Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DHS To Review Report On US Power Grid Vulnerability

kdawson posted more than 4 years ago | from the like-dominos dept.

Security 138

CWmike writes "The US Department of Homeland Security is looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid. Jian-Wei Wang, a network analyst at China's Dalian University of Technology, used publicly available information to model how the West Coast grid and its component subnetworks are connected. Wang and another colleague then investigated how a major outage in one subnetwork would affect adjacent subnetworks. New Scientist magazine reported on this a week or so ago, and the paper has been available since the spring."

cancel ×

138 comments

Sorry! There are no comments related to the filter you selected.

Power Station PLCs should _not_ be connected... (0)

Finallyjoined!!! (1158431) | more than 4 years ago | (#29429589)

To that new-fangled interweb.

Simple.

Why they are, is question simply answered with "stupidity".

Bye.

not attacked via the web (2, Insightful)

Chirs (87576) | more than 4 years ago | (#29429639)

Obviously you didn't read the article. They're talking about cascading failures due to the fact that they're connected via the electrical grid.

Basically the same thing that happened some years back on the eastern seaboard, but on the west coast and triggered on purpose.

Re:not attacked via the web (3, Interesting)

Finallyjoined!!! (1158431) | more than 4 years ago | (#29429715)

Obviously, you have not read TFA:

News about Wang's research comes at a time when there are considerable concerns about the security of the U.S. power grid. In April, The Wall Street Journal, citing anonymous national security officials, reported that cyberspies from China, Russia and elsewhere had gained access to the U.S. electrical grid and had installed malware tools that could be used to shut down service. Though the access hasn't been used to disrupt service, the concern is that the malicious hackers could do so with relatively short notice during a time of crisis or war.

What a prawn.

Re:not attacked via the web (1)

spun (1352) | more than 4 years ago | (#29430037)

Well, you're both right. The article IS talking about cascading power failures due to electrical grid connection, not Internet connection, while the part you quote backs up your... hey! Wait a second, it doesn't back up what you were saying AT ALL! Where does it say the 'cyberspies' gained access through the Internet?

Re:not attacked via the web (4, Funny)

hoggoth (414195) | more than 4 years ago | (#29430577)

Jeez. Please read the article before posting. The article states that power company officials have found very small Chinese people hiding in cabinets inside 75% of our power stations. The situation is very precarious.

Re:not attacked via the web (0, Troll)

blackraven14250 (902843) | more than 4 years ago | (#29432769)

Oh, I put them there. Just don't open the cabinets and we'll be fine.

Re:not attacked via the web (3, Insightful)

ParanoiaBOTS (903635) | more than 4 years ago | (#29430073)

Obviously you didn't read the article. They're talking about cascading failures due to the fact that they're connected via the electrical grid. Basically the same thing that happened some years back on the eastern seaboard, but on the west coast and triggered on purpose.

Obviously, you have not read TFA:

News about Wang's research comes at a time when there are considerable concerns about the security of the U.S. power grid. In April, The Wall Street Journal, citing anonymous national security officials, reported that cyberspies from China, Russia and elsewhere had gained access to the U.S. electrical grid and had installed malware tools that could be used to shut down service. Though the access hasn't been used to disrupt service, the concern is that the malicious hackers could do so with relatively short notice during a time of crisis or war.

What a prawn.

Actually both you, and your parent post are correct. They are pointing out why the compromised grid is so concerning(aside from the obvious). Couple that malware with this knowledge and you can very effectively take out power for the west coast by targeting a very small subset of stations.
What they are saying is that the outage like we had several years back can be triggered fairly easy, and even scarier, since we are compromised already, someone sitting at a computer could probably just turn off power for all the west coast.

Re:not attacked via the web (3, Funny)

geogob (569250) | more than 4 years ago | (#29430157)

Everyone knows that you hack a power grid system with a modem, weird command line interfaces using pseudo-english commands and some fast random typing on a keyboard.

Re:not attacked via the web (2, Funny)

KraftDinner (1273626) | more than 4 years ago | (#29430601)

Everyone knows that you hack a power grid system with a modem, weird command line interfaces using pseudo-english commands and some fast random typing on a keyboard.

Don't forget about the swirling numbers and mathematical symbols in the background all the while you can see them flying through the file system.

Re:not attacked via the web (4, Funny)

thynk (653762) | more than 4 years ago | (#29431569)

Hack the Gibson!

Re:not attacked via the web (1)

PitaBred (632671) | more than 4 years ago | (#29430907)

And you hack the Gibson with viruses that look like happy-face ping-pong balls and the Cookie Monster and Pac Man. Duh.

Re:not attacked via the web (1)

KingPin27 (1290730) | more than 4 years ago | (#29432997)

Everyone knows that you hack a power grid system with a modem, weird command line interfaces using pseudo-english commands and some fast random typing on a keyboard.

This is after you have driven your motorcycle off the adjacent roof and exploded the front enterance - knocked out the guards at the station and ran your fancy nmap commands to get the root passwords and then disable the power grids.

Re:not attacked via the web (1)

Runaway1956 (1322357) | more than 4 years ago | (#29429845)

To lazy to look for citations - but this scenario was envisioned in Sci-fi literature long before the advent of the internet. And, in fact, I believe the north-east has experienced such a thing at least twice, probably more than that. Brown outs and black outs due to local overloads aren't a new concept at all, nor is the idea of cascading failures. All that I see here, is the idea of inducing one or more local overloads via the internet.

Of course, there are any number of "experts" who claim that this is not possible. They claim that internet connected computers are isolated from the machines that actually regulate power delivery, power generation, and power usage. But, I'm left scratching my head over all the wireless devices that have been incorporated into the system. I suppose that they have some magical security system that all us peasants are unaware of.....

Re:not attacked via the web (1)

pilgrim23 (716938) | more than 4 years ago | (#29429955)

one emp producing Nuke exploded 25k miles above Kansas. No worries what is connected to who, it all goes off. Tell me how a smart grid connection will prevent this scenario. Through the magic of Wikipedia: The worst effects of a Russian high altitude test occurred on 22 October 1962 (during the Cuban missile crisis), in âOperation Kâ(TM) (ABM System A proof tests) when a 300-kt missile-warhead detonated near Dzhezkazgan at 290-km altitude. The EMP fused 570 km of overhead telephone line with a measured current of 2,500 A, started a fire that burned down the Karaganda power plant, and shut down 1,000-km of shallow-buried power cables between Aqmola and Almaty. --1962, long before chips in everything....

Re:not attacked via the web (0)

Anonymous Coward | more than 4 years ago | (#29430121)

Detonating a 300kt nuclear warhead at 290km above the United States is a little harder than taking out a single sub-station somewhere out in the middle of the nowhere with a car bomb, or whatever.

Re:not attacked via the web (1)

MrNaz (730548) | more than 4 years ago | (#29430123)

25k miles is so far away that you can't really say that it's "above Kansas", so much as "above everything". 25k miles is ~3 times the diameter of the Earth.

Re:Power Station PLCs should _not_ be connected... (0)

Anonymous Coward | more than 4 years ago | (#29429755)

The benefits of connecting the power grid to the web are numerous, concerns about security should just be addressed (and problems solved), you don't stop flying just because airplanes can crash.

Re:Power Station PLCs should _not_ be connected... (3, Informative)

Shakrai (717556) | more than 4 years ago | (#29429791)

you don't stop flying just because airplanes can crash.

No, you stop flying because you don't like having to bend over to get through the TSA security theater. Sorry, random offtopic rant because I just got back from a flight....

Re:Power Station PLCs should _not_ be connected... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29429817)

I don't see the benefits of connecting them to the grid that can't be achieved through alternative means. That is, the data availability issues can be connected, but command/control functionality (ie, that which can be used to shut down service) should not be accessible from the internet.

Is there a reason you believe they should be?

Re:Power Station PLCs should _not_ be connected... (1)

jeffstar (134407) | more than 4 years ago | (#29432475)

maybe the power station is geographically remote and economically unfeasible if it has to be manned. maybe it is also economically unfeasible if it has to have an expensive private data connection but can't use a VPN over satellite just fine.

people are going after the 'long tail' of generation with distributed generation such has small/micro hydro, solar etc and I bet a lot of that stuff ends up connected to the internet.

of course a nuclear station shouldn't be on the internet, but maybe a 200kw hydro is?

Re:Power Station PLCs should _not_ be connected... (2, Informative)

Beardo the Bearded (321478) | more than 4 years ago | (#29430497)

If you connect your PLC to the Internet, it can email you when a problem arises. If you haven't coded responses to incoming email, it simply won't respond. I didn't see any incoming email commands on the PLCs I've worked on, but that doesn't mean they don't exist.

So, you get error reporting and real-time data from your PLCs when you connect them to the Internet. Apparently that's stupid.

The programming ports on the ones I've used are physically separate from the ones used for communication, and the functions simply cannot be swapped.

There is also -- again, in the cases of all PLCs that I have used, which is not exhaustive of all that are on the market -- a physical toggle switch that switches the PLC from "run" to "program" mode.

I suppose that if the PLC was attached to the Internet, and then you had a guy flip the switch and swap the cables, and then put the cables back and flip the switch back later, then yes, you could reprogram a PLC online.

If you can figure out an easier way, Omron, Koyo, AB, and IEEE would like to have a word with you.

Re:Power Station PLCs should _not_ be connected... (5, Interesting)

AB3A (192265) | more than 4 years ago | (#29431375)

Not so fast. See the first paper in this bunch [digitalbond.com] . The authors managed to hack a Koyo and AB PLC Ethernet interfaces. The AB Ethernet card had lots of useful stuff in it, including a symbol table. From the symbol table I saw many backplane calls that you could use to communicate with the PLC. How well do you trust a hacked Ethernet module on a PLC backplane?

Having a physically separate port is nice, but it is no substitute for secure coding. If you think that coding is poorly secured in the PC world, you'll be shocked at what often gets done in embedded system coding.

Some PLCs and Variable Frequency Drives have been noted for their inability to handle Denial of Service traffic. I've seen that demonstrated myself. This is the official cause of a reactor SCRAM at Browns Ferry a few years ago.

Try a port scan of your PLC some time and tell me how many ports it responds to (DO THIS ON A TEST-BENCH --NOT PRODUCTION EQUIPMENT!). If you can identify everything that critter responds to, congratulations. If not, be afraid. Be VERY afraid. I've heard quite a few PLC models that have mysterious responses to ports where you wouldn't expect them to respond.

Real Time embedded systems are not good candidates for direct internet exposure. They're too difficult to patch in a timely fashion. Often the windshield time alone is prohibitive. And if you have any notions of pushing patches to them remotely, remember, these things control some pretty high speed/high power processes. You don't just patch them. There are process and safety implications that you need to consider. This ain't some office application where you can say oops and restore from a backup. Real physical things will happen and real physical problems will be created that you can't clean up with a simple code reversion.

Most of our infrastructure today has not been engineered with security issues in mind. There is still lots of Gee Whiz "Let's Share Data" synergy crap going on. This leads to all sorts of direct interconnections that aren't absolutely necessary. Many controls can be made over links that weren't intended for that purpose. It's not easy to split the data flows up any more because many organizations have been very profligate with their use of SCADA information and it isn't easy to find all the sources and sinks.

I'd love to post data from a PLC directly to the public. But I just can't sleep at night with something like that waiting to screw things up.

Good luck with your security, and I mean that quite sincerely.

Re:Power Station PLCs should _not_ be connected... (1)

Loudog (9867) | more than 4 years ago | (#29432515)

A combination of VPN access and firewalling does the trick. I've tested it with AB (EthernetIP) gear and it works fine. There are quite a few vendors that will sell you the parts, but they aren't the traditional ones (Omron, AB, etc,...) so most of the controls folks seem to ignore their existence. When it comes to control, go to them. If it's data security, Cisco, Juniper,...

IDIOT. (0)

Anonymous Coward | more than 4 years ago | (#29431889)

Your village called and asked you to return.

Power station PLCs are connected to power station control networks that have links to power company administrative networks. These links are necessary as it's kinda difficult to ensure fuel arrives on time if you have no idea how much you're using. It's also kinda useful if you can coordinate power output with other power stations on the grid too or things tend to blow up. Oh, and since the grid itself is a distribution mechanism shared by many companies, you probably want some way of measuring how much power you put onto the grid so that your accounting department can ensure that your power company gets paid for it and stays in business.

Are you seeing the picture yet?

If you're looking for a purely air-gapped computer, might I suggest you start with your own so we can be spared your ignorant arrogance?

Re:IDIOT. (1)

blackraven14250 (902843) | more than 4 years ago | (#29432931)

They don't need to be put on the internet. Get a phone line, and run it between places where you want connections. Congratulations, you just made a network much more secure by taking it off the general, connected-to-everywhere-in-the-world internet.

Don't worry (5, Interesting)

dedazo (737510) | more than 4 years ago | (#29429619)

The US power grid is so ancient, convoluted and in such a massive state of disrepair that we can be sure we're safe from terrorists. They wouldn't even know where to begin to find a point in the system that could be used to trigger a catastrophic cascading failure like the one in the East Coast a few years ago.

Trees [wikipedia.org] on the other hand... trees are truly evil.

Re:Don't worry (2, Funny)

Anonymous Coward | more than 4 years ago | (#29429679)

Linux is so ancient, convoluted and in such a massive state of disrepair that we can be sure we're safe from viruses. They wouldn't even know where to begin to find a point in the system that could be used to trigger a catastrophic cascading failure like the one that is the Linux OS itself.

Fixed your typos there for ya.

Re:Don't worry (0)

Anonymous Coward | more than 4 years ago | (#29429713)

Linux is a kernel, not an OS.

Re:Don't worry (0)

Anonymous Coward | more than 4 years ago | (#29430507)

Linux is so ancient, convoluted and in such a massive state of disrepair that we can be sure we're safe from viruses. They wouldn't even know where to begin to find a point in the system that could be used to trigger a catastrophic cascading failure like the one that is the Linux OS itself.

Fixed your typos there for ya.

This needs to be modded up for being so fantastically hilarious.

Re:Don't worry (1)

tetsukaze (1635797) | more than 4 years ago | (#29429719)

Well, someone apparently has used publicly available information to find a weakness. Now that the door is open, who is stop a terrorist. With the grid being such a mess, won't it be that much harder to fix the problem if we did have an attack of this kind?

Re:Don't worry (5, Funny)

Saliegh (1368127) | more than 4 years ago | (#29429807)

Everyone knows that a small thermal exhaust port at the end of a long trench is the key to initiating a catastrophic cascading failure.

Re:Don't worry (1)

dedazo (737510) | more than 4 years ago | (#29429875)

You just reminded me of this [collegehumor.com]

Re:Don't worry (1)

Saliegh (1368127) | more than 4 years ago | (#29430125)

Thank you for that. Pure awesomeness.

Re:Don't worry (3, Insightful)

LoRdTAW (99712) | more than 4 years ago | (#29430393)

Have you watched the History Channel special: The crumbling of America? Well if you did the "terrorists" have nothing to worry about, they just have to sit by and watch us fall apart.

The roads are shot along with bridges. Sewer systems overloaded, water supplies in jeopardy, levies and dams in a state of serious disrepair. And an electrical grid that teeters on the edge of blacking out every day.

Its wasn't all doom and gloom as its not too late. Th1ere are many technological advances to replace and update our infrastructure with better and longer lasting replacements. Problem is money, there is simply not enough to go around and in some cases there is no money at all.

Re:Don't worry (1)

Ozric (30691) | more than 4 years ago | (#29431083)

That is all propaganda....

The "terrorists" watch and think, heck... They live in as big a shithole as us. We should stop hating them and feel sorry.

Re:Don't worry (2, Interesting)

mikael (484) | more than 4 years ago | (#29430611)

Back around 2000 there was a complete failure of the SF Bay Area power grid when a couple of engineers activated the grounding switches to a local area of the power line before decoupling it from the main grid.

Re:Don't worry (1)

misexistentialist (1537887) | more than 4 years ago | (#29431837)

You could say the same thing about the Western hegemony. Some terrorists are still naive enough to give a go though

Will Taco the asshole fix the bugs? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29429655)

Keep getting resource no longer available messages. The forums have been shit for 2+ years now.

Re:Will Taco the asshole fix the bugs? (1)

jollyreaper (513215) | more than 4 years ago | (#29429691)

Keep getting resource no longer available messages. The forums have been shit for 2+ years now.

That'll be fixed the day after they clean up the CSS on idle.

Silly report (1)

Ancient_Hacker (751168) | more than 4 years ago | (#29429703)

There are dozens of Power Engineers at utilities and govt agencies whose job has been, for the last fifty years or so, to run just these kinds of simulations.

They do this all day, every day.

The problem areas are pinpointed, and sometimes money is budgeted toward ameliorating the situations.

  Some problems can only be fixed by adding several billion dollar highlines, so those usually get postponed or ruled impractical.

Re:Silly report (1)

queazocotal (915608) | more than 4 years ago | (#29430347)

The margins on all power grids are getting smaller.
'Just in time'
'Predicted demand' ...
In the bad old days of monopoly providers, the monopoly would often reasonably plan the capacity, and built to some way in excess of this.

With the market coming to shine its light on all these restrictive practices, a new way of looking at power grids has arisen.
'What does upgrading the grid so to next years bottom line'.

Clearly this is the better solution.

Re:Silly report (1)

jeffstar (134407) | more than 4 years ago | (#29432653)

clearly you don't live in ontario where everybody gets an extra line on the monthly bill to help pay their part of the old bankrupt monopoly's debt.

30 billion in debt against 10 billion in assets (http://www.electricityforum.com/news/jul03/hydrodebt.html).

maybe they should have paid a bit more attention to the bottom line

The amazing thing (5, Insightful)

guruevi (827432) | more than 4 years ago | (#29429763)

The amazing thing is that nobody ever tried it or at least never succeeded. The US is apparently not that hated in the world since nobody ever does anything. We have hundreds of reports on how easy it would be to disable this or take that out of service. All it takes to black out the USA are some well placed charges or for somebody to hit a few poles hard enough but nobody does it. All we got was some measly hijacked plane (which has been done since the 70's) in a few buildings.

Re:The amazing thing (4, Insightful)

oodaloop (1229816) | more than 4 years ago | (#29430071)

All we got was some measly hijacked plane (which has been done since the 70's) in a few buildings.

...whose cost rose into the tens of billions and exacerbated our recession. It didn't topple our economy, which was their aim, but put a dent in it.

Re:The amazing thing (5, Insightful)

hoggoth (414195) | more than 4 years ago | (#29430527)

> It didn't topple our economy, which was their aim, but put a dent in it.

Yes it did. The cost of the buildings is negligible compared to our GNP. But the cost of the followup war in Afghanistan, war in Iraq, DHS, etc have toppled our already shaky economy. What's more their aim wasn't to topple our economy, it was to ruin our way of life. I'd say our descent into security theater, torture, surveillance and paranoia has gone a long way towards destroying our way of life. America the free?

Re:The amazing thing (1)

oodaloop (1229816) | more than 4 years ago | (#29430769)

What's more their aim wasn't to topple our economy, it was to ruin our way of life.

Well, Usama bin Laden said he intended to destroy our economy by taking out the twin towers. Khalied Sheikh Muhammad said the same thing when planning the Bojinka plot in 94. They thought those two towers were pivotal to our economy, for some reason. They've also said they will not stop until they have raised the flag of Islam over the White House. They could really care less about our way of life if we're still alive.

Perhaps we overreacted as a nation, and you're entitled to your opinion. I am personally greatly upset at the rise in surveillance, loss of rights etc. But remember we are fighting an enemy that is dedicated to destroying us no longer how long it takes. Some things must change if we are to stay alive.

Re:The amazing thing (1)

blackraven14250 (902843) | more than 4 years ago | (#29433111)

It's not a "tower takes out nation" movie plot. It's a "tower changes nation into crazy people who then waste massive amounts of money thus killing their economy which lets us invade them 50 years later when they have nothing to fight back with and are infighting more than we do" large-amount-of-long-term-strategy plot. You forgot that their entire strategy is to wait, always. They can wait for the economy to fall, as they have literally nothing that's time-sensitive in their society. They're still in the bronze age, and they're gonna stay there until we get back there because of our infighting, then kick our asses because they're much more used to it.

Also, just because it hasn't killed our economy yet, and didn't directly, doesn't mean the events of 9/11 won't lead to the US falling. The changes in our security can lead to changes in our economy, because if the government is allowed control over security, they'll take control over other aspects of life too. The government puts expenses of security on the economy, and constantly add to that burden (with some more of their provocation) until the economy couldn't take it anymore. That would lead to an economic collapse of massive proportions, large enough to prevent us from recovering at any decent speed, which would put us right where Islamic extremists would want us - back in the stone age, where they've been fighting for long periods of time.

Re:The amazing thing (1)

oodaloop (1229816) | more than 4 years ago | (#29433283)

It's not a "tower takes out nation" movie plot. It's a "tower changes nation into crazy people who then waste massive amounts of money thus killing their economy which lets us invade them 50 years later when they have nothing to fight back with and are infighting more than we do" large-amount-of-long-term-strategy plot.

Aside from your vivid imagination, do you have any sources for that? Have you heard any Al Qaeda members say that? Because what they have explicitly said on multiple occasions is that they wanted to destroy our economy. If you have a source from Al Qaeda, post it.

Re:The amazing thing (4, Insightful)

dkf (304284) | more than 4 years ago | (#29432621)

But the cost of the followup war in Afghanistan, war in Iraq, DHS, etc have toppled our already shaky economy.

Actually, it was the collective stupidity of millions of people that did that. And yes, believing that house prices would always go up in real terms (or that you'd at least be able to guarantee to get out without burning yourself when they stopped) is most certainly stupidity. On the other hand, as long as everyone believed, it almost worked; the only problem was this inconvenient thing called reality...

Re:The amazing thing (1)

whitelabrat (469237) | more than 4 years ago | (#29430099)

Would you mess with a house full of trigger happy rednecks? Hell no. That's why nobody has messed with this. It would be suicide.

Re:The amazing thing (0)

Anonymous Coward | more than 4 years ago | (#29432921)

Tell that to Osama Bin LAden, your rednecks have not been able to get him. Why shoould anyone else be worried?

Re:The amazing thing (1)

vlm (69642) | more than 4 years ago | (#29430111)

The amazing thing is that nobody ever tried it or at least never succeeded.

I wouldn't worry about a small terrorist conspiracy, or even the best efforts of a lone wolf.

Believe it or not, a company-sized army of kamikaze terrorist squirrels and at least a division-sized army of terrorist trees has been trying to do this for literally over a century, and have won only minor short term battles and the nations EE-army has rapidly regained the lost territory.

Add in all the drunk drivers crashing thru the fences, cropduster airplanes that fail to avoid the lines, it just seems unlikely.

My favorite part of all these "terrorists will destroy our infrastructure" stories is how the true enemy of america (our own govt employees) claim the attackers will use crazy hollywood style plots, when everyone knows you just buy some hardware store chain, tie one end to the fence post, the other to a brick, and throw the brick over the station. Or crash a stolen truck thru the fence and into the station.

Re:The amazing thing (4, Interesting)

Ron Bennett (14590) | more than 4 years ago | (#29430127)

People have tried blowing up / cutting high-tension power towers, but it seems that either they're stopped part way through their plan, or simply never follow-through (ie. cutting one or more of the tower supports, but failing to taking down the line).

Very often attacks are attempted at night, but that's a bad time, since load is often low. One would need to wait until mid afternoon on a very high load day (even more ideally when some major lines are down for maintenance) - that takes advanced planning and good luck.

Furthermore, cutting lines, alone, probably wouldn't be enough to cause a cascade. One would very likely need to bypass / overwhelm (ie. in the 2003 east coast black out some of the monitoring computers were unresponsive due to a worm going around) some of the safety systems, as well, for a cascade failure to occur.

On a related note, detonating a nuclear device high in the atmosphere at the right location would likely do it, but that would be extremely challenging - more likely, a terrorist with a nuke, probably of very low yield, would most likely detonate it at ground level, which would minimize EMP effects.

Ron

Re:The amazing thing (1)

Rich0 (548339) | more than 4 years ago | (#29430541)

If you wanted to take out a substation/etc, wouldn't it make more sense to just shoot at the ceramic insulators with a rifle? Why on earth would you go sawing on the support beams for a tower? First, it takes a while. Second, you are right next to a metal tower that is about to have high-voltage lines fall onto it - at those levels that electricity will arc multiple feet through the air and turn you into a cinder. To shoot out an insulator you probably just need to be a good shot - you probably don't need a particularly exotic rifle. Of course, if you're shooting up into the air you might need to take the elevation change into account with your aim - and if you don't have tracers it could be a tough shot.

Re:The amazing thing (1)

queazocotal (915608) | more than 4 years ago | (#29430595)

Or you cut a lot of lines.

You use public domain resources and a little research to work out which lines are under most stress.

You get maybe 10 guys with vans and big catapults that throw copper wire over a high voltage line.

You drive along the lines - with a plausible excuse - and you work out where a nice little farm road is that nobody uses for each line, and come 1:23:23 AM (or whenever) you kill all 10 lines as your teams are driving away from thier catapults on a 1 minute trigger.

For added fun have a second few teams that do this at 1:33:23

Re:The amazing thing (1)

MrLogic17 (233498) | more than 4 years ago | (#29430943)

Correction: It wasn't a worm that caused the unresponsiveness - it was a bug in the software that didn't display alarms. The operators didn't see them, thus they stacked up. The backlog of alarms brought the system to it's knees. The switch to the backup servers didn't fix that issue, thus bringing them to a crawl too.

There's lots of facinating reports on the 2003 blackout out there- including pics of the single tree that started it all.

Re:The amazing thing (1)

drinkypoo (153816) | more than 4 years ago | (#29433091)

Very often attacks are attempted at night, but that's a bad time, since load is often low. One would need to wait until mid afternoon on a very high load day (even more ideally when some major lines are down for maintenance) - that takes advanced planning and good luck.

It would be trivial to apply remotely activated thermite packs to the legs of the towers. They could be activated by cellphone. The cost of the whole thing to take down two towers simultaneously would run into the low single-digit thousands if you really slicked it up. Obviously nobody serious has ever really tried to do this.

Congress in Do Nothing Mode for 3 decades (-1, Troll)

BoRegardless (721219) | more than 4 years ago | (#29429793)

This is not surprising as I've read about it several years back with respect to Coronal Mass Ejections.

Congress has not funded the grid, airport traffic control systems, social security, medicaid, the 50% of dams that are in need of major repair, replacement or tear down, and don't forget chemical & nuclear waste removal-disposal, let alone securing borders.

But going after the CIA for breaking fingers is so important for Congress.

Vote them ALL out of office.

Re:Congress in Do Nothing Mode for 3 decades (0)

Anonymous Coward | more than 4 years ago | (#29429967)

If you're going to troll, you could at least make your third partisan claim be one that actually has something to do with budgeted funds like the first part. I mean, seriously, it's not even good bad-rhetoric, and frankly it feels like you're not really respecting people enough to disrespect them with effort.

Re:Congress in Do Nothing Mode for 3 decades (0)

Anonymous Coward | more than 4 years ago | (#29430049)

Congress has not funded the grid, ...

The Federal government doesn't own "the grid", so why should they be blamed?

Fragile Grid (4, Informative)

Old VMS Junkie (739626) | more than 4 years ago | (#29429799)

The electric grid has already suffered multiple cascading failures from simple events that led to widespread outage. Look into the West Coast outages of 1996 and 1998 as well as the failure in the Northeast in 2003. There's a lot of interesting science going on around networks, graph theory, complexity and all. There's a really good book on teh subject, "Six Degrees" by Watts.

Re:Fragile Grid (0)

Anonymous Coward | more than 4 years ago | (#29430699)

Note the rolling blackouts in California in 96 were induced by Enron, not grid capacity.

All the more reason to renew the grid (1)

99luftballon (838486) | more than 4 years ago | (#29429843)

The paper looks very interesting and should be another reason for a full grid upgrade, so we can use smarter power systems. It's a pity Edison's idea of local power stations never took off. Such a system would be much more fault tolerant and scalable. The same thing could be done now with pebble nuclear reactors [wikipedia.org] .

Re:All the more reason to renew the grid (0)

Anonymous Coward | more than 4 years ago | (#29429959)

Didn't bother to check but did his idea of local power stations have something to do with his idea that DC was the way to go? Tesla managed to get his shitty DC systems to work to some degree but left cause edison was too stupid (as usual) to see the beauty in AC for transmission of power. So, screw edison, he was a moron, he was the bill gates of electricity.

Re:All the more reason to renew the grid (2, Informative)

Old VMS Junkie (739626) | more than 4 years ago | (#29429975)

There were economic issues with Edison's ideas. The biggest problem was his insistence with DC. DC only worked with local power stations. AC scaled and could transmit over much farther distances with much less loss. More fault tolerant, perhaps. More scalable? Not from an economic standpoint.

Re:All the more reason to renew the grid (3, Informative)

Ungrounded Lightning (62228) | more than 4 years ago | (#29431595)

There were economic issues with Edison's ideas. The biggest problem was his insistence with DC. DC only worked with local power stations. AC scaled and could transmit over much farther distances with much less loss. More fault tolerant, perhaps. More scalable? Not from an economic standpoint.

The main reason AC scaled better than DC was that simple transformers could be used to boost the voltage or long-distance transmission on affordable diameter wire and back down to what could be safely handled in a home. Shifting DC, at the time, required rotary converters and was limited in voltage by the arcing and size of the commutators.

Since about the 1960s or so DC conversion for long-lines has been practical. And with modern semiconductors it's now economically competitive. With that, DC lines become practical for a makeover.

AC, unfortunately, introduces propagation timing effects that make things a bit more complex to keep running. DC doesn't have those failure modes AND it makes somewhat better use of a given amount of metal in the wire.

(A downside of DC vs AC is that a DC arc is harder to extinguish.)

Re:All the more reason to renew the grid (1)

Stenchwarrior (1335051) | more than 4 years ago | (#29429989)

Undoing a mis-mod

Re:All the more reason to renew the grid (1)

Ungrounded Lightning (62228) | more than 4 years ago | (#29431811)

Going "smarter" is a big boondoggle for the makers of the "smart network" equipment. Last I saw it would not pay for itself with either electrical savings AND reduced costs of outages combined. And it has extra failure modes of its own.

Replacing the current grid with a DC distribution similarly would be a great way to funnel government money into the pockets of campaign contributors but would hardly pay for itself in energy savings (though if done right it MIGHT raise reliability somewhat). Switching to DC across the grid would eliminate the AC transmission line phasing failure modes. But those are handled well already. It wouldn't do squat for the "not enough generation and transmission capacity to carry the load" failures - local or cascading.

The scare scenario given in TFA seems to be a variant of one of the latter: Taking out a local section of the grid and leaving the rest unable to serve its load. (Though I'm not sure, having not paid for a copy of the not-adequately-quoted article.) Presuming this is true it doesn't argue for the remedies suggested - either transmission line upgrades or "smart grid" technology.

Seems to me the right thing to do is build new long-haul transmission lines with DC where appropriate and stop wringing hands about it.

(It might also be good to boost the voltage of any new new DC transmission lines by about a factor of 2 from the current stuf, to match the voltage of hydrogen-boron fusion products. That would significantly reduce the amount of equipment needed to build a generation plant if any of the schemes that do direct conversion, such as Polywell fusors, work out.)

Re:All the more reason to renew the grid (1)

Ungrounded Lightning (62228) | more than 4 years ago | (#29432019)

The scare scenario given in TFA seems to be a variant of ... Taking out a local section of the grid and leaving the rest unable to serve its load. (Though I'm not sure, having not paid for a copy of the not-adequately-quoted article.)

And a closer reading of TFA2, referenced by TFA, makes that clearer.

It was an "aha" moment: Of COURSE disrupting the LIGHTLY loaded subnets (where there is a surplus of generation feeding the HEAVILY loaded sections) causes more failures than attacking those with heavy loads:

  - Taking down a section with a generation surplus reduces the available power on the rest of the net, leading to local shortfalls that trip protective breakers on generators and produce the cascade failure.

  - Taking down a section with a generation shortage may even help, taking out enough excess load to make up for the loss of the transmission capacity through the section and thus limiting or eliminating failure cascades into its neighbors.

oh noes (3, Funny)

Lord Ender (156273) | more than 4 years ago | (#29429863)

if terra were to plant a nuclear bomb in my apartment, thousands in my neighboorhood could be killed. that's worse than a mere blackout! please give me a large grant so i can upgrade my apartment to a more secure version. think of the children!

Brilliant! (0)

Anonymous Coward | more than 4 years ago | (#29429911)

What better way for a Chinese spy to get further access to not-public data? Just produce a report that says "You're vulnerable!" and let DHS open the secrets vault.

Looks like it's time to (1)

polymerousgeek (1196703) | more than 4 years ago | (#29429931)

get those new UPSs I've been wanting.

This just in... (4, Funny)

It doesn't come easy (695416) | more than 4 years ago | (#29429951)

Jian-Wei Wang has just been added to America's Top 10 Most Wanted Terrorist list, according to a DHS spokeperson. "We believe this person has been studying some of our infrastructure with the intent to identify inherent weaknesses. It is only a matter of time before this person, or someone else, uses the knowledge gained to attack the USA." A few moments later, a nearby open microphone caught the DHS official's candid statement "Anyone using information, public or private, to point out our own stupidity is automatically suspect. To go so far as to publish their findings is criminal. Besides, since we can't find any real terrorists, we have to demonize someone so we can continue justifying our astronomical budget in these difficult economic times." After a reporter on the scene brought this admission to the attention of the spokesperson, the reporter's name was also added to the list.

Re:This just in... (0)

Anonymous Coward | more than 4 years ago | (#29430491)

They'd do that before they'd ever indict Osama bin Laden for 9/11.

http://www.fbi.gov/wanted/topten/fugitives/laden.htm [fbi.gov]

Re:This just in... (1)

Beerdood (1451859) | more than 4 years ago | (#29432873)

I think I saw this happen in a documentary called "Live free or Die Hard". Someone send in Bruce Willis after this guy, before he disabled the entire grid!

Let me guess... (1)

Balial (39889) | more than 4 years ago | (#29429995)

So they're going to decide, therefore, that the thing to do is hide the information and ban research into it. You know, instead of actually making the systems secure.

Hooray for security for obscurity.

chinese study ?? (0)

Anonymous Coward | more than 4 years ago | (#29430041)

of course the study just happens to be linked to china ..

and you mean to tell me the DHS has not done it's own studies on the vulnerability of the us infrastructure .. and what are they using their funding for ..

just what are they there for then ??

oh Ya! .. i forgot protecting us intellectual property rights .. building detention centres for when you all wake up .. and domestic spying ..

Fundamental problem (1)

zorro-z (1423959) | more than 4 years ago | (#29430095)

Now that power utilities are free to be profit-generating enterprises, there's less incentive for them to invest in the redundancies which make cascading failures possible. In the past, when utilities were heavily-regulated non-profits, people complained that their systems tended to be "gold-plated," due to so much potential profit being re-invested in the systems. But, as the northeast blackout of a few years back demonstrates, today the same money which would have gone to improving the infrastructure now goes to shareholders + private owners.

It's a no-win situation, unless you happen to be an owner, in which case you can probably afford your own private generator when the system you own fails.

Re:Fundamental problem (0)

Anonymous Coward | more than 4 years ago | (#29430291)

Yeah. Because they get paid for outages which are really cheap for them to implement since they don't consume any energy at all. In fact, they are going to start tearing down the power lines to really jack up their profits.

Shu'up dumbass.

Re:Fundamental problem (1)

Attila Dimedici (1036002) | more than 4 years ago | (#29430409)

. In the past, when utilities were heavily-regulated non-profits, .

When exactly was this? The utilities that provide electric and gas in my area have been for profit companies for as long as I have been alive (and I believe for as long as electric has been available to run in home appliances in this area). They have also always been heavily regulated and require authorization from the state to raise rates.

Re:Fundamental problem (1)

zorro-z (1423959) | more than 4 years ago | (#29430479)

The deregulation of the US electric industry began w/the Energy Policy Act of 1992, although, as Wikipedia notes, "It began in earnest only from 1996 onwards when the Federal Energy Regulatory Commission issued orders that required utilities to provide transmission services "on a reasonable and non-discriminatory basis."

http://en.wikipedia.org/wiki/Electricity_sector_of_the_United_States#Deregulation_and_competition [wikipedia.org]

Re:Fundamental problem (1)

Attila Dimedici (1036002) | more than 4 years ago | (#29430629)

So, are you claiming that before 1992 electric utilities were non-profit? Because I happen to know that in my area that is not true. Additionally, since what you are referring to is Federal regulations, it doesn't exactly effect what I said, which was about state regulations, which as a matter of fact your link states: "By 2008 only about a dozen states had deregulated their electricity markets".

I worked in Nuclear security... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29430257)

They required all employees to use the same identical 4 letter password, to which I objected but was forced to do. My first few weeks there I discovered a keylogger on two PCs using Spybot. I reported it to management and suggested they have everyone scan their PCs, they said I was overreacting. Their email service was hosted by a remote 3rd party provider in Texas, who could be reading all their mail because they were too lazy to set up one in house. I recommended an internal email server and also that everyone use public key encryption to sign emails on several occasions and was told, "You do it and take responsibility for it when it fails."

Customers, like nuclear weapons/energy facilities, sometimes requested encrypted email or transmissions of files and our lead developer refused to do that because it was too hard to figure out. So, he just sent everything plaintext through zipit/rapidshare websites, he'd sometimes send whole CDs zipped up. And, when I voiced concerns about security they told me to shut the hell up, literally.

Also, when I mentioned I had made my code secure against remote attacks, they told me to stop wasting time on that because none of these machines would ever be connected to the Internet. However, when I pointed my boss to an article about guards at energy facilities hooking wifi routers to the network, which he had assured me they weren't allowed to do, he just ruffled his feathers at me and told me not to worry about it.

Suffice it to say, they let me go, and kept the engineers that didn't care about security. I remember having a conversation with one of the developers in my team who didn't think secure code was important and I stated that actual lives depended on our work, his response was, "I don't care it is just a job, you take it too seriously." I guess I did, that's why I'm gone and he's still there.

Cascade effect (1)

whoisisis (1225718) | more than 4 years ago | (#29430295)

Here in Europe, we've also experienced a few cascading blackouts, triggered by single
failing power plants. Blackouts throughout Denmark caused by failing power plants
in middle/southern europe is not unheard of. When the power grid is so interconnected, a few
failures means the capacity of the rest of the plants does not meet the demand of the grid,
which in turn forces the rest of the plants to a grinding halt. A very well coordinated effort is then required
to bring the grid back up.

There's probably not much to be done about this, other than
perhaps segmenting the grid (making it harder so sell/buy power from other plants).

Interestingly, the grid in Denmark is naturally segmented by water. The western part of the country
is connected to the central european power grid, and the eastern part is connected to the rest of the North (Sweeden etc).
Because of a new tunnel under Storebelt, a (DC) powerline can help restart the northern power grid and vise versa.
This was used a couple of years back after a failure of a sweedish powerplant that caused Sweeden and eastern Denmark
to black out.

Re:Cascade effect (0)

Anonymous Coward | more than 4 years ago | (#29430403)

are you saying the Swedish powerplant bork bork borked denmark?

This is not new (1)

HangingChad (677530) | more than 4 years ago | (#29430355)

I started a book years about a coordinated attack by a small group of people that blacked out the west coast for months. That was early 90's. Surprisingly little has changed. Security is better, but it's still astonishing how much of our power infrastructure is unprotected.

Almost as surprising is how few people are prepared for an extended power outage. Ever since I worked around power management systems, I've dragged around a generator and keep enough gas on hand to run it at least two weeks.

It says good things about our electrical grid that I've only needed the generator a handful of times in all those years. But I've also noticed over the years we've come to take the grid for granted and are woefully unprepared for a wide spread outage that lasted more than a week. An interesting mental exercise is to look around your house and think about what things would be worth without electricity.

Haven't I seen this one before? (1)

Drunken Buddhist (467947) | more than 4 years ago | (#29430381)

Already, subscribers are talking about a controversial military maneuver whereby a small unit or individual, outgunned and trapped may use an otherwise abandoned motor vehicle and a makeshift ramp to disable or destroy a rotory aerial vehicle.

At least one may in fact currently be viewing this via "the old satcomms".

Why the heck ? (1)

aepervius (535155) | more than 4 years ago | (#29430415)

Why the heck the power infrastructure is connected to the internet ? Why the heck not use direct modem or similar non easily compromisible stuff, and certainly nothing a MALWARE could control ? Whiskey Tango Foxtrot ? Why not a freaking red button outside with "hit me to break me".

Re:Why the heck ? (1)

PitaBred (632671) | more than 4 years ago | (#29430813)

Because it doesn't need just point to point communications, and they want constant communication instead of dedicated lines. They'd have to essentially build a private Internet for communications.

The problem isn't that they're using the Internet. The problem is that they're not using something like a VPN to connect. Businesses do it all the time with damn good security. The power companies just don't give a shit since they have a monopoly on the lines, they have no competition, and no incentive to protect themselves or the rest of us.

Re:Why the heck ? (0)

Anonymous Coward | more than 4 years ago | (#29431937)

Actually, most of the article was talking about physical security. The power network, not the computer network running it. The researcher suggested that destroying a small, lightly loaded section of the network would cause overloads on other parts of the power grid which would cascade and bring down the entire West Coast grid.

I'm betting that if you do it by computer, you wouldn't be able to cause that sort of unsafe shutdown (So that a single disgruntled company employee can't cause a blackout across the continent). You could still deny service, but computer security holes are a lot easier to patch than physical ones.

and Smart Grid will let any 10-year-old crash all (2, Interesting)

swschrad (312009) | more than 4 years ago | (#29430433)

used to be, you had load dispatchers at switches in multiple areas. they had telephones and a small phone book of other dispatchers. under that system, the US became the world's dominant superpower and home of most wealth.

worth trying. not everything has to run on flash and crackberries.

In Soviet Amerika: (0)

Anonymous Coward | more than 4 years ago | (#29430467)

Power grid report YOU !

Yours In Astrakhan [youtube.com] ,
Kilgore T.

DHS? (0)

Anonymous Coward | more than 4 years ago | (#29430487)

Meh. Call me when Jack Bauer want's to check the powerplants.

reminds me... (1)

mach1980 (1114097) | more than 4 years ago | (#29430531)

Reminds me of the swedish transport agency. It has several publications on its website describing, in great detail, how a terrorist may steal and release dangerous goods from vehicles.
Counties is Sweden also have more localized publications describing where to find the dangerous goods and vunerable sites.

Still no-one is putting the information to terror use. Seems there is other ways of protecting the homeland...

bah...more green scare mongering (0)

Anonymous Coward | more than 4 years ago | (#29431063)

I guess next he'll suggest that a decentralized network would be more resilient? Locally produced power, maybe solar or some such? Pure green propaganda. This man probably claims global warming is real and hates business.

Who needs terrorists? (1)

meustrus (1588597) | more than 4 years ago | (#29431719)

Who needs terrorists to take down the entire West Coast power grid when you've got Enron? It WILL happen again, especially with the current state of the California government.

Duh, the equipment is exposed (2, Interesting)

johnny cashed (590023) | more than 4 years ago | (#29431747)

I have conceived of a distributed attack involving timed/coordinated thermite devices placed on transformer housings at substations. Place the same devices on any emergency generator housings where first responders are located, and massive chaos would quickly ensue.

Thermite is easily made/sourced from the components, timing devices are trivial. Thermite is not an explosive, but it would easily burn a hole in the top of a oil filled transformer housing, drop inside the transformer, burning all the way. I'm sure it would short the xformer, and ignite the oil inside. Same with generators, a thermite device placed on top would easily burn into the engine block or generator windings.

I'll leave the details out for the terrorists to figure out, but I see this as an easy attack for small cities. Larger cities will have the infrastructure more secure, but it is a large grid to secure. Too large. Modern society needs electricity like humans need air. I see my plan of attack as cheap, not too sophisticated for dedicated attacker(s) and probably effective, depending on how large a coordinated attack could be. It is very scalable.

What, who's at my door? DHS?

The Grid Is Challenged Daily (1)

anorlunda (311253) | more than 4 years ago | (#29431829)

In the ice storm of 1998 in the Northeast more than 200,000 poles and 100,000 miles of lines were downed. The blackout did not extend much beyond the counties affected.

On 9/11 300 MW in NYC disappeared when the towers went down. The blackout did not extend more than a block.

Tornadoes, earthquakes, wildfires, ice storms, and hurricanes provide frequent tests of multiple unplanned simultaneous contingencies. They hardly ever cause cascading outages.

Yes cascading outages do occur in real life, but the grid is much more robust than popular chit chat assumes. If it were as vulnerable as pundits suggest, we'd have regional level blackouts weekly.

The design criterion is that blackouts affecting 10,000,000 or more customers should not happen more often than once every 10 years. (Source [energy.gov] ) The record for the past 40 years shows that performance is just about on-target.

Sadly (0)

Anonymous Coward | more than 4 years ago | (#29431923)

America is LOADED with lots of holes just because we run windows and are hiring more and more offshore. Offshore REALLY could not care less if America was attacked and taken down. Heck, just the other day, verizon had a major attack on its network. Where were the openings? In work from India. Yet, that kind of stuff is being kept quiet.

It's nice to near the source of power. (1)

nsaspook (20301) | more than 4 years ago | (#29432293)

My house is on a main tie power line substation that once was connected to a Al plant here. Now the power goes to two large
semiconductor fabs that have contracts for power with massive penalties for loss of production. I think I have had less than a hour of outage in 20 years.

When California disconnects my lights do get a little brighter. http://www.bpa.gov/power/pl/columbia/4-gal-1.htm [bpa.gov]

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>