Re: east coast powergrid / SCADA [OT?]

["Bernie, CTA" <cta () hcsin net>]

On 16 Aug 2003 at 20:37, Stephen Clowater wrote:
> > First of all, it is unrealistic to assume that the power
> > plants, distribution nodes and sub stations are still equipped
> > with 1965 technology. Have you ever visited any of these
> > facilities? I have.
>
> Thats not what I said, What I said was the warnings that had been
> coming for the last 10 years that this could happen, the
> situation in californa a few years ago and the grid failures on
> the west coast in 1996 can also attest to this. And Yes I have
> visited these facilites, and done work in them.
Ok, my mistake. I am glad to see that we have someone else here 
with some knowledge of the inside.

> The lightning bolt theory has already been ruled out. And was
> ruled out before the first night of outage was over. The working
> theory that the inital data out of the investigation is that it
> was a transmition failure inside the loop that caused current to
> beging moving irregularly and ultimatly ended in a massive surge
> coming from the loop and traveling back down the grid. Monitoring
> stations at Niagra saw what is now belived to be this and
> initated emergency shut downs on their generators.
Ok, but...
> > I still feel that there was human intervention to disrupt or
> > otherwise circumvent the automatic safeguards, in response to
> > an anomaly (i.e. MSBlaster). ...

> This is precicly what has been warned by people in the energy
> community for years. In fact, the former head of the dept of
> energy on CNN thurs Night said "america is a first world nation
> with a third world power grid". President Bush was quoted the
> next day as calling the power grid "antiquated".
>
> The problem is that the grid that is around today was initaly
> constructed in a time were power plants served a local area. Now
> power plants ship power via the grid over hundreds of miles. Over
> a grid that was not designed to be continually distributing
> power. It was designed to pick up the slack. Not be the principle
> transmitter of the power. The power grid is old, the plants on it
> are not. The avilable evidence at this point, and the logical
> course at this point would be that the inital report out of the
> loop that a major transmition line failure (wich was confirmed by
> the responsible utility) of a line carying a current of approx
> 31,500 amps, triggered a massive displacement and subsequent
> overload inside the loop, wich then spread thruought the system
> in a matter of seconds. After these few seconds, safty measures
> caught up to the surge and was able to midigate it and eventually
> stop the outage.

Here I have a problem. If your saying that a supplement of 
32,000 Amps were placed on the Grid, then the surge arrestors 
should have tripped at many points in the Grid. The 
characteristics of the surge arresters in the protection 
topology should have been rated to withstand between 60 and 240 
kV rms, with impulse sparover of between 190 and 685 kV, and 
designed to easily handle up to a 40 kA discharge for an 8 X 
20us discharge current wave / kV crest. In other words, if the 
protection system was fully online the transient surge should 
have been absorbed by the arrestors, as if a lightning bolt hit 
the Grid.  

However, given that the latest news that a Power plant went 
offline, thus reducing the amount of power being inputted to the 
Grid, then the problem is more of demand load balancing, and 
surge drain, not overloading. Each of the transfer stations, sub-
stations, and Power Plants remaining on the Grid have many 
sensors and computerized switchgear to automatically identify 
and compensate by increasing power input or shutting down 
sections of its distribution matrix. Unless again, the 
switchgear and protection systems at other Power Plants and sub-
stations were not functioning or fully online when the surge 
incident occurred. Or, there was purposeful human interdiction 
with the transmission and/or load-balancing system matrix.  

Otherwise, given the time period involved, I find no logical 
explanation or evidence to support that the Grids' current 
infrastructure design could not isolate and manage the loss of 
one Plant supplying even if it was supplying 31,000 amps. After 
all 31,000 Amps is not that much considering the size of the 
area affected and the amount of Power that was under demand at 
the time. If it was one Plant that droped, the switchgear in 
that area should have isolated the demand and disconnected 
consumption from only that section of the Grid.  

IMO, the bottom line is that the protection / load balancing 
system failed not the Grid. So why did this system fail at so 
many points along the Grid?  

-
****************************************************
Bernie 
Chief Technology Architect
Chief Security Officer
cta () hcsin net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html