Grid Hack/Attack

Topics in this category pertain to planning. Discussions include how to prepare yourself, your family and your community for catastrophes and what you plan to do when they hit you.

Moderator: ZS Global Moderators

Post Reply
User avatar
Paladin1
* * * * *
Posts: 4451
Joined: Sun Feb 24, 2008 12:56 pm
Location: Central Ohio

Grid Hack/Attack

Post by Paladin1 » Tue Nov 18, 2014 2:18 pm

This is something that I've grown more concerned about. Especially pertains at this time due to the serious cold many parts of the US is experiencing:
http://money.cnn.com/2014/11/18/technol ... ?hpt=hp_t4

And:
http://www.cnsnews.com/news/article/mel ... id-could-0

Certainly there has been attacks before:
http://www.foxnews.com/politics/2014/03 ... tudy-says/
http://www.cnn.com/2014/02/07/us/califo ... index.html

Between the threat of a physical attack and a cyber based attack, this could be devastating this time of year.
I highly recommend that ZS'er review their alternative energy plans and how they would go about keeping warm and fed.
WWSD?

User avatar
Mikeyboy
* * * * *
Posts: 2265
Joined: Wed May 04, 2011 8:00 am

Re: Grid Hack/Attack

Post by Mikeyboy » Tue Nov 18, 2014 3:12 pm

I wonder if a portion of these malware attacks are from the Chinese and/or Russian military. Basically probes sent out to understand our grid, to figure out the weaknesses, and to plant seeds in case if they ever wanted to shut down our grid.

Its a better option than launching a ICBM and detonating an EMP nuke over the USA. They could not only do it in a military attack, but they could also kill our grid just to under mind the USA and blame it on non-state run, independent, anarchist hackers. Missiles can be tracked, and firing off an EMP/Nuke will be noticed and considered an act of war. A hack attack on the power grid could be blamed on any computer geek with a computer.

User avatar
Paladin1
* * * * *
Posts: 4451
Joined: Sun Feb 24, 2008 12:56 pm
Location: Central Ohio

Re: Grid Hack/Attack

Post by Paladin1 » Tue Nov 18, 2014 7:45 pm

I think that is the theory put forward by many. No one is going to confront the US from a military standpoint. So if you want to attack, undermine economy, etc then attack the infrastructure.

It would not be all that hard to take down enough of the grid in strategic places in a coordinated attack to absolutely cripple the country. Think how it would not only cost us billions from an economic standpoint, but the loss of life and mayhem that would occur.

Imagine 20 Katrina level emergencies around the country, especially during current weather conditions.

We typically have food and water, but what about power? I have an inverter generator and keep xtra fuel, but not enough to get through 3 months of winter. If enough damage is done and it is widespread, it could take along time to get the grid back up.

I'd like to have a more long term, sustainable solution, but I really don't know what that would look like.
WWSD?

User avatar
Paladin1
* * * * *
Posts: 4451
Joined: Sun Feb 24, 2008 12:56 pm
Location: Central Ohio

Re: Grid Hack/Attack

Post by Paladin1 » Thu Nov 20, 2014 6:24 pm

Not that I think China would take out there biggest customer but it's one or two others that caught my attention.

http://www.cnn.com/2014/11/20/politics/ ... ?hpt=hp_t2

Don't think it will happen tomorrow, but knowing this is a very real possibility should encourage everyone to review energy plans.
WWSD?

absinthe beginner
* * * * *
Posts: 1712
Joined: Sun Jan 05, 2014 11:05 am
Favorite Zombie Movies: Shawn of the Dead
Location: Colorado

Re: Grid Hack/Attack

Post by absinthe beginner » Fri Nov 21, 2014 4:15 pm

http://www.cnn.com/2014/11/20/politics/ ... index.html

The U.S. government thinks China could take down the power grid.

User avatar
majorhavoc
ZS Donor
ZS Donor
Posts: 7140
Joined: Wed May 12, 2010 10:06 am
Favorite Zombie Movies: 28 Days Later, ZombieLand, Dawn of the Dead
Location: Maine

Re: Grid Hack/Attack

Post by majorhavoc » Fri Nov 21, 2014 5:11 pm

I hate to sound like a Battlestar Galactica fanboy, but perhaps certain vital systems shouldn't be networked. At least not in the traditional way. Maybe some kind of closed loop data system with human gatekeepers between the national power grid and the internet. And stringent security protocols restricting the use of wireless connections and portable media like flash drives.

I'm not a luddite, I understand these systems can't function without networked computers. But I get the sense that a lot of the vulnerabilities being identified now are ones that exist simply because when they were first built, no one ever considered what a bad actor could do with a bit of know-how and sufficient ill-intention.

Its kind of like the magnetic stripe credit cards we still use here in the US. A vast financial exchange system built on what time has revealed to be almost unconscionable levels of stupidity. All because it was conceived in an era before cyber crime, identify theft and almost daily revelations about security breaches involving someone's national customer database.

Like old fashioned credit cards, our networked infrastructure is acutely vulnerable because of an abject failure of imagination: the inability to consider that if someone desires to do harm, how might they go about doing harm.

User avatar
Paladin1
* * * * *
Posts: 4451
Joined: Sun Feb 24, 2008 12:56 pm
Location: Central Ohio

Re: Grid Hack/Attack

Post by Paladin1 » Fri Nov 21, 2014 8:38 pm

At this point the Gov. and power companies are aware of the risk. But the cost and magnitude of addressing the issue is preventing any immediate across the board action.

From what I understand, Gov. and certain agency's have put into place the ability to isolate themselves from the domino effect of a grid failure.

That, however, won't help us minions.
WWSD?

hondo
* *
Posts: 208
Joined: Sun Aug 17, 2008 3:16 am
Location: Vermont

Re: Grid Hack/Attack

Post by hondo » Sat Nov 22, 2014 9:42 pm

In my layman understanding they would be able to overload transformers and cause them to burn, replacement would took years.

User avatar
Wraith6761
* * *
Posts: 386
Joined: Tue Nov 12, 2013 9:00 pm

Re: Grid Hack/Attack

Post by Wraith6761 » Sun Nov 23, 2014 9:40 am

Mikeyboy wrote:I wonder if a portion of these malware attacks are from the Chinese and/or Russian military. Basically probes sent out to understand our grid, to figure out the weaknesses, and to plant seeds in case if they ever wanted to shut down our grid.

Its a better option than launching a ICBM and detonating an EMP nuke over the USA. They could not only do it in a military attack, but they could also kill our grid just to under mind the USA and blame it on non-state run, independent, anarchist hackers. Missiles can be tracked, and firing off an EMP/Nuke will be noticed and considered an act of war. A hack attack on the power grid could be blamed on any computer geek with a computer.
I kinda doubt the Chinese would be involved....not because they're incapable, or that they have any particular love for the US...just that we buy a lot of shit from them, taking down our infrastructure (and thus essentially losing all of the business from us) would be a pretty serious kick in the teeth for their economy. Sure, if we absolutely infuriated them, they may decide to do it anyways, but to just see if they can? Seems too big a risk.

Russia, I can kinda see doing it, mostly because Putin has been going all "F*** y'all, you don't know me, you can't tell me what to do" over the last year or two...though I'm less worried about the organized government "hackers" and more worried about the crazy loners, like that kid in Siberia that wrote a virus that actually cracked Target's databases, then turned around and sold said virus to another group who used it on Home Depot's databases...those are the type you've gotta watch out for.
majorhavoc wrote:I hate to sound like a Battlestar Galactica fanboy, but perhaps certain vital systems shouldn't be networked. At least not in the traditional way. Maybe some kind of closed loop data system with human gatekeepers between the national power grid and the internet. And stringent security protocols restricting the use of wireless connections and portable media like flash drives.

I'm not a luddite, I understand these systems can't function without networked computers. But I get the sense that a lot of the vulnerabilities being identified now are ones that exist simply because when they were first built, no one ever considered what a bad actor could do with a bit of know-how and sufficient ill-intention.

Its kind of like the magnetic stripe credit cards we still use here in the US. A vast financial exchange system built on what time has revealed to be almost unconscionable levels of stupidity. All because it was conceived in an era before cyber crime, identify theft and almost daily revelations about security breaches involving someone's national customer database.

Like old fashioned credit cards, our networked infrastructure is acutely vulnerable because of an abject failure of imagination: the inability to consider that if someone desires to do harm, how might they go about doing harm.
Don't apologize for being a BS:G fanboy...that's never a bad thing. While an intriguing idea, the weakest link in any system (from an InfoSec perspective at least) is always going to be the human operator...basically, people are dumb. From writing down passwords and storing them in easy to find "hidden" locations (like underneath the keyboard) to not logging out to sharing account info over the phone, users are how most infosec problems are created. All it would take is somebody deciding they want to put iTunes on one of the computers, or even deciding to charge their phone from the computer USB port, and boom: vulnerability created.

While I agree that certain things done in constructing what became the bedrock of the modern power infrastructure were poorly done (most notably poor documentation of scripts/programming, specifically dependencies for scripts or programs and what those scripts/programs do), one thing to keep in mind is that predicting the future is pretty damn hard. The stuff we have today wasn't imaginable back then; hell, even Star Trek and BSG didn't think we could create a printer that sprays human skin cells over a burn (http://www.wakehealth.edu/Research/WFIR ... Wounds.htm). They had no concept of the capabilities that we take for granted now; or to put it into better perspective: a modern day iPad (something you surf the web on) has more computing power than Skylab (something we used while living for several months at a time in space). That, coupled with the theoretical limitations on CPU and programming capabilities, is why they didn't predict this kind of thing...most IT-related predictions won't go past 12-18 months, simply because things change too fast. Predicting 40+ years out is a fools notion at best.

The problem with upgrading the infrastructure in the power grid is the same one facing the financial system: script analysis. Swapping out the hardware isn't difficult, especially with the redundant systems...just failover to the backup, replace the main, switch back to the main, observe for a period of time, then replace the backups. The problem is the software, specifically figuring out exactly what each script does (very few of which have any documentation), and more importantly figuring out what each script depends on, and what depends on each script. That small script running along happily, not seeming to do anything? It could be doing absolutely nothing, but the larger script for alarm monitoring could depend on it, and when you remove the small "useless" script you break the bigger important script. Analysis of all that programming would take years and would be so expensive that we'd see power bills tripling (or more) to try and make up for it. Does it need to be done? Hell yes. Will it? Nope, at least not until something breaks so badly that it can't be fixed.
Woods Walker wrote:...I don't think it matters if a backpack has Dora the Explorer on it. Based on my observations from years of hunting and fishing if something looks and acts like prey it will draw in predators.

User avatar
DarkAxel
* * * * *
Posts: 3828
Joined: Fri Feb 19, 2010 2:25 am
Favorite Zombie Movies: The Evil Dead Series, Dawn of the Dead, Shawn of the Dead, NOTLD, Resident Evil Series
Location: Jackson, KY
Contact:

Re: Grid Hack/Attack

Post by DarkAxel » Sun Nov 23, 2014 10:59 pm

Paladin1 wrote:Not that I think China would take out there biggest customer but it's one or two others that caught my attention.

http://www.cnn.com/2014/11/20/politics/ ... ?hpt=hp_t2

Don't think it will happen tomorrow, but knowing this is a very real possibility should encourage everyone to review energy plans.
I read that, too. My take is that the US .gov and other national .govs have vastly underestimated the damage that non-state actors can do in cyberspace, just as they have historically underestimated the damage non-state actors can do in meatspace.
vyadmirer wrote:Call me the paranoid type, but remember I'm on a post apocalyptic website prepared for zombies.
Fleet #: ZS 0180

Browncoat

Imma Fudd, and proud of it.

ZS Wiki

hondo
* *
Posts: 208
Joined: Sun Aug 17, 2008 3:16 am
Location: Vermont

Re: Grid Hack/Attack

Post by hondo » Mon Nov 24, 2014 2:38 am

Problem is that most of the people take electric power for granted, for majority of the people only experience without e-power are rolling blackouts and occasional short term blackouts couple hours without power, for those of us living in rural areas where grid failure is regular occurrence during the winter and can last for more than a week at the time due to magnitude of damage and because power companies first fix urban areas and then move onto rural aka if your house is on the blacktop and 5 minutes ride from downtown you are getting back on the grid within 24 hours if your house is on the class 3 road and 15 minutes drive from the town it could be 7-10 before you get your power back so generator and wood stove is must.

Now without pumps to push water and sewerage most of the urban areas would cease to be habitable.

User avatar
Stercutus
* * * * *
Posts: 13580
Joined: Wed Feb 10, 2010 8:16 pm
Location: Time Out

Re: Grid Hack/Attack

Post by Stercutus » Mon Nov 24, 2014 7:07 am

This is not a disaster in current events.

Not a particularly new idea either although being prepared to go without utility services should be a given for most preparation plans.

The USG has been well aware of the existence of the program and the Russian use of it since at least 2008 when the Russians used it to conduct cyber attacks against the Georgians during their invasion there. The fact they have not done much about in seven years should probably be viewed as inexcusable.

http://en.wikipedia.org/wiki/Cyberattac ... orgian_War

A series of videos here:
http://abcnews.go.com/US/trojan-horse-b ... d=26737476

Here is some analysis by Arbor:
http://atlas-public.ec2.arbor.net/docs/ ... alysis.pdf
You go 'round and around it
You go over and under
I go through

User avatar
majorhavoc
ZS Donor
ZS Donor
Posts: 7140
Joined: Wed May 12, 2010 10:06 am
Favorite Zombie Movies: 28 Days Later, ZombieLand, Dawn of the Dead
Location: Maine

Re: Grid Hack/Attack

Post by majorhavoc » Mon Nov 24, 2014 7:45 am

Wraith6761 wrote:
The problem with upgrading the infrastructure in the power grid is the same one facing the financial system: script analysis.
[snip]
The problem is the software, specifically figuring out exactly what each script does (very few of which have any documentation), and more importantly figuring out what each script depends on, and what depends on each script. That small script running along happily, not seeming to do anything? It could be doing absolutely nothing, but the larger script for alarm monitoring could depend on it, and when you remove the small "useless" script you break the bigger important script. Analysis of all that programming would take years and would be so expensive that we'd see power bills tripling (or more) to try and make up for it. Does it need to be done? Hell yes. Will it? Nope, at least not until something breaks so badly that it can't be fixed.
That's an interesting analysis and at least to my unsophisticated ears, sounds very insightful. I know that my own employer still uses certain ancient mainframe applications to manage critical data and business functions. I'm told that employees actually using these systems were clamoring to have the data and functionality migrated to more modern software systems for literally decades before I ever got hired. Management always considered it too costly, and at any given point in time the systems were thought to be "good enough". No one with the authority to spend money was concerned with where we'd be 10 or 20 years later.

Predictably, we lost domestic software support in the late 1990s because no one in the US was programming in Fortran anymore. Our back-end support switched to India, but that has dried up in the past few years as our far eastern vendor moved on to more lucrative service offerings.

No one in the company has any clue exactly how the software supporting these mainframe applications actually works anymore, and now it's going to be incredibly difficult/costly to find anyone left to figure it out for us. So we continue to kick that problem down the road as we adopt increasingly clunky "workarounds" as we encounter more and more limitations with these old applications. I look at that as an abject lesson in how businesses can often have irresponsible relationships to changing technology. It would be foolish indeed to assume the same sort of thing isn't happening to the organizations managing our energy infrastructure.

The only other point I'd add is that with regard to the systems that control our power grid, I do believe that this painstaking script analysis actually is going on. The problem is it's being conducted by potential terrorists and the cyber warfare branches of nations that are either our enemies our could become our enemies in the future.

User avatar
Stercutus
* * * * *
Posts: 13580
Joined: Wed Feb 10, 2010 8:16 pm
Location: Time Out

Re: Grid Hack/Attack

Post by Stercutus » Mon Nov 24, 2014 7:57 am

If our enemies can do that while sleeping in a basement or a cave and somehow we can't? I don't buy it. Complete lack of sense of urgency.
You go 'round and around it
You go over and under
I go through

User avatar
Mikeyboy
* * * * *
Posts: 2265
Joined: Wed May 04, 2011 8:00 am

Re: Grid Hack/Attack

Post by Mikeyboy » Mon Nov 24, 2014 10:35 am

majorhavoc wrote:I hate to sound like a Battlestar Galactica fanboy, but perhaps certain vital systems shouldn't be networked. At least not in the traditional way. Maybe some kind of closed loop data system with human gatekeepers between the national power grid and the internet. And stringent security protocols restricting the use of wireless connections and portable media like flash drives.

I'm not a luddite, I understand these systems can't function without networked computers. But I get the sense that a lot of the vulnerabilities being identified now are ones that exist simply because when they were first built, no one ever considered what a bad actor could do with a bit of know-how and sufficient ill-intention.

Its kind of like the magnetic stripe credit cards we still use here in the US. A vast financial exchange system built on what time has revealed to be almost unconscionable levels of stupidity. All because it was conceived in an era before cyber crime, identify theft and almost daily revelations about security breaches involving someone's national customer database.

Like old fashioned credit cards, our networked infrastructure is acutely vulnerable because of an abject failure of imagination: the inability to consider that if someone desires to do harm, how might they go about doing harm.
The funny thing is there is a mention on this thread of old tech and new tech and I also wonder why, and at what point did something think it was good to connect the grid to the internet or to have a wireless system, instead of have a closed off hard wired system.

I had this same though with an article I read about the CIA records and old E-mails that the CIA wants to get erase because of the possibility of hackers getting into their system. I just assumed the CIA deepest, darkest secrets where on some closed off system, and on paper files in a vaulted room with some bad ass secretary guarding it. I am no computer whiz but I know what it takes to make a system unable to communicate directly with the outside world. All essential systems Just hardwire and no internet access. The CIA and the power companies probably went to the internet because it was new (at the time) and it was easy and fast. Its almost a sense of laziness, now you can work from home, or send info across the globe, and avoid having live bodies which require a salary at key areas which makes things cheaper. They also naively trusted that their failsafe to prevent hacking would always work and could never be beat, and who would want to would actively try to do something real bad like shut down a countries power grid.

Now the power companies and other essential industries are too deep into computer automation and the internet to change things now.

User avatar
the_alias
ZS Global Moderator
ZS Global Moderator
Posts: 6016
Joined: Tue Jan 22, 2008 7:51 pm
Location: Not Here.

Re: Grid Hack/Attack

Post by the_alias » Mon Nov 24, 2014 1:11 pm

Moved from DICE to CP&P
Man is a beast of prey

User avatar
duodecima
ZS Lifetime Member
ZS Lifetime Member
Posts: 2951
Joined: Tue Aug 23, 2011 1:18 pm

Re: Grid Hack/Attack

Post by duodecima » Mon Nov 24, 2014 8:04 pm

Mikeyboy wrote: I am no computer whiz but I know what it takes to make a system unable to communicate directly with the outside world. All essential systems Just hardwire and no internet access.
I am so not a computer/IT person, but yeah. It's just that usually these days your tech support is off site, and they need internet access to get in and fix things. My workplace actually does this relatively well, but you pay for it - I can't get to dang thing about my job from home, which is mostly a good thing - in private practice one of the alleged 'advantages' of electronic health records is that you can work from home, and the login required a security key fob. But it's getting popular to use tablets and wireless devices - we're running out of physical space for the computers we now need to work because we refuse to put anything on wireless - in order to hack us you've got to plug in to something in our building, which raises the difficulty by several orders of magnitude.

I think the problem for the CIA is that getting the data IN to the system then becomes kinda labor intensive.

I have a friend who works at a contractor for the intelligence community, her building is a "digital quarantine" - she literally cannot bring in a cell phone or anything else electronic, they all get left at the door. I've heard of other gov't facilities putting epoxy or something into the USB ports of the desktops to make sure nobody decides they just HAVE to have a copy of that classified thing...
"When someone shows you who they are believe them" M. Angelou

User avatar
Wraith6761
* * *
Posts: 386
Joined: Tue Nov 12, 2013 9:00 pm

Re: Grid Hack/Attack

Post by Wraith6761 » Tue Nov 25, 2014 7:37 am

duodecima wrote:I have a friend who works at a contractor for the intelligence community, her building is a "digital quarantine" - she literally cannot bring in a cell phone or anything else electronic, they all get left at the door. I've heard of other gov't facilities putting epoxy or something into the USB ports of the desktops to make sure nobody decides they just HAVE to have a copy of that classified thing...
Yup, not that uncommon...another method I've had to use involved soldering the USB plugs into the ports that are needed, and then soldering the unused ports shut. Kinda sucks when the mouse or keyboard stops working, but definitely stops people from trying to swipe a copy of something they shouldn't have.
Woods Walker wrote:...I don't think it matters if a backpack has Dora the Explorer on it. Based on my observations from years of hunting and fishing if something looks and acts like prey it will draw in predators.

User avatar
Boom40mm
*
Posts: 77
Joined: Mon Sep 29, 2014 7:39 pm

Re: Grid Hack/Attack

Post by Boom40mm » Sun Nov 30, 2014 10:51 pm

hondo wrote: Now without pumps to push water and sewerage most of the urban areas would cease to be habitable.
I think I would be most concerned with the cooling systems of our nuclear reactors although I don't know if any nation would be willing to jeopardize such a large portion of the worlds food supply (we grow a lot).

cyruspace
* *
Posts: 104
Joined: Tue Oct 28, 2014 9:45 am

Re: Grid Hack/Attack

Post by cyruspace » Fri Dec 05, 2014 8:48 pm

No star wars is needed

We have an open border. We have illegal aliens overstaying their visas, remember 9/11? A group with rifles could take down the power grid.
Also,
The US infrastructure is collapsing all by itself.

http://www.azcentral.com/story/news/ari ... /10408053/
Author of book "SurvivalFit"

http://www.amazon.com/SurvivalFit-Train ... B00OVKQ7G6

Cum Laude B.S. in Exercise Science.
Formerly CSCS (Certified Strength and Conditioning Specialist) with the NSCA (National Strength and Conditioning Association).
Formerly first responder with American Red Cross.

Post Reply

Return to “Contingency Planning & Preparation”