Skip to comments.Report: Massive Vulnerability Detected In National Power Grids: “There Is No Way to Stop This”
Posted on 10/20/2013 6:19:38 PM PDT by Kartographer
If you think that our multi-billion dollar electrical power grids are secure and capable of withstanding a coordinated attack, think again.
According to one group of engineers, the grid is so vulnerable that it wouldnt even require a skilled hacker to compromise. In fact, when Adam Crain and Chris Sistrunk decided to test some new software they were developing they identified a vulnerability so serious that it could literally blind operational controllers to such an extent that they would be locked out of monitoring systems and unable to maintain grid integrity.
The consequences, according to the engineers who note they are in no way security specialists, could be a total downing of the national power grid with nodes across the nation being taken over all at once. Moreover, the same systems used to maintain the U.S. power grid are also being used in other industries, like water treatment facilities.
Youd think that such a vulnerability would be a top priority for the Department of Homeland Security, considering they are spending millions of dollars and promoting their coming Grid Ex exercise in November.
I think Grid Ex is a trial run like the EBT glitch was. Testing....testing..126.96.36.199
You made my brain hurt with that statement.
Requires much more thought to determine which would be worse.
We can survive without power and do so with little rioting. Trucks stop rolling and rioting follows.
So, I’m going with... the worse case would be losing trucking.
Depends where you are, some places have looting and chaos with just minor blackouts.
Some places have looting and chaos with nothing at all.
OK, so what is this alleged vulnerability?
“So, Im going with... the worse case would be losing trucking.”
If you lose the power that pumps the diesel fuel that the trucks run on, then you get the “best” of both worlds.
No surprise, that, to anyone who has read up on the Northeast blackout of 2003. That's what happened then -- first was foliage and sagging overloaded power lines -- and the inability of the engineering operators to tell what was going on in real-time allowed things to get worse fast.
The blackout's primary cause was a software bug in the alarm system at a control room of the FirstEnergy Corporation in Ohio. Operators were unaware of the need to re-distribute power after overloaded transmission lines hit unpruned foliage. What would have been a manageable local blackout cascaded into widespread distress on the electric grid.That was in 2003 -- over a DECADE ago.
A software bug known as a race condition existed in General Electric Energy's Unix-based XA/21 energy management system. Once triggered, the bug stalled FirstEnergy's control room alarm system for over an hour. System operators were unaware of the malfunction; the failure deprived them of both audio and visual alerts for important changes in system state. After the alarm system failure, unprocessed events queued up and the primary server failed within 30 minutes. Then all applications (including the stalled alarm system) were automatically transferred to the backup server, which itself failed at 14:54. The server failures slowed the screen refresh rate of the operators' computer consoles from 13 seconds to 59 seconds per screen. The lack of alarms led operators to dismiss a call from American Electric Power about the tripping and reclosure of a 345 kV shared line in northeast Ohio. Technical support informed control room personnel of the alarm system failure at 15:42.
The fact that similar flaws still exist is a colossal FAIL.
To: null and voidBooger the data so the man in the loop thinks everything is wonderful, or that it requires a push in the exact opposite direction of stability, and the entire house of cards collapses.A well targeted attack against a small power grid subnetwork might result in ...Right. 'might'.
All these 'analists' and (some of) you people assume these networks are NOT dynamic and adaptive in behavior with MIL (Man In the Loop) supervisory control AND each control area (overseeing generation and transmission) is to have plans for inevitable contingencies ...
To: _JimThe MIL is no more effective than the computer generated data he receives.
Alter the data, alter his response to the real data.
The unsinkable Titanic...
36 posted on Fri Sep 18 08:07:35 2009 by null and void (We are now in day 240 of our national holiday from reality. - 0bama really isn't one of US.)
_Jim insists that the psychic powers of the men in the loop will prevent them from being misled.
I disagree with him.
About 20 years ago, I was in a control room at a major electrical utility. The guy pointed out how with a few keystrokes on the console I could take out a pretty serious part of the grid.
On the lower operational level, those folks wanted to know everything about you and your equipment, including who your Grandma married all those years ago.
Yes, we’re vulnerable.
And of course, if the same type of servers controls the water hardware and the phone hardware (the dutch group Trident had those servers in 1990), things can get real interesting real quick. MIL notwithstanding.
Grid down for even a week or so means martial law. EBT cards down, banks close, perishable food in stores wasted, water treatment systems down, most businesses closed, hospitals on emergency power and mostly shut down.
How do you fuel the trucks? How do you pump the fuel to the Truck Rack to fill the tankers?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.