Hackers and the US Power grid

[Chip Fetrow]

It just astounds me that critical power generation and distribution  
equipment is actually connected to the public Internet.

It seems incredibly stupid to me.

I did some work with Mitre several years ago.  They ran their internal  
network with no connection to anything outside.  Of course, part of  
what they do is DoD work.  I wanted to give them access to some of my  
equipment so they wouldn't have to drive 60 miles to "adjust" things.   
They told me they didn't have modems at all and were not allowed to  
buy them.  I reached inside a cabinet, pulled one out and gave it to  
them.  They got permission to instal it on a computer that had a new  
OS install, and no connection to their network.

Now, why can't the power companies do the same thing.  Run an internal  
network.  Seeing that they are the second biggest users of point to  
point microwave (next to phone companies), it would seem trivial.

I had a discussion with a high level engineering manager with a power  
company once and I stated that it seemed obvious to me that nuclear  
plants were not connected to the public Internet and he turned white.

--chip

On Nov 8, 2012, at 11:50 AM, tacos-request at amrad.org wrote:

> Message: 1
> Date: Wed, 07 Nov 2012 22:09:09 -0500
> From: Andre Kesteloot <andre.kesteloot at verizon.net>
> To: Tacos <tacos at amrad.org>
> Subject: Hackers and the US Power grid
>
> The National Security Agency says computer hackers are ramping up
> efforts to take down the U.S. power grid, with a 17-fold increase on
> attacks to the nation's critical infrastructure in the last two years.
>
> "They're growing from disruptive to destructive and our country has  
> the
> bulk of this network," Gen. Keith Alexander, the NSA chief, told the
> Aspen Security Forum in August. "We're the most vulnerable and we need
> to do something about it." [Read more: Meyer/WKYC
> <http://www.wkyc.com/news/article/267320/45/Investigator-Cyber-attack-bigger-threat-than-Sandy 
> >/31October2012]