[ISN] Hackers Did Not Cause Blackout - Report

From: InfoSec News (isn@private)
Date: Wed Nov 19 2003 - 22:11:04 PST


    Forwarded from: William Knowles <wk@private>
    By Brian Krebs
    washingtonpost.com Staff Writer
    November 19, 2003
    There is no evidence that the blackout that struck the northeastern 
    United States and southern Canada on August 14 was caused by hackers, 
    but the power grid's reliance on the Internet makes it vulnerable to 
    potentially devastating online attacks, according to a report issued 
    The U.S.-Canada Power System Outage Task Force concluded that the 
    blackout was due to a combination of factors, including computer 
    failures, human error, power grid rule violations and inadequate 
    maintenance by FirstEnergy Corp., the Akron-based power company that 
    serves northern Ohio.
    The task force said "analysis to date provides no evidence that 
    malicious actors are responsible for, or contributed to, the outage." 
    But the report noted that utilities are increasingly connecting their 
    internal control systems to the global Internet to more easily monitor 
    their networks from remote locations, a practice that exposes systems 
    to a range of security risks.
    The largest North American blackout in history took place two days 
    after the "Blaster" worm infected hundreds of thousands of computers 
    worldwide, leading some computer security experts to speculate that 
    the malicious computer program caused or contributed to the power 
    Such speculation was driven, in part, by the fact that the "Slammer" 
    worm crashed computers at FirstEnergy's Davis-Besse nuclear power 
    plant when it spread across the Internet in late January.
    In June 2002, Washington Post reporter Barton Gellman reported that 
    U.S. government security officials were growing concerned that 
    terrorists would try to hijack vulnerable computer systems at 
    utilities, dams and other infrastructure targets in hopes of causing 
    widespread destruction. Officials told Gellman that they had monitored 
    Internet traffic from East Asia and the Middle East that was directed 
    at critical infrastructure systems, activity that was interpreted to 
    be terrorists researching potential targets.
    Utilities have long been targeted by hackers, according to Alexandria, 
    Va.-based network security firm Riptech (now a unit of Symantec 
    Corp.). Riptech said that its power and energy clients were targeted 
    far more than any other industry sector last year: 70 percent of power 
    and energy companies suffered at least one severe attack during the 
    first six months of 2002, a 77 percent increase over the previous 
    Joseph Weiss, a consultant at Fairfax, Va.-based KEMA Consulting, said 
    most U.S. power facilities now use some form of commercially available 
    products to remotely monitor and control their distant networks and 
    facilities. Yet, the vast majority of the nation's power plants and 
    substations do not have the technology in place to detect electronic 
    intrusions, Weiss said.
    "These systems are being networked over the Web because the power 
    companies want the information from various facilities in real time," 
    Weiss said. "And that's starting to make them a lot more vulnerable 
    than they were in the past."
    Many of the back-end systems that control the physical switches in 
    power plants are the very same products used in other industrial 
    infrastructures, including water, oil and gas, chemical and metal 
    refining, paper, pharmaceuticals, and food and beverage production, 
    Weiss said.
    "That means if one of them is vulnerable, all of them probably are," 
    he said.
    The U.S.-Canada report concluded that the generation and delivery of 
    electricity remains a target of people intent on disrupting the 
    electric power system.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 20 2003 - 01:59:52 PST