Cyberwar Hype Leaps To The UK, While Electric Grid Expert Calls Claims Of Attacks 'Hooey'

from the espionage-is-not-war dept

We’ve been covering all the hyped up claims of cyberwar, often made by law enforcement officials or defense contractors who clearly benefit from keeping people fearful. However, evidence of such claims is always lacking, beyond some vague “trust us, it’s bad!” But, all we’ve seen so far is that people are definitely trying to hack into each other’s systems, but that’s hardly “war.” However, it looks like this hype isn’t just happening in the US. A UK official is getting in on the act too, claiming that cyberwar attacks are already happening. But, of course, he’s again pretty vague on details. At best he says that the internet has “increased the risk of disruption to infrastructure such as power stations and financial services.”

Of course, right before I had read that article, I had been reading an article where the reporter spoke to an energy grid expert, who called such claims “a bunch of hooey.” The guy, Seth Blumsack, along with a couple of colleagues, had been hearing all these stories about how “at risk” the electric grid was, so they went looking for the evidence. After looking at the claims and predictions, they realized that those claiming the electrical grid was at risk didn’t actually appear to understand the physics of how electric grids actually work.

Blumsack, Hines and Cotilla-Sanchez decided to contrast the performance of a topological model with one based on actual physics – specifically on Ohm’s and Kirchoff’s Laws governing the flow of electricity in the real world. They tried out both kinds of model on an accurate representation of the North American Eastern Interconnect, the largest and one of the most trouble-prone portions of the US grid, using real-world data from a test case generated in 2005.

The three engineers say that the physics-driven model was much closer to reality, and that this verifies what physics models show. The results showed that in fact it is major grid components through which a lot of power flows – big generating stations and massive transformers – which are the main points of vulnerability, not the minor installations scattered across the country.

It isn’t so much that a minor event on a minor line or installation can’t crash the network: such things do happen. But in general there have to be huge numbers of such minor events before one of them happens to hit the miracle weak point and bring everything down. It would be an impossible task for terrorists or other malefactors to know in advance just where and when a minor pinprick could cause massive effects.

“Our system is quite robust to small things failing,” says Hines.

Seems like, once again, the claims of cyberwar are overblown.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Cyberwar Hype Leaps To The UK, While Electric Grid Expert Calls Claims Of Attacks 'Hooey'”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Re: Re:

The agencies can and have figured it out. Trust me on this. The difference is disclosure. Google is open to disclose whatever it wants, and it did. Government agencies often cannot disclose information because either the methods used to obtain the information may be classified or the information itself may become classified for national security purposes.

Anonymous Coward says:

Re: Re:

What evidence do you have that they had more evidence than the so-called experts? And what experts are you referring to, those in the netsec community or in the government community?

Google did not fully disclose the extent of the breach (in which their password authentication system was examined, which ultimately held public data) for 3 months until after the breach occurred, putting millions of people’s personal data at risk. 100+ other companies suffered the same fate, but to what extent we may never know, as they haven’t come forward.

Jay (profile) says:

Re: Re: Re:

I’m doubting the “millions” part of your argument. Regardless, they were actually hacked and responded to it.

With the government, I’ve yet to truly see evidence of hacks, merely people running around and signing huge contracts to line their own pockets with taxpayer money.

And when you’ve already read this, and noticed the security bubble that’s already risen up, you begin to be skeptical when the government cries foul on XYZ reason #25671 for the need to spend money.

Chuck Norris' Enemy (deceased) (profile) says:

Regulation and control

I would agree that the ‘cyberwar’ on power stations is overstated. For the most part, networks for control systems for generator and transmission line components are physically separated from the networks that access the internet. A terrorist would have to, essentially climb a pole and splice into fiber. Not that the SCADA system would already send an alarm that you lost comm for a short time on the fiber network to which you would send a crew to investigate. You would have a much better chance of someone walking into a power plant and manually throwing breakers than someone accessing the control system and doing so. Heck, bombing one would be easier. Of course, with all the talk about “Smart” grid you will be connecting control systems to essentially a WiFi grid of meters throughout an area. There have been malware exploits that have been discovered and NERC has issued suggested mitigation steps. It does make some sense. Outages have the potential to cause a lot of financial damage not only to the industry but to businesses who are affected by the outages. It is good to have some reliability standards to help avoid unnecessary outages.

But of course, the more horror stories we here, the more Congress wants to extend their regulatory arm to control something they know very little about. Those that benefit the most from telling the horror stories will continue to do so until they get what they want. Terrorism is used to create FUD so that we pretty much give up everything for a false sense of security.

TtfnJohn (profile) says:

Re: Re: Regulation and control

As the grid expert pointed out it’s unlikely in the extreme that an attack on a small feeder station would cause a major outage.

Climbing a pole or transmission tower wouldn’t get the terrorist very far even if they do manage to avoid getting vapourized by touching the wrong thing up there.

Anyway, if you’re gonna climb up there why not just cut the wires so you can sell the copper to recoup the cost of the attack? 🙂

As you say the point of security and intelligence agencies is to create FUD around the issue of so called cyber-terrorism simply to increase their budgets.

At the same time I doubt the heads of these agencies have any more in depth technical knowledge than the legislators they’re trying to scare. As long as their advisors say something is remotely possible they can go to committee meetings and such and spread the bull fertilizer around until the politicians believe it.

In the real world the danger to the North American grid isn’t terrorism it’s the age of the darned thing but that costs more to fix and doesn’t fill the need of security and policing agencies to control everything. Or have the illusion of control.

And yeah, we’ll sign our rights and liberties away to get this false sense of security. Not for the first time in history, either.

Anonymous Coward says:

Re: Re: Re: Regulation and control

Climbing a pole or transmission tower wouldn’t get the terrorist very far even if they do manage to avoid getting vapourized by touching the wrong thing up there.

They don’t even have to climb the pole. In places like Iraq, they just cut or blow the tower down, bringing the lines with it.

TtfnJohn (profile) says:

Re: Re:

Think about it a minute.

What they’re saying is that the system is actually built to handle numerous small failures each and every day. Otherwise the entire grid would crash with alarming regularity.

As they point out a terrorist can bring the system down hitting a major generating station or transformer installation IF they can figure out which one will bring on the domino effect that will bring it all down.

The model is based on the physics of the network and not it topology which is a far more accurate predictor of the effects of taking out one or two small stations or transformer sites.

Now, maybe, just maybe, a terrorist group can hit enough of these simultaneously to cause a major disruption but it’s very very unlikely for a number of reasons.

Chuck Norris' Enemy (deceased) (profile) says:

Re: Re:

The electrical grid is very robust. If a protective device fails there is usually a backup device that will perform nearly the same function. If that device fails then there is another device elsewhere that will isolate the issue. That device and its backup components would have to fail, too. And we are talking milliseconds here. Now coordinate an attack on a bunch of “small” components spread across several states, oh lets say at one hundred sites without anybody detecting. Quite an army, huh. Now we can say that these hundred sites are owned by 25 different utility companies who design their systems in different manners sometimes completely different at each site within the utility. Collecting the data and information on each site will most likely be problematic. Then, if successful, the power is out for a few hours, maybe a couple days, worst case. Customers don’t think much about it (the customers served by our utility can expect to see about two outages per year). Shoot, squirrels cause most of the outages here. Wind storms cause some of the lengthier outages. Why isn’t the government cracking down on mother nature?! Needless to say, I am sure the terrorists would look for a more dramatic way to reach their goal.

Anonymous Coward says:

Re: Re: Re:

A bigger threat that they should worry more about is lightning. It seems that lightning likes to hit transformers for some reason (partly thanks to their polarity) and they could shield the transformers to direct the lightning around them but often times they choose not to (perhaps because the shields make the transformers harder to work on, also because the shields cost money).

Maybe someone can also use the Internet to hack the clouds and direct a lightning bolt towards a transformer too. Or maybe I can just send Thor an E – Mail asking him to do it.

Michael (profile) says:

Re: Re:

“the network can tolerate many things failing all at once…I have my doubts that either of those assumptions holds”

This is not an assumption. It is the result of his analysis based on the physics of the grid system. If you can find someone that has an equal or better understanding of the electrical grid, you can argue the point.

“a successful attack on many small things all at once is unlikely”

This is an educated guess in that the diversity of the systems and the understanding of which pieces being taken down will cause a catastrophic failure make this kind of attack impractical.

Anonymous Coward says:

Re: Re: Re:

I seem to remember a single failure that escalated into something pretty significant a few years back…

Actually, that was the result of several failures, the genesis of which was poor maintenance. And nobody said it was impossible, just highly improbable.

By the way, did you know that, theoretically, a butterfly flapping its wings in China could have caused hurricane Katrina and the resulting disaster? It’s true! It’s even called “the butterfly effect”. Next we’ll be hearing about terrorists training butterflies and how we need to give billions of dollars to butterfly researchers to protect us.

darryl says:

energy grid expert

“energy grid expert”

Note, that is not a systems engineer, or a SCADA engineer, or someone trained in computer security !!.. No.

Its just someone with an opinion, clearly this guy or group or whatever dont have a clue about how a SYSTEM works, You can take one component of a system, in a power grid that could be a length of wire, and save as that is in itself ‘safe’ then the system itself is safe.

It does not work that way,, and you are either stupid or ignorant if you think it does !.

A SYSTEM is a combination of sub-systems.

SCADA and industrial control systems are are mix of computers (PLC’s, PDU’s) and networks, they can be hacked, but they are NOT ON THE INTERNET, you would be STUPID to build a SCADA system and make that accessable on the internet.

They they work in CLOSED NETWORKS, that CANNOT be directly accessed on the internet, you will never find an IP address on the internet that is a portal to a real scada system.

To hack into these closed systems you need some form of physical access to it, then if you can gain that you can inform the control system that values are different and make the system react the way you want it too, within the limits of the hardware protections, and limit alarms.

It has happend, it does happen and its a problem, alot of SCADA systems have components that use Radio links, if you can get the radio, the frequency, and gain access you can become a node of the system and gain some control.

But it is a problem, it’s clear that just parroting some ‘energy grid expert’ saying ‘there is no problem, trust me!!’..

Really Mike, cant you do better than that ?

But if you want some examples of real world computer hackers hacking SCADA systems then I can provide you examples.

Blumsack, Hines and Cotilla-Sanchez decided to contrast the performance of a topological model with one based on actual physics – specifically on Ohm’s and Kirchoff’s Laws governing the flow of electricity in the real world. They tried out both kinds of model on an accurate representation of the North American Eastern Interconnect, the largest and one of the most trouble-prone portions of the US grid, using real-world data from a test case generated in 2005.

WTF !!!, do you know what they are talking about, DO THEY know ???

What are the two (2) models are they referring too,
1. Ohms law
2. Kirchoffs Law ??

Do you know THEY ARE BOTH THE SAME LAW !!!..

Kirchoffs law is an application or derivatiove on OHM’s law.

Kirchoffs laws just says that the current comming out of a node is the sum of the currents entering the node.
(go figure).

And OMH’s law if the definition of that current, in terms of volage and resistance.

So what did they find, that physicals reflects the real world !!!!!..

OMFG, Mike, what a revolation !!!!

What do you think physics is, if it is not a description of the real world ?

So these ‘experts’ applied basic physics, (like water flows downhill), and with a simulation confirmed that the real world is the same as what physics describes.

So, Mike, this is just a strawman, with no real thinking behind it.

The claim of ‘two models’ is a joke !!!..

It shown a strong lack of ‘energy grid expertise’, and a severse lack of what the real world and phsics/science is all about.

So next time you model a ball falling on a computer, and you confirm you’re ‘model’ by dropping a real ball and seeing it fall. You can bragg to all your friends about how clever you are that you ‘proved’ physics right, because you simed it on your ‘puter.. LOL…

Its funny, because its soo illinformed..

Go back to school, learn basic electrics and then talk to the ‘experts’ 🙂

TtfnJohn (profile) says:

Re: energy grid expert

Might I suggest you do the same thing?

And then further suggest you educate yourself about things like data and voice transmission and the physics of how they work?

Topology and analysis based on that prove diddly. Yet that’s what it seems you prefer to believe. Incidentally, that’s a computer based model too.

Just googling Kerchoffs Law and Ohms Law doesn’t make you much on an expert either. It does, however illustrate YOUR ignorance.

If the topological analysis were correct then grids would go down en masse as a result of each and every major storm that hit, tornado, hurricane, gale, earthquake and so on. Who needs terrorists when we have nature which is far more efficiently disruptive than a collection of terrorists. Doesn’t happen often though.

Localized outages, yes, they happen. Just about every day of the week they happen. The North East Corridor doesn’t go down on a daily basis though there are localized outages all the time.

Please go back to your comic book and see the back ads about courses in whatever by correspondence.

Some real life experience with these things might just help too.

Anonymous Coward says:

Re: energy grid expert


Note, that is not a human being, with functioning brain, or someone trained in anything !!.. No.

Its just someone with an opinion, clearly this guy or group or whatever dont have a clue about how a SYSTEM works, You can take one accessory, from a shop, that could be a sponge, and claim that that is ‘your brain’, then you could pretend to have a brain.

It does not work that way,, and you are either stupid or ignorant if you think it does !.

/I could keep this up, but I have a headache already…someone tag with me

Michael (profile) says:

Re: energy grid expert

I am trying to make sense of your rather broken post and have not figured out if you think the electrical grid is at risk of being “hacked”. However, I am going to poke at a few of the things you posted because…well…because you are simply wrong in a couple of places.

“They they work in CLOSED NETWORKS, that CANNOT be directly accessed on the internet”

Although I agree that it is typically a bad idea, there are industrial SCADA systems connected to networks that are connected to the internet. I have worked on a number of them in CT and NY. In my opinion, two of them are at risk of being hacked and neither is likely to cause major problems if it is brought down.

“alot of SCADA systems have components that use Radio links”

Can you provide some more detail on what you mean by “a lot”? That is a pretty arbitrary amount.

“But if you want some examples of real world computer hackers hacking SCADA systems then I can provide you examples”

Yes, please.

“Do you know THEY ARE BOTH THE SAME LAW !!!..”

Ok, this is where I start to think there is a sarcmark missing. You say both are the same law and then go into the DIFFERENCES between them. Look up the meaning of “derivatiove” (and the spelling).

Finally – and I will stop here because I’m bored – please look up the definition of physics before you talk about the meaning.

Rich Kulawiec says:

Re: energy grid expert

Hmmmm…I hold degrees in physics and electrical engineering, and have several decades’ worth of applied systems security experience, and in my opinion, Blumsack have got it right. There are risks of course, just as there are in any system, particularly complex, distributed and diverse ones; but they’re nothing like the inflated hype being breathlessly repeated by those beating the “cyberwar” drum. We invariably find that the inferior people (and I sincerely mean that with all the contempt you might imagine) behind this hype are either (a) justifying their budget allocations if not their positions with it or (b) standing in line for lucrative contracts to defend against this largely non-existent threat.

What’s sad is that at least some of those people will get exactly what they want, unfortunately diverting attention and resources from more pressing threats. What’s even sadder is that if there’s any kind of incident at all — even a self-inflicted one — they will no longer have to even try to justify this nonsense.

Anonymous Coward says:

Re: Re: energy grid expert

Hmmmm…I hold degrees in physics and electrical engineering, and have several decades’ worth of applied systems security experience, and in my opinion, Blumsack have got it right.

Myself as well. and although “darryl” has made similar claims, all I can say is that he’s an embarrassment to the rest of us. But considering his demonstrated lack of critical thinking ability, I find his claims to be highly suspect.

Rich Kulawiec says:

Re: Re: energy grid expert

Of course. (shrug) There’s nothing of importance about it, though — other than the way in which it serves as yet another example of the hype machine being cranked up.

Here’s a little exercise for you: go find some articles about stuxnet. Read them. Then come back here.

Did you notice how many of them talked about the need to respond by (variously) prohibiting the connection of external devices, increasing or augmenting anti-malware software, enhancing or adding firewalls, changing operational procedures, adding or increasing IDS/IPS software, and/or auditing system environments?

Good. Now notice as well that all of those share two important attributes: (1) they won’t work and (2) they make money — a lot of money — for the people selling the products and services involved.
(BTW, point (1) is not to say that they’re bad: they’re not. They’re just not going to be effective against the next stuxnet. Just like they weren’t effective against this one. Or the one before that, or the one before that.)

To put it another way: we’ll know when there’s an actual, real, serious threat when we see people proposing actual, real, serious countermeasures. Until then, it’s just a charade designed to maximize budgets and profits.

jjmsan (profile) says:

Internet not required

I was following this on Krebs Security. The virus is has been spread by flash drives so even if there is no connection to the internet the system can become infected. Iran’s nuclear facilities are supposed to be infected.

Chuck Norris' Enemy (deceased) (profile) says:

Re: Internet not required

stuxnet is a vulnerability found on Windows based systems that targets a Seimens control system. Seimens by far doesn’t have a stronghold on power system control software. Now should stuxnet be installed on a machine, again, physical access to the network would be necessary to execute the exploit.

Iran’s nuclear facilities are supposed to be infected.

I heard rumor that Isreal developed stuxnet to monitor Iran’s nuclear facilities. I am sure a lot of governments would like to have access to Iran’s nuke info (looks east toward the White House).

Anonymous Coward says:

Someone explain to me, how exactly can the power grids be attacked. Is there some secret IP address that no one knows about that a terrorist might find out about and use it to DDOS a transformer? If so, wouldn’t it make more sense to simply disconnect the transformer from the rest of the Internet than to install ineffective, intrusive, unnecessary, and expensive hardware on ISP’s, hardware that won’t serve its alleged purpose but instead will serve the purpose of enabling an over controlling and corrupt government to better spy on us and it will serve the purpose of presenting its own security problems along with slowing down everyone’s already overpriced and slow connection (thanks to lobbyists) and causing more problems? Why are they even connected? For years we’ve gone with a power grid without the Internet and yet now that the Internet exists they must all of a sudden be connected for some magical reason that makes no sense? Is my car connected to the Internet now too, just because the Internet now exists. Does my car need protecting all of a sudden? Give me a break.

Free Capitalist (profile) says:

Re: Re:

Is there some secret IP address that no one knows about that a terrorist might find out about and use it to DDOS a transformer?

No, as others have said, the management systems for the power grid are not directly connected to the Internet.

I believe one of the hyped up fears, as far as direct attacks from the Internet are concerned, is that someone’s desktop might be set up with an Internet connection and an out of band connection to the power grid management system. This theoretical system (I cannot say one exists, and I would bet it would violate security policy at the power companies) could be compromised over the Internet, and if remote control were attained, someone could access the power grid management system.

However, as always, the greatest threat for a successful hack comes from an “inside job”.

Anonymous Coward says:

Re: Re: Re:

The slammer worm is not impressed by your “not directly connected to the Internet”.


The Slammer worm penetrated a private computer network at Ohio’s Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned.

Free Capitalist (profile) says:

Re: Re: Re: Re:

The slammer worm is not impressed by your “not directly connected to the Internet”.

Gonna have to grammar nazi you on this one a little bit.

I appreciate the severity of that hack, but it is somewhat non-sequitur to a companies power-grid management system. This was a system, stupidly connected to a network that connects to the Internet, firewall or no, that monitored safety metrics around the nuclear reaction, not power distribution.

Sure, make ’em blind to a problem and they might have blown Ohio sky high, but the rest of the grid would have gone hydro.

But as I said before, I do not know if any power company’s grid management systems are exposed similarly or not. I just think the issue is “a little” more publicly hyped than is necessary. Audit compliance with Security policy, yes. Start a whole new branch of government to deal with it? No.

TtfnJohn (profile) says:

Re: Re:

Is the transformer on top of the pole outside your house connected to the Internet? Nahhh, waste of good bandwidth.

Are they even connected to a closed network? Likely in areas where smart metering is installed. Does that present a clear and present danger of intrusion? Not a all. Is it a very remote possibility. Of course but remember that a smart meter is a one way device. It sends data to a database and even so much as a malformed entry in a field of the table(s) will cause a transaction failure. That would seem to be the fear behind a DDoS attack but it would take quite a bit to accomplish that and a complete idiot (i.e. a MSCE) to have set up such weak security.

Substations, generating stations, dams, coal, nuclear and other generation facilities would be making two way transactions but again very simple and well known security measures would reduce the chances of that kind of attack to nearly zero.

The same with system hubs which run parallel with but separate from the monitoring and data collection systems just as monitoring systems run parallel to but apart from collection systems.

As has been pointed out a bomb, in the end, would work better but for disruption capabilities still be light years behind what nature can and does do.

“Is my car connected to the Internet now too, just because the Internet now exists. Does my car need protecting all of a sudden?”

Hmmmm…does your car have a GPS on board? Do you plug your smart phone into the fancy control centres appearing in new vehicles? If the answer to either or both is correct then you are connected to the Internet.

Your car would only need protection if those systems are not separate from the monitoring and diagnostic computers that modern cars are full of and even if they weren’t the device would need to know the pass phrases and passwords to get in.

Not out of the realm of the possible that at some point a vehicle would need third party protection though I’d be lining up to sign onto the first class action with any car maker that hadn’t already taken those steps.

sum guy says:

mike has written several posts about the hoax of cyberwarfare claims and until recently i agreed. Recently i did a lot of reading about the stuxnet infection in Iran, and it has changed my mind completely. one of the problems in this debate is the idea the terrorists or rogue hackers will, or could be, responsible for bringing down the entire power grid, but that is not a realistic scenario, and is rightly labeled as false. these kinds of individuals or groups don’t have the resources or intelligence capabilities to do something like that.

but nation states do. unfortunately, it is taboo in political pronouncements to say that china is our enemy or that russia is spying on us, and so the nature of the threat is obfuscated. that doesn’t mean, however, that the threat is not real.

stuxnet is a brilliantly nasty, and sophisticated piece of beautiful code. i highly recommend that anyone interested in “cyberwarfare” or just computer security in general read about it. it is a brilliantly nasty, and sophisticated piece of beautiful code. it is targeted like a smart bomb against specific facilities, and i strongly suspect that my government (united states), is the one who developed and deployed it.

that gives the statements about cyberwarfare a different slant. they know these threats are real, because they are creating them. the morality of such actions can be debated, but i no longer doubt the reality of them.

Anonymous Coward says:

Completely unrelated

Both Lewis Page (The Register) and Mike Masnick have horribly misunderstood the research published by Hines, Cotilla-Sanchez, and Blumsack (Hines, et al). By misunderstanding the research they have drawn a correlation that does not exist.

Hines, et al tested the usefulness of “topological graph models” when modeling vulnerabilities in the power grid. They did not testing or assess IP (Internet) based vulnerabilities in the power grid.

Hines, et al’s research is entirely a statistical exercise related to modeling and only took power grid infrastructure into account. This was be design, and is not a flaw. Their research has absolutely nothing to do with attacks on the computers that handle the power grid.

Hines, et al’s research is sound, we simply have a case of Page and Masnick offering us a granny smith while asking “Do you want an Orange?”

The Register points to a copy of the paper that is behind a paywall. The paper can be found for free, legitimately, here:

Information on the authors:

Paul Hines: Assistant Professor, University of Vermont

Eduardo Cotilla-Sanchez: Graduate student, University of Vermont

Seth Blumsack: Assistant Professor, Pennsylvania State University. (

darryl says:

Lots of proof, if you look..

Here’s a news story from the time:

Some snips:
The Maroochydore District Court heard that 49-year-old Vitek Boden was a
“disgruntled” former employee of the company that installed a computerised
sewerage system for Maroochy Shire Council.

The court was told on April 23 last year, police pulled Boden over in his
car less than one hour after one of the sabotage attempts on the system.
They found a variety of electronic equipment, including a two-way radio and
a computer with programs for hacking into the council’s sewerage pumping

I’m sure that court records would also exist…

So it was a hack, but the Internet had nothing to do with it. In Australia
at least, the Internet has nothing to do with critical infrastructure. It
would take a brain-donor to connect such systems to the ‘net. At the moment,
closed networks are the rule. Most sites like these interconnect with
private fibre. Some use Telstra fibre, older systems run on DDS.

Some of the systems involved use TCP/IP in these networks, with no Internet
connectivity. However, according to a service provider contact I quizzed
about this, utilities are very reluctant even to go so far as a private IP
network for critical infrastructure. Believe it or not, there is still X.25
out there in the “critical infrastructure” world.

Hacking the Grid, Part 3 by staff on 18 May 2005, 00:00
Categories: Security
Topics: grid , power grid , Intrusic , DHS , SCADA , homeland , sbir , hsarpa , hacking , digital bond
In 2000, Vitek Boden quit his job at Hunter Watertech, an Australian company that supplies control system equipment to utilities, and decided to become a terrorist.
Using a computer, a radio transmitter, and his car, Boden opened release valves at the local sewage-treatment plant, dumping a foul cocktail of waste-sludge into local parks and rivers.
It was a great hack. Boden could get in and out undetected. Security? On these old control systems: not likely.
The sewage system operators were baffled. They thought they had a leak, but when they went out to examine the various pipes and valves, they found nothing. The putrid smell infuriated locals. But the best part was that Boden’s old employer might have had to hire him back to fix the problem—and Boden would not come cheap.
Boden attacked the Maroochy Shire’s wastewater Supervisory Control and Data Acquisition (SCADA) system from his car. He got caught because he parked in the wrong place and the police recognized the computer and radio equipment as having recently been stolen.
At the time of his arrest, he had successfully pirated control 45 times and dumped 264,000 gallons of sewage into nearby parks and rivers, according to the Government Accounting Office.
Some Other Highlights:
1994: The Salt River Project, an electricity and water provider in Phoenix, is hacked.

Phoenix1997: A Massachusetts teen hacks the public switching network and shuts down the air-traffic control room of a local airport.

Massachusetts1997: The U.S. Department of Defense asks National Security Agency hackers to test the safety of the power supply going to military bases.

2001: In April, hackers take advantage of a known weakness in the Solaris server systems that the California Independent Service Operator (Cal-ISO) uses to control 75 percent of California’s power. The hackers install a “root kit” to control the system, but in 17 days, do little to exploit their illegal entry.

California2002: One of the al Qaeda laptops captured in Afghanistan shows that operatives had spent time on web sites that explained how to operate digital control switches, such as those used to control the power grid, the Washington Post reports. The newspaper claims that government interrogations of captured al Qaeda members showed that the organization intended to take control of critical U.S. infrastructures as part of a terrorist attack.
AfghanistanU.S.2003: Computers at the Davis-Besse nuclear power plant in Ohio crash for five hours thanks to the then-ubiquitous “Slammer” worm. Luckily for Ohio denizens, there are no abnormal conditions to control while half of the nuclear power plant’s network is down. Although the worm does not spread to the control systems, it causes sufficient confusion.
Ohio(Also see Hacking the Grid, Part 1—An Attractive Nuisance and Hacking the Grid, Part 2—Closing the Holes.)

AS for my qualifications, for the guy that asked, no I did not have to wikki ohms and kirchoff’s law, I am a very experienced electronics engineer, and Systems Engineer I have worked for many years in military systems, crypto, communications systems, and then well over 10 years in Scientific R&D and instrumentation design.

And over 10 years as a SCADA engineer, I have a great deal of programming and design experience for all types of SCADA systems, especially using CiTect, the DNP and SyMAX protocols.

Oh yea, I also built my own computer in 1978, So ive been hacking code, and playing with electronics for a very long time.

So at least, as opposed to Mike, I talk from facts and real knowledge, not just using copy and paste and repeating stupid claims as true because “some expert” said so..

Makes you look like someone who has an opinion, and who finds comments and statments to support that opinion, regardless of the truthfullness, or accuracy of the comments.

Its still not been commented on that they use TWO type of ‘phsics’ to simulte a physical thing, and find that it actually WORKS.

What would be surprising would be that it did not work, but how is it worth of comment to say that these ‘experts’ have assertained that the laws of physics are actually RIGHT..

That speaks NOTHING of system reliability, or suseptability to cascading breakdowns. (remember those on your ‘robust’ system).

Or ENRON !!, that was the ultimate ‘hack’ of the power grid system.

Do you know what happens when you try to parallel a large generator to a grid and its phase syncronisation is out of phase ?

Look it up,, its highly destructive, it will destroy the generator, destroy the contactors (generator switch), and will probably tear the generator off its mount, in an explosion. Doing millions of dollars damage.

Ohms law, would or could be a perfect way to ‘hack’ the power grid, by working out some way of turning on many high loads onto a power circuit, and would cause a decrease in load resistance, an increase in current, and would be able to overload the overcurrent circuit breakers.

A length of electric hookup wire shorted between two phases of a 660KV transmission line will trip the overcurrent breakers, and they can take serveral hours to reset. (they need to be manually reset after circuit testing).

You could just drive the streets with a long wooden pole (or metal one for Mike), with a hook on the end and find the local inline circuit breakers on your powerlines and pull them out !.

Simple, but according to Mike, there is no problem. Until you’re lights go out..

TtfnJohn (profile) says:

Re: Lots of proof, if you look..

Oh boy…you can drive down the street with a hook and throw the breaker on a local transformer and take down the houses that transformer services.

Incidentally power and combined services poles are wood or concrete. Metal’s a conductor, right?

You do know, I’m sure, that there’s nothing at all new in this, nothing at all anything that is capable of bringing down the entire grid or a significant part of it.

And you do, or must know, that what you describe is exactly how copper thieves get their hands on the stuff they steal off poles from power companies. Well, at least until they don’t do it right then they get vapourized as I said.

Of course they also take down telco wire too.

Yes, I know what happens when a large generator goes out of phase with the grid. Which is largely why a properly constructed one is protected from that possibility and one of those lines of defense is to simply shut down. 100% reliable? Not really but will you settle for something like 99% or more?

There’s nothing in what you say here that isn’t well known in the industry or industries like telecom that rely on and are physically run parallel to the grid in many if not most areas.

Ok, so the guy got in Oz had previous intimate knowledge of sewer system control system. And he used it to access the system and cause it to malfunction in a fit of pique. Terrorists and ex employees having a fit of pique for whatever reason. The latter is not really a terrorist he’s a disgruntled ex-employee.

And yes he caused a couple of things to go haywire which really didn’t do much but cause inconvenience and a few smells. Then he got caught for being stupid which is most often how these things end.

Your 2001 break in looks more like a collection of script kiddies breaking in to prove they could and once they got there not having the faintest idea what to do next. As you say, they penetrated a very well known and publicized bug in Solaris. This is called inviting an attack, in case you don’t know how script kiddies work.

The 1997 incident I know nothing about. Except to point out that any air traffic control I’ve experienced is triple redundant at worst. Of course I’ll admit the rules may be different in Canada but that’s been my experience in 35 years of suppling and installing PSTN and private switching in airports in Canada as well as high level data services.

2002. A couple of terrorists have a boo at open and availalable information and you’re expecting me to sign off my rights and freedoms and liberties to security agencies. I think not. Anyway, they CLAIM they got them though I note you haven’t supplied any follow up in the way of charges or much else.

2003. Now just who was in charge of the Davis-Besse Reactor’s computer systems and the security of the same? And as it was an exploit on MS SQL desktop databases and the back end of same just what the heck were they doing running an insecure MS system to hold critical information on in the first damned place? Taking advantage of a well known flaw in MSDE that obviously had never been patched.

You certainly don’t need to be a terrorist, foreign power or run of the mill practitioner of industrial espionage to break into an unpatched desktop OS particularly Microsoft’s.

I’m sure you are who and what you say you are and that’s, perhaps, why you use the previously unknown spelling of physics — phsics. I must have skipped those classes.

Nice try at FUD, though. Interesting how, when your FUD is looked into even a teeny tiny bit that it turns out to be another case of someone yelling that the sky is falling and it’s the terrorists fault! You’d think after 9 years you’d get tired of that but apparently not.

Is it possible for evil doers to take down the grid. I guess so. If they’re halfway good at it none of us will know until the moment they do it anyway. But somehow I doubt it.

As I said before nature is far better at it and that’s one of the reasons we get 660kv shorts or grounds that take out a relatively small area, or 1.5 kV grounds and shorts that knock out the neigbour hood all the time.

So, you see, I’d rather worry about something I can do something about.

And it’s not like that if China, say, wants to cyber terrorize the United States that the United States isn’t just as capable of cyber terrorizing China right back.

Either way. Straw man.

Next conspiracy theory please!

Anonymous Coward says:

Re: Lots of proof, if you look..

no I did not have to wikki ohms and kirchoff’s law,

Too bad you don’t know how to apply them.

I am a very experienced electronics engineer, and Systems Engineer

I’d like to know where in the hell you got a degree and what state you’re registered in. Or are you one of those “self-taught engineers”?

FatBigot says:

But with "Smart Meters" you add a potentially devastating attack method

I really think you need to see this post:

“We have a new paper on the strategic vulnerability created by the plan to replace Britain?s 47 million meters with smart meters that can be turned off remotely. The energy companies are demanding this facility so that customers who don?t pay their bills can be switched to prepayment tariffs without the hassle of getting court orders against them. If the Government buys this argument ? and I?m not convinced it should ? then the off switch had better be closely guarded. You don?t want the nation?s enemies to be able to turn off the lights remotely, and eliminating that risk could just conceivably be a little bit more complicated than you might at first think. (This paper follows on from our earlier paper On the security economics of electricity metering at WEIS 2010.)”

Smart meters add a whole new attack method.

Anonymous Coward says:

Re: But with "Smart Meters" you add a potentially devastating attack method

“We have a new paper on the strategic vulnerability created by the plan to replace Britain?s 47 million meters with smart meters that can be turned off remotely. The energy companies are demanding this facility so that customers who don?t pay their bills can be switched to prepayment tariffs without the hassle of getting court orders against them.”

What? You have to get a court order to cut someone’s power off in Britain? What, do they believe in some kind of “due process” or something? Not in the US. The power company decides all on it’s own, and then just sends someone out to do it. You don’t want to piss off a power company in the US.

Scootah (profile) says:

Credibility of Cyberwar

If you don’t think Cyberwar is credible, I would urge you to look into Stuxnet further. Someone else mentioned it – but seriously – check this sucker out. It specifically targets SIEMENS SCADA systems, and includes the capability to reprogram the programmable logic controllers (PLCs) and hide the changes.

Fundamentally – that’s weaponized software. It’s a viral malware app that is designed to compromise SCADA systems – the only reason to do that is destructive and the potential destruction from a compromised SCADA system is freaking crazy.

There are points of commonality with the APR’s that were used to target Google during that google hack, and there’s a strong suspiscion of spear phishing being involved to get it deployed initially into the Iranian infrastructure that was believed to be it’s target. It had no information gathering or finance generating capabilities and it’s development was incredibly high level.

By high level – I mean it was extremely well developed and probably took months to years of man hours to develop – implying a team of high level developers working on a long duration project to create it. The developers would have required not only a very high skill level, but a high level of experience with SCADA solutions – meaning they could have obtained legal and highly paid work easily – not attributes commonly held by people developing malware, letalone malware that could see people killed or major disasters as a result.

It used four Zero day exploits – reporting those zero day exploits probably would have generated a nice chunk of change from the vendor, or earned the researcher who found them a nice bonus from their legit employer. Malware developers do pay for Zero day exploits and they have a high value and short window of availability (usually). They also used stolen but otherwise entirely legitimate digital certificates – That’s serious tech skills and seriously high value.

We can infer Stuxnet had a total development cost of easily $100k USD – that estimate is incredibly conservative and the reality was probably much higher. Pushed as a legitware application to aid vendors/infrastructure owners in controlling their SCADA solutions and pushing changes to PLCs – it could have been very marketable software – and the Zero day exploits and stolen certs also had a huge value attached to them. The fact that this thing is in the wild as malware indicates that someone was willing to spend a lot of money and sacrifice a lot of profit potential to take control of Iranian power infrastructure.

The only likely circumstance that leads to this thing being produced and deployed is if a national interest group with a national defense budget was behind it. There are other unlikely circumstances (wealthy insane genius/Super Villains, a crazy blurring of reality and Bruce Willis movies), Siemens promoting their new anti-malware solutions (which they’re giving away for free to at-risk parties)… but only one solution actually holds water when compared to the reality of this thing. Some country made a serious effort at taking out major infrastructure with weaponized malware. Maybe it was a research project that leaked. Maybe it was a failed attempt at damaging Iranian infrastructure. Maybe it was a scare tactic. But it’s still scary as all hell.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...