Ouchyfish 67 Posted November 5, 2013 Share Posted November 5, 2013 Has anyone heard about the grid test coming up? I have tried to find information on it. I'm surprised there wasn't more talk about it. http://www.nytimes.com/2013/08/17/us/as-worries-over-the-power-grid-rise-a-drill-will-simulate-a-knockout-blow.html?_r=0 http://youtu.be/uASRgF2fwwY Link to comment Share on other sites More sharing options...
Ouchyfish 67 Posted November 7, 2013 Author Share Posted November 7, 2013 No one? Link to comment Share on other sites More sharing options...
homersapien 11,513 Posted November 7, 2013 Share Posted November 7, 2013 Fascinating article. Thanks for bringing it up. Our power grid is obsolete and fragmented to the point of almost being unpredictable. Like other infrastructure issues, it has to be addressed at the federal level. Link to comment Share on other sites More sharing options...
Ouchyfish 67 Posted November 7, 2013 Author Share Posted November 7, 2013 I read that they were going to test it after Veterans Day. I haven't been able to figure out what exactly the test entails as well as where. Link to comment Share on other sites More sharing options...
cptau 169 Posted November 7, 2013 Share Posted November 7, 2013 Most likely simulated failures. Meaning they get notified that a major power company is off line and the other companies have to react. These grid problems have been around since at least the 1960s when the northeast lost power and NYC blacked out. The use of computer control has made it more controllable , but more prone to failure due to malicious activity. They definitely needed to get rid of the Windows based systems and protect and harded the unix and linux systems. Link to comment Share on other sites More sharing options...
Strychnine 1,804 Posted November 7, 2013 Share Posted November 7, 2013 There is only one way to secure a computer-controlled power grid, and that is physical security. It has to be on a completely isolated network (NO outside connections). There is absolutely nothing on the internet that power grid control systems (or their operators) need. That does not completely secure it, but it reduces threat vectors to inside only. I have never worked with a power company before, but I have dealt with enough industrial control systems to know that application security is not something that the application vendors put much thought into. They may talk about it, they may even claim they are secure. When you actually examine them, they are full of holes. Microsoft struggles with security in their biggest product: Windows. It is not because they do not know what they are doing, it is because it is impossible to completely secure something from all threat vectors while providing a useful product. Look at the laundry list of updates for various versions of Windows (Server and desktop) or SQL. Those are just addressing the discovered vulnerabilities, most of which were "discovered" after someone exploited them. In the event of war, an internet-connected power grid would not last long against a potential invading nation's cyberwarfare specialists. If they have to actually walk into a building to unleash their attack on the power grid, that does at least buy valuable time to contain the damage. The same thing applies to the various groups of independent malicious attackers. The operating system inside that network makes no difference, but it needs NO outside connections. If that is not the case, they have no business discussing security as a goal in anything they do. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.