spectrum warfare.

      • Perfect setup for spectrum warfare.

        I believe that outlaw radio signals are a lot easier to trace than outlaw TCP/IP. Your ARRL would be ecstatic over the opportunity to find and shut down illegal radio transmissions - that can affect WiFi too.

    • by bunratty (545641) on Sunday March 21, 2010 @11:26AM (#31557788)

      The problem is confirmation bias. The U.S. has been concerned that the Chinese are going to threaten U.S. security by using computers. When the U.S. found a paper written by a Chinese researcher that talked about using computers to attack the U.S. power system, they thought they found someone who was threatening U.S. security. In other words, when they found "evidence" that looked on the surface that it was what they were looking for, they jumped to the conclusion they had found it.

      This is just the same as the "quote mining" we've seen from, say, intelligent design supporters who are continually on the lookout for evidence that evolution is wrong. It's also the reason that the hacked CLU emails are being misinterpreted to mean that AGW is a hoax. If you set out looking for evidence to support your idea, you need to make sure you also look for evidence that supports the opposite of your idea, and make sure you are interpreting the evidence you find correctly and neutrally.

      • Which is precisely the problem with science. If you cherrypick your studies you can prove anything you like. (Think many so-called survey papers and metastudies. Not to imply they're all fake.)

        • by bunratty (545641)
          Yes, of course if you cherrypick only scientific studies that agree with what you want to believe, yes, you can prove nearly anything you like. This is because even if the study has been designed properly, has been carried out properly, and the results have been analyzed properly, about 5% of the time the conclusion will be incorrect. You can nearly always find a study that shows or a scientist who asserts whatever you care to believe. You need to look at all the available evidence, including evidence that
      • Re: (Score:3, Insightful)

        by hackingbear (988354)
        It is confirmation bias for the mass and politicians, but FUD marketing for the security/defense industry. Indeed, without FUD, most defense contractors around the world would have been out of works decades ago.
        • by bunratty (545641)

          In mass media, we call it sensationalism. Newspapers, magazines, and TV reporters present people who proselytize the most extreme viewpoints as evidence of a controversy about this and a controversy about that, even where no such "controversy" exists. They aren't making up that there are people having an argument, but they go out of their way to cherrypick the extremists that are at the opposite extreme ends of any issue. Have you noticed all the reports about Toyotas recently [marketwatch.com]? Remember all the hype about t

    • by einhverfr (238914)

      You are right. BTW, I don't doubt that China is building cyberwarfare capabilities for attacks to disable important pieces of infrastrcture. There is too much evidence at the moment to discount that. Also to an outsider, this sort of thing looks bad.

      However, all this being said.... This sort of paper is not a threat. If you want to use an attack, the thing you don't do is alert the target to the vulnerability beforehand so that it can be corrected.

  • by simp (25997) on Sunday March 21, 2010 @09:28AM (#31557082)

    If you want to build a power grid in country X right now, take a look at the vendors that supply the products. Then take a look a the vendors that supplied the products 10 or 20 years ago. The same dozen or so of vendors supply all the equipment from control room automation to the actual hardware to make and distribute power to everybody everywhere in the world.
    If the US power grid can be hacked then so can most other power grids because you will find the same equipment and software over and over again.
    It's a bit like the good old MAD during the cold war: sure you can hack my power grid, but I can also hack yours...

    • by Sycraft-fu (314770) on Sunday March 21, 2010 @09:55AM (#31557238)

      All power grids are always vulnerable to physical attack. There are few generation stations, relative to the number of customers and many large scale distribution lines. Take those out, and you've disabled power for a long time since they have to be rebuilt. A big, distributed, power grid like we have that does not have tons of excess capacity is just going to be at risk of having large parts taken off line by physical means. Ask anyone who lives in an area of heavy snow.

      Now, I understand that an electronic attack could be done remotely, in theory without warning. Ok... To what end? In case people haven't noticed there's a big ole' swath of ocean between the US and China. So if China was to try that as a precursor at an attack, it wouldn't do any good. We'd either already know about the attack, having seen the ships on the way, or it would be way too early, since the ships would take a long time to get here, and it would be back up by the time they got here.

      Not that any of that is very relevant to defense. It isn't like aircraft carriers are on the power grid, they've got their own nuclear reactors (2-4 of them in fact). You discover a good deal of important stuff has its own power backup since it isn't like power doesn't go out all the time anyhow. Hell we lose power to our building at work probalby 3-4 times per year, hence there's a generator on critical systems.

      I just don't see how this sort of thing is that big a deal. Now please understand, I'm not saying we shouldn't try to secure it. When you find a security hole, you should fix it. Just a good idea over all so you don't have problems in the future. However I don't see it as being a military threat. I see it as being more of a script kiddie type of threat. Some asshole takes power out because they think it is funny. I don't see China trying to knock it out because I can't see how it would be useful, and it would have some rather large negative repercussions if they did and the US found out who was responsible.

      • by cptdondo (59460) on Sunday March 21, 2010 @10:26AM (#31557408) Journal

        It is a big deal because, timed correctly, you can cascade a failure and shut down a huge chunk of the grid. Maybe your building has a generator for critical systems, and it can run for 72 hours on its propane tank.

        But can the next shift show up, if the trains aren't running? Traffic control is down?

        How many hours can you last, with no food and possibly limited and no water? So your server room is running; who is there to man it?

        Just talk to the people who weathered Andrew, Hugo and such. Having your own power backup does little good if you also don't have all of the people there to put it to use.

        Anyway, this is clearly not a threat. It's a vulnerability, and should be addressed.

        OTOH, the intelligence community has a different definition of "threat" from most people. A "threat" is what your opponent *could* do, not what they *intend* to do.

        So the intelligence people analyze "threats" from Canada, UK, etc. Certainly UK or Canada are "threats" in that they have the location and/or the military might to cause the US significant damage. It has nothing to do with their "intent"; that's for the politicos to decide.

        • by Velex (120469)

          But can the next shift show up, if the trains aren't running?

          This is AMERICA. If they're too stupid to rely on public transportation, they deserve to be fired for not showing up!

          </sarcasm>

      • by mh1997 (1065630)

        So if China was to try that as a precursor at an attack, it wouldn't do any good. We'd either already know about the attack, having seen the ships on the way, or it would be way too early, since the ships would take a long time to get here, and it would be back up by the time they got here.

        Suppose China disabled the USA's electrical grid via physical attack. There would chaos - transportation shuts down, cities run out of food, medicine, etc. China then sends large scale military force over as a "peace

      • by drinkypoo (153816)

        Taking out the physical generation stations is actually expensive and difficult. The hard-on factor in a cyber attack is that it theoretically can be executed very cheaply. The US has spent a great deal on defense and would hate to see it bypassed by some sixteen year old with a CoCo2.

      • by hedwards (940851)
        I wouldn't say that much, all current systems yes, but ones that could be implemented in the near future definitely not. The weak spot in the equation is the centralized nature of things. Just like how FTP servers are easy to shutter to stop the source of pirated content relative to torrents that allow many to be involved.

        As solar becomes more prevalent, the power grid could be altered to more closely resemble the fishnet that became the internet. You'd have many smaller sources closer to where people us
      • by Runaway1956 (1322357) on Sunday March 21, 2010 @12:57PM (#31558304) Homepage Journal

        Assymetric warfare. The Chinese have little intention of attacking us openly, physically. Their conventional warfare forces are being developed more to deter us from attacking for revenge, than to be used against us.

        Assassin's Mace.

        There is so little good information on it - but it's real.

        • by Reziac (43301) * on Sunday March 21, 2010 @01:47PM (#31558622) Homepage Journal

          [goes off, looks it up]
          http://archive.newsmax.com/archives/articles/2005/10/20/172811.shtml [newsmax.com] seems to be a good overview. I get the point, anyway.

          I'm also reminded of the old not-quite-a-joke:

          The mission is to steal sand from an American beach.

          The Soviet Union sends a stealth submarine, which disgorges a camo'd scuba dude who swims up to the beach in the middle of the night, grabs some sand, and swims away.

          Red China sends a million tourists to the beach.

          • Re: (Score:3, Insightful)

            by Runaway1956 (1322357)

            Pretty damned good find. You deserve a mod point or two, just for taking my post seriously enough to look! ;^)

            As the article makes obvious, no one in Washington takes the concept seriously. So, WTF are they doing in Washington? Send them all packing, I say.

            The article falls a little short, though. There was a quote from some insider or another in the Chinese government, which defined the Assassin's Mace better. Their plan is, dominating us politically, economically, militarily, AND technologically, wit

      • Re: (Score:2, Insightful)

        by TermV (49182)

        China doesn't have the capability to attack the US militarily but it can cause a significant amount of damage by attacking the US economy and promoting anarchy amongst the US population. The bonus is the possibility of carrying out this attack anonymously. Once the electrical grid is down, not only does the US economy take a hit but people start rioting and looting. The police and military would crack down on its own population and start fueling rage directed towards the authorities. Instead of everybody co

  • by ibsteve2u (1184603) on Sunday March 21, 2010 @09:28AM (#31557086)
    ...to property they're going to legitimately own, thanks to the much slicker trick of rigging their currency exchange rate?
    • ...to property they're going to legitimately own, thanks to the much slicker trick of rigging their currency exchange rate?

      Well, just think of yourself as a caretaker. Hell, if you bought a house you don't really own it, not when your local government can and will take it away from you an instant if you don't pay your taxes. The essence of ownership is control, and we've already given that up to our own governments, and it looks like we'll eventually have to give it to China.

  • I guess the profile of the Chinese being ultra-patriotic and always acting in the best interest of China, together with the nagging (alleged) cyber-sleuthing on US networks makes this behavior understandable, but he's overreacting. However, the situation Wortzel described could have been real, and there's no way for him to judge. The alert seems to have been canceled already, so problem solved. No black helicopters with identity-less elite commandos arriving in the night to slit the throat of an innocent ge
    • Re: (Score:3, Insightful)

      by Gadget_Guy (627405) *

      And yet his name will probably live forever on a No Fly List. Still, no harm done to you anyway.

    • by hhawk (26580)

      You say "there no way for [Wortzel] to judge" the situation. Which seems untrue, unless you are saying that Wortzel is unqualified to discuss or provide analysis of this type of research. He certainly could of looked at the Journal itself and seen what else was in there. He certainly could have talked to others non-Chinese researchers BEFORE talking to Congress.

      The fact that the article was in a Journal and published say in a Taliban newsletter should have been at least a starting point; not a point to jump

  • Still doesn't make it a non-threat. (Score:-1, Flamebait)

    Such interests are legitimate threats even if the paper itself is reviewed to be harmless.

    • by santax (1541065) on Sunday March 21, 2010 @09:53AM (#31557222)
      I really can't understand this way of thinking. It will probably get me modded down but I ask of you to think about this. What are you afraid of? every time I turn on the tv I see news from the US and every time it is about being scared or about why you should be scared and every time it turns out to be a lie. Why do you feel threatened by a person who is not born in the USA who tells you there is a flaw in your system and goes so far to even tell you all about that flaw.... I don't get it. I just don't get in, I'm sorry.
      • by TheLink (130905) on Sunday March 21, 2010 @10:08AM (#31557294) Journal
        > Every time I turn on the tv I see news from the US and every time it is about being scared or about why you should be scared and every time it turns out to be a lie.

        Because the USA is the land of the free and the home of the brave!
      • by Neoprofin (871029)
        FTFA:

        Mr. Wang’s work was a conventional technical exercise that in no way could be used to take down a power grid.

        no practical scenarios of an attack on the real power grid can be derived from such work.

        From what it sounds like the entire article is about him overreacting to a nonspecific, and in this case completely unworkable white paper. The news here is not that the US is vulnerable but that the people in charge of securing it are a little quick to fire off against anyone who undermines them even if they didn't.

      • by Artifakt (700173) on Sunday March 21, 2010 @12:33PM (#31558160)

        I suspect this is about the military definition of threats.
        (Warning: I've worn that particular hat, as a former MI assigned officer in an S2 shop for a cavalry regiment. I've never been a politician, so what you're getting here is definitely only one side of the argument).
                The way Military Intelligence is supposed to work, reports consider capabilities, but they deliberately don't consider intentions. MI is never in command and NEVER makes command decisions, but reports to commanders, or at higher levels, to civilian overseers.
                For example, an high ranking Army Intelligence officer might be supposed to give the US Congress a good answer to whether country X has missiles with enough range to reach the US. He or she can't give a good answer, and so shouldn't comment, on whether country x has intentions to use them on the US or on someone else (at least unless there's a real obvious 'smoking gun', like the officer has found a copy of the orders where all the missiles are suddenly being retargeted at country Y and the job has to be completed by 1300 hours when "Operation Obliterate Country Y" begins).
                  It's up to civilian oversight to determine whether a threat (potential) becomes an enemy (actual). The military is not supposed to decide when to go to war, that's the job of civilians. If you want congress or the president to be the ones to decide whether the US needs to go to war or not, you can't have the pentagon declaring in advance who is an enemy and who isn't.
                Right now, Great Britain has pretty serious threat potential (They have weapons which could damage the US, and ways to transport them to us). They don't suddenly count as an enemy just because of that. Pakistan has less threat potential (not as many weapons or delivery systems). Imagine a coup puts militant Taliban related forces in charge of Pakistan's nuclear weapons. They might suddenly be classed as an enemy nation, but what happened to the threat assessment? Nothing! They are exactly the same threat, from a Military Intelligence assessment, as before. Same number of bombs and missiles and troops, same threat.
              Put that way, a person who can figure out a good way to attack the US is a threat, or a small part of a threat. That he's shared his info with us should make the civilians who are supposed to decide what actions to take figure he's not an enemy, and that any potential threat here is not likely to become an actualized attack. Common sense tells normally rational people that if this person was part of a secret plan that would eventually use his information against us, he wouldn't have mentioned it all publicly. The people he was connected to in China would be unknown to us, not publicly accessible, and so on. But that means any intelligence system which discovered threat potential here probably reported it right, it's just civilian overseers acted like paranoid fools.
                For another analogy. Let's say you have two people nearby who can both lift over 300 pounds. They both represent similar threats to you, in the most technical sense. One is there to help you move your furniture, the other is an escaped convict looking for a hiding place. Only one of them is at all likely to attempt to harm you, and it's quite possible he has no intentions against you either. You might classify the mover as an ally, and then it's a judgement call if the convict is an enemy at that point, but both technically have near identical threat potential from what you know. This whole matter sounds like a case where someone is conflating the facts and the conjectures, to try and make people be equally worried about 'moving men' and 'escaped convicts', and then assume the worst possible scenarios are inevitable and not just possible for the convicts as well.

         

    • by Kumiorava (95318) on Sunday March 21, 2010 @10:22AM (#31557376)

      The issue of vulnerable power grid is a legitimate threat, but the individual creating a study about it is not. You get it backwards when you say the individual is a threat and paper (or the vulnerability) might be harmless. A grad student won't have capability or interest in taking down US power grid, instances with capability to harm US power grid have also means to create similar study on their own. I'm sure even US military has created similar study and have planned on supplying electricity to critical locations without the electric grid.

      There are many valid reasons why US electric grid was chosen to be target of the study. Creating similar risk analysis on Chinese electric grid could be a serious offense in China, or information about US electric grid was more available than any other major electric grid in the world. Most likely this student has interest in working at the electric grids and wants to help to build one that is more secure.

  • by davidwr (791652) on Sunday March 21, 2010 @09:34AM (#31557114) Homepage Journal

    From the liberal in the 1950s branded as a commie pinko, to the
    19 year old with a 15 year old girlfriend branded as a pedophile, to the
    Casual torrent downloader branded as the biggest threat to Hollywood ever, to the
    Security researcher branded as an enemy of the state,

    we all suffer when people are scapegoated so someone can get his time in front of a microphone.

    Would someone please dig up J. Edgar Hoover's body and make sure he's still dead? Methinks his ghost never left us.

    • Would someone please dig up J. Edgar Hoover's body and make sure he's still dead? Methinks his ghost never left us.

      We dug him up quite a while ago when we were trying to find Jimmy Hoffa's body. Now that we're no long contenders in the 'Find Jimmy Pool' we let him roam free. Our bad, sorry about that.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      we all suffer when people are scapegoated so someone can get his time in front of a microphone.

      Conversely, we all suffer when truly guilty persons are portrayed as innocent martyrs so some bleeding heart can get his time in front of a microphone.

      • by Dunbal (464142) *

        Everyone is truly guilty of SOMETHING. That's just human nature.

      • You are more of a Otto von Bismarck than Ben Franklin [wikipedia.org] kind of guy, right?

    • True true. Your Hoover reference surprised me though; I really thought you'd be going with McCarthy on this one... :-)
  • by Andrioid (1755390) on Sunday March 21, 2010 @09:45AM (#31557182)
    Public security research is not a threat. Vulnerable infrastructures that go unchecked are. The trend is to penalize security researchers for publishing their findings will only increase underground security research that will then just be sold to the highest bidder.
    • That ignores responsible disclosure completely.

      • by Sir_Lewk (967686)

        "Responsible disclosure" is a concept dreamed up by vendors to allow them to stall and procrastinate when it comes to fixing bugs as long as possible. The only "responsible" disclosure is full disclosure.

    • by girlintraining (1395911) on Sunday March 21, 2010 @12:09PM (#31558012)

      Public security research is not a threat. Vulnerable infrastructures that go unchecked are. The trend is to penalize security researchers for publishing their findings will only increase underground security research that will then just be sold to the highest bidder.

      Public security research is a threat. But it's not the researcher's fault; It's the people who wait for research like this to be published and then use it (open source intelligence gathering) to develop attacks. It's easier to target and blame the researcher for publication than to attempt to find the malignant factors, who are increasingly operating independently and lack connections to an organization. Which means, in short, they're operating under the radar. Conventional intelligence-gathering efforts depend on the fact that as the number of criminals cooperating increases, the chance of mistakes being made which expose them increase exponentially. Also, the number of communication channels between people increase geometrically, resulting in a larger signals intelligence footprint.

      So basically, it's cheaper, even if it's not ethical. And ethics, as you know, are decided by those in power. So there will always be a rationalization to discredit and imprison people who come forward with security problems, simply because it's cheaper to do so than fix the underlying problems, which they are already well aware of and would prefer you not tell them that the emperor has no clothes.

      Unfortunately, the logical conclusion for this kind of reactionary thinking is that eventually a backlash will build up and people will begin independently engaging in small-scale acts of sabotage in an attempt to bring attention to these problems (which has recently started to happen domestically). The government's over-reaction to these attempts by the citizens to excercise the only recourse left to them by creating harsher penalties, more survillance, and secret courts, will eventually result in larger targets being attacked and destroyed, by independent citizens or small groups.

      We've been here before -- in the late 1800s, in the 1960s and 70s, and briefly again in the late 90s. It's cyclical. The problem is, each time it happens, it gets worse, and the government refuses to acknowledge this systemic failure of its domestic intelligence policies. Eventually, we're going to have another 9/11, but we won't be able to blame anyone but ourselves when angry citizens start taking out government buildings.

      And the reason is we've left them with no alternative: Terrorism is, in fact, a valid way of promoting change when all other methods have failed. The strength of a democracy is the fact that we have all those other methods open to us. Close them off, like we're doing now by punishing people who have knowledge and publicly state the failings of the system and draw attention to needed repairs... And it will come to our own soil with a vengance. And we'll have nobody to blame but our ill-designed domestic policies for it.

      Perhaps the intelligence community needs a better way of accepting reports of these problems and rewarding citizens for being diligent, instead of imprisoning them and invading their privacy as potential subversives. And perhaps expanding the definition of citizen to include anyone who works to secure our future, domestically or internationally. How about the concept of honorary citizen? These are the principles and actions we should be striving for -- not this goddamned police state bullshit.

  • Both are filled with more quackery than actual sound practices. There is very little difference between most "security experts" today and the snake oil peddlers who told the public that their 150 proof secret tonic could cure everything from whooping cough to "consumption."
  • is financial. There's no point maintaining a secure reliable grid if you can't afford to use it [denverpost.com].

  • Détente (Score:4, Funny)

    by RevWaldo (1186281) on Sunday March 21, 2010 @09:53AM (#31557224)
    We'll just have one of our grad students publish a paper online on the vulnerability of your power grid and see how you like it! So there! Nyaah!
  • by cyberkahn (398201) on Sunday March 21, 2010 @09:59AM (#31557256) Homepage

    The U.S. is reactive and not proactive. The U.S. always has to wait until after the fact to admit that there was a threat. This is nothing new to me. Just read Unrestricted Warfare [c4i.org]. The Chinese have been stating this for years now. Yes everything will be fine until the lights go out.

    • by santax (1541065) on Sunday March 21, 2010 @10:11AM (#31557316)
      Wow. As a European I must say, we have a different truth... The us reactive? I am very sorry, maybe in the US you think that, but I think the general public opinion about the US - worldwide - will think otherwise... Don't mean to offend you, just here to inform you :)
      • by cyberkahn (398201)

        No, you don't offend me. I see where you are coming from due to our "over reactive responses" to 9/11. What I am talking about is taking more proactive measures. Perhaps 9/11 could have been avoided have we had a different foreign policy, didn't arm extremists with the short sight that in the future there could be blow back, and last but not least ignore all the guys taking flying lessons that didn't want to learn how to land the aircraft.

    • by orzetto (545509)

      Just read Unrestricted Warfare

      I got interested and read a few passages. I am convinced it is a forgery, and of bad quality at that. One hilarious passage read:

      [...] Bill Gates opens new "Windows" each year, and "Dolly," the cloned sheep, proves that mankind is now planning to take the place of God the Creator.

      Only a conservative Christian could write such a passage. A PLA colonel would avoid religious references entirely, and surely would not write about a single creating entity. There is some material on W

  • This is much more likely... http://www.foxnews.com/story/0,2933,478024,00.html [foxnews.com] (yeah, it's fox, but includes some relevant links)
  • Sometimes I wonder how old they are. They act like children.
    EVERYBODY knows that it’s just a research paper.
    But these people always pull some childish obvious bullshit out of it.

    It really reminds me of the latest South Park episode.
    “Yeah, must be a wizard alien! ... *shifty eyes*”

  • by testadicazzo (567430) on Sunday March 21, 2010 @10:36AM (#31557468) Homepage
    It's a cultivated and educated effort at fear mongering, which is consistent with the U.S. indoctrinal system which has been in place, and under refinement, since the end of world war II. The analyst in question has this say about himself:

    Dr.Dr. Larry M. Wortzel is president of Asia Strategies and Risks, LLC. He provides consulting services on defenses, security, political and economic issues related to China and East Asia. Wortzel has 37 years of experience assessing events and working in the Asia-Pacific region. He is the author of two books on China’s politics and military affairs. In addition, he has edited and contributed chapters to eight other books on China’s military forces. Wortzel has lectured in and contributed his expertise to newspapers, magazines and government officials in China, Taiwan, South Korea, Japan, the Philippines, Malaysia, and Thailand. During a 32-year military career he served in China, South Korea, Singapore, and Thailand. Wortzel has been a strategist for the Pentagon and was director of the Strategic Studies Institute of the U.S. Army War College. He was vice president for foreign policy and defense studies at The Heritage Foundation, a Washington, DC, think tank. He is a commissioner on the Congressionally-appointed US-China Economic and Security Review Commission.

    (from his webpage)

    The guy is a member and servant of the circle of elites who profit, and enjoy enormous social success from their support of our militarized social and economic system. Pursuading a population of relatively free and relatively educated person to support an political system which can afford to spend $3 trillion dollars (washington post estimate) [washingtonpost.com] on an injust, unjustified terrorist war against an impoverished nation, against a dictator we incidentally empowered and supported through the worst of his crimes, and over the objections of its own citizenry, but quails at spending $1 trillion to ensure health care said citizens.

    Wortzel enjoys a position of prestige and wealth for his support of the forces of that are destroying us, as do the reporters and editors of the New York Times for parading his observations without the criticism they deserve.

    For anyone with a certain amount of research background, or even basic knowledge of network security and stability issues (in this case network in question is power network), the appropriate response to the paper would be analysis, and investigation and applicatoin of measures to improve the stability. The U.S. power grid has in recent years suffered from such cascading network failures several times in the last decade, and we Americans should be grateful that someone is investing the resources to investigate these issues. By publishing his results in a peer reviewed scientific journal, Mr. Wang has done us a service, and deserves our gratitude. Instead he's getting caught up in this policy wonk's latest search for enemies.

  • When it comes to really big organizations, something like security does not exist. Social engineering and insider knowledge (which is not something to be kept secret) is usually enough to have a certain chance of convincing some moderately qualified person to assist you somehow in attacking some system. Unless you are really restrictive about communication to the outside, like no phone connections to the public phone network, only internal e-mail for all normal employees below a certain level. I would appre
  • by arielCo (995647) on Sunday March 21, 2010 @10:38AM (#31557480)
    Wang: Americans, I have a message for you! Your power infrastructure is vulnerable!
    LOUD SHOT. Wang grabs his chest and drops dead.
    U.S. Military: And this is how we deal with threats.

    (you can mod me down now)
  • other than our lower middle class buying all there cheap crap at various discount retailers (i.e. Wal-Mart,Target, you fill in the blank). If they wanted to do any real damage to us they would simply quit buying our debt but then who would buy as much of their cheap junk as dumb lower middle class Americans do!?! Not to mention that if they really wanted to do some damage they could quit buying our debt and quit selling us cheap junk then our country would collapse. We simply do not have the manufacturing a
  • by Animats (122034) on Sunday March 21, 2010 @12:39PM (#31558192) Homepage

    It's a worry. Power grids use the Internet extensively. Since "deregulation", generating companies and distribution companies are separate businesses, and the generating companies compete with each other. The generating companies make bids, the distribution companies buy from the bids, and the grid operator (a neutral party) keeps the players connected and runs the market. Bear in mind that these systems don't have much excess generating capacity. 12-20% excess capacity during peak periods is typical. For a good overview of how this works, see Background on Generation Control [acrobat.com], an online training course from PJM, the biggest grid operator in the world.

    Most of the communication between the various players takes place over the Internet. The bid handling is done on machines connected to the Internet and many of the applications involved are Windows-based. The execution of a power buy involves the transfer of a set of switching decisions from the bid-handling machines to the machines which actually have control over generation and transmission equipment.

    Details of the PJM Dispatcher Application and Reporting Tool [isomou.com] are available. This is the main way generation companies and the dispatch center communicate. The user interface is Flash in a browser [pjm.com]. Bid and buy information is shipped around as XML. [pjm.com]

    If the Internet-based apps go down, they revert to "conservative operation" and stop trying to optimize the economics. All generation facilities, even high cost peaking plants, crank up to at least standby power levels, in case they're needed. Export of power to outside the control area in trouble is stopped. Coordination is over the "all call", a squawk box system, and satellite phones. Worst case, everybody backs down to a preplanned schedule of what they're supposed to be doing at each hour of the day. In this mode, millions of dollars per hour are being lost, but the grid can probably be kept up.

    One worry is insertion of bad data into the bid system via the Internet. The California ISO had outages in the early part of the last decade when energy traders put bids into the system which resulted in transmission congestion, forcing the CAISO to buy more expensive power. Back then, California had an energy auction every half hour. That was an extreme of deregulation. Now, the grid manager has more authority; generating companies put up data which offers price/quantity curves as bids, the grid operator takes them in increasing order of cost, and "energy traders" like Enron are no longer involved in hour by hour decisions. So there's more stability in the system.

    Internet-based attacks against the control systems are also a worry. There definitely are connections to the external Internet. PJM seems to be using XML, in well-defined formats, to pass data across that boundary. They're not dumb. The problem is making sure that there aren't unwanted connections somewhere amongst the hundreds of different companies which connect to the control side of the system.

    It's interesting that PJM doesn't rely on "security through obscurity". Hundreds of thousands of people have to know how this works. So they put the manuals, training materials, and live operational data [pjm.com] on the Internet. (Right now, there's a problem near the West Virgina/Ohio border.)

Any sufficiently advanced technology is indistinguishable from a rigged demo. - Andy Finkel, computer guy

Working...