Yesterday the WSJ kicked up a storm with a front page article stating the US electrical grid computers have been infiltrated by spyware and trojan horse malware, sent by URL's located in Russia and China. The article went on to warn that in case of war enemy nations would be able to turn out the lights all over the country. Or even worse, disable automatic protection systems and cause equipment to self destruct. Just turning out the lights can be life threatening in heating season. Damaged heavy equipment can take years to replace.
To be that vulnerable requires three blunders by utility engineers. First is excessive automation, too many unmanned plants, remotely controlled. Second is connection to the public internet, and third is using Windows computers.
For instance, I know of a remote controlled gas turbine generator in Peabody MA. They turn it on, and turn it off from a control room located miles away. Proper design would route the control signals over a private line, say a fiber optic line hung off the power poles. That way, a malicious hacker has to climb a pole, and splice a tap into a glass fiber with the wind whistling past his ears. Not so comfy as working a mouse in the comfort of an air conditioned computer room.
If the utility bean counters forced engineering to use the public internet, 'cause it's cheaper than stringing a few miles of fiber optics, then the system is vulnerable. State utilities regulators ought to check on this sort of dangerous cheap cut. As a rule, no connection to the public internet should be allowed for any operational systems.
Second rule, never use Windows for any industrial control system. Windows is not real time. It will not service interrupts while other programs are running. Should a program lock up (fairly common) , interrupts are locked out and emergencies like fire, overheat, over current, over speed, name-your-own-disaster will not get serviced. Plus, Windows is a server operating system with dozens of external entry points that allow remote users to request the "load and execute this program" service. Windows is so eager to serve that any teen aged hacker can take it over and make it do anything he wants. No experienced engineer would ever entrust anything important to Windows, but the company bean counters might force him too. Windows computers, despite their many flaws, are still the cheapest way to go.
Bottom line. It ain't hard to make the electrical grid immune to hackers. It won't cost all that much, compared to the price of a couple of new generating plants. Public utility commission should enforce the rules against use of the public internet and the use of Windows.
No comments:
Post a Comment