|Home Page | Subscribe | Archive: 2000 - 2012 | Cut to the Chase Radio | Planet X Town Hall|
|Earth | eBooks | ET | Humanity | Nostradamus | Planet X | SciTech | SCP | Space | War|
Electrical Grids Vulnerable To Hackers
In my previous article Are We Facing A Worldwide Electrical Crisis?, I reported on some of the important issues surrounding the management and health of the world's electrical grids with a focus on the United States. In this article, I will highlight the issues surrounding the security of our grid and its vulnerability to offshore terrorists around the world.
Electronics Showing Their Age
The electrical grid that constitutes the very infrastructure of our modern lives was developed and implemented in a time when security concerns were dramatically different from today; a time when our front doors and windows were never locked and passwords never expired. With the advent of the Internet came free and accessible information on any subject including Supervisory Control and Data Acquisition systems. Known as SCADAs, these critical electronics enable operators to control parts of the grid from remote locations.
PlantData Technologies, 8 August, 2002
Over 90% of major SCADA and Automation vendors have all of their manuals and specifications available on-line to the general public. In the past, those who had the motivation to create destructive hacking attacks against Industrial and SCADA networks did not have the knowledge to know what they were breaking into. Those who had the knowledge of SCADA and Industrial networks did not have the motivation to conduct any destructive attacks.
Joe Weiss, a control systems expert with KEMA Consulting of Fairfax, Virginia has raised a serious issue in terms of security for control electronics.
EurekAlert.org, 27 August, 2003
Weiss is concerned that although the PC-based software used by operators to monitor power stations and transmission lines is usually protected by firewalls, the real-time control electronics that they oversee is not. "The technology currently does not exist to protect them," he says.
"So far we've been lucky," says Weiss. "These embedded systems were designed to be open to easy, remote access ." This was appropriate before the rise of the internet, when grids operated on a dedicated, closed infrastructure — but today this level of openness poses a serious threat.
Bill Flynt, former director of the US Army's Homeland Security Threats Office can probably explain why the technology does not exist to protect these electronics.
EurekAlert.org, 27 August, 2003
"It's a genuine problem," says Flynt. "We have to redesign the grid." Weiss says he has tried raising awareness of the issue in Congress. "We have spent a very large amount of money to secure the internet and our IT infrastructure," says Weiss. "But there has been no money spent to protect [utility] control systems."
As I highlighted in my previous article, government and the companies running our grid are primarily focused on saving as much money as possible and are gambling with the very infrastructure of our modern lives. A dangerous assumption they are making is that hackers won't become terrorists.
It is important to understand that the term hacking is used these days to essentially encompass any drama that results from a person doing something to a computer remotely.
Once upon a time, hackers dwelled in an underground world of limited members and obtained a sense of pride and accomplishment from mastering the skills required to break into another computer and conduct various illegal activities. These days a true hacker would be insulted to learn that people creating these email viruses such as MSBlaster are discrediting their name. The fact is a regular redneck can create these viruses and rely on the naive population to open the strange emails and do their bidding.
While the redneck hackers skills are barely worthy of fear, they can still cause significant disruptions to the electrical grid.
Symantec, 11 September, 2003
Current and former energy industry executives, as well as the former Bush administration security adviser, told Computerworld on condition of anonymity that the January outbreak of the Slammer worm affected the real-time control environment of "several" utility companies around the country.
In one case, a server on a control center LAN running Microsoft's SQL Server wasn't patched, according to the report. "The worm …apparently [migrated] through the corporate networks until it finally reached the critical SCADA network via a remote control computer through a VPN connection," the report states. As a result, "the worm propagated, blocking SCADA traffic."
While such redneck hacking attacks are only able to cause this type of damage because they rely on luck as opposed to skill, imagine what a real hacker with real skill is capable of given the right type of motivation.
CBSNews.com, 11 September 2003
"I know enough about where the holes are," said Eric Byres, a cybersecurity researcher for critical infrastructure at the British Columbia Institute of Technology in Vancouver. "My team and I could shut down the grid. Not the whole North American grid, but a state, sure."
Security experts have warned about the grid's growing vulnerabilities before, especially after U.S. National Security Agency hackers showed they could break into grid control networks in 1998.
While the government and companies play politics and delay the decisions necessary to secure the grid, time increasingly continues toward the day when a hacker becomes a terrorist.
Traditionally, hackers have never really been associated with terrorists as there was nothing really terrifying that terrorists could do with a computer. They would normally break in through an electronic back door, steel some information, maybe disrupt some services, or even do nothing and quietly log out taking satisfaction simply in knowing they got in. However a day will come when a true hacker puts their skills to the ultimate test and nothing short of terror will result. On this fateful day the difference between a suicide bomber and a hacker will become blurred.
Former energy security Bill Richardson certainly understands that our electricity grid is open to these potential terror hackers.
Washington Post, 16 August, 2003
Bill Richardson said on MSNBC that if this had been terrorism, "the whole country could have been blacked out because our grids are all interconnected".
While Al-Qaeda training camps appear to specialize in guerrilla warfare tactics and weapons training as opposed to keyboard and networking skills, there is no reason to rule out a possibly imminent or even current alliance with China. It is almost common knowledge that China has an abundance of very skilled hackers. Recent statements from one of the world's youngest and best good-guy hackers highlight a cause for concern.
Ankit Fadia's skills are widely sort. He has worked with the Singaporian, Malaysian, and Oman governments, as well as several corporations and he has written several books.
The Stanford Daily, 21 November, 2003
Ankit Fadia has spied on officials of the Chinese government. He has impersonated international criminals to lure information out of their accomplices and has broken into their e-mail accounts to intercept evidence. He has a budget to bribe informants. And he gets paid to do all of it.
He's also an 18-year-old freshman at the University and a self-professed "ethical hacker."
"I work on the China-U.S. cyber war wherein I have to break in to the Chinese crackers — their e-mail addresses or systems — and get information about them," he said. "I need to identify who they are and what their motive is and whether the Chinese government is actually funding them or not."
Through his digital intelligence work, Fadia discovered links between the Chinese government and the China Eagle Union Hacker Group, an organization responsible for defacing thousands of U.S. Web sites over a period of four months that year.
"The long-term goal of the Chinese government is actually to take over the internet and control all parts of the internet," he claimed.
Unfortunately, there are no easy solutions to resolve the capacity, management and security issues. While we remain vulnerable to both the companies' poor management of the grid and hackers lurking in cyberspace, we can gain some hope in projects now underway that are attempting to secure the grids future.
With population growth always on the rise and electronic gizmos appearing in all corners of our lives, there is already a persuasive need to investigate future solutions for the grid.
The Washington Times, 24 September, 2003
Columbia University researchers say they've assembled a national team of scientists, technologists, security and intelligence experts to spearhead development of a "Smart Electric Grid" - one both lean and efficient, that can meet the nation's future energy and security demands.
The North American economy's demand for electricity is expected to triple from the current 7 terrawatts to as much as 20 terrawatts by 2050.
Anderson said the new "Smart Electric Grid" must improve efficiency by 50 percent or more in order for the new technology to prove affordable.
The government is also slowly beginning to take action.
EurekAlert.org, 27 August, 2003
However, the US Department of Energy is spending $114 million on a large-scale mock-up of the US grid, in a 900-square-mile block of desert in Idaho. The aim of its "SCADA Testbed" project is to boost control-system security.
This action, or perhaps it could be called reaction has been a long time coming after many years of neglect, just ask chief technology officer for the Electric Power Research Institute, Ted Marston.
TechWeb.com, 19 September 2003
Marston sounded a note of pessimism about the political will to make these changes. "Since deregulation, the US is spending less in real dollars on electricity infrastructure than it did during the Great Depression," he lamented.
While all breeds of hacker continue to exploit computers for their own agendas, it is inevitable that the day will come when one or more of these agendas become aligned with those of terrorists. When it does, we may only be able to light a candle and pray as our electricity grids begin blinking off one by one. Let us hope that our elected representatives can see the urgency in overcoming these issues before it's too late.
Let us hope that our elected representatives can see the urgency in overcoming these issues.