# Cyber attack



## Camel923 (Aug 13, 2014)

Could a big enough cyber attack creat situation similar to an emp? I think its unlikely, but...


----------



## Targetshooter (Dec 4, 2015)

This day and age ,, with a of the crazy nuts out there anything can happen ,, just have to watch out for anything that's not right with the things you have hooked up to WIFI , internet .


----------



## A Watchman (Sep 14, 2015)

At some point the internet will likely be used as a propaganda tool by the ruling class ...... Oh wait.......that's already happened.


----------



## Illini Warrior (Jan 24, 2015)

a cyber attack coupled with a coordinated attack on the country's infrastructure would do the job .... just overloading the internet at a critical time would be of benefit during an attack .... most of the utilities in the US are open to attack - the assault rifle attack on that CA transformer substation coordinated with the telephone exchange is just one example ....


----------



## Chipper (Dec 22, 2012)

I would think so. With everything being controlled by computers it doesn't sound impossible to me.


----------



## Seneca (Nov 16, 2012)

I'm not sure of who or what to be more concerned about, governments desire to control the internet or a cyber attack.


----------



## Grim Reality (Mar 19, 2014)

In his latest book "Lights Out" Ted Koppel (newscaster) paints a very GLOOMY picture of the likelihood of a cyber-
attack crippling our electrical grid. With his credentials he interviewed literally DOZENS of high-ranking people in
various offices of the government. Generals, CEO's, White House advisers, CIA and NSA executives...you name it! 

The overall take is that a cyber-attack is not a matter of "IF" but a matter of "WHEN". So says almost everyone of
the individuals with whom he spoke. Many what could be termed preliminary cyber assaults have already been put
forth at a small scale and the results are not encouraging. 

Some would say that all the government needs to do is invest in the right cyber security and we will be fine. The
truth is a little more complicated. Yes, the government can protect itself, in most cases, but the distribution of our
electrical power is controlled at the highest levels by large corporations, they own much of the infrastructure which
carries the electricity...but at the lower levels the dissemination of power is handled by much smaller companies.
These lower level organizations are not "Rich and Powerful" as many might believe. In most cases their budgets do
not allow them the luxury of spending money on a "perceived" threat. They are more motivated to maintain their
bottom line profits. Their boards of directors are less inclined to act upon the "possibility" which may never really
materialize. It is shortsightedness in it's worst form...but that's the picture this book paints. Our computers are
vulnerable and little to nothing is being done about it. Ergo, the computers are perhaps the easiest point of ingress
to cause our grid to collapse. Technology being what it is...tracing these attacks has been almost fruitless.

And if it DOES happen (Grid goes down), there are some very serious considerations which will impede the repairs 
needed after surges and overloads damage some VERY expensive pieces of equipment.

The LPT's (Large Power Transformer) are probably the most difficult items to repair. That is because:

1) They are by nature "Custom Made" to fit particular applications. One cannot simply plug in one LPT in 
replacement of another. They simply will not work. Their windings and general construction are too divergent. 
It's not like changing a light bulb. Many of the countries LPT's are 40 and 50 years old...and though they have 
no moving parts they are still subject to ageing making them easier to fail.
2) The United States gets MANY of it's LPT's from overseas. An order placed tomorrow could take as long as 1-2 years
to be delivered...by ship.
3) Your average LPT weighs 500,000 lbs. They are transported by rail car, requiring special tracks and scheduling.
Many of those special tracks and rail cars no longer exist. The vehicles (trucks) needed to move them are also going to
require special clearance and routing. Nothing weighing 1/2 million pounds get moved easily. Roads and overpasses
have changed dramatically since the days when these behemoths were first installed. Many simply will not handle the
load of transport.

Some would say..."We must have spares...don't we?" The short answer is...NO we don't have spares. Much too 
expensive to make and simply keep in inventory. 

I'm only covering a small part of the book...it is indeed intriguing to read. An eyeopener! I recommend it.
I learned at lot...and I'm not even finished with it.

Grim


----------



## SDF880 (Mar 28, 2013)

Check out this movie from a few years ago. American Blackout


----------



## SittingElf (Feb 9, 2016)

It's important to remember, that unlike simple computer hacking, cyberattacks on our infrastructure are intended not just to temporarily cripple, but to DESTROY the targets that they are attacking.

Power stations, Power Grids, Nuclear Plants, Dams, Communication systems, Air Traffic Control systems as well as airplanes themselves, Vehicles with computerized functions, and more.

It is clear, just from recent attacks, that the level of cyberwarfare expertise is advancing exponentially, while defensive security is not keeping up. It is only a matter of time.....


----------



## Grim Reality (Mar 19, 2014)

American Blackout

Top notch post. Thank you!

Aren't you glad you're a prepper?!

Grim

Interesting the moniker in the upper right hand corner of the screen for "Doomsday Preppers"!


----------



## Free (Mar 13, 2016)

I posted this in another thread and am reposting it here, if you have a specific question about anything in particular I will answer it. About 95% of the stuf in the books are greatly exaggerated or completely not true. 

I'm not sure what will happen but I'm confident that a wide spread and long term power outage will not happen. A cyber attack, solar flare and terrorist shooting transformers are way way way down on my list of things happening. The reason I can say this with confidence is because I have 25 plus years in the electric utility industry with experience in transmission and generation controls, maintenance and cyber security. I've been through every hurricane since Andrew and numerous brown and blackouts. I won't go into a lot of details but there are a lot of things built into the system that people don't know and when I hear pundits on media saying outrageous things I just have to shake my head.


----------



## Grim Reality (Mar 19, 2014)

Free said:


> I posted this in another thread and am reposting it here, if you have a specific question about anything in particular I will answer it. About 95% of the stuf in the books are greatly exaggerated or completely not true.
> 
> I'm not sure what will happen but I'm confident that a wide spread and long term power outage will not happen. A cyber attack, solar flare and terrorist shooting transformers are way way way down on my list of things happening. The reason I can say this with confidence is because I have 25 plus years in the electric utility industry with experience in transmission and generation controls, maintenance and cyber security. I've been through every hurricane since Andrew and numerous brown and blackouts. I won't go into a lot of details but there are a lot of things built into the system that people don't know and when I hear pundits on media saying outrageous things I just have to shake my head.


Your post is encouraging...it runs counter to most everything else I have heard and read.

Can you go into a little more details as to why you feel the grid is more resilient that I may have been told?

Grim


----------



## Free (Mar 13, 2016)

Let's take a few examples mentioned earlier 


1) They are by nature "Custom Made" to fit particular applications. One cannot simply plug in one LPT in 
replacement of another. They simply will not work. Their windings and general construction are too divergent. 
It's not like changing a light bulb. Many of the countries LPT's are 40 and 50 years old...and though they have 
no moving parts they are still subject to ageing making them easier to fail.
2) The United States gets MANY of it's LPT's from overseas. An order placed tomorrow could take as long as 1-2 years
to be delivered...by ship.
3) Your average LPT weighs 500,000 lbs. They are transported by rail car, requiring special tracks and scheduling.
Many of those special tracks and rail cars no longer exist. The vehicles (trucks) needed to move them are also going to
require special clearance and routing. Nothing weighing 1/2 million pounds get moved easily. Roads and overpasses
have changed dramatically since the days when these behemoths were first installed. Many simply will not handle the
load of transport.

Some would say..."We must have spares...don't we?" The short answer is...NO we don't have spares. Much too 
expensive to make and simply keep in inventory. 


1 not true, we regularly take transformers and put them in service areas where there not designed to operate. Sometimes they have to be derated because their impedance is not optimum but they work just fine. Heck we have mobile xformers mounted on trailers that we put in service while we do preventative maintenance to the original and we never deenergize the circuit. 
2 not true, we have a (MPT) main power transformer being rewound as we speak in the US, we've never sent a transformer out of the country. 
3 not true, it's easier to ship today than it was 10-15 years ago. New highways are rated for heavier loads and interstate travel is easy. We had a MPT go down a couple years ago and it took the shipping company and the state 2 days to schedule the route, that was kind of fast it normally takes a week or so. There is no "special" equipment needed to ship a xformer, any loboy that's used to haul heavy equipment will work. The same people that ship our cranes around move most of the xformers for us on the same trucks and trailers 

We do have spares like the mobile ones mentioned earlier and what do you think we do when we upgrade or replace an aging xformer. They go into storage for spares. All company's have spares and we trade with each other if needed


----------



## Grim Reality (Mar 19, 2014)

Hmmm...!

Vellllly interesting! I will have to say that your answer is both welcomed and unexpected. Ted Koppel just
may NOT know what he is talking about. I certainly thank you for sharing your expertise with us!

Grim

By the way...your experience is predominantly with the power grid in what part of the country?


----------



## SittingElf (Feb 9, 2016)

That still doesn't address a coordinated multi-pronged attack that would take out a number of sites at the same time. The Jihadis are working on those kind of plans....not just for the power grid, but across America on soft targets.

The idea is to make Americans afraid to even leave their homes. It's coming, and it is what those in the know are most concerned about. No BS...they are WORRIED!


----------



## Free (Mar 13, 2016)

I will say I've been through every hurricane that has come through the Gulf of Mexico including Katrina. 

I will say it would take literally hundreds of attacks coordinated at once to do what you are talking about, and that would only produce localized outages. If that happened the "grid" would isolate the faults and route power from a different way. The utility industry plans and trains for these kind of events. The worst that would happen is we would have roving blackouts that are planned and coordinated until the problems are corrected. When The event you referred to happened we knew within minutes that something malicious was underway and we started our action plan for this and were thousands of miles away. I won't say it can never happen but I will probably get hit by lightning first.


----------



## Free (Mar 13, 2016)

Just look at every major hurricane that hits the US. It's like a terrorist it takes out hundreds of stations and the outages are localized to the affected areas. If the lines were still up we would just reroute the power and most would be back on in a matter of hours but unfortunately a hurricane takes everything down. Putting the lines back up is what takes the time to restore


----------



## SDF880 (Mar 28, 2013)

Free said:


> Just look at every major hurricane that hits the US. It's like a terrorist it takes out hundreds of stations and the outages are localized to the affected areas. If the lines were still up we would just reroute the power and most would be back on in a matter of hours but unfortunately a hurricane takes everything down. Putting the lines back up is what takes the time to restore


Free - What are your thoughts on a once every 200 year sun event such as the "Carrington Event" or an EMP from attack?

https://en.wikipedia.org/wiki/Solar_storm_of_1859


----------



## Free (Mar 13, 2016)

An emp takes an enormous amount of energy to accomplish and it would be local like within 50 miles and by design the grid is spread out so it would only get a couple stations. From a bang for your effort standpoint an emp wouldn't be worth it for me. A solar event has the most potential to do damage. I'm not an astronomer so I can't say how often or strong an event would be but we've had minor events in the past that we've studied. The system has safeguards engineered in for this but the problem is is we don't really know what will happen because a major event has never happened before.


----------



## Free (Mar 13, 2016)

I'm not saying to not prep, I'm a prepper. To me it's just a risk analysis, chances of anything happening (low), consequences if anything happens (very high), cost to alleviate risk (low)


----------



## Maine-Marine (Mar 7, 2014)

Free said:


> I posted this in another thread and am reposting it here, if you have a specific question about anything in particular I will answer it. About 95% of the stuf in the books are greatly exaggerated or completely not true.
> 
> I'm not sure what will happen but I'm confident that a wide spread and long term power outage will not happen. A cyber attack, solar flare and terrorist shooting transformers are way way way down on my list of things happening. The reason I can say this with confidence is because I have 25 plus years in the electric utility industry with experience in transmission and generation controls, maintenance and cyber security. I've been through every hurricane since Andrew and numerous brown and blackouts. I won't go into a lot of details but there are a lot of things built into the system that people don't know and when I hear pundits on media saying outrageous things I just have to shake my head.


You Sir are wrong....

a Major EMP would wipe out most if not all the transformers... where would spares come from???

The government has been saying for years it needs to work on the grid but they do not have the money... You might have been working in the industry for 25 years but in what position??

and talking about hurricanes and comparing them to an EMP or cyber attack - makes me doubt you even more

and when you say "I won't go into a lot of details but there are a lot of things built into the system that people don't know" are you flipping kidding me... are you some sort of secret agent man.. agent orange or 009.... PLEASE... what things do you know that others do not know...

I would love to ask you question put apparently since the hardware is made in area 51, I doubt you could answer my questions


----------



## Maine-Marine (Mar 7, 2014)

Free said:


> The system has safeguards engineered in for this but the problem is is we don't really know what will happen because a major event has never happened before.


Carrington.....


----------



## Free (Mar 13, 2016)

I started in the industry in the 80s as an operator at a 1800 MW site. After 5-6 years I transferred to the T&D side of the business where I managed the apparatus group. The apparatus group is responsible for the maintenance and construction of the wires and stations, this includes everything from the generator line side breaker brown to the 34.5kv circuits. After about 7-8 years of that I moved back to the generation side and managed the generation Engineering group that consisted of mechanical, electrical, planning and performance engineers. This group maintained over 3000 MW at 7 different locations. Then finally after about 15 years of doing that I moved to my current position of manager of compliance and performance. I've had my hands literally on just about every piece of equipment out there and managed $500 million dollar projects. This is my experience in the industry and now what experience are you basing your comments on. And yes I won't go into details for the same reasons you won't tell the world where you live and what kind of security you have around your house. I don't have any special knowledge that others don't have, others in the utility business know just as much if not more than me.


----------



## Free (Mar 13, 2016)

If you are stating that a major currington event has already happened, then I guess we passed the test because the system is still standing. Don't get me wrong, I'm not saying something won't happen or we don't need to prepare ourselves, i'm just sharing my knowledge. Wouldn't you want to know the real truth about things so you could better prepare.


----------



## SittingElf (Feb 9, 2016)

I'll respond to FREE in a few days. My father in law is a retired VP of NYSEG who handled the logistics for the entire company.

I want to have a discussion with him before commenting on the ability for the power companies to respond to a severe Cyber/Terrorist Attack/EMP/CME event.

My guess is that that the ability to respond in a quick response to an attack of significant magnitude would overwhelm the ability for near-term response and correction, but I could be wrong. 

Stay tuned.

Cheers


----------



## SDF880 (Mar 28, 2013)

Free - Thanks for the info! I don't know much if anything about the big picture of the grid and it's weakpoints and always trying to educate myself!
All I can do is try to prep for short to long term outages and right now I'm in OK shape. I have 2 generators, 2 battery packs, 5 various sized inverters and
solar chargers to daytime recharge. We have made it thru a 9 day, 5 day, and several 2-3 day outages over the last 15 years with no problem. I'm not so concerned with
the big one as I am a 2 - 4 week outage due to ice storm, or like when I was a teen a tornado caused us to be without power for a month. 

Thanks, 

SDF880


----------



## Will2 (Mar 20, 2013)

Camel923 said:


> Could a big enough cyber attack creat situation similar to an emp? I think its unlikely, but...


What hacker in their right mind would want to shut down the internet. Hackers like the internet, even the malicious ones, no internet no targets.

Lots of the systems have been hardened from online attacks.

They are still susceptible in some cases to local information attacks via any existing SCADA etc.. vunerabilities but even those are being shut down by any companies that have exercised due diligence.

I don't think it is possible really to gain the same level of sucess. It can cause disruptions though but not lasting outages.

Some countries using older siemens type systems may be vunerable but in general that is only infrastructure that hasn't exercised due diligance, which any critical systems will. But any ability to do so is based wholely on gross negligence by the industrial operator having their operating nodes being accessible via a communications network system.

Critical systems are simply not connected to the public internet, and use wireless SCADA like systems if they are modernized. Even these systems have shutoff values, that convert the system to manual servicing mode.

http://www.eolss.net/sample-chapters/c08/e6-187-06-00.pdf
https://www.csiac.org/journal-artic...allenges-of-scada-and-smart-grid-integration/


----------



## Free (Mar 13, 2016)

That sounds like a good plan. I live on a farm and we have somewhat the same setup


----------



## Illini Warrior (Jan 24, 2015)

Free said:


> I posted this in another thread and am reposting it here, if you have a specific question about anything in particular I will answer it. About 95% of the stuf in the books are greatly exaggerated or completely not true.
> 
> I'm not sure what will happen but I'm confident that a wide spread and long term power outage will not happen. A cyber attack, solar flare and terrorist shooting transformers are way way way down on my list of things happening. The reason I can say this with confidence is because I have 25 plus years in the electric utility industry with experience in transmission and generation controls, maintenance and cyber security. I've been through every hurricane since Andrew and numerous brown and blackouts. I won't go into a lot of details but there are a lot of things built into the system that people don't know and when I hear pundits on media saying outrageous things I just have to shake my head.


guy, just like FEMA, the utilities have never experienced a massive nationwide destructive SHTF - the utilities had a week to gather the troops from all over the country and the needed supplies - for the regional events like Katrina & Storm Sandy .... what happens when it's a nationwide - even international event - and the transportation and communications are totally SNAFU??? ....

there's not going to be mass subcontractor hiring from the Midwest - South - West Coast .... no police escorted Red Ball Express transport of emergency supplies from some Ohio substation .... not to mention - Are your own emergency repair crews, located in the effected area(s), going to respond?

I hope to hell that the non-preppers in your utility company have a better understanding of the implications than you do - you're frankly very scary ignorant ...


----------



## Free (Mar 13, 2016)

Again please give the bases of your argument. 
It's kind of ironic, the essential people in our industry are covered by default. We (the company )have planned for things like this and they will supply for them and their families.


----------



## 8301 (Nov 29, 2014)

I wish Paul S. was still here. Free and Paul would have a good discussion although what little I know mostly supports Free's posts.


----------



## Will2 (Mar 20, 2013)

Also note part of the US grid appears hardened from EMP, this from 2013
OurEnergyPolicy.org | What Maine Did to Secure Its Electric Grid from Electromagnetic Pulse and Geomagnetic Disturbance

http://jewishvoiceny.com/index.php?...-threat-of-emp-and-what-wasnt-done&Itemid=325

Here are some interesting reads on Canada
http://mackenzieinstitute.com/emp-threat-canada-2/

http://www.electricity.ca/resources/smart-grid.php

Engineers arn't stupid holes, in industrial systems are being shutdown, and local clients do not control the master.

Total takedown via hacking is very very unlikely, and I would guess most smart grids have been hardened with older SCADA vulnerabilities.

EMP is a threat, hacking is a nuisance.

https://medium.com/war-is-boring/th...-44-million-emp-bunker-in-alaska-5a37dee2bcd8


----------



## Maine-Marine (Mar 7, 2014)

Will2 said:


> Critical systems are simply not connected to the public internet, and use wireless SCADA like systems if they are modernized. Even these systems have shutoff values, that convert the system to manual servicing mode.


SAY WHAT.... Wireless SCADA system??? LOL... I work with the O&G (oil and Gas) folks... folks in Texas or Oklahoma have to be able to see what is going on in PA, OK, and other remote areas... how to they do this... the internet.....

I could give you 100 ip address that are on the open internet.... most SCADA systems rely on satellite or cell modems to combine multi sites into one internet point for comm...


----------



## Maine-Marine (Mar 7, 2014)

Free said:


> If you are stating that a major currington event has already happened, then I guess we passed the test because the system is still standing. Don't get me wrong, I'm not saying something won't happen or we don't need to prepare ourselves, i'm just sharing my knowledge. Wouldn't you want to know the real truth about things so you could better prepare.


I trust these guys more then you sir, And as far as being prepared.. LOL... I am ready....

we have already had a carrington event... of course it was THE CARRINGTON event - of course it happened before modern electronics

We Can't Keep Ignoring the EMP Threat - US News

Panel: Electrical grid vulnerable to terrorist attack - ABC News

We Can't Keep Ignoring the EMP Threat - US News

http://www.empcommission.org/docs/empc_exec_rpt.pdf


----------



## Free (Mar 13, 2016)

I can't speak for other industries but our critical assets are contained within their own network


----------



## Maine-Marine (Mar 7, 2014)

Free said:


> I can't speak for other industries but our critical assets are contained within their own network


your wires are located in the open air.

are you telling us that the electric company is not connected to the internet...EVER....


----------



## Free (Mar 13, 2016)

I'm not trying to convince you of anything just stating what I know. You do what you want and I'm glad your prepared. It doesn't matter what you or I think or believe, what will or won't happen will happen regardless so just chill out


----------



## Maine-Marine (Mar 7, 2014)

Free said:


> I'm not trying to convince you of anything just stating what I know. You do what you want and I'm glad your prepared. It doesn't matter what you or I think or believe, what will or won't happen will happen regardless so just chill out


OK.... Chilled out


----------



## Free (Mar 13, 2016)

That would be critical cyber assets


----------



## Free (Mar 13, 2016)

Here is a good example of how things get all blown out of proportion. 
Look up " aurora generator test" and read how easy it is to literally destroy every generation unit and electric motor in the country. Heck they even proved it by actually doing it to a generator and you can watch it destroy its self in the video. That test was taken to a senate subcommittee and the committee and the news people went crazy, we have to do something about this because the sky is going to fall. Well that subcommittee instructed NERC to investigate and determine how industry can prevent this from happening. NERC in return requested utilities to develop a mitigation plan for this so we started looking into the event. The first thing we did was request the aurora technical data used to develop the test. After we and other utilities examined the data we had a meeting of about 50 different utilities to discuss everyone's findings. We were thinking we had to be missing something because this was ludicrous and stupid to be wasting everyone's time on this stupid s$$t. It took everyone about 10 minutes to agree that it couldn't be done and the test were greatly flawed. The test was the equivalent of proving that a major bank could be robbed day a 10 year old and they proved it by actually doing it. Yes they did it all right by sending all the guards home and turning every security system off and giving them the combination to the safe. So in the end the utilities had to provide an Aurora assessment and mitigation plan to NERC and in that plan it stated that we mitigated the risk by doing nothing and stating how it would be impossible to actually conduct an aurora event on our equipment. Oh yea, did I mention this all started by an actual test. A test bone by guess who, a company that developed and sold a special relay to prevent an aurora event. What better way to sell your products than fear and getting the government to mandate that you purchase a special relay to prevent this from happening. Thank goodness this one didn't make it this time. Remember always follow the money.


----------



## Will2 (Mar 20, 2013)

Maine-Marine said:


> SAY WHAT.... Wireless SCADA system??? LOL... I work with the O&G (oil and Gas) folks... folks in Texas or Oklahoma have to be able to see what is going on in PA, OK, and other remote areas... how to they do this... the internet.....
> 
> I could give you 100 ip address that are on the open internet.... most SCADA systems rely on satellite or cell modems to combine multi sites into one internet point for comm...


No, while non critical system CAN use the internet, critical systems have their own communications infrastructure. They use satalite, or PRIVATE phone lines, microwave relays etc...

It isn't the public internet, hopefully you can understand the difference between a private communications infrastructure and one that is connected to the internet backbone.

The phone lines they use run alongside the pipeline. This has their own redundant communications system. Specific stations may have satellite uplink also. In some areas they may use wireless such as microwave. This is the same type of systems that radio stations use to transfer data to repeater stations.

You are confusing "public communications infrastructure" with "private communications infrastructure"

While it is technically possible your company uses public systems, it is not likely.

Have you actually looked into what type of SCADA your company uses and if it uses its own communications grid or the public one as their control system?

If you get me the company name, I may be able to find out for you.

Critical systems are not suppose to connect with the internet itself, which is the reason why private communications that do not interconnect with the internet are used.

I would be highly doubtful if any critical systems were connected.

http://www.pipeline-conference.com/sites/default/files/papers/Walk.pdf



> The Transportation Security Administration (TSA) is authorized by federal statute to promulgate
> pipeline physical security and cybersecurity regulations, if necessary, but the agency has not
> found a need to issue such regulations to date. An April 2011 White House proposal4
> and the
> ...


https://www.fas.org/sgp/crs/homesec/R42660.pdf



> In particular, cyber infiltration of supervisory control
> and data acquisition (SCADA) systems could allow "hackers" to disrupt pipeline service and
> cause spills, explosions, or fires-all from remote locations via the Internet or other
> communication pathways.
> ...





> There have been no major pipeline commodity releases in the United States that investigators
> have attributed to malicious cyber activity, but SCADA-related problems were a primary cause or
> contributing factor in several recent pipeline accidents which had catastrophic consequences.
> • San Bruno, CA-A 2010 natural gas pipeline explosion killed 8 people, injured
> ...





> The increased vulnerability of pipeline SCADA systems due to their modernization, taken
> together with the emergence of SCADA-specific malicious software and the recent cyber attacks
> suggests that cybersecurity threats to pipelines have been increasing. Federal agencies and
> pipeline operators are aware of these threats, however, and have programs in place to counter
> them. These programs are discussed in the following section.


http://www.tripwire.com/state-of-security/featured/empowering-pipeline-scada-cybersecurity/

Now more related to future - i.e. internet of things (IOT) This is an interesting article once you get down to IOTDDOS2WORLD attacks
essentially you do a distributed denial of service by remotely activating a large number of devices to cause a "spike" in electric usage to crash the grid. Interesting idea but I don't think this is likely to get to that level in the near future, we are talking decades and by then it will be much more advanced.

http://www.eenews.net/stories/1060004528

You know any companies that have systems connected to explosive/flamable pressure controlled substances, is just negligence if they don't have pressure safeguards hardwired as opposed to being able to be overclocked. It is just nonsensical unless NS wants to be able to destroy infrastructure for security reasons.



> Critical nodes in the storage component of the supply chain are large-capacity clusters located in key transportation nodes such as Perth Amboy, New Jersey.
> --SCADA is important, but less critical because disruption of control has less impact than destruction of the physical components of the supply chain.





> SCADA systems are designed to keep pipeline systems safe. They do this by monitoring pumps, valves, pressure, density, and temperature of the contents of the pipeline. An alarm sounds when one or more of the measurements go out of bounds, so operators can shut down pumps and compressors. Operators must consider the local terrain, the product that is inside a pipe, and numerous physical characteristics of the pipeline. If safety limits are exceeded, a SCADA system can automatically shut down a pipeline within minutes.
> As we shall see, SCADA plays a relatively minor role in vulnerability analysis because a SCADA shutdown may cause loss of revenue, but not loss of life. Also, SCADA vulnerabilities can be mitigated for a relatively modest investment compared with the investment required to replace a refinery, storage tank, or section of pipeline.


https://www.chds.us/coursefiles/cip/lectures/energy/cip_energy_supplychain/data/presentation.xml

Presentation can be watched here https://www.chds.us/?mobile:index&p=media&device=iPhone&vid=1812


----------



## Maine-Marine (Mar 7, 2014)

https://en.wikipedia.org/wiki/March_1989_geomagnetic_storm

a 9 hour black out caused by solar flare

The real problem is that we have a bunch of electrical wires above ground and exposed.... and EMP and CMP travel faster then a surge protector can work. 
Houses would catch on fire
business machines would be destroyed
Hospitals would be closed
cars would not work
planes (newer) would crash

Unless the power companies have stock piled millions of transformers in a metal cage that is protected.... we will be screwed if this ever happens... I bet there are 25 50kva transformers just on my way into work 1 50 KV generator will handle about 25 house

how long would it take to replace 7 million+ of them

plus the cost to the company, lost business production, wages

No electrical company is ready for a major EMP event


----------



## Maine-Marine (Mar 7, 2014)

Will2 said:


> It isn't the public internet, hopefully you can understand the difference between a private communications infrastructure and one that is connected to the internet backbone.


do you understand that there is only one internet and public and private traffic flow through the same lines... there are only so many major internet HUBS and all traffic flows through 1 of them

Even satellite communications are not always totally private... (sat companies require your traffic to pass through their hub/central router - if not how do they track how much data/bandwidth you are using

In order to have VPN communication - you have to have a connection

Private phone lines... are a thing of the past

At this point I am going to end this conversation because frankly... I am not interested in educating you


----------



## Free (Mar 13, 2016)

Every electric utility company I know of has their own personal com and data networks be it hard wire, directional rf or microwave


----------



## SittingElf (Feb 9, 2016)

Free said:


> Every electric utility company I know of has their own personal com and data networks be it hard wire, directional rf or microwave


Everyone is forgetting STUXNET, which did NOT infect through the internet or other publicly accessible points. It was sabotage, and the Chinese as well as others certainly have the ability and expertise to do the same to our infrastructure. 
Do you not remember the Chinese employee who was eventually caught and charged with spying at Sandia National Labs?? He was an INSIDER who could have infected the whole nuclear system had that been his mission.

From Wiki, for those who don't know what I'm talking about.....



> *Stuxnet* is a malicious computer worm believed to be a jointly built American-Israeli cyber weapon.[SUP][1][/SUP] Although neither state has confirmed this openly,[SUP][2][/SUP] anonymous US officials speaking to the _Washington Post_ claimed the worm was developed during the Obama administration *to sabotage Iran's nuclear program* with what would seem like a long series of unfortunate accidents.[SUP][3][/SUP]
> Stuxnet specifically targets PLCs, which allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws,[SUP][4][/SUP] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[SUP][5][/SUP] *Stuxnet's design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems* (e.g., in automobile or power plants), the majority of which reside in Europe, Japan and the US.[SUP][6][/SUP] Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges.[SUP][7][/SUP]
> Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, preventing detection of the presence of Stuxnet.[SUP][8][/SUP]
> Stuxnet is typically introduced to the target environment via an infected USB flash drive. The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the codes and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users.[SUP][9][/SUP][SUP][10][/SUP]


----------



## Free (Mar 13, 2016)

I'm not saying it's impossible to accomplish but it is very very difficult. As for insiders, yes it's possible but they could at the most only affect that particular company. We tested our systems against the stuxnet and found it to be benign to our critical systems.


----------



## SittingElf (Feb 9, 2016)

Free said:


> I'm not saying it's impossible to accomplish but it is very very difficult. As for insiders, yes it's possible but they could at the most only affect that particular company. We tested our systems against the stuxnet and found it to be benign to our critical systems.


I think you are in denial.

I'm not saying STUXNET specifically. I'm speaking of worms or viruses that our enemies may develop that we have no current defense against. The Chinese and Russians in particular are very adept at developing nefarious programs and systems. We simply cannot always be so arrogant as to believe that we are immune from a total and effective attack....and if it comes, we had better be prepared for a long and arduous journey back to the light.


----------



## Maine-Marine (Mar 7, 2014)

Will2 said:


> Critical systems are not suppose to connect with the internet itself, which is the reason why* private communications that do not interconnect with the internet* are used.


give me a couple examples of THOSE ( private communications that do not interconnect with the internet) please...

PRIVATE T1 lines can be hacked

any traffic that goes over the air can be hacked

any traffic that uses a satellite can be hacked

traffic using a undersea cable can be hacked


----------



## Free (Mar 13, 2016)

How about I post all our network drawings and any firewall access codes. Would that help you understand. How about I quit this because you can't accept what I know for 100% but you can accept what you read on the net. I gave you an example of things on the net that is totally bogus


----------



## Will2 (Mar 20, 2013)

Maine-Marine said:


> do you understand that there is only one internet and public and private traffic flow through the same lines...


That isn't true. Companies have their own dedicated communication channels. They lay their own fibre and wire, they lease out satellite bandwidth, they reserve their own frequency spectrum etc.. I am not in agreement with you on this. The facts I have and what you are saying do not align. It is completely contrary to the idea of private networks and public networks.

(I know people who have worked in IT for some major corps amongst other informations, I have 0 doubt as I have previously researched this, you appear to not understand some major systems and how they operate independent from the internet.)



> there are only so many major internet HUBS and all traffic flows through 1 of them


For public traffic but not private traffic. This is where microwave stations, and satellites are used. They lay their own wire with the pipeline. Electrical wires themselves on the electric grid can be used to send data.



> Even satellite communications are not always totally private... (sat companies require your traffic to pass through their hub/central router - if not how do they track how much data/bandwidth you are using


Hmm well there are a lot of satellites and architectures out there so that would require a separate thread in the COMMS subforum I think.



> In order to have VPN communication - you have to have a connection


You are confusing VPN and private network. VPN = virtual private network. Private Network is not virtual, it is private.



> Private phone lines... are a thing of the past


Nope. They still exist.

Do some reading on Dark Fiber, it isn't even the whole thing when it comes to private backbones.

You are still thinking like a comercial client rather than self-operating organization.
read this to start.
https://community.spiceworks.com/topic/500767-dedicated-fiber-vs-broadband

then read this

https://en.wikipedia.org/wiki/Dark_fibre

Then read this

https://www.slb.com/~/media/Files/resources/oilfield_review/ors93/1093/p23_35.pdf

In the case of oil and gas example with SINET


> Atleast 98% of SINet trafic passes through dedicated terrestrial lines (twisted copper wire or optical fibers) leased from local telephone utilities.


I know of two networks that are financial sector that are completely independent and very long distance.

Have you ever experienced not being able to pay for something via credit card but your internet working just fine, that is because of private x. 25 networks

https://www.mastercard.com/us/company/en/docs/X25_within_the_Payment_Card_Industry.pdf

Also note there are research networks.

When I first learned about the internet in the late 1980's it was still very new. Cable in Canada didn't really even exist until the 1980s
In fact in the 1970's and 1980's when the internet was still young, it was effectively a bunch of private networks that had some form of dial in access connected through phone lines.

None the less, banks, military, gov, and others maintained these systems seperate from the major telecommunications providers.

I am having difficulty finding info on this though.

Things like commodore modems were a big entry to the internet.

Early connections via systems like PCconnect were still a new thing in the 1980s.

In the 1980s and 1990s you could use your telephone network, that was the internet, in the days before and after gopher net. Basically everything has been dumbed down.

While there were public communications line big players had their own dedicated lines that were not, and are not public. Those lines were upgraded in the mid to late 1990s, with private broadband, although there are still existing private lines, such as those along pipeline that was laid when the pipe was put in in the 1970s it really depends on how old the pipe is.

http://www.bbsdocumentary.com/software/expanded.html

There are a lot of different possiblities however, the "hardened systems" should still be hardened. I can't provide specific information though on any critical systems.

there may of course and if you see the beginning of one of my previous posts. Systems that are not safe and have resulted in destruction and death.

http://www.security-innovation.org/










> Our Time Is Now...
> 
> The White House Summit on Cybersecurity and Consumer Protection was a watershed moment for both consumers and Cybersecurity professionals. For me it was a personal and proud moment as I have been involved in building public private partnerships (PPP) in this domain since December 18th, 2001. This was the day I arrived in San Francisco from Washington, DC to run the operations for the United States Secret Service Northern California Office. This responsibility also included creating the first Secret Service Electronic Crimes Task Force (ECTF) on the West Coast, which provided the opportunity to partner with private industry in a significant and impactful way.
> 
> ...


Look up Orion Academic Network Ontario



> Taps have also been found on police networks in Germany and the Netherlands, and in the networks of pharmaceutical giants in the UK and France.
> 
> More information can be found on the Web by searching "fiber optic network security".





> The UK has extensive private wire for police CCTV.
> 
> Taps have also been found on police networks in Germany and the Netherlands, and in the networks of pharmaceutical giants in the UK and France.
> 
> ...


Note connecting the internet is a totally optional step, as corporations can operate their own wan/lan exclusive from the net.

Here is another relevant link

http://www.bbc.com/news/technology-22524274

Related to Electrical / EMP



> lectricity grid and smart meters
> The generation, transmission, and distribution of electricity are monitored and controlled using SCADA systems (12). In addition, the electricity grid consists of a range of other networked devices. In the case of the US energy grid over 70 percent of components are over 25 years old, including many SCADA systems (13). Given the potential cascade effects of shutting down the electricity grid, it has been a key point of cyberattack. Electricity grid utilities in the US report being under near constant cyberattack, with one utility recording that it was the target of approximately 10,000 cyberattacks each month (all five commissioners of the Federal Energy Regulatory Commission agree that the threat of a cyber-attack on the electric grid is the top threat to electricity reliability in the United States) (8). The Israel Electric Corp. reports that its servers register about 6,000 unique computer attacks every second, with other critical infrastructure also under continuous cyberattack (9). As smart grids and smart meters are installed, the number of potential access points to grid networks increases enormously (12). Smart meters themselves can be hacked with low-cost tools and readily available software to alter proof of consumption or to steal energy from other users (1, 14).





> (12) The Center for the Study of the Presidency and Congress (2014) Securing the U.S. Electric Grid. Washington DC https://www.thepresidency.org/sites/default/files/Final Grid Report_0.pdf (last accessed 15 Nov 2015)
> (13) Goodman, M. (2015) Future Crimes: A Journey to the Dark Side of Technology - and How to Survive It. Bantam Press, New York.
> (14) Krebs (2012) FBI: Smart Meter Hacks Likely to Spread, April 9th, Krebs on Security. http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/ (last accessed 21 Sept 2015)


----------



## jim-henscheli (May 4, 2015)

Isn't this whole argument sort of a moot point? I mean, prepping in itself assumes system failure. No system is foolproof. We(including utility companies) do what works, and plan for when it does not. Everyone acknowledges the grids vulnerability. We have all given up on the pipe dream of government taking care of anything, so the real question is what is our plan as individuals and families, when our electronic umbilical cord is frayed or cut?


----------



## Maine-Marine (Mar 7, 2014)

Will2 said:


> Blah blah blahBlah blah blahBlah blah blahBlah blah blahBlah blah blahBlah blah blahBlah blah blahBlah blah blah


I work in the oil and gas industry as a network and communication tech

very few companies have their own dedicated line... - by this I mean very very few have their own cable further then a mile or two... why.. because it is hard to get permission from 1,000 of land owners to lay said cable
- 
the bands which you speak of in the licensed spectrum.... lol.. just because they are licensed does not mean they are private... I would refer you to companies like 4RF or Freewave which sell products for licensed solutions

satellite solutions - I just delivered 32 systems... all of them use the same satellite as other companies. Since they are using the SAME satellite they are at risk.. unless is company is willing to pay $100 million to put up their own sat-- then they are sharing bandwidth

in small local set ups for scada...(as an example waste water) it might be optional to connect via the internet... but where the scada meters are in PA and the SCADA engineers are in TX... you need a cell modem or sat or telephone line... and all three of these are open to being hacked...

I am sorry I can not answer the rest of your post... it was mostly you copying and pasting varies odd internet links trying to toss as much shit on the wall as possible...

So I say GOOD DAY SIR


----------



## BuckB (Jan 14, 2016)

Maine-Marine said:


> I work in the oil and gas industry as a network and communication tech
> 
> very few companies have their own dedicated line... - by this I mean very very few have their own cable further then a mile or two... why.. because it is hard to get permission from 1,000 of land owners to lay said cable
> -
> ...


Not only that, even if you have a network that is completely hardwired and private, all it takes is one device to be connected to a public net at the same time they are connected your private net and all privacy goes out the door.


----------



## Free (Mar 13, 2016)

Like I've said before, I never said it couldn't happen just that it would be very difficult. I only know electric utilities and everything I have stated is 100% true. Prep for what ever you want to it doesn't matter to me as long as your prepared. There is so much bad information out there it's crazy. I formed a team years ago that consisted of top knowledge mechanical, electrical, communication and programmers form our industry and FERC and NERC security experts, our task was to do a vulnerability study of our industry. I learned two major things from that study. 1) the well known stuff out there like hacking, shooting things, emp and so on was pretty well hardened and have gotten harder in the years since. The second thing was that there are vulnerable areas out there. The good thing about these areas is there hidden and things are being put in place to harden these up. its kind of like security around the White House, they let you see the security they want you to see and the other doesn't exist outside of a very small circle.


----------



## Maine-Marine (Mar 7, 2014)

BuckB said:


> Not only that, even if you have a network that is completely hardwired and private, all it takes is one device to be connected to a public net at the same time they are connected your private net and all privacy goes out the door.


good explanation..and you did not have to copy and paste 107 paragraphs


----------



## Free (Mar 13, 2016)

Not only that, even if you have a network that is completely hardwired and private, all it takes is one device to be connected

That's true and that's why we disable all unused ports and services and only an administrator can turn them on. We also continually scan all ports for any changes


----------



## Free (Mar 13, 2016)

Yes if your on the inside you can literally shoot people and have your way with the system all you want and there is nothing you can do about it. You could destroy a couple generators and cause a headache for the transmission planning people but the grid would stay up and it wouldn't be a cascading blackout.


----------



## Free (Mar 13, 2016)

Read the nerc cip standards, we must follow these for critical cyber assets at a MINIMUM, we do more.

CIP Standards


----------



## TacticalCanuck (Aug 5, 2014)

What ifs always leave me pondering but never committing to an ideology or whatever. 

I certainly think that continued sustained attack to anything will break it. Including the grid. If the countries that are super sick of cowing to the US government and the petrol dollar finaly unite there will be big trouble. The only thing holding em back is nukes. Which is why every country other than the US who wants em is attacked with massive propaganda and even war - finacial and literal. 

Anyone who wants a different reserve currency is attacked fast and hard to "preserve their way of life".

Prepping is important and i think smart. It can be done incrementally and isnt taxing. Keeping sustainability and self preservation in mind when making choices is just smart. 

But i think that is something is gonna happen its just gonna happen and it probably wont be something that many saw coming. I think the stuff we think we generally know can just be propaganda or based on that too. 

Keep your mind open.


----------



## Free (Mar 13, 2016)

I definitely agree with your last paragraph


----------



## PaulS (Mar 11, 2013)

The closest thing the the electric distribution folks have done to protect against an EMP is to put fast switches in place to disconnect sections of the grid in the event of a massive solar EMP. Those switches are electronic units that will be fried in the first nanoseconds of an HEMP event. The E1 pulse will fry the chips in them and then the E2 and E3 pulses will burn the transmission lines, transformers and generators which will destroy the grid. It will take decades to replace the components. In those decades the stored waste fuel at reactor sites will burn up due to a lack of cooling water being pumped through the storage pools.

We have no public utilities that are hardened against an HEMP.


----------



## A Watchman (Sep 14, 2015)

Hello Paul, good to hear from you.


----------

