I’ve known
Matt Miller for a long time. He spent 28 years at the Western Area Power
Administration, retiring as VP of Risk Management and Reliability Compliance.
He is currently with Dakota Consulting. He pointed out to me today that our
government perpetrated perhaps the greatest
supply chain attack of all time, which played a role in the fall of the
Soviet Union. While I knew the US was behind the huge Russian pipeline
explosion in 1982 and that it was because of a backdoor the US had planted in
pipeline equipment, I didn’t realize this wasn’t an isolated attack, but part
of an extensive campaign – whose main purpose wasn’t to cause damage per se, but to undermine the Soviets’
confidence in their shiny new infrastructure, a lot of which they had stolen
from the US.
Of course,
the Soviets’ big mistake was that they wanted to save a few rubles by stealing
the technology they needed rather than purchasing it fair and square, which
they could surely have done (as Lenin said, “When it comes time to hang the
capitalists, they’ll be glad to sell us the rope”). So one lesson for the power
industry is not to steal the technology you want to use; you can’t very well
sue your “vendors” if what they sell you doesn’t work, or more importantly
blows up.
However, the
real lesson is that there can be very bad stuff hidden in what you buy to run
the grid. But you already knew that…
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that
if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or
challenges like what is discussed in this post – especially on compliance with
CIP-013. My offer of a free
webinar on CIP-013, specifically for your organization remains open to NERC
entities and vendors of hardware or software components of BES Cyber Systems.
To discuss this, you can email me at the same address.
No comments:
Post a Comment