Electric Grid in US Penetrated by Spies

Published: 2009-04-08. Last Updated: 2009-04-08 20:17:17 UTC
by Joel Esler (Version: 2)
5 comment(s)

Many readers sent this article in this morning.  Thanks to our readers!

According to this article in the Wall Street Journal, apparently, the U.S. Electrical Grid has been intruded upon by Spies from China, Russia, and "other countries".

Now for those of us in the security space, this should be nothing too terribly alarming.  We know this has happened before, in fact, I am quite sure we have written about it here on the Internet Storm Center.

According to a chart that is on the article, the number of reported cybersecurity breaches in the US has risen.  Now, I look at this graph and I say to myself, "number of reported", not "number of actual".  Meaning there were probably many more, and in previous years, not reported.  So I take that graph with a grain of salt.  However, it does make an important point. 

Security awareness is very high right now, and a lot of money is being spent on it, according to the article "under the Bush Administration, Congress approved $17 Billion in secret funds to defend govermnent networks.  The Obama Adminstration is weighing whether to expand the program to address vulnerabilities in private computer networks.." 

 Update:  Many people have written in today about this article either agreeing or disagreeing, however, I couple emails really stood out to me. 

One email stated that The power systems we have in place today are ran by Knobs and Switches.  Mostly built int he 70's and 80's, these power stations are mostly ran by manual intervention.  The power stations that _have_ been stood up since then, a couple of Nuclear Power stations, are federally regulated to not have any connections to anything, let alone the Internet. 

Since this particular email comes from a very trusted source, I am inclinded to believe this person.  Is it possible that there ARE computers in power stations that are connected to the Internet?  Yes, I am quite sure there are.  However, is it possible that the computer or computers (if there are any) that actually CONTROL the power are connected to the internet, I tend to not believe that.

-- Joel Esler http://www.joelesler.net

Keywords:
5 comment(s)

Comments

What about the transmission systems?
Bruce Schneier had an interesting essay relating to this subject back in December 2003. http://www.schneier.com/essay-002.html

"To be fair, the report does not blame Blaster for the blackout. I'm less convinced. The failure of computer after computer within the FirstEnergy network certainly could be a coincidence, but it looks to me like a malicious worm."
There are, no doubt, networks linking power stations to control infrastructure. I believe the notion that this network can be somehow separate from the Internet, and therefore protected, is false. As smart grid technologies are being implemented, motivated by huge savings,this will become even more important.

All networks, over time, tend to migrate to the \"common carrier\" network of the day. Increasingly this is the Internet. All the pushing for convergence is evidence of the power of the idea. How long can \"The Phone Company\" provide ISDN, ATM, X.25, or bare copper to support separate networks. And when implementing these services, are they hosted over the same wire/RF/fiber/protocols/infrastructure as the Internet?

If you basing your security theme on separate network argument: beware!
I can see some people harping on the mentioning of 'separate from the internet'. Some are going to find it hard to believe that these networks are supposedly isolated. I have to wonder why. Why would a power plant have to be connected to the internet if they can interact in other ways? You can build a 1000-host LAN and run it without it being directly connected to the internet. Patches? Those patches can be downloaded from a internet-connected LAN, burned to CD, then sneaker-netted to the isolated LAN. Those times when I move homes and have to wait for the cable guy to install services, I still install my LAN and have the systems talk to each other...sure, I can't access the 'net, but I can still do some work locally. If I can do it at home, I'm sure power stations can do it.
This all sounds familiar. I think the story was leaked becasue the whitehouse wants a cabinet level postion to control cirtical infrastructure networks and the industry is against this. By leaking the story, the goverment is trying to use public outcry to get what they want. All of these problems have been known for years, the NSA did a test in 2007 where they hacked into a government power station and smoked a generator to see if it was possible. They say the biggest risk is not shutting off power but maybe opening a venting valve in a nuclear reactor. I don't understand how this is breaking news when CNN has an article on their website from 2007 saying it is possible. Are you surprised that China and Russia probably heard about this and tried it for themself?
http://www.cnn.com/2007/US/09/26/power.at.risk/index.html

Diary Archives