Power grid vulnerability to hacking

My Nissan Leaf Forum

Help Support My Nissan Leaf Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
LTLFTcomposite

LTLFTcomposite

Well-known member
Joined
Apr 23, 2010
Messages
4,780
Location
Central FL
I keep hearing about how the power grid is vulnerable to hackers. Exactly how would this be done? Presumably there isn't a web interface to the Hoover dam with a password of "1234" and a button labelled "close all valves" :)

Are substations and switchgear controlled over an IP network?
 
LTLFTcomposite said:
I keep hearing about how the power grid is vulnerable to hackers. Exactly how would this be done? Presumably there isn't a web interface to the Hoover dam with a password of "1234" and a button labelled "close all valves" :)

Are substations and switchgear controlled over an IP network?
Click to expand...

"any" major networked system is vulnerable. encryption only prevents honest people from hacking in.

there is no hardlines (or at least is very unlikely) that does not have some sort of internet access. that would be horrendously expensive and would make the hackers job easy. simply cut the line. to network such a system would require thousands of miles of wire and it cannot be adequately protected which is why its not done.

another thing to consider; "you are only as strong as your weakest link" keep that in mind...Hoover Dam is pretty much safe since no one would even try that
 
FERC and NERC have implemented several Critical Infrastructure Protection (CIP) standards (which are constantly evolving) that Utilities are now required to meet to help protect their control systems. Utiltities are audited on a reqular basis to insure that they are meeting these standards and can be fined if they fail to adequately meet them.
 
This article http://www.wired.com/science/discoveries/news/1998/06/12746" onclick="window.open(this.href);return false; suggests it isn't quite as easy as breaking into some systems and suddenly power plants are shutting down. There are plenty of references to Siemens programmable logic controllers being vulnerable to virus code being embedded (like was done in stuxnet). You'd think much of this could be prevented by putting all these control systems in a VPN.
 
 
http://www.nae.edu/Publications/Bridge/TheElectricityGrid/18627.aspx

Full document download:
http://www.nae.edu/File.aspx?id=18585

Terrorism or massive natural disasters could inflict considerable damage on critical components of the grid. The physical damage they could do has long been understood. However, cyber attacks have received considerable attention only recently. The increasing sophistication and ability of hackers and saboteurs to disrupt service is the subject of an article by S. Massoud Amin
Click to expand...
 
LA Times has front-page story today, April 15, "No Easy Fix to power grid's security."
LA Times online has very similar, not identical piece dated April 7, "Security holes in Power Grid have Fed Officials scrambling"

http://articles.latimes.com/2014/apr/07/nation/la-na-grid-security-20140407

On page 2 of above ref:
The vulnerabilities Crain exposed, for example, had been overlooked because taking advantage of them requires an attacker to have access to closed, local networks. Now, a cyberterrorist with a little knowledge and the right laptop can gain that access and cause chaos in a regional power system merely by linking up with the control panel at a secluded electric vehicle charging station.
Click to expand...

I would think a level 2 EVSE would not expose the grid to any additional vulnerability, even if it is networked. A Tesla Supercharger station most likely has quite a bit of special network control, but would that give it any impact on grid security? Since Supercharger installations take their power at high voltage (4-12 kV, I believe), does that introduce any vulnerability?
 
tbleakne said:
LA Times has front-page story today, April 15, "No Easy Fix to power grid's security."
LA Times online has very similar, not identical piece dated April 7, "Security holes in Power Grid have Fed Officials scrambling"
http://articles.latimes.com/2014/apr/07/nation/la-na-grid-security-20140407
Click to expand...

Thanks for the link! This is a very serious problem, and we sell complex communication equipment to utility types in my current job/company.

The fact is, we need to spend more $$ on many aspects of our public utility grid/network (and it ain't cheap), but that means more taxes/revenue; the problem is, it's hard to convince the average person how serious the consequences are if we DON'T (they just don't believe we could be without water or electricity).
 
In addition to the danger of hackers shutting down some of the grid, there is the possibility of a solar flare that happens to be pointed at the Earth. When another solar storm like the one in 1859 occurs, our entire electricity infrastructure might be shut down for a long, long time. Sort of like a worldwide EMP, as I understand it. There aren't enough spare parts to do the repairs if the damage is widespread.
 
It's a very interesting issue. I worked for several years with these cyber security standards at the utility level, and are there real issues there to be worked on.

But, let's not forget, many of these substations are out in the open with a fence or a wall, but the transmission lines and equipment are frequently visible or out in the open. So there are also very real physical issues to deal with as well.

To me, it's a matter of continuous improvement. The low hanging fruit items are easier and cheaper to mitigate. But it will be very expensive and time consuming to take care of all the issues out there...There are a lot of holes, both electronic and physical.
 
dgpcolorado said:
In addition to the danger of hackers shutting down some of the grid, there is the possibility of a solar flare that happens to be pointed at the Earth. When another solar storm like the one in 1859 occurs, our entire electricity infrastructure might be shut down for a long, long time. Sort of like a worldwide EMP, as I understand it. There aren't enough spare parts to do the repairs if the damage is widespread.
Click to expand...

definitely a great talking point towards a more distributed power grid. solar on every rooftop would allow each homeowner to determine their own level of readiness which would spur demand and production of the parts needed.
 
DaveK said:
FERC and NERC have implemented several Critical Infrastructure Protection (CIP) standards (which are constantly evolving) that Utilities are now required to meet to help protect their control systems. Utiltities are audited on a reqular basis to insure that they are meeting these standards and can be fined if they fail to adequately meet them. To protect myself from hackers, I installed for myself hardware token, with the help of which I block access to my PC for outside sessions.
Click to expand...

Yes, it is true. The Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) have implemented several critical infrastructure protection (CIP) standards that electric utilities must meet to protect their control systems.

These standards are designed to protect critical infrastructure from cyber threats, physical attacks and other dangers. They cover a wide range of topics, including:

Access Control: This includes measures to control who can access control systems and what they can do with them.
Asset Management: This includes measures to identify, track and protect critical assets.
Business continuity and disaster recovery. This includes measures to ensure that critical systems continue to operate in the event of a failure or attack.
Incident response: This includes efforts to detect, contain, and recover from cybersecurity incidents.

Utilities are regularly inspected to ensure compliance with these standards. If a business is found to be non-compliant, it may be fined.
 
LTLFTcomposite said:
I keep hearing about how the power grid is vulnerable to hackers. Exactly how would this be done? Presumably there isn't a web interface to the Hoover dam with a password of "1234" and a button labelled "close all valves" :)
Click to expand...

There probably are places with ridiculously easy passwords. Worse, there are plenty of employees will fall for scams and give out passwords. The human element is highly vulnerable.

If you ever get a chance, read The Cookoo's Egg.

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory (LBNL).
Click to expand...

It's a great read.
 

Similar threads

M
Southking SK-EV16: cheap Chinese EVSE with adjustable Current Capacity
Replies
9
Views
4K
jjeff
J
R
automatically ajusting EVSE for off-grid/current sensing
2
Replies
22
Views
23K
Oilpan4
O
C
2019 40kWh Leaf First Impressions
2
Replies
34
Views
9K
lorenfb
L
M
Limiting charging to 80% and fixing the other few things on my wish list
Replies
18
Views
19K
whereswally606
W
L
The Best, Least-Known Tips & Tricks
7 8 9
Replies
162
Views
209K
LeftieBiker
L

Latest posts

Back
Top