Click to Print This Page

Back to Article


SmartGridNews.com
The insider's guide to the modernization and automation of electric power

Reality Check: Hacking the U.S. Grid Annoyingly Difficult, Ridiculously Time Consuming
By Andy Bochman
Jul 20, 2010 - 12:19:58 PM

.

Much appreciation to Wired's Michael Tanji for recently observing that the sky remains in its nominal coordinates and that we should proceed with our lives, and previously scheduled Smart Grid initiatives, already in progress. Here's the opening:

 

People have claimed in the past to be able to turn off the internet, there are reports of foreign penetrations into government systems, “proof” of foreign interest in attacking U.S. critical infrastructure based on studies, and concerns about adversary capabilities based on allegations of successful critical infrastructure attacks. Which begs the question: If it’s so easy to turn off the lights using your laptop, how come it doesn’t happen more often?

 

Remember, it serves no one's interests to deny that the grid and Smart Grid face many significant threats. It's just that by subjecting ourselves to jarring FUD alarms only, we lose balance, perspective and the ability to believe what our eyes are telling us is really going on in the world.

 

So why is it, then, that despite daily media claxons and vuvuzelas signaling that the end (of the grid) is nigh, that our massive and complex electrical generating, transmitting, distributing and consuming systems mainly keep working? The answer lies, at least in part, in their very complexity. Tanji continues:

 

The fact of the matter is that it isn’t easy to do any of these things. Your average power grid or drinking-water system isn’t analogous to a PC or even to a corporate network. The complexity of such systems, and the use of proprietary operating systems and applications that are not readily available for study by your average hacker, make the development of exploits for any uncovered vulnerabilities much more difficult than using Metasploit.

 

Now here comes the tricky part, where isolation from the Internet is given some of the credit:

 

... these systems are rarely connected directly to the public internet. And that makes gaining access to grid-controlling networks a challenge for all but the most dedicated, motivated and skilled — nation-states, in other words.

 

While isolation may be the current state, I don't think you can bet on it as a constant. The temptations to connect are too many, and one-off connections to the Internet often go undetected by internal security staff and auditors. Better to stick with the complexity/diversity message than the "disconnected today/always will be disconnected" pledge.

 

The full piece is here, followed, as per usual, by a comment chorus from the bitter and bizarre (with a couple of regular folks sprinkled in).

 

Also, if you want to get a better feel for this complexity yourself, give the Google Tech Talk on "Smart Grid, Utilities, and Internet Protocols" a look. The presenter is Enernex's Erich Gunther (who is also the Smart Grid News Tech Take reviewer). As the saying goes, he'll forget more about our electric infrastructure and the Smart Grid than most of us will ever learn. In addition to the complexity arguments made earlier, Gunther, and others like him on the "good guys" team, are another reason why I'm confident that attackers' impacts will be moderate and the sky will remain aloft as we develop and deploy the Smart Grid. Hope you're confident too.

 

Andy Bochman and Jack Danahy are authors of the Smart Grid Security Blog.

 

Photo credit: Dominic Alves at Flickr.com

 

You might also be interested in …

V2G Hacking and Other Worries from the Smart Grid Edge

Add Nukes, Solar Flares and Pandemic Disease to the List of Potential Threats to the Electric Grid

Warning: The New Security Demands That Utilities Can't Afford to Ignore

Cyber-Security, China and Cascading Failures: Trap or Training?

Smart Grid Security news, trends and technologies

 

Stay connected with SGN …

Smart Grid Discussions: Get LinkedIn with Jesse

Smart Grid on Facebook

Follow Us on Twitter

Try our RSS feed

Get our email digest

Subscribe to our FREE eMail News Alert!
Smart Grid Newsletter (SGN) is the insider's guide to the Smart Grid revolution. It consists of a FREE bi-monthly email summary, along with a companion Web site that contains the full stories and other helpful materials.

Benefits of subscribing: SGN is the only central source for all of the news, trends, research and marketplace information relevant to grid automation. In it, you will read about cutting edge technologies; successful pioneers and how they got ahead; regulatory changes that could unleash new markets; the latest research; and new opportunities for sales of grid-related products and services.


© Copyright 2009 SmartGridNews.com