, The Associated Press 2003-09-11
Since last month's Northeast Blackout, utilities have accelerated plans to automate the electric grid, replacing aging monitoring systems with digital switches and other high-tech gear.But those very improvements are making the electricity supply vulnerable to a different kind of peril: computer viruses and hackers who could black out substations, cities or entire states.
Researchers working for the U.S., Canadian and British governments have already sniffed out "back doors" in the digital relays and control room technology that increasingly direct electricity flow in North America.
With a few focused keystrokes, they say, they could shut the computer gear down -- or change settings in ways that might trigger cascading blackouts.
"I know enough about where the holes are," said Eric Byres, a cybersecurity researcher for critical infrastructure at the British Columbia Institute of Technology in Vancouver. "My team and I could shut down the grid. Not the whole North American grid, but a state, sure."
Security experts have warned about the grid's growing vulnerabilities before, especially after U.S. National Security Agency hackers showed they could break into grid control networks in 1998.
Byres and other researchers say the holes exploited then have gone unpatched. With an expected spate of post-blackout upgrades, the computer-heavy grid will be even more vulnerable to terrorists and hackers, they say.
Computer viruses are another new worry.
The "Blaster" worm that flummoxed an estimated half-million computers around the world last month might have exacerbated utilities' problems during the August blackout, bringing down -- or perhaps blocking communications -- on computers used to monitor the grid, said Joe Weiss, a utility control system expert.
"It didn't cause what happened but it could've exacerbated what happened," said Weiss, with Kema Consulting in Cupertino, Calif., The blackout followed the Aug. 11 Blaster outbreak by just three days.
The Ohio utility that is the chief focus of the blackout investigation, FirstEnergy Corp., is investigating whether the Blaster worm might have caused computer trouble that was described on telephone transcripts as hampering its response to multiple power line failures.
"We haven't detected a worm or a virus but we're not ruling anything out," said FirstEnergy spokesman Ralph DiNicola. The bi-national task force investigating the country's biggest blackout is also looking into the issue, said U.S. Energy Department spokesman Joe Davis.
In January, the "Slammer" Internet worm took down monitoring computers at FirstEnergy's idled Davis-Besse nuclear plant. A subsequent report by the North American Electric Reliability Council said the infection blocked commands that operated other power utilities, although it caused no outages.
In the past, the grid's old electromechanical switches and analog technology made it more or less impervious to computer maladies, Weiss said.
But now, switches and monitoring gear can be upgraded and programmed remotely with software -- and that requires a vulnerable connection to a computer network. If that network runs on Microsoft Corp. operating systems -- which virus-writers favor -- or connects to the Internet, the vulnerabilities are sharpened, say experts who test such gear for the U.S. Department of Energy's Office of Energy Assurance and the Department of Homeland Security.
In one test, Byres found that a tiny piece of corrupted data could crash a crucial computerized control device that is installed in most grid substations.
Byres said he contacted the well-known manufacturer -- whom he declined to name for security reasons -- and urged that the weakness be fixed before hackers found it.
"I've been trying to get these guys to patch and they won't patch it," he said. "I've been on their case for over six months."
Other researchers have figured out how to hack into the device, known as a remote terminal unit, and command it to trip and reset a breaker.
That would incapacitate a substation, the electricity distribution points for towns and neighborhoods where high-voltage electricity is transformed for local use.
One feared hacking scenario involves changing the settings on substations' programmable circuit breakers. A hacker could lower settings from, say 500 amperes to 200 on some breakers, while raising others to 900, said Gary Seifert, a researcher with the Energy Department's Idaho National Engineering and Environmental Laboratory.
Normal power usage could trip the 200 amp breakers and take those lines out of service, diverting power and overloading neighboring lines.
With their breakers set at 900 amps -- too high to trip -- the overloads would cause transformers and other critical equipment to melt down, requiring major repairs that would prolong a blackout, Byres said.
"We have a plethora of intelligent electrical devices going into substations and power stations all over the United States," Seifert said. "What's to keep somebody from accessing those devices and changing the settings?"
Some of the most technically advanced relays, made by companies like Schweitzer Engineering, General Electric and Siemens, can be programmed over a telephone modem connection after typing a simple eight-digit password, Seifert said.
"Hackers have very little trouble cracking an eight-digit password," he said, and finding substation phone lines that connect to these relays can be done with so-called "war dialers," simple PC programs that dial consecutive phone numbers looking for modems.
Seifert said he and other researchers are asking manufacturers to take countermeasures, including programming their control devices to accept calls only from certain phone numbers, or simply disconnecting idle modems.
Like anyone dependent on networked computers for crucial operations, grid operators will be vulnerable to hackers, said Seifert.
"We're still going to have back doors no matter how hard we try," he said. "You can't keep them out but you hope to slow them down."