JOURNAL: System Disruption for Economic Gain
The Associated Press has a story that sounds like it was torn from the pages of Brave New War:
Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a U.S. trade conference.Bing! Guerrilla entrepreneurs.All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages. Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in "several regions outside the United States."
"In at least one case, the disruption caused a power outage affecting multiple cities," Donahue said in a statement. "We do not know who executed these attacks or why, but all involved intrusions through the Internet."
" I thought what I'd do was I'd pretend I was one of those deaf-mutes "
Posted by: Cavolonero | Saturday, 19 January 2008 at 02:22 PM
Interesting to see what these attacks will evolve into after a couple of learning cycles. Organized crime included. This popped up on the screen couple of month ago traditional South American rebel groups funded long ago w/ American dollars to quelsh the opposition are frelancing into 'specialized human couriers.'
Posted by: pm2075 | Saturday, 19 January 2008 at 02:58 PM
Knee-jerk reaction?
http://www.ferc.gov/news/news-releases/2008/2008-1/01-17-08-E-2.asp
Perhaps it's at least a move in the right direction/line of thinking.
Posted by: beaulebens | Saturday, 19 January 2008 at 07:26 PM
Naxalites are systemically disrupting Indian rail transport. These are central node attacks.
See: "200% Increase In Naxal Attacks On Railways"
http://naxaliterage.com/?p=59
In the United States, coal fueled power plants largely depend upon rail transport. Node disruption of rail transport would therefore cascade directly from the transportation sector to the power sector.
Posted by: Duncan Kinder | Thursday, 24 January 2008 at 11:02 AM
The UK is reporting that the specific case is Central/South America, lasting short duration:
"The CIA has refused to provide further details but intelligence sources say that the cities where the hackers have caused outages were in Central and South American countries including Mexico. The sources said that in no case was a ransom paid and that the outages lasted for only a few minutes. It is not known if the hackers have made any further threats."
Seeing Mexico among the targeted Central and South American states, and being aware of the drug cartels' counterattack against the Calderon government, I think it wise to raise the potential of tunable Just-in-time Disruption in conjunction to extortion revenues within Mexico. This kind of activity is well within the cartels ability to fund.
This could well be as much proof of function, shot-across-the-bow of recalcitrant victims, or both. If one can gain detailed knowledge of the PEMEX pipeline distribution system, they can get similar data on a Latin American electrical grid. A magnificent model, intentional or accidental, for more tunable just in time disruption...
Rather than asking how safe are the current SCADA and related architectures, better to ask how can such an environment not offer multiple opportunities for mischief?
"Basically, the cyber security controls and operating procedures of many control systems is 10-15 years behind what corporate IT is today. Putting the two together can often create risk... FERC [Federal Energy Regulatory Commission] [is] trying to establish a very modest baseline of security controls and procedures across the companies out there running their systems in 2008 using 1980's security methodologies..."
Looking forward
We should expect to see parallel or overlapping attacks by criminal and terrorist groups, each of which could involve swarm attacks against multiple targets or tiers with a utility's network. Now that successful proof-of function interruptions are public knowledge, expect accelerated copycat events, although in the short-term, perpetrators may wait to observe what countermeasures, if any, are taken against them.
Given the interconnected nature of power grids, your network may become collateral damage to an attack on a seemingly distant network. Depending on the nature of an attack, it may be hard to determine if the perpetrator is criminal or terrorist (as terrorists also need funding).
Expect state countermeasures to draw counter-countermeasures from the attacker whomever they might be. Attack patterns will be watched closely as will the attacker watch and respond to the net countermeasures enacted against them. What will they be?
Targets will have to review their temporary power arrangements (many units will actually not start or will not run as long as expected) so as to not adversely impact business continuity. Supply chains will have to be reexamined for weak links due to any interruption of power at any tier on a global basis. (Think Hurricane Katrina and the lessons learned from it.)
From: "In-the-wild attacks against electrical utilities coupled with extortion demands: implications for response to criminal and terrorist action"
http://spaces.icgpartners.com/index2.asp?NGuid=54D49E8BF0B6431696BB76956FB8AF91
Posted by: Gordon Housworth | Saturday, 26 January 2008 at 02:56 PM