[FormerlyAnotherLurker]

From "Mechanical Engineering Magazine DEC 2002"
(SCADA = supervisory control and data acquisition)


SCADA vs. the hackers

Can freebie software and a can of Pringles bring down the U.S. power grid?
by Alan S. Brown


As far as we know, no one has ever deliberately hacked into the U.S. electrical grid and pulled the plug on millions or even thousands of people. Just as on Sept. 10, 2001, no one had ever deliberately crashed a jet airliner into a skyscraper.

Is the power grid vulnerable to cyberattack? What about natural gas pipelines, nuclear plants, and water systems? Or refineries and other industrial facilities that run on similar Internet-enabled digital control systems? Could a terrorist or disgruntled employee cause lethal accidents and millions of dollars of damage? What about a bored 14-year-old?

"Are we vulnerable?" asked Joseph Weiss, executive consultant for KEMA Consulting, which is based in Fairfax, Va. "Of course, we are. We designed ourselves that way."

None of the industrial control systems used to monitor and operate the nation's utilities and factories were designed with security in mind. Moreover, their very nature makes them difficult to secure. Linking them to networks and the public Internet only makes them harder to protect.

... EXCERPTED - For full text >
http://www.memagazine.org/backissues/dec02/features/scadavs/scadavs.html

[Robert357]

I have read the ME Magazine article when it came out and was delivered to my house.

I full believe that most of the SCADA systems are not windows based machines and that the SCADA systems were not infected with the Blaster virus. Let's treat that as a given and not debate it. Let's also not debate windows, versus other OS.

However, (and this is why I posted the story) I think that lots of other computers used by the utilities for lots of things that help dispatchers, help operations folks, and are within substations operating things across the blackout out area were windows based and could have been infected with the Blaster virus.

Because I have done load flow analysis and multiple power system component failure analysis in the past, I feel that a weak area in most utility contingency planning has to do with "common mode" failures. It wouldn't take too many computers using a slowed down internet, or if infected with the Blaster virus and rebooting their heart out, to cause an truly unanticiapted common mode failure event that could lead to power grid conditions that were not anticipated.

Note that in the above, I didn't say that the infected computer was the utility SCADA computer. It could have been something connected to the utility's PBX telephone system that just slowed down the ability to talk to other dispatcers. The infected computer could have been somewhere else that just slowed down the connections between electric utility un-infected computers or it could have been something out in the field, like a bunch of smart meters or smart relays. It could even have been a number of PC's that engineers used to run something like a spreadsheet that calculated a value needed by a dispatcher during an abnormal switching event. BPA transmission remediation nomigraphs are usually posted as part of Excel files on the BPA OASIS site. I wouldn't be surprised to learn that they are created on PC's that if infected by a virus could make it difficult to run a fresh set of transmission remediation nomigraphs that some dispatcher might feel he really needs before doing something drastic.

Again, the point is that it will take time for the true story of the east coast blackout to come out, but it is odd that the problems cascaded to so many systems as there are suppose to be protections in place to stop cascading blackouts.

Back to work for me

Hopefully, we will get the whole story of what happened before too long.