Researchers Say New Attack Could Take Down the European Power Grid (arstechnica.com) 33
An anonymous reader quotes a report from Ars Technica: Late last month, researchers revealed a finding that's likely to shock some people and confirm the low expectations of others: Renewable energy facilities throughout Central Europe use unencrypted radio signals to receive commands to feed or ditch power into or from the grid that serves some 450 million people throughout the continent. Fabian Braunlein and Luca Melette stumbled on their discovery largely by accident while working on what they thought would be a much different sort of hacking project. After observing a radio receiver on the streetlight poles throughout Berlin, they got to wondering: Would it be possible for someone with a central transmitter to control them en masse, and if so, could they create a city-wide light installation along the lines of Project Blinkenlights?
The first Project Blinkenlights iteration occurred in 2001 in Berlin, when the lights inside a large building were synchronized to turn on and off to give the appearance of a giant, low-resolution monochrome computer screen. The researchers, who presented their work last month at the 38th Chaos Communication Congress in Hamburg, Germany, wondered if they could control streetlights in Berlin to create a city-wide version, though they acknowledged it would likely be viewable only from high altitudes. They didn't know then, but their project was about to undergo a major transformation.
After an extensive and painstaking reverse-engineering process that took about a year, Braunlein and Melette learned that they could indeed control the streetlights simply by replaying legitimate messages they observed being sent over the air previously. They then learned something more surprising — the very same system for controlling Berlin's lights was used throughout Central Europe to control other regional infrastructure, including switches that regulate the amount of power renewable electric generation facilities feed into the grid. Collectively, the facilities could generate as much as 40 gigawatts in Germany alone, the researchers estimate. In addition, they estimate that in Germany, 20 GW of loads such as heat pumps and wall boxes are controlled via those receivers. That adds up to 60 GW that might be controllable through radio signals anyone can send.
When Braunlein and Melette realized how much power was controlled, they wondered how much damage might result from rogue messages sent simultaneously to multiple power facilities in strategically designed sequences and times of day. By their calculation, an optimally crafted series of messages sent under certain conditions would be enough to bring down the entire European grid. [...] The grid security experts Ars talked to for this story said they're doubtful of the assessment. "A sudden deficit of 60 GW will definitely lead to a brownout because 60 GW is far more than [the] reserves available," said Albert Moser, a RWTH Aachen professor with expertise in power grids. "A sudden deficit of 60 GW could even lead to a blackout due to the very steep fall of frequency that likely cannot be handled fast enough by underfrequency relays (load shedding)." He wasn't able to confirm that 60 GW of generation/load is controlled by radio signals or that security measures for Radio Ripple Control are insufficient.
Jan Hoff, a grid security expert, was also doubtful there'd be enough electricity dropped quickly enough to cause a brownout. "He likened the grid to the roly-poly toys from the 1970s, which were built to be knocked around but not fall over," said Ars.
The first Project Blinkenlights iteration occurred in 2001 in Berlin, when the lights inside a large building were synchronized to turn on and off to give the appearance of a giant, low-resolution monochrome computer screen. The researchers, who presented their work last month at the 38th Chaos Communication Congress in Hamburg, Germany, wondered if they could control streetlights in Berlin to create a city-wide version, though they acknowledged it would likely be viewable only from high altitudes. They didn't know then, but their project was about to undergo a major transformation.
After an extensive and painstaking reverse-engineering process that took about a year, Braunlein and Melette learned that they could indeed control the streetlights simply by replaying legitimate messages they observed being sent over the air previously. They then learned something more surprising — the very same system for controlling Berlin's lights was used throughout Central Europe to control other regional infrastructure, including switches that regulate the amount of power renewable electric generation facilities feed into the grid. Collectively, the facilities could generate as much as 40 gigawatts in Germany alone, the researchers estimate. In addition, they estimate that in Germany, 20 GW of loads such as heat pumps and wall boxes are controlled via those receivers. That adds up to 60 GW that might be controllable through radio signals anyone can send.
When Braunlein and Melette realized how much power was controlled, they wondered how much damage might result from rogue messages sent simultaneously to multiple power facilities in strategically designed sequences and times of day. By their calculation, an optimally crafted series of messages sent under certain conditions would be enough to bring down the entire European grid. [...] The grid security experts Ars talked to for this story said they're doubtful of the assessment. "A sudden deficit of 60 GW will definitely lead to a brownout because 60 GW is far more than [the] reserves available," said Albert Moser, a RWTH Aachen professor with expertise in power grids. "A sudden deficit of 60 GW could even lead to a blackout due to the very steep fall of frequency that likely cannot be handled fast enough by underfrequency relays (load shedding)." He wasn't able to confirm that 60 GW of generation/load is controlled by radio signals or that security measures for Radio Ripple Control are insufficient.
Jan Hoff, a grid security expert, was also doubtful there'd be enough electricity dropped quickly enough to cause a brownout. "He likened the grid to the roly-poly toys from the 1970s, which were built to be knocked around but not fall over," said Ars.
Russian (Score:1)
Re: (Score:2)
You mean "Asking for a friend".
Re: Russian (Score:2)
Re: (Score:3)
It is already happening. They've been buying and using Western components for their grid system for the past 20+ years. The available alternatives after 3 years of sanctions have degraded their grid performance and stability quite a lot - there are literally daily news about large residential areas being left for hours, sometime days without power at russian winter temperatures. But it is russia, so a lot of it happens far away from moscow and is not very important to the powers that are busy "re-uniting th
Re: (Score:2)
Re: (Score:2)
Basically yes, with one small correction - that's what the russians say. I just repeat it.
Perhaps only the tip of the iceberg (Score:5, Interesting)
Re:Perhaps only the tip of the iceberg (Score:5, Insightful)
Sadly, I fall into the second category who is not surprised the control communications are unsecured. Come one EU, you recently implemented cyber security regulations for cars, forcing some manufacturer to not sell older, unsecured designs. Why not regulate this too? Grid is kind of an important strategic target. Or is government regulating government a no-no in EU?
Come on now - they are busy regulating the most important things, critical things. Things that have to be regulated, lest the world collapse - like making sure Apple devices have the approved power connector.
Re: (Score:1)
Sadly, I fall into the second category who is not surprised the control communications are unsecured. Come one EU, you recently implemented cyber security regulations for cars, forcing some manufacturer to not sell older, unsecured designs. Why not regulate this too? Grid is kind of an important strategic target. Or is government regulating government a no-no in EU?
Come on now - they are busy regulating the most important things, critical things. Things that have to be regulated, lest the world collapse - like making sure Apple devices have the approved power connector.
If they take U.S. mindset into their own (or did we take theirs, or did it just come from the same animal chemistry... hmm) then it's perfectly prudent to wait for a failure before saying that the failure was known about ,because they're smart and knew ahead of time with lots of info, but action wasn't taken because *start blaming here*
In the U.S., at least (for now) the electric grid is maintained (at least in the EI; don't know about ERCOT or WI) with load and frequency balancing with multiple forms of co
Re: (Score:2)
Are you suggesting something they didn't know about is more important to regulate than the massive e-waste pile that we were producing? Maybe they should regulate time machines so that your criticisms make sense.
Re: (Score:2)
Are you suggesting something they didn't know about is more important to regulate than the massive e-waste pile that we were producing? Maybe they should regulate time machines so that your criticisms make sense.
Certainly not! I suggest nothing. What I am stating is that it is more important to them than the power grid remaining operational. Didn't you read? I meant exactly what I wrote.
By the way, I now have a lot of Apple cables that are made E-waste. Including ones that are over a decade old, and were working perfectly on my phones and tablets. Funny how eliminating e-waste creates e-waste
just like the Christian god, the EU moves in mysterious ways, outside the understanding of us mere mortals. But they a
Re: (Score:2)
Re: (Score:2)
It is regulated. Apparently the operators of critical infrastructures chose to ignore these regulations. I hope they get reamed really hard for this.
Unsecured communications (Score:5, Insightful)
Re: (Score:3)
Even worse - there's a potential to create voltage spikes, overvoltage and undervoltage causing a lot more headaches than just a power outage.
It all depends on what the attacker can figure out.
Re: (Score:1)
Even worse - there's a potential to create voltage spikes, overvoltage and undervoltage causing a lot more headaches than just a power outage.
It all depends on what the attacker can figure out.
We could keep talking about it right now and come up with some really nifty methods that could work. The attacker could use the information as free and easy source and, I don't know about anyone else, but I would feel like shit if I was part of the exploit that hurt x and killed y at the expense of z was relayed from my head in a completely innocent fashion to them. Then comes law enforcement tracking back to us and us having to explain in custody what happened and............
I'm sure there's a better pla
Re: (Score:2)
Anyone with some knowledge of electrics and electronics would be able to come up with similar ideas.
Re: (Score:2)
Even worse - there's a potential to create voltage spikes, overvoltage and undervoltage causing a lot more headaches than just a power outage.
It all depends on what the attacker can figure out.
We could keep talking about it right now and come up with some really nifty methods that could work. The attacker could use the information as free and easy source and, I don't know about anyone else, but I would feel like shit if I was part of the exploit that hurt x and killed y at the expense of z was relayed from my head in a completely innocent fashion to them. Then comes law enforcement tracking back to us and us having to explain in custody what happened and............
I'm sure there's a better place to talk about exploiting the exploitable just for conceptualization and preparation. Too bad we live so far apart. Anyway.
To my understanding, the time to implement security is before the first public deployment. To my way of thinking, smart people need to think of potential attack vectors and harden the systems long before then.
This isn't a Dilbertesque "We must anticipate all of the unforeseen circumstances" silliness thing, nor is it a guilt assignment mechanism if someone points out a vulnerability. This isn't supposed to be a electronic version of the Streisand Effect.
Indeed - any guilt or shame lies on the people t
Re: (Score:2)
In AC systems, sudden loads going in and out of the network don't really affect the voltage, but the frequency. And the frequency control of the system is generally very tight - usually within 0.1% or so. The threshold for shutdown and disconnection is about 1Hz, or 0.2%.
The reason for this is a sudden load causes the generators to spin slower, which reduces the frequ
These signals should never be unencrypted (Score:4, Insightful)
Re: (Score:2)
They would have been better off leaving then in the open Internet and using TLS.
This is crazy
Re: (Score:2)
No, at least the attackers have to be in the EU.
When you use the Internet, any security hole can be taken advantage of from all over the world.
Re: (Score:2)
No, at least the attackers have to be in the EU.
No, they absolutely do not. You mail your attack systems, and have them wake on a schedule.
Re: (Score:2)
They would have been better off leaving then in the open Internet and using TLS.
This is crazy
I'm not saying I worked for a telecom company. I'm not saying I learned about operations in their system through simple observation and others telling me about pieces of it and how unbelievable it is.... so I shouldn't be held liable for sharing company information... AND you can choose to go to people from other companies at the other "end" of this little piece of "news"... so I'm not giving out information that isn't known:
There used to be a thing called "long distance" (and there still is). It used to
Re: (Score:1)
Full stop. Why would you even think this was an appropriate implementation?
To me it looks like the problem is not that the signals are unencrypted but that they are not authenticated. I remembered a blog post on a similar problem to this from five years ago by Bruce Perens: https://perens.com/2019/07/02/... [perens.com]
Should anyone care if the control messages can be intercepted and read in the clear? If there is then, sure, encrypt the messages. One reason why I'd pose a digital signature as a solution is it gives a transition period on implementation. Add the digital signature to the co
Re: (Score:2)
A lot of the bigger systems date to a time where industrial security was in its infancy. The idea of encrypted communications channels is a relatively recent development.
Additionally I doubt anyone considered a co-ordinated attack to create or shed so many small loads at a time to create a 60GW change in demand. A lot of things just don't seem important when you look at them in isolation.
Where... (Score:1)
where "the European Power Grid" = "a Renewable energy facility in Central Europe".
Did I miss something? (Score:2)
Uhm, not really (Score:3)
First of all, the original talk is here:
https://media.ccc.de/v/38c3-bl... [media.ccc.de]
Essentially they looked at LF control systems for lights and other things. There is a company operating a low frequency low bandwidth channel for that.
Yes, you can easily transmit low frequency signals over short distances, in their talk they used a pole to reach to the receiver. This is fairly easy as you only need to couple your signal into the receiving coil.
It is _much_ harder from an RF point of view to get those signals at those frequencies to a larger area. The signals are roughly at 130-140 kHz which means that your wavelength is roughly 2 kilometres. (hence the name long wave) You need the infrastructure of a long wave radio station station to send such a signal to a larger area. The antennas are huge at those wave-length and you need to overcome a fairly strong background noise at such low frequencies, as anything from lightning strikes over switches to switching power supplies will compete with your signal.
A new attack could be a minor inconvenience. (Score:2)
I think he meant (Score:2)
"He likened the grid to the roly-poly toys from the 1970s, which were built to be knocked around but not fall over,"
I think he meant Weeble Wobles [youtube.com].