Terrorism and the Electric Power Delivery System

Electrical grid is said to be vulnerable to terrorist attack. I can agree that electrical power distribution network would be quite vulnerable if someone tries to sabotage it and knows what to do. I know this because I design software and hardware for control systems for electrical companies.

Some days ago I saw in Finnish television an interesting documentary Suomi polvilleen 15 minuutissa (viewable on Yle Areena at least for Finnish people still for few weeks). It says that in Finland there has been debate on how many weeks the army could protect the country against potential attacks. The document says that the country could collapse in 15 minutes if some outside attacker or a small terrorist group would attack to certain key point in power network. Practically nothing would work anymore without power and it will take quite bit of time to get replacement parts for some key component. There are not too many spare parts and it it take months or a year to build a new big high voltage distribution transformer.

This vulnerability would hold to practically all developed countries. I have understood that Finnish electrical power distribution network would be in pretty good condition compared to electrical power networks on some other countries. I think that in many countries could quite easily cause huge problems by damaging some key points on power distribution network. Those attacks could be either cyber-attacks or attacks or damaging physical infrastructure.

s_080220133187

In USA there has been lots of talk lately about electrical grid vulnerability to terrorist attack. There are warnings like this: Cyber-terrorists could target the U.S. electrical grid and throw the nation into chaos. And there is indeed some truth on those because this critical infrastructure is vital to a country’s economy and security, not a new target for terrorist groups (there have been documented incidents since the 1970s), inherently vulnerable (economical and practical reasons) and extremely hard to protect well. The electric power delivery system that carries electricity from large central generators to customers could be severely damaged by a small number of well-informed attackers. The system is inherently vulnerable because transmission lines may span hundreds of miles. Electrical infrastructure is not necessarily a new target for terrorist groups- there have been documented incidents since the 1970s.

New York Times writes that Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work. By blowing up substations or transmission lines with explosives or by firing projectiles at them from a distance, the report said, terrorists could cause cascading failures and damage parts that would take months to repair or replace.

Remember the fact that causing large scale problems for long time is usually hard. In Debunking Theories of a Terrorist Power Grab article a Penn State power-system expert cites laws of physics to pull the plug on worries that a terrorist attack on a minor substation could bring down the entire U.S. electric grid. The most vulnerable points are the ones that have the most energy flowing through them — like huge power stations or highly connected transformers. Those are the ones that should be well protected well and there should not be too much worrying on protecting smaller transformers.

Here are few links to articles for more information:

There is also a free book Terrorism and the Electric Power Delivery System on-line covering those topics. Check it out if you want to learn more. It gives you much more background than those articles.

109 Comments

  1. Tomi Engdahl says:

    Puerto Rico governor: Power could be out for months
    http://edition.cnn.com/2017/09/20/americas/hurricane-maria-caribbean-islands/index.html

    (CNN)Puerto Rico’s energy grid took such a severe blow from deadly Hurricane Maria that restoring power to everyone may take months, Gov. Ricardo Rosselló told CNN on Wednesday night.
    The entire system is down, the governor said. No one on the island has power from utilities.

    Puerto Rico, which has been through a long recession and is deeply in debt, has a power grid that is “a little bit old, mishandled and weak,” Rosselló told “Anderson Cooper 360˚.”
    “It depends on the damage to the infrastruacture,” he said. “I’m afraid it’s probably going to be severe. If it is … we’re looking at months as opposed to weeks or days.”

    Reply
  2. Tomi Engdahl says:

    DDoS Attacks More Likely to Hit Critical Infrastructure Than APTs: Europol
    http://www.securityweek.com/ddos-attacks-more-likely-hit-critical-infrastructure-apts-europol

    While critical infrastructure has been targeted by sophisticated threat actors, attacks that rely on commonly available and easy-to-use tools are more likely to occur, said Europol in its 2017 Internet Organised Crime Threat Assessment (IOCTA).

    The report covers a wide range of topics, including cyber-dependent crime, online child exploitation, payment fraud, criminal markets, the convergence of cyber and terrorism, cross-cutting crime factors, and the geographical distribution of cybercrime. According to the police agency, we’re seeing a “global epidemic” in ransomware attacks.

    When it comes to critical infrastructure attacks, Europol pointed out that the focus is often on the worst case scenario – sophisticated state-sponsored actors targeting supervisory control and data acquisition (SCADA) and other industrial control systems (ICS) in power plants and heavy industry organizations.

    However, these are not the most likely and most common types of attacks – at least not from a law enforcement perspective as they are more likely to be considered threats to national security. More likely attacks, based on reports received by law enforcement agencies in Europe, are ones that don’t require attackers to breach isolated networks, such as distributed denial-of-service (DDoS) attacks, which often rely on easy-to-use and widely available tools known as booters or stressers.

    While these types of attacks may not lead to a shutdown of the power grid, they can still cause serious disruptions to important utilities and services.

    “While DDoS is often a tool for extortion, the lack of communication from the attackers may suggest that these attacks were of an ideological nature,” Europol said in its report. “Although European law enforcement recorded an increasing number of these attacks last year, they also note that they only had moderate, short-lived impact.”

    Internet Organised Crime Threat Assessment (IOCTA) 2017
    https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2017

    Reply
  3. Tomi Engdahl says:

    Home> Power-management Design Center > How To Article
    Hurricane hardening for utility power architectures: Puerto Rico
    https://www.edn.com/design/power-management/4458874/Hurricane-hardening-for-utility-power-architectures–Puerto-Rico

    In the aftermath of Hurricane Maria, the island of Puerto Rico has been devastated with a loss of their electrical power infrastructure and lack of fresh water. The electrical infrastructure efforts are estimated to bring power back to the island in six months.

    The Puerto Rico Electric Power Authority (PREPA) is the only power distributor on the island. PREPA’s power plants were 44 years old when Hurricane Maria struck; most industry power plants average 18 years. They burned Venezuelan oil at these aging power plants which needed billions of dollars in overdue repairs and renovation. Puerto Rico being essentially bankrupt did not help. This is a lesson for other governments to make sure their citizens are well protected for typical catastrophes that occur in their region.

    Reply
  4. Tomi Engdahl says:

    NASA Images of Puerto Rico Reveal How Maria Wiped Out Power On the Island
    https://hardware.slashdot.org/story/17/10/02/2236255/nasa-images-of-puerto-rico-reveal-how-maria-wiped-out-power-on-the-island

    Hurricane Maria was the most devastating hurricane to make land in Puerto Rico in nearly 100 years and the country is still reeling in its wake. Much of the island still doesn’t have running water, reliable communication or electricity. Recently, NASA published a set of date-processed photos that show the island’s nighttime lights both before and after the storm.

    These NASA Images Of Puerto Rico’s Power Loss Are Staggering
    https://jalopnik.com/these-nasa-images-of-puerto-ricos-power-loss-are-stagge-1819076467

    Reply
  5. Tomi Engdahl says:

    Hurricane Maria Left Puerto Rico Absolutely Devastated
    https://gizmodo.com/hurricane-maria-left-puerto-rico-absolutely-devastated-1818706517#_ga=2.183983014.1472517162.1507031174-1226169591.1507031174

    Hurricane Irma pounded Puerto Rico earlier this month, leaving hundreds of thousands without power, but narrowly avoiding a worse-case scenario.

    Unfortunately, Hurricane Maria slammed directly into Puerto Rico at Category 4 strength on Wednesday, lashing the island with 155 mile per hour (250 kilometer per hour) winds and double-digit storm surge. The storm immediately knocked out the region’s entire power grid, much of its communications networks and large stretches of road, making it impossible for the territory’s central government to assess the damage.

    But the scale of the second hurricane’s devastation across Puerto Rico is rapidly becoming clear, the Washington Post reports, with many towns across the territory totally destroyed.

    https://www.washingtonpost.com/national/if-anyone-can-hear-us–help-puerto-ricos-mayors-describe-widespread-devastation-from-hurricane-maria/2017/09/23/7ef5f6c4-a069-11e7-8ea1-ed975285475e_story.html

    Reply
  6. Tomi Engdahl says:

    Part II: Powering America: Defining Reliability in a Transforming Electricity Industry
    https://www.youtube.com/watch?v=W-sU63PdgM8

    Reply
  7. Tomi Engdahl says:

    How Do South Korea’s Secretive “Blackout Bombs” Actually Work?
    http://www.iflscience.com/technology/south-koreas-secretive-blackout-bombs-actually-work/

    IFLScience logo
    How Do South Korea’s Secretive “Blackout Bombs” Actually Work?
    2.5K SHARES
    TECHNOLOGY
    How Do South Korea’s Secretive ‘Blackout Bombs’ Actually Work?
    These non-leathal weapons are still somewhat under wraps. Josemaria Toscano/Shutterstock
    BY ROBIN ANDREWS

    10 OCT 2017, 11:51
    As tensions across the Korean peninsula continue to simmer, reports are now circulating that South Korea’s military forces are prepared to use so-called blackout bombs in any future conflict. These high-tech weapons have only been used a handful of occasions before – most notably during the last two Gulf Wars and during the conflict in Kosovo – so what exactly are they?

    Classified until only recently, these weapons are decidedly non-lethal. They contain millions of small particles of chemically treated carbon filaments, essentially a type of graphite.

    these bombs are targeted at major power grids and lines: when these particles make contact, a current flows through them at such extreme temperatures that it melts part of the mainline wiring, and the system shorts out. So long as the power lines aren’t insulated, these graphite bombs can be incredibly effective.

    When they were first deployed in the 1990 Gulf War against Iraq by the US Air Force, up to 85 percent of the country’s electrical supply was knocked out. Similarly, when used by NATO forces against Serbia in 1999, 70 percent of the country’s power grid was shut down.

    South Korea’s Agency for Defence Development has been working on them recently, and has, according to Yonhap News Agency

    Reply
  8. Tomi Engdahl says:

    Energy Regulator Acts to Improve Power Grid Security
    http://www.securityweek.com/energy-regulator-acts-improve-power-grid-security

    With growing concern over nation-state cyber attacks comes an increasing need to secure the critical infrastructure. In the Quadrennial Energy Review published in January 2017, the U.S. Energy Department wrote, “Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency.” The reliability of the electric system underpins virtually every sector of the modern U.S. economy, it warned.

    In response to such concerns, the Federal Energy Regulatory Commission (FERC) yesterday proposed new cyber security management controls to enhance the reliability and resilience of the nation’s bulk electric system.

    “FERC proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security ñ Security Management Controls), which is designed to mitigate cyber security risks that could affect the reliable operation of the Bulk-Power System,” it announced.

    The new standard will particularly improve on existing standards for access control, “by clarifying the obligations that pertain to electronic access control for low-impact cyber systems; adopting mandatory security controls for transient electronic devices, such as thumb drives and laptop computers; and requiring responsible entities to have a policy for declaring and responding to CIP exceptional circumstances related to low-impact cyber systems.”

    FERC Proposes New Security Management Controls for Grid Cyber Systems
    https://www.ferc.gov/media/news-releases/2017/2017-4/10-19-17-E-1.asp#.Wei8GVtSwUF

    Today’s Notice of Proposed Rulemaking also proposes to direct the North American Electric Reliability Corp. (NERC) to develop modifications to provide clear, objective criteria for electronic access controls for low-impact cyber systems and to address the need to mitigate the risk of malicious code that could result from third-party transient electronic devices. These modifications will address potential gaps and improve the cyber security posture of entities that must comply with the CIP standards.

    In a separate order, the Commission accepted NERC’s preliminary geomagnetic disturbance (GMD) research work plan and directed that NERC file a final plan within six months.

    Reply
  9. Tomi Engdahl says:

    Protecting Critical Infrastructure When a Dragonfly Beats its Wings
    http://www.securityweek.com/protecting-critical-infrastructure-when-dragonfly-beats-its-wings

    The Threat of Cyberattacks on Power Networks is Real, But We Have the Ability to Build Defenses That Minimize The Disruption to Services

    News that a sophisticated and long-established cyber espionage group may have the ability to infiltrate and do serious harm to critical energy supply infrastructure doesn’t come as a complete surprise. It does, however, provide an opportunity to reflect on how such systems are protected and what we as an industry can do better in the future.

    Anyone who works in security quickly gets used to the dilemma at the heart of what we do. It’s vital for us to communicate openly, clearly and with transparency about the threats faced in today’s networked world. Yet all too often, we run the risk of creating an unnecessary public panic which still doesn’t have the required effect of motivating those responsible for protecting critical systems into following good security practice.

    The recent revelations were published by researchers at Symantec and concern a cyber-attack group known as Dragonfly. They found that over a two-year period Dragonfly-affiliated hackers have been stepping up their attempts to compromise energy industry infrastructure, notably in the US, Turkey and Switzerland. The Symantec researchers found that the behavior of the Dragonfly group suggests they may not be state-sponsored, but that they have been conducting many exploratory attacks in order to determine how power supply systems work and what could be compromised and controlled as a result.

    An obvious target

    This shouldn’t come as a shock. Even the most innocuous web server will face dozens, if not hundreds, of attacks every day. Industrial control systems and critical national infrastructure have always been prime targets. Everyone from bedroom hackers to state sponsored spies have wanted to breach critical systems since the dawn of the networked era, whether that be for monetary gain, secret information, or just pure curiosity.

    What’s important in the Symantec report is not that energy systems are under attack, but that the methods detected – email phishing, Trojan malware and watering hole websites – are all well understood and can be mitigated against.

    Symantec was keen to point out that it has already integrated protections from the known Dragonfly attack methods into its software. Even so, it would be foolish to underestimate Dragonfly. It’s clearly a sophisticated group with a clear purpose, and while Dragonfly’s primary mechanisms at present appear to be based on social engineering, there are plenty of other state and non-state sponsored groups who have yet more sophisticated tools at their disposal.

    What’s more, the industrial internet of things (IIoT) continues to expand and our power infrastructure is diversifying to include smart grids and new, decentralised generation and transmission technologies. These may be beyond the control of traditional energy companies, but are still connected to their networks, introducing many more potential points of weakness to protect. We already know that there are many hundreds of thousands of consumer devices out there that are poorly secured against malware such as Mirai and its successors . The risk is that the same weaknesses may be unwittingly introduced to critical infrastructures.

    Building our defenses

    What does defense in-depth mean for the power supply industry? For a start, more work needs to be done to convince utility companies that security spending must be an absolute business priority. Proactive regimes that include regular retraining and offensive exercises, such as penetration testing and “red teaming”, require ongoing investment and a commitment at all levels, but are essential to keeping defenses honed.

    On a practical level, it should be a given for even the smallest business in this day and age that application and client software is regularly patched and up-to-date, but as recent ransomware outbreaks have shown, this is not something we can take for granted.

    For power companies, the challenge here isn’t just about rapid deployment of desktop and server software security patches, there are myriad field devices and control systems that need protecting too, which requires careful consideration. The update-and-patch ethos applies just as it does in the server world, but many of the MTUs, the RTUs and the IEDs may be legacy units for which security was an afterthought. They must be supplemented with intelligence in the network that can spot anomalies and improve the ability to detect new threats and signatureless malware.

    Improving capabilities for prevention and detection of attacks, however, won’t be effective without similar investment in the ability to respond to incidents. This requires the development of specialist forensic skills and knowledge within the ICS and SCADA environment, so that once an incident is detected, it can be quickly neutralised and identified with the least possible disruption to operations. To further minimize disruption, solid plans for business continuity also need to be drawn up and prepared.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*