Electrical grid is said to be vulnerable to terrorist attack. I can agree that electrical power distribution network would be quite vulnerable if someone tries to sabotage it and knows what to do. I know this because I design software and hardware for control systems for electrical companies.
Some days ago I saw in Finnish television an interesting documentary Suomi polvilleen 15 minuutissa (viewable on Yle Areena at least for Finnish people still for few weeks). It says that in Finland there has been debate on how many weeks the army could protect the country against potential attacks. The document says that the country could collapse in 15 minutes if some outside attacker or a small terrorist group would attack to certain key point in power network. Practically nothing would work anymore without power and it will take quite bit of time to get replacement parts for some key component. There are not too many spare parts and it it take months or a year to build a new big high voltage distribution transformer.
This vulnerability would hold to practically all developed countries. I have understood that Finnish electrical power distribution network would be in pretty good condition compared to electrical power networks on some other countries. I think that in many countries could quite easily cause huge problems by damaging some key points on power distribution network. Those attacks could be either cyber-attacks or attacks or damaging physical infrastructure.
In USA there has been lots of talk lately about electrical grid vulnerability to terrorist attack. There are warnings like this: Cyber-terrorists could target the U.S. electrical grid and throw the nation into chaos. And there is indeed some truth on those because this critical infrastructure is vital to a country’s economy and security, not a new target for terrorist groups (there have been documented incidents since the 1970s), inherently vulnerable (economical and practical reasons) and extremely hard to protect well. The electric power delivery system that carries electricity from large central generators to customers could be severely damaged by a small number of well-informed attackers. The system is inherently vulnerable because transmission lines may span hundreds of miles. Electrical infrastructure is not necessarily a new target for terrorist groups- there have been documented incidents since the 1970s.
New York Times writes that Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work. By blowing up substations or transmission lines with explosives or by firing projectiles at them from a distance, the report said, terrorists could cause cascading failures and damage parts that would take months to repair or replace.
Remember the fact that causing large scale problems for long time is usually hard. In Debunking Theories of a Terrorist Power Grab article a Penn State power-system expert cites laws of physics to pull the plug on worries that a terrorist attack on a minor substation could bring down the entire U.S. electric grid. The most vulnerable points are the ones that have the most energy flowing through them — like huge power stations or highly connected transformers. Those are the ones that should be well protected well and there should not be too much worrying on protecting smaller transformers.
Here are few links to articles for more information:
- Panel: Electrical grid vulnerable to terrorist attack
- Terrorist Attack on Power Grid Could Cause Broad Hardship, Report Says
- Protecting the Electric Grid from Terrorism — Nobody is in Charge
- Cyber-terrorist attack on U.S. electrical grid could be “gravest short term threat” to national security
- Report: U.S. Electric Infrastructure ‘Inherently Vulnerable’ to Terrorist Attacks
- Debunking Theories of a Terrorist Power Grab
- Thousands Seen Dying If Terrorists Attack U.S. Power Grid
- The Protection of Public Facilities against Terrorist Attacks
- Critical to Infrastructure: Attacks on Electrical Network
There is also a free book Terrorism and the Electric Power Delivery System on-line covering those topics. Check it out if you want to learn more. It gives you much more background than those articles.
512 Comments
gratis says:
Hello you have a cool website. I wanna thank you for posting this interesting information with us. Keep up great work.
Tomi Engdahl says:
‘Leccy-stealing, grid-crippling hackers could TAKE DOWN EV-juicing systems
A computer on the street. What could possibly go wrong?
http://www.theregister.co.uk/2013/04/18/car_charging_insecurity_exposed/
Hackers may soon starting abusing electric car charger systems to cripple the electricity grid or as part of money-making scams, a security researcher warns.
Ofer Shezaf, product manager security solutions at HP ArcSight, told delegates at the Hack in the Box conference in Amsterdam that if the industry fails to start securing its systems, it will be setting itself up for a major headache a few years down the line.
Both electric cars and EV charging systems are still in their early stages of development and far from widely used. But early systems are hopelessly insecure, the security researcher argues, and if thought isn’t put into designing and applying a secure architecture now, we’ll be dealing with an intractable and expensive problem 10 years down the line – when the technology goes mainstream.
charging stations are essentially “computer on the street”, featuring embedded RFID readers and connections to other local systems to manage capacity in a local area and avoid overloading the grid
Shezaf argued that the whole system is weakly authenticated and secured, and might easily be physically tampered with in order to run local denial of service attacks (preventing chargers in an area from working) or to steal either electricity or money.
Tomi Engdahl says:
Hacker Breached U.S. Army Database Containing Sensitive Information on Dams
http://www.wired.com/threatlevel/2013/05/hacker-breached-dam-database/
A hacker compromised a U.S. Army database that holds sensitive information about vulnerabilities in U.S. dams, according to a news report.
The U.S. Army Corps of Engineers’ National Inventory of Dams contains information about 79,000 dams throughout the country and tracks such information as the number of estimated deaths that could occur if a specific dam failed.
The breach began in January and was only uncovered in early April, according to the Free Beacon
Unnamed U.S. officials told the Free Beacon that the breach was traced to “the Chinese government or military cyber warriors,” but offered no information to support the claim.
identity theft horror stories says:
This is very interesting, You are an overly skilled blogger. I have joined your rss feed and stay up for in search of extra of your magnificent post. Also, I have shared your site in my social networks
Tomi Engdahl says:
Congressional Report: US Power Grid Highly Vulnerable To Cyberattack
http://hardware.slashdot.org/story/13/05/22/0155228/congressional-report-us-power-grid-highly-vulnerable-to-cyberattack
“Despite warnings that a cyberattack could cripple the nation’s power supply, a U.S. Congressional report (PDF) finds that power companies’ efforts to protect the power grid are insufficient. Attacks are apparently commonplace, with one utility claiming they fight off some 10,000 attempted attacks every month. The report also found that while most power companies are complying with mandatory standards for protection, few do much else above and beyond that to protect the grid.”
Tomi Engdahl says:
Report: US Power Grid Highly Vulnerable to Cyberattack
http://www.techpolitik.com/2013/05/21/report-us-power-grid-highly-vulnerable-to-cyberattack/
Inefficiencies in how security standards are set and “haphazard” implementation of protections leaves the US power grid at high risk of damage due to cyberattacks, a Congressional report released Tuesday indicates.
“The utility responses are sobering,” Waxman says. ”They reveal serious gaps in the security of our electric grid and Congress needs to address these gaps in a bipartisan way.” Markey added that Congress needs to push electric utilities to beef up security to protect from attacks from rogue states and terrorist groups alike.
Power grid security is currently managed through a set of required standards set by the North American Electric Reliability Corporation that were agreed to by members, combined with a set of voluntary actions power companies can take. The report found that while a majority of the power companies complied with the mandatory standards, only one in five industry-owned utilities and less that half of all government or cooperatively owned utilities were complying with the voluntary measures.
The apparent lax security of our power grid is reason for concern. There is evidence that hackers in China, Russia, and Iran have already probed the power grid infrastructure, and previous reports concluded that attacks on the power grid “could be carried out by knowledgeable attackers with little risk of detection or interdiction.” Such attacks could cut power to large sections of the country and take months to repair.
Tomi Engdahl says:
US power grid the target of ‘numerous and daily’ cyber-attacks
Report finds utilities vulnerable, threatened
http://www.theregister.co.uk/2013/05/23/us_power_grid_cyber_attack_report/
The US electricity grid is under near constant attack from malware and cyber-criminals, yet most utility companies implement only the barest minimum of security standards, according to a new report released by Congressmen Ed Markey (D-MA) and Henry Waxman (D-CA).
“National security experts say that cyber attacks on America’s electric grid top the target list for terrorists and rogue states, yet we remain highly vulnerable to attacks,” Markey said in a statement. “We need to push electric utilities to enlist all of the measures they can now, and push for stronger standards in Congress that will keep our economy and our country safe from cyber warfare.”
Among the report’s findings, more than a dozen utilities surveyed said their systems were under “daily,” “frequent,” or “constant” attack, with one claiming to be the target of around 10,000 attempted cyber-attacks each month.
“Cyber-attacks can create instant effects at very low cost, and are very difficult to positively attribute back to the attacker,” the report states.
To help harden US infrastructure against such attacks, Markey and Waxman would like to see Congress grant the Federal Energy Regulatory Commission (FERC) additional authority to draft and enforce cyber-security standards among power utility companies.
Tomi Engdahl says:
Iran Hacks Energy Firms, U.S. Says
Oil-and-Gas, Power Companies’ Control Systems Believed to Be Infiltrated; Fear of Sabotage Potential
http://online.wsj.com/article/SB10001424127887323336104578501601108021968.html?mod=googlenews_wsj
Iranian-backed hackers have escalated a campaign of cyberassaults against U.S. corporations by launching infiltration and surveillance missions against the computer networks running energy companies, according to current and former U.S. officials.
In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded “far enough to worry people,” one former official said.
U.S. officials consider this set of Iranian infiltrations to be more alarming than another continuing campaign, also believed to be backed by Tehran, that disrupts bank websites by “denial of service” strikes. Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said.
“This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow,” a U.S. official said
The U.S. has previously launched its own cyberattacks against Iran. The Stuxnet worm
The latest campaign, which the U.S. believes has direct backing from the Iranian government, has focused on the control systems that run oil and gas companies and, more recently, power companies, current and former officials said. Control systems run the operations of critical infrastructure, regulating the flow of oil and gas or electricity, turning systems on and off, and controlling key functions.
U.S. has “technical evidence” directly linking the hacking of energy companies to Iran, one former U.S. official said.
Iranian officials deny any involvement in hacking.
The U.S. Department of Homeland Security earlier this month warned of an escalation in threats against computerized control systems, but it didn’t cite Iran as the origin of the threat.
Underscoring the Obama administration’s growing concern, the White House held a high-level meeting late last month on how to handle the Iranian cybersecurity threat.
“We don’t have much we can do in response, short of kinetic warfare.”
Unlike Chinese hacking, the Iranian infiltrations and cyberattacks appear intended to disrupt and possibly damage computer systems. “The differentiator is the intent. Stealing versus disrupting raises different concerns,” the U.S. official said. “That’s why they’re getting a fair amount of attention.”
The recent growth of Chinese infiltrations primarily has been aimed at stealing military and trade secrets, not doing damage.
Cybersecurity specialists say the electric-power industry remains under-prepared to fend off attacks, particularly ones backed by a foreign government.
“If you were worried about cyberattacks against electric utilities five years ago, you’re still worried today,”
Based on a survey of 150 power companies, the report found that “more than a dozen utilities reported ‘daily,’ ‘constant’ or ‘frequent’ attempted cyberattacks,” and one said it was the target of about 10,000 attempted cyberattacks each month
Tomi Engdahl says:
New power protection devices from ABB safeguard industrial, data center environments
http://www.cablinginstall.com/articles/2013/09/abb-power-protection.html
ABB’s Power Conversion business (New Berlin, WI) has released its PCS100 UPS-I and PCS100 AVC power protection devices to the North American market. These inverter-based systems protect sensitive industrial loads from voltage sags and other voltage disturbances with fast, accurate regulation and load voltage compensation, says the company. The AVC is effective in a wide range of manufacturing and industrial settings, and the UPS-I is specially designed for semiconductor fabrication and data center applications. The North American introduction of the products follows a successful launch in Europe and Asia.
Voltage sags and other voltage disturbances are common in industrial electricity supplies, accounting for up to 70 percent of all unscheduled production downtime, and resulting in expensive damage to equipment and product loss, estimates ABB. The problem has increased in recent years as modern industrial facilities have installed more complex equipment such as PLCs, control relays, variable speed drives and robots that are more sensitive to voltage sags and resulting outages.
Voltage sag events, also known as a voltage dips or brownouts, are a reduction in the incoming voltage for a short period of time, typically less than 0.25 seconds. They are characterized by amplitudes below 90 percent of the nominal range. While not complete voltage interruptions, they are the most common industrial power quality problem, and are often deep enough to cause equipment control circuits to drop out and reset. The consequences of sags for industrial operations include unexpected downtime, lost revenue wasted materials, poor product quality, equipment damage, and in the worst scenarios, injury to personnel. The aggregate cost of unreliable electricity to the US economy are approximately $160 billion annually, with the average premium grid manufacturing facility experiencing six to twenty significant voltage sags per year.
The cost of a single voltage sag ranges from several thousand to several million dollars or higher. In one high profile example, a voltage sag at a major Japanese electronics manufacturer caused a production disruption of a popular computer chip, resulting in a 20 percent drop in shipments for the following two months, curtailing the availability of many consumer electronic devices
The ABB AVC and UPS-I are battery-free power protection solutions focused on significantly reducing unplanned process downtime by ensuring that industrial loads continue to receive a clean, uninterrupted flow of power during major grid disturbances.
Tomi Engdahl says:
Power grid blackouts: Are they preventable and predictable?
http://www.edn.com/design/power-management/4421404/Power-grid-blackouts–Are-they-preventable-and-predictable-
This article will outline the events leading up to a major grid failure in Northeastern and Mid-Western US and parts of Canada in 2003. It was a type of domino effect as one power sub-station after another went offline in rapid succession. This event affected 55 million people.
Tomi Engdahl says:
Power grid blackouts: Are they preventable and predictable?
http://www.edn.com/design/power-management/4421404/Power-grid-blackouts–Are-they-preventable-and-predictable-
This article will outline the events leading up to a major grid failure in Northeastern and Mid-Western US and parts of Canada in 2003. It was a type of domino effect as one power sub-station after another went offline in rapid succession. This event affected 55 million people.
The blackout’s primary cause was a software bug in the alarm system at a control room of the FirstEnergy Corporation in Ohio. Operators were unaware of the need to re-distribute power after overloaded transmission lines hit unpruned foliage. What should have been a manageable local blackout cascaded into widespread chaos on the electric grid.
The following article includes an actual timeline video/images of the 2003 outage as well as a sequence of events that the Genscape Real-Time North American Power Product (Power RT) captured, recorded and identified as the blackout was happening.
Tomi Engdahl says:
Price rises and power cuts by 2016? Thank the EU’s energy policy
60% of gas-fired generators gone inside three years, warn beancounters CapGemini
http://www.theregister.co.uk/2013/10/15/lights_out_across_europe_capgemini_warns/
The closure of nearly two thirds of Europe’s gas-fired power generation facilities by 2016 will lead to regional price hikes and make outages inevitable, Cap Gemini has warned.
UK households are already feeling the squeeze of soaring energy bills but a particularly cold winter this year could mean that 1970s style blackouts start to become a more regular occurrence again.
The consultancy’s annual European Monitoring Centre for Energy Markets briefing encapsulates much of the crisis in European energy policy – one almost entirely of its own making.
A gas plant needs to be operating at 57 per cent capacity to be economically viable, but EU regulations introduced to reduce CO2 emissions relegate them to standby duties, in favour of much more inefficient and costly renewable energy plants. This means keeping a gas plant open is uneconomical for the operator. Research outfit IEA, cited by CapGemini, reckons 60 per cent of gas-fired power stations will close by 2016 because they cannot cover their operating costs.
“These plants… that are indispensable to ensure security of supply during peak hours… are being replaced by volatile and non-schedulable renewable energy installations that are heavily subsidized,” the report points out.
The EU introduced a renewables obligation that the region produces 20 per cent of its electricity from renewable sources by 2020. This includes solar, wind, hydroelectric and “biofuels” – the latter leading to an increase in fossil fuel consumption with wood being burned for electricity.
CapGem sees two consequences of Europe’s renewables push – power cuts and increased CO2 emissions as “dirty” coal is employed to plug the gaps.
Shale gas now accounts for a third of gas production in the USA, with wholesale prices falling by two thirds. The USA has also benefited from an industrial revival as a consequence: manufacturing jobs that had been lost to low wage countries are now returning home. Although US labour costs remain higher than, say, China, cheaper energy has cancelled out much of this this advantage.
Cheap gas in the USA has had a related consequence in Europe, the report notes.
“With this low price, gas has replaced coal as fuel in fossil fuels creating a surplus of coal in the U.S. market. This surplus was exported to Europe resulting in lowering coal prices by 30 per cent between January 2012 and June 2013. This decline has promoted the competitiveness of plants coal in Europe which has resulted in a much better utilization than gas-fired plants”.
Tomi Engdahl says:
Security Measures in Power Grids – often ignored
http://blog.iec61850.com/2013/10/security-measures-in-power-grids-often.html
Vulnerabilities in the automation of power grids are more often on the radar screen of information and control system experts. It seems that some people are using the situation of aging infrastructures to make money with finger-pointing to the vulnerabilities of implementations of protocols like DNP3 or others. Or is it just fun to discover “holes” in the often low level secured information and communication systems?
There are – in my view – two crucial issues (among other) when it comes to security measures for information exchange systems in power systems:
1. Lack in Expertise
2. Lack in Resources
There are a lot of discussions regarding aging infrastructures these days. I hope the discussions will have a real impact of securing our infrastructures, especially the electrical power system delivery systems!
Open standard protocols allow remote access to a lot of critical systems like substations or power generation sites. ENEL (Italian Power Company) operates some 400.000 Substations worldwide – some 100.000 are remotely monitored. So, 300.000 substations cannot be reached by protocols. Hundreds of protocols may be in use in the power industry. This makes it quite hard to easily break into most of the substations worldwide. With the application of standards like IEC 60870-5-104, DNP3, Modbus IP, or IEC 61850 this will change soon.
Tomi Engdahl says:
Do we need Blackouts to Expose Flaws in the Grid?
http://blog.iec61850.com/2013/11/do-we-need-blackouts-to-expose-flaws-in.html
From the viewpoint of a engineers: No! There are many engineers or other technicians that are aware of the condition of the whole system – including the aging work force. From the viewpoint of many people in charge to make decisions to invest or not to invest: Yes!
The article states: “The improvements were ideas that engineers had always liked, but had trouble persuading utility executives and public service commissions to pay for.”
I hope that the voice of the engineers will convince more decision-makers to allocate sufficient resources for keeping the aging power infrastructure running, the power flowing, the grass green, and the sky blue.
Some 10 years after the first substation automation systems have been equipped with IEC 61850 based devices, a lot of smart engineers see the need to invest into defining a second layer on top of the standards and the many options they provide. This second layer could be named: Interoperability Profile Specifications.
Tomi Engdahl says:
Project profile: Improving switchgear inspections at London’s Stansted Airport
http://www.csemag.com/media-library/project-profiles/single-article/project-profile-improving-switchgear-inspections-at-london-s-stansted-airport/a1e3fa27e7ea36b5f2ddc76847fff03b.html
In this project profile, Lonsdon Stansted Airport Engineering Team performed an existing building retrofit in order to reduce the amount of time needed for maintenance inspections.
Tomi Engdahl says:
Lack of US Cybersecurity Across the Electric Grid
http://hardware.slashdot.org/story/14/04/15/2032239/lack-of-us-cybersecurity-across-the-electric-grid
“Meghan McGuinness of the Bipartisan Policy Center writes about the Electric Grid Cybersecurity Initiative, a collaborative effort between the center’s Energy and Homeland Security Projects. She points out that over half the attacks on U.S. critical infrastructure sectors last year were on the energy sector.”
“Cyber attacks could come from a variety of sources, and ‘a large-scale cyber attack or combined cyber and physical attack could lead to enormous costs, potentially triggering sustained power outages over large portions of the electric grid and prolonged disruptions in communications, food and water supplies, and health care delivery.’ “
Tomi Engdahl says:
Bulletproofing the Grid
A gun attack on a Silicon Valley substation has utilities looking to boost physical security
http://spectrum.ieee.org/energy/the-smarter-grid/bulletproofing-the-grid
In the early hours of 16 April 2013, one or more gunmen opened fire on the Pacific Gas & Electric (PG&E) Metcalf substation for nearly 20 minutes. They took out 17 transformers at the Silicon Valley location and then slipped away into the night before police arrived.
The attack caused significant damage but did not result in a power outage. It did, however, reignite a conversation about the physical security of the electricity grid in the United States and elsewhere, shifting the focus somewhat away from cybersecurity.
According to the newspaper, it found that a coordinated attack on a small, specific set of the 55 000 transmission substations in the United States could plunge the entire nation into darkness.
Some experts question the findings that the entire U.S. power grid could be taken down by an attack on fewer than 10 substations, as some news reports claimed, although these experts all noted they had not seen the FERC study. “Maybe if you made that 50 or 60, but 10?”
In the United States, FERC is refocusing on physical security requirements by asking the North American Electric Reliability Corporation to develop reliability standards for grid operators that address physical security threats.
Europe got a jump start on that task with the Directive on European Critical Infrastructures in 2008, a set of procedures for identifying and assessing protection for critical infrastructure, including the electricity grid.
Tomi Engdahl says:
Stanford Report, April 24, 2014
When it comes to security at nuclear facilities, danger likely lurks from within, Stanford scholar says
http://news.stanford.edu/news/2014/april/nuclear-security-risks-042414.html
The greatest dangers to nuclear facilities are sabotage and theft from insiders, according to political scientist Scott Sagan. Analysis of past incidents can help boost safeguards at these sites.
Insider threats are the most serious challenge confronting nuclear facilities in today’s world, a Stanford political scientist says.
“We usually lack good and unclassified information about the details of such nuclear incidents,”
In their paper, the authors offered some advice and insights based on lessons learned from past insider incidents:
Don’t assume that serious insider threats are NIMO (not in my organization).
Don’t assume that background checks will solve the insider problem.
Don’t assume that red flags will be read properly.
Don’t assume that insider conspiracies are impossible.
Don’t assume that organizational culture and employee disgruntlement don’t matter.
Don’t forget that insiders may know about security measures and how to work around them.
Don’t assume that security rules are followed.
Don’t assume that only consciously malicious insider actions matter.
Don’t focus only on prevention and miss opportunities for mitigation.
“Despite the creation of a stronger and more independent nuclear regulator to improve safety after the Fukushima accident in Japan, little has been done to improve nuclear security there,”
Tomi Engdahl says:
Spotty solar power management platform could crash the grid
Flaky firmware makes power panels p0wnage possible
http://www.theregister.co.uk/2014/05/12/hackable_solar_systems_spurt_free_money/
Criminals could potentially cause black-outs and mess with power grid configurations by exploiting flaws in a popular solar panel management system used by thousands of homes and businesses.
Details of how the attacks could be executed were kept under wraps while solar panel monitoring kit vendor Solar-Log distributed a patch for the flaws.
The threat is substantial because, as the company boasts, its eponymous management system runs globally on roughly 229,300 solar plants that typically pump out 566TWh of electrical energy, or so we’re told.
“For instance a massive attack can cause power grid reconfiguration and chains of blackouts [and] bad guys can try to monetise it via blackmail,” Goreychik said.”
“At moment we can’t disclose more detail [about the vulnerabilities] because thousands of households around the globe are using vulnerable version of Solar-Log and can be attacked by cyber criminals.
Tomi Engdahl says:
Securing the U.S. electrical grid
http://www.net-security.org/article.php?id=2106
The Center for the Study of the Presidency & Congress (CSPC) launched a project to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather.
he result is the Securing the U.S. Electrical Grid report, and talking about critical security challenges we have Dan Mahaffee, the Director of Policy at CSPC.
Tomi Engdahl says:
Securing the U.S. Electrical Grid
http://www.thepresidency.org/publications/securing-us-electrical-grid
With the support of the Smith Richardson Foundation, CSPC launched a yearlong project in July of 2013 to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather. Focused on the legislative and regulatory dynamics surrounding these issues
Tomi Engdahl says:
Robots Restore Electricity After Power Outages
http://www.techbriefs.com/component/content/article/1198-ntb/news/news/20837
A team led by Nina Mahmoudian of Michigan Technological University has developed a tabletop model of a robot team that can bring power to places that need it the most.
“If we can regain power in communication towers, then we can find the people we need to rescue,” says Mahmoudian, an assistant professor of mechanical engineering–engineering mechanics. “And the human rescuers can communicate with each other.”
Unfortunately, cell towers are often located in hard-to-reach places, she says. “If we could deploy robots there, that would be the first step toward recovery.”
Blackout? Robots to the Rescue
http://www.mtu.edu/news/stories/2014/september/blackout-robots-rescue.html
Big disasters almost always result in big power failures. Not only do they take down the TV and fridge, they also wreak havoc with key infrastructure like cell towers. That can delay search and rescue operations at a time when minutes count.
The team has programmed robots to restore power in small electrical networks, linking up power cords and batteries to light a little lamp or set a flag to waving with a small electrical motor. The robots operate independently, choosing the shortest path and avoiding obstacles, just as you would want them to if they were hooking up an emergency power source to a cell tower. To view the robots in action, see the video posted on Mahmoudian’s website.
“Our robots can carry batteries, or possibly a photovoltaic system or a generator,” Mahmoudian said.
Tomi Engdahl says:
Internet-Exposed Energy Control Systems Abound
http://spectrum.ieee.org/energywise/energy/the-smarter-grid/thousands-of-control-systems-connected-to-the-internet
Infracritical remotely identified over 2.2 million unique IP addresses linked to industrial control systems at energy-related sites including electrical substations, wind farms, and water purification plants. And they were still logging an average of 2,000-3,000 new addresses per day when they closed the count in January 2014.
It has long been known that many infrastructure control systems are connected to the Internet.
they relied on a publicly-accessible search engine called Shodan that sniffs out and catalogues Internet-connected devices. Infracritical’s project SHINE (for SHodan INtelligence Extraction) built search queries for Shodan using the names of 182 SCADA suppliers and their leading products.
RUGGEDTRAX project provides a honey-pot for hackers
“In less than two hours the honeypot was subjected to an attack. By day three, they’d counted more than 4,000 attacks”
Tomi Engdahl says:
Bulletproofing the Grid
A gun attack on a Silicon Valley substation has utilities looking to boost physical security
http://spectrum.ieee.org/energy/the-smarter-grid/bulletproofing-the-grid
In the early hours of 16 April 2013, one or more gunmen opened fire on the Pacific Gas & Electric (PG&E) Metcalf substation for nearly 20 minutes. They took out 17 transformers at the Silicon Valley location and then slipped away into the night before police arrived.
The attack caused significant damage but did not result in a power outage. It did, however, reignite a conversation about the physical security of the electricity grid in the United States and elsewhere, shifting the focus somewhat away from cybersecurity.
Tomi Engdahl says:
Internet-Exposed Energy Control Systems Abound
http://spectrum.ieee.org/energywise/energy/the-smarter-grid/thousands-of-control-systems-connected-to-the-internet
Infracritical remotely identified over 2.2 million unique IP addresses linked to industrial control systems at energy-related sites including electrical substations, wind farms, and water purification plants
Tomi Engdahl says:
Connecticut power grid hacked, no power outages
04/14/2014
http://www.elp.com/articles/2014/04/connecticut-power-grid-hacked-no-power-outages.html
Electric, natural gas and major water companies and regional distribution systems in Connecticut have been penetrated by hackers and other cyber attackers, but defenses have prevented interruption, state utility regulators said Monday in their first report on cyber security.
Tomi Engdahl says:
Assault on California Power Station Raises Alarm on Potential for Terrorism
April Sniper Attack Knocked Out Substation, Raises Concern for Country’s Power Grid
http://online.wsj.com/articles/SB10001424052702304851104579359141941621778
Within half an hour, snipers opened fire on a nearby electrical substation. Shooting for 19 minutes, they surgically knocked out 17 giant transformers that funnel power to Silicon Valley. A minute before a police car arrived, the shooters disappeared into the night.
To avoid a blackout, electric-grid officials rerouted power around the site and asked power plants in Silicon Valley to produce more electricity. But it took utility workers 27 days to make repairs and bring the substation back to life.
Many of the system’s most important components sit out in the open, often in remote locations, protected by little more than cameras and chain-link fences.
Transmission substations are critical links in the grid.
The country’s roughly 2,000 very large transformers are expensive to build, often costing millions of dollars each, and hard to replace. Each is custom made and weighs up to 500,000 pounds, and “I can only build 10 units a month,” said Dennis Blake, general manager of Pennsylvania Transformer in Pittsburgh, one of seven U.S. manufacturers. The utility industry keeps some spares on hand.
“A lot of people in the electric industry have been distracted by cybersecurity threats,”
physical attacks pose a “big, if not bigger” menace
Until the Metcalf incident, attacks on U.S. utility equipment were mostly linked to metal thieves, disgruntled employees or bored hunters, who sometimes took potshots at small transformers on utility poles to see what happens. (Answer: a small explosion followed by an outage.)
Overseas, terrorist organizations were linked to 2,500 attacks on transmission lines or towers and at least 500 on substations from 1996 to 2006, according to a January report from the Electric Power Research Institute
“What keeps me awake at night is a physical attack that could take down the grid,” he said. “This is a huge problem.”
Tomi Engdahl says:
Inside the Ring: U.S. power grid defenseless from physical and cyber attacks
http://www.washingtontimes.com/news/2014/apr/16/inside-the-ring-us-power-grid-defenseless-from-att/?page=all
The U.S. electrical power grid is vulnerable to cyber and physical attacks that could cause devastating disruptions throughout the country, federal and industry officials told Congress recently.
“I am most concerned about coordinated physical and cyber attacks intended to disable elements of the power grid or deny electricity to specific targets, such as government or business centers, military installations, or other infrastructures,”
“The threat of cyberattack is relatively new compared to long-known physical threats, but an attack with operational consequences could occur and cause disruptions in the flow of power if malicious actors are able to hack into the data and control systems used to operate our electric generation and transmission infrastructure,”
“After gaining the required access, the threat agent manufactures an artificial cascade through sequential tripping of select critical feeders and components, causing automated tripping of generation sources due to power and voltage fluctuations,” the report said. “A blackout of varying degree and potential equipment damage ensues.”
To date, security measures have prevented a successful cyberattack on the bulk electric system
Tomi Engdahl says:
Ensuring emergency power after a natural disaster
Could a Fukushima-type disaster happen here?
http://www.csemag.com/single-article/ensuring-emergency-power-after-a-natural-disaster/d6a5a2ff115bf8266a2e09c7eb7bc83a.html
Vladimir Gurevich says:
Dear Sir/Madam,
I would like to suggest for your attention the information about my new book:
“Cyber and Electromagnetic Threats in Modern Relay Protection”
You can order the book:
online from CRC Press web site http://www.crc.com or by E-mail:
in USA:
Tel: 800-272-7737, Fax: 800-374-3401
E-mail: [email protected]
outside of USA:
Tel: 561-994-0555, Fax: 561-989-9732
E-mail: [email protected]
Sincerely yours,
Author
Dr. Vladimir Gurevich
[email protected]
Tomi Engdahl says:
Paris Terror Spurs Plan for Military Zones Around Nuclear Plants
http://www.bloomberg.com/news/2015-01-20/paris-terror-spurs-plan-for-military-zones-around-nuclear-plants.html
Lawmakers in France want to create military zones around its 58 atomic reactors to boost security after this month’s Paris terror attacks and almost two dozen mystery drone flights over nuclear plants that have baffled authorities.
Critics of the measures say they won’t prevent assaults by extremists and would ramp up criminal penalties against civic campaigners such as anti-nuclear activists for trespassing on land owned by companies that operate power stations.
“A law of this type may deter activists but won’t do anything to prevent a terrorist attack on nuclear installations,” said Yannick Rousselet, Greenpeace’s nuclear campaigner in France
Tomi Engdahl says:
Davos Elites Warned About Catastrophic Cyberattacks
http://www.securityweek.com/davos-elites-warned-about-catastrophic-cyberattacks
Davos, Switzerland – Attacks on power plants, telecommunications and financial systems, even turning all of Los Angeles’ traffic lights green: Davos elites were warned Saturday of the terrifying possibilities of modern cyber terrorism.
Eugene Kaspersky, who heads the Kaspersky Lab security group, said the possibilities of individuals being hacked would only increase in future as more devices, such as “smart” televisions, are hooked up to the Internet.
“What you call the Internet of Things, I call the Internet of Threats,” he told the assembled global political and business movers-and-shakers.
“The worst of the worst scenarios is an attack on a big infrastructure, a power plant. If there’s no power, the rest of the world doesn’t work,” Kaspersky cautioned.
“You can wreak havoc in all kinds of ways,” said Ilves
The conclusion, in Ilves’s words: “Basically nothing is safe.”
Jean-Paul Laborde, head of the UN’s counter-terrorism unit, pointed to increasing links between organised crime and extremist groups such as Islamic State, which he said were now combining to launch cyberattacks on authorities.
“The path to Hell starts at the back door. You should not ask for back doors. That compromises protection for everyone for everything,” stressed the executive.
Tomi Engdahl says:
New Technology Detects Cyberattacks By Power Consumption
http://www.eetimes.com/author.asp?section_id=36&doc_id=1325409&
Startup’s “power fingerprinting” approach catches stealthy malware within milliseconds in DOE test.
A security startup launching early next week uses trends in power consumption activity, rather than standard malware detection, to spot cyberattacks against power and manufacturing plants. The technology successfully spotted Stuxnet in an experimental network before the malware went into action.
PFP Cybersecurity, which officially launches on Monday and was originally funded by DARPA, the Defense Department, and the Department of Homeland Security, basically establishes the baseline power consumption of ICS/SCADA equipment such as programmable logic controllers (PLCs), supervisory relays, or other devices and issues an alert when power consumption or RF radiation changes outside of their baseline usage occur. Such changes could be due to malware, as well as to hardware or system failures, for instance.
Joe Cordaro, advisory engineer with SRNL, says the PFP system right away found small changes to the code on the PLC while it was dormant.
SRNL also plans to test the technology on protective relay devices, which form the backbone of the power grid. Those devices were thrust into the limelight during the 2013 Superbowl in the New Orleans Superdome, when the power went out for several minutes during the third quarter of the game after a protective relay was tripped due to a defect in the device as well as an incorrect setting. “What that showed you was that someone could hack into the protective relays of the US power grid and cause brownouts and blackouts,” Cordaro says. “We’re working with PFP on a contract … to characterize baselining the protective relays” and running this in a test bed that ultimately will provide R&D information to US utilities, he says.
Tomi Engdahl says:
Intel Security Launches New Critical Infrastructure Security Platform
http://www.securityweek.com/intel-security-launches-new-critical-infrastructure-security-platform
Intel Security (fomerly McAfee) has announced a security platform designed to protect both new and legacy infrastructure within the electric power grid.
Dubbed Intel Security Critical Infrastructure Protection (CIP), the solution was developed in collaboration with the Department of Energy-funded Discovery Across Texas smart grid project including deployment at Texas Tech University, and is a joint project of Intel Security and Wind River.
Intel Security CIP works by separating the security management functions of the platform from the operational applications, allowing the operational layer to be secured, monitored and managed, the company explained.
According to Intel Security, the security platform can be applied with little or no changes to business processes or application software, and can be retrofitted onto many existing systems.
Features include protection such as device identity, malware protection, data protection and resiliency.
Intel believes the solution can be leveraged beyond the power grid and could be equally effective for departments of defense, oil and gas firms, medical applications, and other areas.
According to a study sponsored by Intel, “In the Dark: Crucial Industries Confront Cyberattacks,” of the 200 CIP executives surveyed globally, 32% had not adopted special security measures for smart grid controls. Yet 33% anticipated a major cybersecurity incident within 12 months.
“The risk of cyberattacks on critical infrastructure is no longer theoretical, but building security into the grid is challenging due to the amount of legacy infrastructure and the importance of availability of service,” Lorie Wigle, Vice President of Internet of Things Security Solutions for Intel Security, said in a statement. “Traditional security measures such as patching and rebooting are often inappropriate for the grid, so we set out to design something entirely different that could be non-invasive but simultaneously robust
Tomi Engdahl says:
Major power outage hits cities and provinces across Turkey
http://www.reuters.com/article/2015/03/31/turkey-power-idUSL6N0WX2OX20150331
ISTANBUL, March 31 (Reuters) – A major power outage hit Turkish cities and provinces on Tuesday, including the capital Ankara and Istanbul, where parts of the metro system shut down for several hours and shopping malls were plunged into darkness.
did not rule out sabotage
“This is not an incident that we see frequently,” Energy Minister Taner Yildiz said during a trip to Bratislava, in comments broadcast on Turkish television.
“Whether or not terrorism is a high possibility or a low one, I can’t say at this stage. I can’t say either whether it is a cyber attack,” he said in response to questions from reporters.
Broadcaster NTV said power cuts were reported in more than 40 of Turkey’s 81 provinces.
Tomi Engdahl says:
SPY FRY: Smart meters EXPLODE in Californian power surge
Receptacles blackened as dumper rams pole
http://www.theregister.co.uk/2015/04/02/smart_meters_explode_in_consumers_homes/
Hundreds of smart electricity meters exploded in California after a truck crashed into a utility pole and caused a power surge on Monday.
More than 5,000 homes in Stockton have been affected, according to CBS Sacramento, following a surge caused by a rubbish lorry driver crashing into a utility pole and causing the pole’s top wire to touch its bottom wire.
“The top lines are considered our freeways. The bottom lines are our distribution lines taking power directly to homes,” a Pacific Gas and Electric spokesperson told CBS. “So when the two collide, they’re at different voltages and the higher voltage wins out, causing an overload.”
Consumers took to Twitter to express concern. It appears that smart meters suffered particularly badly from the effects of the surge.
Alternatively, it could be that non-smart meters which survived the surge were simple electromechanical models, and as such less likely to be affected by a surge than the smart meters. The latter would naturally contain relatively sensitive modern electronics.
Tomi Engdahl says:
Hacks on critical infrastructure are more common than you think
54 percent of American firms have seen ‘attempts to manipulate their equipment’
http://www.theinquirer.net/inquirer/news/2402978/hacks-on-ciritcal-infrastructure-are-more-common-than-you-think
HACKERS WHO SEEK to destroy, rather than steal, important data and launch attacks on systems that control major critical infrastructure are more common than widely believed, a report from the Organisation of American States has revealed.
The report was given to Reuters ahead of publication and quoted the results of a poll of critical infrastructure companies and agencies in crucial sectors throughout North and South America.
Almost a third of the respondents were public entities, principally in the communications, security and finance industries.
The figures show that 40 percent of the organisations that responded had battled attempts to shut down their computer networks, while 44 percent had dealt with bids to delete files.
A disturbing 54 percent of those surveyed had encountered “attempts to manipulate” equipment through a control system.
Even more worrying is that just 60 percent of the 575 companies polled had detected any attempts to steal data, long considered the predominant hacking goal.
The report suggests that cyber attacks on infrastructure are not so widely known, but they are certainly not unheard of.
Tomi Engdahl says:
National Grid’s new designer pylon is ‘too white and boring’ – Pylon Appreciation Society
More an event than a means of power transport
http://www.theregister.co.uk/2015/04/13/national_grid_t_pylon_launch_pylon_appreciation_society_flash_bristow/
The UK’s National Grid has planted the first of its new “T-pylons” — an elegant alternative to the traditional steel lattice monsters currently straddling Blighty’s green and pleasant land.
The T-pylon was born from a 2011 competition won by Danish architects Bystrup, who came up with a 35 meter-high monopole base design, available in a range of fetching colours including weathered metal.
“The T-pylon is not a replacement for the steel lattice pylon but it’s a new option and in some landscapes its shorter height and sleeker appearance can offer real advantages,”
“I think a solid pole will stand out more and not be as beautiful as it could have been,”
Tomi Engdahl says:
Smart grid security WORSE than we thought
OSGP’s DIY MAC is a JOKE
http://www.theregister.co.uk/2015/05/11/smart_grid_security_worse_than_we_thought/
Don’t try crypto at home, kids: the Open Smart Grid Protocol project rolled its own crypto and ended up with something horribly insecure.
This paper at the International Association for Cryptologic Research explains big issues with the OSGP crypto protocol deployed in as many as four million smart meters and devices.
The digest has a bunch of flaws, they write:
Zero-byte message padding “results in messages with any number of trailing zeroes sharing the same tag”; and
The relationship between the OMA digest’s state and the message is fully reversible.
The upshot is that the OMA digest is “extremely weak, and cannot be assumed to provide any authenticity guarantee whatsoever”.
One attack needed just 13 queries to an OMA oracle to recover the 96-bit secret key; ; “a more sophisticated version breaks the OMA digest with only 4 queries and a time complexity of about 225 simple operations”
Dumb Crypto in Smart Grids:
Practical Cryptanalysis of the Open Smart Grid Protocol
https://eprint.iacr.org/2015/428.pdf
Tomi Engdahl says:
Lights out, Boeing creates the first working EMP bomb
http://vr-zone.com/articles/lights-out-boeing-creates-the-first-working-emp-bomb/18163.html
It’s official now – Boeing and the US Air Force have successfully demonstrated a working electro-magnetic pulse (EMP) device over a military compound in the Utah desert. A spokesperson for Boeing stated, “Today we turned science fiction into science fact.”
For years many people felt that in order to create an EMP weapon, there might be some collateral damage involved from some form of an explosion used to create the pulse. However, this system does not make use of any explosive whatsoever, thereby resulting in zero collateral damage.
“We hit every target we wanted to – we prosecuted every one. Today we made science fiction, science fact”, said Coleman. He went on to say that the EMP device not only worked well but he also implied it worked better than expected. Coleman goes on to say, “When that computer went out, when we fired, it actually took out the cameras as well. We took out everything on that. It was fantastic.” Coleman further noted that this new technology would be marked as a new age for modern warfare.
Now that EMP technology is a reality and not just sci-fi, one has to fear is that it may become more of a danger to those who created it, rather than the enemy.
CHAMP – Lights Out
http://www.boeing.com/features/2012/10/bds-champ-10-22-12.page
A recent weapons flight test in the Utah desert may change future warfare after the missile successfully defeated electronic targets with little to no collateral damage.
CHAMP, which renders electronic targets useless, is a non-kinetic alternative to traditional explosive weapons that use the energy of motion to defeat a target.
During the test, the CHAMP missile navigated a pre-programmed flight plan and emitted bursts of high-powered energy, effectively knocking out the target’s data and electronic subsystems. CHAMP allows for selective high-frequency radio wave strikes against numerous targets during a single mission.
“In the near future, this technology may be used to render an enemy’s electronic and data systems useless even before the first troops or aircraft arrive.”
Tomi Engdahl says:
From sci-fi to reality: The computer-blitzing drone that can cripple a nation’s electronics at the touch of a button
Aircraft manufacturer Boeing have created a weapon that can knock out computers
The missile is thought to be able to penetrate bunkers and caves
Experts warn, in the wrong hands, could bring Western cities to their knees
Read more: http://www.dailymail.co.uk/sciencetech/article-2241525/The-Boeing-blitzing-drone-cripple-nations-electronics.html#ixzz3bEIpJQB2
Follow us: @MailOnline on Twitter | DailyMail on Facebook
Tomi Engdahl says:
Accident on public electrical network can cause lots of problems:
The watts in a box that kept West London’s lights on
How not to get left in the dark when the unexpected happens in your ‘hood
http://www.theregister.co.uk/2015/06/08/holborn_electrical_fire_details/
A fire in the Victorian tunnels beneath Kingsway in central West London on Good Friday, in April, pulled the plug on thousands of businesses in a small area.
The blaze – which burned for a day and a half – succeeded in damaging 19 high-voltage cables, leading to a significant loss of load on local utility provider UK Power Networks’ grid in that area.
Translated, that meant shops, restaurants and – shock – theatres in the center of London’s theatre district went dark.
More than 3,000 of UK Power Network’s customers were initially affected, including the Civil Aviation Authority (CAA), whose offices sit above the junction box that caught fire on Kingsway. Internet service providers with switches in the area saw online access for customers cut.
Public disruption was one thing, but what of the power situation? How did that go down?
Above ground, the streets around Holborn and Covent Garden reached gridlock, as massive lorries attempted to fight their way through the narrow lanes to bring in generators, in a desperate attempt to provide temporary power for businesses.
Medway-based generator hire company MEMS Power delivered 52 generators in total to businesses in the area over three days, providing a total power output on site of over 40MW. The biggest generator provided by MEMS was a 1250kVA, 45-foot articulated trailer.
Kelly Long, a spokeswoman for MEMS, said that within 20 minutes of the first phone call it had generators leaving the yard – they were on site within an hour and a half. Clients with disaster-recovery contracts were given priority access to reserved equipment. “Due to the prior knowledge of their sites detailed in their plans, they could expect to have power within 4 hours from the initial call,” Long said.
“For other companies, an absence of prior knowledge about their sites and a reliance on customers who were often non-technical in providing us details of their equipment requirements added to the challenge of restoring power,” Long added. “The majority of clients were unprepared for the situation and how to organise all that’s involved with installing a temporary supply. They had no idea who to call and how to reinstate via a temporary supply.”
Within 48 hours, the power was beginning to be restored and many generators were switched off but left in location on standby until the mains supply was stable.
Tomi Engdahl says:
Ex-CIA Director: We’re Not Doing Nearly Enough To Protect Against the EMP Threat
http://hardware.slashdot.org/story/15/06/10/0344245/ex-cia-director-were-not-doing-nearly-enough-to-protect-against-the-emp-threat
Last week saw the release of an open letter written to President Obama by a committee of notable political, security and defense experts — which includes past and present members of Congress, ambassadors, CIA directors, and others — on the country’s concerning level of vulnerability to a natural or man-made Electro-Magnetic Pulse (EMP). An EMP has very real potential for crippling much of our electrical grid instantaneously. Not only would that immediately throw the social order into chaos, but the timeline to repair and restart the grid in most estimated scenarios would take months to a year or more.
Former CIA Director: We’re Not Doing Nearly Enough To Protect Against The EMP Threat
It’s a BIG risk. And we’re doing little about it.
http://www.peakprosperity.com/podcast/92943/former-cia-director-were-not-doing-nearly-enough-protect-against-emp-threat
An EMP has very real potential for crippling much of our electrical grid instantaneously. Not only would that immediately throw the social order into chaos, but the timeline to repair and restart the grid in most estimated scenarios would take months to a year or more. Those curious on learning exactly how devastating an EMP can be can read our report on the topic from last summer.
What’s frightening in this story is not just the carnage an EMP could wreak, but the apparent rabid intransigence with which the electrical power lobby is fighting any responsibility for defending against one
Chris Martenson: Now, we’ve had a commission to assess the threat to the United States from an EMP attack, which delivered a report back in 2008.
Dr. Pry: Well, the short answer to that is it’s called the North American Electric Reliability Corporation. They used to be a trade association or a lobby for the 3,000 electric utilities that exist in this country. And, their relationship with the federal government, with the U.S. Federal Energy Regulatory Commission, is a 19th century-type relationship. There is no part of the U.S. government that has the legal powers to order them to protect the grid. This is unusual, because in the case of every other critical infrastructure, there’s an agency in the U.S. government that can require them to take actions for public safety.
Ambassador Woolsey: And, when NERC is studying a problem, it doesn’t exactly operate at breakneck
Dr. Pry: Sure. Interesting question, because there are different numbers, depending upon how much security you want to buy. One of my colleagues on the, who served on the EMP Commission, had a plan that would cost $200 million. That’s not billions, but millions with an ‘m’. Now, that would be a very minimalist plan, and it would just protect the extra high voltage transformers that service the major metropolitan areas. It would by no means—we would still be at a very high level of risk, but it would at least give us something like a fighting chance to save all those people in the big cities, in the hundred largest big cities from starving to death, if you just invested $200 million.
Tomi Engdahl says:
The Electrical Grid May Well Be The Next War’s Battlefield
Crippling the US without firing a shot
http://www.peakprosperity.com/blog/86200/electrical-grid-may-well-next-wars-battlefield
We talk a lot about Peak Cheap Oil as the Achilles’ heel of the exponential monetary model, but the real threat to the quality of our daily lives would be a sustained loss of electrical power. Anything over a week without power for any modern nation would be a serious problem.
When the power goes out, everything just stops. For residential users, even a few hours begins to intrude heavily as melting freezers, dying cell phones, and the awkward realization that we don’t remember how to play board games nudge us out of our comfort zone.
However, those are just small inconveniences.
For industrial and other heavy users, the impact of even a relatively short outage can be expensive or even ghastly. Hospitals and people on life-assisting machinery are especially vulnerable. Without power, aluminum smelters face the prospect of the molten ore solidifying in the channels from which it must be laboriously removed before operations can be restarted.
Many types of nuclear power plants have to switch to back-up diesel generators to keep the cooling pumps running. And if those stop for any reason (like they run out of fuel), well, Fukushima gave us a sense of how bad things can get.
And of course banking stops, ATMs are useless, and gas stations cannot pump gas. Just ask the people of New Jersey in the aftermath of Hurricane Sandy.
A blackout of a few hours results in an inconvenience for everyone and something to talk about.
But one more than a day or two long? Things begin to get a bit tense; especially in cities, and doubly so if it happens in the hot mid-summer months.
Grid Threats
We’re exploring this risk because there are a number of developments that could knock out the power grid for a week or more. They include a coronal mass ejection (CME), a nuclear electromagnetic pulse (EMP) device, a cascading grid failure, and malicious hacking or electronic attacks.
It’s the cyber-electronic front that’s especially concerning these days, as we depend so vitally on so many systems that operate completely dependent on computer controls.
A widespread loss of the electrical grid for even one week would be devastating for a number of reasons. First the fuel refining, manufacturing, distribution and delivery systems would cease to function. After emergency generators are used to move and distribute what processed fuel is in the system, are only remaining fuel will be that brought into the country from other regions of the world.
Within a very short time, perhaps just days or hours of what is perceived to be a sustained loss of electrical power, the fuel system will be placed under emergency triage rationing — with hospitals, nuclear generation plants, the military, police and other emergency services consuming 100% of what’s available. Sorry, none for you.
With every additional day that the electricity is out the damage to the afflicted nation mounts. Food, fuel, and water, become scarce and sanitation problems rapidly accumulate.
Here’s the thing: cyber penetrations and outright kinetic attacks on US power grid elements have already happened. Given the extreme disruption that would result from any successful future attacks, you should have some personal preparations in place.
The US power grid, as a whole, is anything but modern and robust. Huge swaths of it were built decades ago. It remains largely a centralized generation and distribution system, one in which the failure of a remarkably few ‘nodes’ would be catastrophic.
The substations circled in green in the image above are the most vulnerable points in the system.
The Us grid consists of three big regions, and is designed in such a way that the failure of just a few critical components would drag the whole thing down.
Again, that insult could be a deliberate attack, an EMP device, a CME, or even a squirrel on the wrong transformer on a hot day that leads to a cascading series of failures.
These vulnerabilities could be addressed, but the main point of this report is to note that over the years since they’ve been identified they mostly have not been addressed.
Tomi Engdahl says:
Securing smarter grids from the enemy
http://eandt.theiet.org/magazine/2015/05/smart-grid-security.cfm#.VWWbRv8LGWQ.linkedin
Tomi Engdahl says:
A Big Solar Burp Pelted Earth Last Night
http://www.wired.com/2015/06/6-24-solar-storm/
Solar storms are what create the aurora borealis—the ethereal colored lights sometimes seen dancing in the night sky, especially at high altitudes.
But catching auroras from solar storms remains largely a matter of luck. Despite almost 200 years of working on solar storm predictions, scientists still have but a few hour’s warning that a storm’s a brewin’.
More seriously, airline operators and electrical grid managers would love more warning about when solar storms will hit and how bad they will be. If it’s looking bad, they can then ground or reroute planes and power down the grid transformers. But these things take time, and more advance warning will help them operate safely and more efficiently.
Upon arriving, the charged particles set up a huge current in the ionosphere (moving a magnet across a coil of wire will induce a current in the same way).
Those who run airlines and electrical grids, among others, would love to have more advanced warning of a storm, and a better idea of its intensity to help them plan for events. While the observational equipment for gathering space weather data essentially has not changed for 20 years, recent advances in solar storm forecasting have come from better weather models and improvements in our basic understanding of solar physics.
Tomi Engdahl says:
NY blackout forces look at power systems, July 13, 1977
http://www.edn.com/electronics-blogs/edn-moments/4390271/NY-blackout-forces-look-at-power-systems–July-13–1977?_mc=NL_EDN_EDT_EDN_today_20150713&cid=NL_EDN_EDT_EDN_today_20150713&elq=3e38ed8cba3e4486af4287c6d9c90888&elqCampaignId=23888&elqaid=26981&elqat=1&elqTrackId=016d6e2bd6ea42f0a3a3a170356c5cac
On July 13, 1977, New York City experienced an electricity blackout that would roll into the next day and be marked by city-wide looting and other crimes, including arson. The events would force a deep look into power systems and distribution.
The city at the time was experiencing a heat wave, which, through energy-hogging air conditioners and other cooling elements, already had its power systems taxed.
Starting at 8:37pm eastern time, lighting strikes around New York took out substations, causing major transmission lines to become loaded over their normal limits. Within the next 60 minutes, various additional substations were struck by lightning, with overloading making an already difficult situation more difficult.
Recovery attempts by power company Con Edison included calling for operators to “shed load.” In doing so, Con Ed operators initiated a 5% system-wide voltage reduction followed by an 8% reduction. As the situation grew darker, Con Edison began to shed load by dropping customers.
As a result of the 1977 blackout, the operating entities and power systems in New York were fully investigated.
Tomi Engdahl says:
Solar storm disrupts electrical systems, September 2, 1859
http://www.edn.com/electronics-blogs/edn-moments/4434012/Solar-storm-disrupts-electrical-systems–September-2–1859?_mc=NL_EDN_EDT_EDN_today_20150902&cid=NL_EDN_EDT_EDN_today_20150902&elq=948f582ec95d48faa296d563b542f689&elqCampaignId=24600&elqaid=27867&elqat=1&elqTrackId=7d883e8cb5d6466cab5b0281b0c9fbfa
The strongest geomagnetic solar storm in history occurred on September 1-2, 1859, disrupting electricity on Earth.
A combination of solar events caused “the most potent disruption of the planet’s ionosphere in recorded history,” according to a NASA report. It’s also known as the Carrington Event, named after a British astronomer who witnessed the solar flare that caused it.
At that time, the telegraph and electrical framework were still new, and the particles caused wires in telegraph networks in the US and Europe to short out, causing fires.
More recently, NASA reported that today’s high-tech, interconnected society would be vulnerable in a similar geomagnetic storm, which could melt copper windings of transformers and shut down power systems. The loss of power would impact water distribution soon after, shutting down things like sewage disposal and heating/air conditioning, and could cause satellite malfunctions and radio and GPS outages. The Department of Homeland Security schematic below shows the interconnected infrastructure of the modern economy.
Tomi Engdahl says:
Records: Energy Department struck by cyber attacks
http://www.usatoday.com/story/news/2015/09/09/cyber-attacks-doe-energy/71929786/
Attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, a review of federal records obtained by USA TODAY finds.
Cyber attackers successfully compromised the security of U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, according to a review of federal records obtained by USA TODAY.
The records, obtained by USA TODAY through the Freedom of Information Act, show DOE components reported a total of 1,131 cyberattacks over a 48-month period ending in October 2014. Of those attempted cyber intrusions, 159 were successful.
“The potential for an adversary to disrupt, shut down (power systems), or worse … is real here,” said Scott White, Professor of Homeland Security and Security Management and Director of the Computing Security and Technology program at Drexel University. “It’s absolutely real.”
Energy Department officials would not say whether any sensitive data related to the operation and security of the nation’s power grid or nuclear weapons stockpile was accessed or stolen in any of the attacks, or whether foreign governments are believed to have been involved.
Records show 90 of the 159 successful cyber intrusions over the four-year period were connected to the DOE’s Office of Science, which directs scientific research and is responsible for 10 of the nation’s federal energy laboratories.
Tomi Engdahl says:
What Hurricane Sandy taught IT about disaster preparedness
https://enterprisersproject.com/article/2015/9/it-continuity-eye-storm
What would you do if a hurricane swept through your town, disrupting electricity, mobile communications and roadways — and flooding your home? That’s what happened to Alphonzo Albright, global director of government at the videoconferencing provider, Polycom, when superstorm Sandy hit the Greater New York area in the fall of 2012. Albright was formerly CIO of the Office of Information Technology in New York City and was charged with working with city officials during the crisis. In this interview with The Enterprisers Project, he shares some lessons learned.
On Oct. 28, 2012, the sky was beautiful and clear. You wouldn’t believe a storm was on the way
starting to rain really hard and water was rushing down the stree
Then we lost communication — for five days.
The only thing anyone cares about in the first minutes following a crisis is safety. Immediately after, the ability to connect becomes a top priority. This is true on both a personal and a professional level, as families as well as companies of all sizes begin the process of putting their lives and businesses back together.
TEP: Once Sandy hit, I understand you were on Long Beach dealing with your flooded house. Did you have to work remotely? How did you make that work with limited communications and (I’m assuming) no electricity?
Albright: Indeed. In the aftermath, residents and businesses were out of power, and I was out of the office for 17 days. I spent that time working out of my car and driving near still-functioning cell towers to connect to the Internet through my cellphone. This way, I was still able to conduct videoconferencing meetings with co-workers through my mobile device, and stay productive despite the monumental obstacles Mother Nature was throwing at me.
TEP: What were your top priorities during the first days after the storm?
Albright: My first obligation was making sure my family was safe, having gotten a positive response regarding their safety and well-being. I then reached out to several of my solution team colleagues.
TEP: What advice would you pass along to other CIOs or tech leaders about disaster preparedness and recovery?
Albright: Instead of thinking of it as preparedness and recovery, it’s better for businesses to think of it as business continuity. Because businesses must be prepared ahead of time.
Have a Business Continuity Plan. This plan should include how to contact other families, employees, co-workers, and partners in case the office or home is not accessible. Give instructions to charge as many mobile devices as they can safely carry with them if they need to relocate.
Print lists of customer’s and partner’s contact info. You may need to contact customers or partners before power is restored to your office. If you cannot access your PC, Tablet, smartphone etc., or the system is lost, it may be vital that you have a hard copy of contact information.
Consider that disruptions can happen at any time — when people are in the office, children are at school, or a loved one is having a medical appointment.
TEP: Are there some things tech leaders should make sure not to do?
Albright: One of the biggest mistakes a tech leader can make is to put the development of a business continuity plan on their “to do” list and then fail to get it done. He/she who shuffles must deal — anything can happen at any time, and when you are cleaning up the clutter left behind when something unfortunate occurs, you still may not fully realize the potential long-term effects that losing productivity can have on any business, big or small.