How Vulnerable is the US Power Grid? (cbsnews.com) 127
America's power grid consists of 3,000 public and private sector power companies, with 55,000 substations scattered across the country. On the CBS News show 60 Minutes, reporter Bill Whitaker notes that each grid hold grid-powering transformers — then tells the story of "the most serious attack on our power grid in history" on the night of April 16, 2013:
For 20 minutes, gunmen methodically fired at high voltage transformers at the Metcalf Power substation. Security cameras captured bullets hitting the chain link fence.
Jon Wellinghoff: They knew what they were doing. They had a specific objective. They wanted to knock out the substation.
At the time, Jon Wellinghoff was chairman of FERC, the Federal Energy Regulatory Commission, a small government agency with jurisdiction over the U.S. high voltage transmission system.... [T]he attackers had reconnoitered the site and marked firing positions with piles of rocks. That night they broke into two underground vaults and cut off communications coming from the substation.
Jon Wellinghoff: Then they went from these vaults, across this road, over into a pasture area here. There were at least four or five different firing positions.
Bill Whitaker: No real security?
Jon Wellinghoff: There was no security at all, really.
They aimed at the narrow cooling fins, causing 17 of 21 large transformers to overheat and stop working.
Jon Wellinghoff: They hit them 90 times, so they were very accurate. And they were doing this at night, with muzzle flash in their face.
Someone outside the plant heard gunfire and called 911. The gunmen disappeared without a trace about a minute before a patrol car arrived. The substation was down for weeks, but fortunately PG&E had enough time to reroute power and avoid disaster.
Bill Whitaker: If they had succeeded, what would've happened?
Jon Wellinghoff: Could've brought down all of Silicon Valley.
Bill Whitaker: We're talking Google, Apple; all these guys--
Jon Wellinghoff: Yes, yes. That's correct.
Bill Whitaker: Who do you think this could have been?
Jon Wellinghoff: I don't know. We don't know if they were a nation state. We don't know if they were domestic actors. But it was somebody who did have competent people who could in fact plan out this kind of a very sophisticated attack....
A few months before the assault on Metcalf, Jon Wellinghoff of FERC commissioned a study to see if a physical attack on critical transformers could trigger cascading blackouts... The report was leaked to the Wall Street Journal. It found the U.S. could suffer a coast-to-coast blackout if saboteurs knocked out just nine substations....
In 2016, an eco terrorist in Utah shot up a large transformer, triggering a blackout. He said he'd planned to hit five substations in one day to shut down the West Coast. In 2020, the FBI uncovered a white supremacist plot called "lights out" to simultaneously attack substations around the country.
While the threats can also come from the internet, America's deputy national security advisor for cyber (formerly at the NSA) tells the reporter "We've taken any information we have about malicious software or tactics that the Russian government has used, shared that with the private sector with very practical advice of how to protect against it."
The reporter later spoke to the president's homeland security advisor, who points out there's no specific national regulation for the power plants, arguing that one of the system's strengths is "the resources for energy are different in different regions."
But they also acknowledged the federal government is now setting standards "in a variety of arenas."
Jon Wellinghoff: They knew what they were doing. They had a specific objective. They wanted to knock out the substation.
At the time, Jon Wellinghoff was chairman of FERC, the Federal Energy Regulatory Commission, a small government agency with jurisdiction over the U.S. high voltage transmission system.... [T]he attackers had reconnoitered the site and marked firing positions with piles of rocks. That night they broke into two underground vaults and cut off communications coming from the substation.
Jon Wellinghoff: Then they went from these vaults, across this road, over into a pasture area here. There were at least four or five different firing positions.
Bill Whitaker: No real security?
Jon Wellinghoff: There was no security at all, really.
They aimed at the narrow cooling fins, causing 17 of 21 large transformers to overheat and stop working.
Jon Wellinghoff: They hit them 90 times, so they were very accurate. And they were doing this at night, with muzzle flash in their face.
Someone outside the plant heard gunfire and called 911. The gunmen disappeared without a trace about a minute before a patrol car arrived. The substation was down for weeks, but fortunately PG&E had enough time to reroute power and avoid disaster.
Bill Whitaker: If they had succeeded, what would've happened?
Jon Wellinghoff: Could've brought down all of Silicon Valley.
Bill Whitaker: We're talking Google, Apple; all these guys--
Jon Wellinghoff: Yes, yes. That's correct.
Bill Whitaker: Who do you think this could have been?
Jon Wellinghoff: I don't know. We don't know if they were a nation state. We don't know if they were domestic actors. But it was somebody who did have competent people who could in fact plan out this kind of a very sophisticated attack....
A few months before the assault on Metcalf, Jon Wellinghoff of FERC commissioned a study to see if a physical attack on critical transformers could trigger cascading blackouts... The report was leaked to the Wall Street Journal. It found the U.S. could suffer a coast-to-coast blackout if saboteurs knocked out just nine substations....
In 2016, an eco terrorist in Utah shot up a large transformer, triggering a blackout. He said he'd planned to hit five substations in one day to shut down the West Coast. In 2020, the FBI uncovered a white supremacist plot called "lights out" to simultaneously attack substations around the country.
While the threats can also come from the internet, America's deputy national security advisor for cyber (formerly at the NSA) tells the reporter "We've taken any information we have about malicious software or tactics that the Russian government has used, shared that with the private sector with very practical advice of how to protect against it."
The reporter later spoke to the president's homeland security advisor, who points out there's no specific national regulation for the power plants, arguing that one of the system's strengths is "the resources for energy are different in different regions."
But they also acknowledged the federal government is now setting standards "in a variety of arenas."
Pretty vulnerable (Score:2)
Re: Pretty vulnerable (Score:2)
Re: Pretty vulnerable (Score:2)
Re: (Score:2)
A suicide squirrel took down the transformer for half a nearby town. Suspiciously, it was an Eastern Gray Squirrel which is considered an invasive species in this state, so it could be classified as an illegal alien assault squirrel.
The other causes of power outages around here are wind storms and drunks ramming power poles. And there is the occasional scheduled outage for maintenance.
Re: (Score:2)
Or a squirrel that decides a transformer is a nice, warm place to make a nest. One day, usually in the wintertime, the squirrel touches the wrong thing and "BZZZT, POP, POOF!" There goes the neighborhood.
No real security? ... !?!?! (Score:2)
Mr Bill Whitaker, What dumbass question is that? The dudes were using high powered rifles! The only security against that is to take the guns away.
Re: (Score:2)
Good plan.. Suggestions on how to take ALL the guns away, you know, from the criminals and such?
Better take all the steel pipe away also, and machining tools..
Or, I dont know, how about just building a concrete block wall around the outside? Just a thought..
Re: (Score:3)
TFA describes a "problem" by extrapolating from a single incident nine years ago.
TFA also states that it was done by "gunmen" when it was likely just one kook.
The solution is to arrest and incarcerate people who are both crazy and violent.
There is no ongoing general danger of armed assaults on power stations by organized groups, and it is idiotic to imply that there is.
Re:No real security? ... !?!?! (Score:5, Informative)
There is no ongoing general danger of armed assaults on power stations by organized groups, and it is idiotic to imply that there is.
It certainly isn't unheard of [justice.gov]. What makes you so confident they (or other groups like them) won't try again?
Re: (Score:2)
What makes you so confident they (or other groups like them) won't try again?
There is no reason to believe it was a "group".
Defending against armed assaults is extremely difficult and very very expensive on a national scale.
It is silly to make this a national priority based on a single failed attempt nine years ago by one guy.
There have been far more attacks on grocery stores. Should we position an M1 Abrams at every food shop?
Look, it makes sense to make our grid more robust. We need to do that anyway to accommodate intermittent and unreliable green power. But focusing on "armed
Re: (Score:2)
Multiple firing positions suggests more than one shooter.
Re: (Score:2)
There is no reason to believe it was a "group".
There is no reason to believe you, particularly since you did not read the article. For instance you're totally ignoring the "lights out" white supremacist plot.
It is silly to make this a national priority based on a single failed attempt nine years ago by one guy.
From the article: 38% of the incidents, three of which they provide more details about.
There have been far more attacks on grocery stores.
This is really disingenuous. An attack on a grocery store causes almost no disruption. Taking down the grid, even locally, results in thousands of people losing power. That means no heating, no cooking, no life-critical equipment, in many cases at least partial lo
Re: (Score:2)
TFA also states that it was done by "gunmen" when it was likely just one kook.
Well, no, they say it could also have been a nation-state actor. OK, so it's not nearly as impressive as the far more likely lone kook with a grudge, but still, it could have been, it could have been.
Re: (Score:2)
And you're a god damn moron if you don't think Russia, China, and possibly others have studied how to attack our grid and would have people in the country who could carry it out.
The person who actually did it was just one kook, and yes we should arrest the crazy and violent, but holy shit is ignoring grid security because of your idiotic claim there's no danger of organized attacks one of stupidest things I've heard.
Congr
Re: (Score:2)
And you're a god damn moron if you don't think Russia, China, and possibly others have studied how to attack our grid
There is a huge gap between "studying" and sending men with high-powered rifles to assault American infrastructure.
Re: (Score:2)
The best way to keep an attack vector open is to never exploit it.
Re: (Score:2)
The solution is to arrest and incarcerate people who are both crazy and violent.
Wouldn't that mean incarcerating a large proportion of the population of the USA? Oh, you are already doing that, except the selection criteria might need some tweaking.
Re: (Score:2)
There was a coordinated effort including disabling SCADA monitoring, apparently monitoring police communication and multiple firing positions. No, this wasn't a case of Cletus got drunk again and shot up a substation.
Re: (Score:2)
I don't know why we have a DHS. I don't care if it's owned by a private company. Is it crazy to think that disabling SCADA should result in an immediate order to deploy National Guard to the power substations? Is it a waste of resource or just a good training exercise?
The power grid is national infrastructure, but it's built by companies trying to scrape every last penny. For national security reasons, it should be bought out under imminent domain. They're already sharing the lines with other power com
Re: (Score:3)
Make unlicenced/unregistered guns illegal, along with concealed carry and open carry.
Licence all gun owners.
Guns can't be sold without a licence.
If you need a gun, come up with a genuine need for one - and protection from fellow citizens is NOT a genuine need - that's what the police are for.
Then, if you see someone carrying a gun and you're not in a rural area and they're a farmer with a rifle or they're not in a police uniform, call the police - they're likely a criminal!
Works well here in Australia.
Re: (Score:2)
Re: (Score:3)
We have a genuine need for guns: without them, we are pretty sure we'd end up like you.
Re: (Score:2)
We have a genuine need for guns: without them, we are pretty sure we'd end up like you.
Right. How is the police going to be all twitchy at every traffic stop if they are not afraid of being shot down by the driver?
Deaths by police per 10 million [wikipedia.org]:
0.5 United-Kingdom
1.3 Germany
28.3 Bangladesh
28.5 United States
30.0 Mexico
34.0 Columbia
The United States has standards to uphold and competitors to beat.
Re: (Score:2)
And holy shit is suggesting the police can arrive in time to stop someone from killing you a naive view. When seconds count, the police are minutes (or hours) away. The police absolutely are not a substitute for personal self defense. And if you think even the frail and small should only be able to defend their life by hand to hand comba
Re:No real security? ... !?!?! (Score:4, Insightful)
and protection from fellow citizens is NOT a genuine need - that's what the police are for
Unless, of course, there is some favored group rampaging in your area, in which case the police will "stand down" (if they haven't been previously "defunded", of course) to avoid raising negative poll numbers among swing constituenci ... I mean to avoid raising tensions.
Or more prosaically, unless seconds count and the police are minutes away.
Re: (Score:2)
If you need a gun, come up with a genuine need for one - and protection from fellow citizens is NOT a genuine need - that's what the police are for.
here in the USA we need protection from the police. they kill over a thousand of us every year, and only even report about half of those killings to the feds (who try to run a database of such) presumably because they're trying to pretend the other half didn't happen... which is what you do when they're wrongful deaths.
Re: (Score:2)
Here in Australia, we have just 7 police forces. One for each state, and the Federal Police, who are kinda like the FBI.
So cops in a state all get the same training, are required to follow the same rules and laws and operate the same way (roughly, I'm sure there are 'exceptions' in the more remote areas...)
While there are some bad cops, most of them seem to be well meaning, honest and well trained.
Deaths by cop happen, but tend to be investigated and cops charged - https://www.theguardian.com/au... [theguardian.com] (that tr
Re: No real security? ... !?!?! (Score:2)
Protection from nation state actors who easily penetrate a completely undefended border would be adequate cause for rubber stamping every application.
Defense against foreign invaders with long criminal records would be true and adequate as well. Cartel members frequently pass from outside the US to inside the US without ever having to declare their presence in the country.
You do not have millions of people casually walking into Australia with zero government oversight. Some of these people murder, rape, r
Re: (Score:2)
"Cartel members frequently pass from outside the US to inside the US without ever having to declare their presence in the country." And you know they do this because...they don't declare their presence?
Re: (Score:2)
They end up in jail here. They are known as criminals on both sides of the border.
Re: (Score:3)
If you want to do away with open carry in a hurry, just have black people start doing it. The black panthers started doing open carry patrols in California and it scared white people so bad that both Reagan and the NRA made it illegal. I'd love to see a BLM open carry march in Texas.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
1. It is called constitutional carry, and is widely supported among the people who support the second amendment, for everyone, not just white people.
2. That is quite the racist strawman you have built, did it ever occur to you it makes you look like the racist to come up with these strawmen, and not the people you are trying to make out to be racist?
Re: (Score:2)
You clearly did not read the wikipedia article.
Both Republicans and Democrats in California supported increased gun control, as did the National Rifle Association of America.[9] Governor Ronald Reagan, who was coincidentally present on the capitol lawn when the protesters arrived, later commented that he saw "no reason why on the street today a citizen should be carrying loaded weapons" and that guns were a "ridiculous way to solve problems that have to be solved among people of good will." In a later press
Re: (Score:2)
Well, your wish was granted already, it doesn't look like Texas went crazy with gun control laws since though, but Beto still wants to take all our semi-automatic rifles, so there is that.
https://www.kxan.com/investiga... [kxan.com]
It looks like in this case, it is the usual gun grabbers trying to stir up for new regulations, and not the NRA, Reagan or the Republicans.
Re: (Score:2)
Works well here in Australia.
It worked well in Ukraine also, just not for Ukraine.
Re: (Score:2)
The situation is slightly different in Ukraine compared to Australia, though.
Australia doesn't share any land borders with anyone, for example, makes it harder to invade (whew!)
Re: (Score:2)
A concrete wall would be horrendous overkill. You don't need to stop bullets, you only need to block line of sight so that they can't see what to aim at. And you probably want to allow wind to help carry away hot air from the radiators. Instead put up two sets of vertical blinds, made of wood or metal, inside the perimeter fence.
Re: (Score:2)
Better yet, build the power substations underground. They'll be easier to keep cool and run more efficiently. Maybe not a great option for outside of a populated area, but within it, it could be a great way to go.
Re: (Score:2)
>"The only security against that is to take the guns away."
Perhaps you jest, but that is a ridiculous statement. If you could take away the guns from criminals and bad people, then we would already know who they were and hopefully already would have done that. Just as ridiculous- declare the land surrounding the area a "gun free" zone, problem solved, right? Or even better- just declare it a "crime free" zone, that would address attacking the substation with cars, rocks, gasoline (or 100 other highly
Re: (Score:2)
Re: (Score:2)
If you need more security, then provide additional physical security and/or sensors, and with a better outer perimeter and blinds on an inner perimeter to make the targets not or less visible. The objectives being to deter attack, slow down or evade attack, foil attack, and/or perhaps catch/intercept bad actors during an attempt.
There is no defense against coordinated attacks. If you increase physical security, they will get better weapons and fire from further away. If you put power stations in a 1 mile perimeter, they will get an RPG and fire from 2 miles away. There is no solution in security, it will only start an escalation of increased violence against more stringent (or even oppressive) security.
The only solution is to make it harder to get these kinds of weapons. But US attitude towards guns prevents that. You need to chan
Re: (Score:2)
There is no solution in security, it will only start an escalation of increased violence against more stringent (or even oppressive) security.
Don't run antivirus on your PC. It only makes the malware worse.
The only solution is to make it harder to get these kinds of weapons.
Just because crazy guy with a gun is a real world example case does not mean that it is the only way to exploit the weakness.
Re: (Score:2)
Mr Bill Whitaker, What dumbass question is that? The dudes were using high powered rifles! The only security against that is to take the guns away.
That’s ridiculously unamerican, and it’s obviously not a solution. You simply place artillery “ai” controlled to fire upon any loud noises at all the substations. Some 155mm shells or rockets should put an end to any terrorists or pesky kids loafing about.
Re: (Score:2)
Mr Bill Whitaker, What dumbass question is that? The dudes were using high powered rifles! The only security against that is to take the guns away.
Or, you know, build a box around the substations out of cinderblocks. Since it has the word "build" in it we could even name it a "building."
Re: (Score:2)
There is a long list of reasons why substations are out in the open. Not knowing how to stack CMUs is not on the list. However, this [youtube.com] is.
Re: (Score:2)
the wires / towers that feed them are all over the (Score:2)
the wires / towers that feed them are all over the place but you have to be better then the really dumb bad guys to not get killed when messing with them.
It's almost like (Score:4, Insightful)
Most power grids are run and managed like shit. The fact that manual rerouting of power ahead of time is the only thing that saved it from being a bigger issue is a huge problem in their design and maintenance. The grid should be built in a way that 1) doesn't care if one substation goes down suddenly, for any reason, and 2) even if one substation accidentally triggers an overload/outage in another, they should be able to restart and recover quickly, because of regular maintenance. Most grids are designed in the most ass-backwards way, as well as maintenance being well outside of what it should be.
A first-year college student could create a better power grid if we let them. But they won't, because the grid is cut up into all these shit, poorly-run territories for "more" money.
and where are you going to run the wires better p (Score:2)
and where are you going to run the wires for an better grid?
Re: (Score:1)
Wherever the new system would require - direct replacement, side-by-side, whatever - I don't care. Then the old system is dismantled and what can be recycled gets recycled. Either way, the current methods and systems are garbage.
Re: (Score:1)
Actually, no, I don't like it.
Fucking weirdo.
Re: (Score:2)
and where are you going to run the wires for an better grid?
A better grid doesn't require new wires.
We can improve the grid with more and better end-point storage.
EV batteries are one way to do that. Some EVs already have circuitry to feed power back into the grid.
When power companies scale up grid storage, that storage should be distributed rather than centralized.
Re: (Score:2)
Reclosers can respond to outages at a substation quickly, much less than a second even. The weak part is the local utility networks as they don't invest in the more expensive equipment. But above the utility will be distribution grids, and above that the nationwide transmission grid.
Re: (Score:2)
Responding that quickly usually doesn't make sense though, because you need to clear the fault first. Classic use of a recloser is to wait until a tree limb burns up after shorting a line, so delays are usually closer to 30 seconds.
Re: (Score:2)
There are different types of them. Their purpose is to prevent cascades of blackouts or brownouts. And they talk to each other, so if it sees a neighbor with a big status change (voltage dips, rerouting messages) then it can shut off. And even if not an emergency, power gets routed around all the time automatically based upon load.
I have worked on one device that was difficult to understand because it did so much, but seemed to be able to monitor dozens of variables locally, and also from connected devices
Re: (Score:3)
The grid should be built in a way that 1) doesn't care if one substation goes down suddenly, for any reason, and 2) even if one substation accidentally triggers an overload/outage in another, they should be able to restart and recover quickly
Define substation. Grids are built with N+1 or N+2 redundancy depending on criticality. Often an electrical installation will have multiple interlinked substations fed in a way that ensures equipment can go down without causing an outage elsewhere.
But are you proposing geographically diverse electrical installations? I mean it sounds good, but I'm guessing from your suggestion you don't actually pay the power bill at home do you. Gold plating an electrical grid has a very real cost. There are already many l
Re: (Score:1)
Yes, there is a certain amount of redundancy. More critical, more redundant. Blah, blah, blah. Still not redundant enough. But current designs make any more redundancies difficult.
I am not directly proposing anything other than a complete redo and overhaul of the entirety of the national grid from the ground up. Granted - I also admit that it would be probably impossible to do for a reasonable cost in a reasonable timeframe - especially for a country of our size.
Number 2 is NOT covered for the case for anyt
Re: (Score:2)
Yes, there is a certain amount of redundancy. More critical, more redundant. Blah, blah, blah. Still not redundant enough.
Citation needed. Is the grid going down constantly due to attacks and sudden equipment failure? No. Is it preventing operation? No.
Redundancy doesn't solve problems caused by lack of maintenance. It doesn't solve problems of overloading. It doesn't solve problems related to attacks by external actors. It sure as hell doesn't resolve software errors. It doesn't solve problems caused by isolating yourself from the world and not considering that winter can happen.
In other words, more redundancy doesn't solve a
Re: (Score:2)
The northeast grid failure was mainly addressed with improvements to black-start capability, which would have reduced the outage duration to an hour or two. Minor improvements to transmission line protection have also reduced the risk of cascading failures to a degree.
But, there will always be another unexpected failure mode that will put things to the test again. Complexity is the enemy of reliability; reliability requires distributed generation.
Re: (Score:2)
In fact most grids, including the main US ones, do have complex software that monitors the network and models potential failures. The modelling identifies ways in which the grid could go down ahead of time, so that operators have time to put extra margin in place.
This Practical Engineering video explains how it is supposed to work and why it didn't back in 2003: https://youtu.be/KciAzYfXNwU [youtu.be]
The problem is that real life is not like Sim City, you can't just build massively expensive redundant transmission lin
Re: (Score:2)
It is actually not that easy to make a meaningful improvement. The grid is not designed for 100% uptime; at best the transmission systems are designed for 99.9995%, or statistically 3 minutes of unscheduled downtime per year. If you provide redundant active power paths you increase fault current and associated damage when something does fail. You also make maintenance much harder.
The solution is to ensure distributed generation and black-start capability, which is generally being done, at least outside of
Re: (Score:2)
It's almost like you don't know why. (Score:2)
Y'know, I was going to write a thoughtful post replying to yours, but no. You use a magical "should" in there, and reality rejects it. You ascribe greed to the reason the grid is the way it is, glossing over the realities on the ground.
Your first-year college student would have died of old age without graduating before designing a better power grid than we have now because he couldn't keep it updated fast enough, and couldn't develop a construction plan that would put it into place fast enough and cheap e
First step: don't use Cisco (Score:1)
Since Cisco has been repeatedly caught putting in backdoors for federal intelligence gathering, don't use them. Second step? Don't trust *anything* from the NSA. Their insistence on leaving poor quality backdoors for themselves, soon reported and available to other nations such as the Israelies, should call anything they provide into question.
Sounds fairly easy to protect (Score:2)
Probably the best way to protect against this is to make sure the perimeter has some reasonable security, perhaps with some electronic presence sensing with alarms, and then an inner barrier that just hides the transformers or other sensitive equipment from sight. No sight, no reasonable ability to hit the sensitive parts. Distance can protect against thrown objects (like molotov cocktails). Not terribly expensive to erect or maintain. Like any physical security, it would be silly to think that an extre
Re: (Score:1)
eh, transformers are hot. So maybe not stop guy with 50 BMG rifle or similar with infrared scope a mile and a half away. And remember, those kinds of calibers have the "anti material rifles" made exactly for this sort of thing besides long range sniping. And the best part, anyone could buy such a thing legally in most states.
Re: (Score:2)
What makes you think a substation is visible from a "a mile and a half away"? Where I live its visible for about a block away, buildings and vegetation obscure them. And even if there were fewer obstacles, just a sight barrier around anything critical would be sufficient in most cases.
Re: (Score:2)
You're a smarmy little jackass.
The location of substations is obviously not a secret, and nobody said it was. The question is whether you would be able to see anything vulnerable to shoot at. Where I live we have we have these things called "trees" and "buildings", and they typically will obscure a substation from view such you wouldn't be able to target anything there unless you are standing on the roadside right next to it. If firing rifles into transformers ever were a real problem they can just erect so
Re: (Score:2)
"these weapons"? Obviously a substation could be hit with mortars or rockets, but you need an unobstructed line of sight to hit anything vulnerable on a substation with a rifle. That often won't be available. There's one "a mile and a half away" from my house, you couldn't hit it from that far away with a tank.
Re: (Score:2)
Once again a nasty, brainless remark.
Re: (Score:2)
Program a $500 drone with a high-res camera to fly around the perimeter in a random pattern.
Add some noise sensors so the drone can home in on suspicious activity.
Re: (Score:2)
Do they make $500 bullet proof drones?
Re: (Score:2)
Hitting a small flying target with rifle fire is very difficult.
By the time you finally hit it, there will be plenty of video evidence transmitted, and the police will be en route.
Re: (Score:3)
Some decades ago the security at French nuclear plants was shown to be lacking when small model aircraft (this was before drones) simply flew into the plant area. The argument was that they could have been carrying bombs. Today, where you can simply buy an off-the-shelf drone that requires little skill to fly and can carry significant weight, this kind of attack would be even easier.
Re: (Score:2)
Some decades ago the security at French nuclear plants was shown to be lacking when small model aircraft (this was before drones) simply flew into the plant area. The argument was that they could have been carrying bombs. Today, where you can simply buy an off-the-shelf drone that requires little skill to fly and can carry significant weight, this kind of attack would be even easier.
No need to use a drone. 99 red balloons [newsrnd.com] will suffice, or even just one.
Re: (Score:2)
The problem is that over the years and decades the security gets lax. Nothing happens, the guards stop paying attention, equipment breaks down and the boss doesn't want to spend money replacing it.
Commercial security is a joke because it's usually driven by cost rather than by a desire to genuinely secure something.
Re: (Score:2)
Gids can be taken out by selective shut-off at key points. That is a well known computation and the relevant grid parts and interconnects are on the Russia and before that USSR "hit list". It can be done in software too. That, however, is expensive, can be protected against and is pretty much "declaration of war" level.
In this day and age there is no
A privacy fence... (Score:2)
A privacy fence would be enough. If you can't see what you're shooting at, it will take many more rounds to hit it - which would be problematic from the POV of (not) getting caught.
"Could've brought down all of Silicon Valley" (Score:2)
What are they trying to imply, exactly? It's not like all the devices manufactured by Apple, Google, etc. would stop working - and these companies have server farms everywhere, so we wouldn't even have our data access interrupted, in all likelihood.
The engineers at Apple and Google would probably not get to go to work for a couple weeks. Maybe a scheduled product announcement would get delayed. Big whoop. Am I missing something?
Re: (Score:2)
>"What are they trying to imply, exactly? It's not like all the devices manufactured by Apple, Google, etc. would stop working - and these companies have server farms everywhere, so we wouldn't even have our data access interrupted, in all likelihood."
And they have generators and backups.
What they are trying to do is what most of the media is doing all the time- sensationalizing as much as possible.
Re: (Score:2)
Oh bullshit. The average American doesn't know about the grid, doesn't care to know and doesn't need to know.
This was somebody who's job it was to know, he was asked about it and he answered. Slashdot picked it up because why the fuck not, it's at least nerd'ish.
The fact that you have no mental filter to deal with in coming information and go into overload mode that everybody is trying to scare you is your problem, deal with it.
"We don't know" (Score:1)
We don't know if they were a nation state. We don't know if they were domestic actors.
I'm not saying it was domestic actors (read: TERRORISTS), but it was domestic actors. It's always domestic actors.
Re: (Score:1)
I Have Experienced In This Area (Score:3)
Yes, physically attacking substations could be a very practical way to take out power and do a lot of damage. However, there are many of them. The enemy would have to strategically prioritize them.
In terms of computer security, however, I think there is lower hanging fruit with a much larger bang for the buck. The state of security for vendors of smart grid equipment is very good on paper (RSA key pairs, some use IPv6, etc) but utter garbage in reality (tough security in high visibility areas and oodles of holes in others). And, many of these vendors are large bureaucratic international corpotations into which it would be fairly easy to employ agents. Deep access tends to be given even to the lowest level support personnel. The software quality tends to be very, very poor with complex microservices architectures (e.g. Landis + Gyr), etc. I speak from extensive personal experience. These companies, their management, and software architectures tend to be utter disasters that barely function, in many cases.
Re: (Score:3)
Re: (Score:2)
Strategic prioritization seems to be kind of key to all this.
I wonder how hard it is to obtain really detailed data on grid loads and interconnects that would min-max the amount of damage done vs. effort required.
Is it something someone with relevant experience can just sort of figure out on their own by identifying substations and long range power lines, or does it require internal power utility data? I'm sure there's gems of info in public regulatory filings, but probably not a how-to level of detail, ei
Re: (Score:2)
Yes, physically attacking substations could be a very practical way to take out power and do a lot of damage. However, there are many of them. The enemy would have to strategically prioritize them.
The scary part is that there was a more vulnerable target which would have have an immediate effect, the insulators on power lines. How would you protect them?
But, but, Sam Harris said... (Score:2)
...we need to be worried about the "wokes".
"In 2020, the FBI uncovered a white supremacist plot called "lights out" to simultaneously attack substations around the country."
Hate makes stupid not think. (Score:1)
One man could take it down. Just takes planing and smarts. So then what. people get pissed and news flips. Then nothing. Power comes back up and all is well. Maybe a few people die. Still then what. Small victory for the losers who try.
Loss of power is only good with some other ops. it only scares the weak and insecure minded.
Bring it on. I have a generator and fuel. Also wood to burn.
This is only scary for the people whom live in the cities with no brains or balls. The poor will burn anything; the rich wil
Minimize risk, plan for attacks (Score:2)
In reality all our infrastructure is at risk. (Score:2)
Sensationalism (Score:2)
The example story they use is pure sensationalism. Let me get this straight: a group of people that knew what they were doing attacked a substation to take it down, and guess what happened? The power stayed on, because PG&E rerouted the power. What if they had succeeded in killing all the transformers before the reroute? The power would have gone out for a very short time, during which the critical systems at Apple, etc would have run using backup power.
It seems like this could have been very very ba
Re: (Score:2)
The example story they use is pure sensationalism. Let me get this straight: a group of people that knew what they were doing attacked a substation to take it down, and guess what happened? The power stayed on, because PG&E rerouted the power. What if they had succeeded in killing all the transformers before the reroute? The power would have gone out for a very short time, during which the critical systems at Apple, etc would have run using backup power.
Ah, but how many other substations are similarly exposed, and could an enemy potentially have hit more than one of them simultaneously to magnify the impact? If so, then the outage wouldn't have been "a short time", but rather weeks or even months, depending on how long it takes to source new transformers (which at those huge sizes might very well be built only upon request).
Re: (Score:2)
That's my point - there will always be physical vulnerabilities that can be taken advantage of if people work hard enough. In your example those bad actors now have to multiply their forces and logistics to simultaneously hit multiple substations at once, and do that without getting caught. Can it happen? Sure, but it gets a lot harder because the mechanism that allows for adaptability - spreading critical infrastructure over a wide area - reduces the vulnerability. It's impossible to eliminate the vulne
Re: (Score:2)
That's my point - there will always be physical vulnerabilities that can be taken advantage of if people work hard enough. In your example those bad actors now have to multiply their forces and logistics to simultaneously hit multiple substations at once, and do that without getting caught. Can it happen? Sure, but it gets a lot harder because the mechanism that allows for adaptability - spreading critical infrastructure over a wide area - reduces the vulnerability.
No, not really. Having three people on cell phones shooting at three sets of transformers isn't much harder than one. If the attack is easy enough, requiring only things that can be obtained legally and easily, and done by a person of only moderate skill, then security is grossly inadequate. And if police response to a major substation was so slow that somebody was able to keep shooting at one for twenty minutes, that means that there was no meaningful security at all.
It's impossible to eliminate the vulnerability. Transformers will always be needed (in the foreseeable future) and the electrical grid will be exactly that, a grid of conductors and components that can be damaged by bad people and bad weather. Putting every transformer, high tension tower and telephone pole in vaults isn't feasible, or nearly as efficient as making sure electrons can flow to the same location via many paths.
It's impossible to eliminate the vul
Very (Score:2)
A drunk driver, frozen rain, a big bird, termites anything can down cables nailed to wooden posts, you don't need the internet for that.
No more vulnerable than you. (Score:2)
It's all about money and profits (Score:2)
Absent government oversight, the local monopolies would never make the inves
Why Beg Trouble (Score:2)
Bunch of bullshit (Score:2)