Project Grey Goose and University at Albany SUNY to investigate major Power Grid blackouts caused by hackers
Last Updated on Friday, 16 October 2009 10:45 Written by Jeffreycarr Friday, 16 October 2009 10:40
This is an open call for volunteers who wish to participate in a joint Project Grey Goose / University at Albany SUNY open source intelligence investigation into power grid blackouts caused by hacker attacks. The scope is global and includes the U.S. Interested parties should contact me from their work email address with an expression of interest, a brief bio, and your experience, if any, in SCADA systems in general or the power grid in particular. All respondents will be kept confidential. I prefer to keep research teams small so I want you to know up front that not everyone will be invited to participate.
Why this issue?
The most critical infrastructure in any nation is its electric grid. Without power, everything stops. In a short time, panic ensues and people get hurt. Law enforcement agencies don’t have the resources to protect citizens during such a crisis. Here in Washington State, should a natural disaster occur, we are advised to be prepared to fend for ourselves without benefit of emergency services or public safety coming to any 911 calls for 7 days. All of this begs the question, how secure is our critical infrastructure from cyber attack?
I challenge you to try to get an answer to that question. I spent the last few weeks doing just that and ran into one brick wall after another, and I have some pretty decent connections to fall back on. It turns out that private industry, which essentially owns the U.S. power grid, enjoys a protection from public scrutiny that extends even to Freedom of Information Act (FOIA) requests, and they get to decide what falls under that protection and what does not. So who does this secrecy benefit?
- Not the Nation States’ who are working to access the Power Grid. They already know how vulnerable it is.
- Not Non-state hackers because without access to State resources and support, they aren’t a serious threat to SCADA systems.
- Not the public. We deserve to know the state of our nation’s critical infrastructure particularly since we’re paying the bill for it.
The only parties who benefit from this level of secrecy where absolutely nothing is shared regarding successful breaches against the power grid are the private corporations who are responsible for building, maintaining, and securing it (or not, as the case may be).
What do we hope to accomplish?
The unfortunate reality in Washington DC is that the Congress and the White House prioritize issues based on public perception and pain. Improving information sharing and intelligence collection and analysis only became a priority after 9/11 occurred. Repairing the sad state of New Orleans infrastructure only became a priority after the Katrina disaster. I don’t think anyone wants such a disaster to be the impetus to change regarding safeguarding our critical infrastructure. The alternative to a disaster-as-impetus is, hopefully, public disclosure that results in increased pressure on law makers to fund cyber security initiatives and restore the necessary authorities to the yet-to-be appointed Cyber Coordinator so that the appointee will have the necessary clout to make a difference.
This project will be our small part toward making that happen. And soon.
Could you point to a specific example citing a US power grid blackout’s caused by hackers? I’m unaware of any major blackouts in the last few years and am entirely unaware of any US blackouts caused by hackers. The closest case is the vague WSJ article from earlier this year – but no blackouts were cited.
That’s the point of the exercise, Matt. Ask me again in two months time.
[...] Project Grey Goose and University at Albany SUNY to Investigate Major Power Grid Blackouts Caused By… – Jeff Carr, IntelFusion [...]
After the 60 mins report that aired nationally, I was alarmed at the status of the National Power grids weakness. I am sure that the secrecy you cited were legitimate above, yet seemed to lack another crucial element. That of an organised crime syndicate, or “quasi-military” organization being “rented” out to perform these very same tasks. If it were true, then for example: Iran could hire former Soviet NKVD/KGB, or Muslim dissadents (jihadists), or S. American Cartels-whom all possess the fiscal resources you alluded that the other groups needed. So in essence, if the Privately Held Public companies that are “safe-guarding” our power grids are not being forced to “secure” themselves, can our Gov’t use “National Security Intersts” as a policy of forcing their hands? Can we “threaten them with a -gasp- Socialist (eek!) takeover-in the name of National Security? I fear not, yet it seems as if that is the MOST plausible solution. These compnaies have NO interest in the security of their systems. Its directly more of the case you stae in your last paragraph in the above article-impetus to change , post disaster. There is no economic incentive for the companies to impliment a change in their policies-until the bottom line of their corporate profits are effected. Threatening them with a socialist style National takeover would force them to realise that what they have can easily be taken away from them, and in both situations they stand to lose billions.
[...] more here: Project Grey Goose and University at Albany SUNY to investigate … By admin | category: University at ALBANY SUNY | tags: attain-doctoral, award-provides, [...]