Domestic Terrorists Could Use OSINT To Pinpoint US Substations For a Blackout (darkreading.com) 97
An anonymous reader writes: A project called 'Gridstrike' found that free and publicly available information can be used to determine the most critical electric substations in the US, which if attacked, could result in a nationwide blackout. Researchers from iSIGHT Partners used a combination of publicly available transmission substation information, maps, Google Earth, and grid congestion documentation, and drew correlations among the substations that serve the top ten cities in the US. They ID'ed 15 substations that if attacked and knocked offline would result in a nationwide blackout, they say. Their research took the spin of whether a homegrown terror group with little funding could get this crucial information. The study was inspired by the 2013 Federal Energy Regulatory Commission (FERC) study in 2013 that found that attacks on just nine electric substations in the U.S. could cause a blackout across the entire grid.
Redundancy cuts into profits (Score:5, Insightful)
That's what you get when you let your critical infrastructure design by entities that care more about profit than providing that critical infrastructure.
Re:Redundancy cuts into profits (Score:4, Insightful)
Re: (Score:1)
Hospitals don't have an extra power grid laying around to backup the first one. They use diesel generators and batteries.
Re: (Score:3)
Actually they do. Hospitals have separate circuits for critical life support and operating theatre equipment which has separate backup.
While it's not great if you x-ray machine looses power it is a whole deal better than the ventilator loosing power or a heart bypass machine in theatre loosing power.
Re:Redundancy cuts into profits (Score:5, Informative)
US hospitals have four "independent" power networks, although most rooms only have two (normal branch and critical branch). Moreover, critical equipment generally also has internal batteries.
Back to the utility grid, the design is to be maintainable rather than fault-tolerant. Maintenance causes limited impact in theory. Faults are isolated and can be repaired. Personally, I think everyone should have a small backup power source-- when Mother Nature or nut jobs do something bad it could take significant time to repair to 100%.
Re: (Score:3)
And you base this opinion on your deep analysis of the grid and its power suppliers? Hell, you should run to be the next Trump.
Re: (Score:2)
Re: (Score:2, Insightful)
Everyone that lives in an old house where it snows has a backup for both. The garage/outside is a wonderful secondary fridge and everyone with an old house has at least one fireplace.
Don't think everyone lives as precariously as you do.
Re: (Score:2)
I know you've had some replies but I'd like to add that you'd probably die up where my house is and I live in the US. Well, you might not die but you'd probably end up leaving - assuming you could.
I live in an unincorporated township, in NW Maine, many miles from a village, and a lot of miles for a real town, and hours from a city of any size. I can be in Canada quicker than I can be in a moderately sized town.
Yes, I retired there on purpose but I am cheating and wintering in Florida this year.
At any rate -
Re:Redundancy cuts into profits (Score:5, Insightful)
You can't protect yourself enough against attacks on central nodes in the net. It's almost impossible. And it's not that hard to find out key nodes in the electrical grid using just Google Earth and some patience. That's not unique to the US but essentially applicable to every modern country.
It also highlights that everyone is responsible for doing their part when it comes to disaster preparedness. Keep some fuel, dry food and canned stuff around that can be used when things go sour. But modern society has evolved into a situation where we do our daily shopping run for food for the day and the day when we can't do it we are going hungry.
Re: Redundancy cuts into profits (Score:2)
I only made my system quindecuply redundant. Why oh why didn't I make it sexdecuply redundant.
Ignorant trite from someone not ready to pay (Score:2)
That's what you get when you let your critical infrastructure design by entities that care more about profit than providing that critical infrastructure.
I'm eager to hear your discourse on capital expenditures in the electricity industry, and how increased redundancy would impact the electricity bill of the average homeowner and business. I assume you have an in-depth analysis, including a prepared power point slide, that includes extensive analysis in this area.
Or maybe you just wanted to say "HAHA Look how much smarter I am than EVERY utility in the country, and how much smarter I am than EVERY public utilities commission in the country. I'm not in a posi
Re: (Score:2)
Meanwhile, the utilities go "If I turn of this power station now for 'maintenance', the other power stations I own will be able to charge at least 25% more. Make it so."
Re: (Score:2)
Re: (Score:2)
Errr no, that's what you get when you don't stupendously over gold plate your electricity grid while serving a bunch of customers who are used to paying next to nothing for your product.
Re: (Score:2)
If suddenly being without power is no problem to you, no problem there.
New York might disagree [wikipedia.org] that a blackout is no problem, though.
Re: (Score:2)
New York will disagree even more if they had to pay the cost for a "perfect" electricity network.
I've been there. I watched as our politicians shouted from the rooftops that they will force companies to improve infrastructure. Retail prices have risen 350% in the past 10 years, but man do we have an awesome grid now.
Funny enough now our politicians are criticising the "gold plating" of our electrical network saying that people should not expect a 100% reliable network and our last election was fought on the
The land take of the staions / routeing of lines (Score:2)
The land take of the stations / routeing of lines get's in the way as well.
Also the nimby people don't like them as well.
Re: (Score:2)
Which is a perfect example of there being situations where governments should have the right to overrule its people if it is for the greater good. Yes, that power has to be used with a lot of oversight and with enough red tape that it is uncomfortable and tedious to do, but the ability has to exist. There are times when the needs of the many outweigh the sensitivities of the egoists.
Re: (Score:2)
Well, if the terrorist crashing the planes into WTC instead had crashed them into the key nodes in the grid the effects would have been a lot worse. Then imagine that done timed to an extreme cold spell - that would cause a lot of water pipes to freeze and crack.
But also realize that it can still happen. Many electrical grid nodes don't have much personnel on site - if any at all, most of them are controlled remotely and are only monitored by cameras.
Re: (Score:2)
Huffing poisonous fumes, on the other hand, is a perfectly good way of getting rid of hopeless, worthless dopers.
Doesn't take a terrorist attack (Score:5, Insightful)
Planned attack? It doesn't need that, just a couple of accidents or screw-ups at the same inopportune times. One mistake by a rookie engineer in Arizona took out the grid for most of southern California. One or two more mistakes or equipment failures while they were still trying to recover from the first one could've seen the entire grid west of the Rockies go down. And the main cause is frankly the profit motive: for the sake of efficiency and cost-effectiveness the generation and transmission companies have eliminated the majority of the redundancy in the system and put off expensive maintenance and upgrades as long as the system wasn't failing during normal operation. It wouldn't take a group of terrorists, just a couple of maintenance engineers more interested in getting home for dinner than in following every rule to the letter or system operators who haven't had their morning coffee and are still a bit groggy.
Re: (Score:2)
"One mistake by a rookie engineer in Arizona took out the grid for most of southern California"
That's what can happen when the most highly populated state depends on the nukes and the dams of Arizona for its power.
Stop hireing homers (Score:2)
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
https://www.youtube.com/watch?... [youtube.com]
Ban OSINT (Score:2)
Dangerous: Travel Guide Maps, Geography lessons,.. (Score:4, Insightful)
SARCASM_ON:
Because it tells you where to find the leaning tower of pisa, therefore you do now know how to damage the itallian economy by demolishing that building.
Threat cleared:
I call for a ban on all travel maps therefore nobody will be able to find these places.
More Threats
I call for a ban on teaching geography!
The maps show industrial buildings, transport infrastruture and natural resources!
SARCASM_OFF:
OSINT, INTINT, TINTINTIN
So long for calling public accessable information and teaching material OSINT, I call bull shit on this try to infiltrate the common language with this intelligence "cool" style new speak!
Re: (Score:1)
Ain't that new, the various ...INT acronyms have been around for over 65 years. Although not so far back I remember when even some of the derivative ...INT terms were classified in themselves. (At least I think I remember, memory getting hazy.)
there is a solution (Score:4, Interesting)
the solution to this is to completely decentralize our power, virtually destroying "the grid" by putting solar+battery at every home. it wont work for absolutely everyone but it will work for the vast majority of people. it comes with nice side effects too: it will cause people to buy more efficient electronics, lower the price of solar panels, devastate the coal/gas industry which in turn will cause a massive reduction in CO2 emissions and result in fewer mountain tops being blown up.
so you get security, energy independence, massive pollution reduction and preserving the environment. what's not to like? oh yeah, it doesn't pay congress critters to stay in office, so it wont happen. #BanCongress ;-P
Re: (Score:2, Interesting)
I live in Juno, Alaska. Explain how solar is a viable option for me.
Re: (Score:3, Funny)
I live in Juno, Alaska. Explain how solar is a viable option for me.
OK, hold up guys, as AC points out, this idea clearly doesn't work for 100% of the population, unlike all our other ideas which work for everyone, everywhere. We'll have to go back to the drawing board.
Re: (Score:2)
the solution to this is to completely decentralize our power, virtually destroying "the grid" by putting solar+battery at every home. it wont work for absolutely everyone but it will work for the vast majority of people.
I live in Juno, Alaska. Explain how solar is a viable option for me.
i'm sorry, power sources cannot teach you to read.
Re: (Score:1)
... and the industry producing those nice solar panels and batteries will be powered by - what? Ah, I see. Engineering is not your strong side, right?
Re: (Score:2)
... and the industry producing those nice solar panels and batteries will be powered by - what? Ah, I see. Engineering is not your strong side, right?
the sun.
Re: (Score:3)
the solution to this is to completely decentralize our power, virtually destroying "the grid" by putting solar+battery at every home...
Thank you! I jumped on here to say pretty much the same thing. I'd just like to add that we can have our cake and eat it too. We can disconnect small local grids from the larger grids and use them to pool the local outputs from wind, solar, and possibly even nuclear generation. That way we can have independence down to the residence level, while being able to take advantage of the benefits of sharing power when necessary.
Another thing to consider is the dumpster-sized reactors that can provide power for 10K
Re: (Score:2)
" completely decentralize our power, virtually destroying "the grid" by putting solar+battery at every home."
To what then are the wind and solar farms going to connect?
Actually, the technical push right now is to revamp the grid to accommodate these medium-scale renewable sources. This means users getting 'smart meters' that not only continuously inform the grid of usage, but which can turn off the A/C and the electric range at times when the wind isn't blowing hard enough to serve the region.
Re: (Score:3)
"completely decentralize our power"
That would definitely be a good thing, but you don't even need to go that far. Every decently sized city/region should have their own co-generation power plant in addition to a decent amount of residential solar/wind generation. There would still be a national grid to handle electrical demand in the case of plant maintenance, extremely high demand, an accident or some kind of disaster. But in the case of something happening to the national grid each city/region could tr
Re: (Score:1)
oh yeah, it doesn't pay congress critters to stay in office, so it wont happen.
Contrary to popular belief, congress critters need our votes to stay in office. Now, if you all keep reelecting them, all I can ask is WFT is wrong with you? If you want to change the rules, you have to elect people that will change them. Simple enough?
Re: (Score:2)
Contrary to popular belief, congress critters need our votes to stay in office. Now, if you all keep reelecting them, all I can ask is WFT is wrong with you? If you want to change the rules, you have to elect people that will change them. Simple enough?
that's just it though. there is a problem with people and the election system in general.
Re: (Score:2)
Your house power comes over underground wires from the neighborhood power generator, run from molten salt heated by underground DC trunk wires. If you lose the local genny you bring in a generator, lose the trunk lines the system will still run for a day while you fix it. The power can come from solar/wind/tidal/whatever as it doesn't need to be constant. Total system is also highly resistant to weather, including solar flares.
Terrorists want to terroize, not annoy. (Score:2, Interesting)
Everyone involved in publishing this article is stupid. From TFA, to submitter, to the editor who submitted this.
"Terrorists" want "terror". They want to kill people, they want smoking buildings and bombed, shot cars and a whole lot injured and dead people. That causes terror. YOU have to fear you will get shot/bombed when you leave the house, go shopping, go on a vacation. That is achieved by maximum terror.
They do not want to "effectively damage the infrastructure". That is what a solider would do to achi
Re: (Score:1)
Everyone involved in publishing this article is stupid. From TFA, to submitter, to the editor who submitted this.
"Terrorists" want "terror". They want to kill people, they want smoking buildings and bombed, shot cars and a whole lot injured and dead people. That causes terror. YOU have to fear you will get shot/bombed when you leave the house, go shopping, go on a vacation.
Err, no. A terrorist is one who uses violence to achieve his political aims. Extremist muslims want to destroy the western influence on the world (it is a bit hard to prove to people that your beliefs are the way to a better life when there those who are not of your extremist views who are doing better then you and are not afraid to flaunt it) and the easiest way to do that would be to destroy the countries in question economically. Destroying the electrical grid in the US would cripple the economy to th
The US grid is designed to... (Score:2)
When the US grid fails locally most of the federal and important sites have really well designed, bespoke deep back up power. Inner city ares might not have pow
Re: (Score:2)
The real problems aren't 13-hour outages, they are outages that can last a month or more. A good earthquake in the right place destroys the insulators on transmission lines, and shuts down natural gas service. This takes a huge amount of time to repair. Likewise, damaging transmission transformers requires substantial time to repair/replace.
Fortunately, distributed generation can limit the impact of these major events, but if requires power plants in your backyard to work. When you import power from oth
The enemy is US, not terrorists... (Score:2)
Well said. The North American power grid was built out as needed, where needed... in every instance adding just enough spare capacity to accommodate Summer or Winter peaks without alarming long-term investors. Few redundant interconnects. There was no Central Planning Committee deciding how much redundancy may be required, and especially no paranoid engineering on what are essentially un-protectable fragile spans of infrastructure. As with most other modern systems its very existence relies on human restr
Yo dawg, I heard you like fear... (Score:5, Insightful)
Yo dawg, I heard you like fear, so I got some fear to put on top of your fear next to your fear....
I went to a DHS conference in Boston a few years after 9/11, and it was a wall-to-wall exhibition of all the crazy ways the bad guys were going to get us. Grid attacks, bus attacks, backflushing municipal hydrants with poisoned water, poisoning drinking water supplies, spraying anthrax on the lettuce in the supermarket. 99% of it were "weaknesses" conjured up by security researchers to get some money from the golden spigot labeled DHS.
The DHS basically put the brakes on this and started demanding solutions, not a laundry list of insane attack vectors.
The upshot is, any reasonably complex distribution system will have security vulnerabilities, dependent on the definition of "vulnerability". Some "vulnerabilities" are highly improbable, difficult to exploit, and only cause temporary or low-level disruption. Other vulnerabilities are obvious, easy to exploit, and will take down society. Without getting hysterical about it, the sensible thing to do is to make the vulnerabilities hard to exploit i.e. get infrastructure control systems airgapped and off the fucking Internet (duh). Make the system fault tolerant - if they do blow up something, have a means to contain it.
Can we do this and get on with our lives, please? These vulnerabilities have been talked about for decades, we know what the solutions are, but no one wants to pay for it. Industry and government are staring at each other expecting the other to pick up the tab. If that is the situation nothing will get done, ever. Critical infrastructure needs to be nationalized so it is clear who is in charge of maintenance and security. Industry won't pay unless it hits their bottom line.
Re: (Score:2)
So what? A homegrown terror group with little funding still won't be able to carry out a credible attack. ... etc.
More fear, more perpetual war
This is how we know terrorism is minuscule (Score:2)
At least within the borders of the US, terrorism is clearly minuscule. Our infrastructure is in general fragile and unprotected. Even major metropolitan areas have choke points of just one or two substations which could easily be destroyed by anyone with a little ingenuity. This doesn't happen, even though this has been the state of affairs all along.
"Concern" (Score:2)
"We were extremely concerned about the amount of publicly available information"
Then you're "concerned" about the wrong thing. Any idiot driving down the road can see "Oh, there's a huge substation with lots of power lines coming out of it, its probably important". "Hiding" it by removing its existence from public documentation doesn't do a thing to improve safety/security. Fixing the issue entails actually FIXING it, not hiding the fact that a problem exists. Build more backup substations, install more
Re: (Score:2)
Of course we shouldn't go out of our way to prepare for incidents that don't even show as a rounding error in overall mortality statistics. On a global scale in the past 10 years only about 303 Americans have died due to any form of terrorism, in roughly that same time period 313 people in the US have been killed by lighting. You're literally more likely to die via lightning than terrorism. However there are nutjobs out there, there are also accidents, negligence & natural disasters, so the grid SHOU
Security through obscurity... never works (Score:2)
If you actually read the article it goes on to say "...never publicly revealed the crucial substations ID'ed by FERC for obvious reasons, nor does iSIGHT plan to disclose publicly the ones it found...."
So they never publicly revealed the "crucial" substations, have done nothing to make them less "crucial" (I think they mean critical) and have no plans to "disclose" (I think they mean reveal) the ones they found.
This is either a spoof of a 1980s evil-soviet-Russia-movie or something because if it's real it h
Yeehadists aren't that smart (Score:2)
Re: (Score:2)
I live ... (Score:2)
A terrorist attack might take out a key substation while a windstorm will knock down a pole, taking out my neighborhood. Since the utility doesn't have a stockpile of spares or the line crews available to install them, for me its all the same. F