Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Electricity Grid in U.S. Penetrated By Spies - WSJ.com

From: David Farber <dave () farber net>
Date: Thu, 9 Apr 2009 06:46:45 -0400


Begin forwarded message:

From: Rahul Tongia <tongia () cmu edu>
Date: April 9, 2009 4:47:21 AM EDT
To: dave () farber net
Cc: ip <ip () v2 listbox com>, Rahul Tongia <tongia () cmu edu>
Subject: Re: [IP] Re: Electricity Grid in U.S. Penetrated By Spies - WSJ.com 
Reply-To: tongia () cmu edu

Dave,
Being involved in both these areas, I will confirm what you stated. Security can be designed lightweight, if it is thought through! If anyone wants more information, one should talk to Cylab and CERT folks in this space (CMU entities), esp. dealing with issues of cyberinfrastructure security relevant to the power grid.
A fundamental Q for power systems is what is communications being used for: revenue generative options (billing, real-time metering, etc.) or control. They aren't mutually exclusive, but need careful thinking through. The latter needs predictability and security more than speed. The former, especially adding heavy-weight apps, does need modest bandwidth. How much bandwidth depends on the design, and where the data is sent for analysis, "intelligence" etc. I will share an anecdote from a European power utility from a few years back. They decided to use a pre-existing wireless network (cellular) for carrying utility data between nodes. They struck a hard bargain with the carrier for bulk rates, and then added penalty clauses for non-performance. It turned out the utility did the math. Carrying SMS (text) messages was worth more than the data+penalties. A dirty little secret of this space is no one knows exactly what designs, with what level of penetration, etc. are economically optimal. Like most things, these depend on assumptions, and every utility is different. [IMHO this space is a process, not a product - a major challenge dealing with some utilities, esp. in developing countries, that use archaic tendering (bidding) systems].
A student's thesis recently quantified that the overwhelming majority of demand response (load management) benefits came from a subset of consumers (always sub-majority, sometimes surprisingly so). BUT, relatively few utilities are thinking the issues of scaling, growth, etc. through fully. A meter lasts 15-20 years. Can we easily think of any communications platform that has remained unchanged over 20+ years? RJ-11 and RJ45 are exceptions, in some ways. Rahul
[Disclaimer: These are my views, and I was on the Tech. Advisory Board for Southern California Edison's Smart Connect project.] 

--

************************************************************************
Rahul Tongia, Ph.D.
Senior Systems Scientist

Program in Computation, Organizations, and Society (COS)
School of Computer Science (ISR) /
Dept. of Engineering & Public Policy

Carnegie Mellon University
Pittsburgh, PA 15213 USA
tel: 412-268-5619
fax: 412-268-2338
email: tongia () cmu edu
http://www.cs.cmu.edu/~rtongia



David Farber wrote:
There are a number of claims or at least implications in the quoted section that disturbed me. My limited experience with power industry suggests that the problem is architectural and computational grabber than just communications speed. 

Dave


Begin forwarded message:

From: Peter Swire <peter () peterswire net>
Date: April 8, 2009 11:07:29 AM EDT
To: "dave () farber net" <dave () farber net>
Subject: RE: [IP] Electricity Grid in U.S. Penetrated By Spies - WSJ.com 

Hi Dave:
On cybersecurity for the electric grid, this morning, by coincidence, I released a relevant report through the Center for American Progress. Most of the report explains ways that the "smart grid" electricity part of the Recovery Act can be integrated better with the broadband part of the Act. 

On cybersecurity, the report says:
"the smart grid we are building needs better communications to keep itself "smart." Deployment of broadband at the regional level can help the electricity grid itself to work more effectively by using expanded access to information to operate more efficiently.One vital advantage is to use the new broadband for improved cybersecurity for the electric grid. Experts in critical infrastructure have emphasized the risk of cyberattacks on the electricity infrastructure, threatening to shut down power to entire geographic areas. The current, relatively weak communications infrastructure places limits on counter-measures against such attacks. With improved broadband for the grid itself, stronger encryption and other counter-measures can protect the grid from cyberattacks." 

Also:
"many older SCADA systems "cannot accommodate current enterprise security solutions that soak up central processing unit (CPU) capacity and clog connectivity." Id. Improved broadband, installed as part of the new electricity infrastructure, would thus directly contribute to upgrading the cybersecurity of the transmission system."
The report is called "Smart Grid, Smart Broadband, Smart Infrastructure: Melding Federal Stimulus Programs to Ensure More Bank for the Buck." 

http://www.americanprogress.org/issues/2009/04/smart_infrastructure.html

Peter



Prof. Peter P. Swire
C. William O'Neill Professor of Law
Moritz College of Law of the Ohio State University
Senior Fellow, Center for American Progress
(240) 994.4142, www.peterswire.net


-----Original Message-----
From: David Farber [mailto:dave () farber net]
Sent: Wednesday, April 08, 2009 4:00 AM
To: ip
Subject: [IP] Electricity Grid in U.S. Penetrated By Spies - WSJ.com



http://online.wsj.com/article_email/SB123914805204099085-lMyQjAxMDI5MzA5ODEwNDg4Wj.html

By SIOBHAN GORMAN
Associated Press
Robert Moran monitors an electric grid in Dallas. Such infrastructure
grids across the country are vulnerable to cyberattacks.

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and
left behind software programs that could be used to disrupt the
system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials
said, and were believed to be on a mission to navigate the U.S.
electrical system and its controls. The intruders haven't sought to
damage the power grid or other key infrastructure, but officials
warned they could try during a crisis or war.

"The Chinese have attempted to map our infrastructure, such as the
electrical grid," said a senior intelligence official. "So have the
Russians."

The espionage appeared pervasive across the U.S. and doesn't target a
particular company or region, said a former Department of Homeland
Security official. "There are intrusions, and they are growing," the
former official said, referring to electrical systems. "There were a
lot last year."

<snip>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: