According to a New Scientist report much of the electricity grid's critical infrastructure is too accessible to the increasinly virus-ridden internet.

News of the safety flaw came as teams investigating the North American electricity blackout on 14 August said they still could not rule out computer problems as a contributory cause of the outage.

Control system experts warn that it's only a matter of time before worms like MSBlaster or Sobig.F - which uses spamming technology to amplify its presence on the net- cripple a power station or grid.

When the Davis-Besse nuclear power plant in Ohio was hit by the Slammer worm this year, the reactor happened to be offline. But the worm disabled a safety monitoring system for nearly five hours. "We are still working through the information to find out what happened," says a spokesman for Akron-based FirstEnergy, which owns the plant.

According to the New Scientist report the worm may have entered the plant's network via a connection to an insecure network. But critical systems like power stations should be cut off from the outside world and the internet, says Joel Gordes, a grid expert at Environmental Energy Solutions in Riverton, Connecticut. But this is not seen as a practical option in today's cost-conscious and highly competitive energy market.

It was cheaper to integrate these systems than to isolate them, says Bill Flynt, former director of the US Army's Homeland Security Threats Office and now with TRC Infrastructure Security in Connecticut. "It was a different security environment," he says.

It's not just nuclear power stations we should be worried about, says Joe Weiss, a control systems expert with KEMA Consulting of Fairfax, Virginia. Weiss is concerned that although the PC-based software used by operators to monitor power stations and transmission lines is usually protected by firewalls, the real-time control electronics that they oversee is not.

"The technology currently does not exist to protect them," he says.

These real-time systems tend to be embedded in non-PC based customised electronics in power plants and substations, but their behaviour can be affected because at some points Pcs are used to switch them on and off- with potentially disastrous consequences for the grid. "So far we've been lucky," says Weiss.

"These embedded systems were designed to be open to easy, remote access." This was appropriate before the rise of the internet, when grids operated on a dedicated, closed infrastructure- but today this level of openness poses a serious threat.

In June, the North American Electric Reliability Council described how a worm brought down another network designed to allow operators to control parts of the grid in remote areas. Known as Supervisory Control and Data Acquisition systems, or SCADAs, these are heavily relied upon to keep grids running round the world.

"It's a genuine problem," says Flynt. "We have to redesign the grid." Weiss says he has tried raising awareness of the issue in Congress. "We have spent a very large amount of money to secure the internet and our IT infrastructure," says Weiss. "But there has been no money spent to protect [utility] control systems."

Meanwhile, the US Department of Energy is spending $114 million on a large-scale mock-up of the US grid, in a 900-square-mile block of desert in Idaho. The aim of its "SCADA Testbed" project is to boost control-system security.

A longer version of this article by Duncan Graham-Rowe appeared in the August 30 issue of New Scientist - the world's leading general science magazine.

Community
Email This Article
Comment On This Article

Related Links
SpaceDaily
Search SpaceDaily
Subscribe To SpaceDaily Express
Cyberwar - Internet Security News - Systems and Policy Issues

Memory Foam Mattress Review

SPACE MEDIA NETWORK PROMOTIONS Solar Energy Solutions Tempur-Pedic Mattress Comparison ... Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News