Electrical Grids Vulnerable
To Hackers
YOWUSA.COM, 14-December-03
Steve Russell
 In my previous article
Are We Facing A Worldwide Electrical Crisis?, I reported on some of the important issues
surrounding the management and health of the world's electrical grids with a focus on the United States. In this article, I will highlight the issues surrounding the security of our grid
and its vulnerability to offshore terrorists around the world.
Electronics Showing Their Age
The electrical grid that constitutes the very infrastructure of our modern lives was developed and implemented in a time when security concerns were
dramatically different from today; a time when our front doors and windows were never locked and passwords never expired. With the advent of the
Internet came free and accessible information on any subject including Supervisory Control and Data Acquisition systems. Known as SCADAs,
these critical electronics enable operators to control parts of the grid from remote locations.
PlantData Technologies, 8 August, 2002
SCADA Security Strategy Over 90% of major SCADA and Automation vendors have all
of their manuals and specifications available on-line to the general public. In the past, those who had the motivation to create destructive hacking attacks against
Industrial and SCADA networks did not have the knowledge to know what they were breaking into. Those who had the knowledge of SCADA and Industrial networks did not have
the motivation to conduct any destructive attacks.
Joe Weiss, a control systems expert with KEMA Consulting of Fairfax, Virginia has raised a serious issue in terms of security for control electronics.
EurekAlert.org, 27 August, 2003
Electricity grids left open to hackers
Weiss is concerned that although the PC-based software used by operators to monitor power stations and transmission lines is usually protected by firewalls, the real-time control electronics that they oversee is
not. "The technology currently does not exist to protect them," he says. "So far we've been lucky," says Weiss. "These embedded systems were designed to be open to easy, remote access
." This was appropriate before the rise of the internet, when grids operated on a dedicated, closed infrastructure — but today this level of openness poses a serious threat.
Bill Flynt, former director of the US Army's Homeland Security Threats Office can probably explain why the technology does not exist to protect these electronics.
EurekAlert.org, 27 August, 2003
Electricity grids left open to hackers
"It's a genuine problem," says Flynt. "We have to redesign the grid." Weiss says he has tried raising awareness of the issue in Congress. "We have spent a
very large amount of money to secure the internet and our IT infrastructure," says Weiss. "But there has been no money spent to protect [utility] control systems."
As I highlighted in my previous article, government and the companies running our grid are primarily focused on saving as much money as possible
and are gambling with the very infrastructure of our modern lives. A dangerous assumption they are making is that hackers won't become terrorists.
Redneck Hackers
It is important to understand that the term hacking is used these days to essentially encompass any drama that results from a person doing something to a computer remotely.
 Once upon a time, hackers dwelled in an underground
world of limited members and obtained a sense of pride and accomplishment from mastering the skills required to break into another computer and conduct various illegal activities. These days a true hacker
would be insulted to learn that people creating these email viruses such as MSBlaster are discrediting their name. The fact is a regular redneck can create these
viruses and rely on the naive population to open the strange emails and do their bidding.
While the redneck hackers skills are barely worthy of fear, they can still cause significant disruptions to the electrical grid.
Symantec, 11 September, 2003
Blaster Worm Linked to Severity of Blackout
Current and former energy industry executives, as well as the former Bush administration security adviser, told Computerworld on condition of anonymity that the January
outbreak of the Slammer worm affected the real-time control environment of "several" utility companies around the country. In one case, a server on a control center LAN running
Microsoft's SQL Server wasn't patched, according to the report. "The worm …apparently [migrated] through the corporate networks until it finally reached the critical
SCADA network via a remote control computer through a VPN connection," the report states. As a result, "the worm propagated, blocking SCADA traffic."
While such redneck hacking attacks are only able to cause this type of damage because they rely on luck as opposed to skill, imagine what a real hacker with real skill is capable of given the right type of motivation.
CBSNews.com, 11 September 2003
Hacker Danger For Power Supply?
"I know enough about where the holes are," said Eric Byres, a cybersecurity researcher for critical infrastructure at the British Columbia Institute of Technology in Vancouver. "My team and I could shut down
the grid. Not the whole North American grid, but a state, sure." Security experts have warned about the grid's growing vulnerabilities before, especially after U.S. National
Security Agency hackers showed they could break into grid control networks in 1998.
While the government and companies play politics and delay the decisions necessary to secure the grid, time increasingly continues toward the day when a hacker becomes a terrorist.
Terror Hackers
Traditionally, hackers have never really been associated with terrorists as there was nothing really terrifying that terrorists could do with a computer.
They would normally break in through an electronic back door, steel some information, maybe disrupt some services, or even do nothing and quietly log
out taking satisfaction simply in knowing they got in. However a day will come when a true hacker puts their skills to the ultimate test and nothing short
of terror will result. On this fateful day the difference between a suicide bomber and a hacker will become blurred.
Former energy security Bill Richardson certainly understands that our electricity grid is open to these potential terror hackers.
Washington Post, 16 August, 2003
Unplugged — Without the Grid, Modern Man Is Totally in the Dark
Bill Richardson said on MSNBC that if this had been terrorism, "the whole country could have been blacked out because our grids are all interconnected".
 While Al-Qaeda training camps appear
to specialize in guerrilla warfare tactics and weapons training as opposed to keyboard and networking skills, there is no reason to rule out a possibly imminent or even current alliance with
China. It is almost common knowledge that China has an abundance of very skilled hackers. Recent statements from one of the world's youngest and best good-guy hackers highlight a cause for concern.
Ankit Fadia's skills are widely sort. He has worked with the Singaporian, Malaysian, and Oman governments, as well as several corporations and he has written several books.
The Stanford Daily, 21 November, 2003
Indian hacker heats up intelligence circuits
Ankit Fadia has spied on officials of the Chinese government. He has impersonated international criminals to lure information out of their accomplices and has broken into their e-mail accounts to intercept evidence.
He has a budget to bribe informants. And he gets paid to do all of it. He's also an 18-year-old freshman at the University and a self-professed "ethical hacker."
"I work on the China-U.S. cyber war wherein I have to break in to the Chinese crackers — their e-mail addresses or systems — and get information about them," he said. "I need to identify who they are and what their
motive is and whether the Chinese government is actually funding them or not."
You're Not Alone! Join with Like-minded
Others on the Planet X Town Hall
Through his digital intelligence work, Fadia discovered links between the Chinese government and the China Eagle
Union Hacker Group, an organization responsible for defacing thousands of U.S. Web sites over a period of four months that year. "The long-term goal of the Chinese government is
actually to take over the internet and control all parts of the internet," he claimed.
Unfortunately, there are no easy solutions to resolve the capacity, management and security issues. While we remain vulnerable to both the
companies' poor management of the grid and hackers lurking in cyberspace, we can gain some hope in projects now underway that are attempting to secure the grids future.
Future Solutions
With population growth always on the rise and electronic gizmos appearing in all corners of our lives, there is already a persuasive need to investigate future solutions for the grid.
The Washington Times, 24 September, 2003
‘Smart' electricity grid under study Columbia University researchers say they've assembled a
national team of scientists, technologists, security and intelligence experts to spearhead development of a "Smart Electric Grid" - one both lean and efficient, that can meet the nation's future energy and security
demands. The North American economy's demand for electricity is expected to triple from the current 7 terrawatts to as much as 20 terrawatts by 2050.
Anderson said the new "Smart Electric Grid" must improve efficiency by 50 percent or more in order for the new technology to prove affordable.
The government is also slowly beginning to take action.
EurekAlert.org, 27 August, 2003
Electricity grids left open to hackers
However, the US Department of Energy is spending $114 million on a large-scale mock-up of the US grid, in a 900-square-mile block of desert in Idaho. The aim of
its "SCADA Testbed" project is to boost control-system security.
This action, or perhaps it could be called reaction has been a long time coming after many years of neglect, just ask chief technology officer for the Electric Power Research Institute, Ted Marston.
TechWeb.com, 19 September 2003
Power Grid Could Benefit From Nanotech: Stanford Symposium Says
Marston sounded a note of pessimism about the political will to make these changes. "Since deregulation, the US is spending less in real dollars on electricity
infrastructure than it did during the Great Depression," he lamented.
While all breeds of hacker continue to exploit computers for their own agendas, it is inevitable that the day will come when one or more of these
agendas become aligned with those of terrorists. When it does, we may only be able to light a candle and pray as our electricity grids begin blinking off
one by one. Let us hope that our elected representatives can see the urgency in overcoming these issues before it's too late.
Let us hope that our elected representatives can see the urgency in overcoming these issues.
|
