Comments on: Just how vulnerable is the electrical grid?

Experts say critical infrastructure in the U.S. is at risk of cyberattacks as utilities increasingly rely on the public Internet, deploy unsafe smart-grid technology, and fail to take adequate security precautions.

[czmyt]

Obviously it is vulnerable and has been hacked; otherwise, the US Government would state categorically that it has not been penetrated. To say that it has not been remotely controlled by unauthorized CHINESE and RUSSIAN government agencies is little consolation. Just because they have not pulled the trigger on their hacks does not mean that they cannot do that on a moment's notice. How about we spend some stimulus money monitoring those systems closely AND looking through the code for previous hacks?

[wolivere]

Why do we feal the need to connect everything to the internet? What is wrong with a private network for this? It worked for the past 40+ years.

The easiest way to keep critical systems safe is not connect them to the outside.

Yes it may be easier to work from home, but for critical utilities, its best to have an on call center?

[darwincat1]

After years of warnings it looks like the only way that companies will stop putting critical industrial control systems on the Internet is if 1) Congress makes it illegal, and/or 2) someone gets hacked BAD, to the extent that people are killed and massive lawsuits result. I hate to turn to Big Brother for a solution (especially a tech solution) but it seems like option 1 is better than waiting for option 2...

[Number_of_Euler]

If I correctly interpeted the article, the electrical companies aren't connecting their networks to the internet. They're in trouble for using the TCP/IP protocol on their internal networks, allowing their technicians to dial into the networks by phone, and not securing the routers inside these more or less isolated networks. Except for the unsecured routers, there is nothing wrong with using highly tested and easy to troubleshoot technologies. Security through obscurity is not the answer.

tl;dr
The electrical grid isn't going to get severly compromised any time soon, DON'T PANIC.

[n3td3v]

The threat is being hyped up for a political agenda.

[scottthesculptor]

yep,
spys are everywhere and are trying to switch off your refrigerator!
most of the "insecure access" is only for monitoring.
From the sound of we should use armed guards and top secret couriers to flip a switch.
No network - even the private ones - are absolutley safe.
But they'll take the millions to make it slightly safer.

But I can see why the non-technical masses with all the virii and trojans on their computers would be concerned . . .
Jeez - the military uses the Internet. Let's turn it off.

[Heebee Jeebies]

What I want to know is who is the idiot (not the words I want to use by the way) that thought "well we need to network these all together so lets use the public, insecure, easily hacked internet instead of a private dedicated network with no outside access" Whoever thought this was a good idea should be fired. The internet is great for many things, things like this isn't one of them. What's next the government using the internet to relay commands to our ships, missiles, satellites, etc. Give me a freaking break.

Robert

[wpentland]

The grid is alarmingly vulnerable to even unsophisticated, low-grade attacks. Here is the conclusion reached by a 2008 Defense Task Force Report on the U.S. military's energy security:

?Unfortunately, the current architecture of the grid is vulnerable to even simple attacks. In addition to physical attacks, cyber attacks could take down parts of the grid for extended periods. Grid control systems are continuously probed electronically, and there have been numerous attempted attacks on the Supervisory Control and Data Acquisition (SCADA) systems that operate the grid. None have yet resulted in major problems in the U.S., but the potential exists for major outages. Recently discovered types of cyber attacks illustrate this vulnerability and would impose unique DoD consequences. A long term major power outage would have significant consequences for both DoD and the nation. To begin with, there is the threat to critical DoD missions. A number of installations in the U.S. and OCONUS host missions that are critical in strategic and tactical terms and must function 24/7. The resilience of these missions is wholly dependent on continued power to the buildings and equipment involved.?

The whole report and related declassified military analysis of the grid's security can be found at: http://cleantechlawandbusiness.com/cleanbeta/index.php/3201/us-navy-drops-privatization-plans-for-power-utilities-due-to-grid-security-concerns/

[Jane in KC]

I wonder if we have mapped the grids of antagonistic nations.

[tgrenier]

How about Ethernet over power lines??

[tketcher]

Anybody logging in from home, should be using VPN to connect to the Network, that would eliminate most threats right off the bat. If they are allowing something as insecure as the Internet to access these controls, they have made the Hackers jobs simplicity itself.

[leedix8420]

As scary as this may sound its just the tip of the ice berg... Recent congressional hearings have shown evidence that terrorists are more involved than previously believed in cybercrime. In short, evidence suggests terrorists are actively training new recruits on how to hack into computer systems, perform phishing operations and to move money using stolen credit cards and bank accounts.

In his jailhouse manifesto, Imam Samudra (linked to the Bali terrorist bombing), urged his Muslim radical comrades to declare holy war not on the battlefield, but rather in cyberspace. Imam describes how America's computer infrastructure and networks are vulnerable to hacking, credit card and money laundering. How far the rabbit hole really goes is anyone's guess but the future of terrorism and cyberwarfare is growing exponentially... The ties are apparent... The course of action by governments, corporations and individuals is absolutely necessary... For more information: http://fraudpractice.blogspot.com/2009/04/hacking-why-not.html

[disco-legend-zeke]

even a private network would be killed by a simple cable cut.

no high voltage, etc. no specialized tools, etc.

please read FCC # 09-31

[sam99999999]

Sure hope that Peter "Mudge" Zatko (quoted in the article) isn't designing any reactors. Plutonium rods don't get "lowered into the water to make steam".

[BtmnHatesRbn]

Everytime I see a power plant or something power related on History or Discovery, it's always running Windows, from the looks of it, anything from 3.0 to XP, depending on which plant the show is visiting.

That's not very smart. The Pentagon's top .mil computers are all Mac OS X, Solaris, or whatever the hell SGI used to use. There's a semi-public report that somebody can hunt down on their own showing that since *.mil changed the workstations to OSX, not on single hack or break-in has occurred at that top level. The bottom levels run on Windows, and, as CNET reported just a few months ago, China broke into those.

Also, for anybody thinking I'm lying about the .mil computers being OSX, there's a History Modern Marvels that shows it, with all of the screens changed to normal user account, with the Tiger default wallpaper and the default dock at the bottom.

[seanparker04]

Totally all technology today is prone to cyber attack.

<a href="http://ezinearticles.com/?The-Easiest-and-Cheapest-Way-to-Do-a-Reverse-Cell-Phone-Lookup&id=2045677">Reverse Cell Phone LookUp</a>

[bdennis410]

Ignoring security in favor of profitability,proitability through conservation being the primary motive for smart grid, is not to be ignored.
At the same time, we have a tremendous opportunity to upgrade the physical security of power distribution, AND transportation, AND communications which at the same increasing efficiency enough to pay for the upgrades.
Which upgrades?
We have hundreds of thousands of miles of power-generation-plant-to-sub-station above ground power lines. We also need securiy for communications wiring-fiber optic and hardwire-plus we need mass transit lines for freight and passengers. Those utility rights of way are hundreds of feet wide, run for hundreds, even thousands of miles in relatively straight lines, and are wide enough for five or more 20-25 foot tunnels, with 10 foot separation for all those uses, and more. Those big overhead 100-150 foot towers would move underground and be insulated to mitigate the power loss that now occurs for every mile of above ground transmission, paying for itself by saving plant capacity and extending reach.
Besides all the benefits, we get J-O-B-S.