[Dshield] CNN 'Explores Possibility that Power Outage is Related to Internet Worm'
dr at kyx.net
Fri Aug 15 21:05:31 GMT 2003
... but, power routing and control doesn't happen over the internet usually.
It's normally still done by an engineer to engineer phone call. :-)
On August 15, 2003 07:30 am, Johannes B. Ullrich wrote:
> This message was converted from multipart/signed to ascii armored
> Content-Type: text/plain
> Content-Transfer-Encoding: quoted-printable
> > > Interesting but I don't see how an worm of this magnitude
> > (smaller than that of Slammer/Sapphire and others) could
> > influence DCS and SCADA systems around the US, particularly
> > just in the North East.
> Sometimes its not size that matters. This could be just the
> fact of a number of things happening at the same time for
> unrelated reasons. Just HYPOTHETICAL scenarios:
> due to temperatures, power demand is high (but not
> high to cause concerns by itself. Just there is no power
> to spare).
> Lightning hits large power station and shuts it down.
> Not a big deal by itself. Even under high load, the
> system is able to handle that.
> Control command to request power rerouting goes out.
> Control command uses a proprietary TCP/IP application.
> it happens to use port 135. Port 135 is now blocked at
> some random ISP interconnect.
> As a result, the power rerouting never happens. The
> grid around the original failure is doing down.
> as a result of this outage, power is now drawn from
> other parts of the grid. But they never received the
> command to increase production, so they collapse as
> Sometimes its not all that obvious in a complex system like
> this. The effects can be very convoluted. Something to
> keep in mind as you try to design your own 'disaster recovery
> plan'. E.g:
> overallocation of people. Is the person that you count
> on to supervise the building evacuation a volunteer
> firefighter? Maybe he won't be around if there is a fire.
> Are your hubs connected to a UPS, and not just the servers?
> (there are probably a lot more, better examples).
> SANS - Internet Storm Center
> PGP Key: http://isc.sans.org/jullrich.txt
pgpkey http://dragos.com/ kyxpgp
More information about the list