What if the smart grid has stupid security?
Truth and consequences for critical infrastructure and energy security
By Richard Power
May 11, 2010 — CSO —
As I write this piece, the economic future of the Gulf coast region is dangling on a fragile thread over a fathomless abyss, as a volcanic eruption of oil threatens unprecedented and almost unimaginable consequences. Whether the cause of this tragedy is revealed to be human error, system failure, corporate malfeasance or terrorist attack, the event itself highlights the profound impact of infrastructure-related disaster.
As I write this piece, business media journalists are trying to get their minds around the story of what happened to the New York Stock Exchange recently, when the Dow plunged almost 1,000 points in less than an hour. Theories, rumors and spin abound.
Atlantic Monthly's Wire blog articulated five lessons (5-7-10), including the question: Are we ready for a cyber attack? Of course, that question (the answer to which is an emphatic NO) avoids another relevant question, "Was this a cyber attack?" And the answer to that question, as we know from the Martin Luther King Day telephone system crash (see my book Tangled Web: Tales of Digital Crime for something other than the official story), as well as some other events arising from mysterious "glitches," we may never know (or be able to admit we know).
And as I write this piece, Richard A. Clarke, whose heroic Against All Enemies opened the eyes of some (not enough) people to major governance failures related to the 9/11 attack (pre- and post-), is on a book tour for his new book, Cyber War.
In an interview with National Public Radio's Terry Gross (4-19-10), Clarke stressed the vulnerability of infrastructure: "A cyber attack could disable trains all over the country & It could blow up pipelines. It could cause blackouts and damage electrical power grids so that the blackouts would go on for a long time. It could wipe out and confuse financial records, so that we would not know who owned what, and the financial system would be badly damaged. It could do things like disrupt traffic in urban areas by knocking out control computers. It could, in nefarious ways, do things like wipe out medical records."
Also see Michael Assante and Mark Weatherford's 4 things the roman aqueducts can teach us about securing the power grid on CSOonline.com
You are no doubt familiar with the CBS Sixty Minutes story (11-8-09) on Cyber War that highlighted the attacks on the Brazilian power grid; and you no doubt recall when CIA analyst Tom Donohue referenced declassified information on successful cyber attacks on several non-US cities via the Internet (PC World, 1-19-08). Let's not wait for the big power grid security story of 2010. The time for truth and consequences for critical infrastructure is already here.