Handing Over America's Electrical Grid to the Russians
By
Duane Thresher, Ph.D. April 26, 2018
Despite recent massive data breaches like Equifax and
Facebook, Americans seem to have become inured to having their
most personal data stolen by foreign hackers, particularly
Russia, probably because most don't see an effect immediately.
This "hacking fatigue" will end dramatically when America's
electrical (power) grid is "pwned". That's hacking slang for
taken over. Actually, given the embrace of IT incompetence by
government and business it is more like America just handed
over its electrical grid to the Russians. I use the past
tense because America's electrical grid is probably already
pwned by the Russians, but being smart they are just waiting
for an important event, like a war, before using and thus
exposing their powerful secret weapon. Where will you be when
the lights go out?
This article is a first, the first time a real expert in IT
and electricity has written about hacking America's electrical
grid. Like government and business, the media, particularly
the IT media, is full of
IT
incompetents talking about hacking, and they know even
less about electricity. Among many other qualifications in
both, I have a BS in Electrical Engineering and Computer
Science from MIT, the MIT where every smart guy in the movies
is from.
So here free is real expert consulting on the subject.
Usually the situation is the reverse: millions of dollars are
paid for zero expertise.
America's electrical grid is a network of electric lines and
power plants. (By the way, a place to see before you die is
Hoover Dam, a 1930's power plant and an engineering feat
America is just not capable of anymore. Remember when you go
though, that your car will be searched for bombs before you
can drive over it.)
America's electrical grid is a network very much like the
Internet and for exactly the same reason. That reason is that
if one part of the grid goes down the rest of the network is
supposed to be able to compensate for it and continue
uninterrupted. The Internet actually came after the
electrical grid and started from the Department of Defense's
ARPANET, whose purpose was to insure communications remained
even after a nuclear war destroyed parts of it.
This redundancy would also seem to imply no one can control
(including destroying) the electrical grid by controlling it
at any one point. But this was before aging electric lines
and power plants often running at 100% capacity and before
computers controlled them and they were connected by the
Internet.
When electric lines and power plants are running at or near
100% capacity, like during the summer air-conditioning months
in recent years, if one part of the grid fails, the rest of
the grid can't compensate for it and fails too — a
cascade failure.
This was the case during the Northeast Blackout of August
2003, one of the largest blackouts in history. I was in New
York City at the time and the chaos it caused was frightening.
(Ever see a garbage can thrown through a Radio Shack window?)
A blackout is a very powerful weapon.
While physically taking out a power plant to cause this
cascade failure might be difficult, and I am not convinced of
that (despite their checking for bombs at Hoover Dam), taking
out the electric lines would be easier since they can't be
guarded everywhere. This might not even require taking out
electric line towers, just individual lines. (Ever see
sneaker pairs wrapped around electric lines like bolas?
Imagine if those were explosive.)
(I ignore taking out America's electrical grid using an
electromagnetic pulse, EMP, from a nuclear device, which would
be extremely difficult at best, if even possible, although it
does make for exciting novels.)
Still, the preceding would involve some physical risk to the
saboteurs, although I don't include getting into America as
part of that physical risk since that is trivial these days.
It would be preferable to be able to take out America's
electrical grid remotely, say sitting comfortably in your
dacha outside Moscow some August afternoon.
That is quite possible these days with computers controlling
America's electrical grid and the Internet connecting them all
over the world. Three examples:
The meltdown of the Chernobyl nuclear power plant in Russia on
26 April (today; Happy Chernobyl Day) 1986 was caused by the
foolish disabling of cooling systems during testing. This
could have been done via power plant computers (although there
was no Internet at the time) since most actions in a nuclear
power plant have to be done remotely. By the way, the manager
who caused the Chernobyl disaster, Anatoly Dyatlov, was
incompetent and essentially a political appointee, as many in
U.S. Government IT are.
Enron (also an example of pure corporate evil) was in the
business of selling energy and gained control of some power
plants. During 2000 and 2001 in California, to increase the
price of electricity and thus profits, Enron contacted these
power plants and told them to turn off the electricity,
decreasing the overall supply. This did dramatically increase
the price of electricity and profits but caused blackouts in
California, which became known as the California Electricity
Crisis. Via power plant computers and the Internet, Enron
might not even have had to talk to anyone at the power plants
to cause the blackouts. Just a few criminal
Enron
executives turned off California's electricity.
Stuxnet was a computer virus (actually a worm) believed to
have been developed jointly by the U.S. and Israeli
governments (given U.S. Government IT incompetence, I would
guess Israel did more). It was used to significantly damage
the Iranian nuclear program via
physically damaging
the centrifuges that produced nuclear fuel.
Chernobyl and Stuxnet together demonstrate that hackers,
particularly state-sponsored hackers, could cause a nuclear
power plant meltdown. Note that the Russians are still
embarrassed about Chernobyl and would love to show that it
could happen in America too.
It would be far easier and more catastrophic to crash
America's electrical grid than to learn how to fly airliners,
hijack several, and crash them into the World Trade Center
towers and the Pentagon. Oh yeah, that already
happened.
It would be far easier and more catastrophic to hack America's
electrical grid than for high school dropout and traitor
Edward
Snowden to hack the NSA. Oh yeah, that already
happened.
So who is protecting America's electrical grid from its
greatest threat, state-sponsored foreign hackers?
The National Protection and Programs Directorate (NPPD) is
part of the Department of Homeland Security (DHS). It is
tasked with protecting America's physical infrastructure,
particularly its electrical grid, and its cyber
infrastructure, particularly its Internet. In short,
everything I have discussed above ... and was more qualified
to do so than anybody in the NPPD.
The NPPD official responsible for cybersecurity is Assistant
Secretary for Cybersecurity
Jeanette
Manfra. Under Obama she held several DHS positions but
lost her job when Trump became president in January 2017. She
was out of work for 6 months before becoming Assistant
Secretary in July 2017, which is surprising since she is
probably a Trump hater and President Trump values
loyalty.
Before the DHS, Jeanette Manfra worked for Booz Allen
Hamilton, the NSA contractor that gave us IT incompetent
traitor
Edward
Snowden, now living in Russia, and others like him.
Snowden was a high school dropout who easily passed the
background check to get into the NSA, specifically to hack it,
which he easily did.
Jeanette Manfra's only education is a BA in History and an MA
in International Relations. In other words, Manfra has zero
IT education — see
The
Most Important IT Credential: An IT Education in
Principles
of IT Incompetence — and zero electrical engineering
education. Yet she is in charge of America's cybersecurity
and so electrical grid security.
Would you trust your life to a lawyer without a law education
or a doctor without a medical education? Kirstjen Nielsen is
a lawyer who is Secretary of Homeland Security, the head of
DHS. How about it Kirstjen, should I be able to practice law
without a legal education?
Jeanette Manfra is not even smart enough to protect her own
family. She posts her maiden name, location, photos of her
children, and a list of her parents/siblings/cousin, with
photos, on her Facebook page. For those in security,
especially higher-ups, that is dangerous
stupidity.
Jeanette Manfra will be the next Anatoly Dyatlov and be
responsible for a disaster worse than Chernobyl: the takeover
of America's electrical grid by the Russians.
Russia may already have taken over America's electrical grid,
by planting root kits on the electrical grid computers. A
root kit is the ultimate in hacking. After an initial
hacking, it allows for continued secret access to the
computers. It hides itself by changing the operating system
so it can't even be looked for. It is thus very difficult to
find even if it is known there has been a hacking,
particularly if those looking are IT incompetent.
Russia may even have done this with agents in U.S. Government
IT. A big part of background checks, by the FBI for
government IT jobs for example, are credit checks, since
someone who is in debt is more easily bribed. Equifax was
hacked, possibly by the Russians, which not only gave them
access to the financial records of many government employees,
but more importantly also allowed them to alter credit checks,
to for example get one of their agents a government job by
making sure he passes a background check.
If the Russians have already taken over America's electrical
grid why haven't they done anything? Is this another Y2K
scare?
The Russians taking over America's electrical grid is far more
of a threat than Y2K ever was. (I know, I know, maybe nothing
bad happened on Y2K because it was prepared for, but that's a
lesson here too.)
The Russians are smart. That's why we fear them so much.
During war, weapons that are known to the enemy can be
protected against, so secret weapons should only be used, and
thus made known, for something really big. For example, in
many wars, particularly World War II, enemy codes have been
broken, but extreme measures were taken to keep this a secret
until it was used for something big because otherwise the
enemy would have just changed the codes.
IT incompetent
Equifax
data breach CIO
David
Webb (BA in Russian) and IT incompetent Equifax data
breach CISO
Susan
Mauldin both retired comfortably after the breach, without
any legal consequences at all. We'll see how Jeanette Manfra
fares after the Russians take over America's electrical grid.
People get violent when the power goes
out.
[Update: CISA:
No Infrastructure Cybersecurity, Just a Stepping Stone for IT
Incompetents]