Weird California Incident Last Year Points To The Real Threat To The Power Grid (Hint: It's Not Cyberattacks)

from the uncommon-common-sense dept

Via Bruce Schneier's blog, we learn of the following intriguing story published in Foreign Policy:

Around 1:00 AM on April 16, at least one individual (possibly two) entered two different manholes at the PG&E Metcalf power substation, southeast of San Jose, and cut fiber cables in the area around the substation. That knocked out some local 911 services, landline service to the substation, and cell phone service in the area, a senior U.S. intelligence official told Foreign Policy. The intruder(s) then fired more than 100 rounds from what two officials described as a high-powered rifle at several transformers in the facility. Ten transformers were damaged in one area of the facility, and three transformer banks -- or groups of transformers -- were hit in another, according to a PG&E spokesman.
Oil then leaked from the transformers, causing them to overheat and shut down. However, there were no major power outages, and no long-term damage. The Foreign Policy post gives a good summary of what we do and don't know, and is well-worth reading in full. As Schneier comments:
The article worries that this might be a dry-run to some cyberwar-like attack, but that doesn't make sense. But it's just too complicated and weird to be a prank.

Anyone have any ideas?
Feel free to theorize in the comments about what happened last April. Absent further information, I'd like to focus here on the following perceptive analysis from the article:
At the very least, the attack points to an arguably overlooked physical threat to power facilities at a time when much of the U.S. intelligence community, Congress, and the electrical power industry is focused on the risk of cyber attacks. There has never been a confirmed power outage caused by a cyber attack in the United States. But the Obama administration has sought to promulgate cyber security standards that power facilities could use to minimize the risk of one.
This fixation on "cybersecurity" is something that Techdirt has been pointing out for a while. It seems largely driven by canny defense and security companies hungry for profitable contracts, which are able to take advantage of politicians intimidated by technology and worried about seeming "soft" on "cyberterror." Kudos, then, to Jon Wellinghoff, the chairman of the Federal Energy Regulatory Commission, who seems to have more common sense than most of his colleagues:
A shooter "could get 200 yards away with a .22 rifle and take the whole thing out," Wellinghoff said last month at a conference sponsored by Bloomberg. His proposed defense: A metal sheet that would block the transformer from view. "If you can't see through the fence, you can't figure out where to shoot anymore," Wellinghoff said. Price tag? A "couple hundred bucks." A lot cheaper than the billions the administration has spent in the past four years beefing up cyber security of critical infrastructure in the United States and on government computer networks.
Quite.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    That One Guy (profile), Jan 3rd, 2014 @ 8:51am

    Price tag? A "couple hundred bucks."

    And that's why such sanity would never manage to be widespread in politics, it's wicked hard to get good kick-backs and 'future employment opportunities' unless some company stands to make millions from a contract.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 9:36am

    Bucks

    Why spend a couple hundred bucks when you can spend a couple billion?

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Arthur Moore (profile), Jan 3rd, 2014 @ 9:38am

    While I agree that it would still be cheaper, we still need to compare the cost of all the substations, not just one. Plus that hundred bucks estimate doesn't include labor and kickbacks.

    Nearly the same point was made in the first comment of the slashdot discussion: http://hardware.slashdot.org/story/13/12/29/0118228/hearing-shows-how-military-style-raid-on-calif-p ower-station-spooks-us

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 9:39am

    reminds me of the line in the movie with Jody Foster, Contact, in which someone (i cant remember who) asks 'why have 1 when you can have 2 at twice the price?' in other words, spend as much as possible and dont worry about how much is wasted doing ridiculous tasks when a modest sum would do a better job! the companies involved can say 'thanks' in nice ways!

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 9:43am

    Re:

    Even with those considerations it'd still be considerably cheaper, and more useful than the money they're throwing at cyber security.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    PRMan, Jan 3rd, 2014 @ 9:53am

    Space Pen?

    The US spent millions inventing a pen that would work in zero gravity. The Russians used a pencil.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 9:59am

    Re: Space Pen?

    The Russians started buying the space pen a few years after it became available because pencils in space suck:

    http://www.snopes.com/business/genius/spacepen.asp
    http://en.wikipedia.org/wiki/Space_Pen
    http:// en.wikipedia.org/wiki/Writing_in_space

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 10:02am

    Re: Bucks

    More than likely, these "attacks" on PG&E infrastructure were by PG&E customers who could no longer pay their bills.

    Take it from a PG&E customer - the real terror is when you receive the bill in the mail and open it.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Richard (profile), Jan 3rd, 2014 @ 10:05am

    The average politician

    The average politician or CEO of a major company is an absolute sucker for a canny salesman.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    John Fenderson (profile), Jan 3rd, 2014 @ 10:09am

    Re:

    doesn't include labor and kickbacks


    Kickbacks? I think you misspelled "bribes".

    Have we reached the point where we have to start budgeting for outright bribes now? If so, then we really have become a second-rate nation.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 10:11am

    Re: Re:

    Except for the Representatives who have family in the cybersecurity business.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    John Fenderson (profile), Jan 3rd, 2014 @ 10:12am

    Re: Space Pen?

    The US didn't spend anything, let alone millions, developing the space pen. They spent nothing. The Fisher Pen company spent $1 million developing it. NASA bought the pens from them for $2.39 each.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    stryx, Jan 3rd, 2014 @ 10:16am

    Strike

    Well I'd say this is obviously a Harlequins/Travelers vs. IBM-um Tabula/Brethren type situation.

    Panopticon disprution.

    http://www.research.ibm.com/labs/almaden/

    http://www.amazon.com/John-Twelve-Hawks/e/B001JS 0JPS

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    TasMot (profile), Jan 3rd, 2014 @ 10:17am

    The Reign of Terror is beginning...

    So, somebody (read power consumers) should cough up millions of dollars to do "something" about an isolated incident. A little bit of risk assessment is in order before letting out the contracts for millions of dollars for cyber security or steel walls.

    The power companies could/should evaluate their systems to see where there are any critical places and then determine how to secure them. The power grid is a very big distributed system that covers thousands of miles of power lines and remote substations. It would take a big coordinated effort to "take it out" unless a major junction could be hit. That type of effort would require a LOT of people to pull it off with very good coordination or a lot of very well coordinated timers that could be set to go off weeks in advance while somebody runs around the country putting lots of them in place.

    So the big question is whether or not this is a one node trend or in reality an isolated incident (like an angry customer in another post).

    Part of a terror campaign is to actually cause terror in people. Since this happened a year ago, it seems like calling it a "cyber terror" attack and spending a billion dollars to fix it seems like an overreaction.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 10:41am

    Re: Re: Space Pen?

    thank you, amateur mythbuster...

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    aldestrawk (profile), Jan 3rd, 2014 @ 10:41am

    NERC CIPC report

    from: http://www.texasre.org/Lists/Calendar/Attachments/605/Item%204d%20-%20NERC%20CIPC%20Report%20to%20TR E%20MRC%20-%202013Jun14.pdf

    Silicone Valley Area Adjacent to City of San Jose, CA Between US 101 and a 600 MW Calpine generating plant.
    Communication vaults for two communications providers damaged prior to substation attack. AT&T first. Then Level 3 Communications. Fiber cut flush with conduit entrance to vault to make repairs more difficult. Team apparently brought ladders or ropes to access the Level 3 vault.
    Although utility communications went through those vaults the utility has alternate communications paths through microwave communication links. Communications to substation was not interrupted.
    911 communications affected by the communications interruptions. Communications cut off to closest three towns from AT&T cut. Generating plant communications cut off by Level 3 vault attack.
    Fence alarm detection, cameras on fence line, card reader access through fence. Fence alarms triggered three times due to bullets hitting fence. Attackers never entered substation.
    More than 120 - 7.62x39 rifle rounds fired at autotransformers. 10 of 11 500/230 kV transformers and 3 of 4 230/115 kV transformers damaged and taken out of service. Only energized transformers shot.
    Shots fired primarily low on the radiators. > 51,000 gals of oil spilled. Transformers tripped due to high temperature or low oil as cooling lost. First alarms came in about one minute after first shots detected.
    Appears to have been a team of multiple people not just one or two. Spotters, shooters, communications attack, etc.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Jeffrey Nonken (profile), Jan 3rd, 2014 @ 10:52am

    There was a computing device in the same room as the attackers when they were planning the raid, therefore it was a cyber attack.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Jerrymiah, Jan 3rd, 2014 @ 10:55am

    Weird California Incident Last Year Points To The Real Threat To The Power Grid (Hint: It's Not Cyberattacks)

    This attack was orchestrated by the NSA to influence the US gov and public that terrorist groups were still active and attempting to implement attacks.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    greenbird (profile), Jan 3rd, 2014 @ 11:02am

    NSA

    The key question is why the NSA with all their absolutely critical data collection wasn't able to prevent this.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    aldestrawk (profile), Jan 3rd, 2014 @ 11:17am

    I remember, while growing up, during the revolutionary days of the late 60s and early 70s that people would bomb the towers supporting long distance power transmission lines. My idea was to shoot cables over the lines with a crossbow to short them out. Not that I ever thought about doing that seriously. I am not even sure that would work. The, rather conservative, dad of a friend of mine in high school, who was a civil engineer, said that somehow allowing the pumps that pumped water from the Central Valley in California over the Tehachapi mountains to LA to run in reverse would destroy those pumps which would take weeks to repair. Nowadays, one may be able to do that via the Internet but you cannot ignore physical security. Cybersecurity is very sexy these days and the media loves to focus on it and the expert color commentators they use, who are probably likely to profit, find this a great way stoke FUD.

    I suspect whoever did this substation attack has similar motivations. The group that did this had some knowledge about the systems but not enough to show that it was some kind of insider attack. Four years ago, some fiber optic cables were cut nearby in San Jose cutting communications to parts of Silicon Valley and Santa Cruz County. That may have been an insider attack though (authorities still don't know who or why). All the heavy equipment at Granite Rock's Quail Hollow sand quarry in Santa Cruz county, CA were damaged when someone put a substance into the gas tanks which was very effective in destroying the engines. This happened, I think, last spring around the time of the substation attack.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 11:31am

    Re: NSA

    apparently their "dots" were so numerous that when they connected them, they got a picture of an elephant in the room.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 11:40am

    We need to find out where these attackers are from and go invade a different country in that geographical region!

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 11:42am

    I'm William of Ockham, and my money is on the environmentalists.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    TasMot (profile), Jan 3rd, 2014 @ 12:19pm

    Re: NSA

    You silly, because they used cutters and guns, not phones or the Internet. Stupid wire cutters and guns are not joined to the "Internet of Things" yet........

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Crusty the Ex-Clown, Jan 3rd, 2014 @ 12:27pm

    I guess I misread the second amendment...

    ...I thought it guaranteed the right to arm bears. Now wandering groups of armed, hungry bears are attacking substations and mistaking humming transformers for gigantic hives full of bees and honey. BTW, bears don't need no stinkin' ropes or ladders to clamber around in vaults.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 12:39pm

    Getting paid to divert physical threats requires effort because physical threats are a real problem that do in fact exist and can happen and so there is work to be done to divert them.

    Getting paid to divert a non-existing problem is cheap and easy so why not just lobby congress to pay you to divert non-existing problems. There is no work to be done because there is no problem in the first place.

    I know what I'll do. We are all going to get attacked by a bunch of unicorns from outerspace tomorrow. Congress needs to pay me to defend against this threat.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Reserve4Todd (profile), Jan 3rd, 2014 @ 12:52pm

    Ideas for the attack

    Were there any casinos nearby whose vaults were soon after emptied?

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jan 3rd, 2014 @ 1:57pm

    Re: Re: Re: Space Pen?

    You can buy them from Fisher for $10.00 for a cheap one with $6.00 refills.


    http://www.spacepen.com/

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    ECA (profile), Jan 3rd, 2014 @ 2:44pm

    lets look at a few things

    1. MOST utilities are very easy to disturb. If you understand how they are setup and distributed, its very easy to take sections DOWN.
    2. What a propaganda experiment..(real or NOT)
    3. Long ago, many services were looking at placing MOST of the service under ground.. YOU STILL need access.. and if you dont LOCK IT DOWN, it can be accessed.

    Considering how the system is built..THESE persons, did some damage, and it DIDNT AFFECT ANYONE?? I am TOTALLY amazed.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    Ben (profile), Jan 3rd, 2014 @ 9:14pm

    Re:

    Price tag? A "couple hundred bucks." A lot cheaper than the billions the administration has spent in the past four years beefing up cyber security
    A couple of hundred bucks for one facility. How many electrical transformer sites are there? The comparison is false.

    I also doubt it would be "a couple hundred bucks" but more likely "a couple thousand bucks", but a million sites at a thousand a site would still be significantly less than the cybersecurity money pit.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Jan 4th, 2014 @ 2:45am

    "Anyone have any ideas?"

    Neo wanted to visit the Architect?

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    btrussell (profile), Jan 4th, 2014 @ 9:17am

    Re: Re:

    I doubt $200 would pay for the installation let alone a metal wall.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    GEMont, Jan 4th, 2014 @ 9:22am

    Shock Testing.

    After all, its silly to depend on real terrorists to get the job done right, unless you train them yourself.

    Failing the creation of a large war to distract the population from the activities of the Commercial Government of the USA, the only other possible route would be a huge "natural" disaster that killed hundreds of thousands and left millions homeless across the USA.

    There's a certain minimum limit to the level of an atrocity, or rather the public's reaction to it, that makes it effective. If there's too little damage, too few people die, the ruse might not work. This is why War is the favorite scam in these sorts of situations. Lot of damage and lots of death and lots of positive public response because we're used to war and know what to expect and can quite readily switch our anger with the government for anger against the new foreign foe.

    But massive homeland disasters are the next best thing.

    Looks like at least one of these spooks in high places has read "Steal This Book".

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    RonKaminsky (profile), Jan 5th, 2014 @ 12:35pm

    Re: Re:

    Not only are you correct about the improper comparison, I would like to point out that anyone really serious about shutting down a facility like the one which was attacked could easily gather intelligence from an unmanned drone, and then attack it with, for example, bombs/grenades launched from a small truck-mounted catapult. Or even possibly just with small rockets designed to drop metal cables in the proper locations --- no explosives necessary.

    Spending money to defend against the chance of someone attacking would almost certainly not be cost-effective, however, unless the likelihood of such attacks would increase dramatically. How unfortunate that human psychology is irrationally biased towards favoring safety against vanishingly rare but dramatic risks and ignoring common, small ones (like having less money because electricity is more expensive).

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    BernardoVerda (profile), Jan 5th, 2014 @ 5:42pm

    Re: Re:

    >> doesn't include labor and kickbacks

    > Kickbacks? I think you misspelled "bribes".


    These days, aren't they called "earmarks"?

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Anonymous Coward, Jan 5th, 2014 @ 7:35pm

    Theory: Disgruntled employee. Angry customer. Etc.

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    That One Guy (profile), Jan 5th, 2014 @ 7:51pm

    Re: Re: Re:

    Depends on what the 'wall' is supposed to do. For a sheet of metal thick enough, and installed securely enough to stop bullets, yeah, you'd probably be looking at at least a thousand between materials and installation.

    However, what it sounded like from his comment:

    His proposed defense: A metal sheet that would block the transformer from view. "If you can't see through the fence, you can't figure out where to shoot anymore," Wellinghoff said.

    ... is that the sheet is only supposed to block the critical parts from view, so any potential shooter would have no easy way to target important pieces, and would either have to get past the sheet/fence, or just shoot blindly and hope they hit something important.

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    Niall (profile), Jan 6th, 2014 @ 5:42am

    Re: Re: NSA

    Neither were 9/11 and Boston. I think he meant that there was no 'intelligence' of the planned activity, which doesn't sound totally spontaneous.

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    btrussell (profile), Jan 18th, 2014 @ 12:30pm

    Re: Re: Re: Re:

    A piece of metal just big enough to obscure me from view makes me an identifiable target, not a protected one.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This