It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Hack of the US electric grid vs. EMP or CME
page: 13
share:
A lot of emergency management in recent years has focused on damage to the US electric grid from an antagonist deploying an electromagnetic pulse
weapon to cause the collapse of electric utility service. A sister threat comes in the form of a coronal mass ejection, a "solar storm" like the
Carrington Event of 1859, which would disable satellite and utility services.
Yet in the process of reading up on EMP and CME, I have come to believe that Russia is developing the ability to disable the US electrical grid by hacking into the distribution network and shutting it down.Russian hacker teams repeatedly attacked the Ukraine grid, in tandem with seizure of Ukraine territory in 2014. Several attacks of US electric grid, as well as attacks on 9-1-1 emergency service bore the fingerprints of Russian-led hacking.
How should preparing for a hack-attack on the electrical grid be different from preparations against EMP and solar storms?
Yet in the process of reading up on EMP and CME, I have come to believe that Russia is developing the ability to disable the US electrical grid by hacking into the distribution network and shutting it down.Russian hacker teams repeatedly attacked the Ukraine grid, in tandem with seizure of Ukraine territory in 2014. Several attacks of US electric grid, as well as attacks on 9-1-1 emergency service bore the fingerprints of Russian-led hacking.
How should preparing for a hack-attack on the electrical grid be different from preparations against EMP and solar storms?
edit on 18-3-2019 by
Graysen because: (no reason given)
a reply to: Graysen
Based on some light reading I did, any part of the grid that is driven by a computer... yes is at risk to a hack. However, the grid has a fail safe structure. The entire grid is not hack-able in one clean shot. It appears that would be a massive feat and it would require that insiders breach a lot of diff facilities all at once, insert their hack device to try and take it down all at the same time. Basically it has several components, if one goes down it is built to prevent an outage on other parts of the structure/grid. While it may be a huge problem if one area were to go down, it is built in sections to prevent a total outage.
leolady
Based on some light reading I did, any part of the grid that is driven by a computer... yes is at risk to a hack. However, the grid has a fail safe structure. The entire grid is not hack-able in one clean shot. It appears that would be a massive feat and it would require that insiders breach a lot of diff facilities all at once, insert their hack device to try and take it down all at the same time. Basically it has several components, if one goes down it is built to prevent an outage on other parts of the structure/grid. While it may be a huge problem if one area were to go down, it is built in sections to prevent a total outage.
leolady
How should preparing for a hack-attack on the electrical grid be different from preparations against EMP and solar storms?
Air gap the EG, and retrofit with emp proof concrete.
www.engadget.com...
A simple solution to a complex problem.
That's why it will never be done.
If we were to be attacked and shutting down the power grid was one of the main objectives, they wouldn't bother with a mere hacking attack. I believe
that they would have to go for broke and use multiple atmospheric nuclear blasts to severely cripple the grid and communications.
No matter what the game plan was, they would use a number of methods together along with physical attacks including a "Red Dawn" style of invasion. It would be too risky to leave anything out due to nuclear retaliation and would be a balls out attack to do the most complete job possible.
Otherwise it will be a slow take over from within the like that seems to be occurring right now. If they could cause enough division and in fighting within our society, then focused hack attacks in the right place and time would be an effective ploy. If there was some kind of civil war or massive protests and riots, they could get a foot in the door with a pretext of helping us out while they send peace keeping troops to being order.
Of course a CME would be random and unpredictable, but useful if it happened to do the most damage to our hemisphere.
No matter what the game plan was, they would use a number of methods together along with physical attacks including a "Red Dawn" style of invasion. It would be too risky to leave anything out due to nuclear retaliation and would be a balls out attack to do the most complete job possible.
Otherwise it will be a slow take over from within the like that seems to be occurring right now. If they could cause enough division and in fighting within our society, then focused hack attacks in the right place and time would be an effective ploy. If there was some kind of civil war or massive protests and riots, they could get a foot in the door with a pretext of helping us out while they send peace keeping troops to being order.
Of course a CME would be random and unpredictable, but useful if it happened to do the most damage to our hemisphere.
edit on 18-3-2019 by
MichiganSwampBuck because: Typo
a reply to: leolady
It wouldn't be a lot of different facilities, only one for each region, which is 18 at last count. NERC does have standards in place to try and enforce security controls as these are high impact BES targets, however until they start increasing the fines they impose on non-compliance I don't see the landscape changing anytime soon. NERC CIP Record Fine This is the record amount they've fined so far, which to an entity of that size is a drop in the bucket.
I would say the largest threat is supply chain and physical threats. Supply chain is the long game, get your piece of tech into the tech stack of enough companies and you now have a situation ripe for exploitation. The physical threat is even easier, there's a database of power plants out there publicly available with GPS and even Google maps pictures. Take enough folks and give them hunting rifles and have them start popping distribution equipment in the switch yards, the lead time on replacement on a lot of those things is in the time-frame of months.
No sophisticated attack or EMP needed, just a couple of hundred with .308 or .30-06 rifles and congrats, you've disrupted generation and transmission enough to cause significant issues in a very low tech way.
It wouldn't be a lot of different facilities, only one for each region, which is 18 at last count. NERC does have standards in place to try and enforce security controls as these are high impact BES targets, however until they start increasing the fines they impose on non-compliance I don't see the landscape changing anytime soon. NERC CIP Record Fine This is the record amount they've fined so far, which to an entity of that size is a drop in the bucket.
I would say the largest threat is supply chain and physical threats. Supply chain is the long game, get your piece of tech into the tech stack of enough companies and you now have a situation ripe for exploitation. The physical threat is even easier, there's a database of power plants out there publicly available with GPS and even Google maps pictures. Take enough folks and give them hunting rifles and have them start popping distribution equipment in the switch yards, the lead time on replacement on a lot of those things is in the time-frame of months.
No sophisticated attack or EMP needed, just a couple of hundred with .308 or .30-06 rifles and congrats, you've disrupted generation and transmission enough to cause significant issues in a very low tech way.
a reply to: Hypntick
Dang... just put ideas in scary folks heads why don't ya...
Yep physical threats is kinda what I hinted at. Like actually being physically present at each location. It's kinda crazy that the info is readily available like u pointed out, gps and maps an all of the locations... but that is just the times we live in now. Welcome to the age of information.
How do you suggest they tackle a possibility of an attack in this manner, ooh they are i suppose. We are already seeing the censorship of information starting I suppose that is one way. Pros and Cons to everything.
My inner mind thinks about the info readily available to the general public and I tend to think that the real way they are protecting the grid today is not going to be revealed or easily available information to find.
Your thoughts on the supply chain entry is something to consider as well. I believe i read up that they had already considered this potential too. The idea that something is already inserted and hiding and lying in wait to be utilized.
I just wonder...
Is the equipment and computers and technology being utilized the same at all of the locations ? I doubt it. I would think budgets control each locations equipment and technology so purchasing in that area would be different in another local. Ok so who cares what brand name is on the equipment, i suppose your suggesting its the components inside of the equipment that are already infiltrated / hacked ? Those components / programs would come from fewer sources ? The "backdoor" loop hole thingy comes to mind.
I still think it would be a difficult feat to accomplish over all and would need to be very organized. I've also read up on the drills that are done to consider possible scenarios that might occur during an attack on the grid, like an escape room, but in this case it is a drill with the actual employees at said facilities trying to bring the grid back up when and if an attack were to happen.
Certainly Interesting things to consider.
leolady
I would say the largest threat is supply chain and physical threats. Supply chain is the long game, get your piece of tech into the tech stack of enough companies and you now have a situation ripe for exploitation. The physical threat is even easier, there's a database of power plants out there publicly available with GPS and even Google maps pictures. Take enough folks and give them hunting rifles and have them start popping distribution equipment in the switch yards, the lead time on replacement on a lot of those things is in the time-frame of months.
Dang... just put ideas in scary folks heads why don't ya...
Yep physical threats is kinda what I hinted at. Like actually being physically present at each location. It's kinda crazy that the info is readily available like u pointed out, gps and maps an all of the locations... but that is just the times we live in now. Welcome to the age of information.
How do you suggest they tackle a possibility of an attack in this manner, ooh they are i suppose. We are already seeing the censorship of information starting I suppose that is one way. Pros and Cons to everything.
My inner mind thinks about the info readily available to the general public and I tend to think that the real way they are protecting the grid today is not going to be revealed or easily available information to find.
Your thoughts on the supply chain entry is something to consider as well. I believe i read up that they had already considered this potential too. The idea that something is already inserted and hiding and lying in wait to be utilized.
I just wonder...
Is the equipment and computers and technology being utilized the same at all of the locations ? I doubt it. I would think budgets control each locations equipment and technology so purchasing in that area would be different in another local. Ok so who cares what brand name is on the equipment, i suppose your suggesting its the components inside of the equipment that are already infiltrated / hacked ? Those components / programs would come from fewer sources ? The "backdoor" loop hole thingy comes to mind.
I still think it would be a difficult feat to accomplish over all and would need to be very organized. I've also read up on the drills that are done to consider possible scenarios that might occur during an attack on the grid, like an escape room, but in this case it is a drill with the actual employees at said facilities trying to bring the grid back up when and if an attack were to happen.
Certainly Interesting things to consider.
leolady
a reply to: leolady
I obviously can't speak for everywhere, just my personal experience. Regarding the equipment utilized at various entities etc. I've seen that Allen Bradley PLC's are probably the most common component found in any generating or transmitting location. Not saying that's the attack vector, but if I were a betting man that's where I would throw my money.
Supply chain security is just in its infancy right now, at least as far as OT/ICS is concerned. I've only seen it done right at a single company, which I can't name due to NDA reasons. However it is one of the highest recommendations that I make when doing audits and assessments of OT/ICS equipment, that and proper network segmentation.
All of this if FUD however until an actual attack occurs, which I only see in a total war scenario, because aside from causing discord and chaos what is the objective? At least as far as power generation/transmission and I would even say water treatment. You don't have the IP theft you find in manufacturing, you don't have the PHI of healthcare, PII you can pick up just about anywhere, and as far as ransom style attacks you're better off hitting something less flashy than a utility. The most likely cause of any type of "attack" on grid control systems is going to be from misconfigured systems on an unrelated network segment, such as a business network system getting ransomware and it spreading to a control network, which is what happened with notpetya and Maersk Link to really good story.
I will leave you with a sobering anecdote however. The very first time I stepped into a power plant, I showed up at the gate and was not asked my name, just who I was there to see. I gave the name of the plant manager (easily found via social media etc.) and was directed to visitor parking. I'm an average guy, average height, a little extra weight on me, jeans, boots, polo, hard hat in hand, safety glasses hanging from my shirt pocket and a set of ear plugs. I park, walk to the admin building, walk inside and there is no one there. A reception desk is in front of me, a sign in sheet, and a door to my left. I poke my head through the window to verify no one is in the office and see no one still. So I test the door to my left, it opens easily. At that point I call my point of contact on site, because less than 40 feet from where I could have entered was the entrance to one of the control rooms.
I know not all plants are the same, not all plants owned by one utility are the same, and to be fair that was a few years ago when I started OT/ICS cyber work. Unfortunately when I left that particular field to get back into regular enterprise cyber last year, I was still running into similar situations at other locations. It is better than it was, but there is still a very long way to go, and even then, an attacker is always one step ahead.
I obviously can't speak for everywhere, just my personal experience. Regarding the equipment utilized at various entities etc. I've seen that Allen Bradley PLC's are probably the most common component found in any generating or transmitting location. Not saying that's the attack vector, but if I were a betting man that's where I would throw my money.
Supply chain security is just in its infancy right now, at least as far as OT/ICS is concerned. I've only seen it done right at a single company, which I can't name due to NDA reasons. However it is one of the highest recommendations that I make when doing audits and assessments of OT/ICS equipment, that and proper network segmentation.
All of this if FUD however until an actual attack occurs, which I only see in a total war scenario, because aside from causing discord and chaos what is the objective? At least as far as power generation/transmission and I would even say water treatment. You don't have the IP theft you find in manufacturing, you don't have the PHI of healthcare, PII you can pick up just about anywhere, and as far as ransom style attacks you're better off hitting something less flashy than a utility. The most likely cause of any type of "attack" on grid control systems is going to be from misconfigured systems on an unrelated network segment, such as a business network system getting ransomware and it spreading to a control network, which is what happened with notpetya and Maersk Link to really good story.
I will leave you with a sobering anecdote however. The very first time I stepped into a power plant, I showed up at the gate and was not asked my name, just who I was there to see. I gave the name of the plant manager (easily found via social media etc.) and was directed to visitor parking. I'm an average guy, average height, a little extra weight on me, jeans, boots, polo, hard hat in hand, safety glasses hanging from my shirt pocket and a set of ear plugs. I park, walk to the admin building, walk inside and there is no one there. A reception desk is in front of me, a sign in sheet, and a door to my left. I poke my head through the window to verify no one is in the office and see no one still. So I test the door to my left, it opens easily. At that point I call my point of contact on site, because less than 40 feet from where I could have entered was the entrance to one of the control rooms.
I know not all plants are the same, not all plants owned by one utility are the same, and to be fair that was a few years ago when I started OT/ICS cyber work. Unfortunately when I left that particular field to get back into regular enterprise cyber last year, I was still running into similar situations at other locations. It is better than it was, but there is still a very long way to go, and even then, an attacker is always one step ahead.
I am familiar enough with two particular systems to see their vulnerabilities
The first is pipelines.
The pipelines from the West Texas/New Mexico production area have long ( multi-hundred mile) pipelines with pumping stations at each change in elevation. The pressure monitors and pumps are electrically powered, and connected by the internet of things to corporate offices in Houston or New York. Attacking their electrical supply would cut off many major cities from the bulk of their natural gas (Chicago), and deprive the refineries of Nola/Houston of their domestic raw material. Which would cause the international price of crude to skyrocket (of biggest help to the biggest two exporters, Saudi and Russia).
The second is electrical distribution sites at nuclear generating stations.
Any big generation project requires a fairly constant load. It takes many hours to bring a nuclear plant fully on or off-line. So in the heat of summer, during the work week, if one of those plants was disconnected from its load (the regional grid, plus distribution to other segments of the North American electrical grid), The nuclear reactor would be faced with a destructive surplus of power in the form of heat. In the moment of grid loss, the plant may have nearly a gigawatt of heat, and no place to dump it....
The first is pipelines.
The pipelines from the West Texas/New Mexico production area have long ( multi-hundred mile) pipelines with pumping stations at each change in elevation. The pressure monitors and pumps are electrically powered, and connected by the internet of things to corporate offices in Houston or New York. Attacking their electrical supply would cut off many major cities from the bulk of their natural gas (Chicago), and deprive the refineries of Nola/Houston of their domestic raw material. Which would cause the international price of crude to skyrocket (of biggest help to the biggest two exporters, Saudi and Russia).
The second is electrical distribution sites at nuclear generating stations.
Any big generation project requires a fairly constant load. It takes many hours to bring a nuclear plant fully on or off-line. So in the heat of summer, during the work week, if one of those plants was disconnected from its load (the regional grid, plus distribution to other segments of the North American electrical grid), The nuclear reactor would be faced with a destructive surplus of power in the form of heat. In the moment of grid loss, the plant may have nearly a gigawatt of heat, and no place to dump it....
new topics
-
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media: 51 minutes ago -
Geddy Lee in Conversation with Alex Lifeson - My Effin’ Life
People: 1 hours ago -
God lived as a Devil Dog.
Short Stories: 2 hours ago -
Police clash with St George’s Day protesters at central London rally
Social Issues and Civil Unrest: 3 hours ago -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 4 hours ago -
Hate makes for strange bedfellows
US Political Madness: 6 hours ago -
Who guards the guards
US Political Madness: 9 hours ago -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 11 hours ago
top topics
-
Hate makes for strange bedfellows
US Political Madness: 6 hours ago, 14 flags -
Who guards the guards
US Political Madness: 9 hours ago, 13 flags -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs: 16 hours ago, 11 flags -
Police clash with St George’s Day protesters at central London rally
Social Issues and Civil Unrest: 3 hours ago, 7 flags -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 4 hours ago, 5 flags -
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media: 51 minutes ago, 3 flags -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 11 hours ago, 2 flags -
God lived as a Devil Dog.
Short Stories: 2 hours ago, 2 flags -
Geddy Lee in Conversation with Alex Lifeson - My Effin’ Life
People: 1 hours ago, 2 flags
active topics
-
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events • 119 • : FlyersFan -
Europe declares war on Russia?
World War Three • 65 • : Freeborn -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 731 • : Threadbarer -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 248 • : FlyersFan -
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media • 4 • : chiefsmom -
Police clash with St George’s Day protesters at central London rally
Social Issues and Civil Unrest • 34 • : Freeborn -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 626 • : cherokeetroy -
The Superstition of Full Moons Filling Hospitals Turns Out To Be True!
Medical Issues & Conspiracies • 19 • : FloridaManMatty -
Iranian Regime Escalates Hiijab Mandate Through Sexual Violence and Beatings of Women
Mainstream News • 166 • : purplemer -
They Killed Dr. Who for Good
Rant • 67 • : grey580
3