Note from Tom: I’ve moved my
email feed from FeedBurner (who’s getting out of this business in July) to
Follow.It. If you aren’t getting my posts anymore, just hit the Subscribe
button in the top right. And if you’d like to start receiving these posts in
your email inbox, also hit the Subscribe button.
On Monday, CNN published a story
that led off with this:
Energy Secretary Jennifer Granholm
on Sunday warned in stark terms that the US power grid is vulnerable to attacks.
Asked By CNN's Jake Tapper on
"State of the Union" whether the nation's adversaries have the
capability of shutting it down, Granholm said: "Yeah, they do."
"There are thousands of
attacks on all aspects of the energy sector and the private sector
generally," she said, adding, "It's happening all the time. This is
why the private sector and the public sector have to work together."
I’m sure Secretary Granholm meant
well when she said that – not wanting to lull people into thinking the problem
of grid security was solved, trying to prime the pump for more cybersecurity spending,
etc. But the fact is that adversaries don’t have the capability to shut down
the “US grid” with a cyberattack – or even multiple simultaneous attacks.
Period.
I don’t think anyone at all
familiar with how the electric power industry works in the US will be surprised
by this statement. But a lot of other people really do think this is possible,
motivated as far as I know by movie plots. You might sell a lot of tickets if
you show the whole US grid collapsing, but you have to classify the movie as
fantasy, because that’s what it is. Here are some of the major reasons why I
say a cyberattack that would take out the whole or even a large portion of the
US grid - hell, even just 3 or 4 states - is about as probable as the discovery
of Bigfoot in a Wall Street bank:
·
The US participates in
three completely disconnected AC grids: The Eastern and Western Interconnects
and ERCOT, which covers a large portion of Texas (Quebec also has its own grid).
·
To bring down the US
grid, you would have to launch devastating attacks on all three Interconnects.
·
There’s no single
point – or even 4 or 5 points – that you could attack to bring down a whole Interconnect.
So in each Interconnect, you would have to launch devastating attacks on a
number of assets at exactly the same time. And they would all have to be the
same type of asset: generating plants, distribution substations and control
centers, or transmission substations and control centers.
·
Forget about causing a
cascading outage by attacking generating plants. See my quote at the end of this 2018 E&E News
article and the post
I wrote on the subject shortly afterwards.
·
And forget
distribution substations and control centers.
·
This leaves
transmission substations and control centers. In theory, if you were to
penetrate enough control centers and substations in each Interconnect, you
might cause a widespread cascading outage. How many? I’d guess at least ten per
Interconnect, but it’s probably more than that (certainly in the Eastern and
Western Interconnects, perhaps not in ERCOT).
·
But you really can’t
attack transmission substations. Their control systems are virtually never
connected to the internet. They’re always connected to a control center, though,
and control centers are almost all connected to the internet.
·
So how do you get into
a control center? Download a script from the dark web, type in an IP address
(handily displayed on a utility’s web site, since as we all know utilities are
quite happy to give you all the information you’d possibly need to attack them 😊), and hit Go (or whatever the button is called. I haven’t launched
any devastating grid attacks lately, so I can’t remember what the button says)?
·
I regret to say it’s a
lot harder than that. In fact, the sharpest attackers are constantly pounding
on transmission and distribution control centers, and there’s never been a
successful cyberattack on a single one in North America (as well as much of the
rest of the world). In part because control centers have been protected by really
tough cyber regulations for almost 20 years (by NERC CIP since 2009, and by NERC
Urgent Action 1200 and 1300 before then) and also because everyone understands
that they’re really crucial, you ain’t going to get in, period. And you
certainly aren’t going to get into ten of them (per Interconnect).
Of course,
causing a purely local outage (e.g. the area served by a single line or
substation) is much more possible through a cyber attack – but again, it’s
never happened in North America, and is very unlikely to. However, local
outages happen all the time. Storms and squirrels are by far the biggest causes
of those.
But this
isn’t to say a total US grid collapse is inconceivable. An EMP event could
conceivably do it. Or a solar storm – perhaps the size of the Carrington Event,
which hit the US in 1859, before there was any electric infrastructure besides
telegraph wires. Either of these would be devastating. In fact, a US government
commission in 2008 said
that, in the event of a total grid collapse caused by an EMP which caused an
outage lasting a year, 66-90% of the US population would not just be badly
inconvenienced. They would die.
So if you want to worry about a devastating grid attack, worry about EMP. And ask Vladimir Putin, Kim Jong-un and Xi Jinping (and maybe Ayatollah Khamenei in a few years) to please not cause one.
Note 6/13: Tim Roxey made excellent comments - and then some - on this post. You can find them here.
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. Nor
are they shared by the National Technology and Information Administration’s
Software Component Transparency Initiative, for which I volunteer. If you would like to comment on what you
have read here, I would love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment