This news report might be interesting. Yes, hackers may have trouble sending a nuclear plant directly into “China syndrome” or whatever, but there is much damage they could do … even if all they’ve hacked is spent fuel processing, communications, or even e-mail.
However, as the linked article cites, for private corporations to assist against Russian attacks would be “burdensome.” It is much more important to boost power industry profits by a few pennies than to worry about any catastrophe. Why should we think beyond next quarter’s earnings?
I’ve also wondered about the security of our physical grid. We have high tension lines running all over the place, and the towers are not exactly secured. It seems like it would not take all that much coordination and effort to take out dozens of towers simultaneously, which I would assume would wreak some havoc on the electrical grids.
I have a question (and I’m utterly naive on the subject): are these computer control systems connected to the internet? If so, why? And if not, how is a closed system hacked in the first pace?
What exactly are you persuaded to believe by this info? It says specifically that, while they would be locked out of some critical systems, there are others that are also very important to safety and security that they could get into, including ones that could potentially cause an accident in the spent nuclear fuel.
Hmmm. I guess it still begs the question: why? What makes the internet necessary for those computers? Is that the only way to network/afford remote access to legitimate operators? Why do they need that type of access? Is there no way for the entire system to be closed? Aren’t power plants, especially nuclear ones, manned 24/7? You could just do everything on site.
The actual machines that make the power or treat the water, etc., hopefully are not connected directly to the internet. However, the guy who programs the machines may be sitting a desktop where he does his email and whatever, and from that desktop he connects to the machine to issue commands. If the bad guys control the programmer’s desktop, they can then potentially connect to the machines and issue unauthorized commands. That’s apparently what happened in the case cited by US-CERT. The power generation device was probably somewhat isolated, but a person managing or monitoring it would connect to the device from his PC with a tool called VNC. The bad guys reportedly compromised that person’s PC, so they were then able to connect to the power generating machine using the same VNC tool.
I’m pretty sure that if the spent nuclear fuel pool next to the reactor has an accident, then they are going to shut off the reactor.
It would be better if they were able to just shut it down.
The protocols for most nukes is that if anything at all goes wrong, they get shut down immediately. If they lose communications, which the hackers have access to, they may need to shut down. If they lose security because of locks, cameras and alarms, they may need to shut down.
I’m not sure what exactly you are saying here. If you are saying that hackers cannot get into the control systems to directly shut the reactors down, as far as we know, you are correct. If you are saying that they cannot create the conditions that will cuase the reactor to be shut down, that does not appear to be the case.
If they can create conditions that cause it to be shut down, that is no different from being able to shut it down.
Thank you, this is the point I was making (in posts #15, #18, #20, and #22, #23, #25, #27, #30, etc - and it this point I realize I’ve spent way too much time trying to persuade people who don’t want to be persuaded on this point). Please don’t mistake “they’re exaggerating” with some endorsement or happiness with what’s happened. I think the hacks are certainly bad, just not so bad that they can “shut power plants off at will”.
In theory a spoofed email from the CEO saying “SHUT IT DOWN NOW!!! - The Boss” to the right gullible, low-level employee might be enough to shut it down.
I see some important differences in this distinction, but YMMV. I’ll note here that “shut down” wasn’t the only proposed outcome:
And if a crane in the spent fuel pool tosses a fuel rod through the wall, that’s gonna be a shut down too.
If they cannot monitor the equipment and back up systems because of a loss of communications or cameras, they’re gonna need to shut it down.
What do you think happens when a reactor goes outside of its nominal operating ranges? They shut it down. You don’t think that overheating a reactor is something to be concerned about?
This is not exaggeration. It would be trying to underplay the seriousness of the situation by claiming that they just got access to some small company’s PDF’s.
And that is just as relates to nuclear reactors. There are many other power plants out there. Coal fired may have similar safety against just being shut off as nuclear, but all those natural gas turbines are specifically turned on and off remotely, so there is no reason to think that hackers would not be able to get into those systems and shut all of them off. They are not isolated or air gapped at all.
They can, though. Coincidentally, after I went to bed last night, I was reading Malcolm Nance’s new book, The Plot to Hack America. I happened to be at the place where he detailed Russia’s attack on Ukrainian power plants in December 2015.
Nance’s account states that one of the plant operators helplessly watched his screen as the hacker took remote control of the plant, shut it down, and he, the operator, could do nothing to stop it.
Nance also pointed out that Ukrainian power plants are generally better hardened against such attacks than American ones. Yet the Russians were successful.
jasg posted an even more ominous link in another thread of a subsequent attack on Ukrainian power plant in December 2016. (Wired)
Not sure why this information is so hard for you to accept, but Russians can, in fact, shut down power plants at will – including American ones, according to all responsible reporting. And they have penetrated at least one nuclear power plant in Kansas.
Other than a phrase with those exact words (since you won’t accept details from governments and industry reports that amount to the same thing), what would you accept as proof of the seriousness of this matter Hurricane Ditka?
For others, what do we do about this? I feel somewhat confident that we are working on cyber counter-measures (given the private-industry/goverment gap we face, mentioned above). What do we do about the larger issue of Russia? Do the current sanctions proposed go far enough? It sounds like we’re just playing tit for tat with expulsions. Don’t we need to make things a great deal more painful to have an impact? What’s the safest way to do that?
The “sanctions” Trump finally just recently put in place were mostly a copy of the criminals indicted by Mueller, copied and called “sanctions”. Trump has blocked or slow walked the sanctions as specifically ordered by congress.
Our federal government is operating as if Russia is a major and trusted ally, while Russia is treating us to a broad cyber war.
It really is unbelievable. It should be grounds for impeachment.
I worked for a utility company in e Security for a while. And I have to say “duh, yeah” (This would have been 2015. I left because I was not sleeping nights and breaking out in hives - while my boss said “oh, don’t worry about it.”)