Terrorism and the Electric Power Delivery System

Electrical grid is said to be vulnerable to terrorist attack. I can agree that electrical power distribution network would be quite vulnerable if someone tries to sabotage it and knows what to do. I know this because I design software and hardware for control systems for electrical companies.

Some days ago I saw in Finnish television an interesting documentary Suomi polvilleen 15 minuutissa (viewable on Yle Areena at least for Finnish people still for few weeks). It says that in Finland there has been debate on how many weeks the army could protect the country against potential attacks. The document says that the country could collapse in 15 minutes if some outside attacker or a small terrorist group would attack to certain key point in power network. Practically nothing would work anymore without power and it will take quite bit of time to get replacement parts for some key component. There are not too many spare parts and it it take months or a year to build a new big high voltage distribution transformer.

This vulnerability would hold to practically all developed countries. I have understood that Finnish electrical power distribution network would be in pretty good condition compared to electrical power networks on some other countries. I think that in many countries could quite easily cause huge problems by damaging some key points on power distribution network. Those attacks could be either cyber-attacks or attacks or damaging physical infrastructure.

s_080220133187

In USA there has been lots of talk lately about electrical grid vulnerability to terrorist attack. There are warnings like this: Cyber-terrorists could target the U.S. electrical grid and throw the nation into chaos. And there is indeed some truth on those because this critical infrastructure is vital to a country’s economy and security, not a new target for terrorist groups (there have been documented incidents since the 1970s), inherently vulnerable (economical and practical reasons) and extremely hard to protect well. The electric power delivery system that carries electricity from large central generators to customers could be severely damaged by a small number of well-informed attackers. The system is inherently vulnerable because transmission lines may span hundreds of miles. Electrical infrastructure is not necessarily a new target for terrorist groups- there have been documented incidents since the 1970s.

New York Times writes that Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work. By blowing up substations or transmission lines with explosives or by firing projectiles at them from a distance, the report said, terrorists could cause cascading failures and damage parts that would take months to repair or replace.

Remember the fact that causing large scale problems for long time is usually hard. In Debunking Theories of a Terrorist Power Grab article a Penn State power-system expert cites laws of physics to pull the plug on worries that a terrorist attack on a minor substation could bring down the entire U.S. electric grid. The most vulnerable points are the ones that have the most energy flowing through them — like huge power stations or highly connected transformers. Those are the ones that should be well protected well and there should not be too much worrying on protecting smaller transformers.

Here are few links to articles for more information:

There is also a free book Terrorism and the Electric Power Delivery System on-line covering those topics. Check it out if you want to learn more. It gives you much more background than those articles.

511 Comments

  1. Tomi Engdahl says:

    UK energy firm says power cut was not caused by cyberattack
    https://techxplore.com/news/2019-08-uk-energy-firm-power-cyberattack.html

    A power cut that affected a million people and caused travel chaos was not the result of a cyberattack, operators of Britain’s electricity network said Saturday.

    National Grid operations director Duncan Burt said Friday’s blackout was caused when two power stations failed almost simultaneously, leading the system to cut off power to some parts of the country in order to preserve the rest.

    Reply
  2. Tomi Engdahl says:

    U.K. Seeks Answers After Biggest Power Failure in a Decade
    https://www.nytimes.com/2019/08/10/world/europe/uk-power-cut.amp.html

    Aug. 10, 2019
    LONDON — Britain’s energy regulator on Saturday demanded answers about the country’s biggest electrical blackout in more than a decade, which affected about a million homes and left commuters stranded on packed rush-hour trains in unlit tunnels.

    Reply
  3. Tomi Engdahl says:

    Employees connect nuclear plant to the internet so they can mine cryptocurrency
    https://www.zdnet.com/article/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d5f56d357819f000169019c&utm_medium=trueAnthem&utm_source=twitter

    The Ukrainian Secret Service is investigating the incident as a potential security breach.

    Ukrainian authorities are investigating a potential security breach at a local nuclear power plant after employees connected parts of its internal network to the internet so they could mine cryptocurrency.

    Reply
  4. Tomi Engdahl says:

    Anatomy Of A Power Outage: Explaining The August Outage Affecting 5% Of Britain
    https://hackaday.com/2019/09/07/anatomy-of-a-power-outage-explaining-the-august-outage-affecting-5-of-britain/

    Without warning on an early August evening a significant proportion of the electricity grid in the UK went dark. It was still daylight so the disruption caused was not as large as it might have been, but it does highlight how we take a stable power grid for granted.

    The story is a fascinating one of a 76-second chain of unexpected shutdown events in which individual systems reacted according to their programming, resulted in a partial grid load shedding — what we might refer to as a shutdown.

    It started with a lightning strike on a segment of the high-voltage National Grid, which triggered a transient surge and a consequent disconnect of about 500MW of small-scale generation such as solar farms. This in turn led to a large offshore wind farm deloading itself, and then a steam turbine at Little Barford power station. The grid responded by bringing emergency capacity online

    Perhaps the most interesting part followed is that the steam turbine was part of a combined cycle plant, processing the heat from a pair of gas turbine generators. As it came offline it caused the two gas turbines feeding it to experience high steam pressure, meaning that they too had to come offline. The grid had no further spare capacity at this point, and as its frequency dropped below a trigger point of 48.8 Hz an automatic deloading began, in effect a controlled shutdown of part of the grid to reduce load.

    https://mitchoneill.com/blog/uk-blackouts-interim-report/

    Reply
  5. Tomi Engdahl says:

    https://hardware.slashdot.org/story/19/09/08/201256/spring-cyberattack-on-us-power-grid-probably-just-some-script-kiddie?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    The electric utility non-profit NERC has posted a “Lessons Learned” document detailing a March 5th incident that Environment & Energy News calls “a first-of-its-kind cyberattack on the U.S. grid”. While it didn’t cause any blackouts — it was at a “low-impact” control center — NERC is now warning power utilities to “have as few internet facing devices as possible” and to use more than just a firewall for defense.
    The cyberthreat appears to have been simpler and far less dangerous than the hacks in Ukraine. The March 5 attack hit web portals for firewalls in use at the undisclosed utility. The hacker or hackers may not have even realized that the online interface was linked to parts of the power grid in California, Utah and Wyoming.
    Report reveals play-by-play of first U.S. grid cyberattack
    https://www.eenews.net/stories/1061111289
    The latest NERC “lesson” calls on utilities to add additional defenses beyond a firewall, which is designed to block malicious or unwanted web traffic from spilling into power companies’ sensitive control networks.
    Lesson Learned Risks Posed by Firewall Firmware Vulnerabilities
    In the March episode, a flaw in the victim utility’s firewalls allowed “an unauthenticated attacker” to reboot them over and over again, effectively breaking them.
    https://www.eenews.net/assets/2019/09/06/document_ew_02.pdf
    Avulnerability in the web interface of a vendor’sfirewall was exploited,allowingan unauthenticated attacker to cause unexpected reboots of the devices. Thisresultedin a denial of service (DoS)1condition at a low-impact control center and multiple remote low-impact generation sites.These unexpected reboots resulted in brief communications outages(i.e., less than fiveminutes) between field devices at sites and between the sites and the control center

    Reply
  6. Tomi Engdahl says:

    How hackers smooth-talked their way past the security of a power company
    http://www.businessinsider.com/hackers-social-engineering-power-company-2016-4

    For its first social engineering test, RedTeam had the goal of gaining access to the network server room at one of the company’s office locations. If successful, the hackers would be able to install hardware that called back to them over the internet, or they could just take over workstations in the building.

    The second try at social engineering was more successful.

    Reply
  7. Tomi Engdahl says:

    Report reveals play-by-play of first U.S. grid cyberattack
    https://www.eenews.net/stories/1061111289

    Reply
  8. Tomi Engdahl says:

    The embattled electricity company is proactively working to prevent wildfires.

    PG&E Shutoff: Up To 800,000 Californians Could Lose Power This Week
    http://on.forbes.com/61861Esjq

    Topline: In an effort to prevent wildfires, California’s top electricity provider will shut off service for up to 800,000 residents, the largest intentional outage undertaken by the company.

    The company, Pacific Gas & Electric (PG&E) is proactively cutting off service due to high winds and low humidity forecast for Wednesday and Thursday. Previous California wildfires have occurred under similar weather conditions.

    If PG&E didn’t shut off service, the company fears that the wind could cause their equipment to start fires. 

    Reply
  9. Tomi Engdahl says:

    Power Outage Upside: California May Finally Wake Up And Fix Its Grid
    http://on.forbes.com/618611BKM

    Reply
  10. Tomi Engdahl says:

    Northern California Thrown Into Chaos By PG&E Blackouts
    https://www.forbes.com/sites/rachelsandler/2019/10/10/northern-california-thrown-into-chaos-by-pge-blackouts/?utm_source=FACEBOOK&utm_medium=social&utm_term=Jennie/#6a656e6e696

    600,000 customers have lost power so far.

    Topline: California’s largest utility cut power to millions of Northern California residents this week in order to reduce the possibility of a deadly wildfire—and the areas affected by the unprecedented blackout are experiencing chaos.

    The utilities are worried that dry winds could spark a fire via one of their power lines.

    Pacific Gas & Electric (PG&E) said the blackout could last up to five days.

    For days leading up to the blackout, PG&E’s website was down due to increased traffic, causing frustration and anger among residents who were scrambling to see whether they would be affected. On Thursday PG&E launched an entire new functional website—after the outages already started.

    Reply
  11. Tomi Engdahl says:

    Confirmed: North Korean malware found on Indian nuclear plant’s network
    https://www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5db9c8bd8021ed000132c163&utm_medium=trueAnthem&utm_source=facebook

    Two days after rumors of a malware infection at the Kudankulam Nuclear Power Plant surfaced on Twitter, the plant’s parent company confirms the security breach.

    Reply
  12. Tomi Engdahl says:

    Experts assess damage after first cyberattack on U.S. grpid

    https://www.eenews.net/stories/1060281821

    Reply
  13. Tomi Engdahl says:

    Iran says it staved off cyber attack but doesn’t blame US
    https://www.theregister.co.uk/2019/12/12/iran_cyberattacked_no_attribution/
    Iran claims to have staved off a major cyber attack on its national
    infrastructure, a couple of months after the Middle Eastern theocracy
    was blamed for real-world assaults on two Saudi oil refineries. “We
    recently faced a highly organized and state-sponsored attack on our
    e-government infrastructure which was successfully identified and
    repelled by the country’s security shield, ” Mohammad Javad
    Azari-Jahromi, Iran’s ICT minister, was quoted as saying yesterday.

    Reply
  14. Tomi Engdahl says:

    The Siemens SPPA-T3000 distributed control system, which is designed for fossil and renewable power plants, is affected by over 50 vulnerabilities, including flaws that can be exploited to disrupt electricity generation.

    Hackers Can Exploit Siemens Control System Flaws in Attacks on Power Plants
    https://www.securityweek.com/hackers-can-exploit-siemens-control-system-flaws-attacks-power-plants

    According to Siemens, the SPPA-T3000 Application Server is affected by 19 vulnerabilities and the SPAA-T3000 MS3000 Migration Server is impacted by 35 security holes, including weaknesses rated critical that can be exploited for denial-of-service (DoS) attacks or arbitrary code execution on the server.

    Reply
  15. Tomi Engdahl says:

    Ever wonder how hackers could possibly pwn power plants? Here are 54
    Siemens bugs that could explain things
    https://www.theregister.co.uk/2019/12/13/siemens_security_advisory/
    Siemens industrial control systems designed specifically for energy
    plant gear are riddled with dozens of security vulnerabilities that
    are, luckily enough, tricky to exploit from the outside. The teams at
    Positive Technologies, Kaspersky Lab, and Biznet Bilisim took credit
    for finding and reporting 54 CVE-listed flaws in the SPPA-T3000 (PDF),
    an application server that handles the management of power plant
    controllers. Also:
    https://threatpost.com/critical-remote-code-execution-global-power-plants/151087/

    Reply
  16. Tomi Engdahl says:

    Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
    A state-sponsored group called Magnallium has been probing American electric utilities for the past year.
    https://www.wired.com/story/iran-apt33-us-electric-grid/

    In the wake of the US assassination of Iranian general Qasem Soleimani and the retaliatory missile strike that followed, Iran-watchers have warned that the country could deploy cyberattacks as well, perhaps even targeting US critical infrastructure like the electric grid. A new report lends some fresh details to the nature of that threat: By all appearances, Iranian hackers don’t currently have the capability to start causing blackouts in the US. But they’ve been working to gain access to American electric utilities, long before tensions between the two countries came to a head.

    On Thursday morning, industrial control system security firm Dragos detailed newly revealed hacking activity that it has tracked and attributed to a group of state-sponsored hackers it calls Magnallium. The same group is also known as APT33, Refined Kitten, or Elfin, and has previously been linked to Iran.

    North American Electric Cyber Threat Perspective
    https://dragos.com/resource/north-american-electric-cyber-threat-perspective/

    Reply
  17. Tomi Engdahl says:

    Terror threat: Hacking groups looking to take down power grid in America
    https://www.lawenforcementtoday.com/terror-threat-hacking-groups-looking-to-take-down-power-grid-in-america/

    A new report shows that at least three hacking groups have the ability to interfere with or take down power grids across America. And the results would be catastrophic.

    Cyber security company Dragos said the number of cyber-criminal operations targeting electricity and other utilities is rapidly rising, and the timing seems to coincide with the political and military tensions in the Gulf.

    Reply
  18. Tomi Engdahl says:

    Hackers linked to Iran have been trying to crack the US grid for ages, a report says
    https://www.technologyreview.com/f/615038/hackers-linked-to-iran-have-been-trying-to-crack-the-us-grid-for-ages-says-report/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Twitter#Echobox=1578930535

    The news: A hacking group called Magnallium, which is sponsored by Iran’s government, has been trying to get access to American electric utilities for at least a year, according to a newly released analysis by the security firm Dragos. The hackers have been trying to guess passwords for hundreds of accounts linked to US electric utilities, plus oil and gas firms, a technique known as “password-spraying.” This chimes with findings from Microsoft, which revealed it had seen a similar campaign in November.

    https://arstechnica.com/information-technology/2019/11/a-notorious-iranian-hacking-crew-is-targeting-industrial-control-systems/

    Reply
  19. Tomi Engdahl says:

    Train-knackering software design blunder discovered after lightning sparked Thameslink megadelay
    Official reports reveal ‘as designed but not intended’ snafu
    https://www.theregister.co.uk/2020/01/03/thameslink_trains_software_design_error_2019_lightning_strike/

    Reply
  20. Tomi Engdahl says:

    “The whole power supply system is rife with problems and probably the most significant one…is nuclear reactors,”

    What to know about cyberattacks targeting energy pipelines
    https://thehill.com/policy/energy-environment/485254-what-to-know-about-recent-cyberattacks-on-energy-pipelines#.XmFwpCpc7mE.facebook

    The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers.

    The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline.

    Foreign entities often play a prominent role in cyberattacks on oil and gas pipelines, experts said.

    “When you talk about cyberattacks and cyberattacks against the energy infrastructure, primarily you are looking at nation states like Russia, China, Iran,”

    Chris Bronk, an assistant professor at the University of Houston’s college of technology, said the economic impact of a successful attack can be crippling.

    “Shutting down someone’s pipeline can be an enormous destruction of their economic activity,”

    Various reporting rules make it difficult to estimate the number of attacks

    It’s difficult to track how often cyberattacks occur because companies often have different reporting requirements.

    Critical infrastructure is coming under increasing attack

    A recent report from the Government Accountability Office said cyber threats to U.S. critical infrastructure like the energy sector are increasing, and pipelines aren’t the only part of the industry facing cyber threats.

    “There is a cyber scenario for every conceivable type of power generation,” Bronk said, while noting that cyberattacks can have varying impacts depending on the target. “I’m most concerned about things that can go kaboom.”

    “The whole power supply system is rife with problems and probably the most significant one…is nuclear reactors,” he added.

    And she said that attacks on the industry aren’t likely to abate anytime soon.

    “This is not a threat that will ever be fully mitigated. It raises the importance of why the sector itself needs to continue to mitigate the consequences,” she said.

    Government has a role to play

    DHS often issues cybersecurity alerts to energy companies.

    “CISA provides some real nice cyber vulnerability alerts almost on a daily basis,” he said. “They push that out for people to mitigate and act on,” he said.

    “There needs to be more significant investment and incentive for owners and operators of infrastructure to continue to harden and develop resiliency in this complex threat environment,”

    Reply
  21. Tomi Engdahl says:

    ENTSO-E: cyber intrusion on its office network
    https://www.fingrid.fi/en/pages/news/news/2020/entso-e-cyber-intrusion-on-its-e-office-network/
    European Network of Transmission System Operations for Electricity
    ENTSO-E has informed that some of their IT systems had been subjected
    to a security attack.. The attack was not directed against Fingrid or
    other transmission system operators, and it didn’t have any influence
    on Fingrids customers or other stakeholders.

    Reply
  22. Tomi Engdahl says:

    Grid engineers in India faced a unique test earlier this month, when residents were asked to shut off their lights for 9 minutes in a show of support during the coronavirus pandemic.

    How Engineers Kept the Power On in India
    https://spectrum.ieee.org/energywise/energy/the-smarter-grid/how-engineers-kept-power-india

    Earlier this month, Indian Prime Minister Narendra Modi asked the entire country to simultaneously switch off the lights. The gesture was meant to be a show of solidarity during the coronavirus pandemic, but Modi’s request left power engineers scrambling to prevent a nationwide blackout.

    In a televised address on the afternoon of Friday, 3 April, Modi called on Indians to switch off their lights for nine minutes beginning at 9PM on Sunday, 5 April. Within hours, experts raised concerns that the massive drop in electricity demand, followed by a sudden surge nine minutes later, could debilitate the grid and trigger widespread blackouts.

    Despite the warnings, the government stood by its request. So India’s power sector had just two days to come up with a strategy to protect the grid. “It was a very challenging situation,”

    Too much or too little power in the grid can damage equipment. Protective relay systems shut down power lines and power stations if values stray outside of acceptable ranges. That means operators must maintain a delicate balance between the amount of power generated and the amount used. Sudden drops in demand or supply can quickly cause cascading failures.

    India has faced major threats to the grid before—most notably, a blackout in July 2012 that saw more than 620 million people lose power.

    Accommodating a sudden and massive drop in demand was uncharted territory

    Back at POSOCO, engineers had to quickly estimate how big the drop in demand could be and devise a strategy to mitigate it. This was complicated by rumors spreading on social media that the event could cause a power surge that would destroy appliances, which lead to fears that citizens would disconnect more than just their lights.

    POSOCO’s solution was to gradually reduce the power generated by thermal power stations to close to the minimum before the event

    Hydropower stations were ramped up to full capacity before the event to make up for the reduced generation from thermal plants, and then dropped rapidly to less than 10 percent of [their generation capacity] as people started switching their lights off.

    At the end of the nine minutes, they were ramped back up to cope with surging demand. Just before the event, hydropower stations also started pumping water up into dams to provide extra load on the grid until the end of the nine minutes.

    Electrical engineer Ankit Manna says a blackout could have been disastrous for the Vedanta steel plant

    “It would have been a huge problem,” he says. So he and colleagues devised a plan to decrease production by nearly 50 percent so it could be powered entirely by the facility’s 60-MW on-site power plant and be completely cut off from the grid, a process known as “islanding.”

    In the end, nationwide electricity demand dipped by 31 GW during the exercise—more than double what POSOCO had predicted.

    While the event garnered headlines, Soonee says the grid actually faces far more significant technical and financial challenges from the sustained 30 percent reduction in power demand that has resulted from shuttering much of India’s economy during the ongoing nationwide lockdown.

    Reply
  23. Tomi Engdahl says:

    Call it bad geological luck—the rock formations in a few U.S. regions make them particularly vulnerable to solar storms.

    Here Are the U.S. Regions Most Vulnerable to Solar Storms
    https://spectrum.ieee.org/energywise/energy/the-smarter-grid/us-regions-most-vulnerable-solar-storms

    A new study about solar-induced power outages in the U.S. electric grid finds that a few key regions—a portion of the American midwest and Eastern U.S. seaboard—appear to be more vulnerable than others.

    The good news is that a few preventative measures could drastically reduce the damage done when a solar storm hits Earth. Those include stockpiling electrical transformers in national strategic reserves.

    geoelectric “perfect storms” will happen—it’s not a question of if, but when. Such storms can last between one and three days.

    Love explains that solar flares and other solar mass ejections that travel through space can slam into Earth’s atmosphere and generate powerful electric and magnetic fields. These magnetic storms can occasionally be intense enough to interfere with the operation of high-voltage electricity lines.

    Depending on the geology of a given region, the currents a geomagnetic storm induces in the power lines can destabilize the power grid’s operation and cause damage to (or even destroy) transformers.

    Fortunately some kinds of rock, such as sedimentary formations, are relatively electrically conductive. Which means they’re more effective at dissipating storm-induced electric fields. And so the regions of the country with more of these conducting-type rocks will be more resilient to a magnetic storm. As it happens, that’s most of the United States.

    Some regions with bad geological luck, however, happen to have more electrically resistive rock (including igneous and metamorphic formations) in the ground. And that means high-voltage electrical wires in those parts of the country will be more subject to geomagnetic disturbances from solar flares.

    In a worst-case scenario, Love said, portions of the electric grid without enough backup transformers and other equipment could find themselves unable to operate until they can swap in backup systems. Of course, if there are not enough transformers and other devices, many in the hardest-hit regions could be without power for days or weeks until equipment could be delivered or built from scratch.

    In March 1989, for instance, a so-called coronal mass ejection from the sun slammed into Earth. Because of how the planet was oriented when it hit, it blew out power grids and transformers primarily in the Canadian province of Quebec. For the next 12 hours, millions of people were thrown back to a world without any electricity, lights, heating, or other necessary services.

    (Love noted that although the geoelectric fields in a storm are at worst only around a modest 25 Volts per kilometer, that field is then integrated over the length of the power line. So for long-distance power lines aligned parallel to the geoelectric fields, the induced voltage can be thousands of volts. Which can wreak havoc on a power grid and transformers designed for alternating current.)

    The worst-case scenario, the one that keeps grid experts up at night, happened last in 1859.

    Fortunately, when the “Carrington Event” hit Earth, the world had precious little electric infrastructure to disturb. It was mostly telegraph wires along railway lines that felt any high-voltage surges.

    “There’s some expectation that if we were to have a repeat of the 1859 storm, it could have some substantial effects on the electric power grid and other technology that modern society depends upon,”

    In 2015, eight U.S. electric utilities created a transformer stockpile for emergency use. A March 2019 executive order signed by U.S. President Trump instructed agencies to shore up the grid’s resilience to electromagnetic pulses.

    “Space weather effects generated over our heads and the geology underneath our feet… affect our technological systems,”

    Reply
  24. Tomi Engdahl says:

    Trump bans acquisition of foreign power grid equipment, citing hacking threats
    https://www.zdnet.com/article/trump-bans-acquisition-of-foreign-power-grid-equipment-citing-hacking-threats/

    White House says foreign-made equipment “augments the ability of foreign adversaries to create and exploit vulnerabilities” in the US power grid.

    President Donald Trump signed today an executive order barring US power grid entities from buying and installing electrical equipment that has been manufactured outside the US.

    Trump said that “foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system.”

    Reply
  25. Tomi Engdahl says:

    New Executive Order Aims to Protect U.S. Power Grid From Backdoored Equipment
    https://www.securityweek.com/new-executive-order-aims-protect-us-power-grid-backdoored-equipment

    A new executive order signed on Friday by U.S. President Donald Trump prohibits the acquisition of bulk-power system equipment that could contain intentional backdoors planted by foreign adversaries.

    Incidents where threat actors targeted a country’s power grid and even caused disruptions are not unheard of, and even the United States reportedly targeted Russia’s grid in such attacks.

    The U.S. government appears to be concerned that foreign adversaries could be trying to plant malicious or vulnerable equipment in the country’s power grid. That is why the latest executive order prohibits the acquisition of bulk-power system electric equipment that is designed, developed, manufactured or supplied by an entity that is “controlled by, or subject to the jurisdiction or direction of a foreign adversary.”

    Reply
  26. Tomi Engdahl says:

    Power Grid Faces Energy Bursts and EM Weapons
    What can be done to protect the US power grid from Earth current surges, solar flares and EM pulses?
    https://www.designnews.com/alternative-energy/power-grid-faces-energy-bursts-and-em-weapons/194685692362948?ADTRK=InformaMarkets&elq_mid=13218&elq_cid=876648

    Without access to a stable source of electrical power, the effects of the coronavirus pandemic to our society would be far more devastating. Imagine the loss of electronics from lifesaving medical devices to communication networks and even entertainment systems for tens of millions of stay-at-home individuals. But is our power grid as stable and safe as we think?

    The U.S. power grid is made up of over 7,300 power plants, nearly 160,000 miles of high-voltage power lines, and millions of miles of low-voltage power lines and distribution transformers, according to the U.S. Energy Information Administration. A variety of resources and technologies are used to generated electricity including the conventional sources of natural gas, oil, coal and nuclear. Still, one of the fastest growing sources come from renewable technologies like wind, solar and etc.

    Renewables are a critical element to the future of the U.S. power grid as sun, wind and other renewable resources are inexhaustible and clean. They are also cheaper since they generate electricity closer to home, which means fewer long power transmission lines and other expensive grid infrastructure. Further, some renewable sources like wind may be less affected by earth currents, solar flares and EM pulses.

    Understanding how and where Earth currents are generated naturally in the ground may be at the heart of dealing with other phenomena – like solar flares and EM pulses – that might affect the power grid.

    “The current national emergency around the COVID-19 pandemic and its impact on the health care system reminds us how vitally important critical infrastructures like the power grid is to be able to respond to and recover from natural disasters,” said Schultz.

    Earth or telluric current is an electric current that moves underground or through the sea. Currents arise naturally in the earth from the chemical composition of certain minerals as well as temperature differences such as those near volcanoes. Electric currents are generated when a portion of the earth interacts perpendicular to the Earth’s magnetic field.

    As far back as the 1840s, telegraph systems used Earth batteries to access low voltage current from telluric sources. An Earth battery is a pair of electrodes made of two dissimilar metals, such as iron and copper, which are buried in the soil or immersed in the sea at a sufficient distance. Such batteries were sometimes referred to as telluric power sources and telluric generators.

    Earth currents are not the only phenomena known to affect man-made power grids. Naturally occurring space weather like extreme solar storms have long been known disrupt power grids. Solar flares from the sun can result in coronal mass ejections (CME) that can send streams of charged particles toward Earth. These particles can strongly disturb Earth’s magnetic field causing power flotations in both Earth currents and man-made power networks.

    The connection between these solar activities and impacts on Earth were first documented by British astronomer Richard Carrington. In 1859, the largest Carrington event caused telegraphs to malfunction and burn, among other things. In 1989, a solar storm caused a widespread blackout in the Canadian province of Quebec.

    A burst of solar energy could trigger a geomagnetic storm that might well overwhelm the nation’s power grid. This could result in the shutdown of cell towers and communication networks. Similarly, a human-built electromagnetic pulse (EMP) weapon could temporarily wipe out not only our communication systems but also most transistor-based electronics.

    The final challenge to the power grid comes not from a natural source but a man-made one. Electromagnetic pulses (EMPs) are sudden bursts of electromagnetic radiation following a nuclear detonation that can cause widespread electric disruption. Such disruptions can occur even if the detonation happens in space. Such pulses share some important characteristics with naturally occurring Carrington events.

    How can the US power grids be protected from Earth currents, space weather and nuclear EM pulse blasts? One way is to build capacitor banks to absorb and dissipate excess energy, much as an engineer would do to protect a printed circuit board from a power surge. Another technique would be to install electricity-dampening devices called Faraday cages around critical pieces of equipment to protect them from current pulses.

    A large-scale mechanical flywheel is yet another way to potentially drain excess electricity off the grid.

    Perhaps the best way to deal with solar storms is to forecast them in advance and shut down the power grid before the solar flare arrives on Earth.

    Combining such solar flare studies with a mapping of terrestrial ground currents would yield a more comprehensive appreciation of how space weather might impact Earth currents and ultimately the power grid. As the coronavirus has demonstrated, the power grid is too important to modern society to leave it unprotected from natural and man-made damaging events.

    Reply
  27. Tomi Engdahl says:

    US energy providers hit with new malware in targeted attacks
    https://www.bleepingcomputer.com/news/security/us-energy-providers-hit-with-new-malware-in-targeted-attacks/
    U.S. energy providers were targeted by spear-phishing campaigns
    delivering a new remote access trojan (RAT) capable of providing
    attackers with full control over infected systems.

    Reply
  28. Tomi Engdahl says:

    Defense Against Drone Swarms Emerges From Russian Lab
    https://www.bloomberg.com/news/articles/2020-06-22/russian-oil-gets-defense-against-drones-from-former-secret-lab

    When a swarm of drones and missiles attacked Saudi oil facilities last September, knocking out 5% of global production, one Russian company sensed an opportunity to build up its business.

    Concern Avtomatika JSC — in Soviet times a secret military laboratory and now a state-run cybersecurity developer — saw a greater need among oil producers to defend their facilities from aerial assault. It has since sold anti-drone systems to Russian energy companies and is in talks to add clients abroad.

    “Energy infrastructure is basically hardly protected from any physical air attack,”

    Industry Boom
    Concern Avtomatika — now part of high-tech manufacturer Rostec State Corp. — produces systems that disable drones automatically, semi-automatically or with an operator. Kabanov didn’t elaborate on how they function, but such systems typically include the use of radio waves to jam signals used by a drone pilot.

    Unmanned aerial vehicles are becoming not just a feature of modern warfare. Lower production costs have led to an industry boom, with millions of pilotless devices sold worldwide to agricultural companies, technology firms and hobbyists every year.

    Drone Swarm
    In Russia, the number of drones surged to as many as 500,000 last year, according to Rosaviatsia, the nation’s aviation watchdog. They’ll reach 1 million by 2025, Moscow-based cybersecurity giant Kaspersky Lab said, citing industry research.

    An anti-drone system can be sold for anything between several hundred-thousand rubles and several “dozens of millions,” depending on modifications, according to Kabanov. Annual running charges include a salary for the operator and planned maintenance.

    Reply
  29. Tomi Engdahl says:

    Päivö-myrsky tuhosi sähköverkkoja Suomessa täysin Sähköt poikki 100
    000 asiakkaalta
    https://www.tivi.fi/uutiset/tv/8e209f83-b462-449b-8d0c-98284ec803b9
    Tiistaina Itä-Suomea riepotellut Päivö-myrsky katkaisi sähköt 100 000
    asiakkaalta.

    Reply
  30. Tomi Engdahl says:

    Ransomware Operators Demand $14 Million From Power Company
    https://www.securityweek.com/ransomware-operators-demand-14-million-power-company
    The threat actor behind the Sodinokibi (REvil) ransomware is demanding
    a $14 million ransom from Brazilian-based electrical energy company
    Light S.A.. The company has confirmed that it was hit with a
    cyberattack without providing specific information on the type of
    compromise, but AppGates security researchers, who have obtained a
    sample of the malware believed to have been used in the attack, are
    confident that the incident involves the Sodinokibi ransomware.

    EDP energy giant confirms Ragnar Locker ransomware attack
    https://www.bleepingcomputer.com/news/security/edp-energy-giant-confirms-ragnar-locker-ransomware-attack/
    EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker
    ransomware attack that affected its parent corporation’s systems, the
    Portuguese multinational energy giant Energias de Portugal (EDP).. “On
    April 13, 2020, EDPR NAs parent corporation experienced a ransomware
    attack on its information systems,” EDPR NA’s Chief Executive Officer
    Miguel Angel Prado says in a breach notification letter sent to
    customers.

    Reply
  31. Tomi Engdahl says:

    Cyberattacks targeting a local power utility or end-user systems could propagate to the national bulk-power system and affect millions of people.

    Executive Order Shines a Light on Cyberattack Threat to the Power Grid
    https://spectrum.ieee.org/energywise/energy/policy/executive-order-shines-a-light-on-cyberattack-threat-to-the-power-grid

    On 1 May, Donald Trump signed an executive order aimed at securing the U.S. bulk-power system, the backbone of our national electricity infrastructure. Bulk power comprises high-voltage transmission lines and generators delivering energy to large consumption centers. The order spotlights an important issue, but neither the order nor the issue has received the attention it deserves, due in part to the COVID-19 outbreak. The order highlights the U.S. power system’s extreme vulnerability to attacks by hackers, terrorists, state actors, and other malefactors, and it’s a bold and timely attempt to recognize and appropriately deal with these threats.

    We know that terrorists and state-sponsored actors already have the capabilities to disrupt a country’s power supply. In 2015, a Russian group launched cyberattacks against the Ukrainian power system, causing temporary blackouts and leaving more than 200,000 people without electricity on a winter day for up to six hours. Similarly, Russians were suspected of cyberattacks on Estonia’s power system in 2019. There is little doubt that many other countries also have this capability, though nobody else has applied it—yet.

    As a means of protecting the U.S. bulk-power system, the new executive order bans the purchase of equipment manufactured outside of the United States. The supply chain for the power infrastructure is multinational, and many components intended for transformers, circuit breakers, and substation equipment are produced outside of the United States. The imported hardware as well as software could potentially include back doors that would provide critical access to this equipment. If these back doors are triggered remotely, they could disrupt or even lead to the collapse of our national power system.

    But the executive order doesn’t account for some major details. The bulk-power system, defined in the order as 69 kilovolts and above, already enjoys tight federal regulation, close oversight, and continuous monitoring. Local power-distribution systems, much of whose energy delivery is below 69 kilovolts, are another story.

    Research has shown that electric vehicles can be compromised remotely over the Internet and then manipulated to overload power system equipment.

    Reply
  32. Tomi Engdahl says:

    Um, it doesn’t/didn’t take willfully bad actors to do it before …

    https://en.wikipedia.org/wiki/Northeast_blackout_of_2003

    Side note: New England ISO didn’t get hit very hard by this blackout. They saw the national grid getting slammed and “islanded” themselves, ie hit the big red button cutting them off from the rest of the grid. Human gatekeeepers FTW.

    https://www.iso-ne.com/isoexpress/web/charts

    Reply
  33. Tomi Engdahl says:

    Electric utilities reveal what worked and what didn’t in their responses to COVID-19.

    Powering Through the Pandemic
    https://spectrum.ieee.org/energy/policy/powering-through-the-pandemic

    Reply
  34. Tomi Engdahl says:

    The Night A Mysterious Drone Swarm Descended On Palo Verde Nuclear Power Plant
    https://www.thedrive.com/the-war-zone/34800/the-night-a-drone-swarm-descended-on-palo-verde-nuclear-power-plant

    The mysterious case of mass drone incursions over America’s most powerful nuclear power plant that only resulted in more questions and no changes.

    Reply
  35. Tomi Engdahl says:

    Hackers Could Use IoT Botnets to Manipulate Energy Markets
    https://www.wired.com/story/hackers-iot-botnets-manipulate-energy-markets/
    ON A FRIDAY morning in the fall of 2016, the Mirai botnet wrecked
    havoc on internet infrastructure, causing major website outages across
    the United States. It was a wakeup call, revealing the true damage
    that zombie armies of malware-infected gadgets could cause. Now,
    researchers at the Georgia Institute of Technology are thinking even
    farther afield about how the unlikely targets that botnets could
    someday disruptsuch as energy markets.

    Reply
  36. Tomi Engdahl says:

    #OnThisDay in #TechHistory, more than 50 million people in the US & Canada experienced a #blackout #EDNMoments #electricity #PowerGrid

    Northeast blackout leaves 50M people without power, August 14, 2003
    https://www.edn.com/northeast-blackout-leaves-50m-people-without-power-august-14-2003/?utm_content=buffer59f8a&utm_medium=social&utm_source=edn_facebook&utm_campaign=buffer

    On August 14, 2003, more than 50 million people in the United States and Canada were left in the dark thanks to one of the most wide-spread blackouts in history.

    The blackout began at approximately 4:10 pm ET and impacted several US states including New York, Michigan, Massachusetts, and Ohio, as well as parts of Canada, including most of Ontario. First impact turned into cascading failure and more than 508 generating units at 265 power plants shut down during the outage, an approximate loss of 80% (see the National Oceanic and Atmospheric Administration graphic below, showing before and during the outage).

    Beyond electrical systems, telephone and cellular systems became overloaded. Water systems were lacking pressure because pumps lacked power, which could cause contamination.

    Reply
  37. Tomi Engdahl says:

    Rolling Blackouts in California Have Power Experts Stumped
    https://hardware.slashdot.org/story/20/08/18/0026248/rolling-blackouts-in-california-have-power-experts-stumped?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    nergy experts are bewildered as to why the manager of California’s electric grid called on utilities to cut power to hundreds of thousands of customers over the weekend. “They said that the utilities had plenty of power available and that the blackouts weren’t necessary,” writes Ivan Penn via The New York Times.

    “They set it up like this is a historic event,” said Bill Powers, a San Diego engineer who provides expert testimony on utility matters before the state’s regulators. “This should not have triggered blackouts.” The California Independent System Operator, the nonprofit entity that controls the flow of electricity for 80 percent of California, said it acted after three power plants shut down and wind power production dropped. It also cited a lack of access to electricity from out-of-state sources.

    Rolling Blackouts in California Have Power Experts Stumped
    https://www.nytimes.com/2020/08/16/business/california-blackouts.html

    Managers of the electric system argue that a lack of power prompted the decision to enact blackouts, though demand this weekend fell short of the state’s peak years.

    As temperatures began to rise in California on Friday and again on Saturday, the manager of much of the state’s electric grid called on utilities to cut power to hundreds of thousands of customers.

    But the rolling blackouts on those days left some of the state’s energy experts bewildered. They said that the utilities had plenty of power available and that the blackouts weren’t necessary. The grid’s capacity may be tested in coming days as temperatures are forecast to reach into the triple digits again in some places.

    “They set it up like this is a historic event,” said Bill Powers, a San Diego engineer who provides expert testimony on utility matters before the state’s regulators. “This should not have triggered blackouts.”

    The California Independent System Operator, the nonprofit entity that controls the flow of electricity for 80 percent of California, said it acted after three power plants shut down and wind power production dropped. It also cited a lack of access to electricity from out-of-state sources.

    “We understand rolling outages are not easy, and we do everything we can to avoid them,” said Anne Gonzales, a spokeswoman for California ISO. “The reason for the energy shortfall is high heat and people naturally wanting to stay cool.”

    The energy experts noted that the peak electricity use over the weekend fell below peaks in other years, when utilities were able to handle the demand. They also said the operating reserves of power available to the utilities were higher than the 3 percent level where California ISO has traditionally ordered a reduction in electricity use.

    The first-stage alert began at 6 p.m., when California ISO’s operating reserves stood at 12 percent, said David Marcus, an energy consultant and former adviser at the California Energy Commission. Its standard for the first stage had been 8 percent, according to the grid operator’s 2019 resource assessment.

    The second stage began at 6:25 p.m., when its operating reserves stood at 9.59 percent, Mr. Marcus said. California ISO listed that stage in its assessment at 6 percent.

    The final stage, 3, the rolling blackouts, began at 6:30 p.m., when operating reserves dipped to 8.9 percent but still above the 3 percent level that the operator listed last year, Mr. Marcus said.

    “It’s just misleading to say that it was because it was a hot day,” Mr. Marcus said. “I think they were being overly cautious.”

    As California ISO began taking its emergency actions on Saturday, electricity wholesale costs jumped on its energy market.

    “They’re not saying a wire got burned down. It’s saying it’s a lack of power.”

    In particular, California ISO said two natural gas power plants shut down on Friday and, on Saturday, a wind farm and another gas plant stopped producing power.

    The state is currently reviewing proposals to extend the operation of old natural gas plants in Southern California. Environmentalists want the plants to remain closed because they use fossil fuels and are cooled using seawater, endangering marine life.

    “It makes for a compelling story” if you have blackouts because of a lack of power plants, Mr. Powers said. “We know there is no capacity problem,” he said. “Something odd happened.”

    Reply
  38. Tomi Engdahl says:

    University of California, Irvine researchers have managed to disrupt the functioning of a power grid using around $50 worth of off-the-shelf hardware packed into a disposable coffee cup.

    UCI Researchers Disrupt Power Grid with Minimal Hardware Packed Into a Coffee Cup
    https://www.hackster.io/news/uci-researchers-disrupt-power-grid-with-minimal-hardware-packed-into-a-coffee-cup-e501ef1fcbf6

    The team designed an Arduino-based spoofing mechanism that can disrupt grid-tied solar inverters by utilizing an electromagnet.

    Researchers from the University of California, Irvine have managed to disrupt the functioning of a power grid using around $50 worth of off-the-shelf hardware packed into a disposable coffee cup. Most often, we get angry when Mother Nature or power companies are responsible for blackouts, especially when they are prolonged, lasting hours, days, or even weeks. We’ve also known that attacks on the national power grid are a possibility, but the prospect of doing it so easily is frightening.

    At the recent Usenix Security 2020 Conference, the researchers unveiled their spoofing mechanism that targets solar inverters, which can generate a 32% change in output voltage, a 200% increase in low-frequency harmonics power, and a 250% boost in real power from said inverters. This isn’t the team’s first rodeo is exploiting vulnerabilities in hardware and software, as doing so brings awareness to those issues, and they invent new technologies that can help mitigate those problems.

    To exploit that vulnerability, the researchers designed their spoofing mechanism using an Arduino Uno, an electromagnet, and an ultrasonic sensor that measures the distance between the device and inverter. They also dropped in a Zigbee to control the unit from 100-meters away, but that can easily be swapped for Wi-Fi, allowing them access from anywhere on the globe. As mentioned earlier, the device can alter the inverters output voltage, and more, which can cause blackouts anywhere solar is tied into the grid using cheap hardware packed into a coffee cup.

    Reply
  39. Tomi Engdahl says:

    UCI Researchers Disrupt Power Grid with Minimal Hardware Packed Into a Coffee Cup
    The team designed an Arduino-based spoofing mechanism that can disrupt grid-tied solar inverters by utilizing an electromagnet.
    https://www.hackster.io/news/uci-researchers-disrupt-power-grid-with-minimal-hardware-packed-into-a-coffee-cup-e501ef1fcbf6

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*