Skip to comments.Electrical Grid Is Called Vulnerable to Power Shutdown (SCADA vulnerabilities)
Posted on 10/19/2013 5:44:07 AM PDT by markomalley
Over the past few months, the discoveries of two engineers have led to a steady trickle of alarms from the Department of Homeland Security concerning a threat to the nations power grid. Yet hardly anyone has noticed.
The advisories concern vulnerabilities in the communication protocol used by power and water utilities to remotely monitor control stations around the country. Using those vulnerabilities, an attacker at a single, unmanned power substation could inflict a widespread power outage.
Still, the two engineers who discovered the vulnerability say little is being done.
Adam Crain and Chris Sistrunk do not specialize in security. The engineers say they hardly qualify as security researchers. But seven months ago, Mr. Crain wrote software to look for defects in an open-source software program. The program targeted a very specific communications protocol called DNP3, which is predominantly used by electric and water companies, and plays a crucial role in so-called S.C.A.D.A. (supervisory control and data acquisition) systems. Utility companies use S.C.A.D.A. systems to monitor far-flung power stations from a control center, in part because it allows them to remotely diagnose problems rather than wait for a technician to physically drive out to a station and fix it.
(Excerpt) Read more at bits.blogs.nytimes.com ...
The funny part about this is that with the Obama Administration's EPA and DOE working to shut down power plants, there will end up being fewer nodes in the system and those remaining will be more critical than ever. With these SCADA vulnerabilities, the power grid will be more susceptible to interruption than ever before.
Thanks for posting.
DHS had better buy another 2 billion rounds of ammo....
If you click on the link, you see the biggest vulnerability of these substations. Physical security.
All utility SCADA systems (military too) should be off - completely off - the public internet. This simple step (admittedly easier said than done at this point) would go a long way towards mitigating these vulnerabilities in the short-run.
Thanks for posting.
I feel like we’re living on a leaky old patched-up life raft, full of broken glass, and circled by sharks.
The best advice I would have for anybody who wants to minimize their vulnerability to this threat is to get some solar panels for your roof.
That way, when the vulnerability is exploited...at least you'll have some power to keep your lights on and your fridges going.
The funny part about this is that with the Obama Administration’s EPA and DOE working to shut down power plants, there will end up being fewer nodes in the system and those remaining will be more critical than ever. With these SCADA vulnerabilities, the power grid will be more susceptible to interruption than ever before.
As time goes on I see this more and more as part and parcel of a ‘master plan’. I even wrote a short story to get people to think about it. It’s far-fetched in many ways and many posters dissected it. But very few actually thought about the premise and what they might do in such a situation. Perhaps you might want to read it and give me your own viewpoints.
High-income green freaks have their own deisel generators. I know this because my ex installs them.
Fridges take a LOT of solar to run. Lights (especially LEDs) and tech gadgets are easy to keep running, but heat, A/C and fridges are power hungry. Also, I had a shallow hand pump well installed in my back yard. 35’ down to cool fresh water, no electricity required, cost a thousand bucks installed. Don’t forget that if grid power goes down, most public water systems will fail shortly after. Even electric well pumps that run on grid power will fail. You can’t live without water, period.
“Diesel power runs out when the fuel barrel goes dry.
Better to use propane if it comes to that.”
Wouldn’t the propane run out also?
Which would be OK, except for the politicians who are drilling holes in the bottom and telling us that the water will drain out.
Most of the makers of SCADA systems are stovepipe systems and use security by obscurity. The thought of open architecture that would enable even a https:// type of basic encryption will not make it into product development because then the manufactures would have to admit there is a security flaw.
I wonder if things like this will be taken into account for the November grid failure exercise?
If you had a 500 or 1000 gallon diesel tank you could also fun your vehicles.
Does Home Depot et al have good deals on used generators...the ones brought back after the last disaster?
Well, a fridge generally goes through 1 kwh or so per day. If you can end up using a 1 kw system (and, assuming, you have the equivalent of 8 hours of sun a day to run it), you should have plenty of juice for the fridge plus a reasonable number of lights and your FR machine. But not for a/c or electric heat.
Won't water the landscape sprinklers, but can shower, shave, cook and poop.
The Ethernet interfaces on most SCADA controllers are shipped with default admin passwords in place.
Early 90s. At EPRI, we were running security workshops back then. You would have been amazed at the number of unprotected modems that allowed you access to SCADA systems (in the era of “war dialing”). The most rudimentary steps to protect systems were not taken and it was extremely hard to get the industry concerned and to act.
“shower, shave, cook and poop”...only if the sewage plant receiving your waste is working. You may have to figure out how to dispose of your waste water and sewage on your property if you are connected to a city sewer.
Nothing will be done to harden the grid. At some point it will be taken down. Count on it. Be thinking about an alternative power source for your own place.
“But consider a 500 gallon propane tank vs. 50 gallon diesel barrel.”
If you can obtain a 500 gallon propane tank you can get more than1 55 gallon barrel. Not a fair question. I can find diesel. Propane not so much.
Propane is where natural gas pipelines are not.
Number 1 diesel is about 136,000 Btu per gallon and Number 2 heating fuel is about 140,000 Btu per gallon.
You can take the math from there. You all might want to bookmark this Comparative Fuel Values for future use.
Propane is essentially universally available in the States. See your Yellow Pages.
pipe it to the lib down the street :-)