April 8th, 2009
The U.S. electrical grid: How big of a cyber target is it?
Posted by Larry Dignan @ 7:22 am
Spies have been reportedly been probing the U.S. electrical grid for
months and planting software that could be activated at a future date,
according to a Wall Street Journal report.
The
report notes that the spies are from China, Russia and other countries.
While the
|
news isn’t that surprising—given how vulnerable Internet
infrastructure is—it is notable because electrical grids were initially
thought to be somewhat hacker proof. Why? Grids run on an old mish-mash
of software, which is often proprietary. However, recent events
indicate that so called SCADA systems—(Supervisory Control And Data
Acquisition), which collect data from sensors and machines and send them
to a centrally managed repository—are also at risk. To wit, last June
Core Security detailed
how SCADA systems were vulnerable. And
even silly electronic
road sign pranks show how SCADA systems are vulnerable.
How bad is it? According the Journal report, a SCADA attack may be a
disaster waiting to happen. |
The Journal notes that:
- The Chinese have attempted to map the U.S. electrical grid;
- The espionage is pervasive and not targeted to any one company or
region;
- The companies in charge of the infrastructure—remember most of the
U.S. networks are in private hands—never knew of the intrusions;
- Intelligence agencies discovered the intrusions;
- Water, sewer and other systems are at risk;
- And the intelligence gleaned through these intrusions will be critical
in the event of war.
The good news is that the Obama administration is about to complete a
cybersecurity review and Congress had approved $17 billion in funds to
protect government networks under the Bush administration.
Also see: TechRepublic resources on SCADA security
However, throwing money at the problem may not help all that much.
The North American Electric Reliability Corporation told its members that
utilities need to step up security procedures.
In the letter, Michael Assante, chief security officer of the group,
wrote:
NERC is requesting that entities take a fresh, comprehensive look at
their risk-based methodology and their resulting list of CAs (critical
assets) with a broader perspective on the potential consequences to the
entire interconnected system of not only the loss of assets that they own
or control, but also the potential misuse of those assets by intelligent
threat actors.
Assante outlines the grid’s conundrum:
Most of us who have spent any amount of time in the industry understand
that the bulk power system is designed and operated in such a way to
withstand the most severe single contingency, and in some cases multiple
contingencies, without incurring significant loss of customer load or
risking system instability. This engineering construct works extremely
well in the operation and planning of the system to deal with expected and
random unexpected events. It also works, although to a lesser extent, in a
physical security world. In this traditional paradigm, fewer assets may be
considered “critical” to the reliability of the bulk electric system.
But as we consider cyber security, a host of new considerations arise.
Rather than considering the unexpected failure of a digital protection and
control device within a substation, for example, system planners and
operators will need to consider the potential for the simultaneous
manipulation of all devices in the substation or, worse yet, across
multiple substations. I have intentionally used the word “manipulate”
here, as it is very important to consider the misuse, not just loss or
denial, of a cyber asset and the resulting consequences, to accurately
identify CAs under this new “cyber security” paradigm. A number of system
disturbances, including those referenced in NERC’s March 30 advisory on
protection system single points of failure, have resulted from similar,
non-cyber-related events in the past five years, clearly showing that this
type of failure can significantly “affect the reliability (and)
operability of the bulk electric system,” sometimes over wide geographic
areas.
Taking this one step further, we, as an industry, must also consider
the effect that the loss of that substation, or an attack resulting in the
concurrent loss of multiple facilities, or its malicious operation, could
have on the generation connected to it.
The good news so far: It doesn’t appear that these intrusions have led to
any attacks. But as grids become smarter via technology, they’re likely to
be easier to hack. It’s only a matter of when, not if, the grid—and other
key infrastructure—gets hacked.
Larry
Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister
site TechRepublic. See his
full profile and
disclosure of his industry affiliations.
© 2009 CBS Interactive Inc. All rights reserved. To
subscribe or visit go to:
http://blogs.zdnet.com |