Power grid compromised

Friday, July 30th, 2010

Borepatch doesn’t want to say that the sky is falling, but the power grid has been compromised:

  1. The Grid is a high-value target to foreign Intelligence Agencies. It’s been said — correctly, IMHO — that while there are friendly foreign governments, there are no friendly foreign Intelligence Agencies.
  2. The computer systems that run the Grid (called SCADA systems) are based on old technology, and are difficult to patch. This means that it’s quite likely that the computers running the grid are riddled with security holes.
  3. While these systems are not supposed to be connected to the Internet, the incentive to do so is very, very high. For example, it’s a lot easier to reset something by remotely connecting to it from home than getting up, getting dressed, and driving 20 miles in a storm at 3:00 AM.
  4. Nobody has accurate maps of precisely what their network looks like. Network aren’t so much designed as grown, almost organically. The Power Company networks are no exception.

So the grid is a high-value, low-risk target — and it looks like someone has attacked SCADA via USB devices:

As far as I can tell, there’s no reason to compromise a SCADA system other than to take it down. The SCADA system doesn’t contain credit card numbers or other financial data, and I doubt that compromising it is a cost-effective way to steal power for free. The guy who found the SCADA calls, Frank Boldewin, says, “As this Siemens SCADA system is used by many industrial enterprises worldwide, we must assume that the attackers’ intention was industrial espionage or even espionage in the government area”. In fact, though, there are no obvious secrets to steal from a SCADA system — other than the secret of how to bring the system down. So the logical goal of the malware is not so much espionage as sabotage.

Borepatch advises getting a generator and at least a week’s worth of fuel:

Bad things happen when the power goes out for an extended period, and if it were a large scale outage, it could take months to restore things.

Comments

  1. David Foster says:

    One thing that should be of great concern is that the water-supply system is dependent on the grid. From what I’ve read, the pumps are not usually backed up with generators (which would have to be pretty large given the high horsepowers required for pumping.)

    Re point #3, there are ways to provide remote access to a SCADA system without involving the Internet, via a private line or a switching technology such as MPLS, readily available from phone companies.

  2. Isegoria says:

    I had naively assumed that any modern water-supply — and sewer — system would follow the Roman model of relying on gentle gradients to effortlessly move water to and fro. Then I learned how things are really done.

    As far as remote access goes, yes, they could technically provide access from afar with a dedicated line of some sort, but the goal is convenience, not just remoteness, so we should expect such systems to find themselves attached to the wider Net. We want to be able to administer the system from our iPhones, right?

Leave a Reply