Tag Archives: power grids vulnerabilities

Visible and Vulnerable: the Power Grid and Terrorism

Leave a reply

Physical attacks on the U.S. power grid rose 71% last year compared with 2021 and will likely increase this year, according to a confidential industry analysis viewed by The Wall Street Journal. A division of the grid oversight body known as the North American Electric Reliability Corporation found that ballistic damage, intrusion and vandalism largely drove the increase. The analysis also determined that physical security incidents involving power outages have increased 20% since 2020, attributed to people frustrated by the onset of the pandemic, social tensions and economic challenges.

The NERC division, known as the Electricity Information Sharing and Analysis Center, or E-ISAC, recorded the sharp increase in incidents in 2022, driven in part by a series of clustered attacks on infrastructure in the Southeast, Midwest and Pacific Northwest. One of the most significant incidents occurred in early December 2022 when attackers targeted several substations in North Carolina with gunfire, leaving roughly 45,000 people in the dark…The number of politically or ideologically motivated attacks appears to be growing though it is difficult to identify the reasons for each one.  There seems to be a pattern where people are targeting critical infrastructure, probably with the intent to disrupt. In 2013, snipers targeted a large-scale transmission substation near San Jose, Calif., and raised fears that the country’s power grid was vulnerable to terrorism. The attack took out 17 transformers critical to supplying power to Silicon Valley, authorities said. A former federal regulator at the time called the event “the most significant incident of domestic terrorism involving the grid that has ever occurred.”

Excerpts from Katherine Blunt, Power-Grid Attacks Surge and Are Likely to Continue, Study Finds, WSJ, Feb. 22, 2023

The Wild West Mentality of Companies Running the U.S. Oil and Gas Infrastructure — and Who Pays for It

Leave a reply

The ransomware attack on Colonial Pipeline Co. in May 2021 has hit an industry that largely lacks federal cybersecurity oversight, leading to uneven digital defenses against such hacks.

The temporary shutdown of Colonial’s pipeline, the largest conduit for gasoline and diesel to the East Coast, follows warnings by U.S. officials in recent months of the danger of cyberattacks against privately held infrastructure. It also highlights the need for additional protections to help shield the oil-and-gas companies that power much of the country’s economic activity, cyber experts and lawmakers say. “The pipeline sector is a bit of the Wild West,” said John Cusimano, vice president of cybersecurity at aeSolutions, a consulting firm that works with energy companies and other industrial firms on cybersecurity. Mr. Cusimano called for rules similar to the U.S. Coast Guard’s 2020 regulations for the maritime sector that required companies operating ports and terminals to put together cybersecurity assessments and plans for incidents.

 More than two-thirds of executives at companies that transport or store oil and gas said their organizations are ready to respond to a breach, according to a 2020 survey by the law firm Jones Walker LLP. But many don’t take basic precautions such as encrypting data or conducting dry runs of attacks, said Andy Lee, who chairs the firm’s privacy and security team. “The overconfidence issue is a serious phenomenon,” Mr. Lee said.

Electric utilities are governed by rules enforced by the North American Electric Reliability Corp., a nonprofit that reviews companies’ security measures and has the power to impose million-dollar fines if they don’t meet standards. There is no such regulatory body enforcing standards for oil-and-gas companies, said Tobias Whitney, vice president of energy security solutions at Fortress Information Security. “There aren’t any million-dollar-a-day potential fines associated with oil-and-gas infrastructure at this point,” he said. “There’s no annual audit.”

Excerpt from David Uberti and Catherine Stupp, Colonial Pipeline Hack Sparks Questions About Oversight, WSJ, May 11, 2021

The Nightmare of Keeping the Lights On

Leave a reply

Some 330 million Americans rely on the nation’s critical infrastructure to keep the country humming. Disruptions to electrical grids, communications systems, and supply chains can be catastrophic, yet all of these are vulnerable to cyberattack. According to the government’s 2019 World Wide Threats Hearing, certain adversaries are capable of launching cyberattacks that can disrupt the nation’s critical infrastructure – including electrical distribution networks.

In recognition of the disruptions cyberattacks can cause, DARPA in 2016 established the Rapid Attack Detection, Isolation and Characterization Systems (RADICS) program. The goal of RADICS has been to enable black-start recovery during a cyberattack. Black start is the process of restoring power to an electric substation or part of the grid that has experienced a total or partial shutdown without relying on an external power transmission network to get things back online…

“Cyberattacks on the grid can essentially do two things – make the grid not tell you the truth, and make the grid operate in an unexpected way,” said Walter Weiss, the program manager responsible for RADICS. “For example, the grid could show you that a substation has power when in reality it does not. This could unintentionally prevent power restoration to an entire area since no one thinks there is a need to bring power back online. The technologies developed under RADICS help provide ground truth around grid status, giving responders the ability to quickly detect anomalies and then chart a path towards recovery.”…

 The RADICS testbed is comprised of miniaturized substations that were designed to operate as they do in the real world, but with safeguards to protect the system and those operating the substations. The substations are connected via power lines, forming a multi-utility crank path. With a crank path, power is generated to black start one utility that then powers the next utility and the next until the grid is fully restored.

DARPA substation, Plum island NY

Technologies to Rapidly Restore the Electrical Grid after Cyberattack Come Online, DARPA Website, Feb. 23, 2021

Algorithms as Weapons –Tracking,Targeting Nuclear Weapons

Leave a reply

 
New and unproved technologies—this time computer systems capable of performing superhuman tasks using machine learning and other forms of artificial intelligence (AI)—threaten to destabilise the global “strategic balance”, by seeming to offer ways to launch a knockout blow against a nuclear-armed adversary, without triggering an all-out war.

A report issued in November by America’s National Security Commission on Artificial Intelligence, a body created by Congress and chaired by Eric Schmidt, a former boss of Google, and Robert Work, who was deputy defence secretary from 2014-17, ponders how AI systems may reshape global balances of power, as dramatically as electricity changed warfare and society in the 19th century. Notably, it focuses on the ability of AI to “find the needle in the haystack”, by spotting patterns and anomalies in vast pools of data…In a military context, it may one day find the stealthiest nuclear-armed submarines, wherever they lurk. The commission is blunt. Nuclear deterrence could be undermined if AI-equipped systems succeed in tracking and targeting previously invulnerable military assets. That in turn could increase incentives for states, in a crisis, to launch a devastating pre-emptive strike. China’s rise as an AI power represents the most complex strategic challenge that America faces, the commission adds, because the two rivals’ tech sectors are so entangled by commercial, academic and investment ties.

Some Chinese officials sound gung-ho about AI as a path to prosperity and development, with few qualms about privacy or lost jobs. Still, other Chinese fret about AI that might put winning a war ahead of global stability, like some game-playing doomsday machine. Chinese officials have studied initiatives such as the “Digital Geneva Convention” drafted by Microsoft, a technology giant. This would require states to forswear cyber-attacks on such critical infrastructure as power grids, hospitals and international financial systems.  AI would make it easier to locate and exploit vulnerabilities in these…

One obstacle is physical. Warheads or missile defences can be counted by weapons inspectors. In contrast, rival powers cannot safely show off their most potent algorithms, or even describe AI capabilities in a verifiable way….Westerners worry especially about so-called “black box” algorithms, powerful systems that generate seemingly accurate results but whose reasoning is a mystery even to their designers.

Excerpts from Chaguan: The Digital Divide, Economist, Jan 18, 2019

Drones for Renewable Energy

Leave a reply

Utilities in Europe are looking to long-distance drones to scour thousands of miles of grids for damage and leaks in an attempt to avoid network failures that cost them billions of dollars a year. w altitudes over pipelines and power lines….Italy’s Snam, Europe’s biggest gas utility, told Reuters it is trialing one of these machines – known as BVLOS drones (Beyond Visual Line of Sight) because they fly ‘beyond the visual line of sight’ of operators – in the Apennine hills around Genoa. It hopes to have it scouting a 20 km stretch of pipeline soon.

France’s RTE has also tested a long-distance drone, which flew about 50 km inspecting transmission lines and sent back data that allowed technicians to virtually model a section of the grid. The company said it would invest 4.8 million euros ($5.6 million) on drone technology over the next two years.

At present, power companies largely use helicopters equipped with cameras to inspect their networks. They have also recently started occasionally using more basic drones that stay within sight of controllers and have a range of only about 500 meters.  However an industry-wide shift toward renewable energy, and the need to monitor the myriad extra connections needed to link solar and wind parks to grids, is forcing utilities to look at the advanced technology.  “It’s a real game changer,” Michal Mazur, partner at consultancy PwC, said of drones. “They’re 100 times faster than manual measurement, more accurate than helicopters and, with AI devices on board, could soon be able to fix problems.”

In-sight drones cost around 20,000 euros each and BVLOS ones will cost significantly more, according to executives at tech companies that make the machines for utilities, and a fleet of dozens if not hundreds would be needed to monitor a network.

Power grid companies are expected to spend over $13 billion a year on drones and robotics by 2026 globally, from about $2 billion now, according to Navigant Research.  But that is still dwarfed by the amount of money the sector loses every year because of network failures and forced shutdowns – about $170 billion, according to PwC…

BVLOS drone flights are largely prohibited because of safety concerns. However over the past year European watchdogs have for the first time granted special permits to allow utilities – namely RTE and Snam – to test prototypes. it…Xcel Energy (XEL.O) in April  2018 became the first American utility to gain approval for BVLOS flights.

Excerpts from Power to the drones: utilities place bets on robots, Reuters, July 16, 2018

Firing Back with Vengeance: the NSA Weapons

Leave a reply

The strike on IDT, a conglomerate,… was similar to WannaCry in one way: Hackers locked up IDT data and demanded a ransom to unlock it.  But the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines….Were it not for a digital black box that recorded everything on IDT’s network, …the attack might have gone unnoticed.

Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons. Mr. Ben-Oni and other security researchers worry that many of those other infected computers are connected to transportation networks, hospitals, water treatment plants and other utilities…

Both WannaCry and the IDT attack used a hacking tool the agency had code-named EternalBlue. The tool took advantage of unpatched Microsoft servers to automatically spread malware from one server to another, so that within 24 hours… hackers had spread their ransomware to more than 200,000 servers around the globe. The attack on IDT went a step further with another stolen N.S.A. cyberweapon, called DoublePulsar. The N.S.A. used DoublePulsar to penetrate computer systems without tripping security alarms. It allowed N.S.A. spies to inject their tools into the nerve center of a target’s computer system, called the kernel, which manages communications between a computer’s hardware and its software.

In the pecking order of a computer system, the kernel is at the very top, allowing anyone with secret access to it to take full control of a machine. It is also a dangerous blind spot for most security software, allowing attackers to do what they want and go unnoticed. In IDT’s case, attackers used DoublePulsar to steal an IDT contractor’s credentials. Then they deployed ransomware in what appears to be a cover for their real motive: broader access to IDT’s businesses…

But the attack struck Mr. Ben-Oni as unique. For one thing, it was timed perfectly to the Sabbath. Attackers entered IDT’s network at 6 p.m. on Saturday on the dot, two and a half hours before the Sabbath would end and when most of IDT’s employees — 40 percent of whom identify as Orthodox Jews — would be off the clock. For another, the attackers compromised the contractor’s computer through her home modem — strange.

The black box of sorts, a network recording device made by the Israeli security company Secdo, shows that the ransomware was installed after the attackers had made off with the contractor’s credentials. And they managed to bypass every major security detection mechanism along the way. Finally, before they left, they encrypted her computer with ransomware, demanding $130 to unlock it, to cover up the more invasive attack on her computer.

A month earlier, Microsoft had issued a software patch to defend against the N.S.A. hacking tools — suggesting that the agency tipped the company off to what was coming. Microsoft regularly credits those who point out vulnerabilities in its products, but in this case the company made no mention of the tipster. Later, when the WannaCry attack hit hundreds of thousands of Microsoft customers, Microsoft’s president, Brad Smith, slammed the government in a blog post for hoarding and stockpiling security vulnerabilities.  For his part, Mr. Ben-Oni said he had rolled out Microsoft’s patches as soon as they became available, but attackers still managed to get in through the IDT contractor’s home modem.

There are now YouTube videos showing criminals how to attack systems using the very same N.S.A. tools used against IDT, and Metasploit, an automated hacking tool, now allows anyone to carry out these attacks with the click of a button….

“Once DoublePulsar is on the machine, there’s nothing stopping anyone else from coming along and using the back door,” Mr. Dillon said.More distressing, Mr. Dillon tested all the major antivirus products against the DoublePulsar infection and a demoralizing 99 percent failed to detect it.  “We’ve seen the same computers infected with DoublePulsar for two months and there is no telling how much malware is on those systems,” Mr. Dillon said. “Right now we have no idea what’s gotten into these organizations.”..

Could that attack be coming? The Shadow Brokers resurfaced last month, promising a fresh load of N.S.A. attack tools, even offering to supply them for monthly paying subscribers — like a wine-of-the-month club for cyberweapon enthusiasts.

Excerpts from NICOLE PERLROTHJUNE, A Cyberattack ‘the World Isn’t Ready For’,  New York Times, June 20, 2017

Hacking the Power Grid

Leave a reply

In Ukraine on Dec. 23, 2015 the power suddenly went out for thousands of people in the capital, Kiev, and western parts of the country. While technicians struggled for several hours to turn the lights back on, frustrated customers got nothing but busy signals at their utilities’ call centers….Hackers had taken down almost a quarter of the country’s power grid, claimed Ukrainian officials.  Specifically, the officials blamed Russians for tampering with the utilities’ software, then jamming the power companies’ phone lines to keep customers from alerting anyone….Several of the firms researching the attack say signs point to Russians as the culprits. The malware found in the Ukrainian grid’s computers, BlackEnergy3, is a known weapon of only one hacking group—dubbed Sandworm by researcher ISight Partners—whose attacks closely align with the interests of the Russian government. The group carried out attacks against the Ukrainian government and NATO in 2014…

The more automated U.S. and European power grids are much tougher targets. To cloak Manhattan in darkness, hackers would likely need to discover flaws in the systems the utilities themselves don’t know exist before they could exploit them. In the Ukrainian attack, leading security experts believe the hackers simply located the grid controls and delivered a command that shut the power off. Older systems may be more vulnerable to such attacks, as modern industrial control software is better at recognizing and rejecting unauthorized commands, says IOActive’s Larsen.

That said, a successful hack of more advanced U.S. or European systems would be a lot harder to fix. Ukrainian utility workers restored power by rushing to each disabled substation and resetting circuit breakers manually. Hackers capable of scrambling New York’s power plant software would probably have to bypass safety mechanisms to run a generator or transformer hotter than normal, physically damaging the equipment. That could keep a substation offline for days or weeks, says Michael Assante, former chief security officer for the nonprofit North American Electric Reliability.

Hackers may have targeted Ukraine’s grid for the same reason NATO jets bombed Serbian power plants in 1999: to show the citizenry that its government was too weak to keep the lights on. The hackers may even have seen the attack as in-kind retaliation after sabotage left 1.2 million people in Kremlin-controlled Crimea without lights in November 2015. In that case, saboteurs blew up pylons with explosives, then attacked the repair crews that came to fix them, creating a blackout that lasted for days. Researchers will continue to study the cyber attack in Ukraine, but the lesson may be that when it comes to war, a bomb still beats a keyboard.

Excerpts How Hackers Took Down a Power Grid, Bloomberg Business Week, Jan. 14, 2016