

Would the last spy out please turn out the lights? - knieveltech
http://www.reuters.com/article/newsOne/idUSTRE53729120090408

======
paulhart
No surprises there.

I've written software for a electricity generation company that provides
operator guidance on the level of generation requested by the market on a
real-time basis.

Eventually, said company is interested in linking that software with their
control systems to automate the regulation of the power plant. This is, to my
mind, kind of scary. The regulatory bodies seem to agree - should that happen
my software would be subject to audit as a "critical cyber-asset".

~~~
streety
What sort of network is/would this be on? I would like to think this would be
on a dedicated network but is a vpn more common?

I'm assuming this isn't going to be publicly accessible.

~~~
paulhart
The app lives on a dedicated server, running a "secure by default" OS (hint
hint), on a private network. The network firewall is configured to only allow
inbound connections for one protocol from two public IP addresses. All other
public traffic is outbound-only.

------
tommusic
Can anyone explain (or at least speculate) a little bit more about what kind
of vectors the "cyberspies" might have used?

The article didn't seem to imply physical presence, so my mind goes next to
social engineering and e-mail trojans.

I'm assuming our power grid doesn't have externally-accessible web servers
that are linked to the actual management functions...

    
    
      http://uspowergrid/admin/show_grid.php?plant_id=19';DROP TABLE powergrid;
    

That would be really frightening.

~~~
tommusic
Some Slashdot-spelunking resulted in a few comments that seemed reasonable:

[http://it.slashdot.org/comments.pl?sid=1191575&cid=27502...](http://it.slashdot.org/comments.pl?sid=1191575&cid=27502107)
The poster makes some odd similes in advancing an argument that the biggest
problem is not central computers, but the endpoint devices at substations and
such.

[http://it.slashdot.org/comments.pl?sid=1191575&cid=27503...](http://it.slashdot.org/comments.pl?sid=1191575&cid=27503427)
This poster asserts that a drive to create interconnectability has resulted in
more open access.

I feel like I have more information, but not much more understanding of the
answer to my original question. :-)

~~~
philwelch
The first comment notes that the security risk is in the protective relays.
Well, maybe. It also carries an implication that digital relays are in and of
themselves a security risk. I intern at a major manufacturer of digital
protective relays, so I know how these communicate. (None of this, as far as
I'm aware, is trade secret.)

The purpose of a protective relay is to detect a line fault (lightning
strikes, arc flash, the distribution line is knocked down). Upon detecting a
line fault, the relay trips a circuit breaker to protect the rest of the grid
from voltage irregularities. Relays are located along major distribution
lines, and to find the substation these relays are located in, all you really
have to do is find a major distribution line (easy enough from the air) and
follow it until you reach a substation. There are maps of the major electrical
distribution lines, and they're not difficult to find.

The "smart grid" depends upon digital relays, but the grid has been smarter
than we've given it credit for because digital relays have been around for 25
years. The power industry is very conservative—electromechanical relays worked
for decades—so digital relays were a hard sell in the first place. So certain
features were added to them. The first was fault location—a microprocessor-
based digital relay, even in 1984, could calculate the location of a fault and
store that information upon detection. Digital relays were and remain
significantly less expensive than electromechanical relays, so they were
originally sold simply as fault locators. (Due to cost, power consumption,
testability, and maintainability, digital relays have advantages over
electromechanical relays anyway, but these advantages weren't enough to
convince power companies 25 years ago. Even now, 60% of North American relays
are electromechanical, and 90% of world relays are electromechanical.) Over
time, more features were added. One feature, developed largely in response to
the New York blackouts a few years ago, is synchrophasors. Synchophasors allow
a control station to monitor the voltage angles on distribution lines and
maintain better control over them. This is a very, very time-sensitive
process, but it also requires relays, synchrophasor processors, and computers
loaded with control software to be networked together over large geographical
areas. I'm not an EE so I don't have a full appreciation of what this means,
but it's important.

A typical protective relay from a top-of-the-line manufacturer accepts
connections over an RS-232 serial connection, but it also supports TCP and
telnet over an ethernet interface. Relays will often be connected to a single
communications processor that will allow several relays at once to communicate
over large areas. These comprocs, again, support RS-232 serial connections as
well as networking.

If you can access a comproc, you can access any of the relays, clocks, or
other devices connected to it. That means you can cause trips, alter settings,
and do all sorts of nasty stuff. Which makes it vitally important that power
companies do things like change the default passwords and secure their
communication networks—something largely outside the manufacturer's control.
It's possible (and encouraged) to implement it securely but in practice it's
not always done.

~~~
tommusic
I really appreciate the time you took to reply, and feel like I have a much
improved understanding of the landscape.

And now: a short thought on default passwords!

It feels like default passwords should not mean "operate normally". When you
have the default password set on a router, it ought to keep bugging you to
change it before it works as expected.

It'd need to be an industry standard to avoid companies touting theirs as
"easier" because it doesn't require setting a password.

Though this would make it harder to steal a neighbor's wi-fi while one waits
for one's own installation after moving into a new apartment.

Tradeoffs, tradeoffs.

~~~
philwelch
While that's true for consumer goods, one would hope that a power company
would know well enough to change the default password.

------
biohacker42
_"The Chinese have attempted to map our infrastructure, such as the electrical
grid,"_

So as to learn what NOT to do?

In the last two big nor'easters I've spent half a week without electricity
each. That's not what I would consider first world infrastructure. Winter
happens - predictably so, it's time we stop being surprised by it.

~~~
josefresco
Get a generator. I live in the Northeast US too and it took only 1 snow storm
with no power (or water) for 5 days to take the plunge. Your problems are more
local than 'national'. I agree we have problems all around, but your personal
experience does not reflect the national challenges we face with our grid.

~~~
biohacker42
I rent, but if I buy, I'm buy a generator along with house.

However, I've heard pretty much the same story about predictable outages from
other parts of the country like the Midwest.

Obviously the south has hurricanes, but I'm not sure even hurricanes should
cause long term outages.

