News of the safety flaw came as teams investigating the North American electricity blackout on 14 August said they still could not rule out computer problems as a contributory cause of the outage. Control system experts warn that it's only a matter of time before worms like MSBlaster or Sobig.F - which uses spamming technology to amplify its presence on the net- cripple a power station or grid.
When the Davis-Besse nuclear power plant in Ohio was hit by the Slammer worm this year, the reactor happened to be offline. But the worm disabled a safety monitoring system for nearly five hours. "We are still working through the information to find out what happened," says a spokesman for Akron-based FirstEnergy, which owns the plant.
Some sources suggest the worm may have entered the plant's network via a connection to an insecure network. But critical systems like power stations should be cut off from the outside world and the internet, says Joel Gordes, a grid expert at Environmental Energy Solutions in Riverton, Connecticut. But this is not seen as a practical option in today's cost-conscious and highly competitive energy market.
It was cheaper to integrate these systems than to isolate them, says Bill Flynt, former director of the US Army's Homeland Security Threats Office and now with TRC Infrastructure Security in Connecticut. "It was a different security environment," he says.
It's not just nuclear power stations we should be worried about, says Joe Weiss, a control systems expert with KEMA Consulting of Fairfax, Virginia. Weiss is concerned that although the PC-based software used by operators to monitor power stations and transmission lines is usually protected by firewalls, the real-time control electronics that they oversee is not. "The technology currently does not exist to protect them," he says.
These real-time systems tend to be embedded in non-PC based customised electronics in power plants and substations, but their behaviour can be affected because at some points PCs are used to switch them on and off- with potentially disastrous consequences for the grid. "So far we've been lucky," says Weiss. "These embedded systems were designed to be open to easy, remote access." This was appropriate before the rise of the internet, when grids operated on a dedicated, closed infrastructure- but today this level of openness poses a serious threat.
In June, the North American Electric Reliability Council described how a worm brought down another network designed to allow operators to control parts of the grid in remote areas. Known as Supervisory Control and Data Acquisition systems, or SCADAs, these are heavily relied upon to keep grids running round the world.
"It's a genuine problem," says Flynt. "We have to redesign the grid." Weiss says he has tried raising awareness of the issue in Congress. "We have spent a very large amount of money to secure the internet and our IT infrastructure," says Weiss. "But there has been no money spent to protect [utility] control systems."
However, the US Department of Energy is spending $114 million on a large-scale mock-up of the US grid, in a 900-square-mile block of desert in Idaho. The aim of its "SCADA Testbed" project is to boost control-system security. Author: Duncan Graham-Rowe
New Scientist issue: 30 AUGUST 2003
PLEASE MENTION NEW SCIENTIST AS THE SOURCE OF THIS STORY AND, IF PUBLISHING ONLINE, PLEASE CARRY A HYPERLINK TO: http://www.
"These articles are posted on this site to give advance access to other authorised media who may wish to quote extracts as part of fair dealing with this copyrighted material. Full attribution is required, and if publishing online a link to http://www.
UK CONTACT - Claire Bowles, New Scientist Press Office, London:
Tel: +44-0-20-7331-2751 or email firstname.lastname@example.org.
US CONTACT - Michelle Soucy, New Scientist Boston Office: Tel: +1-617-558-4939 or email email@example.com.