Re: Don't make the power grid smart: IT COULD GET HACKED!

I agree with you 100% on this. That is what it seems to me, a bunch of scaremongering.

Re: Don't make the power grid smart: IT COULD GET HACKED!

Could get hacked? the power grid has been hacked many times...

http://www.telegraph.co.uk/news/worl...ower-grid.html

this is just the most recent.

Re: Don't make the power grid smart: IT COULD GET HACKED!

While the power grid is technically a dumb network of switches and knobs one could hack into the substation wireless telemetry network and alter the data making people throw the wrong switches and knobs. Therefore creating either a DOS attack or something more destructive. I typically see yagi antennas at most substations these days. I'm no expert but I assume they serve a purpose.

http://www.getwirelessllc.com/Soluti..._Utilities.cfm

I personally hate all the fear mongering. I grew up in a time when we faced a real threat, the USSR and 30k + nuclear war heads pointed at us. A country that had a boots on the ground intelligence capability that was second to none. Yet we prevailed, and the very real threat of nuclear holocaust is now taken a back seat to a bunch of guys living in caves with AK-47's. Sad when you put it into a little historical perspective.

What I hate about these reports is that they lack the why, or any plausible scenarios. Just be afraid, be very afraid. Anything that man can break we can fix and make it better. Heck you don't need cyberspace to knock out the Eastern Sea boards power grid just blow up a transformer in the Niagara Falls valley.

xor

Also democrats don't fear monger, we hawk prudence; we don't seek and destroy, we sweep and clear; we don't Wage a War On Terror, we perform Overseas Contingency Operations. (rolls eyes)

Note to America: Please grow a pair.

Re: Don't make the power grid smart: IT COULD GET HACKED!

The blackout of August 2003, if I recall, was abated because the guys that run the grid in PA went against policy and took us off the grid. When they saw the cascade start they made the decision, pretty much on their own to disconnect from the main grid and saved us from going dark. It probably also created a "fire-break" to keep the cascade from rolling into other states.

From the articles that I have about it, it was a combination of issues that caused it's start. A transformer burning up at a substation in conjunction with the slammer worm.

Even if the grid were to fail, short of a high altitude EMP, it wouldn't be a major disaster. Life will go on, most of the other utilities have their own contingency plans for a major power failure.

Re: Don't make the power grid smart: IT COULD GET HACKED!

This was on the InfoSec New list this morning, and sums up the whole thing quite nicely, I think:

Re: Don't make the power grid smart: IT COULD GET HACKED!

An observation made by myself a while ago about hacking power grids, phone networks (outages, not phreaking), water systems, is that the hysteria level is exponentially tied to the perceived cause.

Power failures happen. Be it rolling Enron blackouts or jackass in a car taking out a transformer on the highway. Most people just deal with it and light some candles or something and continue on (another observation is that birth rates 9 months from the blackout are directly proportional to the length of the blackout)

It's when people perceive that a malicious hand was at work that the fear skyrockets, even though the resulting effect on the people is the same.

How much work would it take to re-create the 2003 blackouts? My uneducated guess is more than an average bad guy is willing to put in, particularly if he wants to keep things down for longer by destroying equipment rather than sabotage that can be repaired.

Generators blow, lines fail, water mains burst, it's all things we live with. How is the effect any different if it's caused by an outside source?

Re: Don't make the power grid smart: IT COULD GET HACKED!

The things people should be concerned about they're not. Things like solar flares, and directed energy weapons which could actually destroy infrastructure as well as personal items on a large scale for a long time.

xor

Re: Don't make the power grid smart: IT COULD GET HACKED!

http://www.pacetoday.com.au/Article/...ds/480902.aspx

I just ran across this today. I haven't been able to find much in technical details, but if this is anything like the other items I found related to Wireless and SCADA it will be far from secure, and this is a brand new product.

Re: Don't make the power grid smart: IT COULD GET HACKED!

it still can send you into a small skid when it happens unexpectedly, heh.

last night all the Sprint phones in the area went out of service for an hour or so. i don't know if it was just that carrier, since most folk i know are on there.

at least i still had the internet and thanks to the neighbor next door there's no shortage of short- and long-range radio gear if any real interruption in communication technology were to happen.

i do look forward to render and prez's talk at DEFCON. short of keeping the shotgun ready and the bug-out-bag packed, there's not a lot of disaster preparation that goes on 'round here.

Re: Don't make the power grid smart: IT COULD GET HACKED!

The blackout-pregnancy link is pretty much a myth...
Most people are too concerned about other things to get their groove on.

More interesting is the hysteria surrounding it. I wasn't in the US when the duct-tape and plastic sheet hysteria was going on, but manipulating that for personal gain might make an interesting "theoretical" talk.

Re: Don't make the power grid smart: IT COULD GET HACKED!

That would be a great way to get all the "Macs can't be hacked" people to wake up . . .

Re: Don't make the power grid smart: IT COULD GET HACKED!

I just got back from a tour of a local Co-Gen facility that's taking methane generated by the host facility and using it to power 1.5MW generators which is then supplied to the main power grid. I was on the tour because our facility is looking into installing a Co-Gen in the next couple of years.

Sadly, both their IT and Physical security is atrocious. The Co-Gen was surrounded by a 8' chainlink fence with no wire on the top. It is out in the middle of nowhere with no cameras and no guards. It would be rather simple to enter the compound where the generators are sitting and no one would know you're there.

The control cabinet for the Methane input wasn't locked, when we got there, but even if it was locked, it would have been simply bypassed as it was a cheap cabinet type lock. The locks on all the doors were cheap as well, nothing had a deadbolt or a padlock hasp on it, except for a storage container.

Inside the Switchgear building was their data connection. From what I could see it was possibly a private line ADSL link to their main facility about 30 miles away. The reason why I think it was a private line and not a regular ADSL line was because of the Circuit ID written on the box. Inside the switchgear room was an OIT that controls the entire facility. This had no authentication on it and was just ready for anyone to press buttons.

In the operators office was another OIT that also could run the facility, when we came in it was in "locked" mode, meaning no changes could be made. While he was showing us the system, he simply clicked a button and it unlocked. No user/pass challenge.

Hanging on the wall was a Linksys 54G AP. I quickly did a discrete scan of wireless networks from my Blackberry just to see what it was. The SSID was being broadcast and it was using WPA-Personal. The SSID also indicated what the facility was. Sitting on his desk was a pair of laptops which he said one was configured to plug directly into the generators for troubleshooting issues and adjusting the onboard computers. The other one, I assumed, was the one he takes home with him so he could connect remotely.

I didn't see a modem or any other remote connection method on the site so I'm assuming he would connect via a VPN to their main site and then jump the ADSL line down to there. On both OIT's was an ancient version of VNC.

This facility obviously isn't big enough to unbalance the grid and cause a major blackout. But having the AP sitting there is kind of scary as if it were hacked chances are someone would have access to the rest of the grid in that area.

Re: Don't make the power grid smart: IT COULD GET HACKED!

Well everybody knows that no one would think of physically attacking the plant. You onl y have to worry about virtual access. And they have firewalls to protect them.

Sadly this is how most places are. I've seen better security in sewage treatment plants (not yours, haven't been there yet.) then in power generating facilities. Hell, I've seen better security on the cisterns at the local state park. We drove up the wrong unmarked road and we're looking around 5 minutes before we were met by the park police and shown that the entrance to the park was on the other side.

Believe me, I've seen it all from redicuously locked down systems requiring key card access, to run a single machine, to absolutely no restriction to run the entire plant!

Smart Grid will be hacked the day it gets installed. I don't care how good the heuristics system is. Personally, I've looked at what they say it can do and it scares me.

Re: Don't make the power grid smart: IT COULD GET HACKED!

I'm still working on getting better security implemented at our site. It's an uphill battle because I'm going against managers that are of the idea that since nothing bad has happened so far, then we don't have anything to worry about.

Even when something bad does happen it's just shrugged off as an isolated incident. We've had an increasing amount of incidents occur against several of our properties including a smashed window at our main office. The window was said to have been vandalism, but I saw it as an attempt to enter the building since it was in the most concealed corner of the building. I'd think if it was vandals they would have broken the nice big window out front, not a 2x2' window near the back door behind a bush.

Re: Don't make the power grid smart: IT COULD GET HACKED!

It's the work of militant Amish Terrorists. The ALO Amish Liberation Organization. Why do you think they wear black.

xor

I could always come up there and spray paint ALO on the sides of buildings.