Possible planning for a catastrophic grid failure

[papaof2]

There has been a - maybe hopeful or wishful - study about catastrophic power failure in the US grid but the findings from 2018 don't seem to have had much impact on getting things done. At least I've not seen anything that I can relate back to what's in this December 2018 document from NIAC. It's a 91 page PDF that's about 2MB to download.

jecarter.us/files/NIAC-Catastrophic-Power-Outage-Study_FINAL.pdf

If you've never heard of NIAC, here's their blurb about themselves:

About the NIAC
The President’s National Infrastructure Advisory Council (NIAC) is composed of senior executives from industry and state and local government who own and operate the critical infrastructure essential to modern life. The Council was established by executive order in October 2001 to advise the President on practical strategies for industry and government to reduce complex risks to the designated critical infrastructure sectors.
At the President’s request, NIAC members conduct in-depth studies on physical and cyber risks to critical infrastructure and recommend solutions that reduce risks and improve security and resilience. Members draw upon their deep experience, engage national experts, and conduct extensive research to discern the key insights that lead to practical federal solutions to complex problems.
For more information on the NIAC and its work, please visit: www.dhs.gov/national-infrastructure-advisory-council.

I can say that it's been a slow read and I gave it up at point 5 or so, but I'm 1 1/2 tablets into this day's first 1 tablet allocation of Rx pain med and I'm still waiting for relief so I'm probably not in the best frame of mind for reviewing the document :-(

[feralferret]

Papa, I read that when it came out. A friend who was the radio tech also read it. That friend was also former Air Force and was still active in the Civil Air Patrol as their communications specialist.

Civil Air Patrol is a congressionally chartered, federally supported non-profit corporation that serves as the official civilian auxiliary of the United States Air Force.  In other words it is controlled by the USAF.  Due to my friend's security clearances, he is sometimes tasked with some special communications work for them.  Don't know details, but sometimes he would have to take off of regular work when he was needed for CAP/USAF stuff.

We both concluded that the report was probably optimistic. Considering how easy it is to knock out transmission lines and substations, and the lack of spare parts (especially large transformers), the system is very vulnerable. Add the potential hacking of the computerized controls critical to synchronizing the different parts of the grid and you have a recipe for disaster.

No, I am not going to give any detail than that. I don't want to provide "how to" information for taking the system down. I would prefer to not have to explain myself to the feds either.

Those of us who have worked with high voltages know how little it takes to cause them to misbehave.

[feralferret]

Tried multiple times to fix the typo above. Something weird is preventing me from removing the stray spaces and period, both when typing the original post and when trying to edit it. I had some similar weird issues when posting to a different board earlier that was also a proboards site. Them or me? One of us has gremlins.

[papaof2]

Be careful of using [
It's the lead-in to some of the quoted sequences (formatting commands such as color of "ink", bold, italics, etc) and you can cause your post to do weird things :-(
I tend to write my posts in Notepad before I post them so I can turn word wrap off and on and see if there are any obvious glitches. That seems to work if I don't use [

Make up a test post (that's why there's a sandbox) and use the various formatting commands so you can see which ones use [

I noticed it when I had different types of communication enclosed in different pairs of markers and found an entire paragraph had disappeared when I posted it. I found that the paragraph began with a [

Copy the post's text and paste it into Notepad or a similar "basic text editor". Then copy that into a word processor and tell it to show the non-printable characters.

Some characters can follow a [
but other characters are the first character of a formatting command and the forum software treats that line as a formatting command and everything is lost after the [

Ain't computers wonderful?

[feralferret]

I'll keep that in mind. This event was unrelated to the use of the above mentioned character.

[papaof2]

Your formatting problem was related to [

Aug 13, 2023 4:07:49 GMT -6 feralferret said:

[. div style="direction:rtl;"][. span style="font-size:10pt;"]No, I am not going to give any detail than that. I don't want to provide "how to" information for taking the system down. I would prefer to not have to explain myself to the feds either.[. /span][. /div]

Not sure what you might have clicked to get those formatting commands in (putting a "." and a space sfter the start character seems to neutralize the formatting.

I've mentioned SCADA chips as a source of malware in the grid in two stories but I'm not the first to suggest their use for harm - those chips are used in the electric grid, gaseous and liquid fuel pipelines, water and waste treatment plants, production lines for all types of tools, appliances, generators and possibly in some medical equipment (test and/or treatment). I'd have to do a little research but I have the documentation about one of the early radiation machines for treating cancer. Version 1 had a mechanical safety timer but Version 2 tried to do it all with a microprocessor of the day that was not quite up to the task - or the programmer wasn't. Lots of people injured by ecessive doses and some of those excessive doses proved fatal. The programmer disappeared - somewhat easier to do 40 or so years ago.

If you want to shut down a large automated system of almost any type, insert yourself in their SCADA supply line (ideally at the chip manufacturer level so no one would be suspicious of the cards from their usual provider) and hire someone who knows enough about the process(es) to be able to add time-based changes or the execution of some new commands your geek has created. I can speak proudly of being a geek because I learned enough PDP 11 assembly language to be able to modify some binary programs in AT&T UNIX to do what we needed in the support center, not what the systems programmers tried to limit us to. If I could read C source code and translate that to 0's and 1's on the hard drive, you know there are people who could reverse engineer the SCADA chips for almost any process control system and change or add to its normal functions. Scary? It should be. I was trying to do my assigned job better. If someone's "assigned job" is disruption of <whatever> doing that job better might be as simple as learning which 0's and 1's to tweak in some part of some utility system. I think there's an article on "Nine switching stations that could shut down most of the grid" and it's probably possible to provide replacement circuit cards - or a "new and improved version" of that card that lets someone take control of a small portion of a switching station. If you can block or misinterpret* orders from up (or down) the line then that station would not respond correctly to an overload or a sudden loss of load situation and potentailly could cause cascading failures. Shutting down the grid (or a pipeline) does not require doing physical damage (alhough that's usually easier access than tweaking their computers). There have been viruses that got in place in "secure" areas because someone brought in a thumb drive with the latest picture, game, video or whatever that they just had to share. I'm sure "sneaker net" still works in many places with otherwise more-or-less secure networks.

* "Turn Unit 1 on. Turn Unit 2 off." might become "Turn Unit 3 off. Turn Unit 4 on." or it might add 2 to or subtract 3 from the Unit number. What would the next controller do with a negative value for a Unit number? Possibly something intelligent if that card's code came from a programmer with the right mind set but it's equally possible that it might do something dangerous, damaging or system-locking if the programmer assumed the card would never get an incorrect number and some people do write assuming their code will always execute in a "secure bubble" environment. That's fine for the microprocessor that controls the fan I added to the cable TV DVR because there's a chip in that DVR that runs at well over 100F. The DVR is more than 10 years old but probably only because of the added "cooling as needed". If that fan controller dies, the DVR will just run out to its normal lifetime at that elevated temperature.

Should I write SHTF stories with some the problems caused by hacked SCADA chips? I did. "Jack's War", Part 1 and Part 2. The grid shut down at a specific date and time and in sequence across the country. Shouldn't take you too long to find which book(s) the reference(s) is/are in as those two books only add up to 500,000 words ;-)

Got a new rechargeable flashlight this week. Lots more bells and whistles that I need, such as the flowing color changing setting, but the "High" setting is almost blinding and the "Low" setting should get a couple of days out of an 18650 cell.

[feralferret]

Beats me how I did it. I do know that my keyboard is starting to get flaky. I plan on replacing it soon. I do have a couple of basic spares but like some of the extra buttons this one has. I can't complain. It was a used keyboard that was given to me by a co-worker when she upgraded to an even fancier keyboard.

[papaof2]

"Mayday: Air Disaster" has an episode about one of the Airbus planes (A300 or A320) where a data collection device (ADIRU), that collected data from multiple sensors, added an "identifier" flag to each block of data (Altitude, Angle of Attack, etc., etc.) and then passed that data on to the flight computer that basically controls the plane, went bonkers and identified Altitude data as Angle of Attack data and so forth. Qantas (Australia) was flying one of those planes from a city in Asia to Australia and the plane TWICE went into uncommanded nose down events that slammed unbelted people against the carry-on storage bins and/or the ceiling of the plane with some serious injuries to multiple passengers, one steward (standing in the galley and permanently disabled) and one of the pilots.
While that incident was being investigated, two other Qantas planes (same model) experienced similar problems. My response would have been to ground ALL planes of that model until Airbus came up with a fix because they could not cause the suspect units to fail in either laboratory or in-flight testing.

It would be entirely possible for the maker of the ADIRU's to add a snippet of code that caused some problem after xxxx hours of flight or maybe every xxx hours of operation - they'd need to know how many hours of burn-in testing Airbus did on those devices - and build in a similar failure that triggered and stayed on at its defined time(s). Because this is a known fault in certain Airbus planes, a repeat failure in a future version or in "new", "repaired" or "updated" hardware for any Airbus plane might be considered a bug that's crept back in until it repeated in enough planes for someone to suspect sabotage in the creation or repair process. Same for the SCADA chips - if you can get someone in place to modify the replacement plug-in units used in any industry, you could add bogus code during any test or repair event.

If you can get someone in the test/repair process for SCADA cards, you just need a "1's and 0's" person to modify the existing code to have a that card watch for a specific date/time and/or specific conditions to trigger the new "glitch". "If it's January and all generators are online and loaded, shut down the odd-numbered generators". Why the odd-numbered generators? That will always get half of the generators; if there are an odd number of generators, it will take out one more than half of them. I'm certainly not the only "white hat" hacker who's learned the "1's and 0's" of multiple computer systems or processors and could dig out the details of the firmware of some chip or card if needed - and there are even more capable "black hat" hackers who make very good $$$$$$ doing whatever someone is willing to pay for. If you can get your hacker into the facility that produces programmed chips, the chips provided to the card manufacturer(s) could have some future problem deeply embedded.

Want to put me in place at the test/repair depot for the SCADA cards (or their equivalent) used at Three Gorges Dam? Those generators provide something like 11% of China's total electric power. The dam and locks make the river navigable so the factories much farther up the river can ship out huge numbers of laptop computers and smartphones - they produced 1/3 of the world's laptops in 2018. The loss of the dam and the locks would be a major economic blow to China - and who knows how much it would affect their military? Loss of the dam would also cause major flooding downriver from it.