So this evening, there was another 60 minutes “OMG, the sky is falling!” story about how evil bad guys might break into the power grid (“oh no! not the power grid! how will I watch my reality TV? and waste my life?”) and turn us into cave dwellers once again. And assorted other scaremongering. It was really quite good sensationalism.
First, some basics:
1). The US power grid isn’t one system. The notion of a “cascade” shutdown from the “really super dooper” dude they interviewed was utter bullshit. The power system in this country is actually in at least three pieces – there is work to implement some sharing, but it is not complete – and it is run by regional ISOs. So you can’t shut it all down in one go by knocking out a few power generation facilities.
2). Even if you could shut it down, the grid can be restarted in a matter of hours or days. This has even happened quite famously on a few occasions. Economic impact yes, reality TV viewing disruption for sure (and that would be a great societal benefit in any case), but no return to the stone age.
3). The regional ISOs require annual cold start testing for each generating facility that is required to perform a restart. So we not only can do this, but we test for it annually and know that the power system can be restarted.
And besides, if it weren’t for the stupid trading nonsense designed to drive up energy prices and profiteering, the system could be more closed than it is today. As it is, direct control is not connected to the public internet, only the trading stuff is in some regional ISOs. And probably there are a few places connected that shouldn’t be, and running Windows. But in that case I can only laugh loudly.
When 60 minutes report these stories, they mention how some government computers are “hacked” (in technical parlance, it’s called “cracking”, and not “hacking”) by people leaving USB thumbdrives around containing nasty computer viruses (“oh noes! my computerz have teh colds!”). What they fail to mention – and any serious journalism entity should do – is that the problem here is two-fold:
1). Obviously US government personnel shouldn’t be plugging in stuff they find in the parking lot. It’s just a bad idea in the first place and should rightly be banned.
2). Microsoft Windows is so laughably insecure that I can’t take you seriously if you use it and expect security. And when the government use it, I just sigh and wonder aloud how many billions of dollars are going to be wasted by the US Congress “protecting” us from attacks on badly designed systems that are insecure by design? If they didn’t use Microsoft *crap* then they wouldn’t have half these problems. And I don’t just mean “use Linux”, I mean use something else. Almost anything else.
The latter point of a global dependence on bad Microsoft crap is generally ignored. In all these stories. And then they go mentioning these silly-and-pointless 24-style “cyber command” places (likely filled by people who just about know a bit more than how to use Microsoft Word, but still largely use pointy-clicky crap with giant video screens in over sized and over expensive “mission control” rooms) where the government can protect us from bad software design and morons who plug important shit into the outside world so it can be broken into in the first place.
Half the time, I feel it’s like there are these people running around justifying their need to fight off bad guys while most of the issues are pointless to begin with.
Jon.