Y'all are right. It's IMPOSSIBLE to do the things they are saying. It's IMPOSSIBLE that an upgrade to some electronic equipment in the US power grid could cause a blackout. (Because everyone knows that HUMANS are the controls, not humans responding to alerts from General Electric Energy's Unix-based XA/21 energy management system.) It's IMPOSSIBLE that poorly educated radicals could hijack a bunch of airplanes and crash them into buildings. It's IMPOSSIBLE for control systems at a power generation plant to be taken over because of inadequate security. It's IMPOSSIBLE that the Japanese could launch an attack on Pearl Harbor. It's IMPOSSIBLE that power grids running at capacity loads could be triggered into cascading failures by changes affected through command and control of local SCADA systems.

Thank goodness we live in a world where all this nasty security stuff is sorted out and we are all nice and safe. Because unsafe conditions are IMPOSSIBLE!

PC? one last comment then I have to leave for the airport. This was not a really good test but it does show our vulnerabilities. Our aging infrastructure is vulnerable to being brought down and since the whole infrastructure is interconnected, one part goes down anywhere in the U.S. a lot of the entire system goes down. For example, a few years ago a circuit breaker blew in Ohio and blank out the electric on the East Coast and part of Canada so while the test wasn't very well designed, there is plenty of evidence to show that it's at risk.

The cyber aspect is that are aging system does have an interlocking core of computers which can be used to create a power surge so software of cyber-attacks can hit our infrastructure and generating a power surge through this net is easy and can use relatively old technology. Just look at the use of lasers (pretty old tech) in blinding our satellites which integrates all our arm forces and helps with the infrastructure.

But live in your dream world and ignore the daily attempts by other countries and groups that are testing how strong our security is in both infrastructure and computers. Also do a little research and you will find that even the most seasoned Military people believe that the next war will be as much about cyber-war as battlefield war. But I have the feeling you live in a dream world and don't want to take the time and do research.

Part of my reason for going to Ireland is because of the work that I do for the USGS and because of the growing threat some countries show in their daily attempts to break our systems and what needs to be done.

Have a nice dream-like day:)

This is *complete* Bull.

They hacked the LAN. It has *zero* control of the grid. The grid is on a completely different, *isolated* SCADA network, and FWIW, most of the "control mechanisms" are people.

The infrastructure is almost exactly the same as it was in the '50's. The only add-ons have been logging systems, monitoring systems, and alert systems. That's pretty much it. There's no possible way to shut down the grid from the internet.

None.

" The address linked to a malware that granted the hackers remote access. The trick was effective within minutes.

...to the external desktops on the corporate LAN. Useless in "bringing down the grid".

Winkler says that these SCADA systems suffer the same vulnerabilities any system does that runs on the same standard operating system and server hardware.

This makes no sense. None of the control system run on "standard hardware and software". There are no "Windows" systems connected to the control network.

Apparently little has changed in a decade.

..at least this is somewhat true. Try 4 to 5 decades, though. Computers monitor and log. The "control" is still done by humans.

"This makes no sense. None of the control system run on "standard hardware and software". There are no "Windows" systems connected to the control network."

Aren't most HMI's in SCADA's running a standard OS? For example I'm pretty sure Wonderware runs on top of windows. Anyway most SCADA's are designed not to touch the internet in any way. It doesnt mean however that this power company wanted to see if they could put one in close contact with the internet and it still be secure. Facts are missing so any conclusions drawn are based on assumptions.

Wonderware is logging/sensor monitoring software. It alerts, that is all.

Even so...

The SCADA network itself doesn't even control the grid.

To a point one might argue (as happened in the link below provided by Scary Guy) that the humans have become a bit too dependent on the alert/monitoring software, but in the end, it is still the humans who have to throw the switch.

"This is *complete* Bull."

No, I think it proves its point.
"A team of experts headed by security guru Ira Winkler was hired by an anonymous power company to test the security of a power grid's network."

If users cant secure their own logins, I dread to think how they manage with the rest of their duties.

"Winkler says that these SCADA systems suffer the same vulnerabilities any system does that runs on the same standard operating system and server hardware. Companies have perpetuated the weakness of these systems by not performing important software upgrades because they would force downtime."

This highlight's a security risk. And is compounded by :

"But a scheduled downtime is no doubt preferable to suffering the consequences of an exploit. Winkler stressed the seriousness of security in these systems while maintaining a lighthearted air to his job, "We had to shut down within hours," Winkler says, "because it was working too well. We more than proved that they were royally screwed.""

Its fair to say they tried a few methods and succeeded on them all.

I remember back when the huge power outage took out the entire north eastern United States and Canada. They were supposed to fix that but I guess never really did from what I understand.

http://en.wikipedia.org/...theast_Blackout_of_2003

That showed me just how dependent we've become on power and the internet. Having a back up plan is always a good thing and backup generators even better.

This wasn't the least bit internet related.

Software related, sure. Also definitely a sign of workers who had completely stopped any form of manual monitoring and relied solely on the computer output.

Bad idea, but hardly grid-hacking.

Sounds like Armageddon. China, take over Russia? Umm, they'd more likely take over the USA first. American politicians would probably welcome them with open arms, calling it a "cooperative multinational effort". Russia would hit them with everything they have, and thats still more than enough to make China the world's largest mass grave.

That reply button is really really hard to see is it?

Actually, in the next World War and most military officials believe it will involve either China in an attempt to take over Taiwan by destroying Taiwan's defense without a scorched earth policy, 2 landing several hundred thousand troops which requires landing craft and 3 keep the U.S. at bay while this is done or Russia which has become a mirror image of the old communist regime and is now rebuilding their military and will around 5-7 years from now begin to flex their muscle in the Balkans and Eastern Europe ( they have already threaten to deploy nuclear weapons if Nato puts in a muclear shield in Poland to guard against a possible launch from Iran which they (the Russians) are playing a major role in helping the Iranians with their nuclear program and anyone who disagrees with them ends up dead and these crimes go unsolved while others aren't or in jail or in the old style mental "health" institution of the Soviet era.), cyber attacks will play a major role so this does have some value in showing our weak points as a country. Talk at length with any military leader and they will say off the record that they are worrier especially since of our civilian stupidity in going onto Irag and the badly planned attack on Afgan. Most military leaders feel we are at our weakest point since the aftermath of Vietnam just at a time when both China and Russia are re-emerging as powers.

Only two of the three parts of a "fire sale" are even possible, much less feasible.

It made a decent movie, but that's pretty much it. Anyone with knowledge of our power infrastructure knows it would be much easier to take out an area using a few trucks with winches than "hacking the grid". (Since "hacking the grid" is simply not possible)

sounds like Die Hard 4 :-)

Sounds like the movie Sneakers.

But without the cool decryption box as the prize.