Thursday, April 9, 2009

U.S. Electrical Grid At Risk

"The next world war," a network security friend asserted the other day, "will be over the Internet."

Well, I thought out loud, at least there won't be much bloodshed. But he pointed out that the nation's entire banking system might be taken off line. Then what?

Now comes word in a Wall Street Journal report that Russian and Chinese cyberspies have implanted programs in the systems controlling the country's electrical grid that could take it down completely.

With the exception of those off the grid, i.e. generating their own electricity independently, it's conceivable that the United States one day could go dark.

Remember the great East Coast Blackout? Now imagine it spreading from coast-to-coast. And lasting longer.

No gasoline to be pumped. No banking to be done. No open stores. No heat. No light.

The report has been independently verified by security analysts who say they have been aware of this threat for some time.

Interestingly, while these programs have been detected, they've never been used by whoever is responsible to disrupt any of the grids. Officials aren't certain whether those responsible represent the governments of China or Russia.

At present, there may be no reason for anyone to attack the grids. It's not, for example, in China's best interests to disrupt because it holds so much of the U.S. debt. But just the mere fact that someone has the capability to shut down grids is disquieting.

A bill recently introduced by U.S. Sen. Jay Rockefeller (D-WV) would set Internet security standards. It would also grant the government certain powers to step in to mitigate an attack by taking control of Internet networks, a provision that has raised a red flag among critics who fear government abuse. And the Obama administration is reviewing computer network vulnerabilities now.

Much attention has been focused on illegal immigration in the United States. But the real future threat to the country may be the result of electronic, not human intrusion.

We talk about issues like this and more weekdays at 5 PM New York time on News Talk Online on


Photo credit:


Anonymous said...

Wasn't this the theme of one of the Die Hard movies?

I'll tell you what scares me (from the WSJ article): "Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies..."

Uhuh. We all know the intelligence agencies are never, ever wrong.

Anonymous said...

My job involves providing cyber security for electrical substations and I've observed that ironically, one of the things working to our advantage in this is the sheer old school, bizarre, patchwork nature of our electrical grid. Many of the devices on the grid are still only accessible via dial-up and the interconnects between providers are not exactly easy to figure out. Also, the SCADA network architecture is a bit obtuse and the devices themselves (such as generators and relays) aren't intuitive.

All this means that your ordinary hacker wouldn't bother trying to get into these things, would have a tough time of it anyway, and even if they did wouldn't know what to do once they got in. HOWEVER, clearly foreign entities wouldn't have those same obstacles, because electrical installations the world over are generally pretty similar.

Our electrical grid is comprised of stations that do generation or transmission(getting the electricity from where it's generated closer to where it's used) or distribution (to users). Typically all of the equipment at generation and transmission facilities are on mostly isolated SCADA networks and there is a large effort afoot across the country to establish electrical security perimeters around these installations that are MUCH tighter than what ordinary firewalls can do.

For example, applications are available to monitor every process and FILE on every machine inside the perimeter, so that if an unnecessary file even appears, or an unnecessary process starts then emergency measures can be implemeted quickly.

Granted, this is a work in progress, but NERC is putting in place the regulations to safeguard the electric grid since it is a critical infrastructure component, however, I'm generally a little surprised at how little money the government is providing toward this effort - given the trillions of dollars spent on national security - because even though it's unlikely, it's been shown in simulations that in theory it would be possible to cause an electrical outage that lasts for MONTHS to large metropolitan areas.

Most likely, there is some money for electrical grid security in the latest Obama package, but I don't think it's as much as it should be. I think part of the problem is that the electrical grid is not "sexy" and 99% of the population doesn't even understand exactly how the grid works.

I'm hopeful that terrorists or foreign entities are never able to bring down power to areas of this country, but such an incident would certainly result in a lot more federal money being put into cyber security for this industry.

Anonymous said...

We've known about this since 9/11 happened. Why is it being discussed now? So that BHO can implement some new tax for some new green grid perhaps?

Deborah Young