[Dshield] CNN 'Explores Possibility that Power Outage is Relatedto Internet Worm'

Geoff Shively gshively at pivx.com
Fri Aug 15 23:02:18 GMT 2003


Dragos,
Did you watch that piece on PBS about power grid security? In that they talk
about how it could happen and why. I have researched the institution and lab
that was featured in that piece and found credible data. In fact they
perform 'strikes' against SCADA systems and probe security.

So that we are not too redundant here, in the documentary the gentleman from
Sandia Laboratories (www.sandia.com) lays out an attack possibility that
would cause an operator to cause more damage than the attacker.

It is worth watching, even if you aren't a PBS fan:
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/

This is also worth a read:
http://www.automationtechies.com/sitepages/pid641.php


Cheers,

Geoff Shively, CHO
PivX Solutions, LLC

Are You Secure?
http://www.pivx.com

----- Original Message ----- 
From: "Dragos Ruiu" <dr at dursec.com>
To: "Geoff Shively" <gshively at pivx.com>
Cc: <list at dshield.org>
Sent: Friday, August 15, 2003 3:37 PM
Subject: Re: [Dshield] CNN 'Explores Possibility that Power Outage is
Relatedto Internet Worm'


> On August 15, 2003 02:49 pm, Geoff Shively wrote:
> > While I am sure there is much manual labor that goes into power control,
> > and I am no expert on the power systems, I am confident that if  DCS
> > (Distribution Control System), SCADA or other computer controlled HMI
> > (Human Machine Interface) went down- said plant would have to cease
> > operation due to lack of data and control from these systems.
> >
> > There has been a link floating around all day that is quite good, and
talks
> > about how this can happen. Sandia Laboratories (www.sandia.gov) in New
> > Mexico has done some outstanding research and tests against these
control
> > systems and their networks which is discussed in this documentary.
> > http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/
> >
>
> While I have bid on a power system network audit, I haven't specifically
> done one, so this is conjecture.... but somewhat informed conjecture.
>
> As far as I know there are no (or few) network based feedback loops in
> typical power system. Breakers pop at predetermined points, the system
> parameters are fairly static. In the western Canadian system, operators
> review power demand and capacity on an hourly basis, and make the
> appropriate routing decisions (and output levels of variable output
> plants) and adjust capacity by bringing plants on line or adjusting
> network topology to keep system stability.
>
> As an interesting factoid, in the directives list for power noc engineers,
> the prime directive is network stability (crucial for interconnected
systems
> outside theirs) and delivering power to customers comes lower in the list.
>
> Unlike the internet, the power system is a network that delivers a very
stable
> commodity 60Hz 110 volts.  There are no router like components that
> dynamically adjust paths, and capacity based on any measured
> data.  All the collection and info feeds back to a control center where a
> human operator adjusts simulations first and then when that's checked
> by another engineer on other simualtions the configuration is "downloaded"
> into the system via telephone to regional operators.  The dynamic
components
> are like breakers, primarily binary on/off devices with fixed trigger
> parameters not things adjusted by a processor based on network input.
> Power system switches are big physical things typically moved by
> burly technicians, rather than a packet sent remotely by a distant
> button or software.
>
> If the control network goes away the systems will default to preset stable
> (but not necessarily optimal) presets in the equipment I'm aware of.
> Similarly if communications outages occur, the regional operators
> have fallback stances in "safe" configurations.  Unlike the internet
> reliability engineers and audits are a big concern in the power system
> engineering.  The engineers there do their best to make sure that
> the result of any or all of the components failing does not equal
> "no power for anyone". Also unlike the internet power engineers do
> consider "What if" scenarios for any individual components failing.
>
> While from my knowledge there would be areas of vulnerability
> in power distribution that might concern me (none of which I will
> discuss) if I was building an attack tree. Network based
> disruption does not rank very high on my concern list.
>
> If I really wanted to create a power outage, my tool of choice would
> be a chainsaw, not network packets :-).
> (News at 11: Chainsaws Banned because of potential terrorist threat :-)
>
> cheers,
> --dr
>
> (Caveats, and Disclaimers:
> I used to be a vms admin and developer at a power company R&D lab in uni.
> Interestingly, one of the things I worked on was outage crash dump
loggers.
> I have visited mutliple power NOCs and have some knowledge of their
> procedures. My now retired father used to manage the power distribution
> system in western Canada, and my conclusions are based on information
> thusly gleaned over time. :-)
>
> -- 
> pgpkey http://dragos.com/ kyxpgp




More information about the list mailing list