The Devastating Effects of a Cyber-Attack Against a Country’s Energy Grid
Computer war has grown up. It has moved from the age of the equivalent of black powder to the equivalent of high-explosive shells — not yet nuclear devices but close.
Enemies with sophisticated computer technology, money and determination can now contemplate the possibility of taking down the electrical systems of large swaths of the nation. Just a small interruption in power supply is devastating; as has been demonstrated by the recent power outages in 10 states, caused by severe weather.
The world as we know it stops when power fails; gasoline cannot be pumped, air conditioning and all other household appliances cannot be used, plunging us into a dark age without the tools of a dark age – candles, firewood, horses and carts.
At the center of this vulnerability is a device most of us have never heard of but is an essential part of modern infrastructure. It is the programmable logic controller (PLC).
In appearance the PLC is usually a small, black box about the size of a woman’s purse. It came on the scene in the 1960s, when microprocessors became available and has grown exponentially in application and deployment ever since. The full computerization of the PLC put it silently but vitally in charge of nearly every commercial/industrial operation, from assembly lines to power dispatch.
These devices are the brain box of everything from air traffic systems to railroads. They replaced old-fashioned relays and human commands, and made automation truly automatic.
The revolution brought on by the PLC is an “ultra-important part” of the continuing story of technological progress, according to Ken Ball, an engineering physicist who has written a history of these devices.
Now the PLC — this quiet workhorse, this silent servant — is a cause of worry; not so much from computer hackers, out for a bit of fun through manipulating a single controller, but from the wreckage that can be achieved in a government-sponsored cyber attack with planning and malice of forethought.
Such an attack could be launched for diverse purposes against many aspects of our society. But the most paralyzing would be an attack on the electrical system; on the controllers that run power plant operations and the grid, from coal to nuclear to natural gas to wind turbines and other renewables.
Such a coordinated attack could bring the United States to its knees for days or weeks with traffic jams, abandoned cars, closed airports and hospitals reliant on emergency generators while fuel supplies last.
For this to happen, the hostile force would need to able to get around many firewalls and what are called “sandboxes,” where malware is trapped when detected.
The evidence of how effective attacks on controllers can be lies in Iran and two U.S./Israeli programs (worms, which have been used against the nuclear enrichment plant at Natanz. The first worm was launched specifically at a single type of controller, made by the German company Siemens and deployed in the Natanz plant.
A slip let some of the worm be detected on the Internet by American security companies like Symantec. They named it Stuxnet.
So far Stuxnet has been able to cause the destruction of about 1,000 of the 5,000 Iranian centrifuge enrichment devices. This was done by running them at unsafe speeds, while telling the operators that all was well.
A second worm, called Flame, has been trolling though Iranian computers, sending back critical information on military and scientific secrets. This fiendishly clever operation was launched under President George W. Bush with the code name Olympic Games. But it has been ramped up by President Barack Obama, according to David Sanger of The New York Times.
How safe are our computers and those little black boxes that control everything from traffic lights to chocolate manufacture? I am told by a former technology expert at the CIA that cybersecurity is the top worry of defense planners: It is “ultra” critical, he told me.
Also on the commercial side, many companies are working with clients to protect their systems. Benjamin Jun, vice president of technology at Cryptography Research, Inc., is one of the civilian sentries guarding networks, and by extension controllers for private clients. Jun says invaders are looking for flaws and complexity does not necessarily make a system less vulnerable.
We now live in a world in which devastation can be inflicted by the evil on the unprepared without a shot being fired.
By. Llewellyn King