Hackers Did Not Cause Blackout - Report

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.washingtonpost.com/wp-dyn/articles/A62990-2003Nov19.html

By Brian Krebs
washingtonpost.com Staff Writer
November 19, 2003

There is no evidence that the blackout that struck the northeastern 
United States and southern Canada on August 14 was caused by hackers, 
but the power grid's reliance on the Internet makes it vulnerable to 
potentially devastating online attacks, according to a report issued 
Wednesday.

The U.S.-Canada Power System Outage Task Force concluded that the 
blackout was due to a combination of factors, including computer 
failures, human error, power grid rule violations and inadequate 
maintenance by FirstEnergy Corp., the Akron-based power company that 
serves northern Ohio.

The task force said "analysis to date provides no evidence that 
malicious actors are responsible for, or contributed to, the outage." 
But the report noted that utilities are increasingly connecting their 
internal control systems to the global Internet to more easily monitor 
their networks from remote locations, a practice that exposes systems 
to a range of security risks.

The largest North American blackout in history took place two days 
after the "Blaster" worm infected hundreds of thousands of computers 
worldwide, leading some computer security experts to speculate that 
the malicious computer program caused or contributed to the power 
failure.

Such speculation was driven, in part, by the fact that the "Slammer" 
worm crashed computers at FirstEnergy's Davis-Besse nuclear power 
plant when it spread across the Internet in late January.

In June 2002, Washington Post reporter Barton Gellman reported that 
U.S. government security officials were growing concerned that 
terrorists would try to hijack vulnerable computer systems at 
utilities, dams and other infrastructure targets in hopes of causing 
widespread destruction. Officials told Gellman that they had monitored 
Internet traffic from East Asia and the Middle East that was directed 
at critical infrastructure systems, activity that was interpreted to 
be terrorists researching potential targets.

Utilities have long been targeted by hackers, according to Alexandria, 
Va.-based network security firm Riptech (now a unit of Symantec 
Corp.). Riptech said that its power and energy clients were targeted 
far more than any other industry sector last year: 70 percent of power 
and energy companies suffered at least one severe attack during the 
first six months of 2002, a 77 percent increase over the previous 
year.

Joseph Weiss, a consultant at Fairfax, Va.-based KEMA Consulting, said 
most U.S. power facilities now use some form of commercially available 
products to remotely monitor and control their distant networks and 
facilities. Yet, the vast majority of the nation's power plants and 
substations do not have the technology in place to detect electronic 
intrusions, Weiss said.

"These systems are being networked over the Web because the power 
companies want the information from various facilities in real time," 
Weiss said. "And that's starting to make them a lot more vulnerable 
than they were in the past."

Many of the back-end systems that control the physical switches in 
power plants are the very same products used in other industrial 
infrastructures, including water, oil and gas, chemical and metal 
refining, paper, pharmaceuticals, and food and beverage production, 
Weiss said.

"That means if one of them is vulnerable, all of them probably are," 
he said.

The U.S.-Canada report concluded that the generation and delivery of 
electricity remains a target of people intent on disrupting the 
electric power system.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.