Electrical grid is said to be vulnerable to terrorist attack. I can agree that electrical power distribution network would be quite vulnerable if someone tries to sabotage it and knows what to do. I know this because I design software and hardware for control systems for electrical companies.
Some days ago I saw in Finnish television an interesting documentary Suomi polvilleen 15 minuutissa (viewable on Yle Areena at least for Finnish people still for few weeks). It says that in Finland there has been debate on how many weeks the army could protect the country against potential attacks. The document says that the country could collapse in 15 minutes if some outside attacker or a small terrorist group would attack to certain key point in power network. Practically nothing would work anymore without power and it will take quite bit of time to get replacement parts for some key component. There are not too many spare parts and it it take months or a year to build a new big high voltage distribution transformer.
This vulnerability would hold to practically all developed countries. I have understood that Finnish electrical power distribution network would be in pretty good condition compared to electrical power networks on some other countries. I think that in many countries could quite easily cause huge problems by damaging some key points on power distribution network. Those attacks could be either cyber-attacks or attacks or damaging physical infrastructure.
In USA there has been lots of talk lately about electrical grid vulnerability to terrorist attack. There are warnings like this: Cyber-terrorists could target the U.S. electrical grid and throw the nation into chaos. And there is indeed some truth on those because this critical infrastructure is vital to a country’s economy and security, not a new target for terrorist groups (there have been documented incidents since the 1970s), inherently vulnerable (economical and practical reasons) and extremely hard to protect well. The electric power delivery system that carries electricity from large central generators to customers could be severely damaged by a small number of well-informed attackers. The system is inherently vulnerable because transmission lines may span hundreds of miles. Electrical infrastructure is not necessarily a new target for terrorist groups- there have been documented incidents since the 1970s.
New York Times writes that Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work. By blowing up substations or transmission lines with explosives or by firing projectiles at them from a distance, the report said, terrorists could cause cascading failures and damage parts that would take months to repair or replace.
Remember the fact that causing large scale problems for long time is usually hard. In Debunking Theories of a Terrorist Power Grab article a Penn State power-system expert cites laws of physics to pull the plug on worries that a terrorist attack on a minor substation could bring down the entire U.S. electric grid. The most vulnerable points are the ones that have the most energy flowing through them — like huge power stations or highly connected transformers. Those are the ones that should be well protected well and there should not be too much worrying on protecting smaller transformers.
Here are few links to articles for more information:
- Panel: Electrical grid vulnerable to terrorist attack
- Terrorist Attack on Power Grid Could Cause Broad Hardship, Report Says
- Protecting the Electric Grid from Terrorism — Nobody is in Charge
- Cyber-terrorist attack on U.S. electrical grid could be “gravest short term threat” to national security
- Report: U.S. Electric Infrastructure ‘Inherently Vulnerable’ to Terrorist Attacks
- Debunking Theories of a Terrorist Power Grab
- Thousands Seen Dying If Terrorists Attack U.S. Power Grid
- The Protection of Public Facilities against Terrorist Attacks
- Critical to Infrastructure: Attacks on Electrical Network
There is also a free book Terrorism and the Electric Power Delivery System on-line covering those topics. Check it out if you want to learn more. It gives you much more background than those articles.
512 Comments
Tomi Engdahl says:
Antti Kaikkonen Suomessa lisääntyneistä dronehavainnoista: ”Valvontaa on hieman lisätty” https://www.is.fi/politiikka/art-2000009142324.html
Tomi Engdahl says:
Venäjä tuhonnut 30% Ukrainan voimaloista
https://www.iltalehti.fi/ulkomaat/a/9435695b-e455-4c18-8a2d-68e6e241c31f
Tomi Engdahl says:
Pekka Haavisto: Venäjän uusissa iskuissa yksi ”erittäin huolestuttava” piirre https://www.is.fi/politiikka/art-2000009143569.html
Tomi Engdahl says:
Major German energy supplier hit by cyberattack https://therecord.media/major-german-energy-supplier-hit-by-cyberattack/
Enercity, one of Germany’s largest municipal energy suppliers, confirmed it was targeted by a cyberattack on Wednesday morning. The Hannover-based company said its security systems “reacted immediately”
and that “greater damage to the company” has been averted. Enercity confirmed that it would continue supplying energy to customers, explaining its operational technology and critical infrastructure was not affected. “Our grids and power plants are stable and the security of supply is guaranteed, ” the company stated.
Tomi Engdahl says:
Antti Häkkänen vaatii selkeitä linjauksia kriittisen infrastruktuurin suojaamiseksi: ”Ei voi olla niin, että ministerit vain ihmettelevät asiaa” https://www.is.fi/politiikka/art-2000009188336.html
Energiayhtiöt ovat ilmaisseet huolensa siitä, että tulevana talvena niiden kiinteistöihin kohdistuisi sabotaasia. Puolustusvaliokunnan puheenjohtajan Antti Häkkäsen mielestä turvallisuusasioiden ei pitäisi olla ainoastaan yritysten vastuulla.
PUOLUSTUSVALIOKUNNAN puheenjohtaja Antti Häkkänen (kok) sanoo, että Suomessa pitäisi olla selkeät linjaukset siitä, miten kriittistä infrastruktuuria, kuten energiayhtiöiden keskeisiä lämmöntuotantolaitoksia, suojataan.
IS kertoi maanantaina energiayhtiöiden edustajien olevan huolissaan siitä, että energiayhtiöiden kiinteistöihin kohdistuisi tulevana talvena sabotaasia. Sabotaasi voi kohdistua esimerkiksi sähkölinjoihin ja muuntamoihin.
Haastateltavien mukaan erilaisia valvonta- ja vartiointitoimia on lisätty, mutta kaikkea ei voida valvoa.
Esiin nousivat myös kriittisen infrastruktuurin läheisyydessä havaitut dronet, joilla todennäköisesti pyritään hybridivaikuttamiseen.
HÄKKÄNEN jakaa energiayhtiöiden huolen.
– Ei voi mennä niin, että yritysten pitäisi itse ymmärtää, mikä on kansallisen turvallisuuden kannalta vaarallista toimintaa. Valtioneuvoston pitää tehdä linjaukset ja valtakunnan tasolta täytyy tulla ohjeistus siitä, mikä kohde suojataan milläkin tavalla, Häkkänen sanoo IS:lle.
– Valtakunnan tasolta täytyy tulla ohjeistus siitä, miten suojataan keskeiset infrastruktuuritekijät, kuten satamat tai vesijärjestelmien solmukohdat, sekä energiayhtiöiden keskeiset lämmöntuotantolaitokset.
Suomessa ei Häkkäsen mukaan ole aiemmin täysin ymmärretty esimerkiksi venäläisten kiinteistökauppojen roolia, energian käyttöä poliittisena aseena, tai tiettyjen muiden hybridivaikuttamiskeinojen ongelmia.
Nyt näihin on hänen mukaansa onneksi herätty.
– Ei voi olla niin, että julkisuudessa ministerit vain ihmettelevät asiaa. On varmistettava, että kriittisen infrastruktuurin osalta turvallisuusasiat ovat kunnossa.
Tomi Engdahl says:
https://www.vice.com/amp/en/article/v7gaqb/the-mysterious-case-of-the-missing-250-ton-chinese-power-transformer
Tomi Engdahl says:
https://mobile.twitter.com/euromaidanpress/status/1592411073889460225
Tomi Engdahl says:
Microsoft says attackers are hacking energy grids by exploiting decades-old software
https://techcrunch.com/2022/11/23/microsoft-boa-server-energy-grids/?tpcc=tcplusfacebook
Microsoft has warned that malicious hackers are exploiting a discontinued web server found in common Internet of Things (IoT) devices to target organizations in the energy sector.
In an analysis published on Tuesday, Microsoft researchers said they had discovered a vulnerable open-source component in the Boa web server, which is still widely used in a range of routers and security cameras, as well as popular software development kits (SDKs), despite the software’s retirement in 2005.
The technology giant identified the component while investigating a suspected Indian electric grid intrusion first detailed by Recorded Future in April, where Chinese state-sponsored attackers used IoT devices to gain a foothold on operational technology (OT) networks, used to monitor and control physical industrial systems.
Microsoft said it has identified one million internet-exposed Boa server components globally over the span of a one-week period, warning that the vulnerable component poses a “supply chain risk that may affect millions of organizations and devices.”
Microsoft said the most recent attack it observed was the compromise of Tata Power in October. This breach resulted in the Hive ransomware group publishing data stolen from the Indian energy giant,
Vulnerable SDK components lead to supply chain risks in IoT and OT environments
https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
Tomi Engdahl says:
Extensive power outage in North Carolina is being investigated as a ‘criminal occurrence,’ authorities say
https://edition.cnn.com/2022/12/04/us/power-outage-moore-county-criminal-investigation/index.html
An extensive power outage affecting about 40,000 customers in North Carolina’s Moore County is being investigated as a “criminal occurrence” after crews found signs of potential vandalism at several locations, authorities said.
Several communities across the county began experiencing power outages just after 7 p.m. Saturday, the Moore County Sheriff’s Office said in a Facebook post.
“As utility companies began responding to the different substations, evidence was discovered that indicated that intentional vandalism had occurred at multiple sites,” the sheriff’s office said.
Tomi Engdahl says:
Restarting The Grid When The Grid Is Off The Grid
https://hackaday.com/2022/12/06/restarting-the-grid-when-the-grid-is-off-the-grid/
What Is A Black Start Of The Power Grid?
https://www.youtube.com/watch?v=uOSnQM1Zu4w
Tomi Engdahl says:
Emulating A Power Grid
https://hackaday.com/2021/06/26/emulating-a-power-grid/
https://www.fiware.org/
Tomi Engdahl says:
Security News This Week: Attackers Keep Targeting the US Electric Grid https://www.wired.com/story/attacks-us-electrical-grid-security-roundup/
Plus: Chinese hackers stealing US Covid relief funds, a cyberattack on the Met Opera website, and more
Tomi Engdahl says:
Security News This Week: Attackers Keep Targeting the US Electric Grid
Plus: Chinese hackers stealing US Covid relief funds, a cyberattack on the Met Opera website, and more.
https://www.wired.com/story/attacks-us-electrical-grid-security-roundup/
Tomi Engdahl says:
In the face of homegrown domestic terrorism, hard-to-replace transformers in the U.S. are becoming increasingly essential infrastructure. Meanwhile, a Russia-bombarded Ukraine is finding grid assistance from unexpected sources.
Transformer Stockpiles—and Grids—Come Under Threat The U.S. failed to improve its stock, but Ukraine’s supply may be improving
https://spectrum.ieee.org/transformer-stockpiles?share_id=7382953&socialux=facebook&utm_campaign=RebelMouse&utm_content=IEEE+Spectrum&utm_medium=social&utm_source=facebook#toggle-gdpr
Among the most basic power equipment components—transformers—are in short supply in both the U.S. and Ukraine, increasing their power grids’ vulnerability. In the U.S., a spate of hurricanes, global supply holdups, domestic terror attacks on grid infrastructure, and a dearth of domestic manufacturing has depleted stocks. In Ukraine, relentless Russian bombardment of electrical substations is destroying transformers faster than they can be replaced.
Both situations came before the U.S. Congress this week. President Volodymyr Zelenskyy appeared before a joint session of Congress appealing for more weapons to combat Russia’s attacks. Zelenskyy struck a defiant tone, saying bombs and blackouts will not steal Ukraine’s Christmas: “Even if there is no electricity, the light of our faith in ourselves will not be put out.”
Meanwhile, behind the scenes, members of Congress made a last-ditch and ultimately unsuccessful appeal for federal dollars to boost transformer production.
Transformers are like trust—months or years to build, seconds or minutes to destroy.
Since the birth of modern power grids, millions of transformers on street poles and in switchyards have underpinned the practicality of alternating current.
Yet nearly 140 years since their invention, transformers remain much like trust: they can take months or even years to build and just seconds to minutes to destroy.
Projectiles puncturing their cases can release or ignite the heat-transfer oils that protect their intricate coil windings from overheating, often causing irreparable damage. That can be a crippling weakness at a time of increasing attacks on transformers.
In Ukraine, Russian barrages destroy multiple transformers almost daily. That’s made transformers the most sought-after hardware in the country after Western missile systems. And it has forced Ukraine’s grid operators to appeal for spares from their counterparts abroad.
Deliberate grid attacks are also raising anxiety in the U.S. Gunfire that took out the occasional transformer can on a pole five years ago is increasingly destroying transformers in substations that can weigh over 200 tonnes and feed power to neighborhoods or to entire cities.
Coordinated firearms attacks on a pair of Duke Energy transmission substations in North Carolina this month grabbed headlines by blacking out about 45,000 people for up to four days. But in the last two months alone, deliberate damage to substations has sparked blackouts across the U.S., including in a second area in North Carolina, Ohio, and Oregon and Washington state. All remain unsolved.
The scale of hostile outages in the U.S. pales compared to Ukraine’s suffering. But there are unsettling commonalities. In both countries, substation attacks seem designed to sow chaos and fear, and are at least partly motivated by an antipathy that’s anywhere from reckless to outright vengeful.
The conspirators “expected the damage would lead to economic distress and civil unrest,”
Six months after the Columbus filings, federal authorities became aware that a “suspected white supremacist” posted online the “exact coordinates of more than 75,000 substations across the U.S.,” according to cable news network NewsNation.
Attacks and warnings are boosting utility interest in programs that give them access to shared stockpiles of transformers and other critical equipment.
Pooling resources provides an insurance policy against high-impact events expected to occur infrequently to any one firm. But Rupert says more and closer manufacturing would enhance security. Tighter supplies mean longer delays to replace stocks that could be cleared out by a major incident causing widespread destruction—such as a massive solar storm, or attack via electromagnetic weapons.
Large transformers Grid Assurance acquired in 2020 to be delivered in 18-24 months would take up to 39 months to replace today. Worse still, says Rupert, 70 percent of its transformers are manufactured outside North America.
challenges contributing to transformer shortages, and honed in on one key ingredient: grain-oriented electrical steel. It’s the grade required for compact and efficient transformers, only one U.S. firm makes it, and the national lab study found its quality and quantity lacking. As a result, domestic producers serve only one-fifth of U.S. transformer demand—mostly small devices powering several homes or blocks
A Little Help from Friends
Creativity and bravery has certainly been on display by grid engineers in Ukraine, who cobble and piece together whatever parts they can to restore power knocked out by each Russian barrage.
Last Friday’s had cut power deliveries by over half when the engineers set to work—despite Ukrainian air defenses downing 60 of the 80-90 missiles fired. The next day President Zelenskyy said grid operators already had power flowing again to almost 6 million people.
Of course, there was much more work ahead. ”There is still a lot of work to do to stabilize the system. There are problems with the supply of heat, there are big problems with the supply of water,” said Zelenskyy.
DTEK, an energy conglomerate that distributes most of eastern Ukraine’s power, received its first infusion of equipment last week, including 36 transformers from Zurich-based equipment supplier Hitachi Energy.
Other distributors are benefitting from 250 transformers donated by Lithuanian power and gas distributor ESO that arrived earlier this month.
Ukrenergo, meanwhile, can buy equipment for its transmission grid thanks to more than Euro-400-million in loans and grants from European governments last week.
Ukraine’s Grid Needs Parts—Will Western Firms Step Up? As Ukraine’s energy infrastructure gets pummeled, the nation’s allies have yet to answer desperate calls for support
https://spectrum.ieee.org/russia-targets-ukraine-grid
Tomi Engdahl says:
Pakistanin sähköverkko kaatui
Sähkökatko alkoi varhain maanantaiaamuna, kun generaattoreita käynnistettiin uudelleen.
https://www.iltalehti.fi/ulkomaat/a/d4653720-ebbd-4ada-83c9-b6aee6103202
Pakistanin valtakunnallisessa sähköverkossa tapahtuneen häiriön vuoksi osa maasta kärsi sähkökatkosta varhain maanantaiaamuna. Asiasta kertoo Reuters.
Pakistanin energiaministeriön mukaan laaja sähkökatko alkoi puoli kahdeksan aikaan aamulla paikallista aikaa. Korjaustyöt on aloitettu. Pakistanin energiaministeri Kharrum Dastagir kertoi Geo Newsille, että sähköt yritetään saada palautettua 12 tunnin kuluessa.
Massive power breakdown hits Pakistan
https://www.geo.tv/latest/466685-countrywide-breakdown-reported-due-to-unidentified-fault
Minister says power generation units are temporarily shut in winter at night.
Says frequency variation in national grid triggered outage.
Says ministry trying to restore power in next 12 hours.
Power Minister Khurrum Dastagir, while talking to Geo News, said that the power generation units are temporarily shut down in winter at night as an economic measure to save fuel costs.
“When the systems were turned on at 7:30am this morning one by one, frequency variation was reported in the southern part of the country between Jamshoro and Dadu. There was a fluctuation in voltage and power generating units were shut down one by one due to cascading impact. This is not a major crisis,” said the federal minister as the country plunged into darkness for the second time in four months.
The minister said that his ministry has started restoring some grid stations in Tarbela and Warsak.
“Peshawar Electric Supply Company (PESCO) and some grids of Islamabad Electric Supply Company (IESCO) have already been restored,” claimed the minister.
A timeline of power breakdowns in Pakistan
The country’s generation and distribution network has suffered eight major power breakdowns during the last nine years.
In 2014 and 2017, nationwide blackouts were caused by a fault in Tarbela Power Station while fog, frequency variation and the Guddu Power Plant fault were blamed for breakdowns in 2015, 2018, 2019, 2021, 2022 and 2023.
Every time the party in power announced to conduct a comprehensive probe and vowed to rectify the issues but nothing has happened despite multiple inquiries.
Tomi Engdahl says:
Pakistani authorities investigating if cyberattack caused nationwide blackout https://therecord.media/pakistani-authorities-investigating-if-cyberattack-caused-nationwide-blackout/
Pakistani authorities are investigating whether a nationwide blackout which left millions of people without power on Monday was caused by a cyberattack. The countrys energy minister Khurram Dastgir Khan told journalists during a news conference on Tuesday morning that there was a remote chance the incident was caused by hackers. Cyberattacks on energy grids are rare, although several have targeted Ukraine in the context of Russias attacks against the country since 2014. Outages have become a common occurrence in the South Asian country in recent years, where an ongoing economic crisis and last years devastating floods have severely impacted the lives of the countrys more than 220 million people
Tomi Engdahl says:
FBI says two men attacked Washington’s electric grid in order to commit a robbery
https://www.npr.org/2023/01/04/1146889176/washington-electricity-power-grid-sabotage-attacks-blackout-outage
Two men have been charged with federal crimes for attacking substations in Washington State, an act of sabotage that left thousands without power on Christmas Day.
Federal agents say one of the men confessed to knocking out the power in order to commit a burglary by emptying the cash register of a local business during the power outage.
The sabotage came after a string of other attacks on power infrastructure across the U.S., including one that caused a major outage in North Carolina.
The Department of Homeland Security has previously warned that power infrastructure is an “attractive” target for domestic terrorists; however, the charging documents for Greenwood and Crahan don’t indicate any political motivations.
Tomi Engdahl says:
https://www.verkkouutiset.fi/a/te-epailyttavaa-toimintaa-havaittu-kriittisen-infrastruktuurin-lahella/#f105d9e9
Tomi Engdahl says:
What Is A Black Start Of The Power Grid?
https://www.youtube.com/watch?v=uOSnQM1Zu4w
A summary of the challenges with starting a grid back up from total collapse.
The grid is a little bit of a house of cards. It’s not necessarily flimsy, but if the whole thing gets knocked down, you have to rebuild it one card at a time and from the ground up. Restoring power after a major blackout is one of the most high stakes operations you can imagine. The consequences of messing it up are enormous, but there’s no way to practice a real-life scenario. It seems as simple as flipping a switch, but restoring power is more complicated than you might think.
Tomi Engdahl says:
What Really Happened During the 2003 Blackout?
https://www.youtube.com/watch?v=KciAzYfXNwU
In 2003, one of the most severe power outages in history affected the northeastern US and parts of eastern Canada. This video summarizes the events leading up to and during the blackout.
Blackout: The Power Outage That Left 50 Million W/o Electricity | Retro Report | The New York Times
https://www.youtube.com/watch?v=nd3teNgUq8E
Retro Report: In 2003, a blackout crippled areas of the U.S. and Canada, leaving some 50 million people in the dark. Ten years later, we are still grappling with concerns over the vulnerability of the power grid.
Tomi Engdahl says:
Authorized Personnel Only – How to Start and Sync a 400,000 Watt Turbine Hydroelectric Generator
https://www.youtube.com/watch?v=xGQxSJmadm0
Authorized Personnel Only – Kickstarting A Hydroelectric Turbine
https://www.youtube.com/watch?v=Jh0tRdnXVDM
Tomi Engdahl says:
Energy Transformation via Cyber-Resilient Smart Grid
https://www.trendmicro.com/en_us/research/23/e/energy-transformation-cyber-resilient-smart-grid.html
Learn more about smart grid vulnerabilities and how organizations can future-proof their enterprises
As the need for reliable and affordable energy sources grows, countries worldwide are increasingly turning to smart grids. Smart grids revolutionize how society accesses energy, enabling higher efficiency, reliability, and cost-effective management of energy resources. But these advancements come with a risk—smart grid infrastructures are highly vulnerable to cyberattacks, leading to costly consequences if left unprotected.
Drawing on the Achieving Energy Transformation: Building a Cyber Resilient Smart Grid
Report released on April 2023 from TXOne Networks, a Trend Micro’s affiliated company dedicated to OT security. This blog will discuss key vulnerabilities in smart grids. It also discusses the associated cybersecurity standards and countermeasures that must be taken to protect this vital infrastructure from malicious activities.
Renewable power generation
Renewable power generation, such as wind and solar, plays a critical role in the smart grid, but they also introduce new vulnerabilities that attackers can exploit. The following are some of the vulnerabilities associated with renewable power generation:
Vulnerabilities in Wind Power Control Equipment: Wind turbines are controlled by industrial control systems that may have vulnerabilities that attackers can exploit. For example, attackers could manipulate the control systems to change the output of the wind turbines, causing imbalances in the grid and potentially leading to blackouts.
Vulnerabilities in Solar Power Generation: Solar power generation systems also rely on industrial control systems, which may have vulnerabilities that attackers can exploit. For example, attackers could manipulate the control systems to cause the solar panels to overproduce or underproduce energy, causing imbalances in the grid.
Distribution Automation (DA) and Feeder Automation (FA)
These are critical components of the smart grid that automate power distribution from the substation to customers. However, they are also vulnerable to attacks due to the following reasons:
Insecure Industrial Control Protocols: DA and FA systems use industrial control protocols that may not have security features, making them vulnerable to attacks. For example, attackers could use unauthenticated commands to manipulate the DA and FA systems, causing power outages or other disruptions.
Risk of Remote Service Vulnerabilities: Many DA and FA systems are connected to remote services, such as cloud-based applications, which can be vulnerable to attacks. Attackers could exploit vulnerabilities in these remote services to gain access to the DA and FA systems and cause disruptions.
Energy Storage System Management
It is an essential component of the smart grid that enables the storage of excess energy from renewable sources for later use. However, they are also vulnerable to attacks due to the following reasons:
Insecure Communication Protocols: Energy storage systems use communication protocols to communicate with other smart grid components. These protocols may not have security features, making them vulnerable to attacks. For example, attackers could intercept the communication between the energy storage system and other smart grid components, leading to unauthorized access or control of the system.
Physical Security Risks: Energy storage systems may be located in remote or unsecured locations, making them vulnerable to physical attacks. Attackers could damage or destroy the energy storage systems, leading to power outages or other disruptions.
Advanced Metering Infrastructure (AMI) Management System
This is another critical component of the smart grid that enables collecting and transmitting energy usage data from smart meters to utilities. However, they are also vulnerable to attacks due to the following reasons:
Insecure Communication Protocols: AMI systems use communication protocols to transmit data between smart meters and utilities. These protocols may not have security features, making them vulnerable to attacks. For example, attackers could intercept the communication between the smart meters and utilities, leading to unauthorized access or control of the system.
Unauthorized Access: AMI systems may be accessible to unauthorized personnel, making them vulnerable to attacks. Attackers could gain physical access to the AMI systems and tamper with the smart meters or the data collected by the system.
Addressing these vulnerabilities is crucial for the resilience and security of the smart grid. Implementing robust cybersecurity measures can significantly mitigate these vulnerabilities and safeguard against cyber threats.
Tomi Engdahl says:
New Russian-linked CosmicEnergy malware targets industrial systems https://www.bleepingcomputer.com/news/security/new-russian-linked-cosmicenergy-malware-targets-industrial-systems/
Mandiant security researchers have discovered a new malware called CosmicEnergy designed to disrupt industrial systems and linked to Russian cybersecurity outfit Rostelecom-Solar (formerly Solar Security). The malware specifically targets IEC-104-compliant remote terminal units (RTUs) commonly used in electric transmission and distribution operations across Europe, the Middle East, and Asia
Tomi Engdahl says:
Cyberwarfare
Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure
https://www.securityweek.com/microsoft-catches-chinese-gov-hackers-in-guam-critical-infrastructure-orgs/
In a campaign called Volt Typhoon, Microsoft says Chinese government hackers were siphoning data from critical infrastructure organizations in Guam, a U.S. territory in the Pacific Ocean.
Rohan Goswami / CNBC:
Microsoft says Chinese state-sponsored hackers compromised “critical infrastructure organizations” across US industries, with a focus on gathering intelligence — – Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries …
Microsoft warns that China hackers attacked U.S. infrastructure
https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html
Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries, including government and communications organizations, Microsoft said Wednesday.
The hacking group is codenamed”Volt Typhoon,” and has been in operation since 2021.
Impacted parties have already been notified.
Tomi Engdahl says:
Russians Hacked into America’s Electric Grid. Here’s Why Securing It Is Hard.
There is no way to completely protect the grid. Regulation at the state and federal levels makes it hard for utilities and regulators to work together to get the job done.
https://www.govtech.com/security/Russians-Hacked-into-Americas-Electric-Grid-Heres-Why-Securing-it-is-Hard.html#amp_tf=L%C3%A4hde%3A%20%251%24s&aoh=16848445681469&csi=1&referrer=https%3A%2F%2Fwww.google.com&share=https%3A%2F%2Fwww.govtech.com%2Fsecurity%2FRussians-Hacked-into-Americas-Electric-Grid-Heres-Why-Securing-it-is-Hard.html
Tomi Engdahl says:
https://www.politico.com/newsletters/power-switch/2023/02/14/this-russia-linked-hack-worse-than-we-knew-00082755
Tomi Engdahl says:
Black start
https://youtu.be/uOSnQM1Zu4w
Tomi Engdahl says:
New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption.
https://www.securityweek.com/new-russia-linked-cosmicenergy-ics-malware-can-disrupt-electric-grid/
Tomi Engdahl says:
COSMICENERGY Malware Is Not an Immediate Threat to Industrial Control Systems https://www.dragos.com/blog/cosmicenergy-malware-is-not-an-immediate-threat-to-industrial-control-systems/
Dragos recently analyzed the new industrial control systems (ICS) malware dubbed COSMICENERGY by Mandiant on May 25, 2023. This malware, designed to target IEC 104 devices, exploits existing Microsoft SQL (MS SQL) servers that are connected to remote terminal units (RTUs). Dragos Threat Intelligence independently analyzed the malware and, counter to media headlines claiming power disruption or grid crippling abilities, concluded that COSMICENERGY is not an immediate threat to operational technology.
Tomi Engdahl says:
Flipper Zero “Smoking” A Smart Meter Is A Bad Look For Hardware Hackers
https://hackaday.com/2023/06/14/flipper-zero-smoking-a-smart-meter-is-a-bad-look-for-hardware-hackers/
Alright, we’re calling it — we need a pejorative equivalent to “script kiddie” to describe someone using a Flipper Zero for annoyingly malign purposes. If you need an example, check out the apparent smart meter snuff video below.
The video was posted by [Peter Fairlie], who we assume is the operator of the Flipper Zero pictured. The hapless target smart meter is repeatedly switched on and off with the Flipper — some smart meters have contactors built in so that service can be disconnected remotely for non-payment or in emergencies — which rapidly starts and stops a nearby AC compressor. Eventually, the meter releases a puff of Magic Smoke, filling its transparent enclosure and obscuring the display. The Flipper’s operator mutters a few expletives at the results, but continues turning the meter on and off even more rapidly before eventually running away from the scene of the crime.
Tomi Engdahl says:
https://www.rtl-sdr.com/flipper-zero-self-destructs-an-electricity-smart-meter/
Tomi Engdahl says:
https://hackaday.com/2023/08/29/the-2003-northeast-blackout-and-the-harsh-lessons-of-grid-failures/
Tomi Engdahl says:
Taivaalta pudonnut kala aiheutti sähkökatkon Yhdysvalloissa
https://www.mtvuutiset.fi/artikkeli/taivaalta-pudonnut-kala-aiheutti-sahkokatkon-yhdysvalloissa/8758472#gs.4mmnrh
Taivaalta pudonnut kala aiheutti ongelmia New Jerseyssä.
Kala putosi taivaalta aiheuttaen sähkökatkon Sayrevillen kaupunkissa Yhdysvaltojen New Jerseyssä, kertoo Fox News. Sayrevillen poliisilaitos tiedotti tapahtuneesta Facebook-sivuillaan.
Poliisilaitos kertoi lauantaisessa julkaisussaan, että osa Sayrevillen kaupunkia on ilman sähköjä, kun muuntajasta löytyi kala.
– Tämä kala tuhosi muuntajan, poliisilaitos päivittelee.
Unlikely animal falls from sky and knocks power out for thousands in New Jersey town
Unlikely animal falls from sky and knocks power out for thousands in New Jersey town
Sayreville Police Department urges the public to ‘not forget the victim in this senseless death,’ in a cheeky Facebook post
Sayreville Police Department urges the public to ‘not forget the victim in this senseless death,’ in a cheeky Facebook post
Tomi Engdahl says:
Yksi menestyneimmistä suomalaissoftista täyttää 40 vuotta
https://etn.fi/index.php/13-news/15276-yksi-menestyneimmistae-suomalaissoftista-taeyttaeae-40-vuotta
inux on taatusti menestynein suomalainen ohjelmistoinnovaatio, mutta Strömbergillä 40 vuotta sitten kehitetty MicroSCADA on sekin saavuttanut kovan suosion. Ohjelmisto valvoo sähkönsaantia yli 10 prosentille maailman väestöstä.
Kriittisen infrastruktuurin ohjaus- ja valvontajärjestelmänä laajasti käytössä oleva Hitachi Energyn MicroSCADA saavuttaa tänä vuonna merkittävän virstanpylvään: ohjelmistoinnovaation synnystä on kulunut 40 vuotta ja maailmanlaajuisten toimitusten määrä ylittää 15 000. Järjestelmä on käytössä yli 170 maassa ja valvoo sähkönsaantia arviolta yli kymmenelle prosentille maailman väestöstä. Tätä suomalaisen ohjelmistokehityksen tähtituotetta on koko historiansa ajan kehitetty Suomessa.
Maailmanlaajuisesti MicroSCADA on käytössä yli 10 000 sähköasemalla valvomassa ja varmistamassa luotettavaa sähkönsaantia. Ohjelmiston käyttökohteet kattavat koko kriittisen infrastruktuurin, kuten sähköverkot, prosessiteollisuuden, sairaalat, satamat ja datakeskukset sekä yli 67 000 kilometriä rautateitä ja 30 lentokenttää maailmanlaajuisesti.
MicroSCADA-alustan juuret juontavat vuoteen 1983 ja Vaasaan, jossa se kehitettiin silloisen Strömbergin aikana, siis jo ennen kuin Strömberg liitettiin Aseaan ja josta myöhemmin tuli ABB. 2019 ABB myi sähköverkkojen liiketoiminnan Hitachille, joka nykyään tunnetaan nimellä Hitachi Energy Systems.
Alusta lähtien Suomi on ollut alustan tutkimus- ja kehitystyön hermokeskus, ja tänä päivänä tiimit ympäri maailmaa osallistuvat alustan kehittämiseen. – MicroSCADA on sähköautomaatioratkaisujen teknologia, johon kaikkia muita verrataan.
Suomessa MicroSCADA valvoo yli 50 % sähköverkoista, mukaan lukien Tampereen, Kuopion, Oulun ja Vaasan kaupungit sekä Kainuun, Savon ja Pohjois-Karjalan laajat maaseutuverkot. Se valvoo myös yli 3 300 kilometriä Suomen sähköistä rataverkkoa. Hyvä esimerkki järjestelmän monipuolisuudesta on, että MicroSCADA on ohjannut ja valvonut Helsingin metron kiinteistöjä ja asemia 1990-luvulta lähtien, varmistaa Länsimetron käytettävyyttä ja turvallisuutta sekä pitää Tampereen Ratikan liikkeessä. Lisäksi MicroSCADA valvoo muun muassa Oulun, Helsingin ja Jyväskylän sairaaloiden kriittistä sähkönjakelua.
Tomi Engdahl says:
Bill Toulas / BleepingComputer:
Symantec: Chinese cyberespionage group Redfly used the ShadowPad trojan to compromise a national grid in an Asian country from February 28 until August 3, 2023
‘Redfly’ hackers infiltrated power supplier’s network for 6 months
https://www.bleepingcomputer.com/news/security/redfly-hackers-infiltrated-power-suppliers-network-for-6-months/
An espionage threat group tracked as ‘Redfly’ hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months.
These new findings come from Symantec, who found evidence of ShadowPad malware activity in the organization’s network between February 28 and August 3, 2023, along with keyloggers and specialized file launchers.
The ShadowPad variant seen in the attacks masquerades its components (exe and dll) as VMware files, dropping them on the victim’s filesystem.
The program also achieves persistence by creating services named after VMware again, set to launch the malicious executable and DLL upon system boot.
The lengthy dwell period seen in this attack is characteristic of espionage actors who infect systems and keep a low profile to collect as much intelligence as possible.
While the attackers’ intent to disrupt the power supply remains uncertain, the potential risk poses a significant threat.
“Attacks against CNI targets are not unprecedented. Almost a decade ago, Symantec uncovered the Russian-sponsored Dragonfly group’s attacks against the energy sector in the U.S. and Europe,” concluded Symantec’s report.
“More recently, the Russian Sandworm group mounted attacks against the electricity distribution network in Ukraine that were directed at disrupting electricity supplies.”
Redfly: Espionage Actors Continue to Target Critical Infrastructure
National grid in Asia compromised by attackers using ShadowPad Trojan.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks
Espionage actors are continuing to mount attacks on critical national infrastructure (CNI) targets, a trend that has become a source of concern for governments and CNI organizations worldwide. Symantec’s Threat Hunter Team has found evidence that a threat actor group Symantec calls Redfly used the ShadowPad Trojan to compromise a national grid in an Asian country for as long as six months earlier this year. The attackers managed to steal credentials and compromise multiple computers on the organization’s network.
Tomi Engdahl says:
FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers https://therecord.media/fbi-warning-energy-sector-increased-hacking-china-russia
Global energy supply changes will likely increase Chinese and Russian hackers’
targeting of critical energy infrastructure, according to an FBI notification sent to the energy industry and obtained by Recorded Future News. The alert, issued Thursday, cites factors such as increased U.S. exports of liquefied natural gas (LNG); changes in the global crude oil supply chain favoring the U.S.; ongoing Western pressure on Russia’s energy supply; and China’s reliance on oil imports.
The notification does not refer to any specific advanced persistent threat
(APT) hacking groups associated with China or Russia, nor does it point to specific cybersecurity incidents involving critical infrastructure. Instead, it broadly notes the attractiveness of U.S. networks for foreign intrusions and reminds recipients that Chinese and Russian hackers are constantly trying to explore key systems and improve their ability to exploit gaps they discover.
Tomi Engdahl says:
Tällaiset havainnot ovat kummastuttaneet sähköyhtiöitä – ”Ollaan silmät auki” https://www.is.fi/kotimaa/art-2000009929813.html
Tomi Engdahl says:
se on aivan totta, että uudet tuulivoimaa varten rakennettavat sähköasenat, ohjelmat niitä käyttämään ja itse verkko on paljon haavoittuvampi kuin aiemmat vakaat hyvin hallittavat tahtikoneille tehdyt. Tämän totesi Fingrid julkaisuissaan alkuvuodesta 2023.
Tomi Engdahl says:
Outsmarting cyberattacks on microgrids
https://discovery.kaust.edu.sa/en/article/22729/k2007/
A residual-based approach that detects and corrects voltage and frequency anomalies could protect power grids against covert cyberattacks.
A system that detects and mitigates stealthy intermittent attacks against intelligent systems such as small power grids called microgrids is expected to help meet emerging cybersecurity challenges, a KAUST-led team demonstrates.
Electronics-interfaced power devices play an increasingly important role in electricity generation and storage. Useful for small decentralized power systems that rely on renewable energy sources such as microgrids, they offer an ecofriendly and economical alternative to conventional generators in large-scale central plants.
However, their integration into the grid creates several uncertainties regarding reliability, stability and resilience. It also makes computing and communication capabilities easier to implement, but the presence of intelligent electronic devices in various parts of the grid can increase cybersecurity risks in this system.
Tomi Engdahl says:
https://www.etteplan.com/stories/virtual-power-plants-and-distributed-energy-storage-new-energy-market-catalysts
Tomi Engdahl says:
https://safegrid.io/
Tomi Engdahl says:
Suomi polvilleen 15 minuutissa
https://areena.yle.fi/1-1822186
Suomessa on väitelty siitä, kuinka monta viikkoa puolustus kestää vihollista vastaan. Maa voisi kaatua vartissa, jos ulkoinen hyökkääjä tai pieni terroristijoukko iskisi energiahuollon avainkohtiin. Toimittaja Hannu Sokala. (11.03.2013)
Tomi says:
https://www.tuni.fi/fi/tutkimus/verkkoon-kytketty-tehoelektroniikka
Sähköverkkoihin vaikuttavat dynaamiset ilmiöt muuttuvat jatkuvasti vaikeammin hallittaviksi kun uusiutuvien energialähteiden sekä tehoelektronisten kuormien määrä lisääntyy. Kehitämme metodeja ja teknologiaa, joilla varmistetaan tehoelektroniikkalaitteiden stabiili toiminta kehittyvässä sähköenergiajärjestelmässä.
Tutkimusaiheitamme ovat muun muassa vaihtosuuntaajien dynaamiset ilmiöt, mukautuvat säätöalgoritmit, verkkosynkronointi, verkon muodostavat vaihtosuuntaajat, tehoelektroniikka osana tasa- ja vaihtosähköön perustuvia mikroverkkoja, tehoelektroniikan tuottamat tukipalvelut verkoille kuten loistehon, taajuuden ja jännitteen säätö.
Tomi Engdahl says:
Chinese hackers spent 5 years waiting in U.S. infrastructure, ready to attack, agencies say
The report is one of the first public indications that Chinese hackers have had years of access to U.S. infrastructure.
https://www.nbcnews.com/tech/security/chinese-hackers-cisa-cyber-5-years-us-infrastructure-attack-rcna137706
Tomi Engdahl says:
https://www.elenia.fi/tulevaisuuden-energia/sahkonkulutuksen-mittausuudistus/kuormanohjaus?fbclid=IwAR2X9VjJz_7hbt2TItcZ9WC-jhqceO00j7qB4kZiHM6f6Fi5k9Id0kSzrIQ_aem_AYLsvcMImFXP3TDH4e3m47Its_Ff0gj3jn1WfENG_IfShNmpnEhLFTE6sO4508IobQeOMAYXVUnurGR_BMIQ0NCK
Tomi Engdahl says:
Thermal Power Plant – Basic Layout, Parts, Principle
https://instrumentationtools.com/thermal-power-plant/#google_vignette
Tomi Engdahl says:
Grid-Scale, Predictive Maintenance Can Be Done Better And one component—the switchgear—could lead the way
https://spectrum.ieee.org/predictive-maintenance-grid-scale
Tomi Engdahl says:
Pandemiaan verrattava uhka vaanii taivaalla – Asiantuntija: ”Vain ajan kysymys”
Huoltovarmuuskeskuksen johtava varautumisasiantuntija Tapio Tourula sanoo, että voimakas aurinkomyrsky voisi lamauttaa koko globaalin järjestelmän.
https://www.iltalehti.fi/kotimaa/a/e75e2e47-6869-40ec-95e1-12d725938a63
Erittäin voimakkaan aurinkomyrskyn iskeminen maapallolle on vain ajan kysymys, sanoo Huoltovarmuuskeskuksen johtava varautumisasiantuntija Tapio Tourula.
Hän toteaa, että sen seuraukset voivat olla sähköistyneelle, modernille yhteiskunnalle dramaattiset, jopa lamauttavat.
Tourulan mukaan Suomessa varautuminen on hyvällä tasolla, mutta Suomi ei ole irrallaan muusta maailmasta.
Voimakkaan aurinkomyrskyn vaikutukset voisivat ulottua hyvin laajalle alueelle ja silloin uhkana on maailmanlaajuisesti nyky-yhteiskunnille keskeisen tärkeiden järjestelmien kaatuminen.
– Kun ei panna tätä koko sotkua pelkästään Suomeen vaan koko pohjoiselle pallonpuoliskolle, niin koko globaali järjestelmä lamautuu. Kuinka nopeasti se palaa siitä takaisin ja minkälaisia vaikutuksia sillä on Suomelle, se on oma iso kysymyksensä, Tourula sanoo.
Mittaushistorian voimakkain aurinkomyrsky oli vuonna 1859 havaittu Carringtonin myrsky. Vastaavaa ei ole koettu aikana, jolloin yhteiskuntien toiminta on riippuvainen sähköstä.
Pienemmistä aurinkomyrskyistä on seurannut esimerkiksi sähkökatkoksia Ruotsissa ja Kanadassa.
– Carrington-luokan myrskyn vaikutukset olisivat arvioiden mukaan moninkertaiset verrattuna modernilla ajalla tapahtuneisiin myrskyihin, Tourula sanoo.
Hän kertoo, että voimakas myrsky uhkaisi laajasti sähköverkkoja, satelliitteja ja radiosignaaleja. Jos ne kaikki olisivat yhtä aikaa pelistä pois, voi kerrannaisvaikutuksia vain arvailla.
– On helpompaa hallita erillisiä asioita ja varautua niiden vaikutuksiin, mutta sitten jos tämä koko homma on yhtä aikaa päällä, on haastavaa hahmottaa kokonaisuutta ja varsinkaan tietää tarkasti etukäteen.
Elämää sähköttä
Ihmisen arkeen voimakkaan aurinkomyrskyn mahdollisista vaikutuksista osuisi sattuvimmin sähköverkon kaatuminen.
Tapio Tourulan mukaan Suomen sähköverkko itsessään kestäisi voimakastakin aurinkomyrskyä todennäköisesti hyvin, mutta muualla näin ei välttämättä ole.
Kun aurinkomyrskyn vaikutukset eivät katso valtakuntien rajoja ja kun herkät sähköverkot ovat toisiinsa yhteydessä, niiden kaatuminen muualla uhkaa Suomenkin verkkoa.
Kantaverkkoyhtiö Fingridin sittemmin eläköitynyt toimitusjohtaja Jukka Ruusunen kuvaili Iltalehdelle viime vuonna, mitä sähköverkon kaatuminen tarkoittaisi.
– Mikään ei toimisi. Maksuliikenne ei toimisi, vessat eivät toimisi, kaikki lämmitys pysähtyisi. Se olisi koko yhteiskunnan täydellinen halvaantuminen, Ruusunen sanoi.
Tomi Engdahl says:
Sähkönjakelu on merkittävä osa huoltovarmuutta – ”Sähkön on aina kuljettava asiakkaalle”
Energiakriisi ja viime talveksi ennustettu sähköpula vaativat sopeutumista paitsi kotitalouksilta, myös yrityksiltä. Yksi näistä oli sähkönjakeluyhtiö Elenia. Sähköpulaan varauduttiin Elenialla kehittämällä ratkaisuja, joiden avulla sähköntarve erityisesti yhteiskunnan kriittisissä toiminnoissa pystyttäisiin turvaamaan.
https://www.op-media.fi/yrittajyys/sahkoverkkojen-alykas-teknologia-vauhdittaa-vihreaa-siirtymaa/
Tomi Engdahl says:
https://www.op-media.fi/yrittajyys/sahkoverkkojen-alykas-teknologia-vauhdittaa-vihreaa-siirtymaa/