How Secure Are Grid Computers?
Email this story
Printer friendly format
Top Stories
Fabian Gains Speed As It Nears Bermuda
FBI Issues Terror Bulletin
Neb. High Court Vacates Death Sentence
National Monuments Not Safe, Report Says
Justice Dept. Ruling Removes Recall Hurdle
By Richard J. Dalton Jr. and Lou Dolinar
Staff Writers
September 5, 2003
Computer problems at the power company at the center of the ongoing blackout investigation are once again raising the issue of security within an electrical grid system that depends as much on computers as it does on the principles of physics.
It's too early in the investigation to make any direct connection between the problems and the blackout, experts said, but it's clear computers used to monitor the power supply have become increasingly connected to the outside world, making them more vulnerable to hackers or viruses.
The blackout probe has focused around FirstEnergy Corp. of Akron, Ohio. A transcript released at a congressional hearing Wednesday revealed issues with that company's computer system on Aug. 14, the day of the blackout. "Our computer is giving us fits," the FirstEnergy operator told a Midwest power grid operator, the transcripts said. "We don't even know the status of some of the stuff around us."
Though the computerized system for monitoring and controlling transmission was working, its alarm system failed, spokesman Scott Surgeoner said. "It's a visual indication to grab an operator's attention that there is a system upset or trouble on the system." However, he said "there are other backups that are available that give those indications."
FirstEnergy recently investigated its computer systems and found no problems with viruses, he said. Earlier this year, however, the Slammer worm disrupted a safety display system, Surgeoner said, but that system didn't control any plant functions.
However, the Slammer worm did impede operations for at least two utility entities, according to Charles Noble, a security specialist at the Independent System Operator of New England. No service interruptions occurred, but the control centers for the entities, which were not identified, lost the ability to control the flow of bulk electricity. In a letter online at the North American Electric Reliability Council Web site, Noble said electric companies have reported receiving 200 or more intrusion attempts a month.
"To the extent they are not connected to the Internet, they are probably safe," said Jonathan Pollet, of Plantdata Technologies of Houston, which designs control systems. "To the extent they are connected, they are probably more vulnerable than the average home PC."
The utilities have sometimes indirectly connected their computers to the Internet via internal networks to enhance commodity speculation and energy trading, said Gary Seifert, who heads an Idaho Falls test facility for the U.S. Department of Energy's SCADA, supervisory control and data acquisition group. Security experts have been waving a red flag over SCADA since 1997, when government computer hackers, in an exercise known as "Eligible Receiver," showed they could gain access to internal networks at some power plants.
newsday.com |
