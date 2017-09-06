Hackers Have Penetrated Energy Grid, Symantec Warns (fortune.com) 27
An anonymous reader quotes a report from Fortune: Hackers have been burrowing their way inside the critical infrastructure of energy and other companies in the U.S. and elsewhere, warns cybersecurity giant Symantec. In a new report, Symantec claims that the threat of cyberattack-induced power outages in the west has elevated from a theoretical concern to a legitimate one in recent months. "We're talking about activity we're seeing on actual operational networks that control the actual power grid," Eric Chien, technical director of security technology and response at Symantec, told Fortune on a call. Reports surfaced over the summer of hackers targeting staff at nuclear energy facilities with phishing attacks, designed to steal login credentials or install malware on machines. The extent of the campaign as well as the question of whether the attackers had breached operational IT networks, rather than merely administrative ones, was unclear at the time. Symantec is now erasing all doubt. "There are no more technical hurdles for them to cause some sort of disruption," Chien said of the hackers. "All that's left is really motivation." Symantec detailed its findings in a report released Wednesday morning. The paper tracks the exploits of a hacker group that Symantec has dubbed DragonFly 2.0, an outfit that the company says it has linked to an earlier series of attacks perpetrated between 2011 and 2014 by a group it dubbed DragonFly.
Maybe there is a reason, despite these continuously 'escalating attacks', that we are not seeing any power outages in the US. Maybe it is because our methods to prevent them from being successful are effective. Maybe because we know about all these attacks before they are doing any harm is also a sign our methods are effective.
We can't let our guard down, but we don't have to fall for the hype.
I would need to see this confirmed by a competent, reliable source.
Despite the breathless reporting, there is no "energy grid" that can be hacked. Individual servers and routers can be hacked. Unprotected SCADA systems can be hacked. But it would take far more than this to bring down the electric system in the US. It's not contiguous or synchronous. It's not impervious either (see 2003 blackout) but it doesn't work the way it's described here.
That's the impression many seem to have. It takes a tremendous effort just to bring down one small part of the grid, the rest will hum along just fine as the grid is designed to deal with disturbances. The 2003 blackout is well studied and many improvements and changes have been made to prevent the same from recurring. Isolation should happen before a cascade of failures. Although we haven't had any events to test it, the causes were quite clear and therefore we can have good confidence.
While there are a few North Koreans hacking the grid, it's mostly been Russian state hackers and Chinese state hackers. In point of fact, we made a deal with China to hold off on that, so now it's mostly just the Russians.
On the plus side, residential and commercial building solar and wind power systems are mostly not hacked.
Far more risk factor from fires, quakes, floods, and storms, actually.
I've argued in favor of decentralized off-grid solar power because centralized power is vulnerable to attack. People either don't grasp what I mean or write it off as paranoia but this is a prime example of the vulnerability that centralized power systems create.
I've argued in favor of decentralized off-grid solar power because centralized power is vulnerable to attack.
It seems every time solar is brought up there is a mention of a "smart grid" to address issues of this thing called "night" that keeps solar collectors from providing 24/7 power. So, which is it? Do we get cheap solar energy from a "smart grid" or do we have expensive decentralized power?
If you want energy that is cheap, reliable, and decentralized then solar power cannot make any significant portion of the grid. Solar is only cheap if it is connected, and that means there's some centralized utility. If
