I recently purchased a copy of the latest sequel in the Die Hard series. The main plot involves a massive cyber attack on the US infrastructure. Despite all the outlandish things that only happen in Hollywood movies, I was pleased that at least the hacker character in the movie acknowledged that major utilities operated on closed circuit systems, not connected to the Internet, so hackers could only get in so far but couldn't get in far enough to really do damage. That's always been a comforting thought, right? I mean, I always thought that the "air gap" was always a bedrock of electronic security in critical systems.

Well, I guess the closed circuit nature of utilities is now a myth, too. The Wall Street Journal published a story about this and found that software has been planted through many utilities across the country that could be used to disrupt service.

Not feeling any urge to drum up any conspiracy theories or point fingers at anyone. (Thanks, Martin, I'm feeling much better after removing my tin foil hat after reading your post. Who knew?). But now I won't be so surprised if I ever wake up one day and feel like I'm in that movie.

Wow, now thats expensive just to get them to password protect their systems, with a half decent Username and Password.

Gary Mckinnon , now in the process of being extradited to the US (regarded as one of the worst Cyber security spies ever by US authorities), all he did was write a simple PERL script which interrogated .mil websites for logins that still had 'Admin' and 'Password' or NULL etc as the network login details. If folks are going to leave their front door open with a big sign saying come on in and trash the place, well you can only blame those administering those networks. Network security is only as good as the security procedures employed by those running and using those networks.

Here is a list of default Usernames and Passwords

http://www.phenoelit-us.org/dpl/dpl.html

If you really wanted to take down any 'secured' distributed geographical network then a concerted attack using Irish workmen armed with pick axes and diggers would probably be more effective than any Sino-Soviet conspiracy.

I remember the first time I heard the word infrastructure used in some university class. Pretty girl next to me asks what it meant. I explained it was like being in a tent, somebody cuts all your supporting ropes and it falls down.
She said 'oh' thought for a minute and asked if our government had guards on all the ropes.

I remember a story on CD ROM from back in the day. Don't think I ever got it to work right, but the title of it was "Soft Kill" and it was a story about how Japan decided to get some payback for WWII and launched a massive cyber attack...the US was crippled (in the story).

As far as pretty girls asking about the definition of infrastructure...I might have said, "It has to do with things like where the utilities run...why don't you come over to my tent and I'll show you my maps..."

Just tell the pretty girl that when the infrastructure goes down, her curling iron and makeup light won't work and she won't be able to call someone to fix them.

And the scary thing is, we'll be going with Cisco for most of needs. And who owns Cisco now... *drumroll*

A company out of the PRC, who's board is full of former(?) PRC spooks and infowar officers. We just hired the fox to guard the hen house.

If security is the primary concern here, why don't they privatize large segments of the infrastructure? After all, corporations recruit the world's best and brightest, have deep pockets, and bureaucracy is less of an issue.

Particularly when it comes to power generation and distribution, it already is. Private companies are generally best at providing something as cheaply as possible while generating the maximum short term profits. Enron gamed the system and bilked us California ratepayers out of billions of excess dollars while we suffered from some real but also some artificially created blackouts and brownouts.


Just a couple days ago, I caught the tail end of a documentary on the local PBS station. It was something about CalTech's basketball team. I think it was about the story of how a coach took these incredibly bright and hardworking student athletes and turned the team from being an utter laughingstock to actually almost winning their final game of the season. At the end of the program, they mention where each of the team members went after graduation. I was personally dismayed to discover that every team member except one ended up on Wall St, although I have seen the same phenomenon myself. As we are experiencing now, having the best and the brightest in the financial services sector doesn't guarantee safety and stability of anything unless there is an incentive or regulation and also robust enforcement and oversight. Or look back to the S&L crisis for another example of an industry loaded with really smart people.

Or more on topic, remember the massive Northest Blackout of 2003? Privatization didn't help any of these utilities prepare for that situation, particularly when it comes to coordinating with their neighboring utilities. "Private" means you look out for yourself and divulging information about your operations is a big no-no because it could give a competitive advantage to another private company.

RE: the 2003 blackout. I recently had a very long lunch with two people from the utility company that got blamed for the blackout - the then company spokesman and an electrical engineer. What really happened was this ... there was a minor problem in another part of the grid; that part shut down automatically and power was then automatically diverted from a distant part of the grid to help out. That diverted power went through Ohio lines. Then, there was minor problem in the part of the grid that was helping supply power to the first problem; resulting in an automatic shutdown. As a result, power was diverted in the other direction; again, through Ohio. As it happens, it was hotter than the proverbial hinges that day and the already sagging lines simply overheated and touched trees in Ohio resulting in the massive blackout. The solution to all of this was to cut down a bunch of trees. The real problem was/is the automated (computer generated) responses to problems. If that's what happens on a, I would think, daily basis around the grid - large scale blackouts are going to happen again. And, if hackers mess with the already over-automated (IMHO) system ... as they said in Ghostbusters, "that would be bad."

On a related note, my brother is a senior engineer for a very large engineering firm on the east coast. According to him, the grid is close to failing simply because the lines are not capable of carrying the power load our society demands. The only solution to that is to put in more robust lines but no one wants them in their back yard. I would think this issue would make the whole system even more at risk for massive problems due to its inability to handle large scale diversions of power to damaged/sabotaged portions of the grid. I asked my brother what it will take for our society to be ok with installing more/higher electrical lines - he said that when people can't make coffee in the morning, it will finally dawn on them that something really does need to be done.

Exactly. And we, as consumers, are not willing to pay the higher utility rates to upgrade it, and our utility regulators aren't willing to force utilities to meet higher levels of reliability. I forget if I posted about this in the past, but US consumers endure far more time without power than consumers in every other industrialized nation.

Of course, we have a gigantic, far flung grid. But beyond that, the government requirements for reliability are not as high in this country. Some parts of the grid are more robust, like in sunny, very air conditioned Arizona, where environmental conditions are extreme and energy demand from the grid is high.

Having a patchwork of private companies instead of large public utility companies also makes upgrades difficult. If one company owns the power plants, another company owns the high voltage transmission lines, and several companies own the local, municipal grids and then entities like power resellers, it is very difficult to make end-to-end improvements. And trying to enforce coordination between utilities, like emergency procedures, can be like herding cats when you have so many more players involved.

You touched on this, too, Wheels, but another problem with privatization was that the buying and selling of excess power between utilities became far more common. To a private company, unused generating capacity is a money loser and the regulations are loosened to allow it, so why not try to score some extra bucks by selling it to another utility that needs extra power, which is what Enron was doing. Unfortunately, the national grid was never designed to shuttle power between far flung utilities like this but now massive amounts of power are routinely switched back and forth in a big electric market. It's a disaster waiting to happen, which did happen in 2003. I'm not saying that the routine selling of excess electricity to a utility with higher demand is bad. I'm just saying that the grid isn't designed to handle that.

Unfortunately, since electricity at the utility company level is not like your house lights--you can't just flip a switch to turn it on and off--someone with malicious intent can take down the grid for an entire region by simply messing with one utility. You don't have to infiltrate every utility company's computers. One power surge can start a cascade of overloads and shut downs all down the line.