You Don't Need a Cyber Attack to Take Down The North American Power Grid
The Obama administration simulated a cyber attack on New York City's power supply in a Senate demonstration aimed at winning support for legislation to boost the nation's computer defenses. Senators from both parties gathered behind closed doors in the Capitol Wednesday for the classified briefing attended by Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and other administration officials. The mock attack on the city during a summer heat wave was “very compelling,” said Sen. Susan Collins, R-Maine, who is co-sponsoring a cybersecurity bill supported by President Barack Obama. “It illustrated the problem and why legislation is desperately needed,” she said as she left the briefing. Bloomberg.
The US defense industry is in a full court press to get tens of billions in funding for cyberwarfare.
To get that funding, they need to dramatize the potential threat of cyberwarfare. Here's how. The central method of attack in cyberwarfare is systems disruption. Systems disruption is a way to break networks to achieve extremely high levels of damage (or, in financial terms, high ROIs). One of the best ways to demonstrate that type of attack is through a disruption of the power supply (usually with NYC as a target).
Two John Robb posts, comment, and see also — university grants at risk.
The problem with this type of presentation is that you don't need cyberwarfare to do take down the electricity to New York City and get away with it. All you need is some household tools, imagination, and some knowledge of what the network looks like (gained by an effort at mapping the connections). Since 99.9999% of the recruits available to most violent groups don't have cyber skills and the impact of a cyber attack and a physical attack are the same, which method do you think will be used? The facts back this up. 99.99% of the intentional system disruption events that have occurred over the last decade have been caused through physical attack and not by cyber attack.
So, in other words, the tens billions we are going to spend on cybersecurity is mostly a waste of time/money. It's not only a waste of money, it's yet another example of how the US national security system is not producing real, tangible security for the people it expects to pay for it. The real solution to network vulnerability? Decentralized production. The tech is available. If the billions spent on cyber were spent on growing local production by building resilient communities, it wouldn't only make us safer it would likely ignite an economic Renaissance.
Unfortunately, to the people running the US/EU, the long term economic success of the citizens they are supposed to represent is not even on their priority list. [Emphasis added.]
If you are interested, here's some analysis on how vulnerable the electricity grid we rely upon is. An evergreen (in that it always yields results) target of global guerrillas, will be the large infrastructure networks that national economies rely upon (as do all modern developed economies). The most critical and complex network is our power grid which contains over 1 m kilometers of high-voltage power lines between 115 -765 kVs. The network can be further subdivided into the following:
- 1,633 generator nodes.
- 2,179 disribution substation nodes.
- 10,287 transmission substation nodes.
GLOBAL GUERRILLA TARGET: The North American Power Grid
A long term target of global guerrillas in our emerging war, will be the large infrastructure networks that our national economy relies upon (as do all modern developed economies). The most critical and complex network is our power grid which contains over 1 m kilometers of high-voltage power lines between 115 -765 kVs. The network can be further subdivided into the following:
- 1,633 generator nodes.
- 2,179 disribution substation nodes.
- 10,287 transmission substation nodes.
Network Analysis
In recent paper, “Structural Vulnerability of the North American Power Grid,” Reka Albert (et. al.) analyzed the vulnerability of the power grid based on modern techniques (see “Cascading System Failure” for more on the vulnerability of scale free networks). The key to this analysis is to find those nodes that serve as “hubs” for the network. The hubs, if taken out during an attack, have the greatest likelihood to disrupt the network and create a cascade of failure. They found the following:
- Highly connected nodes are a mix. Power engineering principles correctly suggest that the majority of highly connected nodes will be power plants (see “Design Flaws: Methods of Attacking Critical Infrastructure” for more). However, contrary to expectations, a small number of transmission substation nodes serve are also highly connected — 50 have a degree higher than 10.
- 1% of the transmission substations are high load nodes. These high load substations are nodes with high betweeness (a high load of shortest paths between nodes on the network). These substations aren't necessarily highly connected nodes and some are merely high load throughput for long-haul connectivity (a critical part of the US power grid since 50% of the electricity generated is allocated via the wholesale market, much of it over long distances due to NIMBY restrictions on local power production). High load nodes are best termed the “hubs” of the network.
- 900 of the distribution substations can potentially become isolated clusters (41% of the total). This means that these substations are only lightly connected to the grid. If the transmission substation that connects them is taken off-line via an attack, they are disconnected from power generation and go dark.
Methods of Attack
This research indicates the potential success of different modes of global guerrilla attack against a modern power grid:
- Attacks on power substations and their direct connectivity will have little impact. The high degree of redundancy at the power substation level prevents major system failure. This is in stark contrast to the simple, production limited system in Iraq (see “Iraq: Electricity Disruption” for more) where the removal of a power plant from the grid will have a major impact. A big caveat on this “finding” is: this analysis doesn't account for “base power” generation from large producers (hydro-electric and nuclear). Power production isn't homogeneous. The elimination of these large systems from the grid would result in major disruption.
- Attacks on transmission substations yields the greatest system impact. In general, the removal of high load substations is more important than highly connected substations. A loss of only 4% of the highest load transmission hubs disconnects 60% of the grid from power.
- Cascading failures can amplify the impact of high-load node removal. Cascading failure can shut down 60% of the grid with the removal of only 2% of the high-load nodes. If 1% are removed, 40% of the grid goes dark. I suspect that better analysis based on sorting the high-load nodes by the quality of their connections (based on voltage, with the high quality nodes as those with the largest number of high voltage connections) would radically reduce the number of failed nodes needed for a system-wide cascade.
End Note: The implication is that an carefully prepared simultaneous attack against 10-20 substations of the right type could take 60% of the US end-users offline for an extended period (potentially weeks). If exploited by additional well planned attacks, this damage could be extended indefinitely.The solution to all of this type of vulnerability, isn't a complete rework of the grid. Instead, it's a resilient community. A community that produces most of what it needs locally.
Phi Beta Iota: Brother John nails it. The USG is not at all interested in doing the right thing in the public interest. As Matt Taibbi laid it out in Griftopia: A Story of Bankers, Politicians, and the Most Audacious Power Grab in American History [“What has taken place over the last generation is a highly complicated merger of crime and policy, of stealing and government.] This should be of special concern to universities that rely on federal funding for research. Every dollar in a collapsing economy that goes toward corporate scams like this will be at least 2-3 dollars if not more that will be taken away from university grants. Now is the time for universities to get back in touch with intelligence and integrity — their survival is at stake. This would be a good time for universities to do a full court press on the re-integration of knowledge and 100% full-scope scrutiny of ever aspect of government, dollar by dollar. We the People are being destroyed, cheated, and dishonored on a scale so grand it defies articulation.
See Also:
2012 Reflexivity = Integrity: Toward Earth/Life 4.0
2010: OPINION–America’s Cyber Scam
1998 TAKEDOWN: Targets, Tools, & Technocracy
1994 Sounding the Alarm on Cyber-Security
Phi Beta Iota General Search for Cyber-Scam Posts