About Us

IMRA
IMRA
IMRA

 

Subscribe

Search


...................................................................................................................................................


Wednesday, July 27, 2016
The 'nine substation problem'

A hacker told us how someone could take down the power grid without using a
cyberattack
Paul Szoldra Tech Insider Jun. 9, 2016, 8:19 PM
http://www.techinsider.io/power-grid-hacking-ukraine-2016-6

The chief of US Cyber Command has said it's a matter of "when, not if" the
US power grid is hit by cyber attackers. And a recent high-profile attack
that shut down power in Ukraine showed it's certainly possible.

But at least one hacker called that an isolated event, and it's one that
doesn't really measure up to what would be considered much worse: A
cyberattack that shuts down power not for hours, but for weeks and months.

"Is it possible? Sure," Cris Thomas (aka Space Rogue), a strategist at
Tenable Network Security, told Tech Insider. "Is it likely? Highly unlikely
in my opinion."

Here's why.

It's a matter of perspective. In Ukraine, an alleged nation-state (thought
to be Russian hackers) infected a power company with malware that ended up
shutting down computers. Once shut down, the lights went off. But the
company quickly recovered — in a matter of hours.

"We have power outages [in the United States] that last five or six hours
that are regional in nature," Thomas said. "You just don’t hear about them
because they’re not that big a deal."

He added: "The goal of a cyberattack like that against the United States
infrastructure from a nation-state … is going to be not just to turn the
power off, but to keep it off for an extended period of time or an extended
area impacting millions and millions of people."

But that, he said, would be an order of magnitude different than what
happened in Ukraine. And a power grid attack like that is something that
we've never seen a nation-state ever do.

Though US Cyber Command's Adm. Michael Rogers still worries about that
"highly unlikely" scenario anyway, knowing full well how a devastating cyber
weapon called "Stuxnet" destroyed Iranian nuclear centrifuges in 2009 (The
US and Israel are widely believed to be responsible).

"If you look at what it would actually take to make a major impact in the
United States from a power outage standpoint, it would require a pretty
massive attack," Thomas said. "It wouldn’t be anything really simple."

Stuxnet took many years to develop and implement. But Thomas offered a much
easier, and much scarier alternative to a cyberattack, that even the federal
government has acknowledged could cause a nationwide blackout for more than
a year.

The 'nine substation problem'

"Destroy nine interconnection substations and a transformer manufacturer and
the entire United States grid would be down for at least 18 months, probably
longer," a government analysis obtained by the Wall Street Journal
concluded in 2014.

Thomas called it the "9 substation problem." As the government study showed,
there are about 55,000 electric substations — most of which have little
security beyond fences — 30 of which are deemed "critical." If just nine
transformers of those 30 were messed with, it would be lights out for quite
a while.

That's because they are large, difficult to move, and often custom-built,
according to the National Academy of Sciences.

Then there are rural electric cooperatives — roughly 1,000 companies
responsible for distributing power to tens of millions of Americans.
Although they aren't the biggest targets, they have been called one of the
biggest risks based on their relatively limited security measures. Taking
one of them down could definitely knock out local power, and Tech Insider
saw firsthand how that could be achieved back in April.

Attacks like these are not as far fetched as you might think.

Thomas recounted incidents in which snipers fired at power transformers in
northern California. Then there was another incident where a man tried to
attack the grid in Arkansas.

While a cyber attack may not take down the power grid, it's scary to know
that some well-placed bullets could.

Search For An Article

....................................................................................................

Contact Us

POB 982 Kfar Sava
Tel 972-9-7604719
Fax 972-3-7255730
email:imra@netvision.net.il IMRA is now also on Twitter
http://twitter.com/IMRA_UPDATES

image004.jpg (8687 bytes)